Expand description
§Length Disassembler
Supports x86 and x86_64 up to SSE4.2.
Valid opcodes will be length disassembled correctly. Invalid opcodes may be rejected on a best-effort basis.
§Examples
Gets the length of the first opcode in a byte slice:
let result = lde::X64.ld(b"\x40\x55\x48\x83\xEC\xFC\x00\x80");
assert_eq!(result, 2);Iterates over the opcodes contained in a byte slice, returning the opcode and its virtual address:
let code = b"\x40\x55\x48\x83\xEC*\x00\x80";
for (opcode, va) in lde::X64.iter(code, 0x1000) {
println!("{:x}: {}", va, opcode);
}
// 1000: 4055
// 1002: 4883EC2AFind the opcode boundary after a minimum of 5 bytes:
// 1000: 56 push esi
// 1001: 33f6 xor esi,esi
// 1003: 57 push edi
// 1004: bfa0104000 mov edi,0x4010a0
// 1009: 85d2 test edx,edx
// 100b: 7410 je loc_0000001d
// 100d: 8bf2 mov esi,edx
// 100f: 8bfa mov edi,edx
const INPUT_CODE: &[u8] = b"\x56\x33\xF6\x57\xBF\xA0\x10\x40\x00\x85\xD2\x74\x10\x8B\xF2\x8B\xFA";
// We'd like to overwrite the first 5 bytes with a jmp hook
// Find how many opcodes need to be copied for our hook to work
let mut count = 0;
for (opcode, _) in lde::X86.iter(INPUT_CODE, 0x1000) {
count += opcode.len();
if count >= 5 {
break;
}
}
// The answer is the first 4 opcodes, or 9 bytes
assert_eq!(count, 9);Custom Display and Debug formatting including pretty printing support with the alternate flag:
let iter = lde::X64.iter(b"\x40\x55\x48\x83\xEC*\x00\x80", 0);
assert_eq!(format!("{:?}", iter), "[4055] [4883EC2A] 0080");
assert_eq!(format!("{:#?}", iter), "[40 55] [48 83 EC 2A] 00 80");
assert_eq!(format!("{:}", iter), "4055\n4883EC2A\n");
assert_eq!(format!("{:#}", iter), "40 55\n48 83 EC 2A\n");Structs§
- Iter
- Length disassembler iterator.
- IterMut
- Length disassembler mutable iterator.
- OcBuilder
- Opcode builder.
- OpCode
- Byte slice representing an opcode.
- X64
- Length disassembler for the
x86_64instruction set architecture. - X86
- Length disassembler for the
x86instruction set architecture.