Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum
[Previous] [Index] [Next]

Bill Prisoner Disassembler Engine

Author: Bill Prisoner

From the author's documentation

What is it?

BPDE is a universal disassembly engine. It was created to use it in viruses, trojans and other living creatures. For the moment the engine is represented as DLL, but soon it was planned to make an obj-files to insert them in Delphi or C++ projects and the support of position independence.

Interface

BPDEDLL.DLL - dynamic linked library. The library exports the single function - Disasm. Here is the prototype:

int Disasm(char* Offset,Code* Instruction)
Offset
The pointer to the binary data
Instruction
The pointer to the Code structure, which is defined as follows, for C:
typedef struct _Code
{
        short FieldPresents;//For checking presenting fields
        short Prefix;//Prefixes of instruction
        char OpCodeExt;//if first BYTE1 of opcode is 0FH
        short OpCodeWord;//if OpCode is WORD1 - in escape opcodes (or floating point opcodes)
        unsigned char OpCode;//OpCode BYTE
        unsigned char OpCode2;//If OpCode is Two Byte then this field is second byte in the opcode
        unsigned char ModRM;//ModRM BYTE
        char SIB;//SIB BYTE
        unsigned long Immediate;//Immediate operand
        unsigned long ImmediateEx;//Second Immediate operand (only ENTER instruction)
        unsigned long Displacement;//Displacement for operand
        unsigned short Segment;//Segment for Pointer operands
        unsigned long RelOffset;//Relative Offset in jump instructions
        long Offset;//Offset for Pointer Operands
        char InstructionString[50];//Disassembled String
        char Group;//NumberOfGroup(1-16)
        long Flags;//Opcode Flags
        long Length;//Length of instruction
} Code;
and Delphi
PCode = ^_Code;
_Code = packed record
        FieldPresents:word;
        Prefix:word;
        OpCodeExt:byte;
        OpCodeWord:word;
        OpCode:byte;
        OpCode2:byte;
        ModRM:byte;
        SIB:byte;
        Immediate:longint;
        ImmediateEx:longint;
        Displacement:longint;
        Segment:word;
        RelOffset:longint;
        a:longint;//fill
        InstructionString:array[0..49]of char;
        Group:byte;
        Flags:longint;
        Length:longint;
end;

For the begining only the fields OpCode, InstructionString and Length is needed from this structure. Before calling Disasm function zero the fields of the Code structure!


Comments
Download
(Full info)

 FilenameSizeDescriptionDate 
bpde10.zip357977BPDE 1.0Feb 2006MD5 sum 0326c0ee2a467ec35c5a002ff1752f83
bpde11.zip221671BPDE 1.1Feb 2006MD5 sum 487a3950486cab3abaf3abead83a5496
bpde12.zip224208BPDE 1.2Mar 2006(Back to index)MD5 sum 6be364286dd7e10c8b02edb4fb310373


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org
deenesitfrplruua