A lightweight, Easy-to-Use and Fast Disassembler/Decomposer Library for x86/AMD64.
A Decomposer means that you get a binary structure that describes an instruction rather than textual representation.
diStorm3 includes the following new features:
diStorm3 also supports:Access to CPU flags that were affected by the instruction.
New API for instruction decomposition.
Basic Flow Control analysis support.
AVX and FMA instruction sets support.
Complete documentation and code samples.
Some bug fixes and massive code refactoring.
diStorm3 is dual-licensed under the GPL (http://www.gnu.org/licenses/gpl.html) and a commercial license.Minimal API for decode and decompose, no initialization is required.
Decode modes: 16, 32 and 64 bits.
Instruction Sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4,
3DNow! (w/ extensions), new x86-64, VMX and AMD's SVM.
Reentrancy (multi-threaded).
Platform independent - Windows, Linux and Mac. Little/big endianity. User/kernel mode.
Different compilers (GCC, MSVC). Can be used either statically or dynamically.
Java and Python wrappers.
source:
github (too big to post here > 60000) = https://github.com/ToniPB/distorm-PB
Dis_Test1.pb
Code: Select all
XIncludeFile #PB_Compiler_FilePath + "TestHelper.pbi"
Procedure Do_Distorm_Test1()
Protected res.l
Protected Dim decodedInstructions._DISTORM_DecodedInst(1000)
Protected decodedInstructionsCount.l = 0
Protected i.l = 0
Protected offset.q = 0
Protected max_instructions.l = 1000
Protected *code = ?test_data1_start
Protected codeLen.l = ?test_data1_end - ?test_data1_start
res = distorm_decode64(offset, *code, codeLen, #DISTORM_Decode32Bits, @decodedInstructions(), max_instructions, @decodedInstructionsCount)
PrintN("")
If res = #DISTORM_DECRES_SUCCESS
Protected de_text.s = ""
For i.l = 0 To decodedInstructionsCount - 1
de_text = Distorm_InstructionString(@decodedInstructions(i))
PrintN(de_text)
Next i
Else
PrintN("Decoding Failed")
EndIf
;SetClipboardText( Distorm_CreateInstructionStringFromArray(decodedInstructions(), decodedInstructionsCount))
DataSection
test_data1_start: ; 11 bytes
Data.a $55, $8B, $EC, $8B, $45, $08, $03, $45, $0C, $C9, $C3
test_data1_end:
EndDataSection
EndProcedure
If OpenConsole()
PrintN("diStorm version: "+GetDistormVersionString())
PrintN("")
Do_Distorm_Test1()
PrintN("")
PrintN("Press enter to continue")
PrintN("")
Input()
CloseConsole()
EndIf