Portable Executable mise à jour

Partagez votre expérience de PureBasic avec les autres utilisateurs.
Avatar de l’utilisateur
Zorro
Messages : 2185
Inscription : mar. 31/mai/2016 9:06

Re: Portable Executable

Message par Zorro »

:lol: :)
Image
Image
Site: http://michel.dobro.free.fr/
Devise :"dis moi ce dont tu as besoin, je t'expliquerai comment t'en passer"
jmg49
Messages : 153
Inscription : mer. 26/févr./2014 8:53

Re: Portable Executable

Message par jmg49 »

Bonjour,

=>celtic88 , pourrais-tu expliquer comment faire pour intégrer le plugin détecteur de compilation pb avec ton soft stp ?

Merci,

edit : j'ai trouvé , ça fonctionne impec
Avatar de l’utilisateur
celtic88
Messages : 309
Inscription : sam. 12/sept./2015 14:31
Localisation : Alger

Re: *Portable Executable

Message par celtic88 »

mise a jour !
correction quelque bug...
ajoute la table des relocalisations

:D
.....i Love Pb :)
Avatar de l’utilisateur
celtic88
Messages : 309
Inscription : sam. 12/sept./2015 14:31
Localisation : Alger

Re: *Portable Executable

Message par celtic88 »

.....i Love Pb :)
Avatar de l’utilisateur
djes
Messages : 4252
Inscription : ven. 11/févr./2005 17:34
Localisation : Arras, France

Re: *Portable Executable

Message par djes »

celtic88 a écrit :windows executable

https://i.imgur.com/pHjcI.jpg
Ça me rappelle des souvenirs ! :D
Tu as lu dans le dernier «virus informatique», on parle d'un truc très intéressant sur les puces intel et Minix.
Avatar de l’utilisateur
celtic88
Messages : 309
Inscription : sam. 12/sept./2015 14:31
Localisation : Alger

Re: *Portable Executable

Message par celtic88 »

[quote="djes"][/quote]

merci DJES ,je vais voir :)
.....i Love Pb :)
Avatar de l’utilisateur
celtic88
Messages : 309
Inscription : sam. 12/sept./2015 14:31
Localisation : Alger

Re: Portable Executable mise à jour

Message par celtic88 »

nouveau plugin
désassembleur Basé sur BeaEngine dll

https://github.com/BeaEngine/beaengine

loader :

Code : Tout sélectionner

EnableExplicit

Macro HiWord(a)
  (a>>16 & $ffff)
EndMacro

Macro LowWord(a)
  (a & $ffff)
EndMacro

IncludeFile "Disasm_Window.Pbi"

Global DllModuleHandle
Global *CurrentFileLocation
Global Cwhwnd
Global MenuItemName.s = "Disassembler v0.1 b"
Global MenuItemId.l
Global hWindowsHook

Procedure _HookProc(code.l, wParam.l, lParam.l)
  Protected *msg.MSG = lParam
  With *msg
    If Cwhwnd=\hwnd And 
       \message = #WM_COMMAND And 
       HiWord(\wParam)=0 And 
       LowWord(\wParam)=MenuItemId      
      
      Protected *Window_Disassemble.Window_Disassemble = AllocateMemory(SizeOf(Window_Disassemble))
      *Window_Disassemble\Win_Par = Cwhwnd
      *Window_Disassemble\Win_SelectedFile = PeekS(*CurrentFileLocation)
  
      Window_Disassemble(*Window_Disassemble)
      
    EndIf
  EndWith
  ProcedureReturn CallNextHookEx_(@_HookProc(), code, wParam, lParam)
EndProcedure

ProcedureDLL AttachProcess(Instance)
  DllModuleHandle = Instance
EndProcedure

ProcedureDLL DetachProcess(Instance)
  UnhookWindowsHookEx_(hWindowsHook)
EndProcedure

ProcedureDLL PeExplorer_Plugin_Ini(Hwindow,*pCurrentFileLocation)
  *CurrentFileLocation=*pCurrentFileLocation
  Protected hm  = GetMenu_(Hwindow)
  Protected hPlug = GetSubMenu_(hm,1)
  Protected iMENUITEMINFO.MENUITEMINFO\cbSize = SizeOf(MENUITEMINFO)
  With  iMENUITEMINFO
    \hSubMenu=hPlug
    \fMask=#MIIM_ID|#MIIM_STRING;|#MIIM_SUBMENU
    \fType = #MFT_STRING
    \dwTypeData = @MenuItemName
    \wID=GetMenuItemCount_(hPlug) +999
    MenuItemId=\wID
  EndWith
  If InsertMenuItem_(hPlug,1,1,@iMENUITEMINFO)
    Cwhwnd=Hwindow
    hWindowsHook = SetWindowsHookEx_(#WH_GETMESSAGE,@_HookProc(),DllModuleHandle,GetCurrentThreadId_())
    ProcedureReturn hWindowsHook
  EndIf
EndProcedure
désassembleur Window

Code : Tout sélectionner

EnableExplicit

;Gui Disassembler Multi-thread

IncludeFile "BeaEngine.Pbi"

Prototype BeaEngineVersion()
Prototype BeaEngineRevision()
Prototype Disasm(*pDisasm._Disasm)
Global Disasm.Disasm


Procedure Load_BeaEngine()
  If Not Disasm
    Protected oDll = OpenLibrary(0,"Plugins\BeaEngine.dll")
    CompilerIf #PB_Compiler_ExecutableFormat = #PB_Compiler_Executable
      oDll = OpenLibrary(0,"BeaEngine.dll")
    CompilerEndIf
    If Not oDll
      MessageRequester("ERROR","BeaEngine.dll not exists!.")
      ProcedureReturn 0
    EndIf
    Disasm = GetFunction(0,"Disasm")
    If Not Disasm
      Disasm = GetFunction(0,"_Disasm@4")
    EndIf
  EndIf
  ProcedureReturn Disasm
EndProcedure

Structure Window_Disassemble
  Win_Par.i
  Win_Id.i
  Win_Sbar.i
  Win_CmBo.i
  Win_St_Offset.i
  Win_St_Size.i
  Win_St_BaseAddress.i
  Win_LIcon.i
  Win_Bo_Disas.i
  Win_Bo_Sfile.i
  
  Win_OnDisassemble.b
  Win_ThreadDisassemble.i
  Win_CurrentPos.i
  Win_ThreadNextData.b
  
  Win_Archi.l
  Win_File_Offset.i
  Win_File_Size.i
  Win_File_BaseAddress.i
  Win_File_AllSize.q
  
  Win_File_Mem.i
  
  Win_File_Disasm._Disasm
  
  Win_AddItemTxt.s{#MAX_PATH}
  Win_SelectedFile.s{#MAX_PATH}
EndStructure

#Window_Disassemble_AddItem = 1024

Declare  Window_Disassemble_Thread(*Window_Disassemble.Window_Disassemble)

Procedure Window_Disassemble_Close()
  Protected *Window_Disassemble.Window_Disassemble = GetWindowData(EventWindow())
  With *Window_Disassemble
    If \Win_OnDisassemble = 1 Or \Win_ThreadDisassemble
      \Win_OnDisassemble = 0
      ProcedureReturn    ;Wait thread...
    EndIf
    FreeStatusBar(\Win_Sbar)
    CloseWindow(\Win_Id)
  EndWith
  FreeMemory(*Window_Disassemble)
  CompilerIf #PB_Compiler_ExecutableFormat = #PB_Compiler_Executable
    End
  CompilerEndIf
EndProcedure

Procedure Window_Disassemble_Resize()
  Protected *Window_Disassemble.Window_Disassemble = GetWindowData(EventWindow())
  With *Window_Disassemble
    Protected FormWindowWidth, FormWindowHeight
    FormWindowWidth = WindowWidth(\Win_Id)
    FormWindowHeight = WindowHeight(\Win_Id)
    ResizeGadget(\Win_LIcon, 220, 10, FormWindowWidth - 230, FormWindowHeight - StatusBarHeight(\Win_Sbar) - 17)
  EndWith
EndProcedure

Procedure.s Pex_memToHex(pMem, Size)
  Protected binstr.s="",p
  For p= 0 To Size -1
    binstr + RSet(Hex(PeekA(pMem+ p),#PB_Byte),2,"0")
  Next
  ProcedureReturn binstr
EndProcedure

Procedure Window_Disassemble_AddItem()
  Protected *Window_Disassemble.Window_Disassemble = GetWindowData(EventWindow())
  With *Window_Disassemble
    If EventData() = 1
      ClearGadgetItems(\Win_LIcon)
      StatusBarProgress(\Win_Sbar, 1, 0)
    ElseIf EventData() = 2
      SetGadgetText(\Win_Bo_Disas, "Disassemble")
    Else
      AddGadgetItem(\Win_LIcon,-1,\Win_AddItemTxt)
      StatusBarProgress(\Win_Sbar, 1,  (\Win_CurrentPos* 100) / \Win_File_Size )
      \Win_ThreadNextData = 1
    EndIf
  EndWith
EndProcedure

Procedure Window_Disassemble_Thread(*Window_Disassemble.Window_Disassemble)
  With *Window_Disassemble
    
    FillMemory(\Win_File_Disasm,SizeOf(_Disasm)) 
    \Win_File_Disasm\EIP = \Win_File_Mem
    \Win_File_Disasm\VirtualAddr = \Win_File_BaseAddress
    \Win_File_Disasm\Archi = \Win_Archi
    \Win_File_Disasm\Options = #Tabulation|#NasmSyntax|#PrefixedNumeral
    Protected len =  Disasm(\Win_File_Disasm)
    
    \Win_AddItemTxt = ""
    \Win_CurrentPos =0
    PostEvent(#Window_Disassemble_AddItem, \Win_Id, 0,0,1)
    
    While len > 0 And \Win_OnDisassemble = 1
      
      \Win_AddItemTxt = RSet(Hex(\Win_File_Disasm\EIP,#PB_Long),8,"0") + "-" + 
                        Hex(\Win_CurrentPos,#PB_Long) + Chr(10) +
                        Pex_memToHex(\Win_File_Disasm\EIP, len) + Chr(10) +
                        PeekS(@\Win_File_Disasm\CompleteInstr,-1,#PB_Ascii)
      
      ;           If \Win_File_Disasm\Instruction\BranchType = #CallType
      ;             Debug Hex(\Win_File_Disasm\Instruction\AddrValue)
      ;           EndIf
      
      \Win_CurrentPos +len
      \Win_ThreadNextData = 0
      PostEvent(#Window_Disassemble_AddItem, \Win_Id, 0)
      While \Win_ThreadNextData =0:Wend
      
      If \Win_CurrentPos >= \Win_File_Size:Break:EndIf
      \Win_File_Disasm\EIP + len
      len =  Disasm(\Win_File_Disasm)
      
    Wend
    
    PostEvent(#Window_Disassemble_AddItem, \Win_Id, 0,0,2)
    
    FreeMemory(\Win_File_Mem)
    \Win_ThreadDisassemble = 0
    \Win_OnDisassemble = 0
  EndWith
EndProcedure

Procedure Window_Disassemble_Start(*Window_Disassemble.Window_Disassemble)
  With *Window_Disassemble
    \Win_File_AllSize = FileSize(\Win_SelectedFile)
    If \Win_File_AllSize > 0
      \Win_File_Offset = Val(GetGadgetText(\Win_St_Offset))
      \Win_File_Size = Val(GetGadgetText(\Win_St_Size))
      \Win_File_BaseAddress = Val(GetGadgetText(\Win_St_BaseAddress))
      Protected GetMachineType.s = GetGadgetText(\Win_CmBo)
      If GetMachineType = "x64"
        \Win_Archi = 64
      Else
        \Win_Archi = 0
      EndIf
      If \Win_File_Size < 1 Or
         \Win_File_Size > \Win_File_AllSize: \Win_File_Size = \Win_File_AllSize : SetGadgetText(\Win_St_Size,Str(\Win_File_Size)):EndIf
      If \Win_File_Offset < \Win_File_AllSize
        
        \Win_File_Mem = AllocateMemory(\Win_File_Size)
        Protected FielID = OpenFile(#PB_Any, \Win_SelectedFile, #PB_File_SharedRead|#PB_File_SharedWrite)
        FileSeek(FielID,\Win_File_Offset)
        ReadData(FielID,\Win_File_Mem,\Win_File_Size)
        CloseFile(FielID)
        
        \Win_OnDisassemble = 1
        \Win_ThreadDisassemble = CreateThread(@Window_Disassemble_Thread(),*Window_Disassemble)
        If \Win_ThreadDisassemble
          SetGadgetText(\Win_Bo_Disas, "Stop")
        Else
          FreeMemory(\Win_File_Mem)
          \Win_OnDisassemble = 0
        EndIf
      EndIf
      
    EndIf
  EndWith
EndProcedure

Procedure Window_Disassemble_Event()
  Protected *Window_Disassemble.Window_Disassemble = GetWindowData(EventWindow())
  With *Window_Disassemble
    Select EventGadget()
      Case \Win_Bo_Sfile
        Protected selFile.s = OpenFileRequester("Select a file..", "", "All|*.*", 0)
        If selFile
          \Win_SelectedFile = selFile
          StatusBarText(\Win_Sbar, 0, \Win_SelectedFile, #PB_StatusBar_Raised)
        EndIf
      Case \Win_Bo_Disas
        If \Win_OnDisassemble = 1 Or \Win_ThreadDisassemble
          \Win_OnDisassemble = 0
          ProcedureReturn
        EndIf
        
        Window_Disassemble_Start(*Window_Disassemble)
        
    EndSelect
  EndWith
EndProcedure

Procedure Window_Disassemble(*Window_Disassemble.Window_Disassemble)
  If Load_BeaEngine() = 0:ProcedureReturn:EndIf
  With *Window_Disassemble
    \Win_Id = OpenWindow(#PB_Any, 0, 0, 580, 360, "Disassembler v0.1 b", #PB_Window_SystemMenu | #PB_Window_MinimizeGadget | #PB_Window_MaximizeGadget | #PB_Window_SizeGadget | #PB_Window_ScreenCentered | #PB_Window_WindowCentered,\Win_Par)
    
    SetWindowData(\Win_Id, *Window_Disassemble)
    \Win_Sbar = CreateStatusBar(#PB_Any, WindowID(\Win_Id))
    AddStatusBarField(#PB_Ignore)
    StatusBarText(\Win_Sbar, 0, \Win_SelectedFile, #PB_StatusBar_Raised)
    AddStatusBarField(50)
    StatusBarProgress(\Win_Sbar, 1, 0)
    
    TextGadget(#PB_Any, 10, 10, 60, 20, "Machine")
    TextGadget(#PB_Any, 10, 35, 60, 20, "Offset")
    TextGadget(#PB_Any, 10, 60, 60, 20, "Size")
    TextGadget(#PB_Any, 10, 85, 90, 20, "Base Address")
    
    \Win_CmBo = ComboBoxGadget(#PB_Any, 110, 10, 100, 20, #PB_ComboBox_UpperCase)
    AddGadgetItem(\Win_CmBo, -1, "x86")
    AddGadgetItem(\Win_CmBo, -1, "x64")
    SetGadgetState(\Win_CmBo, 1) 
    If \Win_Archi = 0
      SetGadgetState(\Win_CmBo, 0) 
    EndIf
    
    \Win_St_Offset = StringGadget(#PB_Any, 110, 35, 100, 20, Str(\Win_File_Offset))
    \Win_St_Size = StringGadget(#PB_Any, 110, 60, 100, 20, Str(\Win_File_Size))
    \Win_St_BaseAddress = StringGadget(#PB_Any, 110, 85, 100, 20, Str(\Win_File_BaseAddress))
    
    \Win_LIcon = ListIconGadget(#PB_Any, 220, 10, 350, 320, "Address", 100)
    AddGadgetColumn(\Win_LIcon, 1, "OPcode", 100)
    AddGadgetColumn(\Win_LIcon, 2, "Instruction", 255)
    
    \Win_Bo_Disas = ButtonGadget(#PB_Any, 110, 120, 100, 20, "Disassemble")
    \Win_Bo_Sfile = ButtonGadget(#PB_Any, 8, 120, 100, 20, "Select File..")
    
    BindGadgetEvent(\Win_Bo_Disas, @Window_Disassemble_Event(), #PB_EventType_LeftClick)
    BindGadgetEvent(\Win_Bo_Sfile, @Window_Disassemble_Event(), #PB_EventType_LeftClick)
    
    BindEvent(#PB_Event_CloseWindow ,@Window_Disassemble_Close(),\Win_Id)
    BindEvent(#PB_Event_SizeWindow ,@Window_Disassemble_Resize(),\Win_Id)
    BindEvent(#Window_Disassemble_AddItem ,@Window_Disassemble_AddItem(),\Win_Id)
  EndWith
EndProcedure


CompilerIf #PB_Compiler_ExecutableFormat = #PB_Compiler_Executable
  Define *Window_Disassemble.Window_Disassemble = AllocateMemory(SizeOf(Window_Disassemble))
  Window_Disassemble(*Window_Disassemble)
  Repeat:WaitWindowEvent():ForEver
CompilerEndIf
beaengine inclu

Code : Tout sélectionner

; Rewrite by celtic88

Structure REX_Struct
  W_.b
  R_.b
  X_.b
  B_.b
  state.b
EndStructure

Structure PREFIXINFO
  Number.l
  NbUndefined.l
  LockPrefix.b
  OperandSize.b
  AddressSize.b
  RepnePrefix.b
  RepPrefix.b
  FSPrefix.b
  SSPrefix.b
  GSPrefix.b
  ESPrefix.b
  CSPrefix.b
  DSPrefix.b
  BranchTaken.b
  BranchNotTaken.b
  REX.REX_Struct
  alignment.b[2]
EndStructure

Structure EFLStruct
  OF_.b                   
  SF_.b                    
  ZF_.b                   
  AF_.b                 
  PF_.b                
  CF_.b                 
  TF_.b                   
  IF_.b                
  DF_.b                    
  NT_.b                     
  RF_.b                   
  alignment.b                
EndStructure

Structure MEMORYTYPE
  BaseRegister.l
  IndexRegister.l
  Scale.l
  Displacement.q
EndStructure

Structure INSTRTYPE
  Category.l
  Opcode.l
  Mnemonic.b[16]
  BranchType.l
  Flags.EFLStruct
  AddrValue.q
  Immediat.q
  ImplicitModifiedRegs.l
EndStructure

Structure ARGTYPE
  ArgMnemonic.b[64]
  ArgType.l
  ArgSize.l
  ArgPosition.l
  AccessMode.l
  Memory.MEMORYTYPE 
  SegmentReg.l
EndStructure
#INSTRUCT_LENGTH = 64

Structure _Disasm
  EIP.i
  VirtualAddr.q
  SecurityBlock.l
  CompleteInstr.b[#INSTRUCT_LENGTH]
  Archi.l
  Options.q
  Instruction.INSTRTYPE
  Argument1.ARGTYPE
  Argument2.ARGTYPE
  Argument3.ARGTYPE
  Prefix.PREFIXINFO
  Reserved_.l[40]
EndStructure

#LowPosition = 0
#HighPosition = 1

#ESReg = 1
#DSReg = 2
#FSReg = 3
#GSReg = 4
#CSReg = 5
#SSReg = 6

;Prefixes
#InvalidPrefix      = 4
#InUsePrefix        = 1
#SuperfluousPrefix  = 2
#NotUsedPrefix      = 0
#MandatoryPrefix    = 8

;EFLAGS states
#TE_ = 1                     ;test
#MO_ = 2                     ;modify
#RE_ = 4                     ;reset
#SE_ = 8                     ;set
#UN_ = 16                    ;undefined
#PR_ = 32                    ;restore prior value

;INSTRUCTION_TYPE
#GENERAL_PURPOSE_INSTRUCTION = $00010000
#FPU_INSTRUCTION             = $00020000
#MMX_INSTRUCTION             = $00040000
#SSE_INSTRUCTION             = $00080000
#SSE2_INSTRUCTION            = $00100000
#SSE3_INSTRUCTION            = $00200000
#SSSE3_INSTRUCTION           = $00400000
#SSE41_INSTRUCTION           = $00800000
#SSE42_INSTRUCTION           = $01000000
#SYSTEM_INSTRUCTION          = $02000000
#VM_INSTRUCTION              = $04000000
#UNDOCUMENTED_INSTRUCTION     = $08000000
#AMD_INSTRUCTION              = $10000000
#ILLEGAL_INSTRUCTION          = $20000000
#AES_INSTRUCTION              = $40000000
#CLMUL_INSTRUCTION            = $80000000
#AVX_INSTRUCTION              = $100000000
#AVX2_INSTRUCTION             = $200000000
#MPX_INSTRUCTION              = $400000000

#DATA_TRANSFER               = 1
#ARITHMETIC_INSTRUCTION      = 2
#LOGICAL_INSTRUCTION         = 3
#SHIFT_ROTATE                = 4
#BIT_BYTE                    = 5
#CONTROL_TRANSFER            = 6
#STRING_INSTRUCTION          = 7
#InOutINSTRUCTION            = 8
#ENTER_LEAVE_INSTRUCTION     = 9
#FLAG_CONTROL_INSTRUCTION    = 10
#SEGMENT_REGISTER            = 11
#MISCELLANEOUS_INSTRUCTION   = 12

#COMPARISON_INSTRUCTION      = 13
#LOGARITHMIC_INSTRUCTION     = 14
#TRIGONOMETRIC_INSTRUCTION   = 15
#UNSUPPORTED_INSTRUCTION     = 16
   
#LOAD_CONSTANTS              = 17
#FPUCONTROL                  = 18
#STATE_MANAGEMENT            = 19

#CONVERSION_INSTRUCTION      = 20

#SHUFFLE_UNPACK              = 21
#PACKED_SINGLE_PRECISION     = 22
#SIMD128bits                 = 23
#SIMD64bits                  = 24
#CACHEABILITY_CONTROL        = 25
   
#FP_INTEGER_CONVERSION       = 26
#SPECIALIZED_128bits         = 27
#SIMD_FP_PACKED              = 28
#SIMD_FP_HORIZONTAL          = 29
#AGENT_SYNCHRONISATION       = 30

#PACKED_ALIGN_RIGHT          = 31 
#PACKED_SIGN                 = 32

;SSE4
   
#PACKED_BLENDING_INSTRUCTION = 33
#PACKED_TEST                 = 34
   
; CONVERSION_INSTRUCTION -> Packed Integer Format Conversions et Dword Packing With Unsigned Saturation
; COMPARISON -> Packed Comparison SIMD Integer Instruction
; ARITHMETIC_INSTRUCTION -> Dword Multiply Instruction
; DATA_TRANSFER -> POPCNT

#PACKED_MINMAX               = 35
#HORIZONTAL_SEARCH           = 36
#PACKED_EQUALITY             = 37
#STREAMING_LOAD              = 38
#INSERTION_EXTRACTION        = 39
#DOT_PRODUCT                 = 40
#SAD_INSTRUCTION             = 41
#ACCELERATOR_INSTRUCTION     = 42
#ROUND_INSTRUCTION           = 43

;BranchTYPE
#Jo_                         = 1
#Jno_                        = -1
#Jc_                         = 2
#Jnc_                        = -2
#Je_                         = 3
#Jne_                        = -3
#Ja_                         = 4
#Jna_                        = -4
#Js_                         = 5
#Jns_                        = -5
#Jp_                         = 6
#Jnp_                        = -6
#Jl_                         = 7
#Jnl_                        = -7
#Jg_                         = 8
#Jng_                        = -8
#Jb_                         = 2
#Jnb_                        = -2
#Jecxz_                      = 10
#JmpType                     = 11
#CallType                    = 12
#RetType                     = 13

;ARGUMENTS_TYPE
#NO_ARGUMENT                 = $10000000
#REGISTER_TYPE               = $20000000
#MEMORY_TYPE                 = $40000000
#CONSTANT_TYPE               = $80000000

#MMX_REG                     = $00010000
#GENERAL_REG                 = $00020000
#FPU_REG                     = $00040000
#SSE_REG                     = $00080000
#CR_REG                      = $00100000
#DR_REG                      = $00200000
#SPECIAL_REG                 = $00400000
#MEMORY_MANAGEMENT_REG       = $00800000       ; GDTR (REG0), LDTR (REG1), IDTR (REG2), TR (REG3)
#SEGMENT_REG                 = $01000000       ; ES (REG0), CS (REG1), SS (REG2), DS (REG3), FS (REG4), GS (REG5)
#AVX_REG                     = $02000000
#MPX_REG                     = $04000000

#RELATIVE_                   = $04000000
#ABSOLUTE_                   = $08000000

#Read                        = 1
#WRITE                       = 2
;Regs
#REG0                        = 1   ; 30h
#REG1                        = 2   ; 31h
#REG2                        = 4   ; 32h
#REG3                        = 8   ; 33h
#REG4                        = $10 ; 34h
#REG5                        = $20 ; 35h
#REG6                        = $40 ; 36h
#REG7                        = $80 ; 37h
#REG8                        = $100; 38h
#REG9                        = $200; 39h
#REG10                       = $400    ; 3Ah
#REG11                       = $800    ; 3Bh
#REG12                       = $1000   ; 3Ch
#REG13                       = $2000   ; 3Dh
#REG14                       = $4000   ; 3Eh
#REG15                       = $8000   ; 3Fh

;SPECIAL_REG
#UNKNOWN_OPCODE              = -1
#OUT_OF_BLOCK                = 0
#NoTabulation                = 0
#Tabulation                  = 1
#MasmSyntax                  = 0
#GoAsmSyntax                 = $100
#NasmSyntax                  = $200
#ATSyntax                    = $400
#IntrinsicMemSyntax          = $800
#PrefixedNumeral             = $10000
#SuffixedNumeral             = 0
#ShowSegmentRegs             = $01000000

; Import "BeaEngine.lib"
;   BeaEngineVersion()
;   BeaEngineRevision()
;   Disasm(*pDisasm._Disasm)
; EndImport

;Debug SizeOf(_Disasm); 652

;test
; Debug Hex(?da)
; pDisasm._Disasm\EIP = ?da
; pDisasm\SecurityBlock = 13
; pDisasm\Archi = 0
; pDisasm\Options = #Tabulation|#NasmSyntax|#PrefixedNumeral
; len =  Disasm(pDisasm)
; While len > 0
;   pDisasm\EIP + len
;   Debug PeekS(@pDisasm\CompleteInstr,-1,#PB_Ascii)
;   
;   len =  Disasm(pDisasm)
; Wend
; 
; DataSection
;   da:
;   Data.b $E8 ,$4 ,$0 ,$0 ,$0 ,$83 ,$C0 ,$10 ,$C3 ,$8B ,$4 ,$24 ,$83 ,$E8 ,$5 ,$C3 ,$42 ,$79 ,$20 ,$63 ,$65 ,$6C ,$74 ,$69 ,$63 ,$38 ,$38 ,$0
; EndDataSection

Image
.....i Love Pb :)
Ollivier
Messages : 4190
Inscription : ven. 29/juin/2007 17:50
Localisation : Encore ?
Contact :

Re: Portable Executable mise à jour

Message par Ollivier »

Ro! La cuisine! Je regarde ça dès que j'ai du temps. C'est intéressant de découvrir un autre désassembleur. Et puis tu n'as pas dû y passer que deux minutes. Merci pour le partage!
Ollivier
Messages : 4190
Inscription : ven. 29/juin/2007 17:50
Localisation : Encore ?
Contact :

Re: Portable Executable mise à jour

Message par Ollivier »

Essaie de regarder ta messagerie privée si tu as le temps, s'il-te-plaît. Il y a un message depuis lundi.
Répondre