x86 或 x64 反汇编程序库
我知道一些反汇编库,但我正在寻找的是一个具有如下 api 的库:
void * findAddrOfFirstInstructionStartingFrom( void * startAddress , InstructionType instruction);
void* addr = findAddrOfFirstInstructionStartingFrom(startAddress , JMP);
以及其他 api 对这个库的微笑,比如搜索特定的内容,而不是反汇编地址中声明的所有指令并获取各种信息,因为它如果你只想找到特定的东西而不是所有东西,那么速度会很慢。
如果您知道任何请告诉我,如果没有请告诉我一个开源且易于修改的。
I know o some disassemble libs , but what I'm looking for is one that has an api like:
void * findAddrOfFirstInstructionStartingFrom( void * startAddress , InstructionType instruction);
void* addr = findAddrOfFirstInstructionStartingFrom(startAddress , JMP);
and other apis smiler to this one like search for something specific not disassemble all instructions stating from an address and get all sorts of info because it slow if you only want to find something specific not everything.
If you know any pls let me know , if there isn't any pls tell me one that is open source and easy to modify.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您没有标记也没有告诉处理器架构,因此您不太可能得到真正的答案。
通常,本机代码指令的长度根据它们所采用的操作数而变化很大,因此您必须在搜索之前反汇编该内容。否则,您只会找到与您搜索的指令模式相匹配的第一个字节序列。它很可能不是真正的指令,而是前一条指令的操作数的一部分。
编辑:自从您更新了标题后,我可以想到选择 Borg 和 PEDasm 是开源的。如果你放弃开源的东西,那么肯定是 IDA pro。
You did not tag nor tell the processor architecture, so it is unlikely that you get a real answer.
Commonly native code instructions are with very varying length depending on operands they take so you have to disassemble the thing before searching. Otherwise you just find first sequence of bytes that matches the pattern of instruction you search for. It is most likely not a real instruction but part of operands of previous instruction.
EDIT: Since you updated title, i can think of choices Borg and PEDasm are open source. If you drop that open-source thing then definitely IDA pro.
我不知道有任何 API 可以执行此操作,但可以使用一些命令行脚本来完成:
因此,例如,要查找文件中从地址 0x08048664 开始的第一个
JMP指令a.out,你可以这样做:I'm not aware of any API that can do this but it can be accomplished using some command line scripting:
So, for example, to find the first
JMPinstruction starting at address 0x08048664 in the filea.out, you can do this:您可能想要的不仅仅是一个库,而是一些反汇编器框架。看看 IDA-Pro,它还提供了多功能脚本接口(和反汇编器 API)
What you probably want is not just a library, but some Disassembler Framework. Have a look at IDA-Pro, which also provides a versatile scripting interface (and a disassembler API)