Add the following code to your project's shard.yml under:
dependencies
to use in production
- OR -
development_dependencies
to use in development
[Crystal][crystal] bindings for libudis86. Inspired by the Ruby [ffi-udis86] gem and should be API compatible.
Install libudis86:
Debian / Ubuntu
????
RedHat / Fedora:
$ sudo dnf install udis86-devel
Brew:
$ brew install udis86
Add the dependency to your shard.yml:
dependencies:
udis86:
github: postmodern/udis86.cr
Run shards install
Create a new disassembler:
require "udis86"
ud = UDis86::UD.create(syntax: :att, mode: 64)
Set the input buffer:
ud.input_buffer = "\x90\x90\xc3"
Add an input callback:
ud.input_callback { |ud| ops.shift? || -1 }
Read from a file:
UD.open(path) do |ud|
...
end
Disassemble and print instructions:
ud.disas do |insn|
puts insn
end
Disassemble and print information about the instruction and operands:
asm = "\x75\x62\x48\x83\xc4\x20\x5b\xc3\x48\x8d\x0d\x23\x0c\x01\x00\x49\x89\xf0"
ud = FFI::UDis86::UD.create(
buffer: asm,
mode: 64,
vendor: :amd,
syntax: :att
)
ud.disas do |insn|
puts insn
puts " * Offset: #{insn.insn_offset}"
puts " * Length: #{insn.insn_length}"
puts " * Mnemonic: #{insn.mnemonic}"
operands = insn.operands.reverse.map do |operand|
if operand.is_mem?
ptr = [operand.base]
ptr << operand.index if operand.index
ptr << operand.scale if operand.scale
"Memory Access (#{ptr.join(',')})"
elsif operand.is_imm? ; "Immediate Data"
elsif operand.is_jmp_imm? ; "Relative Offset"
elsif operand.is_const? ; "Constant"
elsif operand.is_reg? ; "Register (#{operand.reg})"
end
end
puts " * Operands: " + operands.join(" -> ")
end
git checkout -b my-new-feature)git commit -am 'Add some feature')git push origin my-new-feature)[ffi-udis86]: https://github.com/sophsec/ffi-udis86#readme) [crystal]: https://crystal-lang.org/