Assembler Disassembler Engines

Forum for discussion about user-mode development.
User avatar
Brock
Posts: 204
Joined: Wed Apr 28, 2010 3:13 am
Location: Valparaiso, Florida USA
Contact:

Re: Assembler Disassembler Engines

Post by Brock » Thu May 26, 2011 1:21 am

Disassembler written in Delphi for x86 platform written by Rllibby who frequents the experts exchange website. It's a port from the libdisasm project.

http://www.programmersheaven.com/downlo ... pView.aspx

////////////////////////////////////////////////////////////////////////////////
//
// Unit : DISASM32.PAS (requires DISASM32.RES}
// Date : 02.29.2004
// Conversion : Russell Libby
//
// Description : This is a Delphi conversion of the libdisasm project, which
// is a sub portion of the "bastard" project:
//
// http://bastard.sourceforge.net/libdisasm.html
//
// The libdisasm project is distributed under an "Artistic
// License", and I give full credit to the original authors.
// Special thanks also goes out to "mammon_" ;-)
//
// ---------------------------------------------------------------------------
Accept nothing less than STATUS_SUCCESS

User avatar
Brock
Posts: 204
Joined: Wed Apr 28, 2010 3:13 am
Location: Valparaiso, Florida USA
Contact:

Re: Assembler Disassembler Engines

Post by Brock » Thu May 26, 2011 1:32 am

My personal favorite disasm written by Madshi in Delphi. This is a very complete disasm engine and is nearly 200 kb in source size. It isn't for the faint of heart ;)

http://www.2shared.com/file/tjSyW-YR/madDisAsm.html
http://www.2shared.com/file/Ell7GM7N/mad.html
http://www.2shared.com/file/Z20V7WOo/madDisAsm_.html
Accept nothing less than STATUS_SUCCESS

User avatar
redp
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm
Contact:

Re: Assembler Disassembler Engines

Post by redp » Sun Aug 14, 2011 1:16 pm

patched udis86 - added ssse3, sse4, aes instructions and fixed some known bugs
Check Wincheck

xp5evr
Banned
Posts: 5
Joined: Thu Jul 04, 2013 1:45 pm

Re: Assembler Disassembler Engines

Post by xp5evr » Thu Jul 04, 2013 1:54 pm

I've seen zdisasm (available for example here: .h, .c) used in some malware, has anyone here used it? As you can see in the header it only exposes one (mispelled) function, used for getting instruction length. This seems like it could be useful if all you need to do is something simple like inline hooking and don't want a lot of overhead (but are still too lazy to implement it yourself). Has anyone here used it?

Currently I use libudis86 even for simple tasks such as getting instruction length when inline hooking.

voroojax
Posts: 15
Joined: Thu Feb 17, 2011 10:19 pm

Re: Assembler Disassembler Engines

Post by voroojax » Fri Dec 20, 2013 9:51 am

Capstone
http://www.capstone-engine.org/index.html

Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.

Features
[*]Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86 (more details).
[*]Clean/simple/lightweight/intuitive architecture-neutral API.
[*]Provide details on disassembled instruction (called “decomposer” by others).
[*]Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
[*]Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.
[*]Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).
[*]Thread-safe by design.
[*]Distributed under the open source BSD license.

sp1rate
Posts: 1
Joined: Tue Sep 29, 2015 1:03 pm

Re: Assembler Disassembler Engines

Post by sp1rate » Thu Oct 22, 2015 1:39 pm

Yup, capstone is cool. With all those bindings for languages like python and ruby.
https://github.com/aquynh/capstone/tree/master/bindings
There's also a nice example base, and showcase on their site:
Also, radare2 is built on top of it.

User avatar
tangptr
Posts: 28
Joined: Mon Nov 14, 2016 11:14 am
Location: People Republic of China
Contact:

Re: Assembler Disassembler Engines

Post by tangptr » Mon Mar 20, 2017 11:53 am

I may use the LDE64 for searching specialized address, or calculating the size need to patch when doing inline hook, et cetera.
LDE64 is designed by beatrix(I guess...)

Post Reply