Forum > Windows

Zydis disassembler Pascal bindings and utilities

<< < (2/2)

440bx:
The ZydisInfo set of programs output almost all of the information Zydis makes the programmer available about an instruction.

The "A" version is parallel to the original C version.  A command line program.

The "B" version is a GUI version.  Accepts input from the command line (as does "A")

The "C" version is a GUI version that takes as input a PE file (by means of drag and drop.) It uses very _basic_ tests to attempt to separate code from data (with varying success depending on the PE file.)
It has a number of interesting features, among them: nice shell icons drag and drop, GUI and PE analysis threads independent of each other and not requiring synchronization objects of any kind, mouse wheel support, multi-monitor recognition (app always starts in the monitor where the cursor is), filtering of binary instructions by uniqueness or not being optimized (as deemed by Zydis, double click the client area to switch indexes), drag the window from the client area (no need to go to the caption), flicker free (because of double buffering.) 
Reasonably fast, analyzes an older 32 bit version of Lazarus (214MB) in about 8 seconds.

The ZydisInfoFileInputB is a console program that takes a binary file (not a PE) as its input.  It provides a way to redirect the output to a text file for later inspection.

ZydisInfoFileInputNoDupsB is the same as ZydisInfoFileInputB above except that it filters out duplicate instructions.  It also offers the possibility of controlling which index to use to produce the output (requires selecting options in code and recompiling.)

The ZydisStructureSizesB.lpr and ZydisStructureSizesB.c are programs to output the sizes of the data structures used by Zydis.  This was used to verify that the Pascal definitions had the same sizes as the C definitions (gives some confidence that the translation might be correct.) 

ExtractPeCode is a utility that extracts the code section from a PE file into a .bin file.  The .bin file can then be fed to one of the Zydis based disassembly utilities and the output compared with the output obtained from IDA Pro.  IOW, it is a way to provide a "level playing field" between a Zydis based utility and IDA Pro.

CleanIdaBinListing is a utility that parses an IDA Pro listing and removes unwanted "ornaments" from the listing so it can be compared with a listing obtained using Zydis functions.

Attached is a screenshot of the GUI version of ZydisInfo.

440bx:
BUGFIX:

Two of the programs have a minor bug.  They are:

ZydisInfoA demanded at least 3 command line arguments in spite of the fact that 2 may in some cases be sufficient.

ZydisInfoB used a 64 bit decorative instruction address which was not appropriate for 32 bit or 16 bit instructions.  The extra bits in the decorative address caused an access violation (out of bounds violation.)

Attached to this post are archives with the corrected source, unzip them in their corresponding directories overwriting the current source code files. 

Thank you and apologies for those oversights.

440bx:
Also, while fixing those two bugs, I noticed that some of the program descriptions, as far as their usage and functionality, are a bit on the meager side.

I will answer any questions anyone may have as to how to get the most out of any one of the programs.  Succinctly: questions are welcome.

Navigation

[0] Message Index

[*] Previous page

Go to full version