VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum
[Previous] [Index] [Next]

Hacker Disassembler Engine

Author: Patkov, Veacheslav

Author's notes

1. Description.

hde32 is a small disassembler engine, intended for analysis of x86-32 code. It gets length of command, prefixes, ModR/M, SIB, opcode, etc. For example, you can use hde32 when writing unpackers of executables, viruses, because most other disassemblers too big, get only assembler listing and are not intended for analysis of code, but most simple length disassemblers get too little info. hde32 gets enough info for analysis, but it has very small size.

2. Notes.

Alignment of structure `hde32s' is 1 byte (no alignment). Be careful, check settings of your compiler or use headers from this package.

hde32 doesn't check invalid instructions. If instruction is invalid, hde32 will disassemble it using the general disassembly rules.

3. How to use.

To disassemble instruction should call `hde32_disasm' function. First argument is pointer to code, second - pointer to `hde32s' structure:

unsigned int __cdecl hde32_disasm(const void *code, hde32s *hs);

This function return length of command and fill `hde32s' structure:

   typedef struct {
       uint8_t len;        // length of command
       uint8_t p_rep;      // rep/repz (0xf3) & repnz (0xf2) prefix
       uint8_t p_lock;     // lock prefix: 0xf0
       uint8_t p_seg;      // segment prefix: 0x26,0x2e,0x36,0x3e,0x64,0x65
       uint8_t p_66;       // operand-size override prefix: 0x66
       uint8_t p_67;       // address-size override prefix: 0x67
       uint8_t opcode;     // opcode
       uint8_t opcode2;    // second opcode (if first opcode is 0x0f)
       uint8_t modrm;      // ModR/M byte
       uint8_t modrm_mod;  //   mod field of ModR/M
       uint8_t modrm_reg;  //   reg field of ModR/M
       uint8_t modrm_rm;   //   r/m field of ModR/M
       uint8_t sib;        // SIB byte
       uint8_t sib_scale;  //   scale field of SIB
       uint8_t sib_index;  //   index field of SIB
       uint8_t sib_base;   //   base field of SIB
       uint8_t imm8;       // immediate value imm8
       uint16_t imm16;     // immediate value imm16
       uint32_t imm32;     // immediate value imm32
       uint8_t disp8;      // displacement disp8
       uint16_t disp16;    // displacement disp16
       uint32_t disp32;    // displacement disp32
       uint8_t rel8;       // relative address rel8
       uint16_t rel16;     // relative address rel16
       uint32_t rel32;     // relative address rel32
   } hde32s;

Fields `opcode' and `len' are filled always, others are optional and depend of instruction. If field's value is zero, then it is not existing.

HDE32C is the C version of the engine, versions 0.01,0.02 correspond to HDE32 0.14

Quick jump to:
(Full info)

hde01.zip20307HDE 0.1Jun 2006MD5 sum c10666f3c1199a47e1ae7043412b843d
hde02.zip21181HDE 0.2Jul 2006MD5 sum ace034721f2d5562e830cc04976c9640
hde20.zip37775HDE 0.20Sep 2008MD5 sum 519b1dab401bad5e6c97bdccd8a226b2
hde22.zip38326HDE 0.22Sep 2008MD5 sum b076981f47c08a942529ec0444425ecc
hde23.zip38393HDE 0.23Sep 2008MD5 sum ca1d275cfec01dada569553fbf1cb986
hde24.zip38553HDE 0.24Sep 2008MD5 sum 8c1ad0e2b4c54c0a8faa5fc3e40b7c88
hde25.zip38729HDE 0.25Oct 2008MD5 sum 2d741294c36c91b73c3e800cb09b315b
hde25c.zip5888HDE 0.25cOct 2008MD5 sum 5b3afd7266b320b0e0752d39769a105d
hde26.zip38875HDE 0.26Dec 2008MD5 sum b769ae855db93fe66423b40d902401bb
hde27.zip27072HDE 0.27Jan 2009MD5 sum c334d6c662de82c80ee9aacac566073b
hde27b.zip18440HDE 0.27 (binary)Jan 2009MD5 sum e1cdb14a872fdedf61ae892231b420ad
hde27c.zip6386HDE 0.27CJan 2009MD5 sum 4df28bc04071744a8db65f6eeb539934
hde28.zip23611HDE 0.28Mar 2009MD5 sum 6514276e776bfa6ed6846c82d5b8e5e7
hde28b.zip10364HDE 0.28 (binary)Mar 2009MD5 sum ddf7d34ec51d72794c80038615f5a0e6
hde28c.zip5902HDE 0.28CMar 2009MD5 sum 766e65eb15a91831c21cdc2ed68fbe69
hde03.zip23447HDE 0.3Jul 2006MD5 sum d87383eb858e3c946fe58676db1ac120
hde04.zip23907HDE 0.4Aug 2006MD5 sum 555ba179ed89457fdabce19b1c6a659b
hde05.zip26030HDE 0.5Nov 2006MD5 sum 8e1066d2749eb11a8136095813ce2cd5
hde06.zip26404HDE 0.6Jan 2007MD5 sum e815220cca681885ef9dfbd9434e1cf6
hde07.zip25588HDE 0.7Feb 2007MD5 sum 5ffa7698604d71bb2430ebb3bb8c71c1
hde08.zip26447HDE 0.8Aug 2007MD5 sum de43045f4f6f205fdb2a078fef970b9e
hde09.zip26167HDE 0.9Oct 2007MD5 sum 5f9fcf91d923ece5b9ba1f7d770821d3
hde10.zip24755HDE32 0.10Jan 2008MD5 sum 58b29af704f5d6dc58ca985c2d2e7c19
hde11.zip22215HDE32 0.11Jan 2008MD5 sum be303764f7497259b3c632c5d650f974
hde12.zip22605HDE32 0.12Jul 2008MD5 sum 7a27add1f0d4187fafe45c84a977b627
hde13.zip24913HDE32 0.13Aug 2008MD5 sum 4794fa1ec1ecb869edb50c5c853123c0
hde14.zip32997HDE32 0.14Aug 2008MD5 sum eda5bb99ddde46852ffd49c31a7b1d4f
hde15.zip34010HDE32 0.15Aug 2008MD5 sum ccb3bb4aa2e1bf82fd878cb076002fd8
hde16.zip34163HDE32 0.16Aug 2008MD5 sum 8fd491eb2475c0f69e6ecf3d4225c686
hde17.zip34268HDE32 0.17Aug 2008MD5 sum 7c6ee3dbc4fb17e6335441f46af50246
hde18.zip36000HDE32 0.18Aug 2008MD5 sum 6eb9579ec00bc99da78164ac5ab09b18
hde19.zip35715HDE32 0.19Aug 2008MD5 sum 6436d36857da36c2f0297a8796587317
hde21.zip38300HDE32 0.21Sep 2008MD5 sum 75ada8e6b1fb0f765629bf6bc0515baf
hde01c.zip2808HDE32C 0.01Aug 2008MD5 sum 412823fe3939514cb1a19912ca7490f5
hde02c.zip4132HDE32C 0.02Aug 2008MD5 sum 027c00574505ab5ab55660ed31be01bd
hde15c.zip5250HDE32C 0.15Aug 2008MD5 sum b1894012b48fce034feb5c5d41bd9911
hde19c.zip5185HDE32C 0.19Aug 2008MD5 sum 4819d3a50b2843fa84ce6fd2f892bcc5
hde20c.zip5515HDE32C 0.20Sep 2008MD5 sum c0deab20a0e835f3c1e79a9681ece91a
hde24c.zip5632HDE32C 0.24Sep 2008MD5 sum aa207b223e64d74d971d96947818a91d
hde6403c.zip50205HDE64 0.03CJan 2009MD5 sum c5b5d81b92be327fdd5c4c562575d467
hde6404c.zip15977HDE64 0.04CMar 2009MD5 sum 10271ebd9223978d0b18dd957d737f7c
hde6401c.zip15314HDE64C 0.01Sep 2008MD5 sum 45aaa88e73c0578cb546c74e7122973e
hde6402c.zip15707HDE64C 0.02Nov 2008MD5 sum 28fe03f1eed5bfe9bc110390cfe999cf

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka