Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ;- Simple x86/x64-Disassembler V_0.69
- ;- "Helle" Klaus Helbing, December 06, 2011
- ;- Tested with PB 4.60 (x86/x64), Windows XP Prof. SP3 (32-Bit) / Windows 7 (64-Bit), FAsm 1.69.35, CPU Intel i7-2600 and AMD FX-8120
- ;- Sources:
- ;-- Microsoft Portable Executable and Common Object File Format Specification, Revision 8.2 - September 21, 2010
- ;-- Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 2A #253666-039US May 2011 and Volume 2B #253667-039US May 2011
- ;-- Intel® Advanced Vector Extensions Programming Reference, Ref. #319433-011 June 2011
- ;-- 3DNow! Technology Manual, AMD 21928
- ;-- AMD Extensions to the 3DNow! and MMX Instruction Sets Manual, AMD 22466
- ;-- AMD64 Architecture Programmer’s Manual, Volume 3 #24594-Rev.3.16-September 2011 and Volume 4 #26568-Rev.3.13-September 2011
- Global AST.l ;Anfang Section Table
- Global Zeile.l ;Zeile im ListIconGadget
- Global ZeilePEP.l ;Zeile des Programm-Einstiegspunktes im ListIconGadget
- Global Buffer.q ;allokierter Speicher für die Datei
- Global ANS.l ;Anzahl der Sections
- Global IB.q ;Image-Base die Quads für Ansicht 64-Bit-File unter 32-Bit-OS!
- Global PEP.l ;Programm-Einstiegspunkt
- Global SZ.l ;Sections-Zähler
- Global FL.l ;für Flag-Ermittlung der einzelnen Sections
- Global BZ.q ;Zeiger in Buffer
- Global OS.q ;Offset Section
- Global SO.q ;Section-Offset innerhalb der Datei
- Global LF.q ;File-Länge
- Global SL.q ;Sections-Länge
- Global SRVA.q ;RVA der Section
- Global ProgA.q ;niedrigst mögliche Adresse
- Global ProgE.q ;höchst mögliche Adresse
- Global NoString.l ;ob Strings für Informatioms-Anzeige gesucht werden sollen
- Global Adr.l ;ob gerade eine Adressierung aktiv ist
- Global Komma.l ;ob Komma(s) gesetzt werden soll(en)
- Global CSS.l ;Instruktion benutzt das C-Segment
- Global DSS.l ;Instruktion benutzt das D-Segment
- Global ESS.l ;Instruktion benutzt das E-Segment
- Global FSS.l ;Instruktion benutzt das F-Segment
- Global GSS.l ;Instruktion benutzt das G-Segment
- Global SSS.l ;Instruktion benutzt das S-Segment
- Global OPF.l ;für FPU-Opcodes
- Global IsProg64.l ;1=ist 64-Bit-File
- Global REX.l ;64-Bit-Präfix
- Global REXEX.l ;Merker
- Global LVEX.l ;AVX
- Global RVEX.l ;AVX
- Global WVEX.l ;AVX
- Global mmmmm.l ;AVX
- Global pp.l ;AVX
- Global vvvv.l ;AVX
- Global XY$ ;AVX
- Global OPAVX.l ;AVX
- Global Var1.l ;AVX
- Global IMM8.l ;AVX
- Global BVEX.l
- Global XVEX.l
- Global Adr3264.l = 8 ;für Adress-Anzeige, 8 für 32-Bit als Standard (erstmal)
- Global Adr64.q ;Add-Korrektur-Wert für 64-Bit-Adress-Berechnung, berücksichtigt nachfolgende Strings
- Global IsvonMSBytes.l ;Merker
- Global RSPZ.q ;rel.Sprungziel
- Global RSE.q ;rel.Sections-Ende
- Global XRVA.q ;Hilfs-Variable
- Global X.q ;Hilfs-Variable
- Global SPZ.q ;Sprungziel
- Global DLLAdr.q ;DLLAddress
- Global NoCode.l ;Merker
- Global NOF.l ;DLL: Number Of Functions
- Global DLL.l ;Merker
- Global GID.l ;GadgetID
- Global CPUInfo.l ;CPU-Balloon-Tipp
- Global OS3264.l ;ob 64-Bit-OS (=1)
- Global MemAdd64.q ;64-Bit-Adress-Korrektur wenn imm folgt
- Global AES.l = $0000D0 ;für CPUID erstmal Rot für nicht vorhanden
- Global AMDLM.l = $0000D0
- Global AMDMISAL16.l = $0000D0
- Global AVX.l = $0000D0
- Global AVX2.l = $0000D0
- Global BMI.l = $0000D0
- Global CLFSH.l = $0000D0
- Global CMOV.l = $0000D0
- Global CX16.l = $0000D0
- Global CX8.l = $0000D0
- Global CVT16.l = $0000D0
- Global DNOW.l = $0000D0
- Global EDNOW.l = $0000D0
- Global EMMX.l = $0000D0
- Global FMA.l = $0000D0
- Global FMA4.l = $0000D0
- Global FXSR.l = $0000D0
- Global LWP.l = $0000D0
- Global LZCNT.l = $0000D0
- Global MMX.l = $0000D0
- Global MONITOR.l = $0000D0
- Global MOVBE.l = $0000D0
- Global MSR.l = $0000D0
- Global OSXSAVE.l = $0000D0
- Global PCLMULQDQ.l = $0000D0
- Global POPCNT.l = $0000D0
- Global RDTSC.l = $0000D0
- Global RDTSCP.l = $0000D0
- Global SEP.l = $0000D0
- Global SMX.l = $0000D0
- Global SSE.l = $0000D0
- Global SSE2.l = $0000D0
- Global SSE3.l = $0000D0
- Global SSSE3.l = $0000D0
- Global SSE41.l = $0000D0
- Global SSE42.l = $0000D0
- Global SSE4A.l = $0000D0
- Global TBM.l = $0000D0
- Global VMX.l = $0000D0
- Global SVM.l = $0000D0
- Global XOP.l = $0000D0
- Global XSAVE.l = $0000D0
- Global XSAVEOPT.l = $0000D0
- Global Bit0.l = $1 ;für SSE3, XSAVEOPT
- Global Bit1.l = $2 ;für PCLMULQDQ
- Global Bit2.l = $4 ;für MONITOR, SVM
- Global Bit3.l = $8 ;für BMI
- Global Bit4.l = $10 ;für RDTSC
- Global Bit5.l = $20 ;für VMX, MSR, LZCNT, AVX2
- Global Bit6.l = $40 ;für SMX, SSE4A
- Global Bit7.l = $80 ;für AMDMISAL16
- Global Bit8.l = $100 ;für CMPXCHG8B
- Global Bit9.l = $200 ;für SSSE3
- Global Bit11.l = $800 ;für SEP, XOP
- Global Bit12.l = $1000 ;für FMA
- Global Bit13.l = $2000 ;für CMPXCHG16B
- Global Bit15.l = $8000 ;für (F)CMOVcc, LWP
- Global Bit16.l = $10000 ;für FMA4
- Global Bit18.l = $40000 ;für CVT16
- Global Bit19.l = $80000 ;für SSE4.1, CLFSH
- Global Bit20.l = $100000 ;für SSE4.2
- Global Bit21.l = $200000 ;für TBM
- Global Bit22.l = $400000 ;für MOVBE, EMMX
- Global Bit23.l = $800000 ;für MMX, POPCNT
- Global Bit24.l = $1000000 ;für FXSR
- Global Bit25.l = $2000000 ;für SSE, AES
- Global Bit26.l = $4000000 ;für SSE2, XSAVE
- Global Bit27.l = $8000000 ;für OSXSAVE, RDTSCP
- Global Bit28.l = $10000000 ;für AVX
- Global Bit29.l = $20000000 ;für AMDLM
- Global Bit30.l = $40000000 ;für Extended 3DNow!
- Global Bit31.l = $80000000 ;für 3DNow!
- Global XMM.l ;Merker
- ;Bedeutung XMM:
- ;0=kein MMX- oder XMM-Register 1=MMX,MMX 2=XMM,XMM 3=MMX,32-Bit 4=XMM,32-Bit
- ;5=32-Bit,XMM 6=32-Bit,MMX 7=XMM,MMX 8=MMX,XMM
- Global Main$ = "Helles simple x86/x64-Disassembler V_0.69"
- Global Option$ = " (for options use the right mouse-button!)"
- Global Date$ = ", December 06, 2011"
- Global MN$ ;Mnemonik-String
- Global OP$ ;Opcode-String
- Global Fort$ = "Total Progress, actually Section : "
- Global No64$ = "No 64-Bit-Instruction!" ;z.B. meine heissgeliebten BCD´s (eine Träne kullert...)
- Global AES$ = "AES"
- Global AMDLM$ = "AMDLM"
- Global AMDMISAL16$ = "AMDMISAL16"
- Global AVX$ = "AVX"
- Global AVX2$ = "AVX2"
- Global BMI$ = "BMI"
- Global CLFSH$ = "CLFSH"
- Global CMOV$ = "(F)CMOV"
- Global CX16$ = "CX16"
- Global CX8$ = "CX8"
- Global CVT16$ = "CVT16"
- Global DNOW$ = "3DNow!"
- Global EDNOW$ = "Ext3DNow!"
- Global EMMX$ = "(E)MMX"
- Global FMA$ = "FMA"
- Global FMA4$ = "FMA4"
- Global FXSR$ = "FXSR"
- Global LWP$ = "LWP"
- Global LZCNT$ = "LZCNT"
- Global MMX$ = "MMX"
- Global MONITOR$ = "MONITOR"
- Global MOVBE$ = "MOVBE"
- Global MSR$ = "MSR"
- Global OSXSAVE$ = "OSXSAVE"
- Global PCLMULQDQ$ = "PCLMULQDQ"
- Global POPCNT$ = "POPCNT"
- Global RDTSC$ = "RDTSC"
- Global RDTSCP$ = "RDTSCP"
- Global SEP$ = "SEP"
- Global SMX$ = "SMX"
- Global SSE$ = "SSE"
- Global SSE2$ = "SSE2"
- Global SSE3$ = "SSE3"
- Global SSSE3$ = "SSSE3"
- Global SSE41$ = "SSE4.1"
- Global SSE42$ = "SSE4.2"
- Global SSE4A$ = "SSE4A"
- Global SVM$ = "SVM"
- Global TBM$ = "TBM"
- Global VMX$ = "VMX"
- Global XOP$ = "XOP"
- Global XSAVE$ = "XSAVE"
- Global XSAVEOPT$ = "XSAVEOPT"
- Global ProzessorString$ = Space(49) ;der String kann max.48 Zeichen lang sein + Zerobyte
- Global ProzStrAdr.l
- Global Bin.l ;für AVX-Test
- Global File$ ;für AVX-Test
- Global Bit$
- Global WindowID.q
- Global ProgID.q
- Global ProcessHandle.q
- Global BaseAdr.q
- Global EndAdr.q
- Global AnfAdresse.q
- Global Size.q
- Global Status.l
- Global MaxAdr.q
- Global MinAdr.q
- Global Eigner.l
- Global Quit.l
- Global FileExt.l
- ;- Konstanten
- #PROCESSOR_ARCHITECTURE_AMD64 = $0009 ;für Test, ob 32- oder 64-Bit-OS
- #IMAGE_NT_SIGNATURE = $00004550 ;"PE "
- #IMAGE_FILE_MACHINE_I386 = $014C ;sollte so ausreichen (ohne I486 usw.); lt. MS (s.Quellen) nur noch so. Für ältere Files evtl. erweitern
- #IMAGE_FILE_MACHINE_AMD64 = $8664 ;64-Bit-File
- #IMAGE_SIZEOF_SHORT_NAME = $00000008 ;Länge des Section-Namens
- #IMAGE_SIZEOF_SECTION_HEADER = $00000028 ;Grösse der Section-Header
- #IMAGE_SCN_CNT_INITIALIZED_DATA = $00000040 ;Section enthält initialisierte Daten
- #IMAGE_SCN_CNT_UNINITIALIZED_DATA = $00000080 ;Section enthält nicht-initialisierte Daten
- #IMAGE_SCN_MEM_EXECUTE = $20000000 ;Section ist ausführbar
- #IMAGE_SCN_MEM_READ = $40000000 ;Section ist lesbar
- #IMAGE_SCN_MEM_WRITE = $80000000 ;Section ist beschreibbar
- #IMAGE_FILE_DLL = $2000 ;DLL-Flag
- #NbProcessesMax = 10000
- Global MBI64.q = AllocateMemory(64) ;MEMORY_BASIC_INFORMATION, hat Tücken (16-Byte-Alignment für 64-Bit-OS) als Structure
- Global MBI64A.q = MBI64 + (16 - (MBI64 & $0F)) ;Alignment16
- Global Dim ZArray.l(200) ;hier lieber 200 !
- Global Dim ArrayAdr.s(1) ;ReDim unten
- Global Dim ProcessesArray.l(#NbProcessesMax)
- Global NewList Search.l() ;for search results
- Global NewList DLLEP.l() ;for dll-entrypoint
- ;- Strukturen (in PB integriert)
- Global I_D_H.IMAGE_DOS_HEADER
- Global I_F_H.IMAGE_FILE_HEADER
- Global I_E_D.IMAGE_EXPORT_DIRECTORY
- Global S_I.SYSTEM_INFO
- Global M_B_I.MEMORY_BASIC_INFORMATION
- ;- Strukturen (nicht in PB integriert)
- Structure IMAGE_SECTION_HEADER
- Name.s{#IMAGE_SIZEOF_SHORT_NAME} ;8 bytes
- VirtualSize.l
- VirtualAddress.l
- SizeOfRawData.l
- PointerToRawData.l
- PointerToRelocations.l
- PointerToLinenumbers.l
- NumberOfRelocations.w
- NumberOfLinenumbers.w
- Characteristics.l
- EndStructure
- Global I_S_H.IMAGE_SECTION_HEADER
- Structure Item
- Address.s
- Opcode.s
- Mnemonic.s
- ASCII.s
- EndStructure
- Global Dim Daten.Item(16) ;Platzhalter, ReDim in Main()
- Prototype IsWoW64(Handle, BOOL)
- Procedure ListIcon_Callback(hwnd, msg, wparam, lparam) ;thanks to edel for the tip!
- Protected *hdr.NMHDR
- Protected *di.NMLVDISPINFO
- Protected *cd.NMLVCUSTOMDRAW
- If msg = #WM_NOTIFY
- *hdr = lparam
- If *hdr\code = #LVN_GETDISPINFO
- *di = lparam
- If *di\item\iSubItem = 0
- PStr.i = @Daten(*di\item\iItem)\Address
- ElseIf *di\item\iSubItem = 1
- PStr.i = @Daten(*di\item\iItem)\Opcode
- ElseIf *di\item\iSubItem = 2
- PStr.i = @Daten(*di\item\iItem)\Mnemonic
- Else
- PStr.i = @Daten(*di\item\iItem)\ASCII
- EndIf
- *di\item\pszText = PStr
- ProcedureReturn #True
- EndIf
- *cd.NMLVCUSTOMDRAW = lparam
- If *cd\nmcd\hdr\hWndFrom = GID And *cd\nmcd\hdr\code = #NM_CUSTOMDRAW
- Select *cd\nmcd\dwDrawStage
- Case #CDDS_PREPAINT
- ProcedureReturn #CDRF_NOTIFYITEMDRAW
- Case #CDDS_ITEMPREPAINT
- If *cd\nmcd\dwItemSpec = ZeilePEP And FileExt = 0
- *cd\clrTextBk = $00FF00 ;green for program-entrypoint
- Else
- *cd\clrTextBk = $CCFFFF ;light-yellow for code
- EndIf
- ForEach Search()
- If *cd\nmcd\dwItemSpec = Search()
- *cd\clrTextBk = $0ECCBB ;olive for found instruction
- EndIf
- Next
- ForEach DLLEP()
- If *cd\nmcd\dwItemSpec = DLLEP()
- *cd\clrTextBk = $EECCBB ;light-blue for dll-entrypoint
- EndIf
- Next
- EndSelect
- EndIf
- EndIf
- ProcedureReturn #PB_ProcessPureBasicEvents
- EndProcedure
- Procedure Header_Infos()
- If OpenWindow(2, 0, 0, 820, 400, " Header-Infos of " + File$, #PB_Window_MinimizeGadget | #PB_Window_ScreenCentered)
- GID_HI = ListIconGadget(30, 10, 10, 800, 380, "Offset", 80, #PB_ListIcon_GridLines | #PB_ListIcon_FullRowSelect)
- SetGadgetFont(30, FontID(0))
- AddGadgetColumn(30, 1, "Value", 120)
- AddGadgetColumn(30, 2, "Description", 575)
- SpaltID_HI = SendMessage_(GID_HI, #LVM_GETHEADER, #Null, #Null) ;Spaltenbreite nicht veränderbar
- EnableWindow_(SpaltID_HI, 0) ;wieder veränderbar: EnableWindow_(SpaltID_HI, 1)
- ;Structure IMAGE_DOS_HEADER ;equal for 32- and 64-bit, use structure. Filled in Main()
- ; e_magic.w
- ; e_cblp.w
- ; e_cp.w
- ; e_crlc.w
- ; e_cparhdr.w
- ; e_minalloc.w
- ; e_maxalloc.w
- ; e_ss.w
- ; e_sp.w
- ; e_csum.w
- ; e_ip.w
- ; e_cs.w
- ; e_lfarlc.w
- ; e_ovno.w
- ; e_res.w[4]
- ; e_oemid.w
- ; e_oeminfo.w
- ; e_res2.w[10]
- ; e_lfanew.l
- ;EndStructure
- AddGadgetItem(30, -1, "$00000000")
- SetGadgetItemText(30, 0, "$" + RSet(Hex(I_D_H\e_magic), 4, "0"), 1)
- SetGadgetItemText(30, 0, "IMAGE_DOS_HEADER\e_magic - magic number ($4D5A = ´MZ´ = Mark Zbikowski)", 2)
- AddGadgetItem(30, -1, "$00000002")
- SetGadgetItemText(30, 1, "$" + RSet(Hex(I_D_H\e_cblp), 4, "0"), 1)
- SetGadgetItemText(30, 1, "IMAGE_DOS_HEADER\e_cblp - bytes on last page of file", 2)
- AddGadgetItem(30, -1, "$00000004")
- SetGadgetItemText(30, 2, "$" + RSet(Hex(I_D_H\e_cp), 4, "0"), 1)
- SetGadgetItemText(30, 2, "IMAGE_DOS_HEADER\e_cp - pages in file (1 page = 512 bytes)", 2)
- AddGadgetItem(30, -1, "$00000006")
- SetGadgetItemText(30, 3, "$" + RSet(Hex(I_D_H\e_crlc), 4, "0"), 1)
- SetGadgetItemText(30, 3, "IMAGE_DOS_HEADER\e_crlc - relocations", 2)
- AddGadgetItem(30, -1, "$00000008")
- SetGadgetItemText(30, 4, "$" + RSet(Hex(I_D_H\e_cparhdr), 4, "0"), 1)
- SetGadgetItemText(30, 4, "IMAGE_DOS_HEADER\e_cparhdr - size of header in paragraphs (1 paragraph = 16 bytes)", 2)
- AddGadgetItem(30, -1, "$0000000A")
- SetGadgetItemText(30, 5, "$" + RSet(Hex(I_D_H\e_minalloc), 4, "0"), 1)
- SetGadgetItemText(30, 5, "IMAGE_DOS_HEADER\e_minalloc - minimum extra paragraphs needed", 2)
- AddGadgetItem(30, -1, "$0000000C")
- SetGadgetItemText(30, 6, "$" + RSet(Hex(I_D_H\e_maxalloc), 4, "0"), 1)
- SetGadgetItemText(30, 6, "IMAGE_DOS_HEADER\e_maxalloc - maximum extra paragraphs needed", 2)
- AddGadgetItem(30, -1, "$0000000E")
- SetGadgetItemText(30, 7, "$" + RSet(Hex(I_D_H\e_ss), 4, "0"), 1)
- SetGadgetItemText(30, 7, "IMAGE_DOS_HEADER\e_ss - initial (relative) SS value", 2)
- AddGadgetItem(30, -1, "$00000010")
- SetGadgetItemText(30, 8, "$" + RSet(Hex(I_D_H\e_sp), 4, "0"), 1)
- SetGadgetItemText(30, 8, "IMAGE_DOS_HEADER\e_sp - initial SP value", 2)
- AddGadgetItem(30, -1, "$00000012")
- SetGadgetItemText(30, 9, "$" + RSet(Hex(I_D_H\e_csum), 4, "0"), 1)
- SetGadgetItemText(30, 9, "IMAGE_DOS_HEADER\e_csum - checksum", 2)
- AddGadgetItem(30, -1, "$00000014")
- SetGadgetItemText(30, 10, "$" + RSet(Hex(I_D_H\e_ip), 4, "0"), 1)
- SetGadgetItemText(30, 10, "IMAGE_DOS_HEADER\e_ip - initial IP value", 2)
- AddGadgetItem(30, -1, "$00000016")
- SetGadgetItemText(30, 11, "$" + RSet(Hex(I_D_H\e_cs), 4, "0"), 1)
- SetGadgetItemText(30, 11, "IMAGE_DOS_HEADER\e_cs - initial (relative) CS value", 2)
- AddGadgetItem(30, -1, "$00000018")
- SetGadgetItemText(30, 12, "$" + RSet(Hex(I_D_H\e_lfarlc), 4, "0"), 1)
- SetGadgetItemText(30, 12, "IMAGE_DOS_HEADER\e_lfarlc - file address of relocation table", 2)
- AddGadgetItem(30, -1, "$0000001A")
- SetGadgetItemText(30, 13, "$" + RSet(Hex(I_D_H\e_ovno), 4, "0"), 1)
- SetGadgetItemText(30, 13, "IMAGE_DOS_HEADER\e_ovno - overlay number", 2)
- For i = 28 To 34 Step 2
- AddGadgetItem(30, -1, "$" + RSet(Hex(i), 8, "0"))
- SetGadgetItemText(30, i / 2, "$" + RSet(Hex(PeekW(@I_D_H\e_res - 28 + i) & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i / 2, "IMAGE_DOS_HEADER\e_res - reserved word", 2)
- Next
- AddGadgetItem(30, -1, "$00000024")
- SetGadgetItemText(30, 18, "$" + RSet(Hex(I_D_H\e_oemid), 4, "0"), 1)
- SetGadgetItemText(30, 18, "IMAGE_DOS_HEADER\e_oemid - OEM identifier (for e_oeminfo)", 2)
- AddGadgetItem(30, -1, "$00000026")
- SetGadgetItemText(30, 19, "$" + RSet(Hex(I_D_H\e_oeminfo), 4, "0"), 1)
- SetGadgetItemText(30, 19, "IMAGE_DOS_HEADER\e_oeminfo - OEM information; e_oemid specific", 2)
- For i = 40 To 58 Step 2
- AddGadgetItem(30, -1, "$" + RSet(Hex(i), 8, "0"))
- SetGadgetItemText(30, i / 2, "$" + RSet(Hex(PeekW(@I_D_H\e_res2 - 40 + i) & $FFFF), 8, "0"), 1)
- SetGadgetItemText(30, i / 2, "IMAGE_DOS_HEADER\e_res2 - reserved word", 2)
- Next
- AddGadgetItem(30, -1, "$0000003C")
- SetGadgetItemText(30, 30, "$" + RSet(Hex(I_D_H\e_lfanew), 8, "0"), 1)
- SetGadgetItemText(30, 30, "IMAGE_DOS_HEADER\e_lfanew - file address of new exe header", 2)
- c = $00d0ff ;Farbe
- For m = 0 To 30
- SetGadgetItemColor(30, m, #PB_Gadget_BackColor, c, -1)
- Next
- c = (c + $800000) & $FFFFFF ;Farbe ändern
- i = 31
- OP1 = 0
- For n = $40 To I_D_H\e_lfanew - 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(n), 8, "0"))
- OP = PeekA(Buffer + n) & $FF
- Select OP ;only for any strings!
- Case $0E
- SetGadgetItemText(30, i, "$0E", 1)
- SetGadgetItemText(30, i, "DOS Stub Program: PUSH CS", 2)
- i + 1
- Case $1F
- SetGadgetItemText(30, i, "$1F", 1)
- SetGadgetItemText(30, i, "DOS Stub Program: POP DS", 2)
- i + 1
- Case $90
- SetGadgetItemText(30, i, "$90", 1)
- SetGadgetItemText(30, i, "DOS Stub Program: NOP", 2)
- i + 1
- Case $B4
- SetGadgetItemText(30, i, "$B409", 1)
- SetGadgetItemText(30, i, "DOS Stub Program: MOV AH , $09 ;DOS-function display string", 2)
- i + 1 : n + 1
- Case $B8
- SetGadgetItemText(30, i, "$B8014C", 1)
- SetGadgetItemText(30, i, "DOS Stub Program: MOV AX , $4C01 ;DOS-function terminate program", 2)
- i + 1 : n + 2
- Case $BA
- OP$ = "$BA" + RSet(Hex(PeekB(Buffer + n + 1) & $FF), 2, "0") + RSet(Hex(PeekB(Buffer + n + 2) & $FF), 2, "0")
- OP1 = PeekW(Buffer + n + 1) & $FFFF
- SetGadgetItemText(30, i, OP$, 1)
- SetGadgetItemText(30, i, "DOS Stub Program: MOV DX , $" + RSet(Hex(OP1), 4, "0") + " ;offset to string", 2)
- i + 1 : n + 2
- Case $CD
- SetGadgetItemText(30, i, "$CD21", 1)
- SetGadgetItemText(30, i, "DOS Stub Program: INT $21", 2)
- i + 1 : n + 1
- EndSelect
- If OP1 > 0 And n = OP1 + $40 ;begin string
- j = OP1 + $40
- DOS$ = "´"
- DosChar = PeekA(Buffer + j)
- While DosChar <> $0D And DosChar <> $0A And DosChar <> $24 ;CR, LF or "$"
- DOS$ + Chr(DosChar)
- j + 1
- DosChar = PeekA(Buffer + j)
- Wend
- DOS$ + "´"
- SetGadgetItemText(30, i, "String", 1)
- SetGadgetItemText(30, i, "DOS Stub Program: " + DOS$, 2)
- For m = 31 To i
- SetGadgetItemColor(30, m, #PB_Gadget_BackColor, c, -1)
- Next
- c = (c + $800000) & $FFFFFF
- i + 1
- Break
- EndIf
- Next
- ;Structure IMAGE_NT_HEADERS
- ; Signature.l
- ; FileHeader.IMAGE_FILE_HEADER
- ; OptionalHeader.IMAGE_OPTIONAL_HEADER
- ;EndStructure
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_NT_HEADERS\Signature - signature ($50450000 = ´PE ´ = Portable Executable)", 2)
- SetGadgetItemColor(30, i, #PB_Gadget_BackColor, c, -1)
- c = (c + $800000) & $FFFFFF
- i + 1 : a = i
- ;Structure IMAGE_FILE_HEADER ;equal for 32- and 64-bit, use structure. Filled in Main()
- ; Machine.w
- ; NumberOfSections.w
- ; TimeDateStamp.l
- ; PointerToSymbolTable.l
- ; NumberOfSymbols.l
- ; SizeOfOptionalHeader.w
- ; Characteristics.w
- ;EndStructure
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 4), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_F_H\Machine & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_FILE_HEADER\Machine - machine-type (I386: $014C = 32-Bit, AMD64: $8664 = 64-Bit)", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 6), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_F_H\NumberOfSections & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_FILE_HEADER\NumberOfSections - number of sections (max.96)", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 8), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_F_H\TimeDateStamp & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_FILE_HEADER\TimeDateStamp - time date stamp ($" + RSet(Hex(I_F_H\TimeDateStamp & $FFFFFFFF), 8, "0") + " = " + FormatDate("%mm/%dd/%yyyy/%hh:%ii:%ss", I_F_H\TimeDateStamp & $FFFFFFFF) + ")", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 12), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_F_H\PointerToSymbolTable & $FFFFFFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_FILE_HEADER\PointerToSymbolTable - pointer to symbol table", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 16), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_F_H\NumberOfSymbols & $FFFFFFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_FILE_HEADER\NumberOfSymbols - number of symbols", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 20), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_F_H\SizeOfOptionalHeader & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_FILE_HEADER\SizeOfOptionalHeader - size of optional header", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 22), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_F_H\Characteristics & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_FILE_HEADER\Characteristics - characteristics", 2)
- For m = a To i
- SetGadgetItemColor(30, m, #PB_Gadget_BackColor, c, -1)
- Next
- c = (c + $800000) & $FFFFFF
- i + 1 : a = i
- ;Structure IMAGE_OPTIONAL_HEADER ;not equal for 32- and 64-bit, use Buffer
- ; Magic.w
- ; MajorLinkerVersion.b
- ; MinorLinkerVersion.b
- ; SizeOfCode.l
- ; SizeOfInitializedData.l
- ; SizeOfUninitializedData.l
- ; AddressOfEntryPoint.l
- ; BaseOfCode.l
- ; BaseOfData.l ;only for 32-bit-file!
- ; ImageBase.i
- ; SectionAlignment.l
- ; FileAlignment.l
- ; MajorOperatingSystemVersion.w
- ; MinorOperatingSystemVersion.w
- ; MajorImageVersion.w
- ; MinorImageVersion.w
- ; MajorSubsystemVersion.w
- ; MinorSubsystemVersion.w
- ; Win32VersionValue.l
- ; SizeOfImage.l
- ; SizeOfHeaders.l
- ; CheckSum.l
- ; Subsystem.w
- ; DllCharacteristics.w
- ; SizeOfStackReserve.i
- ; SizeOfStackCommit.i
- ; SizeOfHeapReserve.i
- ; SizeOfHeapCommit.i
- ; LoaderFlags.l
- ; NumberOfRvaAndSizes.l
- ; DataDirectory.IMAGE_DATA_DIRECTORY[16]
- ;EndStructure
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 24), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekW(Buffer + I_D_H\e_lfanew + 24) & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\Magic - magic number ($010B = PE32 (32-bit), $020B = PE32+ (64-bit))", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 26), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekB(Buffer + I_D_H\e_lfanew + 26) & $FF), 2, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\MajorLinkerVersion - major linker version", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 27), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekB(Buffer + I_D_H\e_lfanew + 27) & $FF), 2, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\MinorLinkerVersion - minor linker version", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 28), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 28) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfCode - size of code", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 32), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 32) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfInitializedData - size of initialized data", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 36), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 36) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfUninitializedData - size of uninitialized data", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 40), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 40) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\AddressOfEntryPoint - address of entry point (+ image base)", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 44), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 44) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\BaseOfCode - base of code", 2)
- i + 1
- If PeekW(Buffer + I_D_H\e_lfanew + 24) & $FFFF = $010B ;= 32-bit-file
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 48), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 48) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\BaseOfData - base of data", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 52), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 52) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\ImageBase - image base", 2)
- i + 1
- Else ;= 64-bit-file
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 48), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekQ(Buffer + I_D_H\e_lfanew + 48)), 16, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\ImageBase - image base", 2)
- i + 1
- EndIf
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 56), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 56) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SectionAlignment - section alignment", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 60), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 60) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\FileAlignment - file alignment", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 64), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekW(Buffer + I_D_H\e_lfanew + 64) & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\MajorOperatingSystemVersion - required major operating system version", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 66), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekW(Buffer + I_D_H\e_lfanew + 66) & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\MinorOperatingSystemVersion - required minor operating system version", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 68), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekW(Buffer + I_D_H\e_lfanew + 68) & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\MajorImageVersion - major image version", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 70), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekW(Buffer + I_D_H\e_lfanew + 70) & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\MinorImageVersion - minor image version", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 72), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekW(Buffer + I_D_H\e_lfanew + 72) & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\MajorSubsystemVersion - major subsystem version", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 74), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekW(Buffer + I_D_H\e_lfanew + 74) & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\MinorSubsystemVersion - minor subsystem version", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 76), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 76) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\Win32VersionValue - Win32 version value", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 80), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 80) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfImage - size of image", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 84), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 84) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfHeaders - size of headers", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 88), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + 88) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\CheckSum - image file checksum", 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 92), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekW(Buffer + I_D_H\e_lfanew + 92) & $FFFF), 4, "0"), 1)
- k = PeekW(Buffer + I_D_H\e_lfanew + 92) & $FFFF
- Select k ;all for fun
- Case 0
- SubSys$ = "0 = unknown subsystem"
- Case 1
- SubSys$ = "1 = device drivers and native Windows processes"
- Case 2
- SubSys$ = "2 = Windows Graphical User Interface (GUI) subsystem"
- Case 3
- SubSys$ = "3 = Windows character subsystem"
- Case 7
- SubSys$ = "7 = Posix character subsystem"
- Case 9
- SubSys$ = "9 = Windows CE"
- Case 10
- SubSys$ = "10 = Extensible Firmware Interface (EFI) application"
- Case 11
- SubSys$ = "11 = Extensible Firmware Interface (EFI) driver with boot services"
- Case 12
- SubSys$ = "12 = Extensible Firmware Interface (EFI) driver with run-time services"
- Case 13
- SubSys$ = "13 = Extensible Firmware Interface (EFI) ROM image"
- Case 14
- SubSys$ = "14 = XBOX"
- EndSelect
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\Subsystem - " + SubSys$, 2)
- i + 1
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + 94), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekW(Buffer + I_D_H\e_lfanew + 94) & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\DllCharacteristics - dll-characteristics", 2)
- i + 1 : j = 96 ;j = address-pointer
- If PeekW(Buffer + I_D_H\e_lfanew + 24) & $FFFF = $010B ;= 32-bit-file
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfStackReserve - size of stack reserve", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfStackCommit - size of stack commit", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfHeapReserve - size of heap reserve", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfHeapCommit - size of heap commit", 2)
- i + 1 : j + 4
- Else ;= 64-bit-file
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekQ(Buffer + I_D_H\e_lfanew + j)), 16, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfStackReserve - size of stack reserve", 2)
- i + 1 : j + 8
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekQ(Buffer + I_D_H\e_lfanew + j)), 16, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfStackCommit - size of stack commit", 2)
- i + 1 : j + 8
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekQ(Buffer + I_D_H\e_lfanew + j)), 16, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfHeapReserve - size of heap reserve", 2)
- i + 1 : j + 8
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekQ(Buffer + I_D_H\e_lfanew + j)), 16, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\SizeOfHeapCommit - size of heap commit", 2)
- i + 1 : j + 8
- EndIf
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\LoaderFlags - loader flags", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_OPTIONAL_HEADER\NumberOfRvaAndSizes - number of data-directory entries ", 2)
- For m = a To i
- SetGadgetItemColor(30, m, #PB_Gadget_BackColor, c, -1)
- Next
- c = (c + $800000) & $FFFFFF
- k = PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF ;k = 16 is not sure!
- i + 1 : a = i : j + 4
- If k ;loop?
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ExportTable - export table address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ExportTable - export table size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ImportTable - import table address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ImportTable - import table size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ResourceTable - resource table address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ResourceTable - resource table size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ExceptionTable - exception table address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ExceptionTable - exception table size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\CertificateTable - certificate table address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\CertificateTable - certificate table size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\BaseRelocationTable - base relocation table address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\BaseRelocationTable - base relocation table size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\DebuggingInformationStart - debugging information starting address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\DebuggingInformationStart - debugging information starting size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ArchitectureSpecificData - architecture-specific data address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ArchitectureSpecificData - architecture-specific data size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\GlobalPointerRegister - global pointer register address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\GlobalPointerRegister - global pointer register size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ThreadLocalStorage - thread local storage (TLS) table address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ThreadLocalStorage - thread local storage (TLS) table size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\LoadConfigurationTable - load configuration table address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\LoadConfigurationTable - load configuration table size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\BoundImportTable - bound import table address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\BoundImportTable - bound import table size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ImportAddressTable - import address table address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\ImportAddressTable - import address table size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\DelayImportDescriptor - delay import descriptor address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\DelayImportDescriptor - delay import descriptor size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- If k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\CLRHeader - CLR header address", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\CLRHeader - CLR header size", 2)
- i + 1 : j + 4 : k - 1
- EndIf
- While k
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\Reserved - reserved", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(PeekL(Buffer + I_D_H\e_lfanew + j) & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_DATA_DIRECTORY\Reserved - reserved", 2)
- i + 1 : j + 4 : k - 1
- Wend
- ;now must (I_D_H\e_lfanew + j) = AST, see Main()
- For m = a To i - 1
- SetGadgetItemColor(30, m, #PB_Gadget_BackColor, c, -1)
- Next
- c = (c + $800000) & $FFFFFF
- a = i
- ;Structure IMAGE_SECTION_HEADER ;equal for 32- and 64-bit, use structure
- ; Name.s{#IMAGE_SIZEOF_SHORT_NAME} ;8 bytes
- ; VirtualSize.l
- ; VirtualAddress.l
- ; SizeOfRawData.l
- ; PointerToRawData.l
- ; PointerToRelocations.l
- ; PointerToLinenumbers.l
- ; NumberOfRelocations.w
- ; NumberOfLinenumbers.w
- ; Characteristics.l
- ;EndStructure
- k = 0 : d = 0
- For n = 1 To I_F_H\NumberOfSections
- CopyMemory(Buffer + I_D_H\e_lfanew + j, @I_S_H, SizeOf(I_S_H)) ;fill Structure IMAGE_SECTION_HEADER
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, Mid(I_S_H\Name, 1, 8), 1)
- SetGadgetItemText(30, i, "IMAGE_SECTION_HEADER\Name", 2)
- i + 1 : j + 8
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_S_H\VirtualSize & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_SECTION_HEADER\VirtualSize", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_S_H\VirtualAddress & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_SECTION_HEADER\VirtualAddress", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_S_H\SizeOfRawData & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_SECTION_HEADER\SizeOfRawData", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_S_H\PointerToRawData & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_SECTION_HEADER\PointerToRawData", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_S_H\PointerToRelocations & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_SECTION_HEADER\PointerToRelocations", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_S_H\PointerToLinenumbers & $FFFFFFFF), 8, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_SECTION_HEADER\PointerToLinenumbers", 2)
- i + 1 : j + 4
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_S_H\NumberOfRelocations & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_SECTION_HEADER\NumberOfRelocations", 2)
- i + 1 : j + 2
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SetGadgetItemText(30, i, "$" + RSet(Hex(I_S_H\NumberOfLinenumbers & $FFFF), 4, "0"), 1)
- SetGadgetItemText(30, i, "IMAGE_SECTION_HEADER\NumberOfLinenumbers", 2)
- i + 1 : j + 2
- AddGadgetItem(30, -1, "$" + RSet(Hex(I_D_H\e_lfanew + j), 8, "0"))
- SF = I_S_H\Characteristics & $FFFFFFFF ;Flags ermitteln
- SetGadgetItemText(30, i, "$" + RSet(Hex(SF & $FFFFFFFF), 8, "0"), 1)
- SF$ = " ("
- If SF & #IMAGE_SCN_MEM_READ
- SF$ + "Read"
- EndIf
- If SF & #IMAGE_SCN_MEM_WRITE
- SF$ + " and Write"
- EndIf
- If SF & #IMAGE_SCN_MEM_EXECUTE
- SF$ + " , executable Code"
- EndIf
- If SF & #IMAGE_SCN_CNT_INITIALIZED_DATA
- SF$ + " , initializated Datas"
- EndIf
- If SF & #IMAGE_SCN_CNT_UNINITIALIZED_DATA
- SF$ + " , non initializated Datas"
- EndIf
- SF$ + ")"
- SetGadgetItemText(30, i, "IMAGE_SECTION_HEADER\Characteristics" + SF$, 2)
- i + 1 : j + 4
- For m = a + d To i
- SetGadgetItemColor(30, m, #PB_Gadget_BackColor, c, -1)
- Next
- c = (c + $800000) & $FFFFFF
- d + 10
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- SetActiveGadget(30)
- EndIf
- EndProcedure
- Procedure CPUInfo(Title$, Text$)
- CPUInfo = CreateWindowEx_(#WS_EX_TOPMOST, #TOOLTIPS_CLASS, #Null, #WS_POPUP | #TTS_ALWAYSTIP | #TTS_BALLOON, 0, 0, 0, 0, 0, 0, 0, 0)
- SendMessage_(CPUInfo, #TTM_SETTITLE, #TOOLTIP_INFO_ICON, @Title$)
- Balloon.TOOLINFO\cbSize = SizeOf(TOOLINFO)
- Balloon\lpszText = @Text$
- SendMessage_(CPUInfo, #TTM_ADDTOOL, 0, @Balloon)
- SendMessage_(CPUInfo, #TTM_TRACKACTIVATE, 1, @Balloon)
- ProcedureReturn CPUInfo
- EndProcedure
- Procedure FuncInfo() ;Versuch, Sprungziel nach möglicher API-Funktion aufzulösen
- If IsProg64
- RSPZ = SPZ + IB + SRVA ;rel.Sprungziel
- k = 0
- For n = 1 To ANS ;um "Sprungziel" in der Datei zu ermitteln
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H))
- XRVA = I_S_H\VirtualAddress
- X = XRVA + I_S_H\SizeOfRawData ;+ Länge der Section
- RSE = IB + XRVA + I_S_H\SizeOfRawData - 1 ;rel.Ende der Sections
- If RSPZ < RSE ;Sprungziel in dieser Section ?
- SPZ = RSPZ - IB - XRVA + I_S_H\PointerToRawData ;"Sprungziel" in der Datei
- Break
- EndIf
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- k = 0
- For n = 1 To ANS
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H))
- XRVA = I_S_H\VirtualAddress ;RVA der Sections
- X = XRVA + I_S_H\SizeOfRawData ;+ Länge der Section
- SPZ = RSPZ - IB
- If SPZ < X ;SPZ in dieser Section ?
- SPZ - XRVA + I_S_H\PointerToRawData ;+ Offset dieser Section
- Break
- EndIf
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- If SPZ > LF Or SPZ < 0 ;Schutzmassnahme z.B. wenn Code nicht vollständig auflösbar oder Käse ist
- ProcedureReturn
- EndIf
- SPZ = PeekL(Buffer + SPZ)
- For m = n To ANS
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H))
- XRVA = I_S_H\VirtualAddress ;RVA der Sections
- X = XRVA + I_S_H\SizeOfRawData ;+ Länge der Section
- If SPZ < X ;SPZ in dieser Section ?
- SPZ - XRVA + I_S_H\PointerToRawData ;+ Offset dieser Section
- If SPZ > LF Or SPZ < 0 ;Schutzmassnahme z.B. wenn Code nicht vollständig auflösbar oder Käse ist
- Break
- EndIf
- XF = I_S_H\Characteristics ;Flags ermitteln
- If XF & #IMAGE_SCN_MEM_EXECUTE = 0 ;Test, ob Section ausführbar oder nicht
- Info$ = PeekS(Buffer + SPZ + 2, $FF) ;+2 wegen Word Ordnungs-Nr.
- If Info$ <> ""
- MN$ + " (" + Chr(34) + Info$ + Chr(34) ; + " / "
- For i = Buffer + SPZ + 3 To Buffer + I_S_H\PointerToRawData + I_S_H\SizeOfRawData - 4
- If PeekL(i) & $5F5F5FFF = $4C4C442E ;".DLL" oder ".dll"
- For j = i To Buffer + SPZ + 3 Step -1
- If PeekB(j) = 0 ;Zero-Byte
- Break
- EndIf
- Next
- DLL$ = PeekS(j + 1, $FF)
- If DLL$ <> ""
- MN$ + " / " + DLL$
- EndIf
- Break
- EndIf
- Next
- DLL$ = ""
- MN$ + ")"
- EndIf
- Break
- EndIf
- EndIf
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- Else
- RSPZ = PeekL(Buffer + BZ - 4) ;Sprungziel
- RSE = IB + SRVA + SL - 1 ;rel.Sections-Ende
- If (RSPZ > RSE) And Len(OP$) > 10 ;Sprungziel also nicht mehr in dieser Section
- k = 0 ; Len hier wegen 2-Byte-Call
- For n = 1 To ANS
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H))
- RSE = IB + I_S_H\VirtualAddress + I_S_H\SizeOfRawData - 1 ;rel.Ende der Sections
- If RSPZ < RSE ;Sprungziel in dieser Section ?
- SPZ = RSPZ - IB - I_S_H\VirtualAddress + I_S_H\PointerToRawData ;"Sprungziel" in der Datei
- Break
- EndIf
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- If (SPZ & $7FFFFFFF) < (LF & $7FFFFFFF) ;Schutzmassnahme wenn Code nicht vollständig auflösbar
- SPZ = PeekL(Buffer + (SPZ & $7FFFFFFF)) ;neues Sprungziel
- k = 0
- For n = 1 To ANS
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H))
- X = I_S_H\VirtualAddress + I_S_H\SizeOfRawData ;+ Länge der Section
- If (SPZ & $7FFFFFFF) < X ;SPZ in dieser Section ?
- SPZ = (SPZ & $7FFFFFFF) - I_S_H\VirtualAddress + I_S_H\PointerToRawData ;+ Offset dieser Section
- If SPZ < 0
- Break
- EndIf
- XF = I_S_H\Characteristics ;Flags ermitteln
- If XF & #IMAGE_SCN_MEM_EXECUTE = 0 ;Test, ob Section ausführbar oder nicht
- Info$ = PeekS(Buffer + (SPZ & $7FFFFFFF) + 2, $FF) ;+2 wegen Word Ordnungs-Nr.
- If Info$ <> ""
- MN$ + " (" + Chr(34) + Info$ + Chr(34)
- For i = Buffer + SPZ + 3 To Buffer + I_S_H\PointerToRawData + I_S_H\SizeOfRawData - 4
- If PeekL(i) & $5F5F5FFF = $4C4C442E ;".DLL" oder ".dll"
- For j = i To Buffer + SPZ + 3 Step -1 ;die 3 ist sehr vorsichtig
- If PeekB(j) = 0 ;Zero-Byte
- Break
- EndIf
- Next
- DLL$ = PeekS(j + 1, $FF)
- If DLL$ <> ""
- MN$ + " / " + DLL$
- EndIf
- Break
- EndIf
- Next
- DLL$ = "" ;für alle Fälle
- MN$ + ")"
- EndIf
- Break
- EndIf
- EndIf
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- EndIf
- EndIf
- EndIf
- EndProcedure
- Procedure RegisterCR(VAR1)
- VAR1 & %00000111
- Select VAR1
- Case 0
- MN$ + "CR0"
- Case 1 ;reserviert
- NoCode = 1
- Case 2
- MN$ + "CR2"
- Case 3
- MN$ + "CR3"
- Case 4
- MN$ + "CR4"
- Case 5 To 7 ;reserviert
- NoCode = 1
- Case 8 ;64-Bit
- If IsProg64
- MN$ + "CR8"
- Else
- NoCode = 1
- EndIf
- Case 9 To 15 ;reserviert
- NoCode = 1
- EndSelect
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- EndProcedure
- Procedure RegisterDR(VAR1)
- VAR1 & %00000111
- MN$ + "DR" + Str(VAR1) ;0-7
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- EndProcedure
- Procedure RegisterSR(VAR1)
- VAR1 & %00000111
- Select VAR1
- Case 0
- MN$ + "ES"
- Case 1
- MN$ + "CS"
- Case 2
- MN$ + "SS"
- Case 3
- MN$ + "DS"
- Case 4
- MN$ + "FS"
- Case 5
- MN$ + "GS"
- Case 6 To 7 ;reserviert
- NoCode = 1
- EndSelect
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- EndProcedure
- Procedure Register32(VAR1, VAR2) ;VAR2=Zusatzzeichen oder 1=16-Bit-Register
- If IsvonMSBytes = 0 ;von MSBytes wäre 1
- VAR1 & %00000111
- If REX And REXEX
- VAR1 | (REX & %000000100) << 1
- REXEX = 0
- ElseIf REX
- VAR1 | (REX & %000000001) << 3
- EndIf
- EndIf
- IsvonMSBytes = 0
- If Adr = 0 And (XMM = 2 Or XMM = 4 Or XMM = 7) ;4 für z.B. MOVD XMM0,EAX
- ;- XMM-Register
- MN$ + "XMM" + Str(VAR1) ;0-15
- If Komma And Adr = 0
- MN$ + " , " : Komma - 1
- EndIf
- ProcedureReturn
- ElseIf Adr = 0 And (XMM = 1 Or XMM = 3 Or XMM = 8) ;3 für z.B. MOVD MM0,EAX
- ;- MMX-Register
- MN$ + "MM" + Str(VAR1) ;0-7
- If Komma And Adr = 0
- MN$ + " , " : Komma - 1
- EndIf
- ProcedureReturn
- EndIf
- If (XMM = 0) And (Adr = 0) And ((VAR2 = 1) And XMM <> 255) Or Mid(OP$, 1, 2) = "66" Or ((Mid(OP$, 4, 2) = "66") And Mid(OP$, 1, 2) = "67") ;Register-Override und keine Adressierung
- ;- 16-Bit-Register, nicht für Adressierung!
- Select VAR1
- Case 0
- MN$ + "AX"
- Case 1
- MN$ + "CX"
- Case 2
- MN$ + "DX"
- Case 3
- MN$ + "BX"
- Case 4
- MN$ + "SP"
- Case 5
- MN$ + "BP"
- Case 6
- MN$ + "SI"
- Case 7
- MN$ + "DI"
- Case 8
- MN$ + "R8W"
- Case 9
- MN$ + "R9W"
- Case 10
- MN$ + "R10W"
- Case 11
- MN$ + "R11W"
- Case 12
- MN$ + "R12W"
- Case 13
- MN$ + "R13W"
- Case 14
- MN$ + "R14W"
- Case 15
- MN$ + "R15W"
- EndSelect
- If Komma And Adr = 0
- MN$ + " , " : Komma - 1
- EndIf
- ProcedureReturn
- EndIf
- ;- 16-Bit-Register, für Adressierung! Aber in 32-Bit-Umgebung!
- If Mid(OP$, 1, 2) = "67" And Adr = 1 And IsProg64 = 0
- Select VAR1
- Case 0
- MN$ + "BX + SI"
- Case 1
- MN$ + "BX + DI"
- Case 2
- MN$ + "BP + SI"
- Case 3
- MN$ + "BP + DI"
- Case 4
- MN$ + "SI"
- Case 5
- MN$ + "DI"
- Case 6
- MN$ + ""
- Case 7
- MN$ + "BX"
- EndSelect
- Select VAR2
- Case 0 To 1 ;bei XMM wird die 1 durchgereicht!
- If Komma And Adr = 0
- MN$ + " , " : Komma - 1
- EndIf
- Case 2
- MN$ + " + "
- Case 3
- MN$ + " ]" : Adr = 0
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- EndSelect
- ProcedureReturn
- EndIf
- ;- 64-Bit-Register
- If ((Mid(OP$, 1, 2) <> "67") Or (Mid(OP$, 1, 2) = "67" And Adr = 0)) And ((REX & %00001000) Or (IsProg64 And Adr))
- Select VAR1
- Case 0
- MN$ + "RAX"
- Case 1
- MN$ + "RCX"
- Case 2
- MN$ + "RDX"
- Case 3
- MN$ + "RBX"
- Case 4
- MN$ + "RSP"
- Case 5
- MN$ + "RBP"
- Case 6
- MN$ + "RSI"
- Case 7
- MN$ + "RDI"
- Case 8
- MN$ + "R8"
- Case 9
- MN$ + "R9"
- Case 10
- MN$ + "R10"
- Case 11
- MN$ + "R11"
- Case 12
- MN$ + "R12"
- Case 13
- MN$ + "R13"
- Case 14
- MN$ + "R14"
- Case 15
- MN$ + "R15"
- EndSelect
- Else
- ;- 32-Bit-Register
- Select VAR1
- Case 0
- MN$ + "EAX"
- Case 1
- MN$ + "ECX"
- Case 2
- MN$ + "EDX"
- Case 3
- MN$ + "EBX"
- Case 4
- MN$ + "ESP"
- Case 5
- MN$ + "EBP"
- Case 6
- MN$ + "ESI"
- Case 7
- MN$ + "EDI"
- Case 8
- MN$ + "R8D"
- Case 9
- MN$ + "R9D"
- Case 10
- MN$ + "R10D"
- Case 11
- MN$ + "R11D"
- Case 12
- MN$ + "R12D"
- Case 13
- MN$ + "R13D"
- Case 14
- MN$ + "R14D"
- Case 15
- MN$ + "R15D"
- EndSelect
- EndIf
- Select VAR2
- Case 0 To 1 ;bei XMM wird die 1 durchgereicht!
- If Komma And Adr = 0
- MN$ + " , " : Komma - 1
- EndIf
- Case 2
- MN$ + " + "
- Case 3
- MN$ + " ]" : Adr = 0
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- EndSelect
- EndProcedure
- Procedure Register8(VAR1, VAR2)
- VAR1 & %00000111
- If IsvonMSBytes = 0 ;von MSBytes wäre 1
- If REX And REXEX
- VAR1 | (REX & %000000100) << 1
- REXEX = 0
- ElseIf REX
- VAR1 | (REX & %000000001) << 3
- EndIf
- EndIf
- IsvonMSBytes = 0
- If REX ;also 64-Bit und REX
- Select VAR1
- Case 0
- MN$ + "AL"
- Case 1
- MN$ + "CL"
- Case 2
- MN$ + "DL"
- Case 3
- MN$ + "BL"
- Case 4
- MN$ + "SPL"
- Case 5
- MN$ + "BPL"
- Case 6
- MN$ + "SIL"
- Case 7
- MN$ + "DIL"
- Case 8
- MN$ + "R8L" ;oder R8B - R15B
- Case 9
- MN$ + "R9L"
- Case 10
- MN$ + "R10L"
- Case 11
- MN$ + "R11L"
- Case 12
- MN$ + "R12L"
- Case 13
- MN$ + "R13L"
- Case 14
- MN$ + "R14L"
- Case 15
- MN$ + "R15L"
- EndSelect
- Else
- Select VAR1
- Case 0
- MN$ + "AL"
- Case 1
- MN$ + "CL"
- Case 2
- MN$ + "DL"
- Case 3
- MN$ + "BL"
- Case 4
- MN$ + "AH"
- Case 5
- MN$ + "CH"
- Case 6
- MN$ + "DH"
- Case 7
- MN$ + "BH"
- EndSelect
- EndIf
- Select VAR2
- Case 0
- If Komma And Adr = 0
- MN$ + " , " : Komma - 1
- EndIf
- Case 2
- MN$ + " + "
- Case 3
- MN$ + " ]" : Adr = 0
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- EndSelect
- EndProcedure
- Procedure RegisterST(VAR1) ;FPU-Register
- Select VAR1
- Case 0
- MN$ + "ST0"
- Case 1
- MN$ + "ST1"
- Case 2
- MN$ + "ST2"
- Case 3
- MN$ + "ST3"
- Case 4
- MN$ + "ST4"
- Case 5
- MN$ + "ST5"
- Case 6
- MN$ + "ST6"
- Case 7
- MN$ + "ST7"
- EndSelect
- EndProcedure
- Procedure Pointer(VAR1)
- Select VAR1
- Case 0 ;Byte
- MN$ + "byte ptr "
- Case 1 ;Word
- MN$ + "word ptr "
- Case 2 ;DWord
- MN$ + "dword ptr "
- Case 3 ;QWord
- MN$ + "qword ptr "
- Case 4 ;TWord Microsoft:TByte
- MN$ + "tword ptr "
- Case 5 ;DQWord Microsoft:OWord
- MN$ + "dqword ptr "
- Case 6
- MN$ + "28-byte-ptr " ;FPU, FSTENV 32-Bit
- Case 7
- MN$ + "512-byte-ptr " ;FPU, FXSAVE
- Case 8
- MN$ + "14-byte-ptr " ;FPU, FSTENV 16-Bit
- Case 9
- MN$ + "108-byte-ptr " ;FPU, FSAVE/FRSTOR 32-Bit
- Case 10
- MN$ + "94-byte-ptr " ;FPU, FSAVE/FRSTOR 16-Bit
- Case 11
- MN$ + "yword ptr " ;YMM
- EndSelect
- If CSS
- MN$ + "CS: "
- CSS = 0
- EndIf
- If DSS
- MN$ + "DS: "
- DSS = 0
- EndIf
- If ESS
- MN$ + "ES: "
- ESS = 0
- EndIf
- If FSS
- MN$ + "FS: "
- FSS = 0
- EndIf
- If GSS
- MN$ + "GS: "
- GSS = 0
- EndIf
- If SSS
- MN$ + "SS: "
- SSS = 0
- EndIf
- MN$ + "[ "
- Adr = 1 ;jetzt im Adressierungs-Modus, wichtig für Override
- EndProcedure
- Procedure Strings(VAR1, VAR2) ;VAR1=Anzahl Bytes, VAR2=ob Klammer
- If ((Mid(OP$, 1, 2) = "66" And XMM = 0) And VAR1 = 4 And Adr = 0) Or ((Mid(OP$, 1, 2) = "67" And Mid(OP$, 4, 2) = "66" And XMM = 0) And VAR1 = 4 And Adr = 0) Or ((Mid(OP$, 1, 2) = "67" And XMM = 0) And VAR1 = 4 And Adr = 1)
- VAR1 = 2 ;zwangsweise setzen
- EndIf
- For k = 1 To VAR1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- Next
- If IsProg64 And Adr And Mid(MN$, Len(MN$) - 1, 1) = "[" ;64-Bit-Adressierung, Test auf Klammer, da die Sprungziel-Ermittlung nur für blanke Adresse gilt!
- SPZ = PeekL(Buffer + BZ - 4) + BZ - SO + Adr64 ;Sprungziel
- SPZH$ = RSet(Hex(SPZ + MemAdd64 + IB + SRVA), 16, "0") ;MemAdd64=Korrektur für evtl. folgendem Imm-Wert
- SPZ$ = ""
- For k = 1 To Adr3264 - 1 Step 2
- SPZ$ + Mid(SPZH$, k, 2) + " "
- Next
- SPZ$ = Mid(SPZ$, 1, Len(SPZ$) - 1) ;Kosmetik, letztes " " wieder entfernen für Anzeige
- MN$ + SPZ$
- Adr64 = 0
- Else
- OPL = Len(OP$)
- For k = VAR1 To 1 Step -1
- OPL - 3
- MN1$ + Mid(OP$, OPL, 3)
- Next
- MN$ + Mid(MN1$, 2, Len(MN1$)-1)
- EndIf
- If VAR2 = 2
- MN$ + " ]" : Adr = 0 ;abschliessende Klammer setzen
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- EndIf
- MemAdd64 = 0 ;hier richtig!
- EndProcedure
- Procedure MSBytes(VAR1, VAR2) ;VAR2=Pointer-Grösse bzw. Reg-Grösse für Reg-Reg
- MOD = VAR1 >> 6 ;MOD selbst bleibt bei 64-Bit unverändert!
- RM = VAR1 & %00000111
- If VAR2 < 8 ;FPU div.Sicherungen
- If (Mid(OP$, 1, 2) = "66" And XMM = 0 And REX < $48) Or (Mid(OP$, 1, 2) = "67" And (Mid(OP$, 4, 2) = "66" And XMM = 0)) ;Register- oder Address-Override
- VAR2 >> 1 ;zwangsweise reduzieren
- Adr64 >> 1 ;hier auch ändern!
- If MemAdd64 > 1
- MemAdd64 >> 1
- EndIf
- EndIf
- EndIf
- Select MOD
- Case %00
- Select RM
- Case %100 ;SIB-Byte folgt
- SIB = PeekB(Buffer + BZ) & $FF ;also einlesen
- OP$ + RSet(Hex(SIB), 2, "0") + " "
- NoString = 1 ;keine API-Funktion einlesen usw.
- BZ + 1
- S = SIB >> 6
- I = (SIB & %00111000) >> 3
- B = SIB & %00000111
- If REX
- B | (REX & %00000001) << 3
- I | (REX & %00000010) << 2
- EndIf
- Select B
- Case %101
- Select I
- Case %100 ;wäre Register ESP/RSP, Adressierung disp32
- Pointer(VAR2) ;erstmal so
- Adr = 0
- Strings(4, 2)
- Default
- MN$ + "dword ptr [ " : Adr = 1
- Strings(4, 0)
- MN$ + " + "
- If REX
- IsvonMSBytes = 1
- EndIf
- Register32(I, 0)
- If S
- MN$ + " * " + Str(1 << S)
- EndIf
- MN$ + " ]" : Adr = 0
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- EndSelect
- Default
- Select I
- Case %100
- Pointer(VAR2)
- If REX
- IsvonMSBytes = 1
- EndIf
- Register32(B, 0)
- MN$ + " ]" : Adr = 0
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- Default
- Pointer(VAR2)
- If REX
- IsvonMSBytes = 1
- EndIf
- Register32(B, 2)
- If REX
- IsvonMSBytes = 1
- EndIf
- Register32(I, 0)
- If S
- MN$ + " * " + Str(1 << S)
- EndIf
- MN$ + " ]" : Adr = 0
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- EndSelect
- EndSelect
- Case %101 ;direkte (32-Bit-)Adresse
- If Mid(OP$, 1, 2) = "66" And XMM = 0 And REX < $48 And VAR2 <> 8 And VAR2 <> 10 And VAR2 <> 11 ;Operand Override VAR2 für FPU 16-Bit
- Pointer(VAR2 >> 1)
- Adr = 1
- Else
- Pointer(VAR2)
- EndIf
- Strings(4, 0)
- MN$ + " ]" : Adr = 0
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- Default ;kein SIB-Byte
- Pointer(VAR2)
- If REX
- RM | (REX & %00000001) << 3
- IsvonMSBytes = 1
- EndIf
- Register32(RM, 3) ;3 = "]"
- EndSelect
- Case %01 ;mit 8-Bit-Adress-Versatz, 1 weiteres Byte einlesen
- Select RM
- Case %100 ;SIB-Byte folgt
- SIB = PeekB(Buffer + BZ) & $FF ;also einlesen
- OP$ + RSet(Hex(SIB), 2, "0") + " "
- BZ + 1
- S = SIB >> 6
- I = (SIB & %00111000) >> 3
- B = SIB & %00000111
- If REX
- B | (REX & %00000001) << 3
- I | (REX & %00000010) << 2
- EndIf
- Select I
- Case %100
- Select S
- Case %00 ;EA=Address+[B]
- Pointer(VAR2)
- If REX
- IsvonMSBytes = 1
- EndIf
- Register32(B, 0)
- OPP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OPP), 2, "0") + " "
- If OPP >= $80
- MN$ + " - "
- OPP = ((~OPP) + 1) & $FF ;NEG
- Else
- MN$ + " + "
- EndIf
- MN$ + RSet(Hex(OPP), 2, "0") + " ]" : Adr = 0
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- BZ + 1
- Default
- NoCode = 1
- EndSelect
- Default ;EA=Address+[B+S*I]
- Pointer(VAR2)
- If REX
- IsvonMSBytes = 1
- EndIf
- Register32(B, 2)
- If REX
- IsvonMSBytes = 1
- EndIf
- Register32(I, 0)
- If S
- MN$ + " * " + Str(1 << S)
- EndIf
- OPP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OPP), 2, "0") + " "
- If OPP >= $80
- MN$ + " - "
- OPP = ((~OPP) + 1) & $FF ;NEG
- Else
- MN$ + " + "
- EndIf
- MN$ + RSet(Hex(OPP), 2, "0") + " ]" : Adr = 0
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- BZ + 1
- EndSelect
- Default ;kein SIB-Byte, EA=Address+[R/M]
- Pointer(VAR2)
- If REX
- VAR1 & %00000111
- VAR1 | (REX & %00000001) << 3 ;Bit0=Register-Erweiterung
- IsvonMSBytes = 1
- EndIf
- Register32(VAR1, 0)
- OPP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OPP), 2, "0") + " "
- If OPP >= $80
- MN$ + " - "
- OPP = ((~OPP) + 1) & $FF ;NEG
- Else
- MN$ + " + "
- EndIf
- MN$ + RSet(Hex(OPP), 2, "0") + " ]" : Adr = 0
- If Komma
- MN$ + " , " : Komma - 1
- EndIf
- BZ + 1
- EndSelect
- Case %10 ;Adresse 32-bittig
- Select RM
- Case %100 ;SIB-Byte folgt
- SIB = PeekB(Buffer + BZ) & $FF ;also einlesen
- OP$ + RSet(Hex(SIB), 2, "0") + " "
- BZ + 1
- S = SIB >> 6
- I = (SIB & %00111000) >> 3
- B = SIB & %00000111
- If REX
- B | (REX & %00000001) << 3
- I | (REX & %00000010) << 2
- EndIf
- Select I
- Case %100
- Select S
- Case %00 ;EA=Address+[B]
- Pointer(VAR2)
- If REX
- IsvonMSBytes = 1
- EndIf
- Register32(B, 2) ;2="+", also hier nur "vorwärts
- Strings(4, 2) ;4=4 Bytes, 2=abschliessende Klammer setzen
- Default
- NoCode = 1
- EndSelect
- Default ;EA=Address+[B+S*I]
- Pointer(VAR2)
- If REX
- IsvonMSBytes = 1
- EndIf
- Register32(B, 2)
- If REX
- IsvonMSBytes = 1
- EndIf
- Register32(I, 0)
- If S
- MN$ + " * " + Str(1 << S) + " + "
- Else
- MN$ + " + "
- EndIf
- Strings(4, 2) ;4=4 Bytes, 2=abschliessende Klammer setzen
- EndSelect
- Default ;kein SIB-Byte, EA=Address+[R/M]
- Pointer(VAR2)
- If REX
- VAR1 & %00000111
- VAR1 | (REX & %00000001) << 3 ;Bit0=Register-Erweiterung
- IsvonMSBytes = 1
- EndIf
- Register32(VAR1, 2)
- Strings(4, 2) ;4=4 Bytes, 2=abschliessende Klammer setzen
- EndSelect
- Case %11 ;Register
- If VAR2 = 0 ;0=Byte, 1=Word, 2=DWord
- Register8(VAR1, 0)
- Else
- If VAR2 <> 1
- VAR2 = 0
- EndIf
- Register32(VAR1, VAR2) ;& %00000111 erfolgt in Procedure Register32!
- EndIf
- EndSelect
- EndProcedure
- Procedure Sprung_short()
- SPZ = PeekB(Buffer + BZ)
- OP$ + RSet(Hex(SPZ & $FF), 2, "0")
- BZ + 1
- SPZ = PeekB(Buffer + BZ - 1) + BZ - SO ;Sprungziel
- SPZH$ = RSet(Hex(SPZ + IB + SRVA), Adr3264, "0")
- SPZ$ = ""
- For k = 1 To Adr3264 - 1 Step 2
- SPZ$ + Mid(SPZH$, k, 2) + " "
- Next
- MN$ + SPZ$ + " ( short )"
- If Mid(OP$, 1, 2) = "2E" ;Test auf Branch Hints
- MN$ + " ( Branch Hint : No )"
- CSS = 0
- ElseIf Mid(OP$, 1, 2) = "3E"
- MN$ + " ( Branch Hint : Yes )"
- DSS = 0
- EndIf
- EndProcedure
- Procedure Sprung_near_long()
- SPZ = PeekL(Buffer + BZ)
- For k = 1 To 4
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- Next
- SPZ = PeekL(Buffer + BZ - 4) + BZ - SO ;Sprungziel
- SPZH$ = RSet(Hex(SPZ + IB + SRVA), Adr3264, "0")
- SPZ$ = ""
- For k = 1 To Adr3264 - 1 Step 2
- SPZ$ + Mid(SPZH$, k, 2) + " "
- Next
- MN$ + SPZ$
- If Mid(OP$, 1, 2) = "2E" ;Test auf Branch Hints
- MN$ + " ( Branch Hint : No )"
- CSS = 0
- ElseIf Mid(OP$, 1, 2) = "3E"
- MN$ + " ( Branch Hint : Yes )"
- DSS = 0
- EndIf
- EndProcedure
- Procedure Ev(VAR1, VAR2) ;VAR1 = Operanden-Grösse (Byte, Word,...)
- Komma = VAR2
- If VAR1 = 10 And (REX & %00001000)
- VAR1 = 3
- ElseIf VAR1 = 10
- VAR1 = 2
- EndIf
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- MSBytes(OP, VAR1)
- If XMM = 5 ;das nächste Register soll ein XMM-Register sein!
- XMM = 2
- EndIf
- If XMM = 6 ;das nächste Register soll ein MMX-Register sein!
- XMM = 1
- EndIf
- If REX
- REXEX = 1
- EndIf
- Register32(OP >> 3, 0)
- EndProcedure
- Procedure Gv(VAR1, VAR2)
- Komma = VAR2
- If VAR1 = 10 And (REX & %00001000)
- VAR1 = 3
- ElseIf VAR1 = 10
- VAR1 = 2
- EndIf
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- If REX
- REXEX = 1
- EndIf
- Register32(OP >> 3, 0)
- If XMM = 5 ;das nächste Register soll ein XMM-Register sein!
- XMM = 2
- EndIf
- If XMM = 6 ;das nächste Register soll ein MMX-Register sein!
- XMM = 1
- EndIf
- If XMM = 4 ;das nächste Register soll wieder ein General-Register sein!
- XMM = 255 ;bei Null Problem mit Präfix $66, so lassen
- EndIf
- If XMM = 3 ;das nächste Register soll wieder ein General-Register sein!
- XMM = 255
- EndIf
- If XMM = 7 ;das nächste Register soll ein MMX-Register sein!
- XMM = 1
- EndIf
- If XMM = 8 ;das nächste Register soll ein XMM-Register sein!
- XMM = 2
- EndIf
- If REX
- OP | ((REX & %00000001) << 3)
- EndIf
- MSBytes(OP, VAR1) ;VAR1=0=Byte, 1=Word, 2=DWord usw.
- EndProcedure
- Procedure Eb(VAR1) ;VAR1=0 für z.B. SETcc (nur ein Register)
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- MSBytes(OP, 0) ;VAR2=0=Byte
- If VAR1
- If REX
- REXEX = 1
- EndIf
- Register8(OP >> 3, 0)
- EndIf
- EndProcedure
- Procedure Gb()
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- Register8(OP >> 3, 0)
- MSBytes(OP, 0) ;VAR2=0=Byte
- EndProcedure
- Procedure AVX() ;AVX, AES, FMA
- ;Under Construction!
- MN$ = "" ;nur solange nicht komplett
- Var1 = 0 ;für z.B. VBROADCAST
- BZ + 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- OPAVX = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OPAVX), 2, "0") + " "
- Select OP
- Case $0C
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00011 ;=$0F3A
- Select pp
- Case 1 ;=$66
- MN$ = "VBLENDPS "
- MemAdd64 = 1
- IMM8 = 1
- EndSelect
- EndSelect
- ;----------------------
- Case $0D
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00011 ;=$0F3A
- Select pp
- Case 1 ;=$66
- MN$ = "VBLENDPD "
- MemAdd64 = 1
- IMM8 = 1
- EndSelect
- EndSelect
- ;----------------------
- Case $17
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00011 ;=$0F3A
- Select pp
- Case 1 ;=$66
- MN$ = "VEXTRACTPS " : Var1 = 2
- XMM = -2
- vvvv = 255 ;=unused
- MemAdd64 = 1
- IMM8 = 4
- EndSelect
- EndSelect
- ;----------------------
- Case $18
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00010 ;=$0F38
- Select pp
- Case 1 ;=$66
- MN$ = "VBROADCASTSS " : Var1 = 2 ;dword
- vvvv = 255 ;=unused
- EndSelect
- Case %00011 ;=$0F3A
- Select pp
- Case 1 ;=$66
- MN$ = "VINSERTF128 " : Var1 = 5 ;dqword
- MemAdd64 = 1
- IMM8 = 10
- EndSelect
- EndSelect
- ;----------------------
- Case $19
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00010 ;=$0F38
- Select pp
- Case 1 ;=$66
- MN$ = "VBROADCASTSD " : Var1 = 3 ;qword
- vvvv = 255 ;=unused
- EndSelect
- Case %00011 ;=$0F3A
- Select pp
- ; Case 1 ;=$66 NEU!
- ; MN$ = "VEXTRACTF128 " : Var1 = 5 ;dqword ;lt. NASM 2.07 XMM-Register; lt.Intel aber YMM (richtig)
- ; XMM = -2 ;Tag später für 2.Register=YMM
- ; vvvv = 255 ;=unused
- ; MemAdd64 = 1
- ; IMM8 = 4
- ;LVEX = 0 ;ist von NASM gesetzt!
- EndSelect
- EndSelect
- ;----------------------
- Case $1A
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00010 ;=$0F38
- Select pp
- Case 1 ;=$66
- MN$ = "VBROADCASTF128 " : Var1 = 5 ;dqword
- vvvv = 255 ;=unused
- EndSelect
- EndSelect
- ;----------------------
- Case $21
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00011 ;=$0F3A
- Select pp
- Case 1 ;=$66
- MN$ = "VINSERTPS " : Var1 = 2
- MemAdd64 = 1
- IMM8 = 1
- EndSelect
- EndSelect
- ;------------------------
- Case $2A
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 3 ;=$F2
- MN$ = "VCVTSI2SD "
- XMM = 254
- If WVEX
- Var1 = 3 ;qword
- Else
- Var1 = 2 ;dword
- EndIf
- Case 2 ;=$F3
- MN$ = "VCVTSI2SS "
- XMM = 255
- If WVEX
- Var1 = 3 ;qword
- Else
- Var1 = 2 ;dword
- EndIf
- EndSelect
- EndSelect
- ;------------------------
- Case $2C
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 3 ;=$F2
- MN$ = "VCVTTSD2SI " : Var1 = 3 ;qword
- XMM = -1 ;Klimmzug wegen Prefix 67h ! Verhindert Reduzierung auf word ptr in Strings()
- OP = (PeekB(Buffer + BZ) & $FF) >> 3
- REX | RVEX >> 3 ;Register-Erweiterung
- REX | WVEX
- Klimm.b = PeekB(@OP$) ;oh je... aber wegen"67"
- PokeB(@OP$, 0)
- Komma = 1
- Register32(OP, 0)
- PokeB(@OP$, Klimm) ;wieder herstellen
- vvvv = 255 ;=unused
- REX = 0 ;muss
- Case 2 ;=$F3
- MN$ = "VCVTTSS2SI " : Var1 = 2 ;dword
- XMM = -1 ;Klimmzug wegen Prefix 67h ! Verhindert Reduzierung auf word ptr in Strings()
- OP = (PeekB(Buffer + BZ) & $FF) >> 3
- REX | RVEX >> 3 ;Register-Erweiterung
- REX | WVEX
- Klimm.b = PeekB(@OP$) ;oh je... aber wegen"67"
- PokeB(@OP$, 0)
- Komma = 1
- Register32(OP, 0)
- PokeB(@OP$, Klimm) ;wieder herstellen
- vvvv = 255 ;=unused
- REX = 0 ;muss
- EndSelect
- EndSelect
- ;------------------------
- Case $2D
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 3 ;=$F2
- MN$ = "VCVTSD2SI " : Var1 = 3 ;qword
- XMM = -1 ;Klimmzug wegen Prefix 67h ! Verhindert Reduzierung auf word ptr in Strings()
- OP = (PeekB(Buffer + BZ) & $FF) >> 3
- REX | RVEX >> 3 ;Register-Erweiterung
- REX | WVEX
- Klimm.b = PeekB(@OP$) ;oh je... aber wegen"67"
- PokeB(@OP$, 0)
- Komma = 1
- Register32(OP, 0)
- PokeB(@OP$, Klimm) ;wieder herstellen
- vvvv = 255 ;=unused
- REX = 0 ;muss
- Case 2 ;=$F3
- MN$ = "VCVTSS2SI " : Var1 = 2 ;dword
- XMM = -1 ;Klimmzug wegen Prefix 67h ! Verhindert Reduzierung auf word ptr in Strings()
- OP = (PeekB(Buffer + BZ) & $FF) >> 3
- REX | RVEX >> 3 ;Register-Erweiterung
- REX | WVEX
- Klimm.b = PeekB(@OP$) ;oh je... aber wegen"67"
- PokeB(@OP$, 0)
- Komma = 1
- Register32(OP, 0)
- PokeB(@OP$, Klimm) ;wieder herstellen
- vvvv = 255 ;=unused
- REX = 0 ;muss
- EndSelect
- EndSelect
- ;------------------------
- Case $2F
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VCOMISD " : Var1 = 3 ;qword
- Default
- MN$ = "VCOMISS " : Var1 = 2 ;dword
- EndSelect
- vvvv = 255 ;=unused
- EndSelect
- ;------------------------
- Case $40
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00011 ;=$0F3A
- Select pp
- Case 1 ;=$66
- MN$ = "VDPPS "
- EndSelect
- MemAdd64 = 1
- IMM8 = 1
- EndSelect
- ;------------------------
- Case $41
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00011 ;=$0F3A
- Select pp
- Case 1 ;=$66
- MN$ = "VDPPD "
- EndSelect
- MemAdd64 = 1
- IMM8 = 1
- EndSelect
- ;------------------------
- Case $4A
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00011 ;=$0F3A
- Select pp
- Case 1 ;=$66
- MN$ = "VBLENDVPS "
- MemAdd64 = 1
- IMM8 = 2
- EndSelect
- EndSelect
- ;----------------------
- Case $4B
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00011 ;=$0F3A
- Select pp
- Case 1 ;=$66
- MN$ = "VBLENDVPD "
- MemAdd64 = 1
- IMM8 = 2
- EndSelect
- EndSelect
- ;----------------------
- Case $54
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VANDPD "
- Default
- MN$ = "VANDPS "
- EndSelect
- EndSelect
- ;------------------------
- Case $55
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VANDNPD "
- Default
- MN$ = "VANDNPS "
- EndSelect
- EndSelect
- ;------------------------
- Case $58
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VADDPD "
- Case 3 ;=$F2
- MN$ = "VADDSD " : Var1 = 3 ;qword
- Case 2 ;=$F3
- MN$ = "VADDSS " : Var1 = 2 ;dword
- Default
- MN$ = "VADDPS "
- EndSelect
- EndSelect
- ;------------------------
- Case $5A
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VCVTPD2PS " : Var1 = 21 ;wird modifiziert
- vvvv = 255 ;=unused
- Case 3 ;=$F2
- MN$ = "VCVTSD2SS " : Var1 = 3
- Case 2 ;=$F3
- MN$ = "VCVTSS2SD " : Var1 = 2
- Default
- MN$ = "VCVTPS2PD " : Var1 = 20 ;wird modifiziert
- vvvv = 255 ;=unused
- EndSelect
- EndSelect
- ;------------------------
- Case $5B
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VCVTPS2DQ "
- vvvv = 255 ;=unused
- Case 2 ;=$F3
- MN$ = "VCVTTPS2DQ "
- vvvv = 255 ;=unused
- Default
- MN$ = "VCVTDQ2PS "
- vvvv = 255 ;=unused
- EndSelect
- EndSelect
- ;------------------------
- Case $5E
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VDIVPD "
- Case 3 ;=$F2
- MN$ = "VDIVSD " : Var1 = 3 ;qword
- Case 2 ;=$F3
- MN$ = "VDIVSS " : Var1 = 2 ;dword
- Default
- MN$ = "VDIVPS "
- EndSelect
- EndSelect
- ;------------------------
- Case $7C
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VHADDPD "
- Case 3 ;=$F2
- MN$ = "VHADDPS "
- EndSelect
- EndSelect
- ;----------------------
- Case $7D
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VHSUBPD "
- Case 3 ;=$F2
- MN$ = "VHSUBPS "
- EndSelect
- EndSelect
- ;----------------------
- Case $BD
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00010 ;=$0F38
- Select pp
- Case 1 ;=$66
- MN$ = "VFNMADD231SS " : Var1 = 2 ;dword
- EndSelect
- EndSelect
- ;----------------------
- Case $C2
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VCMPPD "
- Case 3 ;=$F2
- MN$ = "VCMPSD " : Var1 = 3 ;qword
- Case 2 ;=$F3
- MN$ = "VCMPSS " : Var1 = 2 ;dword
- Default
- MN$ = "VCMPPS "
- EndSelect
- MemAdd64 = 1
- IMM8 = 1
- EndSelect
- ;------------------------
- Case $D0
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VADDSUBPD "
- Case 3 ;=$F2
- MN$ = "VADDSUBPS "
- EndSelect
- EndSelect
- ;----------------------
- Case $DB
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00010 ;=$0F38
- Select pp
- Case 1 ;=$66
- MN$ = "VAESIMC "
- vvvv = 255 ;=unused
- EndSelect
- EndSelect
- ;----------------------
- Case $DC
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00010 ;=$0F38
- Select pp
- Case 1 ;=$66
- MN$ = "VAESENC "
- EndSelect
- EndSelect
- ;----------------------
- Case $DD
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00010 ;=$0F38
- Select pp
- Case 1 ;=$66
- MN$ = "VAESENCLAST "
- EndSelect
- EndSelect
- ;----------------------
- Case $DE
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00010 ;=$0F38
- Select pp
- Case 1 ;=$66
- MN$ = "VAESDEC "
- EndSelect
- EndSelect
- ;----------------------
- Case $DF
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00010 ;=$0F38
- Select pp
- Case 1 ;=$66
- MN$ = "VAESDECLAST "
- EndSelect
- Case %00011 ;=$0F3A
- Select pp
- Case 1 ;=$66
- MN$ = "VAESKEYGENASSIST "
- MemAdd64 = 1
- IMM8 = 1
- vvvv = 255 ;=unused
- EndSelect
- EndSelect
- ;----------------------
- Case $E6
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VCVTTPD2DQ " : Var1 = 21 ;wird modifiziert
- Case 3 ;=$F2
- MN$ = "VCVTPD2DQ " : Var1 = 21 ;wird modifiziert
- Case 2 ;=$F3
- MN$ = "VCVTDQ2PD " : Var1 = 20 ;wird modifiziert
- EndSelect
- vvvv = 255 ;=unused
- EndSelect
- ;------------------------
- Case $F0
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 3 ;=$F2
- MN$ = "VLDDQU " : Var1 = 21 ;wird modifiziert
- EndSelect
- vvvv = 255 ;=unused
- EndSelect
- ;------------------------
- Case $F7
- Select mmmmm ;%00001=$0F, %00010=$0F38, %00011=$0F3A
- Case %00001 ;=$0F
- Select pp
- Case 1 ;=$66
- MN$ = "VMASKMOVDQU "
- EndSelect
- vvvv = 255 ;=unused
- EndSelect
- ;------------------------
- EndSelect
- BZ + 1
- If LVEX And Var1 <> 21
- XY$ = "YMM"
- If Var1 = 0 ;nur neu setzen, wenn noch nicht explizit gesetzt wurde, z.B. VBROADCAST
- Var1 = 11
- EndIf
- Else
- XY$ = "XMM"
- If Var1 = 0
- Var1 = 5
- EndIf
- EndIf
- If XMM > 0 ;z.B VCVTSD2SI ist -1
- MN$ + XY$ + Str(((OPAVX >> 3) & %111) | RVEX) ;RVEX for 8-15 1.Operand
- MN$ + " , "
- EndIf
- If Var1 = 21 ;z.B. VCVTPD2DQ
- If LVEX
- XY$ = "YMM"
- Var1 = 11
- Else
- Var1 = 5
- EndIf
- EndIf
- If Var1 = 20 ;z.B. VCVTDQ2PD
- XY$ = "XMM"
- If LVEX
- Var1 = 5
- Else
- Var1 = 3
- EndIf
- EndIf
- If vvvv < 250 ;=unused
- MN$ + XY$ + Str(vvvv) + " , " ;vvvv 2.Operand
- EndIf
- If IMM8 = 10 ;hier mal so für z.B. VINSERTF128
- IMM8 = 1
- XY$ = "XMM"
- EndIf
- EndProcedure
- Procedure FPU() ;FPU-Instruktionen
- MODRM = PeekB(Buffer + BZ) & $FF
- MOD = MODRM >> 6
- SPEC = (MODRM >> 3) & %00000111
- RM = MODRM & %00000111
- OP$ + RSet(Hex(MODRM), 2, "0") + " "
- BZ + 1
- Select OPF ;$D8 bis $DF, kommt von Procedure_Codes()
- Case $D8
- Select MOD
- Case %11 ;MODRM > $BF
- Select SPEC
- Case 0
- MN$ = "FADD ST0 , "
- RegisterST(RM)
- Case 1
- MN$ = "FMUL ST0 , "
- RegisterST(RM)
- Case 2
- MN$ = "FCOM " ;ohne "ST0"
- RegisterST(RM)
- Case 3
- MN$ = "FCOMP "
- RegisterST(RM)
- Case 4
- MN$ = "FSUB ST0 , "
- RegisterST(RM)
- Case 5
- MN$ = "FSUBR ST0 , "
- RegisterST(RM)
- Case 6
- MN$ = "FDIV ST0 , "
- RegisterST(RM)
- Case 7
- MN$ = "FDIVR ST0 , "
- RegisterST(RM)
- EndSelect
- Default ;MODRM $0 bis $BF
- Select SPEC
- Case 0
- MN$ = "FADD " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 1
- MN$ = "FMUL " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 2
- MN$ = "FCOM " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 3
- MN$ = "FCOMP " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 4
- MN$ = "FSUB " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 5
- MN$ = "FSUBR " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 6
- MN$ = "FDIV " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 7
- MN$ = "FDIVR " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- EndSelect
- EndSelect
- Case $D9
- Select MOD
- Case %11 ;MODRM > $BF
- Select SPEC
- Case 0
- MN$ = "FLD "
- RegisterST(RM)
- Case 1
- MN$ = "FXCH "
- RegisterST(RM)
- Case 3
- MN$ = "FSTP " ;Alias
- RegisterST(RM)
- MN$ + " ( Alias for FSTP, but don´t signal stack underflow ! )"
- EndSelect
- Select MODRM
- Case $D0 ;$D1 bis $DF und andere sind reserviert
- MN$ = "FNOP " ;Space for Search!
- Case $E0
- MN$ = "FCHS "
- Case $E1
- MN$ = "FABS "
- Case $E4
- MN$ = "FTST "
- Case $E5
- MN$ = "FXAM "
- Case $E8
- MN$ = "FLD1 "
- Case $E9
- MN$ = "FLDL2T "
- Case $EA
- MN$ = "FLDL2E "
- Case $EB
- MN$ = "FLDPI "
- Case $EC
- MN$ = "FLDLG2 "
- Case $ED
- MN$ = "FLDLN2 "
- Case $EE
- MN$ = "FLDZ "
- Case $F0
- MN$ = "F2XM1 "
- Case $F1
- MN$ = "FYL2X "
- Case $F2
- MN$ = "FPTAN "
- Case $F3
- MN$ = "FPATAN "
- Case $F4
- MN$ = "FXTRACT "
- Case $F5
- MN$ = "FPREM1 "
- Case $F6
- MN$ = "FDECSTP "
- Case $F7
- MN$ = "FINCSTP "
- Case $F8
- MN$ = "FPREM "
- Case $F9
- MN$ = "FYL2XP1 "
- Case $FA
- MN$ = "FSQRT "
- Case $FB
- MN$ = "FSINCOS "
- Case $FC
- MN$ = "FRNDINT "
- Case $FD
- MN$ = "FSCALE "
- Case $FE
- MN$ = "FSIN "
- Case $FF
- MN$ = "FCOS "
- EndSelect
- Default ;MODRM $0 bis $BF
- Select SPEC
- Case 0
- MN$ = "FLD " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 1
- NoCode = 1
- Case 2
- MN$ = "FST " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 3
- MN$ = "FSTP " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 4
- MN$ = "FLDENV "
- MSBytes(MODRM, 6) ;6=28-byte-ptr
- Case 5
- MN$ = "FLDCW "
- MSBytes(MODRM, 1) ;1=Word
- Case 6
- If Daten(Zeile - 1)\Mnemonic = "WAIT "
- MN$ = "FSTENV "
- OP$ = "9B " + OP$
- Zeile - 1
- If Mid(OP$, 4, 2) = "66"
- MSBytes(MODRM, 8) ;8=14-byte-ptr
- Else
- MSBytes(MODRM, 6) ;6=28-byte-ptr
- EndIf
- MN$ + " ( 9B = (F)WAIT )"
- If Mid(OP$, 4, 2) = "66"
- MN$ + " ( = FSTENVW )"
- Else
- MN$ + " ( = FSTENVD )"
- EndIf
- Else
- MN$ = "FNSTENV "
- If Mid(OP$, 1, 2) = "66"
- MSBytes(MODRM, 8) ;8=14-byte-ptr
- Else
- MSBytes(MODRM, 6) ;6=28-byte-ptr
- EndIf
- If Mid(OP$, 1, 2) = "66"
- MN$ + " ( = FNSTENVW )"
- Else
- MN$ + " ( = FNSTENVD )"
- EndIf
- EndIf
- Case 7
- If Daten(Zeile - 1)\Mnemonic = "WAIT "
- MN$ = "FSTCW "
- OP$ = "9B " + OP$
- Zeile - 1
- MSBytes(MODRM, 1) ;1=Word
- MN$ + " ( 9B = (F)WAIT )"
- Else
- MN$ = "FNSTCW "
- MSBytes(MODRM, 1) ;1=Word
- EndIf
- EndSelect
- EndSelect
- Case $DA
- Select MOD
- Case %11 ;MODRM > $BF
- Select SPEC
- Case 0
- MN$ = "FCMOVB "
- RegisterST(RM)
- Case 1
- MN$ = "FCMOVE "
- RegisterST(RM)
- Case 2
- MN$ = "FCMOVBE "
- RegisterST(RM)
- Case 3
- MN$ = "FCMOVU "
- RegisterST(RM)
- EndSelect
- Select MODRM
- Case $E9
- MN$ = "FUCOMPP "
- EndSelect
- Default ;MODRM $0 bis $BF
- Select SPEC
- Case 0
- MN$ = "FIADD " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 1
- MN$ = "FIMUL " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 2
- MN$ = "FICOM " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 3
- MN$ = "FICOMP " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 4
- MN$ = "FISUB " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 5
- MN$ = "FISUBR " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 6
- MN$ = "FIDIV " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 7
- MN$ = "FIDIVR " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- EndSelect
- EndSelect
- Case $DB
- Select MOD
- Case %11 ;MODRM > $BF
- Select SPEC
- Case 0
- MN$ = "FCMOVNB "
- RegisterST(RM)
- Case 1
- MN$ = "FCMOVNE "
- RegisterST(RM)
- Case 2
- MN$ = "FCMOVNBE "
- RegisterST(RM)
- Case 3
- MN$ = "FCMOVNU "
- RegisterST(RM)
- Case 5
- MN$ = "FUCOMI "
- RegisterST(RM)
- Case 6
- MN$ = "FCOMI "
- RegisterST(RM)
- EndSelect
- Select MODRM
- Case $E0
- If Daten(Zeile - 1)\Mnemonic = "WAIT "
- MN$ = "FENI "
- OP$ = "9B " + OP$
- Zeile - 1
- MN$ + " ( 9B = (F)WAIT )"
- Else
- MN$ = "FNENI "
- EndIf
- Case $E1
- If Daten(Zeile - 1)\Mnemonic = "WAIT "
- MN$ = "FDISI "
- OP$ = "9B " + OP$
- Zeile - 1
- MN$ + " ( 9B = (F)WAIT )"
- Else
- MN$ = "FNDISI "
- EndIf
- Case $E2
- If Daten(Zeile - 1)\Mnemonic = "WAIT "
- MN$ = "FCLEX "
- OP$ = "9B " + OP$
- Zeile - 1
- MN$ + " ( 9B = (F)WAIT )"
- Else
- MN$ = "FNCLEX "
- EndIf
- Case $E3
- If Daten(Zeile - 1)\Mnemonic = "WAIT "
- MN$ = "FINIT "
- OP$ = "9B " + OP$
- Zeile - 1
- MN$ + " ( 9B = (F)WAIT )"
- Else
- MN$ = "FNINIT "
- EndIf
- Case $E4
- MN$ = "FSETPM (Set Protected Mode, only for 287-Co-Processor, all others = FNOP"
- EndSelect
- Default ;MODRM $0 bis $BF
- Select SPEC
- Case 0
- MN$ = "FILD " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 1
- MN$ = "FISTTP " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 2
- MN$ = "FIST " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 3
- MN$ = "FISTP " ;Single Precision
- MSBytes(MODRM, 2) ;2=DWord
- Case 4
- NoCode = 1
- Case 5
- MN$ = "FLD " ;Extended Precision 10-Bit
- MSBytes(MODRM, 4) ;4=TWord
- Case 6
- NoCode = 1
- Case 7
- MN$ = "FSTP " ;Extended Precision 10-Bit
- MSBytes(MODRM, 4) ;4=TWord
- EndSelect
- EndSelect
- Case $DC
- Select MOD
- Case %11 ;MODRM > $BF
- Select SPEC
- Case 0
- MN$ = "FADD "
- RegisterST(RM)
- MN$ + " , ST0"
- Case 1
- MN$ = "FMUL "
- RegisterST(RM)
- MN$ + " , ST0"
- Case 2
- MN$ = "FCOM " ;Alias
- RegisterST(RM)
- Case 3
- MN$ = "FCOMP " ;Alias
- RegisterST(RM)
- Case 4
- MN$ = "FSUBR "
- RegisterST(RM)
- MN$ + " , ST0"
- Case 5
- MN$ = "FSUB "
- RegisterST(RM)
- MN$ + " , ST0"
- Case 6
- MN$ = "FDIVR "
- RegisterST(RM)
- MN$ + " , ST0"
- Case 7
- MN$ = "FDIV "
- RegisterST(RM)
- MN$ + " , ST0"
- EndSelect
- Default ;MODRM $0 bis $BF
- Select SPEC
- Case 0
- MN$ = "FADD " ;Double Precision
- MSBytes(MODRM, 3) ;3=QWord
- Case 1
- MN$ = "FMUL " ;Double Precision
- MSBytes(MODRM, 3) ;3=QWord
- Case 2
- MN$ = "FCOM " ;Double Precision
- MSBytes(MODRM, 3) ;3=QWord
- Case 3
- MN$ = "FCOMP " ;Double Precision
- MSBytes(MODRM, 3) ;3=QWord
- Case 4
- MN$ = "FSUB " ;Double Precision
- MSBytes(MODRM, 3) ;3=QWord
- Case 5
- MN$ = "FSUBR " ;Double Precision
- MSBytes(MODRM, 3) ;3=QWord
- Case 6
- MN$ = "FDIV " ;Double Precision
- MSBytes(MODRM, 3) ;3=QWord
- Case 7
- MN$ = "FDIVR " ;Double Precision
- MSBytes(MODRM, 3) ;3=QWord
- EndSelect
- EndSelect
- Case $DD
- Select MOD
- Case %11 ;MODRM > $BF
- Select SPEC
- Case 0
- MN$ = "FFREE "
- RegisterST(RM)
- Case 1
- MN$ = "FXCH " ;Alias
- RegisterST(RM)
- Case 2
- MN$ = "FST "
- RegisterST(RM)
- Case 3
- MN$ = "FSTP "
- RegisterST(RM)
- Case 4
- MN$ = "FUCOM "
- RegisterST(RM)
- MN$ + " , ST0"
- Case 5
- MN$ = "FUCOMP "
- RegisterST(RM)
- Case 6 To 7
- NoCode = 1
- EndSelect
- Default ;MODRM $0 bis $BF
- Select SPEC
- Case 0
- MN$ = "FLD " ;Double Precision
- MSBytes(MODRM, 3) ;3=QWord
- Case 1
- MN$ = "FISTTP " ;Double Integer
- MSBytes(MODRM, 3) ;3=QWord
- Case 2
- MN$ = "FST " ;Double Precision
- MSBytes(MODRM, 3) ;3=QWord
- Case 3
- MN$ = "FSTP " ;Double Precision
- MSBytes(MODRM, 3) ;3=QWord
- Case 4
- MN$ = "FRSTOR "
- If Mid(OP$, 1, 2) = "66" Or Mid(OP$, 4, 2) = "66"
- MSBytes(MODRM, 10) ;10=94-byte-ptr
- S = 1
- Else
- MSBytes(MODRM, 9) ;9=108-byte-ptr
- S = 0
- EndIf
- If S
- MN$ + " ( = FRSTORW )"
- Else
- MN$ + " ( = FRSTORD )"
- EndIf
- Case 5
- NoCode = 1
- Case 6
- If Daten(Zeile - 1)\Mnemonic = "WAIT "
- MN$ = "FSAVE "
- Zeile - 1
- If Mid(OP$, 1, 2) = "66" Or Mid(OP$, 4, 2) = "66"
- MSBytes(MODRM, 10) ;10=94-byte-ptr
- S = 1
- Else
- MSBytes(MODRM, 9) ;9=108-byte-ptr
- S = 0
- EndIf
- OP$ = "9B " + OP$ ;erst hier!
- MN$ + " ( 9B = (F)WAIT )"
- If S
- MN$ + " ( = FSAVEW )"
- Else
- MN$ + " ( = FSAVED )"
- EndIf
- Else
- MN$ = "FNSAVE "
- If Mid(OP$, 1, 2) = "66" Or Mid(OP$, 4, 2) = "66"
- MSBytes(MODRM, 10) ;10=94-byte-ptr
- S = 1
- Else
- MSBytes(MODRM, 9) ;9=108-byte-ptr
- S = 0
- EndIf
- If S
- MN$ + " ( = FNSAVEW )"
- Else
- MN$ + " ( = FNSAVED )"
- EndIf
- EndIf
- Case 7
- If Daten(Zeile - 1)\Mnemonic = "WAIT "
- MN$ = "FSTSW "
- MSBytes(MODRM, 1) ;1=Word
- OP$ = "9B " + OP$
- Zeile - 1
- MN$ + " ( 9B = (F)WAIT )"
- Else
- MN$ = "FNSTSW "
- MSBytes(MODRM, 1) ;1=Word
- EndIf
- EndSelect
- EndSelect
- Case $DE
- Select MOD
- Case %11 ;MODRM > $BF
- Select SPEC
- Case 0
- MN$ = "FADDP "
- RegisterST(RM)
- MN$ + " , ST0"
- Case 1
- MN$ = "FMULP "
- RegisterST(RM)
- MN$ + " , ST0"
- Case 2
- MN$ = "FCOMP " ;Alias
- RegisterST(RM)
- Case 3
- If MODRM = $D9
- MN$ = "FCOMPP "
- Else
- NoCode = 1
- EndIf
- Case 4
- MN$ = "FSUBRP "
- RegisterST(RM)
- MN$ + " , ST0"
- Case 5
- MN$ = "FSUBP "
- RegisterST(RM)
- MN$ + " , ST0"
- Case 6
- MN$ = "FDIVRP "
- RegisterST(RM)
- MN$ + " , ST0"
- Case 7
- MN$ = "FDIVP "
- RegisterST(RM)
- MN$ + " , ST0"
- EndSelect
- Default ;MODRM $0 bis $BF
- Select SPEC
- Case 0
- MN$ = "FIADD " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- Case 1
- MN$ = "FIMUL " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- Case 2
- MN$ = "FICOM " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- Case 3
- MN$ = "FICOMP " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- Case 4
- MN$ = "FISUB " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- Case 5
- MN$ = "FISUBR " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- Case 6
- MN$ = "FIDIV " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- Case 7
- MN$ = "FIDIVR " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- EndSelect
- EndSelect
- Case $DF
- Select MOD
- Case %11 ;MODRM > $BF
- Select SPEC
- Case 0
- MN$ = "FFREEP " ;not documented: FFREE ST(i) and pop stack
- RegisterST(RM)
- Case 1
- MN$ = "FXCH " ;Alias
- RegisterST(RM)
- Case 2
- MN$ = "FSTP " ;Alias
- RegisterST(RM)
- Case 3
- MN$ = "FSTP " ;Alias
- RegisterST(RM)
- Case 4
- If MODRM = $E0
- If Daten(Zeile - 1)\Mnemonic = "WAIT "
- MN$ = "FSTSW AX "
- OP$ = "9B " + OP$
- Zeile - 1
- MN$ + " ( 9B = (F)WAIT )"
- Else
- MN$ = "FNSTSW AX "
- EndIf
- Else
- NoCode = 1
- EndIf
- Case 5
- MN$ = "FUCOMIP "
- RegisterST(RM)
- Case 6
- MN$ = "FCOMIP "
- RegisterST(RM)
- Case 7
- NoCode = 1
- EndSelect
- Default ;MODRM $0 bis $BF
- Select SPEC
- Case 0
- MN$ = "FILD " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- Case 1
- MN$ = "FISTTP " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- Case 2
- MN$ = "FIST " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- Case 3
- MN$ = "FISTP " ;Word Integer
- MSBytes(MODRM, 1) ;1=Word
- Case 4
- MN$ = "FBLD " ;Packed BCD 10-Bit
- MSBytes(MODRM, 4) ;4=TWord
- Case 5
- MN$ = "FILD " ;QWord Integer
- MSBytes(MODRM, 3) ;3=QWord
- Case 6
- MN$ = "FBSTP " ;Packed BCD 10-Bit
- MSBytes(MODRM, 4) ;4=TWord
- Case 7
- MN$ = "FISTP " ;QWord Integer
- MSBytes(MODRM, 3) ;3=QWord
- EndSelect
- EndSelect
- EndSelect
- EndProcedure
- Procedure OP3B38() ;die ersten 2 Bytes sind $0F $38 (ohne Präfix(e)!)
- PR = PeekW(@OP$) ;anstelle von PR$ = Mid(OP$, 1, 2)
- If PR = $3736 ;$67 wenn 2 Präfixe $67 $66
- PR = PeekW(@OP$ + 3)
- EndIf
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- Select OP
- ;----------------------
- Case $00 To $0B
- Select OP
- Case $00
- MN$ = "PSHUFB "
- Case $01
- MN$ = "PHADDW "
- Case $02
- MN$ = "PHADDD "
- Case $03
- MN$ = "PHADDSW "
- Case $04
- MN$ = "PMADDUBSW "
- Case $05
- MN$ = "PHSUBW "
- Case $06
- MN$ = "PHSUBD "
- Case $07
- MN$ = "PHSUBSW "
- Case $08
- MN$ = "PSIGNB "
- Case $09
- MN$ = "PSIGNW "
- Case $0A
- MN$ = "PSIGND "
- Case $0B
- MN$ = "PMULHRSW "
- EndSelect
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;----------------------
- Case $10
- Select PR
- Case $3636 ;=$66
- MN$ = "PBLENDVB " ;Vdq, Wdq
- XMM = 2
- EndSelect
- Gv(5, 1)
- MN$ + " , XMM0" ;3.Parameter
- ;----------------------
- Case $14
- Select PR
- Case $3636 ;=$66
- MN$ = "BLENDVPS " ;Vdq, Wdq
- XMM = 2
- EndSelect
- Gv(5, 1)
- MN$ + " , XMM0" ;3.Parameter
- ;----------------------
- Case $15
- Select PR
- Case $3636 ;=$66
- MN$ = "BLENDVPD " ;Vdq, Wdq
- XMM = 2
- EndSelect
- Gv(5, 1)
- MN$ + " , XMM0" ;3.Parameter
- ;----------------------
- Case $17
- Select PR
- Case $3636 ;=$66
- MN$ = "PTEST " ;Vdq, Wdq
- XMM = 2
- EndSelect
- Gv(5, 1)
- ;----------------------
- Case $1C
- MN$ = "PABSB "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;----------------------
- Case $1D
- MN$ = "PABSW "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;----------------------
- Case $1E
- MN$ = "PABSD "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;----------------------
- Case $20
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVSXBW " ;Vdq, Udq/Mq
- XMM = 2
- EndSelect
- Gv(3, 1)
- ;----------------------
- Case $21
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVSXBD " ;Vdq, Udq/Md
- XMM = 2
- EndSelect
- Gv(2, 1)
- ;----------------------
- Case $22
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVSXBQ " ;Vdq, Udq/Mw
- XMM = 2
- EndSelect
- Gv(1, 1)
- ;----------------------
- Case $23
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVSXWD " ;Vdq, Udq/Mq
- XMM = 2
- EndSelect
- Gv(3, 1)
- ;----------------------
- Case $24
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVSXWQ " ;Vdq, Udq/Md
- XMM = 2
- EndSelect
- Gv(2, 1)
- ;----------------------
- Case $25
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVSXDQ " ;Vdq, Udq/Mq
- XMM = 2
- EndSelect
- Gv(3, 1)
- ;----------------------
- Case $28 To $2B ;Vdq, Wdq
- Select PR
- Case $3636 ;=$66
- Select OP
- Case $28
- MN$ = "PMULDQ "
- Case $29
- MN$ = "PCMPEQQ "
- Case $2A
- MN$ = "MOVNTDQA "
- Case $2B
- MN$ = "PACKUSDW "
- EndSelect
- XMM = 2 : Gv(5, 1)
- EndSelect
- ;----------------------
- Case $30
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVZXBW " ;Vdq, Udq/Mq
- XMM = 2
- EndSelect
- Gv(3, 1)
- ;----------------------
- Case $31
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVZXBD " ;Vdq, Udq/Md
- XMM = 2
- EndSelect
- Gv(2, 1)
- ;----------------------
- Case $32
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVZXBQ " ;Vdq, Udq/Mw
- XMM = 2
- EndSelect
- Gv(1, 1)
- ;----------------------
- Case $33
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVZXWD " ;Vdq, Udq/Mq
- XMM = 2
- EndSelect
- Gv(3, 1)
- ;----------------------
- Case $34
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVZXWQ " ;Vdq, Udq/Md
- XMM = 2
- EndSelect
- Gv(2, 1)
- ;----------------------
- Case $35
- Select PR
- Case $3636 ;=$66
- MN$ = "PMOVZXDQ " ;Vdq, Udq/Mq
- XMM = 2
- EndSelect
- Gv(3, 1)
- ;----------------------
- Case $37 To $41 ;Vdq, Wdq
- Select PR
- Case $3636 ;=$66
- Select OP
- Case $37
- MN$ = "PCMPGTQ "
- Case $38
- MN$ = "PMINSB "
- Case $39
- MN$ = "PMINSD "
- Case $3A
- MN$ = "PMINUW "
- Case $3B
- MN$ = "PMINUD "
- Case $3C
- MN$ = "PMAXSB "
- Case $3D
- MN$ = "PMAXSD "
- Case $3E
- MN$ = "PMAXUW "
- Case $3F
- MN$ = "PMAXUD "
- Case $40
- MN$ = "PMULLD "
- Case $41
- MN$ = "PHMINPOSUW "
- EndSelect
- XMM = 2 : Gv(5, 1)
- EndSelect
- ;----------------------
- Case $80
- Select PR
- Case $3636 ;=$66
- MN$ = "INVEPT " ;Gd/q, Mdq
- XMM = 255 ;prefix!
- If IsProg64
- REX | 8
- EndIf
- Gv(5, 1)
- EndSelect
- ;----------------------
- Case $81
- Select PR
- Case $3636 ;=$66
- MN$ = "INVVPID " ;Gd/q, Mdq
- XMM = 255 ;prefix!
- If IsProg64
- REX | 8
- EndIf
- Gv(5, 1)
- EndSelect
- ;----------------------
- Case $DB
- Select PR
- Case $3636 ;=$66
- MN$ = "AESIMC "
- XMM = 2
- EndSelect
- Gv(5, 1)
- ;----------------------
- Case $DC
- Select PR
- Case $3636 ;=$66
- MN$ = "AESENC "
- XMM = 2
- EndSelect
- Gv(5, 1)
- ;----------------------
- Case $DD
- Select PR
- Case $3636 ;=$66
- MN$ = "AESENCLAST "
- XMM = 2
- EndSelect
- Gv(5, 1)
- ;----------------------
- Case $DE
- Select PR
- Case $3636 ;=$66
- MN$ = "AESDEC "
- XMM = 2
- EndSelect
- Gv(5, 1)
- ;----------------------
- Case $DF
- Select PR
- Case $3636 ;=$66
- MN$ = "AESDECLAST "
- XMM = 2
- EndSelect
- Gv(5, 1)
- ;----------------------
- Case $F0
- Select PR
- Case $3246 ;=$F2
- MN$ = "CRC32 " ;Gd, Eb
- Gv(0, 1)
- Default
- MN$ = "MOVBE " ;Gv, Mv
- Gv(10, 1)
- EndSelect
- ;----------------------
- Case $F1
- Select PR
- Case $3636 ;=$66
- If Mid(OP$, 4, 2) = "F2"
- MN$ = "CRC32 " ;Gd, Ev
- Komma = 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- OP$ = Mid(OP$, 3, Len(OP$) - 3) ;"66" weg
- REXEX = 1
- Register32(OP >> 3, 0)
- OP$ = "66 " + OP$ + " "
- BZ + 1
- MSBytes(OP, 1) ;1=Word
- Else
- MN$ = "MOVBE " ;with 16-Bit-Register
- Ev(10, 1)
- EndIf
- Case $3246 ;=$F2
- MN$ = "CRC32 " ;Gd, Ev
- If REX >= $48
- Gv(3, 1)
- Else
- Gv(2, 1)
- EndIf
- Default
- MN$ = "MOVBE " ;Mv, Gv
- Ev(10, 1)
- EndSelect
- EndSelect
- EndProcedure
- Procedure OP3B3A() ;die ersten 2 Bytes sind $0F $3A (ohne Präfix(e)!)
- PR = PeekW(@OP$) ;anstelle von PR$ = Mid(OP$, 1, 2)
- If PR = $3736 ;$67 wenn 2 Präfixe $67 $66
- PR = PeekW(@OP$ + 3)
- EndIf
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- Select OP
- ;----------------------
- Case $08
- Select PR
- Case $3636 ;=$66
- MN$ = "ROUNDPS " ;Vdq, Wdq, Ib
- XMM = 2 : Adr64 = 1
- EndSelect
- Gv(5, 2)
- Strings(1, 0)
- ;----------------------
- Case $09
- Select PR
- Case $3636 ;=$66
- MN$ = "ROUNDPD " ;Vdq, Wdq, Ib
- XMM = 2 : Adr64 = 1
- EndSelect
- Gv(5, 2)
- Strings(1, 0)
- ;----------------------
- Case $0A
- Select PR
- Case $3636 ;=$66
- MN$ = "ROUNDSS " ;Vss, Wss, Ib
- XMM = 2 : Adr64 = 1
- EndSelect
- Gv(2, 2)
- Strings(1, 0)
- ;----------------------
- Case $0B
- Select PR
- Case $3636 ;=$66
- MN$ = "ROUNDSD " ;Vsd, Wsd, Ib
- XMM = 2 : Adr64 = 1
- EndSelect
- Gv(3, 2)
- Strings(1, 0)
- ;----------------------
- Case $0C
- Select PR
- Case $3636 ;=$66
- MN$ = "BLENDPS " ;Vdq, Wdq, Ib
- XMM = 2 : Adr64 = 1
- EndSelect
- MemAdd64 = 1
- Gv(5, 2)
- Strings(1, 0)
- ;----------------------
- Case $0D
- Select PR
- Case $3636 ;=$66
- MN$ = "BLENDPD " ;Vdq, Wdq, Ib
- XMM = 2 : Adr64 = 1
- EndSelect
- MemAdd64 = 1
- Gv(5, 2)
- Strings(1, 0)
- ;----------------------
- Case $0E
- Select PR
- Case $3636 ;=$66
- MN$ = "PBLENDW " ;Vdq, Wdq, Ib
- XMM = 2 : Adr64 = 1
- EndSelect
- Gv(5, 2)
- Strings(1, 0)
- ;----------------------
- Case $0F
- MN$ = "PALIGNR "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 : Adr64 = 1 ;Vdq, Wdq, Ib
- Default
- XMM = 1 : S = 3 : Adr64 = 1 ;Pq, Qq, Ib
- EndSelect
- Gv(S, 2)
- Strings(1, 0)
- ;----------------------
- Case $14
- XMM = 5 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- MN$ = "PEXTRB " ;Rd/Mb, Vdq, Ib
- If (PeekB(Buffer + BZ) & $FF) < $C0 ;also nicht %11xxxxxx = Register-Register
- S = 0 ;Byte-Variable
- Else
- S = 2 ;32-Bit-Register
- EndIf
- EndSelect
- Ev(S, 2)
- Strings(1, 0)
- ;----------------------
- Case $15
- XMM = 5 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- MN$ = "PEXTRW " ;Rd/Mw, Vdq, Ib
- EndSelect
- Ev(1, 2)
- Strings(1, 0)
- ;----------------------
- Case $16
- XMM = 5 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- If REX & %00001000 ;REX.W
- MN$ = "PEXTRQ "
- S = 3 ;QWord
- Else
- MN$ = "PEXTRD " ;Ed, Vdq, Ib
- S = 2 ;DWord
- EndIf
- EndSelect
- Ev(S, 2)
- Strings(1, 0)
- ;----------------------
- Case $17
- XMM = 5 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- MN$ = "EXTRACTPS " ;Ed, Vdq, Ib
- EndSelect
- Ev(2, 2)
- Strings(1, 0)
- ;----------------------
- Case $20
- XMM = 4 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- MN$ = "PINSRB " ;Vdq, Rd/Mb, Ib
- If (PeekB(Buffer + BZ) & $FF) < $C0 ;also nicht %11xxxxxx = Register-Register
- S = 0 ;Byte-Variable
- Else
- S = 2 ;32-Bit-Register
- EndIf
- EndSelect
- Gv(S, 2)
- Strings(1, 0)
- ;----------------------
- Case $21
- XMM = 2 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- MN$ = "INSERTPS " ;Vdq, Ud/Md, Ib
- EndSelect
- Gv(2, 2)
- Strings(1, 0)
- ;----------------------
- Case $22
- XMM = 4 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- If REX & %00001000
- MN$ = "PINSRQ "
- S = 3
- Else
- MN$ = "PINSRD " ;Vdq, Ed, Ib
- S = 2
- EndIf
- EndSelect
- Gv(S, 2)
- Strings(1, 0)
- ;------------------------
- Case $40
- XMM = 2 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- MN$ = "DPPS " ;Vdq, Wdq, Ib
- EndSelect
- MemAdd64 = 1
- Gv(5, 2)
- Strings(1, 0)
- ;------------------------
- Case $41
- XMM = 2 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- MN$ = "DPPD " ;Vdq, Wdq, Ib
- EndSelect
- MemAdd64 = 1
- Gv(5, 2)
- Strings(1, 0)
- ;------------------------
- Case $42
- XMM = 2 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- MN$ = "MPSADBW " ;Vdq, Wdq, Ib
- EndSelect
- Gv(5, 2)
- Strings(1, 0)
- ;------------------------
- Case $44
- XMM = 2 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- MN$ = "PCLMULQDQ "
- EndSelect
- Gv(5, 2)
- Strings(1, 0)
- IMM$ = "$" + Mid(MN$, Len(MN$) - 1, 2)
- Value = Val(IMM$) & %00010001
- Select Value
- Case %00000000
- MN$ + " ( = PCLMULLQLQDQ )"
- Case %00000001
- MN$ + " ( = PCLMULHQLQDQ )"
- Case %00010000
- MN$ + " ( = PCLMULLQHDQ )" ;hier denkt man, ein Buchstabe fehlt...
- Case %00010001
- MN$ + " ( = PCLMULHQHDQ )"
- EndSelect
- ;------------------------
- Case $60 To $63
- Select PR
- Case $3636 ;=$66
- Select OP
- Case $60
- MN$ = "PCMPESTRM "
- Case $61
- MN$ = "PCMPESTRI "
- Case $62
- MN$ = "PCMPISTRM "
- Case $63
- MN$ = "PCMPISTRI "
- EndSelect
- XMM = 2 : Adr64 = 1
- Gv(5, 2) ;Vdq, Wdq, Ib
- Strings(1, 0)
- EndSelect
- ;------------------------
- Case $DF
- Select PR
- Case $3636 ;=$66
- MN$ = "AESKEYGENASSIST "
- XMM = 2
- EndSelect
- MemAdd64 = 1
- Gv(5, 2)
- Strings(1, 0)
- EndSelect
- EndProcedure
- Procedure Codes_Shift() ;1.Byte ist $0F (ohne Präfix(e)!)
- PR = PeekW(@OP$) ;anstelle von PR$ = Mid(OP$, 1, 2)
- If PR = $3736 ;$67 wenn 2 Präfixe $67 $66
- PR = PeekW(@OP$ + 3)
- EndIf
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- Select OP
- ;------------------------
- Case $00 ;Gruppe 6
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "SLDT " ;Rv, Mw
- If OP < $C0 ;also nicht %11xxxxxx = Register-Register
- MN$ + "word ptr [ " : Adr = 1
- Strings(4, 2)
- Else
- Register32(OP, 0)
- EndIf
- Case 1
- MN$ = "STR " ;Rv, Mw
- If OP < $C0 ;also nicht %11xxxxxx = Register-Register
- MN$ + "word ptr [ " : Adr = 1
- Strings(4, 2)
- Else
- Register32(OP, 0)
- EndIf
- Case 2
- MN$ = "LLDT " ;Ew
- If OP < $C0 ;also nicht %11xxxxxx = Register-Register
- MN$ + "word ptr [ " : Adr = 1
- Strings(4, 2)
- Else
- Register32(OP, 1) ;1=16Bit
- EndIf
- Case 3
- MN$ = "LTR " ;Ew
- If OP < $C0 ;also nicht %11xxxxxx = Register-Register
- MN$ + "word ptr [ " : Adr = 1
- Strings(4, 2)
- Else
- Register32(OP, 1) ;1=16Bit
- EndIf
- Case 4
- MN$ = "VERR " ;Ew
- If OP < $C0 ;also nicht %11xxxxxx = Register-Register
- MN$ + "word ptr [ " : Adr = 1
- Strings(4, 2)
- Else
- Register32(OP, 1) ;1=16Bit
- EndIf
- Case 5
- MN$ = "VERW " ;Ew
- If OP < $C0 ;also nicht %11xxxxxx = Register-Register
- MN$ + "word ptr [ " : Adr = 1
- Strings(4, 2)
- Else
- Register32(OP, 1) ;1=16Bit
- EndIf
- Case 6 To 7
- NoCode = 1
- EndSelect
- ;------------------------
- Case $01 ;Gruppe 7
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- If OP < $C0 ;also nicht %11xxxxxx
- MN$ = "SGDT pword ptr [ " : Adr = 1 ;Ms, pword=6Bytes
- Strings(4, 2)
- Else
- Select OP
- Case $C1 ;hier mal so
- MN$ = "VMCALL " ;Intel
- Case $C2
- MN$ = "VMLAUNCH " ;Intel
- Case $C3
- MN$ = "VMRESUME " ;Intel
- Case $C4
- MN$ = "VMXOFF " ;Intel
- EndSelect
- EndIf
- Case 1
- If OP < $C0 ;also nicht %11xxxxxx
- MN$ = "SIDT pword ptr [ " : Adr = 1 ;Ms, pword=6Bytes
- Strings(4, 2)
- Else
- Select OP
- Case $C8 ;hier mal so
- MN$ = "MONITOR ( = MONITOR EAX , ECX , EDX )"
- Case $C9
- MN$ = "MWAIT ( = MWAIT EAX , ECX )"
- EndSelect
- EndIf
- Case 2
- If OP < $C0 ;also nicht %11xxxxxx
- MN$ = "LGDT pword ptr [ " : Adr = 1 ;Ms, pword=6Bytes
- Strings(4, 2)
- Else
- Select OP
- Case $D0 ;hier mal so
- MN$ = "XGETBV "
- Case $D1
- MN$ = "XSETBV "
- EndSelect
- EndIf
- Case 3
- If OP < $C0 ;also nicht %11xxxxxx
- MN$ = "LIDT pword ptr [ " : Adr = 1 ;Ms
- Strings(4, 2)
- Else
- Select OP
- Case $D8
- MN$ = "VMRUN " ;AMD SVM-Instruction
- If IsProg64
- MN$ + "RAX"
- Else
- MN$ + "EAX"
- EndIf
- Case $D9
- MN$ = "VMMCALL " ;AMD SVM-Instruction
- Case $DA
- MN$ = "VMLOAD " ;AMD SVM-Instruction
- If IsProg64
- MN$ + "RAX"
- Else
- MN$ + "EAX"
- EndIf
- Case $DB
- MN$ = "VMSAVE " ;AMD SVM-Instruction
- If IsProg64
- MN$ + "RAX"
- Else
- MN$ + "EAX"
- EndIf
- Case $DC
- MN$ = "STGI " ;AMD SVM-Instruction
- Case $DD
- MN$ = "CLGI " ;AMD SVM-Instruction
- Case $DE
- MN$ = "SKINIT EAX" ;AMD SVM-Instruction
- Case $DF
- MN$ = "INVLPGA " ;AMD SVM-Instruction
- If IsProg64
- MN$ + "RAX , ECX"
- Else
- MN$ + "EAX , ECX"
- EndIf
- EndSelect
- EndIf
- Case 4
- MN$ = "SMSW " ;Mw, Rv
- If OP < $C0 ;also nicht %11xxxxxx = Register-Register
- MN$ + "word ptr [ " : Adr = 1
- Strings(4, 2)
- Else
- Register32(OP, 0)
- EndIf
- Case 5
- NoCode = 1
- Case 6
- MN$ = "LMSW " ;Ew
- If OP < $C0 ;also nicht %11xxxxxx = Register-Register
- MN$ + "word ptr [ " : Adr = 1
- Strings(4, 2)
- Else
- Register32(OP, 1) ;1=16Bit
- EndIf
- Case 7
- If OP < $C0 ;also nicht %11xxxxxx
- MN$ = "INVLPG byte ptr [ " : Adr = 1 ;Mb
- Strings(4, 2)
- Else
- Select OP
- Case $F8
- If IsProg64
- MN$ = "SWAPGS "
- Else
- NoCode = 1
- EndIf
- Case $F9
- MN$ = "RDTSCP "
- EndSelect
- EndIf
- EndSelect
- ;------------------------
- Case $02
- MN$ = "LAR " ;Gv, Ew
- Gv(1, 1)
- ;------------------------
- Case $03
- MN$ = "LSL " ;Gv, Ew
- Gv(1, 1)
- ;------------------------
- Case $04
- NoCode = 1
- ;------------------------
- Case $05
- MN$ = "SYSCALL "
- ;------------------------
- Case $06
- MN$ = "CLTS "
- ;------------------------
- Case $07
- MN$ = "SYSRET "
- If REX
- MN$ + " ( = SYSRETQ )"
- EndIf
- ;------------------------
- Case $08
- MN$ = "INVD "
- ;------------------------
- Case $09
- MN$ = "WBINVD "
- ;------------------------
- Case $0A
- NoCode = 1
- ;------------------------
- Case $0B
- MN$ = "UD2 "
- ;------------------------
- Case $0C
- NoCode = 1
- ;------------------------
- Case $0D ;AMD 3DNow!
- MN$ = "PREFETCH / PREFETCHW byte ptr [ " : Adr = 1 ;M8
- Strings(4, 2)
- MN$ + " (3DNow!)"
- ;------------------------
- Case $0E ;AMD 3DNow!
- MN$ = "FEMMS (3DNow!)"
- ;------------------------
- Case $0F ;AMD 3DNow!
- MN$ = ""
- XMM = 1
- Gv(3, 1)
- MNH$ = MN$
- SUF = PeekB(Buffer + BZ) & $FF ;Suffix
- OP$ + RSet(Hex(SUF), 2, "0")
- BZ + 1
- AMD$ = " (3DNow!)"
- DSP$ = " (3DNow! / DSP)"
- Select SUF
- Case $0C
- MN$ = "PI2FW " + MNH$ + DSP$
- Case $0D
- MN$ = "PI2FD " + MNH$ + AMD$
- Case $1C
- MN$ = "PF2IW " + MNH$ + DSP$
- Case $1D
- MN$ = "PF2ID " + MNH$ + AMD$
- Case $8A
- MN$ = "PFNACC " + MNH$ + DSP$
- Case $8E
- MN$ = "PFPNACC " + MNH$ + DSP$
- Case $90
- MN$ = "PFCMPGE " + MNH$ + AMD$
- Case $94
- MN$ = "PFMIN " + MNH$ + AMD$
- Case $96
- MN$ = "PFRCP " + MNH$ + AMD$
- Case $97
- MN$ = "PFRSQRT " + MNH$ + AMD$
- Case $9A
- MN$ = "PFSUB " + MNH$ + AMD$
- Case $9E
- MN$ = "PFADD " + MNH$ + AMD$
- Case $A0
- MN$ = "PFCMPGT " + MNH$ + AMD$
- Case $A4
- MN$ = "PFMAX " + MNH$ + AMD$
- Case $A6
- MN$ = "PFRCPIT1 " + MNH$ + AMD$
- Case $A7
- MN$ = "PFRSQIT1 " + MNH$ + AMD$
- Case $AA
- MN$ = "PFSUBR " + MNH$ + AMD$
- Case $AE
- MN$ = "PFACC " + MNH$ + AMD$
- Case $B0
- MN$ = "PFCMPEQ " + MNH$ + AMD$
- Case $B4
- MN$ = "PFMUL " + MNH$ + AMD$
- Case $B6
- MN$ = "PFRCPIT2 " + MNH$ + AMD$
- Case $B7
- MN$ = "PMULHRW " + MNH$ + AMD$
- Case $BB
- MN$ = "PSWAPD " + MNH$ + DSP$
- Case $BF
- MN$ = "PAVGUSB " + MNH$ + AMD$
- EndSelect
- ;------------------------
- Case $10
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVUPD " : S = 5 ;Vpd, Wpd
- Case $3246 ;=$F2
- MN$ = "MOVSD " : S = 3 ;Vsd, Wsd
- Case $3346 ;=$F3
- MN$ = "MOVSS " : S = 2 ;Vss, Wss
- Default
- MN$ = "MOVUPS " : S = 5 ;Vps, Wps
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $11
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVUPD " : S = 5 ;Wpd, Vpd
- Case $3246 ;=$F2
- MN$ = "MOVSD " : S = 3 ;Wsd, Vsd
- Case $3346 ;=$F3
- MN$ = "MOVSS " : S = 2 ;Wss, Vss
- Default
- MN$ = "MOVUPS " : S = 5 ;Wps, Vps
- EndSelect
- Ev(S, 1)
- ;------------------------
- Case $12
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVLPD " : S = 3 ;Vq, Mq
- Case $3246 ;=$F2
- MN$ = "MOVDDUP " : S = 3 ;Vq, Wq
- Case $3346 ;=$F3
- MN$ = "MOVSLDUP " : S = 3 ;Vq, Wq
- Default
- MN$ = "MOVLPS " : S = 3 ;Vq, Mq
- If (PeekB(Buffer + BZ) & $FF) < $C0 ;also nicht %11xxxxxx
- MN$ = "MOVLPS " : S = 3 ;Vq, Mq
- Else ;Register-Register
- MN$ = "MOVHLPS " : S = 3 ;Vq, Uq S=3 wegen Kompatibilität lassen!
- EndIf
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $13
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVLPD " ;Mq, Vq
- Default
- MN$ = "MOVLPS " ;Mq, Vq
- EndSelect
- Ev(3, 1)
- ;----------------------
- Case $14
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "UNPCKLPD " ;Vpd, Wq
- Default
- MN$ = "UNPCKLPS " ;Vps, Wq
- EndSelect
- Gv(5, 1) ;5=DQWord
- ;----------------------
- Case $15
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "UNPCKHPD " ;Vpd, Wq
- Default
- MN$ = "UNPCKHPS " ;Vps, Wq
- EndSelect
- Gv(5, 1) ;5=DQWord
- ;------------------------
- Case $16
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVHPD " ;Vq, Mq
- Case $3346 ;=$F3
- MN$ = "MOVSHDUP " ;Vq, Wq
- Default
- MN$ = "MOVLPS " ;Vq, Mq
- If (PeekB(Buffer + BZ) & $FF) < $C0 ;also nicht %11xxxxxx
- MN$ = "MOVHPS " ;Vq, Mq
- Else ;Register-Register
- MN$ = "MOVLHPS " ;Vq, Uq
- EndIf
- EndSelect
- Gv(3, 1) ;3=QWord
- ;----------------------
- Case $17
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVHPD " ;Mq, Vq
- Default
- MN$ = "MOVHPS " ;Mq, Vq
- EndSelect
- Ev(3, 1) ;3=QWord
- ;------------------------
- Case $18 ;PREFETCH, Gruppe 16
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "PREFETCHNTA byte ptr [ " : Adr = 1 ;M8
- Strings(4, 2)
- Case 1
- MN$ = "PREFETCHT0 byte ptr [ " : Adr = 1 ;M8
- Strings(4, 2)
- Case 2
- MN$ = "PREFETCHT1 byte ptr [ " : Adr = 1 ;M8
- Strings(4, 2)
- Case 3
- MN$ = "PREFETCHT2 byte ptr [ " : Adr = 1 ;M8
- Strings(4, 2)
- Case 4 To 7
- NoCode = 1
- EndSelect
- ;------------------------
- Case $19 To $1E
- NoCode = 1
- ;------------------------
- Case $1F
- MN$ = "NOP " ;nicht ganz sicher
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- If REX
- VAR2=3
- Else
- VAR2=2
- EndIf
- MSBytes(OP, VAR2)
- ;------------------------
- Case $20 ;Rd, Cd Control-Register in General-Register
- MN$ = "MOV "
- Komma = 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- If IsProg64 ;REX.W is ignored!
- If REX ;REX.W in FAsm not in opcode!
- REX & %01000001
- REX + 8
- Else
- REX = $48 ;set REX.W
- EndIf
- EndIf
- Register32(OP, 0)
- RegisterCR(OP >> 3)
- ;------------------------
- Case $21 ;Rd, Dd Debug-Register in General-Register
- MN$ = "MOV "
- Komma = 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- If IsProg64 ;REX.W is ignored!
- If REX ;REX.W in FAsm not in opcode!
- REX & %01000001
- REX + 8
- Else
- REX = $48 ;set REX.W
- EndIf
- EndIf
- Register32(OP, 0)
- RegisterDR(OP >> 3)
- ;------------------------
- Case $22 ;Cd, Rd General-Register in Control-Register
- MN$ = "MOV "
- Komma = 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- If IsProg64 ;REX.W is ignored!
- If REX ;REX.W in FAsm not in opcode!
- REX & %01000001
- REX + 8
- Else
- REX = $48 ;set REX.W
- EndIf
- EndIf
- RegisterCR(OP >> 3)
- Register32(OP, 0)
- ;------------------------
- Case $23 ;Dd, Rd General-Register in Debug-Register
- MN$ = "MOV "
- Komma = 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- If IsProg64 ;REX.W is ignored!
- If REX ;REX.W in FAsm not in opcode!
- REX & %01000001
- REX + 8
- Else
- REX = $48 ;set REX.W
- EndIf
- EndIf
- RegisterDR(OP >> 3)
- Register32(OP, 0)
- ;------------------------
- Case $24 To $27
- NoCode = 1
- ;------------------------
- Case $28
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVAPD " ;Vpd, Wpd
- Default
- MN$ = "MOVAPS " ;Vps, Wps
- EndSelect
- Gv(5, 1) ;5=DQWord
- ;------------------------
- Case $29
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVAPD " ;Wpd, Vpd
- Default
- MN$ = "MOVAPS " ;Wps, Vps
- EndSelect
- Ev(5, 1) ;5=DQWord
- ;------------------------
- Case $2A
- Select PR
- Case $3636 ;=$66
- MN$ = "CVTPI2PD " : S = 3 ;Vpd, Qpi 3=QWord
- XMM = 7
- Case $3246 ;=$F2
- MN$ = "CVTSI2SD " ;Vsd, Ed/q
- XMM = 4
- If REX & %00001000
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- Case $3346 ;=$F3
- MN$ = "CVTSI2SS " ;Vss, Ed/q
- XMM = 4
- If REX & %00001000
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- Default
- MN$ = "CVTPI2PS " : S = 3 ;Vps, Qpi 3=QWord
- XMM = 7
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $2B
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVNTPD "
- S = 5 ;5=DQWord
- Case $3246 ;=$F2
- MN$ = "MOVNTSD " ;AMD SSE4a
- S = 3 ;3=QWord
- Case $3346 ;=$F3
- MN$ = "MOVNTSS " ;AMD SSE4a
- S = 2 ;2=DWord
- Default
- MN$ = "MOVNTPS "
- S = 5 ;5=DQWord
- EndSelect
- Ev(S, 1)
- ;------------------------
- Case $2C
- Select PR
- Case $3636 ;=$66
- MN$ = "CVTTPD2PI " : S = 5 ;Ppi, Wpd 5=DQWord
- XMM = 8
- Case $3246 ;=$F2
- MN$ = "CVTTSD2SI " : S = 3 ;Gd/q, Wsd 3=QWord
- XMM = 5
- Case $3346 ;=$F3
- MN$ = "CVTTSS2SI " : S = 2 ;Gd/q, Wss 2=DWord
- XMM = 5
- Default
- MN$ = "CVTTPS2PI " : S = 3 ;Ppi, Wps 3=QWord
- XMM = 8
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $2D
- Select PR
- Case $3636 ;=$66
- MN$ = "CVTPD2PI " : S = 5 ;Qpi, Wpd 5=DQWord
- XMM = 8
- Case $3246 ;=$F2
- MN$ = "CVTSD2SI " : S = 3 ;Gd/q, Wsd 3=QWord
- XMM = 5
- Case $3346 ;=$F3
- MN$ = "CVTSS2SI " : S = 2 ;Gd/q, Wss 2=DWord
- XMM = 5
- Default
- MN$ = "CVTPS2PI " : S = 3 ;Ppi, Wps 3=QWord
- XMM = 8
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $2E
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "UCOMISD " : S = 3 ;Vsd, Wsd 3=QWord
- Default
- MN$ = "UCOMISS " : S = 2 ;Vss, Wss 2=DWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $2F
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "COMISD " : S = 3 ;Vsd, Wsd 3=QWord
- Default
- MN$ = "COMISS " : S = 2 ;Vss, Wss 2=DWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $30
- MN$ = "WRMSR "
- If REX
- MN$ + " ( = WRMSRQ )"
- EndIf
- ;------------------------
- Case $31
- MN$ = "RDTSC "
- ;------------------------
- Case $32
- MN$ = "RDMSR "
- If REX
- MN$ + " ( = RDMSRQ )"
- EndIf
- ;------------------------
- Case $33
- MN$ = "RDPMC "
- ;------------------------
- Case $34
- MN$ = "SYSENTER "
- ;------------------------
- Case $35
- MN$ = "SYSEXIT "
- If REX
- MN$ + " ( = SYSEXITQ )"
- EndIf
- ;------------------------
- Case $36
- NoCode = 1
- ;------------------------
- Case $37
- MN$ = "GETSEC "
- ;------------------------
- Case $38 ;3-Byte-Opcodes
- OP3B38()
- ;------------------------
- Case $39
- NoCode = 1
- ;------------------------
- Case $3A ;3-Byte-Opcodes
- OP3B3A()
- ;------------------------
- Case $3B To $3F
- NoCode = 1
- ;------------------------
- Case $40 ;Gv, Ev
- MN$ = "CMOVO "
- Gv(10, 1)
- ;------------------------
- Case $41 ;Gv, Ev
- MN$ = "CMOVNO "
- Gv(10, 1)
- ;------------------------
- Case $42 ;Gv, Ev
- MN$ = "CMOVB " ;identisch mit CMOVC und CMOVNAE
- Gv(10, 1)
- MN$ + " ( = CMOVC = CMOVNAE )"
- ;------------------------
- Case $43 ;Gv, Ev
- MN$ = "CMOVNB " ;identisch mit CMOVNC und CMOVAE
- Gv(10, 1)
- MN$ + " ( = CMOVNC = CMOVAE )"
- ;------------------------
- Case $44 ;Gv, Ev
- MN$ = "CMOVE " ;identisch mit CMOVZ
- Gv(10, 1)
- MN$ + " ( = CMOVZ )"
- ;------------------------
- Case $45 ;Gv, Ev
- MN$ = "CMOVNE " ;identisch mit CMOVNZ
- Gv(10, 1)
- MN$ + " ( = CMOVNZ )"
- ;------------------------
- Case $46 ;Gv, Ev
- MN$ = "CMOVBE " ;identisch mit CMOVNA
- Gv(10, 1)
- MN$ + " ( = CMOVNA )"
- ;------------------------
- Case $47 ;Gv, Ev
- MN$ = "CMOVA " ;identisch mit CMOVNBE
- Gv(10, 1)
- MN$ + " ( = CMOVNBE )"
- ;------------------------
- Case $48 ;Gv, Ev
- MN$ = "CMOVS "
- Gv(10, 1)
- ;------------------------
- Case $49 ;Gv, Ev
- MN$ = "CMOVNS "
- Gv(10, 1)
- ;------------------------
- Case $4A ;Gv, Ev
- MN$ = "CMOVP " ;identisch mit CMOVPE
- Gv(10, 1)
- MN$ + " ( = CMOVPE )"
- ;------------------------
- Case $4B ;Gv, Ev
- MN$ = "CMOVNP " ;identisch mit CMOVPO
- Gv(10, 1)
- MN$ + " ( = CMOVPO )"
- ;------------------------
- Case $4C ;Gv, Ev
- MN$ = "CMOVL " ;identisch mit CMOVNGE
- Gv(10, 1)
- MN$ + " ( = CMOVNGE )"
- ;------------------------
- Case $4D ;Gv, Ev
- MN$ = "CMOVGE " ;identisch mit CMOVNL
- Gv(10, 1)
- MN$ + " ( = CMOVNL )"
- ;------------------------
- Case $4E ;Gv, Ev
- MN$ = "CMOVLE " ;identisch mit CMOVNG
- Gv(10, 1)
- MN$ + " ( = CMOVNG) "
- ;------------------------
- Case $4F ;Gv, Ev
- MN$ = "CMOVG " ;identisch mit CMOVNLE
- Gv(10, 1)
- MN$ + " ( = CMOVNLE )"
- ;------------------------
- Case $50
- XMM = 5
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVMSKPD " ;Gd/q, Upd
- Default
- MN$ = "MOVMSKPS " ;Gd/q, Ups
- EndSelect
- Gv(2, 1) ;5=DQWord
- ;------------------------
- Case $51
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "SQRTPD " : S = 5 ;Vpd, Wpd 5=DQWord
- Case $3246 ;=$F2
- MN$ = "SQRTSD " : S = 3 ;Vsd, Wsd 3=QWord
- Case $3346 ;=$F3
- MN$ = "SQRTSS " : S = 2 ;Vss, Wss 2=DWord
- Default
- MN$ = "SQRTPS " : S = 5 ;Vps, Wps 5=DQWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $52
- XMM = 2
- Select PR
- Case $3346 ;=$F3
- MN$ = "RSQRTSS " : S = 2 ;Vss, Wss ;2=DWord
- Default
- MN$ = "RSQRTPS " : S = 5 ;Vps, Wps ;5=DQWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $53
- XMM = 2
- Select PR
- Case $3346 ;=$F3
- MN$ = "RCPSS " : S = 2 ;Vss, Wss ;2=DWord
- Default
- MN$ = "RCPPS " : S = 5 ;Vps, Wps ;5=DQWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $54
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "ANDPD " ;Vpd, Wpd
- Default
- MN$ = "ANDPS " ;Vps, Wps
- EndSelect
- Gv(5, 1) ;5=DQWord
- ;------------------------
- Case $55
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "ANDNPD " ;Vpd, Wpd
- Default
- MN$ = "ANDNPS " ;Vps, Wps
- EndSelect
- Gv(5, 1) ;5=DQWord
- ;------------------------
- Case $56
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "ORPD " ;Vpd, Wpd
- Default
- MN$ = "ORPS " ;Vps, Wps
- EndSelect
- Gv(5, 1) ;5=DQWord
- ;------------------------
- Case $57
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "XORPD " ;Vpd, Wpd
- Default
- MN$ = "XORPS " ;Vps, Wps
- EndSelect
- Gv(5, 1) ;5=DQWord
- ;------------------------
- Case $58
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "ADDPD " : S = 5 ;Vpd, Wpd 5=DQWord
- Case $3246 ;=$F2
- MN$ = "ADDSD " : S = 3 ;Vsd, Wsd 3=QWord
- Case $3346 ;=$F3
- MN$ = "ADDSS " : S = 2 ;Vss, Wss 2=DWord
- Default
- MN$ = "ADDPS " : S = 5 ;Vps, Wps 5=DQWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $59
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MULPD " : S = 5 ;Vpd, Wpd 5=DQWord
- Case $3246 ;=$F2
- MN$ = "MULSD " : S = 3 ;Vsd, Wsd 3=QWord
- Case $3346 ;=$F3
- MN$ = "MULSS " : S = 2 ;Vss, Wss 2=DWord
- Default
- MN$ = "MULPS " : S = 5 ;Vps, Wps 5=DQWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $5A
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "CVTPD2PS " : S = 5 ;Vps, Wpd 5=DQWord
- Case $3246 ;=$F2
- MN$ = "CVTSD2SS " : S = 3 ;Vsd, Wsd 3=QWord
- Case $3346 ;=$F3
- MN$ = "CVTSS2SD " : S = 2 ;Vsd, Wss 2=DWord
- Default
- MN$ = "CVTPS2PD " : S = 3 ;Vpd, Wps 3=QWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $5B
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "CVTPS2DQ " ;Vdq, Wps
- Case $3346 ;=$F3
- MN$ = "CVTTPS2DQ " ;Vdq, Wps
- Default
- MN$ = "CVTDQ2PS " ;Vps, Wdq
- EndSelect
- Gv(5, 1) ;5=DQWord
- ;------------------------
- Case $5C
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "SUBPD " : S = 5 ;Vpd, Wpd 5=DQWord
- Case $3246 ;=$F2
- MN$ = "SUBSD " : S = 3 ;Vsd, Wsd 3=QWord
- Case $3346 ;=$F3
- MN$ = "SUBSS " : S = 2 ;Vss, Wss 2=DWord
- Default
- MN$ = "SUBPS " : S = 5 ;Vps, Wps 5=DQWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $5D
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MINPD " : S = 5 ;Vpd, Wpd 5=DQWord
- Case $3246 ;=$F2
- MN$ = "MINSD " : S = 3 ;Vsd, Wsd 3=QWord
- Case $3346 ;=$F3
- MN$ = "MINSS " : S = 2 ;Vss, Wss 2=DWord
- Default
- MN$ = "MINPS " : S = 5 ;Vps, Wps 5=DQWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $5E
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "DIVPD " : S = 5 ;Vpd, Wpd 5=DQWord
- Case $3246 ;=$F2
- MN$ = "DIVSD " : S = 3 ;Vsd, Wsd 3=QWord
- Case $3346 ;=$F3
- MN$ = "DIVSS " : S = 2 ;Vss, Wss 2=DWord
- Default
- MN$ = "DIVPS " : S = 5 ;Vps, Wps 5=DQWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $5F
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MAXPD " : S = 5 ;Vpd, Wpd 5=DQWord
- Case $3246 ;=$F2
- MN$ = "MAXSD " : S = 3 ;Vsd, Wsd 3=QWord
- Case $3346 ;=$F3
- MN$ = "MAXSS " : S = 2 ;Vss, Wss 2=DWord
- Default
- MN$ = "MAXPS " : S = 5 ;Vps, Wps 5=DQWord
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $60 To $6B
- Select OP
- Case $60
- MN$ = "PUNPCKLBW "
- Case $61
- MN$ = "PUNPCKLWD "
- Case $62
- MN$ = "PUNPCKLDQ "
- Case $63
- MN$ = "PACKSSWB "
- Case $64
- MN$ = "PCMPGTB "
- Case $65
- MN$ = "PCMPGTW "
- Case $66
- MN$ = "PCMPGTD "
- Case $67
- MN$ = "PACKUSWB "
- Case $68
- MN$ = "PUNPCKHBW "
- Case $69
- MN$ = "PUNPCKHWD "
- Case $6A
- MN$ = "PUNPCKHDQ "
- Case $6B
- MN$ = "PACKSSDW "
- EndSelect
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq <- Fehler in Intel-Doku, nicht Qd
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $6C
- MN$ = "PUNPCKLQDQ "
- Select PR
- Case $3636 ;=$66
- XMM = 2 ;Vdq, Wdq
- EndSelect
- Gv(5, 1)
- ;------------------------
- Case $6D
- MN$ = "PUNPCKHQDQ "
- Select PR
- Case $3636 ;=$66
- XMM = 2 ;Vdq, Wdq
- EndSelect
- Gv(5, 1)
- ;------------------------
- Case $6E
- MN$ = "MOVD "
- Select PR
- Case $3636 ;=$66
- XMM = 4 ;4=XMM-Register und nachfolgendes 32-Bit-Register
- Default
- XMM = 3 ;3=MMX-Register und nachfolgendes 32-Bit-Register
- EndSelect
- Gv(2, 1)
- ;------------------------
- Case $6F
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVDQA " : S = 5 ;Vdq, Wdq
- Case $3346 ;=$F3
- MN$ = "MOVDQU " : S = 5 ;Vdq, Wdq
- Default
- MN$ = "MOVQ " : S = 3 ;Pq, Qq
- XMM = 1 ;MMX!
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $70
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "PSHUFD " : S = 5 ;Vdq, Wdq, Ib
- Case $3246 ;=$F2
- MN$ = "PSHUFLW " : S = 5 ;Vdq, Wdq, Ib
- Case $3346 ;=$F3
- MN$ = "PSHUFHW " : S = 5 ;Vdq, Wdq, Ib
- Default
- MN$ = "PSHUFW " : S = 3 ;Pq, Qq, Ib
- XMM = 1
- EndSelect
- Adr64 = 1
- Gv(S, 2)
- Strings(1, 0)
- ;------------------------
- Case $71 ;Gruppe 12
- Komma = 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0 To 1
- NoCode = 1
- Case 2
- If OP >= $C0 ;also %11xxxxxx = Register-Register
- MN$ = "PSRLW "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Udq, Ib
- Default
- XMM = 1 : S = 3 ;Nq, Ib
- EndSelect
- Adr64 = 1
- Register32(OP, 0)
- Strings(1, 0)
- EndIf
- Case 3
- NoCode = 1
- Case 4
- If OP >= $C0 ;also %11xxxxxx = Register-Register
- MN$ = "PSRAW "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Udq, Ib
- Default
- XMM = 1 : S = 3 ;Nq, Ib
- EndSelect
- Adr64 = 1
- Register32(OP, 0)
- Strings(1, 0)
- EndIf
- Case 5
- NoCode = 1
- Case 6
- If OP >= $C0 ;also %11xxxxxx = Register-Register
- MN$ = "PSLLW "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Udq, Ib
- Default
- XMM = 1 : S = 3 ;Nq, Ib
- EndSelect
- Adr64 = 1
- Register32(OP, 0)
- Strings(1, 0)
- EndIf
- Case 7
- NoCode = 1
- EndSelect
- ;------------------------
- Case $72 ;Gruppe 13
- Komma = 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0 To 1
- NoCode = 1
- Case 2
- If OP >= $C0 ;also %11xxxxxx = Register-Register
- MN$ = "PSRLD "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Udq, Ib
- Default
- XMM = 1 : S = 3 ;Nq, Ib
- EndSelect
- Adr64 = 1
- Register32(OP, 0)
- Strings(1, 0)
- EndIf
- Case 3
- NoCode = 1
- Case 4
- If OP >= $C0 ;also %11xxxxxx = Register-Register
- MN$ = "PSRAD "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Udq, Ib
- Default
- XMM = 1 : S = 3 ;Nq, Ib
- EndSelect
- Adr64 = 1
- Register32(OP, 0)
- Strings(1, 0)
- EndIf
- Case 5
- NoCode = 1
- Case 6
- If OP >= $C0 ;also %11xxxxxx = Register-Register
- MN$ = "PSLLD "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Udq, Ib
- Default
- XMM = 1 : S = 3 ;Nq, Ib
- EndSelect
- Adr64 = 1
- Register32(OP, 0)
- Strings(1, 0)
- EndIf
- Case 7
- NoCode = 1
- EndSelect
- ;------------------------
- Case $73 ;Gruppe 14
- Komma = 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0 To 1
- NoCode = 1
- Case 2
- If OP >= $C0 ;also %11xxxxxx = Register-Register
- MN$ = "PSRLQ "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Udq, Ib
- Default
- XMM = 1 : S = 3 ;Nq, Ib
- EndSelect
- Adr64 = 1
- Register32(OP, 0)
- Strings(1, 0)
- EndIf
- Case 3
- If OP >= $C0 ;also %11xxxxxx = Register-Register
- Select PR
- Case $3636 ;=$66
- MN$ = "PSRLDQ "
- XMM = 2 : S = 5 ;Udq, Ib
- EndSelect
- Adr64 = 1
- Register32(OP, 0)
- Strings(1, 0)
- EndIf
- Case 4 To 5
- NoCode = 1
- Case 6
- If OP >= $C0 ;also %11xxxxxx = Register-Register
- MN$ = "PSLLQ "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Udq, Ib
- Default
- XMM = 1 : S = 3 ;Nq, Ib
- EndSelect
- Adr64 = 1
- Register32(OP, 0)
- Strings(1, 0)
- EndIf
- Case 7
- If OP >= $C0 ;also %11xxxxxx = Register-Register
- Select PR
- Case $3636 ;=$66
- MN$ = "PSLLDQ "
- XMM = 2 : S = 5 ;Udq, Ib
- EndSelect
- Adr64 = 1
- Register32(OP, 0)
- Strings(1, 0)
- EndIf
- EndSelect
- ;------------------------
- Case $74
- MN$ = "PCMPEQB "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $75
- MN$ = "PCMPEQW "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $76
- MN$ = "PCMPEQD "
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $77
- MN$ = "EMMS "
- ;------------------------
- Case $78
- Select PR
- Case $3636 ;=$66
- MN$ = "EXTRQ " ;AMD SSE4a
- XMM = 2 ;hier mal so für Register32()
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- VAR1 = (OP >> 3) & %00000111
- If REX
- VAR1 | (REX & %00000100) << 1 ;REX.R
- EndIf
- IsvonMSBytes = 1
- Register32(VAR1, 0)
- MN$ + " , "
- Strings(1, 0) ;1-Byte-Konstante
- MN$ + " , "
- Strings(1, 0) ;1-Byte-Konstante
- Case $3246 ;=$F2
- MN$ = "INSERTQ " ;AMD SSE4a
- XMM = 2
- Gv(5, 1)
- MN$ + " , "
- Strings(1, 0) ;1-Byte-Konstante
- MN$ + " , "
- Strings(1, 0) ;1-Byte-Konstante
- Default
- MN$ = "VMREAD " ;Ed, Gd
- If IsProg64
- REX | 8
- Ev(10, 1)
- Else
- Ev(2, 1)
- EndIf
- EndSelect
- ;------------------------
- Case $79
- Select PR
- Case $3636 ;=$66
- MN$ = "EXTRQ " ;AMD SSE4a
- XMM = 2
- Gv(5, 1)
- Case $3246 ;=$F2
- MN$ = "INSERTQ " ;AMD SSE4a
- XMM = 2
- Gv(5, 1)
- Default
- MN$ = "VMWRITE " ;Gd, Ed
- If IsProg64
- REX | 8
- Gv(3, 1)
- Else
- Gv(2, 1)
- EndIf
- EndSelect
- ;------------------------
- Case $7A To $7B
- NoCode = 1
- ;------------------------
- Case $7C
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "HADDPD " ;Vpd, Wpd
- Case $3246 ;=$F2
- MN$ = "HADDPS " ;Vps, Wps
- EndSelect
- Gv(5, 1) ;5=DQWord
- ;------------------------
- Case $7D
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "HSUBPD " ;Vpd, Wpd
- Case $3246 ;=$F2
- MN$ = "HSUBPS " ;Vps, Wps
- EndSelect
- Gv(5, 1) ;5=DQWord
- ;------------------------
- Case $7E
- MN$ = "MOVD "
- Select PR
- Case $3636 ;=$66
- XMM = 5 ;5=32-Bit-Register/Mem - XMM-Register
- Ev(2, 1)
- Case $3346 ;=$F3
- MN$ = "MOVQ " ;Vq, Wq
- XMM = 2
- Gv(3, 1)
- Default
- XMM = 6 ;6=32-Bit-Register/Mem - MMX-Register
- Ev(2, 1)
- EndSelect
- ;------------------------
- Case $7F
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVDQA " : S = 5 ;Wdq, Vdq
- Case $3346 ;=$F3
- MN$ = "MOVDQU " : S = 5 ;Wdq, Vdq
- Default
- MN$ = "MOVQ " : S = 3 ;Qq, Pq
- XMM = 1 ;MMX!
- EndSelect
- Ev(S, 1)
- ;------------------------
- Case $80
- MN$ = "JO " ;long
- Sprung_near_long()
- MN$ + " ( long )"
- ;------------------------
- Case $81
- MN$ = "JNO " ;long
- Sprung_near_long()
- MN$ + " ( long )"
- ;------------------------
- Case $82
- MN$ = "JC " ;long, identisch mit JB und JNAE
- Sprung_near_long()
- MN$ + " ( long ) ( = JB = JNAE )"
- ;------------------------
- Case $83
- MN$ = "JNC " ;long, identisch mit JNB und JAE
- Sprung_near_long()
- MN$ + " ( long ) ( = JNB = JAE )"
- ;------------------------
- Case $84
- MN$ = "JE " ;long, identisch mit JZ
- Sprung_near_long()
- MN$ + " ( long ) ( = JZ ) "
- ;------------------------
- Case $85
- MN$ = "JNE " ;long, identisch mit JNZ
- Sprung_near_long()
- MN$ + " ( long ) ( = JNZ )"
- ;------------------------
- Case $86
- MN$ = "JBE " ;long, identisch mit JNA
- Sprung_near_long()
- MN$ + " ( long ) ( = JNA )"
- ;------------------------
- Case $87
- MN$ = "JA " ;long, identisch mit JNBE
- Sprung_near_long()
- MN$ + " ( long ) ( = JNBE )"
- ;------------------------
- Case $88
- MN$ = "JS " ;long
- Sprung_near_long()
- MN$ + " ( long )"
- ;------------------------
- Case $89
- MN$ = "JNS " ;long
- Sprung_near_long()
- MN$ + " ( long )"
- ;------------------------
- Case $8A
- MN$ = "JP " ;long, identisch mit JPE
- Sprung_near_long()
- MN$ + " ( long ) ( = JPE )"
- ;------------------------
- Case $8B
- MN$ = "JNP " ;long, identisch mit JPO
- Sprung_near_long()
- MN$ + " ( long ) ( = JPO )"
- ;------------------------
- Case $8C
- MN$ = "JL " ;long, identisch mit JNGE
- Sprung_near_long()
- MN$ + " ( long ) ( = JNGE )"
- ;------------------------
- Case $8D
- MN$ = "JGE " ;long, identisch mit JNL
- Sprung_near_long()
- MN$ + " ( long ) ( = JNL ) "
- ;------------------------
- Case $8E
- MN$ = "JLE " ;long, identisch mit JNG
- Sprung_near_long()
- MN$ + " ( long ) ( = JNG )"
- ;------------------------
- Case $8F
- MN$ = "JG " ;long, identisch mit JNLE
- Sprung_near_long()
- MN$ + " ( long ) ( = JNLE )"
- ;------------------------
- Case $90 ;Eb
- MN$ = "SETO "
- Eb(0)
- ;------------------------
- Case $91 ;Eb
- MN$ = "SETNO "
- Eb(0)
- ;------------------------
- Case $92 ;Eb
- MN$ = "SETC "
- Eb(0)
- MN$ + " ( = SETB = SETNAE )"
- ;------------------------
- Case $93 ;Eb
- MN$ = "SETNC "
- Eb(0)
- MN$ + " ( = SETNB = SETAE )"
- ;------------------------
- Case $94 ;Eb
- MN$ = "SETE "
- Eb(0)
- MN$ + " ( = SETZ )"
- ;------------------------
- Case $95 ;Eb
- MN$ = "SETNE "
- Eb(0)
- MN$ + " ( = SETNZ )"
- ;------------------------
- Case $96 ;Eb
- MN$ = "SETBE "
- Eb(0)
- MN$ + " ( = SETNA )"
- ;------------------------
- Case $97 ;Eb
- MN$ = "SETA "
- Eb(0)
- MN$ + " ( = SETNBE )"
- ;------------------------
- Case $98 ;Eb
- MN$ = "SETS "
- Eb(0)
- ;------------------------
- Case $99 ;Eb
- MN$ = "SETNS "
- Eb(0)
- ;------------------------
- Case $9A ;Eb
- MN$ = "SETP "
- Eb(0)
- MN$ + " ( = SETPE )"
- ;------------------------
- Case $9B ;Eb
- MN$ = "SETNP "
- Eb(0)
- MN$ + " ( = SETPO )"
- ;------------------------
- Case $9C ;Eb
- MN$ = "SETL "
- Eb(0)
- MN$ + " ( = SETNGE )"
- ;------------------------
- Case $9D ;Eb
- MN$ = "SETNL "
- Eb(0)
- MN$ + " ( = SETGE )"
- ;------------------------
- Case $9E ;Eb
- MN$ = "SETNG "
- Eb(0)
- MN$ + " ( = SETLE )"
- ;------------------------
- Case $9F ;Eb
- MN$ = "SETG "
- Eb(0)
- MN$ + " ( = SETNLE )"
- ;------------------------
- Case $A0
- MN$ = "PUSH FS "
- ;------------------------
- Case $A1
- MN$ = "POP FS "
- ;------------------------
- Case $A2
- MN$ = "CPUID "
- ;------------------------
- Case $A3 ;Ev, Gv
- MN$ = "BT "
- Ev(10, 1)
- ;------------------------
- Case $A4 To $A5 ;Ev, Gv, Ib/CL
- OPH=OP
- MN$ = "SHLD "
- Komma = 2
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- If (OP >> 6) <> 3 ;also nicht Register-Register
- If REX & %00001000 ;REX.W
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- If OPH = $A4
- MemAdd64 = 1
- EndIf
- MSBytes(OP, S)
- Else
- VAR1 = OP
- VAR1 & %00000111
- If REX
- VAR1 | (REX & %00000001) << 3
- EndIf
- IsvonMSBytes = 1
- Register32(VAR1, 0)
- EndIf
- VAR1 = OP >> 3
- VAR1 & %00000111
- If REX
- VAR1 | (REX & %00000100) << 1
- IsvonMSBytes = 1
- EndIf
- Register32(VAR1, 0) ;"Spender"-Register
- If OPH = $A4
- Strings(1, 0) ;1-Byte-Konstante
- Else
- MN$ + " CL"
- EndIf
- ;------------------------
- Case $A6
- NoCode = 1 ;XBTS, obsolet
- ;------------------------
- Case $A7
- NoCode = 1 ;IBTS, obsolet
- ;------------------------
- Case $A8
- MN$ = "PUSH GS "
- ;------------------------
- Case $A9
- MN$ = "POP GS "
- ;------------------------
- Case $AA
- MN$ = "RSM "
- ;------------------------
- Case $AB ;Ev, Gv
- MN$ = "BTS "
- Ev(10, 1)
- ;------------------------
- Case $AC To $AD ;Ev, Gv, Ib/CL
- OPH=OP
- MN$ = "SHRD "
- Komma = 2
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- If (OP >> 6) <> 3 ;also nicht Register-Register
- If REX & %00001000 ;REX.W
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- If OPH = $AC
- MemAdd64 = 1
- EndIf
- MSBytes(OP, S)
- Else
- VAR1 = OP
- VAR1 & %00000111
- If REX
- VAR1 | (REX & %00000001) << 3
- EndIf
- IsvonMSBytes = 1
- Register32(VAR1, 0)
- EndIf
- VAR1 = OP >> 3
- VAR1 & %00000111
- If REX
- VAR1 | (REX & %00000100) << 1
- IsvonMSBytes = 1
- EndIf
- Register32(VAR1, 0) ;"Spender"-Register
- If OPH = $AC
- Strings(1, 0) ;1-Byte-Konstante
- Else
- MN$ + " CL"
- EndIf
- ;------------------------
- Case $AE ;Gruppe 15
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- If OP < $C0 ;also nicht %11xxxxxx
- If REX
- MN$ = "FXSAVE64 "
- Else
- MN$ = "FXSAVE "
- EndIf
- MSBytes(OP, 7) ;7=512-byte-ptr
- EndIf
- Case 1
- If OP < $C0 ;also nicht %11xxxxxx
- If REX
- MN$ = "FXRSTOR64 "
- Else
- MN$ = "FXRSTOR "
- EndIf
- MSBytes(OP, 7) ;7=512-byte-ptr
- EndIf
- Case 2
- If OP < $C0 ;also nicht %11xxxxxx
- MN$ = "LDMXCSR dword ptr [ " : Adr = 1 ;M32
- Strings(4, 2)
- EndIf
- Case 3
- If OP < $C0 ;also nicht %11xxxxxx
- MN$ = "STMXCSR dword ptr [ " : Adr = 1 ;M32
- Strings(4, 2)
- EndIf
- Case 4
- If OP < $C0 ;also nicht %11xxxxxx = Register-Register
- If REX
- MN$ = "XSAVE64 "
- Else
- MN$ = "XSAVE "
- EndIf
- MSBytes(OP, 7) ;7=512-byte-ptr
- EndIf
- Case 5
- If OP < $C0 ;also nicht %11xxxxxx
- If REX
- MN$ = "XRSTOR64 "
- Else
- MN$ = "XRSTOR "
- EndIf
- MSBytes(OP, 7) ;7=512-byte-ptr
- Else
- MN$ = "LFENCE "
- EndIf
- Case 6
- If OP >= $C0 ;also %11xxxxxx = Register-Register
- MN$ = "MFENCE "
- Else
- If REX
- MN$ = "XSAVEOPT64 "
- Else
- MN$ = "XSAVEOPT "
- EndIf
- MSBytes(OP, 7) ;7=512-byte-ptr
- EndIf
- Case 7
- If OP < $C0 ;also nicht %11xxxxxx
- MN$ = "CLFLUSH byte ptr [ " : Adr = 1 ;M8
- Strings(4, 2)
- Else
- MN$ = "SFENCE "
- EndIf
- EndSelect
- ;------------------------
- Case $AF
- MN$ = "IMUL " ;Gv, Ev
- Gv(10, 1)
- ;------------------------
- Case $B0 ;Eb, Gb
- MN$ = "CMPXCHG "
- Komma = 1
- Eb(1)
- ;------------------------
- Case $B1 ;Ev, Gv
- MN$ = "CMPXCHG "
- Ev(10, 1)
- ;------------------------
- Case $B2
- MN$ = "LSS " ;Gv, Mp
- If IsProg64 And REX ;mal REX.W auswerten
- REX & %01000111
- EndIf
- Gv(2, 1)
- ;------------------------
- Case $B3 ;Ev, Gv
- MN$ = "BTR "
- Ev(10, 1)
- ;------------------------
- Case $B4
- MN$ = "LFS " ;Gv, Mp
- If IsProg64 And REX ;mal REX.W auswerten
- REX & %01000111
- EndIf
- Gv(2, 1)
- ;------------------------
- Case $B5
- MN$ = "LGS " ;Gv, Mp
- If IsProg64 And REX ;mal REX.W auswerten
- REX & %01000111
- EndIf
- Gv(2, 1)
- ;------------------------
- Case $B6
- MN$ = "MOVZX " ;Gv, Eb
- Gv(0, 1)
- ;------------------------
- Case $B7
- MN$ = "MOVZX " ;Gv, Ew
- Gv(1, 1)
- ;------------------------
- Case $B8
- Select PR
- Case $3636 ;=$66
- If Mid(OP$, 4, 2) = "F3"
- MN$ = "POPCNT " ;Gv, Ev
- Gv(1, 1)
- EndIf
- Case $3346 ;=$F3
- MN$ = "POPCNT " ;Gv, Ev
- Gv(10, 1)
- ;Default
- ; MN$ = "JMPE " ;Intel-Doku: "reserved for emulator on IPF"
- EndSelect
- ;------------------------
- Case $B9 ;Gruppe 10, reserviert
- NoCode = 1
- ;------------------------
- Case $BA ;Gruppe 8 Ev, Ib
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0 To 3
- NoCode = 1
- Case 4
- MN$ = "BT "
- Case 5
- MN$ = "BTS "
- Case 6
- MN$ = "BTR "
- Case 7
- MN$ = "BTC "
- EndSelect
- If NoCode = 0
- Komma = 1
- MemAdd64 = 1
- If REX & %00001000
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- MN$ + RSet(Hex(PeekB(Buffer + BZ) & $FF), 2, "0") ;der 1-Byte-Wert
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0")
- BZ + 1
- EndIf
- ;------------------------
- Case $BB ;Ev, Gv
- MN$ = "BTC "
- Ev(10, 1)
- ;------------------------
- Case $BC
- MN$ = "BSF " ;Gv, Ev
- Gv(10, 1)
- ;------------------------
- Case $BD
- Select PR
- Case $3636 ;=$66
- If Mid(OP$, 4, 2) = "F3"
- MN$ = "LZCNT " ;Gv, Ev AMD only
- Gv(1, 1)
- EndIf
- Case $3346 ;=$F3
- MN$ = "LZCNT " ;Gv, Ev AMD only
- Gv(10, 1)
- Default
- MN$ = "BSR " ;Gv, Ev
- Gv(10, 1)
- EndSelect
- ;------------------------
- Case $BE
- MN$ = "MOVSX " ;Gv, Eb
- Gv(0, 1)
- ;------------------------
- Case $BF
- MN$ = "MOVSX " ;Gv, Ew
- Gv(1, 1)
- ;------------------------
- Case $C0 ;Eb, Gb
- MN$ = "XADD "
- Komma = 1
- Eb(1)
- ;------------------------
- Case $C1 ;Ev, Gv
- MN$ = "XADD "
- Ev(10, 1)
- ;------------------------
- Case $C2
- XMM = 2 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- MN$ = "CMPPD " : S = 5 ;Vpd, Wpd, Ib 5=DQWord
- Case $3246 ;=$F2
- MN$ = "CMPSD " : S = 3 ;Vsd, Wsd, Ib 3=QWord
- Case $3346 ;=$F3
- MN$ = "CMPSS " : S = 2 ;Vss, Wss, Ib 2=DWord
- Default
- MN$ = "CMPPS " : S = 5 ;Vps, Wps, Ib 5=DQWord
- EndSelect
- MemAdd64 = 1
- Gv(S, 2)
- Strings(1, 0)
- Value = Val(Mid(MN$, Len(MN$), 1))
- Reg$ = Mid(MN$, 7, Len(MN$) - 10) + ")"
- Select PR
- Case $3636 ;=$66
- Select Value
- Case 0
- MN$ + " ( = CMPEQPD " + Reg$
- Case 1
- MN$ + " ( = CMPLTPD " + Reg$
- Case 2
- MN$ + " ( = CMPLEPD " + Reg$
- Case 3
- MN$ + " ( = CMPUNORDPD " + Reg$
- Case 4
- MN$ + " ( = CMPNEQPD " + Reg$
- Case 5
- MN$ + " ( = CMPNLTPD " + Reg$
- Case 6
- MN$ + " ( = CMPNLEPD " + Reg$
- Case 7
- MN$ + " ( = CMPORDPD " + Reg$
- EndSelect
- Case $3246 ;=$F2
- Select Value
- Case 0
- MN$ + " ( = CMPEQSD " + Reg$
- Case 1
- MN$ + " ( = CMPLTSD " + Reg$
- Case 2
- MN$ + " ( = CMPLESD " + Reg$
- Case 3
- MN$ + " ( = CMPUNORDSD " + Reg$
- Case 4
- MN$ + " ( = CMPNEQSD " + Reg$
- Case 5
- MN$ + " ( = CMPNLTSD " + Reg$
- Case 6
- MN$ + " ( = CMPNLESD " + Reg$
- Case 7
- MN$ + " ( = CMPORDSD " + Reg$
- EndSelect
- Case $3346 ;=$F3
- Select Value
- Case 0
- MN$ + " ( = CMPEQSS " + Reg$
- Case 1
- MN$ + " ( = CMPLTSS " + Reg$
- Case 2
- MN$ + " ( = CMPLESS " + Reg$
- Case 3
- MN$ + " ( = CMPUNORDSS " + Reg$
- Case 4
- MN$ + " ( = CMPNEQSS " + Reg$
- Case 5
- MN$ + " ( = CMPNLTSS " + Reg$
- Case 6
- MN$ + " ( = CMPNLESS " + Reg$
- Case 7
- MN$ + " ( = CMPORDSS " + Reg$
- EndSelect
- Default
- Select Value
- Case 0
- MN$ + " ( = CMPEQPS " + Reg$
- Case 1
- MN$ + " ( = CMPLTPS " + Reg$
- Case 2
- MN$ + " ( = CMPLEPS " + Reg$
- Case 3
- MN$ + " ( = CMPUNORDPS " + Reg$
- Case 4
- MN$ + " ( = CMPNEQPS " + Reg$
- Case 5
- MN$ + " ( = CMPNLTPS " + Reg$
- Case 6
- MN$ + " ( = CMPNLEPS " + Reg$
- Case 7
- MN$ + " ( = CMPORDPS " + Reg$
- EndSelect
- EndSelect
- ;------------------------
- Case $C3 ;Md, Gd
- MN$ = "MOVNTI "
- If REX & %00001000
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- Ev(S, 1)
- ;------------------------
- Case $C4
- MN$ = "PINSRW "
- Adr64 = 1
- Select PR
- Case $3636 ;=$66
- XMM = 4 ;Vdq, Mw, Ib
- Default
- XMM = 3 ;Pq, Mw, Ib
- EndSelect
- Gv(1, 2)
- Strings(1, 0)
- ;------------------------
- Case $C5
- MN$ = "PEXTRW "
- Adr64 = 1
- Select PR
- Case $3636 ;=$66
- XMM = 5 ;Gd, Udq, Ib
- Default
- XMM = 6 ;Gd, Nq, Ib
- EndSelect
- Gv(2, 2)
- Strings(1, 0)
- ;------------------------
- Case $C6
- XMM = 2 : Adr64 = 1
- Select PR
- Case $3636 ;=$66
- MN$ = "SHUFPD " ;Vpd, Wpd, Ib
- Default
- MN$ = "SHUFPS " ;Vps, Wps, Ib
- EndSelect
- Gv(5, 2) ;5=DQWord
- Strings(1, 0)
- ;------------------------
- Case $C7 ;Gruppe 9
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- NoCode = 1
- Case 1
- If REX & %00001000 ;REX.W
- MN$ = "CMPXCHG16B dqword ptr [ " ;Mdq
- Else
- MN$ = "CMPXCHG8B qword ptr [ " ;Mq
- EndIf
- Case 2 To 5
- NoCode = 1
- Case 6
- Select PR
- Case $3636 ;=$66
- MN$ = "VMCLEAR qword ptr [ " ;Mq
- Case $3346 ;=$F3
- MN$ = "VMXON qword ptr [ " ;Mq
- Default
- MN$ = "VMPTRLD qword ptr [ " ;Mq
- EndSelect
- Case 7
- MN$ = "VMPTRST qword ptr [ " ;Mq
- EndSelect
- If NoCode = 0
- Adr = 1
- Strings(4, 2)
- EndIf
- ;------------------------
- Case $C8 To $CF
- MN$ = "BSWAP "
- Register32(OP, 0)
- ;------------------------
- Case $D0
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "ADDSUBPD " ;Vpd, Wpd 5=DQWord
- Case $3246 ;=$F2
- MN$ = "ADDSUBPS " ;Vps, Wps 5=DQWord
- EndSelect
- Gv(5, 1)
- ;------------------------
- Case $D1 To $D5
- Select OP
- Case $D1
- MN$ = "PSRLW "
- Case $D2
- MN$ = "PSRLD "
- Case $D3
- MN$ = "PSRLQ "
- Case $D4
- MN$ = "PADDQ "
- Case $D5
- MN$ = "PMULLW "
- EndSelect
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $D6
- Select PR
- Case $3636 ;=$66
- XMM = 2
- MN$ = "MOVQ " ;Wq, Vq
- Ev(3, 1)
- Case $3246 ;=$F2
- MN$ = "MOVDQ2Q " ;Pq, Uq ;XMM in MMX nur Register
- XMM = 8
- Gv(3, 1)
- Case $3346 ;=$F3
- MN$ = "MOVQ2DQ " ;Vdq, Nq ;MMX in XMM nur Register
- XMM = 7
- Gv(3, 1)
- EndSelect
- ;------------------------
- Case $D7
- MN$ = "PMOVMSKB "
- Select PR
- Case $3636 ;=$66
- XMM = 5 ;Gd, Udq
- Default
- XMM = 6 ;Gd, Nq
- EndSelect
- Gv(2, 1)
- ;------------------------
- Case $D8 To $E5
- Select OP
- Case $D8
- MN$ = "PSUBUSB "
- Case $D9
- MN$ = "PSUBUSW "
- Case $DA
- MN$ = "PMINUB "
- Case $DB
- MN$ = "PAND "
- Case $DC
- MN$ = "PADDUSB "
- Case $DD
- MN$ = "PADDUSW "
- Case $DE
- MN$ = "PMAXUB "
- Case $DF
- MN$ = "PANDN "
- Case $E0
- MN$ = "PAVGB "
- Case $E1
- MN$ = "PSRAW "
- Case $E2
- MN$ = "PSRAD "
- Case $E3
- MN$ = "PAVGW "
- Case $E4
- MN$ = "PMULHUW "
- Case $E5
- MN$ = "PMULHW "
- EndSelect
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $E6
- XMM = 2
- Select PR
- Case $3636 ;=$66
- MN$ = "CVTTPD2DQ " ;Vdq, Wpd
- S = 5
- Case $3246 ;=$F2
- MN$ = "CVTPD2DQ " ;Vdq, Wpd
- S = 5
- Case $3346 ;=$F3
- MN$ = "CVTDQ2PD " ;Vpd, Wdq
- S = 3
- EndSelect
- Gv(S, 1) ;5=DQWord
- ;------------------------
- Case $E7
- Select PR
- Case $3636 ;=$66
- MN$ = "MOVNTDQ " ;Mdq, Vdq
- XMM = 2 : S = 5
- Default
- MN$ = "MOVNTQ " ;Mq, Pq
- XMM = 1 : S = 3
- EndSelect
- Ev(S, 1)
- ;------------------------
- Case $E8 To $EF
- Select OP
- Case $E8
- MN$ = "PSUBSB "
- Case $E9
- MN$ = "PSUBSW "
- Case $EA
- MN$ = "PMINSW "
- Case $EB
- MN$ = "POR "
- Case $EC
- MN$ = "PADDSB "
- Case $ED
- MN$ = "PADDSW "
- Case $EE
- MN$ = "PMAXSW "
- Case $EF
- MN$ = "PXOR "
- EndSelect
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $F0
- XMM = 2
- Select PR
- Case $3246 ;=$F2
- MN$ = "LDDQU " ;Vdq, Mdq
- EndSelect
- Gv(5, 1)
- ;------------------------
- Case $F1 To $F6
- Select OP
- Case $F1
- MN$ = "PSLLW "
- Case $F2
- MN$ = "PSLLD "
- Case $F3
- MN$ = "PSLLQ "
- Case $F4
- MN$ = "PMULUDQ "
- Case $F5
- MN$ = "PMADDWD "
- Case $F6
- MN$ = "PSADBW "
- EndSelect
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $F7
- Select PR
- Case $3636 ;=$66
- MN$ = "MASKMOVDQU "
- XMM = 2 : S = 5 ;Vdq, Udq
- Default
- MN$ = "MASKMOVQ "
- XMM = 1 : S = 3 ;Pq, Nq
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $F8 To $FE
- Select OP
- Case $F8
- MN$ = "PSUBB "
- Case $F9
- MN$ = "PSUBW "
- Case $FA
- MN$ = "PSUBD "
- Case $FB
- MN$ = "PSUBQ "
- Case $FC
- MN$ = "PADDB "
- Case $FD
- MN$ = "PADDW "
- Case $FE
- MN$ = "PADDD "
- EndSelect
- Select PR
- Case $3636 ;=$66
- XMM = 2 : S = 5 ;Vdq, Wdq
- Default
- XMM = 1 : S = 3 ;Pq, Qq
- EndSelect
- Gv(S, 1)
- ;------------------------
- Case $FF
- NoCode = 1
- EndSelect
- EndProcedure
- Procedure Codes() ;Section mit ausführbarem Code
- If Bin = 0 ;PE-Program on HD
- SRVA = I_S_H\VirtualAddress ;rel.virt.Adresse Section
- SL = I_S_H\SizeOfRawData ;Section-Länge
- SO = I_S_H\PointerToRawData ;Section-Offset innerhalb der Datei
- SF = I_S_H\Characteristics ;Section-Flags
- SE = SO + SL ;Section-End-Adresse
- OS = IB + SRVA ;Offset Section
- SECN$ = Mid(I_S_H\Name, 1, 8) ;zur Sicherheit, da nicht zwangsläufig null-terminiert
- Daten(Zeile)\Opcode = "Begin Section" + Str(SZ) + ", Name: " + UCase(SECN$) + ", executable Code"
- Zeile + 1
- ElseIf Bin = 1 ;Non-PE-Program on HD
- ReadFile(0, File$)
- SL = Lof(0)
- CloseFile(0)
- SE = SL
- OS = BaseAdr
- SRVA = BaseAdr
- Dim Daten.Item(SL) ;nicht kleiner!
- ElseIf Bin = 2 ;Program in Memory
- SL = EndAdr - BaseAdr
- LF = SL ;für Fortschritts-Balken
- SE = SL
- OS = BaseAdr
- SRVA = BaseAdr
- Dim Daten.Item(SL) ;nicht kleiner!
- EndIf
- BZ = SO ;Zeiger in Buffer
- Repeat
- If BZ >= SE
- If FileExt = 0
- Daten(Zeile)\Opcode = " E n d S e c t i o n " + Str(SZ) + " " + UCase(SECN$)
- EndIf
- Zeile + 1
- Break
- EndIf
- If PEP ;PEP hier auch als Merker "missbraucht"
- If BZ + OS - SO = PEP + IB
- PEP = 0
- ZeilePEP = Zeile ;PEP-Zeile wird grün markiert
- EndIf
- EndIf
- While DLL ;es können auch mehrere Funktionen auf ein und die selbe Adresse zeigen
- DLLAdr$ = "$" + Mid(ArrayAdr(ZDLL), 1, Adr3264)
- DLLAdr = Val(DLLAdr$)
- If BZ + OS - SO = DLLAdr
- DLLEntry + 1
- ZDLL + 1
- If ZDLL = NOF + 1
- DLL = 0
- EndIf
- Else
- Break
- EndIf
- Wend
- If OV ;wirkt auch für Segment-Override!
- OP = PeekB(Buffer + BZ) & $FF ;Opcode Byte für Byte einlesen
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- OV = 0
- Else
- OP$ = ""
- OP = PeekB(Buffer + BZ) & $FF ;Opcode Byte für Byte einlesen
- OP$ + RSet(Hex(OP), 2, "0") + " "
- Daten(Zeile)\Address = "$" + RSet(Hex(BZ + OS - SO), Adr3264, "0")
- BZ + 1 ;Adresse nächstes Byte in Speicher-Datei
- EndIf
- ;------------------------------------------------------------------------------------
- Select OP ;Sortierung nach zu erwartender Aufruf-Häufigkeit brachte nicht die Bohne
- ;----------------------
- Case $00 ;Eb, Gb
- SOS = BZ - 1
- MN$ = "ADD "
- Komma = 1
- Eb(1)
- If (PeekB(Buffer + BZ) & $FF = $00) And (PeekW(Buffer + BZ - 2) & $FFFF = $0000)
- OP$ + "00 "
- BZ + 1
- ;für Füll-Nullen
- MN$ = ""
- While (BZ < SE) And (PeekB(Buffer + BZ) & $FF = $00)
- BZ + 1
- OP$ + "00 "
- If Len(OP$) > 45 ;max. 16 Null-Bytes + Leerzeichen dazwischen
- Daten(Zeile)\Address = "$" + RSet(Hex(BZ + OS - SO - 16), Adr3264, "0")
- Daten(Zeile)\Opcode = OP$
- Zeile + 1
- OP$ = ""
- SOS = BZ
- EndIf
- Wend
- If OP$ <> ""
- Daten(Zeile)\Address = "$" + RSet(Hex(SOS + OS - SO), Adr3264, "0")
- EndIf
- EndIf
- ;----------------------
- Case $01 ;Ev, Gv
- MN$ = "ADD "
- Ev(10, 1)
- ;----------------------
- Case $02 ;Gb, Eb
- MN$ = "ADD "
- Komma = 1
- Gb()
- ;----------------------
- Case $03 ;Gv, Ev
- MN$ = "ADD "
- Gv(10, 1)
- ;----------------------
- Case $04 ;AL, Ib
- MN$ = "ADD AL , "
- Strings(1, 0)
- ;----------------------
- Case $05 ;rAX, Iz
- If Mid(OP$, 1, 2) = "66"
- MN$ = "ADD AX , "
- Strings(2, 0)
- Else
- If REX & %00001000
- MN$ = "ADD RAX , "
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- Strings(4, 0)
- Else
- MN$ = "ADD EAX , "
- Strings(4, 0) ;4 auch für RAX richtig!
- EndIf
- EndIf
- ;----------------------
- Case $06
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "PUSH ES"
- EndIf
- ;----------------------
- Case $07
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "POP ES"
- EndIf
- ;----------------------
- Case $08 ;Eb, Gb
- MN$ = "OR "
- Komma = 1
- Eb(1)
- ;----------------------
- Case $09 ;Ev, Gv
- MN$ = "OR "
- Ev(10, 1)
- ;----------------------
- Case $0A ;Gb, Eb
- MN$ = "OR "
- Komma = 1
- Gb()
- ;----------------------
- Case $0B ;Gv, Ev
- MN$ = "OR "
- Gv(10, 1)
- ;----------------------
- Case $0C ;AL, Ib
- MN$ = "OR AL , "
- Strings(1, 0)
- ;----------------------
- Case $0D ;rAX, Iz
- If Mid(OP$, 1, 2) = "66"
- MN$ = "OR AX , "
- Strings(2, 0)
- Else
- If REX & %00001000
- MN$ = "OR RAX , "
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- Strings(4, 0)
- Else
- MN$ = "OR EAX , "
- Strings(4, 0) ;4 auch für RAX richtig!
- EndIf
- EndIf
- ;----------------------
- Case $0E
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "PUSH CS"
- EndIf
- ;----------------------
- Case $0F ;Shift-Byte (1.Byte=0Fh)
- Codes_Shift()
- ;----------------------
- Case $10 ;Eb, Gb
- MN$ = "ADC "
- Komma = 1
- Eb(1)
- ;----------------------
- Case $11 ;Ev, Gv
- MN$ = "ADC "
- Ev(10, 1)
- ;----------------------
- Case $12 ;Gb, Eb
- MN$ = "ADC "
- Komma = 1
- Gb()
- ;----------------------
- Case $13 ;Gv, Ev
- MN$ = "ADC "
- Gv(10, 1)
- ;----------------------
- Case $14 ;AL, Ib
- MN$ = "ADC AL , "
- Strings(1, 0)
- ;----------------------
- Case $15 ;rAX, Iz
- If Mid(OP$, 1, 2) = "66"
- MN$ = "ADC AX , "
- Strings(2, 0)
- Else
- If REX & %00001000
- MN$ = "ADC RAX , "
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- Strings(4, 0)
- Else
- MN$ = "ADC EAX , "
- Strings(4, 0) ;4 auch für RAX richtig!
- EndIf
- EndIf
- ;----------------------
- Case $16
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "PUSH SS"
- EndIf
- ;----------------------
- Case $17
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "POP SS"
- EndIf
- ;----------------------
- Case $18 ;Eb, Gb
- MN$ = "SBB "
- Komma = 1
- Eb(1)
- ;----------------------
- Case $19 ;Ev, Gv
- MN$ = "SBB "
- Ev(10, 1)
- ;----------------------
- Case $1A ;Gb, Eb
- MN$ = "SBB "
- Komma = 1
- Gb()
- ;----------------------
- Case $1B ;Gv, Ev
- MN$ = "SBB "
- Gv(10, 1)
- ;----------------------
- Case $1C ;AL, Ib
- MN$ = "SBB AL , "
- Strings(1, 0)
- ;----------------------
- Case $1D ;rAX, Iz
- If Mid(OP$, 1, 2) = "66"
- MN$ = "SBB AX , "
- Strings(2, 0)
- Else
- If REX & %00001000
- MN$ = "SBB RAX , "
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- Strings(4, 0)
- Else
- MN$ = "SBB EAX , "
- Strings(4, 0) ;4 auch für RAX richtig!
- EndIf
- EndIf
- ;----------------------
- Case $1E
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "PUSH DS"
- EndIf
- ;----------------------
- Case $1F
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "POP DS"
- EndIf
- ;----------------------
- Case $20 ;Eb, Gb
- MN$ = "AND "
- Komma = 1
- Eb(1)
- ;----------------------
- Case $21 ;Ev, Gv
- MN$ = "AND "
- Ev(10, 1)
- ;----------------------
- Case $22 ;Gb, Eb
- MN$ = "AND "
- Komma = 1
- Gb()
- ;----------------------
- Case $23 ;Gv, Ev
- MN$ = "AND "
- Gv(10, 1)
- ;----------------------
- Case $24 ;AL, Ib
- MN$ = "AND AL , "
- Strings(1, 0)
- ;----------------------
- Case $25 ;rAX, Iz
- If Mid(OP$, 1, 2) = "66"
- MN$ = "AND AX , "
- Strings(2, 0)
- Else
- If REX & %00001000
- MN$ = "AND RAX , "
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- Strings(4, 0)
- Else
- MN$ = "AND EAX , "
- Strings(4, 0) ;4 auch für RAX richtig!
- EndIf
- EndIf
- ;----------------------
- Case $26 ;zeigt in ES:
- OV = 1 : ESS = 1
- ;----------------------
- Case $27
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "DAA "
- EndIf
- ;----------------------
- Case $28 ;Eb, Gb
- MN$ = "SUB "
- Komma = 1
- Eb(1)
- ;----------------------
- Case $29 ;Ev, Gv
- MN$ = "SUB "
- Ev(10, 1)
- ;----------------------
- Case $2A ;Gb, Eb
- MN$ = "SUB "
- Komma = 1
- Gb()
- ;----------------------
- Case $2B ;Gv, Ev
- MN$ = "SUB "
- Gv(10, 1)
- ;----------------------
- Case $2C ;AL, Ib
- MN$ = "SUB AL , "
- Strings(1, 0)
- ;----------------------
- Case $2D ;rAX, Iz
- If Mid(OP$, 1, 2) = "66"
- MN$ = "SUB AX , "
- Strings(2, 0)
- Else
- If REX & %00001000
- MN$ = "SUB RAX , "
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- Strings(4, 0)
- Else
- MN$ = "SUB EAX , "
- Strings(4, 0) ;4 auch für RAX richtig!
- EndIf
- EndIf
- ;----------------------
- Case $2E ;zeigt in CS: oder Branch Hint bei bedingtem Sprung
- OV = 1 : CSS = 1
- ;----------------------
- Case $2F
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "DAS "
- EndIf
- ;----------------------
- Case $30 ;Eb, Gb
- MN$ = "XOR "
- Komma = 1
- Eb(1)
- ;----------------------
- Case $31 ;Ev, Gv
- MN$ = "XOR "
- Ev(10, 1)
- ;----------------------
- Case $32 ;Gb, Eb
- MN$ = "XOR "
- Komma = 1
- Gb()
- ;----------------------
- Case $33 ;Gv, Ev
- MN$ = "XOR "
- Gv(10, 1)
- ;----------------------
- Case $34 ;AL, Ib
- MN$ = "XOR AL , "
- Strings(1, 0)
- ;----------------------
- Case $35 ;rAX, Iz
- If Mid(OP$, 1, 2) = "66"
- MN$ = "XOR AX , "
- Strings(2, 0)
- Else
- If REX & %00001000
- MN$ = "XOR RAX , "
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- Strings(4, 0)
- Else
- MN$ = "XOR EAX , "
- Strings(4, 0) ;4 auch für RAX richtig!
- EndIf
- EndIf
- ;----------------------
- Case $36 ;zeigt in SS:
- OV = 1 : SSS = 1
- ;----------------------
- Case $37
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "AAA "
- EndIf
- ;----------------------
- Case $38 ;Eb, Gb
- MN$ = "CMP "
- Komma = 1
- Eb(1)
- ;----------------------
- Case $39 ;Ev, Gv
- MN$ = "CMP "
- Ev(10, 1)
- ;----------------------
- Case $3A ;Gb, Eb
- MN$ = "CMP "
- Komma = 1
- Gb()
- ;----------------------
- Case $3B ;Gv, Ev
- MN$ = "CMP "
- Gv(10, 1)
- ;----------------------
- Case $3C ;AL, Ib
- MN$ = "CMP AL , "
- Strings(1, 0)
- ;----------------------
- Case $3D ;rAX, Iz
- If Mid(OP$, 1, 2) = "66"
- MN$ = "CMP AX , "
- Strings(2, 0)
- Else
- If REX & %00001000
- MN$ = "CMP RAX , "
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- Strings(4, 0)
- Else
- MN$ = "CMP EAX , "
- Strings(4, 0) ;4 auch für RAX richtig!
- EndIf
- EndIf
- ;----------------------
- Case $3E ;zeigt in DS: oder Branch Hint bei bedingtem Sprung
- OV = 1 : DSS = 1
- ;----------------------
- Case $3F
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "AAS "
- EndIf
- ;----------------------
- Case $40 To $47
- If IsProg64
- OV = 1 : REX = OP
- Else
- MN$ = "INC "
- Register32(OP, 0)
- EndIf
- ;----------------------
- Case $48 To $4F
- If IsProg64
- OV = 1 : REX = OP ;Präfix 64-Bit
- Else
- MN$ = "DEC "
- Register32(OP, 0)
- EndIf
- ;----------------------
- Case $50 To $57
- MN$ = "PUSH "
- If IsProg64 And REX ;einige Klimmzüge für 64-Bit
- REXEX = 1
- REX << 2
- REX | %00001000
- ElseIf IsProg64
- REX = $48
- EndIf
- Register32(OP, 0)
- ;----------------------
- Case $58 To $5F
- MN$ = "POP "
- If IsProg64 And REX
- REXEX = 1
- REX << 2
- REX | %00001000
- ElseIf IsProg64
- REX = $48
- EndIf
- Register32(OP, 0)
- ;----------------------
- Case $60
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "PUSHAD "
- EndIf
- ;----------------------
- Case $61
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "POPAD "
- EndIf
- ;----------------------
- Case $62 ;Gv, Ma
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "BOUND "
- Gv(2, 1)
- EndIf
- ;----------------------
- Case $63 ;Ew, Gw
- If REX & %00001000
- MN$ = "MOVSXD " ;hier von Hand
- OP = PeekB(Buffer + BZ) & $FF
- If (OP & %11000000) <> %11000000
- Gv(2, 1)
- Else
- Komma = 1
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- VAR1 = OP >> 3
- VAR1 & %00000111
- VAR1 | ((REX & %00000100) << 1)
- IsvonMSBytes = 1 ;"antäuschen"
- Register32(VAR1, 0)
- VAR1 = OP & %00000111
- VAR1 | (REX & %00000001) << 3
- REX = 0
- IsvonMSBytes = 1
- Register32(VAR1, 0)
- EndIf
- Else
- Komma = 1
- MN$ = "ARPL "
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- MSBytes(OP, 1) ;1=Word
- Register32(OP >> 3, 1)
- EndIf
- ;----------------------
- Case $64 ;zeigt in FS:
- OV = 1 : FSS = 1
- ;----------------------
- Case $65 ;zeigt in GS:
- OV = 1 : GSS = 1
- ;----------------------
- Case $66 ;Operand Override, z.B. aus mov eax,[ebx] wird mov ax,[ebx]
- OV = 1
- ;----------------------
- Case $67 ;Address Override, z.B. aus mov eax,[ebx] wird mov eax,[bx]
- OV = 1
- ;----------------------
- Case $68 ;PUSH mit DWord-Konstante
- MN$ = "PUSH "
- If IsProg64
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- EndIf
- Strings(4, 0)
- ;Versuch, Strings aufzulösen
- SPZ = PeekL(Buffer + BZ - 4)
- If SPZ >= ProgA And SPZ < ProgE
- SPZ - IB
- k = 0
- For n = 1 To ANS
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H))
- XRVA = I_S_H\VirtualAddress
- X = XRVA + I_S_H\SizeOfRawData ;+ Länge der Section
- If SPZ < X ;SPZ in dieser Section ?
- SPZ - XRVA + I_S_H\PointerToRawData ;+ Offset dieser Section
- If SPZ > LF Or SPZ < 0 ;Null wegen signed
- Break
- EndIf
- XF = I_S_H\Characteristics ;Flags ermitteln
- If (XF & #IMAGE_SCN_MEM_EXECUTE = 0) And (SPZ >= SO) ;Test, ob Section ausführbar oder nicht
- Info$ = PeekS(Buffer + SPZ, $FF)
- If Info$ <> ""
- MN$ + " (" + Chr(34) + Info$ + Chr(34) + ")"
- EndIf
- EndIf
- Break
- EndIf
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- EndIf
- ;----------------------
- Case $69 ;Gv, Ev, Iz
- MN$ = "IMUL "
- Komma = 2
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- VAR1 = OP >> 3
- VAR1 & %00000111
- If REX
- VAR1 | (REX & %00000100) << 1
- IsvonMSBytes = 1
- EndIf
- Register32(VAR1, 0)
- If (OP >> 6) <> 3 ;also nicht Register-Register
- If REX & %00001000
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MemAdd64 = 4
- MSBytes(OP, S)
- Else
- VAR1 = OP
- VAR1 & %00000111
- If REX
- VAR1 | (REX & %00000001) << 3
- EndIf
- IsvonMSBytes = 1
- Register32(VAR1, 0)
- EndIf
- Strings(4, 0) ;4-Byte-Konstante
- ;----------------------
- Case $6A ;PUSH mit Byte-Konstante, wird auf D/Q-Word aufgefüllt
- MN$ = "PUSH "
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- H = PeekB(Buffer + BZ) & $FF
- If H < $80 ;Feinheit! sign-extended
- If Mid(OP$, 1, 2) = "66"
- H$ = "00 "
- Else
- H$ = "00 00 00 "
- If IsProg64
- H$ + "00 00 00 00 "
- EndIf
- EndIf
- Else
- If Mid(OP$, 1, 2) = "66"
- H$ = "FF "
- Else
- H$ = "FF FF FF "
- If IsProg64
- H$ + "FF FF FF FF "
- EndIf
- EndIf
- EndIf
- MN$ + H$ + RSet(Hex(H), 2, "0") ;plus der 1-Byte-Wert
- BZ + 1
- ;----------------------
- Case $6B ;Gv, Ev, Ib
- MN$ = "IMUL "
- Komma = 2
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- VAR1 = OP >> 3
- VAR1 & %00000111
- If REX
- VAR1 | (REX & %00000100) << 1
- IsvonMSBytes = 1
- EndIf
- Register32(VAR1, 0)
- If (OP >> 6) <> 3 ;also nicht Register-Register
- If REX & %00001000
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MemAdd64 = 1
- MSBytes(OP, S)
- Else
- VAR1 = OP
- VAR1 & %00000111
- If REX
- VAR1 | (REX & %00000001) << 3
- EndIf
- IsvonMSBytes = 1
- Register32(VAR1, 0)
- EndIf
- Strings(1, 0) ;1-Byte-Konstante
- ;----------------------
- Case $6C ;Yb, DX
- MN$ = "INSB "
- ;----------------------
- Case $6D ;Yz, DX
- If Mid(OP$, 1, 2) = "66"
- MN$ = "INSW "
- Else
- MN$ = "INSD "
- EndIf
- ;----------------------
- Case $6E ;DX, Xb
- MN$ = "OUTSB "
- ;----------------------
- Case $6F ;DX, Xz
- If Mid(OP$, 1, 2) = "66"
- MN$ = "OUTSW "
- Else
- MN$ = "OUTSD "
- EndIf
- ;----------------------
- Case $70
- MN$ = "JO " ;short
- Sprung_short()
- ;----------------------
- Case $71
- MN$ = "JNO " ;short
- Sprung_short()
- ;----------------------
- Case $72
- MN$ = "JB " ;short, identisch mit JC und JNAE
- Sprung_short()
- MN$ + " ( = JC = JNAE )"
- ;----------------------
- Case $73
- MN$ = "JNB " ;short, identisch mit JNC und JAE
- Sprung_short()
- MN$ + " ( = JNC = JAE )"
- ;----------------------
- Case $74
- MN$ = "JE " ;short, identisch mit JZ
- Sprung_short()
- MN$ + " ( = JZ )"
- ;----------------------
- Case $75
- MN$ = "JNE " ;short, identisch mit JNZ
- Sprung_short()
- MN$ + " ( = JNZ )"
- ;----------------------
- Case $76
- MN$ = "JBE " ;short, identisch mit JNA
- Sprung_short()
- MN$ + " ( = JNA )"
- ;----------------------
- Case $77
- MN$ = "JA " ;short, identisch mit JNBE
- Sprung_short()
- MN$ + " ( = JNBE )"
- ;----------------------
- Case $78
- MN$ = "JS " ;short
- Sprung_short()
- ;----------------------
- Case $79
- MN$ = "JNS " ;short
- Sprung_short()
- ;----------------------
- Case $7A
- MN$ = "JP " ;short, identisch mit JPE
- Sprung_short()
- MN$ + " ( = JPE )"
- ;----------------------
- Case $7B
- MN$ = "JNP " ;short, identisch mit JPO
- Sprung_short()
- MN$ + " ( = JPO )"
- ;----------------------
- Case $7C
- MN$ = "JL " ;short, identisch mit JNGE
- Sprung_short()
- MN$ + " ( = JNGE )"
- ;----------------------
- Case $7D
- MN$ = "JGE " ;short, identisch mit JNL
- Sprung_short()
- MN$ + " ( = JNL )"
- ;----------------------
- Case $7E
- MN$ = "JLE " ;short, identisch mit JNG
- Sprung_short()
- MN$ + " ( = JNG ) "
- ;----------------------
- Case $7F
- MN$ = "JG " ;short, identisch mit JNLE
- Sprung_short()
- MN$ + " ( = JNLE )"
- ;----------------------
- Case $80 ;Gruppe 1 Eb, Ib
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "ADD "
- Case 1
- MN$ = "OR "
- Case 2
- MN$ = "ADC "
- Case 3
- MN$ = "SBB "
- Case 4
- MN$ = "AND "
- Case 5
- MN$ = "SUB "
- Case 6
- MN$ = "XOR "
- Case 7
- MN$ = "CMP "
- EndSelect
- Komma = 1
- MemAdd64 = 1
- MSBytes(OP, 0) ;VAR2=0=Byte
- Strings(1, 0)
- ;----------------------
- Case $81 ;Gruppe 1 Ev,Iz
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "ADD "
- Case 1
- MN$ = "OR "
- Case 2
- MN$ = "ADC "
- Case 3
- MN$ = "SBB "
- Case 4
- MN$ = "AND "
- Case 5
- MN$ = "SUB "
- Case 6
- MN$ = "XOR "
- Case 7
- MN$ = "CMP "
- EndSelect
- Komma = 1
- MemAdd64 = 4
- If REX & %00001000
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- If REX
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- EndIf
- Strings(4, 0)
- ;----------------------
- Case $82 ;Gruppe 1 Eb, Ib nicht für 64-Bit! Taucht bei Intel garnicht mehr auf!
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "ADD "
- Case 1
- MN$ = "OR "
- Case 2
- MN$ = "ADC "
- Case 3
- MN$ = "SBB "
- Case 4
- MN$ = "AND "
- Case 5
- MN$ = "SUB "
- Case 6
- MN$ = "XOR "
- Case 7
- MN$ = "CMP "
- EndSelect
- Komma = 1
- MemAdd64 = 1
- MSBytes(OP, 0) ;VAR2=0=Byte
- Strings(1, 0)
- ;----------------------
- Case $83 ;Gruppe 1 Ev, Ib
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "ADD "
- Case 1
- MN$ = "OR "
- Case 2
- MN$ = "ADC "
- Case 3
- MN$ = "SBB "
- Case 4
- MN$ = "AND "
- Case 5
- MN$ = "SUB "
- Case 6
- MN$ = "XOR "
- Case 7
- MN$ = "CMP "
- EndSelect
- Komma = 1
- MemAdd64 = 1
- If REX & %00001000
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- H = PeekB(Buffer + BZ) & $FF
- If H < $80 ;Feinheit! sign-extended
- If Mid(OP$, 1, 2) = "66"
- H$ = "00 "
- Else
- H$ = "00 00 00 "
- If REX
- H$ + "00 00 00 00 "
- EndIf
- EndIf
- Else
- If Mid(OP$, 1, 2) = "66"
- H$ = "FF "
- Else
- H$ = "FF FF FF "
- If REX
- H$ + "FF FF FF FF "
- EndIf
- EndIf
- EndIf
- MN$ + H$ + RSet(Hex(H), 2, "0") ;plus der 1-Byte-Wert
- BZ + 1
- ;----------------------
- Case $84 ;Eb, Gb
- MN$ = "TEST "
- Komma = 1
- Eb(1)
- ;----------------------
- Case $85 ;Ev, Gv
- MN$ = "TEST "
- Ev(10, 1)
- ;----------------------
- Case $86 ;Eb, Gb
- MN$ = "XCHG "
- Komma = 1
- Eb(1)
- ;----------------------
- Case $87 ;Ev, Gv
- MN$ = "XCHG "
- Ev(10, 1)
- ;----------------------
- Case $88 ;Eb, Gb
- MN$ = "MOV "
- Komma = 1
- Eb(1)
- ;----------------------
- Case $89 ;Ev, Gv
- MN$ = "MOV "
- Ev(10, 1)
- ;----------------------
- Case $8A ;Gb, Eb
- MN$ = "MOV "
- Komma = 1
- Gb()
- ;----------------------
- Case $8B ;Gv, Ev
- MN$ = "MOV "
- Gv(10, 1)
- ;----------------------
- Case $8C ;Ev, Sw Segment-Register!
- MN$ = "MOV "
- Komma = 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- MSBytes(OP, 1) ;1=Word
- RegisterSR(OP >> 3)
- ;----------------------
- Case $8D ;Gv, M
- MN$ = "LEA "
- Gv(10, 1)
- ;----------------------
- Case $8E ;Sw, Ew Segment-Register!
- MN$ = "MOV "
- Komma = 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RegisterSR(OP >> 3)
- MSBytes(OP, 1) ;1=Word
- ;----------------------
- Case $8F ;Ev
- MN$ = "POP "
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- If IsProg64
- S = 3 ;3=QWord
- Else
- S = 2 ;2=DWord
- EndIf
- MSBytes(OP, S)
- ;----------------------
- Case $90 ;NOP
- MN$ = "NOP " ;ist auch XCHG rAX,rAX !
- ;----------------------
- Case $91 ;rAX,rCX/r9
- If Mid(OP$, 1, 2) = "66"
- MN$ = "XCHG AX , CX"
- Else
- If REX = $48
- MN$ = "XCHG RAX , RCX"
- ElseIf REX = $49
- MN$ = "XCHG RAX , R9"
- Else
- MN$ = "XCHG EAX , ECX"
- EndIf
- EndIf
- ;----------------------
- Case $92 ;rAX,rDX/r10
- If Mid(OP$, 1, 2) = "66"
- MN$ = "XCHG AX , DX"
- Else
- If REX = $48
- MN$ = "XCHG RAX , RDX"
- ElseIf REX = $49
- MN$ = "XCHG RAX , R10"
- Else
- MN$ = "XCHG EAX , EDX"
- EndIf
- EndIf
- ;----------------------
- Case $93 ;rAX,rBX/r11
- If Mid(OP$, 1, 2) = "66"
- MN$ = "XCHG AX , BX"
- Else
- If REX = $48
- MN$ = "XCHG RAX , RBX"
- ElseIf REX = $49
- MN$ = "XCHG RAX , R11"
- Else
- MN$ = "XCHG EAX , EBX"
- EndIf
- EndIf
- ;----------------------
- Case $94 ;rAX,rSP/r12
- If Mid(OP$, 1, 2) = "66"
- MN$ = "XCHG AX , SP"
- Else
- If REX = $48
- MN$ = "XCHG RAX , RSP"
- ElseIf REX = $49
- MN$ = "XCHG RAX , R12"
- Else
- MN$ = "XCHG EAX , ESP"
- EndIf
- EndIf
- ;----------------------
- Case $95 ;rAX,rBP/r13
- If Mid(OP$, 1, 2) = "66"
- MN$ = "XCHG AX , BP"
- Else
- If REX = $48
- MN$ = "XCHG RAX , RBP"
- ElseIf REX = $49
- MN$ = "XCHG RAX , R13"
- Else
- MN$ = "XCHG EAX , EBP"
- EndIf
- EndIf
- ;----------------------
- Case $96 ;rAX,rSI/r14
- If Mid(OP$, 1, 2) = "66"
- MN$ = "XCHG AX , SI"
- Else
- If REX = $48
- MN$ = "XCHG RAX , RSI"
- ElseIf REX = $49
- MN$ = "XCHG RAX , R14"
- Else
- MN$ = "XCHG EAX , ESI"
- EndIf
- EndIf
- ;----------------------
- Case $97 ;rAX,rDI/r15
- If Mid(OP$, 1, 2) = "66"
- MN$ = "XCHG AX , DI"
- Else
- If REX = $48
- MN$ = "XCHG RAX , RDI"
- ElseIf REX = $49
- MN$ = "XCHG RAX , R15"
- Else
- MN$ = "XCHG EAX , EDI"
- EndIf
- EndIf
- ;----------------------
- Case $98
- If Mid(OP$, 1, 2) = "66"
- MN$ = "CBW "
- ElseIf REX & %00001000
- MN$ = "CDQE "
- Else
- MN$ = "CWDE "
- EndIf
- ;----------------------
- Case $99
- If Mid(OP$, 1, 2) = "66"
- MN$ = "CWD "
- ElseIf REX & %00001000
- MN$ = "CQO "
- Else
- MN$ = "CDQ "
- EndIf
- ;----------------------
- Case $9A ;Ap
- MN$ = "CALL " ;far
- MSBytes(OP, 2)
- MN$ + " ( far )"
- ;----------------------
- Case $9B ;WAIT/FWAIT
- MN$ = "WAIT " ;hier nur WAIT; sind beide identisch
- ;----------------------
- Case $9C ;Fv
- If IsProg64
- MN$ = "PUSHFQ "
- Else
- If Mid(OP$, 1, 2) = "66"
- MN$ = "PUSHF "
- Else
- MN$ = "PUSHFD "
- EndIf
- EndIf
- ;----------------------
- Case $9D ;Fv
- If IsProg64
- MN$ = "POPFQ "
- Else
- If Mid(OP$, 1, 2) = "66"
- MN$ = "POPF "
- Else
- MN$ = "POPFD "
- EndIf
- EndIf
- ;----------------------
- Case $9E ;SAHF
- MN$ = "SAHF "
- ;----------------------
- Case $9F ;LAHF
- MN$ = "LAHF "
- ;----------------------
- Case $A0 ;AL, Ob Offset
- MN$ = "MOV AL , byte ptr [ "
- If IsProg64
- Strings(8, 2)
- Else
- Strings(4, 2)
- EndIf
- ;----------------------
- Case $A1 ;rAX, Ov Offset
- If Mid(OP$, 1, 2) = "66"
- MN$ = "MOV AX , word ptr [ "
- ElseIf REX & %00001000
- MN$ = "MOV RAX , qword ptr [ "
- Else
- MN$ = "MOV EAX , dword ptr [ "
- EndIf
- If IsProg64
- Strings(8, 2)
- Else
- Strings(4, 2)
- EndIf
- ;----------------------
- Case $A2 ;Ob, AL
- MN$ = "MOV byte ptr [ "
- If IsProg64
- Strings(8, 2)
- Else
- Strings(4, 2)
- EndIf
- MN$ + " , AL"
- ;----------------------
- Case $A3 ;Ov, rAX
- If Mid(OP$, 1, 2) = "66"
- MN$ = "MOV word ptr [ "
- If IsProg64
- Strings(8, 2)
- Else
- Strings(4, 2)
- EndIf
- MN$ + " , AX"
- ElseIf REX & %00001000
- MN$ = "MOV qword ptr [ "
- Strings(8, 2)
- MN$ + " , RAX"
- Else
- MN$ = "MOV dword ptr [ "
- If IsProg64
- Strings(8, 2)
- Else
- Strings(4, 2)
- EndIf
- MN$ + " , EAX"
- EndIf
- ;----------------------
- Case $A4 ;Xb, Yb
- MN$ = "MOVSB "
- ;----------------------
- Case $A5 ;Xv, Yv
- If Mid(OP$, 1, 2) = "66"
- MN$ = "MOVSW "
- ElseIf REX & %00001000
- MN$ = "MOVSQ "
- Else
- MN$ = "MOVSD "
- EndIf
- ;----------------------
- Case $A6 ;Xb, Yb
- MN$ = "CMPSB "
- ;----------------------
- Case $A7 ;Xv, Yv
- If Mid(OP$, 1, 2) = "66"
- MN$ = "CMPSW "
- ElseIf REX & %00001000
- MN$ = "CMPSQ "
- Else
- MN$ = "CMPSD "
- EndIf
- ;----------------------
- Case $A8 ;AL, Ib
- MN$ = "TEST AL , "
- Strings(1, 0)
- ;----------------------
- Case $A9 ;rAX, Iz
- If Mid(OP$, 1, 2) = "66"
- MN$ = "TEST AX , "
- Strings(2, 0)
- Else
- If REX & %00001000
- MN$ = "TEST RAX , "
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- Strings(4, 0)
- Else
- MN$ = "TEST EAX , "
- Strings(4, 0) ;4 auch für RAX richtig!
- EndIf
- EndIf
- ;----------------------
- Case $AA ;Yb, AL
- MN$ = "STOSB "
- ;----------------------
- Case $AB ;Yv, rAX
- If Mid(OP$, 1, 2) = "66"
- MN$ = "STOSW "
- ElseIf REX & %00001000
- MN$ = "STOSQ "
- Else
- MN$ = "STOSD "
- EndIf
- ;----------------------
- Case $AC ;AL, Xb
- MN$ = "LODSB "
- ;----------------------
- Case $AD ;rAX, Xv
- If Mid(OP$, 1, 2) = "66"
- MN$ = "LODSW "
- ElseIf REX & %00001000
- MN$ = "LODSQ "
- Else
- MN$ = "LODSD "
- EndIf
- ;----------------------
- Case $AE ;AL, Yb
- MN$ = "SCASB "
- ;----------------------
- Case $AF ;rAX, Yv
- If Mid(OP$, 1, 2) = "66"
- MN$ = "SCASW "
- ElseIf REX & %00001000
- MN$ = "SCASQ "
- Else
- MN$ = "SCASD "
- EndIf
- ;----------------------
- Case $B0 To $B7 ;MOV 8-Bit-Reg, Byte-Konstante
- MN$ = "MOV "
- Komma = 1
- Register8(OP, 0)
- Strings(1, 0)
- ;----------------------
- Case $B8 To $BF ;MOV 32-Bit-Reg, D/Q-Word-Konstante; eigener Status für 64-Bit!
- MN$ = "MOV "
- Komma = 1
- If REX & %00001000 ;also W gesetzt=64-Bit-Operand
- Register32(OP, 0) ;64-Bit-Reg, QWord-Konstante
- Strings(8, 0)
- Else
- Register32(OP, 0) ;32-Bit-Reg, DWord-Konstante
- Strings(4, 0)
- EndIf
- ;----------------------
- Case $C0 ;Eb, Ib
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "ROL "
- Case 1
- MN$ = "ROR "
- Case 2
- MN$ = "RCL "
- Case 3
- MN$ = "RCR "
- Case 4
- MN$ = "SHL " ;= SAL
- Case 5
- MN$ = "SHR "
- Case 6
- MN$ = "SAL " ;= SHL
- Case 7
- MN$ = "SAR "
- EndSelect
- Komma = 1
- MemAdd64 = 1
- MSBytes(OP, 0)
- MN$ + RSet(Hex(PeekB(Buffer + BZ) & $FF), 2, "0") ;der 1-Byte-Wert
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0")
- BZ + 1
- If RM = 4
- MN$ + " ( = SAL )"
- ElseIf RM = 6
- MN$ + " ( = SHL )"
- EndIf
- ;----------------------
- Case $C1 ;Ev, Ib
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "ROL "
- Case 1
- MN$ = "ROR "
- Case 2
- MN$ = "RCL "
- Case 3
- MN$ = "RCR "
- Case 4
- MN$ = "SHL " ;= SAL
- Case 5
- MN$ = "SHR "
- Case 6
- MN$ = "SAL " ;= SHL
- Case 7
- MN$ = "SAR "
- EndSelect
- Komma = 1
- MemAdd64 = 1
- If REX & %00001000 ;Test auf REX.W
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- MN$ + RSet(Hex(PeekB(Buffer + BZ) & $FF), 2, "0") ;der 1-Byte-Wert
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0")
- BZ + 1
- If RM = 4
- MN$ + " ( = SAL )"
- ElseIf RM = 6
- MN$ + " ( = SHL )"
- EndIf
- ;----------------------
- Case $C2 ;near Return mit Wert
- MN$ = "RET "
- Strings(2, 0)
- MN$ + " (near)"
- ;----------------------
- Case $C3 ;near Return
- MN$ = "RET (near) "
- ;----------------------
- Case $C4
- OP = PeekB(Buffer + BZ) & %11000000
- If IsProg64 Or OP = %11000000 ;AVX, 3-Byte-VEX-Präfix
- XMM = 2
- VEX1 = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(VEX1), 2, "0") + " "
- mmmmm = VEX1 & %00011111 ;Opcode-Erweiterungen ($0F, $0F38, $0F3A)
- RVEX = (~(VEX1 & %10000000) >> 4) & %1000 ;Erweiterung für 1.Operand (8-15)
- XVEX = (~(VEX1 & %01000000) >> 3) & %1000
- BVEX = (~(VEX1 & %00100000) >> 2) & %1000
- BZ + 1
- VEX2 = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(VEX2), 2, "0") + " "
- pp = VEX2 & %00000011 ;Präfixe (Keiner, $66, $F2, $F3)
- LVEX = VEX2 & %00000100 ;1=256-Bit-Operanden (YMM), 0=128-Bit-Operanden (XMM)
- vvvv = (~(VEX2 & %01111000) >> 3) & %1111 ;Register 2.Operand (0-15)
- WVEX = ((VEX2 & %10000000) >> 4) & %1000 ;Nicht invertiert!
- AVX()
- If (OPAVX & %11000000 = %11000000) And XMM < 250 And XMM <> -2 ;Register, not Memory -2=VEXTRACTPS
- MN$ + XY$ + Str((OPAVX) & %111 | BVEX) ;Operand = Register
- Else ;Memory
- If XVEX Or BVEX
- REX = 1
- REX | XVEX >> 2
- REX | BVEX >> 1
- EndIf
- REX | WVEX
- MSBytes(OPAVX, Var1)
- EndIf
- Select IMM8 ;Konstante oder z.B. 4.Parameter
- Case 1
- MN$ + " , "
- Strings(1, 0) ;Konstante
- IMM8 = 0
- Case 2
- MN$ + " , "
- If LVEX
- MN$ + "YMM"
- Else
- MN$ + "XMM"
- EndIf
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- OP >> 4
- MN$ + Str(OP)
- BZ + 1
- IMM8 = 0
- Case 3
- Strings(1, 0) ;Konstante
- IMM8 = 0
- Case 4 ;z.B. VEXTRACTPS
- MN$ + " , "
- If LVEX
- MN$ + "YMM"
- Else
- MN$ + "XMM"
- EndIf
- OPAVX >> 3
- OPAVX & %111
- OPAVX | RVEX
- MN$ + Str(OPAVX) + " , "
- Strings(1, 0)
- IMM8 = 0
- EndSelect
- WVEX = 0
- BVEX = 0
- Else
- MN$ = "LES " ;Gz, Mp
- Gv(2, 1)
- EndIf
- ;----------------------
- Case $C5
- OP = PeekB(Buffer + BZ) & %10000000
- If IsProg64 Or OP = %10000000 ;AVX, 2-Byte-VEX-Präfix
- XMM = 2
- VEX1 = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(VEX1), 2, "0") + " "
- pp = VEX1 & %00000011 ;Präfixe (Keiner, $66, $F2, $F3)
- LVEX = VEX1 & %00000100 ;1=256-Bit-Operanden (YMM), 0=128-Bit-Operanden (XMM)
- vvvv = (~(VEX1 & %01111000) >> 3) & %1111 ;Register 2.Operand (0-15)
- RVEX = (~(VEX1 & %10000000) >> 4) & %1000 ;Erweiterung für 1.Operand (8-15)
- mmmmm = %00001 ;$0F "vortäuschen"
- ;Sonderfälle abfangen
- OPN = PeekB(Buffer + 1 + BZ) & $FF
- Select OPN
- Case $77
- OP$ + RSet(Hex(OPN), 2, "0") + " "
- If LVEX
- MN$ = "VZEROALL"
- Else
- MN$ = "VZEROUPPER"
- EndIf
- OPAVX = 0
- BZ + 2
- Case $AE ;hier erstmal so; evtl. neu, wenn $AE noch mal
- OP$ + RSet(Hex(OPN), 2, "0") + " "
- BZ + 2
- OPN1 = (PeekB(Buffer + BZ) & $FF)
- OP$ + RSet(Hex(OPN1), 2, "0") + " "
- OPN2 = (PeekB(Buffer + 1 + BZ) & $FF)
- OP$ + RSet(Hex(OPN2), 2, "0") + " "
- If OPN1 = $14
- MN$ = "VLDMXCSR dword ptr ["
- ElseIf OPN1 = $1C
- MN$ = "VSTMXCSR dword ptr ["
- EndIf
- BZ + 2
- Strings(4, 2)
- OPAVX = 0
- Default
- WVEX=0
- AVX()
- EndSelect
- If OPAVX & %11000000 = %11000000 And XMM < 250 ;Register, not Memory
- MN$ + XY$ + Str((OPAVX) & %111) ;Operand = Register
- ElseIf OPAVX > 0 ;z.B. wegen VZEROALL
- If XMM = 255
- Var1 = 2
- EndIf
- REX = 0
- MSBytes(OPAVX, Var1) ;Memory
- EndIf
- Select IMM8 ;Konstante oder z.B. 4.Parameter
- Case 1
- MN$ + " , "
- Strings(1, 0) ;Konstante
- IMM8 = 0
- Case 2
- MN$ + " , "
- If LVEX
- MN$ + "YMM"
- Else
- MN$ + "XMM"
- EndIf
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- OP >> 4
- MN$ + Str(OP)
- BZ + 1
- IMM8 = 0
- EndSelect
- Else
- MN$ = "LDS " ;Gz, Mp
- Gv(2, 1)
- EndIf
- ;----------------------
- Case $C6 ;Gruppe11 Eb, Ib
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "MOV "
- Komma = 1
- Case 1 To 7
- NoCode = 1
- EndSelect
- If NoCode = 0
- Adr64 = 1
- MemAdd64 = 1
- MSBytes(OP, 0) ;VAR2=0=Byte
- Strings(1, 0)
- EndIf
- ;----------------------
- Case $C7 ;Gruppe 11 Ev, Iz
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "MOV "
- Komma = 1
- Case 1 To 7
- NoCode = 1
- EndSelect
- If NoCode = 0
- MemAdd64 = 4
- If REX & %00001000
- Adr64 = 4
- MSBytes(OP, 3) ;VAR2=3=QWord
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- Else
- MSBytes(OP, 2) ;VAR2=2=DWord
- EndIf
- Strings(4, 0) ;64-Bit: Sign extended! 4 Bytes richtig!
- EndIf
- ;----------------------
- Case $C8 ;Iw, Ib
- MN$ = "ENTER "
- Strings(2, 0)
- MN$ + " , " ;hier "von Hand"
- Strings(1, 0)
- ;----------------------
- Case $C9 ;LEAVE
- If Mid(OP$, 1, 2) = "66"
- MN$ = "LEAVE ( = MOV SP , BP : POP BP )"
- Else
- If IsProg64
- MN$ = "LEAVE ( = MOV RSP , RBP : POP RBP )"
- Else
- MN$ = "LEAVE ( = MOV ESP , EBP : POP EBP )"
- EndIf
- EndIf
- ;----------------------
- Case $CA ;far Return mit Wert
- MN$ = "RET "
- Strings(2, 0)
- MN$ + " ( far )"
- ;----------------------
- Case $CB ;far Return
- MN$ = "RET ( far )"
- ;----------------------
- Case $CC ;INT3
- MN$ = "INT3 " ;Feinheit, zusammen geschrieben!
- ;----------------------
- Case $CD ;INT Ib
- MN$ = "INT "
- Strings(1, 0)
- ;----------------------
- Case $CE ;INTO
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "INTO "
- EndIf
- ;----------------------
- Case $CF ;IRET(IRETW)/IRETD/IRETQ
- If REX & %00001000 ;die 16-Bit schenke ich mir hier
- MN$ = "IRETQ "
- Else
- MN$ = "IRETD "
- EndIf
- ;----------------------
- Case $D0 ;Eb, 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "ROL "
- Case 1
- MN$ = "ROR "
- Case 2
- MN$ = "RCL "
- Case 3
- MN$ = "RCR "
- Case 4
- MN$ = "SHL " ;= SAL
- Case 5
- MN$ = "SHR "
- Case 6
- MN$ = "SAL " ;= SHL
- Case 7
- MN$ = "SAR "
- EndSelect
- MSBytes(OP, 0)
- MN$ + " , 1"
- If RM = 4
- MN$ + " ( = SAL )"
- ElseIf RM = 6
- MN$ + " ( = SHL )"
- EndIf
- ;----------------------
- Case $D1 ;Ev, 1
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "ROL "
- Case 1
- MN$ = "ROR "
- Case 2
- MN$ = "RCL "
- Case 3
- MN$ = "RCR "
- Case 4
- MN$ = "SHL " ;= SAL
- Case 5
- MN$ = "SHR "
- Case 6
- MN$ = "SAL " ;= SHL
- Case 7
- MN$ = "SAR "
- EndSelect
- MSBytes(OP, 2)
- MN$ + " , 1"
- If RM = 4
- MN$ + " ( = SAL )"
- ElseIf RM = 6
- MN$ + " ( = SHL )"
- EndIf
- ;----------------------
- Case $D2 ;Eb, CL
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "ROL "
- Case 1
- MN$ = "ROR "
- Case 2
- MN$ = "RCL "
- Case 3
- MN$ = "RCR "
- Case 4
- MN$ = "SHL " ;= SAL
- Case 5
- MN$ = "SHR "
- Case 6
- MN$ = "SAL " ;= SHL
- Case 7
- MN$ = "SAR "
- EndSelect
- MSBytes(OP, 0)
- MN$ + " , CL"
- If RM = 4
- MN$ + " ( = SAL )"
- ElseIf RM = 6
- MN$ + " ( = SHL )"
- EndIf
- ;----------------------
- Case $D3 ;Ev, CL
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "ROL "
- Case 1
- MN$ = "ROR "
- Case 2
- MN$ = "RCL "
- Case 3
- MN$ = "RCR "
- Case 4
- MN$ = "SHL " ;= SAL
- Case 5
- MN$ = "SHR "
- Case 6
- MN$ = "SAL " ;= SHL
- Case 7
- MN$ = "SAR "
- EndSelect
- MSBytes(OP, 2)
- MN$ + " , CL"
- If RM = 4
- MN$ + " ( = SAL )"
- ElseIf RM = 6
- MN$ + " ( = SHL )"
- EndIf
- ;----------------------
- Case $D4 ;Ib
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "AAM "
- Strings(1, 0) ;Basiswert wird hier mit Absicht angegeben!
- EndIf
- ;----------------------
- Case $D5 ;Ib
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "AAD "
- Strings(1, 0) ;Basiswert wird hier mit Absicht angegeben!
- EndIf
- ;----------------------
- Case $D6
- If IsProg64
- MN$ = No64$
- Else
- MN$ = "SALC (Set AL on Carry - not documented (Intel), set all 8 Bits!)"
- EndIf
- ;----------------------
- Case $D7
- MN$ = "XLATB "
- ;----------------------
- Case $D8 To $DF ;FPU-Instruktionen
- OPF = OP ;OP nicht global!
- FPU()
- ;----------------------
- Case $E0 ;Jb
- MN$ = "LOOPNE "
- Sprung_short()
- MN$ + " ( = LOOPNZ )"
- ;----------------------
- Case $E1 ;Jb
- MN$ = "LOOPE "
- Sprung_short()
- MN$ + " ( = LOOPZ )"
- ;----------------------
- Case $E2 ;Jb
- MN$ = "LOOP "
- Sprung_short()
- ;----------------------
- Case $E3 ;Jb
- If IsProg64 = 0 And (Mid(OP$, 1, 2) = "67" Or Mid(OP$, 4, 2) = "67") ;Operand Override
- MN$ = "JCXZ "
- ElseIf IsProg64 = 1 And (Mid(OP$, 1, 2) = "67" Or Mid(OP$, 4, 2) = "67")
- MN$ = "JECXZ "
- Else
- MN$ = "JRCXZ "
- EndIf
- Sprung_short()
- ;----------------------
- Case $E4 ;Ib
- MN$ = "IN AL , "
- Strings(1, 0)
- ;----------------------
- Case $E5 ;Ib
- If Mid(OP$, 1, 2) = "66" ;Operand Override
- MN$ = "IN AX , "
- Else
- MN$ = "IN EAX , "
- EndIf
- Strings(1, 0)
- ;----------------------
- Case $E6 ;Ib
- MN$ = "OUT "
- Strings(1, 0)
- MN$ + " , AL"
- ;----------------------
- Case $E7 ;Ib
- MN$ = "OUT "
- Strings(1, 0)
- If Mid(OP$, 1, 2) = "66" ;Operand Override
- MN$ + " , AX"
- Else
- MN$ + " , EAX"
- EndIf
- ;----------------------
- Case $E8 ;CALL mit rel. Adresse
- MN$ = "CALL "
- For k = 1 To 4
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- Next
- SPZ = PeekL(Buffer + BZ - 4) + BZ - SO ;Sprungziel
- SPZH$ = RSet(Hex(SPZ + IB + SRVA), Adr3264, "0") ;setzt auch 64-Bit-Adresse richtig!
- SPZ$ = ""
- For k = 1 To Adr3264 - 1 Step 2
- SPZ$ + Mid(SPZH$, k, 2) + " "
- Next
- MN$ + SPZ$
- ;- Versuch, Sprungziel nach möglicher API-Funktion aufzulösen
- RSPZ = SPZ + IB + SRVA ;rel.Sprungziel
- k = 0
- For n = 1 To ANS ;um "Sprungziel" in der Datei zu ermitteln
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H))
- XRVA = I_S_H\VirtualAddress
- X = XRVA + I_S_H\SizeOfRawData ;+ Länge der Section
- RSE = IB + XRVA + I_S_H\SizeOfRawData - 1 ;rel.Ende der Sections
- If RSPZ < RSE ;Sprungziel in dieser Section ?
- SPZ = RSPZ - IB - XRVA + I_S_H\PointerToRawData ;"Sprungziel" in der Datei
- Break
- EndIf
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- If SPZ > LF Or SPZ < 0 ;Schutzmassnahme z.B. wenn Code nicht vollständig auflösbar oder Käse ist
- Goto Schutz
- EndIf
- If PeekW(Buffer + SPZ) = $25FF ;Test auf JMP (Opcode $FF25, erweiterbar)
- SPZ = PeekL(Buffer + SPZ + 2) ;neues Sprungziel
- If IsProg64
- RSPZ + SPZ + 6 ;6=Länge Opcode (mit Long-Adresse)
- Else
- SPZ - IB
- EndIf
- k = 0
- For n = SZ To ANS
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H))
- XRVA = I_S_H\VirtualAddress ;RVA der Sections
- X = XRVA + I_S_H\SizeOfRawData ;+ Länge der Section
- If IsProg64
- SPZ = RSPZ - IB
- EndIf
- If SPZ < X ;SPZ in dieser Section ?
- SPZ - XRVA + I_S_H\PointerToRawData ;+ Offset dieser Section
- Break
- EndIf
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- If SPZ > LF Or SPZ < 0 ;Schutzmassnahme z.B. wenn Code nicht vollständig auflösbar oder Käse ist
- Goto Schutz
- EndIf
- SPZ = PeekL(Buffer + SPZ)
- For m = n To ANS
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H))
- XRVA = I_S_H\VirtualAddress ;RVA der Sections
- X = XRVA + I_S_H\SizeOfRawData ;+ Länge der Section
- If SPZ < X ;SPZ in dieser Section ?
- SPZ - XRVA + I_S_H\PointerToRawData ;+ Offset dieser Section
- If SPZ > LF Or SPZ < 0 ;Schutzmassnahme z.B. wenn Code nicht vollständig auflösbar oder Käse ist
- Goto Schutz
- EndIf
- XF = I_S_H\Characteristics ;Flags ermitteln
- If XF & #IMAGE_SCN_MEM_EXECUTE = 0 ;Test, ob Section ausführbar oder nicht
- Info$ = PeekS(Buffer + SPZ + 2, $FF) ;+2 wegen Word Ordnungs-Nr.
- If Info$ <> ""
- MN$ + " (" + Chr(34) + Info$ + Chr(34); + " / "
- For i = Buffer + SPZ + 3 To Buffer + I_S_H\PointerToRawData + I_S_H\SizeOfRawData - 4
- If PeekL(i) & $5F5F5FFF = $4C4C442E ;".DLL" oder ".dll"
- For j = i To Buffer + SPZ + 3 Step -1
- If PeekB(j) = 0 ;Zero-Byte
- Break
- EndIf
- Next
- DLL$ = PeekS(j + 1, $FF)
- If DLL$ <> ""
- MN$ + " / " + DLL$
- EndIf
- Break
- EndIf
- Next
- DLL$ = ""
- MN$ + ")"
- EndIf
- Break
- EndIf
- EndIf
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- EndIf ;ob anschliessender JMP
- Schutz:
- ;----------------------
- Case $E9 ;Jz
- MN$ = "JMP " ;near
- Sprung_near_long()
- MN$ + " ( near )"
- ;----------------------
- Case $EA ;AP
- MN$ = "JMP " ;far
- Sprung_near_long() ;?
- MN$ + " ( far )"
- ;----------------------
- Case $EB ;Jb
- MN$ = "JMP " ;short
- Sprung_short()
- ;----------------------
- Case $EC
- MN$ = "IN AL , DX"
- ;----------------------
- Case $ED
- If Mid(OP$, 1, 2) = "66" ;Operand Override
- MN$ = "IN AX , DX"
- Else
- MN$ = "IN EAX , DX"
- EndIf
- ;----------------------
- Case $EE
- MN$ = "OUT DX , AL"
- ;----------------------
- Case $EF
- If Mid(OP$, 1, 2) = "66" ;Operand Override
- MN$ = "OUT DX , AX"
- Else
- MN$ = "OUT DX , EAX"
- EndIf
- ;----------------------
- Case $F0
- MN$ = "LOCK "
- ;----------------------
- Case $F1
- MN$ = "ICEBP (INT01 (ICE BreakPoint) - not documented)"
- ;----------------------
- Case $F2
- X = (PeekB(Buffer + BZ) & $FF) ;auch um 64-Bit auszusieben
- If X <> $0F And (X < $40 And X > $4F) ;sonst Präfix für SSE!
- MN$ = "REPNE ( = REPNZ )" ;identisch mit REPNZ
- Else
- OV = 1
- EndIf
- ;----------------------
- Case $F3
- X = (PeekB(Buffer + BZ) & $FF) ;auch um 64-Bit auszusieben
- If X <> $0F And (X < $40 And X > $4F) ;sonst Präfix für SSE!
- MN$ = "REPE ( = REP = REPZ )" ;identisch mit REP und REPZ
- Else
- OV = 1
- EndIf
- ;----------------------
- Case $F4
- MN$ = "HLT "
- ;----------------------
- Case $F5
- MN$ = "CMC "
- ;----------------------
- Case $F6 ;Eb Gruppe 3
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0 To 1
- MN$ = "TEST "
- Komma = 1
- MemAdd64 = 1
- Case 2
- MN$ = "NOT "
- Case 3
- MN$ = "NEG "
- Case 4
- MN$ = "MUL " ;AL
- Case 5
- MN$ = "IMUL " ;AL
- Case 6
- MN$ = "DIV " ;AL
- Case 7
- MN$ = "IDIV " ;AL
- EndSelect
- MSBytes(OP, 0)
- If RM = 0 Or RM = 1 ;für TEST
- Strings(1, 0)
- EndIf
- ;----------------------
- Case $F7 ;Ev Gruppe 3
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0 To 1
- MN$ = "TEST "
- Komma = 1
- MemAdd64 = 4
- Case 2
- MN$ = "NOT "
- Case 3
- MN$ = "NEG "
- Case 4
- MN$ = "MUL "
- Case 5
- MN$ = "IMUL "
- Case 6
- MN$ = "DIV "
- Case 7
- MN$ = "IDIV "
- EndSelect
- If Mid(OP$, 1, 2) = "66" ;Operand Override
- MSBytes(OP, 1)
- If RM = 0 Or RM = 1 ;für TEST
- Strings(2, 0)
- EndIf
- Else
- If REX & %00001000 ;REX.W
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- If RM = 0 Or RM = 1 ;für TEST
- If REX & %00001000
- H = PeekB(Buffer + BZ + 3) & $FF
- If H < $80 ;Feinheit! sign-extended
- MN$ + "00 00 00 00 "
- Else
- MN$ + "FF FF FF FF "
- EndIf
- EndIf
- Strings(4, 0)
- EndIf
- EndIf
- ;----------------------
- Case $F8 ;CLC
- MN$ = "CLC "
- ;----------------------
- Case $F9 ;STC
- MN$ = "STC "
- ;----------------------
- Case $FA ;CLI
- MN$ = "CLI "
- ;----------------------
- Case $FB ;STI
- MN$ = "STI "
- ;----------------------
- Case $FC ;CLD
- MN$ = "CLD "
- ;----------------------
- Case $FD ;STD
- MN$ = "STD "
- ;----------------------
- Case $FE ;Eb
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0
- MN$ = "INC "
- Case 1
- MN$ = "DEC "
- Case 2 To 7
- NoCode = 1
- EndSelect
- If NoCode = 0
- MSBytes(OP, 0)
- EndIf
- ;----------------------
- Case $FF ;Gruppe 5
- OP = PeekB(Buffer + BZ) & $FF
- OP$ + RSet(Hex(OP), 2, "0") + " "
- BZ + 1
- RM = (OP & %00111000) >> 3 ;reg/opcode für Befehl
- Select RM
- Case 0 ;Ev
- MN$ = "INC "
- If REX & %00001000 ;REX.W
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- Case 1 ;Ev
- MN$ = "DEC "
- If REX & %00001000
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- Case 2 ;Ev
- MN$ = "CALL " ;near
- If IsProg64
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- If NoString = 0 ;nicht, wenn nicht direkt in Memory
- FuncInfo() ;Versuch, Sprungziel nach möglicher API-Funktion aufzulösen
- EndIf
- MN$ + " ( near )"
- Case 3 ;Ep
- MN$ = "CALL " ;far
- If IsProg64
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- If NoString = 0 ;nicht, wenn nicht direkt in Memory
- FuncInfo() ;Versuch, Sprungziel nach möglicher API-Funktion aufzulösen
- EndIf
- MN$ + " ( far )"
- Case 4 ;Ev
- MN$ = "JMP " ;near
- If IsProg64
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- MN$ + " ( near )"
- Case 5 ;Ep
- MN$ = "JMP " ;far
- If IsProg64
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- MN$ + " ( far )"
- Case 6 ;Ev
- MN$ = "PUSH "
- If IsProg64
- S = 3 ;QWord
- Else
- S = 2 ;DWord
- EndIf
- MSBytes(OP, S)
- Case 7
- NoCode = 1
- EndSelect
- ;----------------------
- Default
- MN$ = "???" ;irgendwelcher Käse
- EndSelect
- If PEP ;PEP soll separate Zeile sein
- If BZ + OS - SO > PEP + IB
- D = (BZ + OS - SO) - (PEP + IB)
- BZ - D ;"Einraster" für PEP
- OP$ = Mid(OP$, 1, Len(OP$) - D * 3) ;3 = 2 Ziffer-Zeichen + 1 Space
- NoCode = 1 ;kein ausführbarer Code
- EndIf
- EndIf
- If DLL And DLLEntry = 0 ;falls DLL-Entrypoint nicht auf Adresse fällt
- If BZ + OS - SO > DLLAdr ;von oben
- D = (BZ + OS - SO) - DLLAdr
- BZ - D ;"Einraster" für DLL-Entrypoint
- OP$ = Mid(OP$, 1, Len(OP$) - D * 3) ;3 = 2 Ziffer-Zeichen + 1 Space
- NoCode = 1 ;kein ausführbarer Code
- EndIf
- EndIf
- If NoCode
- MN$ = "No Code"
- NoCode = 0
- EndIf
- ;If ZeilePEP = Zeile
- ; MN$ + " (Program - Entrypoint)"
- ;EndIf
- If OV = 0 ;nur, wenn kein Override
- Daten(Zeile)\Opcode = OP$
- Daten(Zeile)\Mnemonic = MN$
- ;Opcode as Text-Chars
- ASC$ = ""
- For j = 1 To Len(OP$) Step 2
- A$ = "$"
- A$ + Mid(OP$, j, 2)
- ASC$ + Chr(Val(A$))
- j + 1 ;Space in OP$ überspringen
- Next
- Daten(Zeile)\ASCII = ASC$
- While DLLEntry ;es können auch mehrere Funktionen auf ein und die selbe Adresse zeigen
- MN$ + " (Entrypoint : " + Mid(ArrayAdr(ZDLL - DLLEntry), Adr3264 + 1, 255) + " )"
- Daten(Zeile)\Mnemonic = MN$
- AddElement(DLLEP())
- DLLEP() = Zeile
- DLLEntry - 1
- Wend
- Zeile + 1
- XMM = 0
- REX = 0
- Adr64 = 0
- NoString = 0
- EndIf
- If BZ > (BZOLD + (LF / 100)) ;was fürs Auge
- BZOLD = BZ
- SetGadgetText(70, Fort$ + SECN$)
- SetGadgetState(71, (BZ * 100) / LF)
- EndIf
- ForEver ;bis Section fertig
- EndProcedure
- Procedure Datas() ;Section mit nicht ausführbarem Code
- SRVA = I_S_H\VirtualAddress ;rel.virt.Adresse Section
- SL = I_S_H\SizeOfRawData ;Section-Länge
- SO = I_S_H\PointerToRawData ;Section-Offset innerhalb der Datei
- SF = I_S_H\Characteristics ;Section-Flags
- SE = SO + SL ;Section-End-Adresse
- OS = IB + SRVA ;Offset Section
- SECN$ = Mid(I_S_H\Name, 1, 8) ;zur Sicherheit, da nicht zwangsläufig null-terminiert
- Daten(Zeile)\Opcode = "Begin Section" + Str(SZ) + ", Name: " + UCase(SECN$) + ", non executable Code"
- Zeile + 1
- BZ = SO ;Zeiger in Buffer
- Repeat
- If BZ >= SE
- Daten(Zeile)\Opcode = " E n d S e c t i o n " + Str(SZ) + " " + UCase(SECN$)
- Zeile + 1
- Break
- EndIf
- OP$ = ""
- MN$ = ""
- SOS = BZ
- While (BZ < SE)
- OP$ + RSet(Hex(PeekB(Buffer + BZ) & $FF), 2, "0") + " "
- MN = PeekB(Buffer + BZ)
- If MN < $20 Or MN > $7A
- MN = $2E
- EndIf
- MN$ + Chr(MN) + " "
- If Len(OP$) > 45 ;max. 16 Zeichen + Leerzeichen dazwischen
- Daten(Zeile)\Address = "$" + RSet(Hex(BZ + OS - SO - 15), Adr3264, "0")
- Daten(Zeile)\Opcode = OP$
- Daten(Zeile)\Mnemonic = MN$
- Zeile + 1
- OP$ = ""
- MN$ = ""
- SOS = BZ
- EndIf
- BZ + 1
- If BZ > (BZOLD + (LF / 100)) ;was fürs Auge
- BZOLD = BZ
- SetGadgetText(70, Fort$ + SECN$)
- SetGadgetState(71, (BZ * 100) / LF)
- EndIf
- Wend
- If OP$ <> ""
- Daten(Zeile)\Address = "$" + RSet(Hex(SOS + OS - SO), Adr3264, "0")
- Daten(Zeile)\Opcode = OP$
- Daten(Zeile)\Mnemonic = MN$
- Zeile + 1
- EndIf
- ForEver ;bis Section fertig
- EndProcedure
- Procedure CPUID_Info()
- ;Instruction/Group CPUID (EAX) Register Bit Intel AMD Remarks
- ;--------------------------------------------------------------------------------------------------------
- ;3DNOW! 80000001h EDX 31 - x
- ;AES 00000001h ECX 25 x x
- ;AMDLM 80000001h EDX 29 - x AMD Long Mode
- ;AMDMISAL16 80000001h ECX 7 - x Misaligned 16-Byte Memory Access
- ;AVX 00000001h ECX 28 x x
- ;AVX2 00000007h EBX 5 x - Input ECX=0
- ;BMI 00000007h EBX 3 - x Input ECX=0, Bit Manipulation Instruction
- ;CLFSH 00000001h EDX 19 x x CLFLUSH
- ;(F)CMOV 00000001h EDX 15 x x CMOVcc, FCMOVcc
- ;CMPXCHG8B 00000001h EDX 8 x x
- ;CMPXCHG16B 00000001h ECX 13 x x
- ;CVT16 80000001h ECX 18 - x Floating-Point Fraction Extract and Half-Precision Conversion
- ;EMMX 80000001h EDX 22 - x AMD Extensions to MMX
- ;EXT3DNOW! 80000001h EDX 30 - x Extensions to 3DNOW!
- ;FMA 00000001h ECX 12 x - Fused Multiply Add
- ;FMA4 80000001h ECX 16 - x Floating-Point Multiply Accumulate (4 Operands)
- ;FXSR 00000001h EDX 24 x x FXSAVE, FXRSTOR
- ;LWP 80000001h ECX 15 - x LightWeight Profiling
- ;LZCNT 80000001h ECX 5 - x
- ;MMX 00000001h EDX 23 x x
- ;MONITOR 00000001h ECX 3 x x MONITOR, MWAIT
- ;MOVBE 00000001h ECX 22 x -
- ;MSR 00000001h EDX 5 x x RDMSR, WRMSR
- ;OSXSAVE 00000001h ECX 27 x -
- ;PCLMULQDQ 00000001h ECX 1 x - Carryless Multiplication
- ;POPCNT 00000001h ECX 23 x x
- ;RDTSC 00000001h EDX 4 x x
- ;RDTSCP 80000001h EDX 27 x x
- ;SEP 00000001h EDX 11 x x SYSENTER, SYSEXIT
- ;SMX 00000001h ECX 6 x - Safer Mode Extensions
- ;SSE 00000001h EDX 25 x x
- ;SSE2 00000001h EDX 26 x x
- ;SSE3 00000001h ECX 0 x x
- ;SSSE3 00000001h ECX 9 x x
- ;SSE4.1 00000001h ECX 19 x x
- ;SSE4.2 00000001h ECX 20 x x
- ;SSE4A 80000001h ECX 6 - x
- ;SVM 80000001h ECX 2 - x Secure Virtual Machine
- ;TBM 80000001h ECX 21 - x Trailing Bit Manipulation
- ;VMX 00000001h ECX 5 x - Virtual Machine Extensions
- ;XOP 80000001h ECX 11 - x Extended Operations
- ;XSAVE 00000001h ECX 26 x x
- ;XSAVEOPT 0000000Dh EAX 0 x x Input ECX=1
- ;No check for CPUID!
- !mov eax,1h
- !cpuid
- !test edx,[v_Bit23] ;MMX
- !jz l_nommx
- !mov [v_MMX],8800h ;Grün für vorhanden
- NOMMX:
- !test edx,[v_Bit25] ;SSE
- !jz l_nosse
- !mov [v_SSE],8800h
- NOSSE:
- !test edx,[v_Bit26] ;SSE2
- !jz l_nosse2
- !mov [v_SSE2],8800h
- NOSSE2:
- !test ecx,[v_Bit0] ;SSE3
- !jz l_nosse3
- !mov [v_SSE3],8800h
- NOSSE3:
- !test ecx,[v_Bit9] ;SSSE3
- !jz l_nossse3
- !mov [v_SSSE3],8800h
- NOSSSE3:
- !test ecx,[v_Bit19] ;SSE4.1
- !jz l_nosse41
- !mov [v_SSE41],8800h
- NOSSE41:
- !test ecx,[v_Bit20] ;SSE4.2
- !jz l_nosse42
- !mov [v_SSE42],8800h
- NOSSE42:
- !test ecx,[v_Bit23] ;POPCNT
- !jz l_nopopcnt
- !mov [v_POPCNT],8800h
- NOPOPCNT:
- !test ecx,[v_Bit1] ;PCLMULQDQ
- !jz l_nopclmulqdq
- !mov [v_PCLMULQDQ],8800h
- NOPCLMULQDQ:
- !test ecx,[v_Bit2] ;MONITOR
- !jz l_nomonitor
- !mov [v_MONITOR],8800h
- NOMONITOR:
- !test ecx,[v_Bit5] ;VMX
- !jz l_novmx
- !mov [v_VMX],8800h
- NOVMX:
- !test ecx,[v_Bit6] ;SMX
- !jz l_nosmx
- !mov [v_SMX],8800h
- NOSMX:
- !test ecx,[v_Bit12] ;FMA
- !jz l_nofma
- !mov [v_FMA],8800h
- NOFMA:
- !test edx,[v_Bit11] ;SEP
- !jz l_nosep
- !mov [v_SEP],8800h
- NOSEP:
- !test edx,[v_Bit24] ;FXSR
- !jz l_nofxsr
- !mov [v_FXSR],8800h
- NOFXSR:
- !test edx,[v_Bit8] ;CMPXCHG8B
- !jz l_nocx8
- !mov [v_CX8],8800h
- NOCX8:
- !test ecx,[v_Bit13] ;CMPXCHG16B
- !jz l_nocx16
- !mov [v_CX16],8800h
- NOCX16:
- !test ecx,[v_Bit25] ;AES
- !jz l_noaes
- !mov [v_AES],8800h
- NOAES:
- !test ecx,[v_Bit26] ;XSAVE
- !jz l_noxsave
- !mov [v_XSAVE],8800h
- NOXSAVE:
- !test ecx,[v_Bit27] ;OSXSAVE
- !jz l_noosxsave
- !mov [v_OSXSAVE],8800h
- NOOSXSAVE:
- !test ecx,[v_Bit28] ;AVX
- !jz l_noavx
- !mov [v_AVX],8800h
- NOAVX:
- !test ecx,[v_Bit22] ;MOVBE
- !jz l_nomovbe
- !mov [v_MOVBE],8800h
- NOMOVBE:
- !test edx,[v_Bit15] ;(F)CMOVcc
- !jz l_nocmov
- !mov [v_CMOV],8800h
- NOCMOV:
- !test edx,[v_Bit19] ;CLFSH
- !jz l_noclfsh
- !mov [v_CLFSH],8800h
- NOCLFSH:
- !test edx,[v_Bit5] ;MSR
- !jz l_nomsr
- !mov [v_MSR],8800h
- NOMSR:
- !test edx,[v_Bit4] ;RDTSC
- !jz l_nordtsc
- !mov [v_RDTSC],8800h
- NORDTSC:
- !xor eax,eax
- !cpuid
- !cmp eax,0Dh ;largest ID
- !jb l_noxsaveopt
- !mov eax,0Dh
- !mov ecx,1
- !cpuid
- !test eax,[v_Bit0] ;XSAVEOPT
- !jz l_noxsaveopt
- !mov [v_XSAVEOPT],8800h
- NOXSAVEOPT:
- !mov eax,7
- !xor ecx,ecx
- !cpuid
- !test ebx,[v_Bit5] ;AVX2
- !jz l_noavx2
- !mov [v_AVX2],8800h
- NOAVX2:
- !mov eax,7
- !xor ecx,ecx
- !cpuid
- !test ebx,[v_Bit3] ;BMI
- !jz l_nobmi
- !mov [v_BMI],8800h
- NOBMI:
- ;-------- Anzahl der vorhandenen Extended Levels ermitteln als Vorstufe für 3DNow!-Test
- ;-------- Rückgabewert in EAX (-80000000h) gibt Anzahl der Extended Level an
- !mov eax,80000000h
- !cpuid
- !cmp eax,80000000h ;hat nichts mit einem Bit zu tun!
- !jbe l_noexte ;keine Extended Levels, Ende
- !mov eax,80000001h
- !cpuid ;Intel-Prozessoren liefern hier EAX=0 zurück
- !or eax,eax
- !je l_noamd ;ist Intel-Prozessor
- !test edx,[v_Bit31] ;AMD 3DNow!
- !jz l_noext
- !mov [v_DNOW],8800h
- !test edx,[v_Bit30] ;AMD Extended 3DNow! DSP: PF2IW, PFNACC, PFPNACC, PI2FW, PSWAPD
- !jz l_noext
- !mov [v_EDNOW],8800h
- NOEXT:
- !test ecx,[v_Bit6] ;AMD SSE4A EXTRQ, INSERTQ, MOVNTSD, MOVNTSS
- !jz l_nosse4a
- !mov [v_SSE4A],8800h
- NOSSE4A:
- !test edx,[v_Bit29] ;AMDLM AMD Long Mode
- !jz l_noamdlm
- !mov [v_AMDLM],8800h
- NOAMDLM:
- !test ecx,[v_Bit7] ;AMDMISAL16
- !jz l_noamdmisal16
- !mov [v_AMDMISAL16],8800h
- NOAMDMISAL16:
- !test ecx,[v_Bit18] ;CVT16
- !jz l_nocvt16
- !mov [v_CVT16],8800h
- NOCVT16:
- !test edx,[v_Bit22] ;EMMX
- !jz l_noemmx
- !mov [v_EMMX],8800h
- NOEMMX:
- !test ecx,[v_Bit16] ;FMA4
- !jz l_nofma4
- !mov [v_FMA4],8800h
- NOFMA4:
- !test ecx,[v_Bit15] ;LWP
- !jz l_nolwp
- !mov [v_LWP],8800h
- NOLWP:
- !test ecx,[v_Bit5] ;LZCNT
- !jz l_nolzcnt
- !mov [v_LZCNT],8800h
- NOLZCNT:
- !test ecx,[v_Bit2] ;SVM
- !jz l_nosvm
- !mov [v_SVM],8800h
- NOSVM:
- !test ecx,[v_Bit21] ;TBM
- !jz l_notbm
- !mov [v_TBM],8800h
- NOTBM:
- !test ecx,[v_Bit11] ;XOP
- !jz l_noamd
- !mov [v_XOP],8800h
- NOAMD:
- !test edx,[v_Bit27] ;RDTSCP
- !jz l_noexte
- !mov [v_RDTSCP],8800h
- NOEXTE:
- TextGadget(80, 10, 16, 43, 13, DNOW$)
- SetGadgetColor(80, #PB_Gadget_FrontColor, DNOW)
- TextGadget(81, 60, 16, 59, 13, EDNOW$)
- SetGadgetColor(81, #PB_Gadget_FrontColor, EDNOW)
- TextGadget(82, 126, 16, 23, 13, AES$)
- SetGadgetColor(82, #PB_Gadget_FrontColor, AES)
- TextGadget(83, 157, 16, 40, 13, AMDLM$)
- SetGadgetColor(83, #PB_Gadget_FrontColor, AMDLM)
- TextGadget(84, 205, 16, 73, 13, AMDMISAL16$)
- SetGadgetColor(84, #PB_Gadget_FrontColor, AMDMISAL16)
- TextGadget(85, 285, 16, 22, 13, AVX$)
- SetGadgetColor(85, #PB_Gadget_FrontColor, AVX)
- TextGadget(86, 314, 16, 28, 13, AVX2$)
- SetGadgetColor(86, #PB_Gadget_FrontColor, AVX2)
- TextGadget(87, 349, 16, 20, 13, BMI$)
- SetGadgetColor(87, #PB_Gadget_FrontColor, BMI)
- TextGadget(88, 376, 16, 40, 13, CLFSH$)
- SetGadgetColor(88, #PB_Gadget_FrontColor, CLFSH)
- TextGadget(89, 423, 16, 50, 13, CMOV$)
- SetGadgetColor(89, #PB_Gadget_FrontColor, CMOV)
- TextGadget(90, 480, 16, 37, 13, CVT16$)
- SetGadgetColor(90, #PB_Gadget_FrontColor, CVT16)
- TextGadget(91, 524, 16, 24, 13, CX8$)
- SetGadgetColor(91, #PB_Gadget_FrontColor, CX8)
- TextGadget(92, 555, 16, 30, 13, CX16$)
- SetGadgetColor(92, #PB_Gadget_FrontColor, CX16)
- TextGadget(93, 592, 16, 24, 13, FMA$)
- SetGadgetColor(93, #PB_Gadget_FrontColor, FMA)
- TextGadget(94, 623, 16, 29, 13, FMA4$)
- SetGadgetColor(94, #PB_Gadget_FrontColor, FMA4)
- TextGadget(95, 659, 16, 31, 13, FXSR$)
- SetGadgetColor(95, #PB_Gadget_FrontColor, FXSR)
- TextGadget(96, 697, 16, 25, 13, LWP$)
- SetGadgetColor(96, #PB_Gadget_FrontColor, LWP)
- TextGadget(97, 729, 16, 38, 13, LZCNT$)
- SetGadgetColor(97, #PB_Gadget_FrontColor, LZCNT)
- TextGadget(98, 774, 16, 25, 13, MMX$)
- SetGadgetColor(98, #PB_Gadget_FrontColor, MMX)
- TextGadget(99, 806, 16, 42, 13, EMMX$)
- SetGadgetColor(99, #PB_Gadget_FrontColor, EMMX)
- TextGadget(100, 855, 16, 54, 13, MONITOR$)
- SetGadgetColor(100, #PB_Gadget_FrontColor, MONITOR)
- TextGadget(101, 916, 16, 40, 13, MOVBE$)
- SetGadgetColor(101, #PB_Gadget_FrontColor, MOVBE)
- TextGadget(102, 963, 16, 26, 13, MSR$)
- SetGadgetColor(102, #PB_Gadget_FrontColor, MSR)
- TextGadget(103, 10, 29, 52, 13, OSXSAVE$)
- SetGadgetColor(103, #PB_Gadget_FrontColor, OSXSAVE)
- TextGadget(104, 69, 29, 76, 13, PCLMULQDQ$)
- SetGadgetColor(104, #PB_Gadget_FrontColor, PCLMULQDQ)
- TextGadget(105, 152, 29, 50, 13, POPCNT$)
- SetGadgetColor(105, #PB_Gadget_FrontColor, POPCNT)
- TextGadget(106, 209, 29, 42, 13, RDTSC$)
- SetGadgetColor(106, #PB_Gadget_FrontColor, RDTSC)
- TextGadget(107, 258, 29, 50, 13, RDTSCP$)
- SetGadgetColor(107, #PB_Gadget_FrontColor, RDTSCP)
- TextGadget(108, 315, 29, 24, 13, SEP$)
- SetGadgetColor(108, #PB_Gadget_FrontColor, SEP)
- TextGadget(109, 346, 29, 24, 13, SMX$)
- SetGadgetColor(109, #PB_Gadget_FrontColor, SMX)
- TextGadget(110, 377, 29, 23, 13, SSE$)
- SetGadgetColor(110, #PB_Gadget_FrontColor, SSE)
- TextGadget(111, 407, 29, 31, 13, SSE2$)
- SetGadgetColor(111, #PB_Gadget_FrontColor, SSE2)
- TextGadget(112, 445, 29, 31, 13, SSE3$)
- SetGadgetColor(112, #PB_Gadget_FrontColor, SSE3)
- TextGadget(113, 483, 29, 39, 13, SSSE3$)
- SetGadgetColor(113, #PB_Gadget_FrontColor, SSSE3)
- TextGadget(114, 529, 29, 40, 13, SSE41$)
- SetGadgetColor(114, #PB_Gadget_FrontColor, SSE41)
- TextGadget(115, 576, 29, 41, 13, SSE42$)
- SetGadgetColor(115, #PB_Gadget_FrontColor, SSE42)
- TextGadget(116, 624, 29, 41, 13, SSE4A$)
- SetGadgetColor(116, #PB_Gadget_FrontColor, SSE4A)
- TextGadget(117, 672, 29, 25, 13, SVM$)
- SetGadgetColor(117, #PB_Gadget_FrontColor, SVM)
- TextGadget(118, 704, 29, 25, 13, TBM$)
- SetGadgetColor(118, #PB_Gadget_FrontColor, TBM)
- TextGadget(119, 736, 29, 25, 13, VMX$)
- SetGadgetColor(119, #PB_Gadget_FrontColor, VMX)
- TextGadget(120, 768, 29, 25, 13, XOP$)
- SetGadgetColor(120, #PB_Gadget_FrontColor, XOP)
- TextGadget(121, 800, 29, 35, 13, XSAVE$)
- SetGadgetColor(121, #PB_Gadget_FrontColor, XSAVE)
- TextGadget(122, 842, 29, 60, 13, XSAVEOPT$)
- SetGadgetColor(122, #PB_Gadget_FrontColor, XSAVEOPT)
- ;Prozessor-String
- ProzStrAdr = @ProzessorString$
- !mov eax,80000000h ;Test, ob CPU aktuell genug ist um den String zu liefern
- !cpuid
- !cmp eax,80000004h
- !jb l_nocpustr
- !mov esi,[v_ProzStrAdr]
- !xor edi,edi
- !@@:
- !mov eax,80000002h
- !add eax,edi
- !cpuid
- !mov [esi],eax
- !mov [esi+4],ebx
- !mov [esi+8],ecx
- !mov [esi+12],edx
- !inc edi
- !cmp edi,3
- !je l_nocpustr
- !add esi,16
- !jmp @b
- NOCPUSTR:
- !mov byte[esi+48],0 ;Zerobyte setzen
- TextGadget(123, 10, 2, 400, 15, "Current CPU : " + LTrim(ProzessorString$))
- For i = 80 To 123
- SetGadgetFont(i, FontID(0))
- Next
- EndProcedure
- Procedure File_Info()
- k = 0
- For n = ANS To 1 Step -1
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H)) ;fill Structure IMAGE_SECTION_HEADER
- SF = I_S_H\Characteristics ;Flags ermitteln
- SF$ = " ("
- If SF & #IMAGE_SCN_MEM_READ
- SF$ + "Read"
- EndIf
- If SF & #IMAGE_SCN_MEM_WRITE
- SF$ + " and Write"
- EndIf
- If SF & #IMAGE_SCN_MEM_EXECUTE
- SF$ + " , executable Code"
- EndIf
- If SF & #IMAGE_SCN_CNT_INITIALIZED_DATA
- SF$ + " , initializated Datas"
- EndIf
- If SF & #IMAGE_SCN_CNT_UNINITIALIZED_DATA
- SF$ + " , non initializated Datas"
- EndIf
- SF$ + ")"
- SO = I_S_H\PointerToRawData ;Section-Offset innerhalb der Datei
- SL = I_S_H\SizeOfRawData ;Sections-Länge
- SRVA = I_S_H\VirtualAddress
- SECN$ = Mid(I_S_H\Name, 1, 8) ;zur Sicherheit, da nicht zwangsläufig null-terminiert
- SE = SO + SL
- If ProgA = 0 ;niedrigst mögliche Adresse
- ProgA = IB + SRVA
- EndIf
- SEC$ = SECN$ + " : Offset = $" + Hex(SO, #PB_Long) + " End = $" + Hex(SE, #PB_Long) + " Size = $" + Hex(SL, #PB_Long) + " RVA = $" + Hex(SRVA, #PB_Long) + " Flags = $" + Hex(SF, #PB_Long) + SF$ ;lass ich erstmal auf Long
- TextGadget(131 + n, 10, 535 - 15 * n, 750, 15, SEC$)
- SetGadgetFont(131 + n, FontID(0))
- SECNG$ + SECN$ + ", "
- k + #IMAGE_SIZEOF_SECTION_HEADER
- SF$ = "" ;zur Sicherheit
- Next
- ProgE = IB + SRVA + SL - 1 ;höchst mögliche Adresse
- ;Kosmetik
- SECNG$ = Mid(SECNG$, 1, Len(SECNG$) - 2) ;letze ", " wieder entfernen für Anzeige
- MISC$ = "ImageBase = $" + Hex(IB, Adr3264 >> 2) + " Program-Entrypoint = $" + Hex(IB + PEP, Adr3264 >> 2) + " Number of Sections = $" + Hex(ANS, Adr3264) + " (" + SECNG$ + ")"
- TextGadget(130, 10, 520 - 15 * ANS, 750, 15, MISC$)
- SetGadgetFont(130, FontID(0))
- EndProcedure
- Procedure GetProcessList(Gadget)
- If OpenLibrary(0, "psapi.dll")
- If OS3264
- OpenLibrary(1, "Kernel32.dll")
- IsWow64Process.IsWoW64 = GetFunction(1, "IsWow64Process")
- CloseLibrary(1)
- EndIf
- Bit$ = "32 - Bit"
- EnumProcesses = GetFunction(0, "EnumProcesses")
- EnumProcessModules = GetFunction(0, "EnumProcessModules")
- GetModuleBaseName = GetFunction(0, "GetModuleBaseNameA")
- CallFunctionFast(EnumProcesses, ProcessesArray(), #NbProcessesMax, @nProcesses)
- For k = 0 To nProcesses >> 2
- hProcess = OpenProcess_(#PROCESS_ALL_ACCESS, #False, ProcessesArray(k)) ;PROCESS_ALL_ACCESS siebt gesperrte Programme aus
- If hProcess
- CallFunctionFast(EnumProcessModules, hProcess, @BaseModule, 4, @cbNeeded)
- Prozess$ = Space(cbNeeded)
- CallFunctionFast(GetModuleBaseName, hProcess, BaseModule, @Prozess$, cbNeeded)
- If Len(Prozess$) <> 0 ;z.B. System
- If OS3264
- IsWow64Process(hProcess, @BOOL)
- If BOOL
- Bit$ = "32 - Bit"
- Else
- Bit$ = "64 - Bit"
- EndIf
- EndIf
- AddGadgetItem(Gadget, -1, Prozess$ + Chr(10) + Bit$ + Chr(10) + Str(ProcessesArray(k)))
- EndIf
- CloseHandle_(hProcess)
- EndIf
- Next
- CloseLibrary(0)
- EndIf
- EndProcedure
- Procedure MemoryAreas()
- Repeat
- GetSystemInfo_(S_I) ;Ermittlung des für Programme zur Verfügung stehenden Speichers
- MinAdr = S_I\lpMinimumApplicationAddress
- MaxAdr = S_I\lpMaximumApplicationAddress
- ;jetzt das Ganze für Vollzugriff öffnen
- ProcessHandle = OpenProcess_(#PROCESS_ALL_ACCESS, #False, ProgID)
- AnfAdresse = MinAdr
- Zeile = 0
- While AnfAdresse < MaxAdr ;Speicher abklappern
- If OS3264
- If VirtualQueryEx_(ProcessHandle, AnfAdresse, MBI64A, 48)
- Size = PeekQ(MBI64A + 24) ;MBI\RegionSize 24
- Eigner = PeekL(MBI64A + 32) ;MBI\State 32
- Status = PeekL(MBI64A + 36) ;MBI\Protect 36
- Else
- Break
- EndIf
- Else
- If VirtualQueryEx_(ProcessHandle, AnfAdresse, @M_B_I, SizeOf(M_B_I))
- Size = M_B_I\RegionSize
- Eigner = M_B_I\State
- Status = M_B_I\Protect
- Else
- Break
- EndIf
- EndIf
- If Eigner = #MEM_COMMIT ;Test, ob Speicherbereich mit ausgewähltem Programm assoziiert ist
- If OS3264
- BaseAdr = PeekQ(MBI64A) ;MBI\BaseAddress 0
- Else
- BaseAdr = M_B_I\BaseAddress
- EndIf
- AddGadgetItem(20, -1, "")
- SetGadgetItemText(20, Zeile, "$" + Hex(BaseAdr), 0)
- EndAdr = BaseAdr + Size
- SetGadgetItemText(20, Zeile, "$" + Hex(EndAdr), 1)
- SetGadgetItemText(20, Zeile, "$" + Hex(Size), 2)
- If Status = $1
- Status$ = "PAGE_NOACCESS"
- ElseIf Status = $2
- Status$ = "PAGE_READONLY"
- ElseIf Status = $4
- Status$ = "PAGE_READWRITE"
- ElseIf Status = $8
- Status$ = "PAGE_WRITECOPY"
- ElseIf Status = $10
- Status$ = "PAGE_EXECUTE"
- ElseIf Status = $20
- Status$ = "PAGE_EXECUTE_READ"
- ElseIf Status = $40
- Status$ = "PAGE_EXECUTE_READWRITE"
- ElseIf Status = $80
- Status$ = "PAGE_EXECUTE_WRITECOPY"
- ElseIf Status = $100
- Status$ = "PAGE_GUARD"
- ElseIf Status = $200
- Status$ = "PAGE_NOCACHE"
- ElseIf Status = $400
- Status$ = "PAGE_WRITECOMBINE"
- Else
- Status$ = "Combination"
- EndIf
- SetGadgetItemText(20, Zeile, "$" + Hex(Status) + " = " + Status$ , 3)
- Status$ = ""
- Zeile + 1
- EndIf
- AnfAdresse + Size
- Wend
- SetActiveGadget(20) ;for scrolling
- Repeat
- Event = WaitWindowEvent()
- If Event = #PB_Event_CloseWindow
- Quit = 1
- Break 2
- EndIf
- Until EventType() = #PB_EventType_LeftDoubleClick
- BaseAdr$ = GetGadgetItemText(20, GetGadgetState(20))
- BaseAdr = Val(BaseAdr$)
- EndAdr$ = GetGadgetItemText(20, GetGadgetState(20), 1)
- EndAdr = Val(EndAdr$)
- ;Buffer-Speicher anfordern ---
- Laenge = (EndAdr - BaseAdr)
- Buffer = AllocateMemory(Laenge)
- If Buffer = 0
- MessageRequester("Error !", "Not enough memory !")
- Break
- EndIf
- ;"virtual" to "real" memory
- ReadProcessMemory_(ProcessHandle, BaseAdr, Buffer, Laenge, 0)
- TextGadget(0, 10, 42, 1000, 15, "Selected File :" + Bit$ + " (In Memory) " + File$ + " (" + Str(EndAdr - BaseAdr) + " Bytes)", #PB_Text_Center)
- SetGadgetFont(0, FontID(0))
- GID = ListIconGadget(20, 10, 60, 1000, 460 - 15 * ANS, "Address", 135, #LVS_OWNERDATA | #PB_ListIcon_GridLines | #PB_ListIcon_FullRowSelect)
- SetGadgetFont(20, FontID(0))
- AddGadgetColumn(20, 1, "Opcode (Values in Hex)", 290)
- AddGadgetColumn(20, 2, "Mnemonic (Values in Hex)" + Option$, 445)
- AddGadgetColumn(20, 3, "Opcode - ASCII", 100)
- TextGadget(70, 325, 70, 250, 20, Fort$, #PB_Text_Center)
- ProgressBarGadget(71, 325, 90, 250, 25, 0, 100, #PB_ProgressBar_Smooth)
- Zeile = 0
- Codes()
- Break
- ForEver
- EndProcedure
- Procedure Main()
- CPUID_Info()
- Repeat
- TextGadget(0, 10, 50, 230, 15, "Select :")
- ButtonGadget(1, 70, 48, 160, 20, "* . EXE")
- ButtonGadget(2, 250, 48, 160, 20, "* . DLL")
- ButtonGadget(3, 430, 48, 160, 20, "* . * 32 - Bit - Disassembly")
- ButtonGadget(4, 610, 48, 160, 20, "* . * 64 - Bit - Disassembly")
- ButtonGadget(5, 790, 48, 160, 20, "Program in Memory")
- For i = 0 To 5
- SetGadgetFont(i, FontID(0))
- Next
- Repeat
- Event = WaitWindowEvent()
- Select Event
- Case #PB_Event_Gadget
- Select EventGadget()
- Case 1
- FileExt$ = "*.EXE"
- Break
- Case 2
- FileExt$ = "*.DLL"
- Break
- Case 3
- FileExt$ = "*.*"
- FileExt = 2
- PEP = 0
- Bit$ = " (32-Bit-Disassembly)"
- Break
- Case 4
- FileExt$ = "*.*"
- IsProg64 = 1
- Adr3264 = 16 ;für Adress-Anzeige 64-Bit
- FileExt = 2
- PEP = 0
- Bit$ = " (64-Bit-Disassembly)"
- Break
- Case 5
- FileExt$ = "(Program in Memory)" ;only for the text
- FileExt = 3
- PEP = 0
- Break
- EndSelect
- Case #PB_Event_CloseWindow
- Quit = 1
- Break 2
- EndSelect
- ForEver
- FreeGadget(1) : FreeGadget(2) : FreeGadget(3) : FreeGadget(4) : FreeGadget(5)
- SetGadgetText(0, "Select : " + FileExt$)
- SetGadgetFont(0, FontID(0))
- If FileExt <> 3
- ExplorerTreeGadget(1, 10, 70, 1000, 460, FileExt$, #PB_Explorer_NoDriveRequester)
- ;ExplorerTreeGadget(1, 10, 70, 980, 460, "D:\Program Files\PureBasic\Compilers\"+FileExt$, #PB_Explorer_NoDriveRequester) ;for my tests
- ;ExplorerTreeGadget(1, 10, 70, 980, 460, "C:\Programme\PureBasic\Compilers\"+FileExt$, #PB_Explorer_NoDriveRequester) ;for my tests
- ;ExplorerTreeGadget(1, 10, 70, 980, 460, "Y:\"+FileExt$, #PB_Explorer_NoDriveRequester) ;for my tests
- Repeat
- Event = WaitWindowEvent()
- If Event = #PB_Event_CloseWindow
- Quit = 1
- Break 2
- EndIf
- Until EventType() = #PB_EventType_LeftDoubleClick And GetGadgetState(1) = #PB_Explorer_File
- File$ = GetGadgetText(1)
- FreeGadget(0) : FreeGadget(1)
- ReadFile(0, File$)
- LF = Lof(0)
- Buffer = AllocateMemory(LF)
- FileL = ReadData(0, Buffer, LF) ;Datei in Speicher einlesen
- CloseFile(0)
- EndIf
- Select FileExt
- Case 0 ;EXE, DLL
- CopyMemory(Buffer, @I_D_H, SizeOf(I_D_H)) ;fill Structure IMAGE_DOS_HEADER
- New_File_Header = I_D_H\e_lfanew
- If New_File_Header - 8 > LF
- MessageRequester("Error !", File$ + " is not a File in PE-File-Format !. Use All Files (*.*) !")
- Quit = 2
- Break
- EndIf
- CopyMemory(Buffer + I_D_H\e_lfanew + 4, @I_F_H, SizeOf(I_F_H)) ;fill Structure IMAGE_FILE_HEADER
- If PeekL(Buffer + I_D_H\e_lfanew) & $FFFFFFFF <> #IMAGE_NT_SIGNATURE ;Test auf "PE "
- MessageRequester("Error !", File$ + " is not a File in PE-File-Format !. Use All Files (*.*) !")
- Quit = 2
- Break
- EndIf
- Select I_F_H\Machine & $FFFF
- Case #IMAGE_FILE_MACHINE_I386
- IB = PeekL(Buffer + I_D_H\e_lfanew + 52) & $FFFFFFFF ;Image-Base
- VADLL = PeekL(Buffer + I_D_H\e_lfanew + 120) & $FFFFFFFF ;virtual address export table address
- File$ + " , 32-Bit-"
- Case #IMAGE_FILE_MACHINE_AMD64
- IB = PeekQ(Buffer + I_D_H\e_lfanew + 48) ;Image-Base
- VADLL = PeekL(Buffer + I_D_H\e_lfanew + 136) & $FFFFFFFF ;virtual address export table address
- File$ + " , 64-Bit-"
- IsProg64 = 1
- Adr3264 = 16 ;für Adress-Anzeige 64-Bit
- Default
- MessageRequester("Error !", File$ + " is not a File in 32- or 64-Bit-Windows-Format !")
- Quit = 2
- Break
- EndSelect
- Select I_F_H\Characteristics & #IMAGE_FILE_DLL
- Case #IMAGE_FILE_DLL
- File$ + "DLL"
- Default
- File$ + "Exe"
- EndSelect
- TextGadget(0, 10, 42, 1000, 15, "Selected File : " + File$ + " (" + Str(FileL) + " Bytes)", #PB_Text_Center)
- SetGadgetFont(0, FontID(0))
- ANS = I_F_H\NumberOfSections ;Anzahl der Sections
- AST = I_D_H\e_lfanew + I_F_H\SizeOfOptionalHeader + SizeOf(I_F_H) + 4 ;Anfang Section Tables 4 = size of signature (´PE ´)
- PEP = PeekL(Buffer + I_D_H\e_lfanew + 40) & $FFFFFFFF ;Programm-Einstiegspunkt
- File_Info()
- GID = ListIconGadget(20, 10, 60, 1000, 460 - 15 * ANS, "Address (Hex)", 135, #LVS_OWNERDATA | #PB_ListIcon_GridLines | #PB_ListIcon_FullRowSelect)
- SetGadgetFont(20, FontID(0))
- AddGadgetColumn(20, 1, "Opcode (Values in Hex)", 290)
- AddGadgetColumn(20, 2, "Mnemonic (Values in Hex)" + Option$, 435)
- AddGadgetColumn(20, 3, "Opcode - ASCII", 100)
- TextGadget(70, 325, 70, 250, 20, Fort$, #PB_Text_Center)
- ProgressBarGadget(71, 325, 90, 250, 25, 0, 100, #PB_ProgressBar_Smooth)
- ;Test auf DLL (zur Sicherheit)
- ;die Ordinal-Zuweisung ist mit Vorsicht zu geniessen! Mal sehen... Immer diese Ausnahmen ;-)
- ;die Nr. ist nicht unbedingt die Hint-Nr., deshalb auch nicht so genannt
- If I_F_H\Characteristics & #IMAGE_FILE_DLL ;Vertrauen ist gut, Kontrolle ist besser!
- If OpenWindow(1, 0, 0, 700, 400, "DLL-Functions of " + File$, #PB_Window_MinimizeGadget | #PB_Window_ScreenCentered | #PB_Window_Minimize)
- DLL = 1
- GID_DLL = ListIconGadget(25, 10, 10, 680, 380, "Nr.", 35, #PB_ListIcon_GridLines | #PB_ListIcon_FullRowSelect)
- SetGadgetFont(25, FontID(0))
- AddGadgetColumn(25, 1, "Function-Name", 400)
- AddGadgetColumn(25, 2, "Address (Hex)", 160)
- AddGadgetColumn(25, 3, "Ordinal", 55)
- k = 0
- For n = 1 To ANS
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H)) ;fill Structure IMAGE_SECTION_HEADER
- SRVA = I_S_H\VirtualAddress
- If VADLL < SRVA + I_S_H\SizeOfRawData ;VADLL in dieser Section ?
- SO = I_S_H\PointerToRawData
- Break
- EndIf
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- CopyMemory(Buffer + VADLL - SRVA + SO, @I_E_D, SizeOf(I_E_D)) ;fill Structure IMAGE_EXPORT_DIRECTORY
- AdrName = I_E_D\nName - SRVA + SO ;mit I_E_D\AddressOfNames fehlt mitunter etwas. Sauber???
- Name$ = PeekS(Buffer + AdrName)
- AddGadgetItem(25, -1, "")
- SetGadgetItemText(25, 0, " Original-Name : " + Name$, 1)
- SetGadgetItemText(25, 0, "(left double-click for jump)", 2)
- AdrName + Len(Name$) + 1 ;plus Zero-Byte
- NextOB = 0
- NOF = I_E_D\NumberOfFunctions - 1
- Dim ArrayName.s(NOF)
- ReDim ArrayAdr(NOF)
- j = 0 ;für NOF <> Anzahl FuncAdr
- For i = 0 To NOF
- OrdinalBasic = PeekW(Buffer + I_E_D\AddressOfNameOrdinals - SRVA + SO + NextOB)
- If OrdinalBasic < 0 Or OrdinalBasic > NOF
- Break
- EndIf
- FuncAdr = PeekL(Buffer + I_E_D\AddressOfFunctions - SRVA + SO + (OrdinalBasic << 2))
- If FuncAdr
- Name$ = PeekS(Buffer + AdrName + LNameStr)
- LNameStr + Len(Name$) + 1 ;plus Zero-Byte
- ArrayName(j) = Name$
- ArrayAdr(j) = RSet(Hex(IB + FuncAdr), Adr3264, "0") + Name$ ;Address
- NextOB + 2
- j + 1
- EndIf
- Next
- NOF = j - 1
- ReDim ArrayName(NOF)
- ReDim ArrayAdr(NOF)
- SortArray(ArrayName(), #PB_Sort_Ascending)
- NextOB = 0 : Zeile = 1
- For i = 0 To NOF
- OrdinalBasic = PeekW(Buffer + I_E_D\AddressOfNameOrdinals - SRVA + SO + NextOB)
- FuncAdr = PeekL(Buffer + I_E_D\AddressOfFunctions - SRVA + SO + (OrdinalBasic << 2))
- Name$ = ArrayName(i)
- If FuncAdr And Name$ <> ""
- AddGadgetItem(25, -1, "")
- SetGadgetItemText(25, Zeile, Str(Zeile - 1), 0)
- SetGadgetItemText(25, Zeile, Name$, 1)
- Adr$ = "$" + RSet(Hex(IB + FuncAdr), Adr3264, "0")
- SetGadgetItemText(25, Zeile, Adr$, 2)
- SetGadgetItemText(25, Zeile, Str(OrdinalBasic + I_E_D\nBase), 3)
- SetGadgetItemColor(25, Zeile, #PB_Gadget_BackColor, $EECCBB, -1)
- NextOB + 2
- Zeile + 1
- EndIf
- Next
- Zeile = 0 ;für Nachfolgendes
- SortArray(ArrayAdr(), #PB_Sort_Ascending) ;nach Adresse sortiert, mit Funktions-Namen!
- SpaltID = SendMessage_(GID_DLL, #LVM_GETHEADER, #Null, #Null) ;Spaltenbreite nicht veränderbar
- EnableWindow_(SpaltID, 0)
- EndIf
- EndIf
- Dim Daten.Item(FileL) ;nicht kleiner!
- For SZ = 1 To ANS
- CopyMemory(Buffer + AST + FL, @I_S_H, SizeOf(I_S_H))
- SF = I_S_H\Characteristics ;Status-Flags ermitteln
- If SF & #IMAGE_SCN_MEM_EXECUTE ;ausführbarer Code?
- Codes()
- Else
- Datas()
- EndIf
- FL + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- Case 2 ;*.* (32/64-Bit)
- Bin = 1
- TextGadget(0, 10, 42, 1000, 15, "Selected File : " + File$ + " (" + Str(FileL) + " Bytes)" + Bit$, #PB_Text_Center)
- SetGadgetFont(0, FontID(0))
- GID = ListIconGadget(20, 10, 60, 1000, 460 - 15 * ANS, "Address", 135, #LVS_OWNERDATA | #PB_ListIcon_GridLines | #PB_ListIcon_FullRowSelect)
- SetGadgetFont(20, FontID(0))
- AddGadgetColumn(20, 1, "Opcode (Values in Hex)", 290)
- AddGadgetColumn(20, 2, "Mnemonic (Values in Hex)" + Option$, 450)
- AddGadgetColumn(20, 3, "Opcode - ASCII", 100)
- TextGadget(70, 325, 70, 250, 20, Fort$, #PB_Text_Center)
- ProgressBarGadget(71, 325, 90, 250, 25, 0, 100, #PB_ProgressBar_Smooth)
- Codes()
- Case 3 ;Program in Memory
- Bin = 2
- ListIconGadget(20, 10, 70, 1000, 460, "Name", 480, #PB_ListIcon_GridLines | #PB_ListIcon_FullRowSelect)
- SetGadgetFont(20, FontID(0))
- AddGadgetColumn(20, 1, "Process", 245)
- AddGadgetColumn(20, 2, "Process-ID", 245)
- GetProcessList(20)
- SetActiveGadget(20) ;for scrolling
- Repeat
- File$ = GetGadgetItemText(20, GetGadgetState(20))
- ProgID = Val(GetGadgetItemText(20, GetGadgetState(20), 2))
- Event = WaitWindowEvent()
- If Event = #PB_Event_CloseWindow
- Quit = 1
- Break 2
- EndIf
- Until EventType() = #PB_EventType_LeftDoubleClick
- Bit$ = " (32-Bit)"
- If GetGadgetItemText(20, GetGadgetState(20), 1) = "64 - Bit"
- IsProg64 = 1
- Adr3264 = 16
- Bit$ = " (64-Bit)"
- EndIf
- TextGadget(0, 10, 50, 400, 15, "Select : " + FileExt$ + " : " + File$ + Bit$)
- SetGadgetFont(0, FontID(0))
- ListIconGadget(20, 10, 70, 1000, 460, "Start-Address", 135, #PB_ListIcon_GridLines | #PB_ListIcon_FullRowSelect)
- SetGadgetFont(20, FontID(0))
- AddGadgetColumn(20, 1, "End-Address", 160)
- AddGadgetColumn(20, 2, "Length", 160)
- AddGadgetColumn(20, 3, "Status", 410)
- MemoryAreas()
- If Quit
- Break
- EndIf
- EndSelect
- SendMessage_(GID, #LVM_SETITEMCOUNT, Zeile, 0) ;show now the ListIconGadget
- SendMessage_(GID, #LVM_SETEXTENDEDLISTVIEWSTYLE, #LVS_EX_GRIDLINES, #LVS_EX_GRIDLINES) ;Gridlines mal anschauen
- SetWindowTitle(0, Main$)
- SpaltID = SendMessage_(GID, #LVM_GETHEADER, #Null, #Null) ;Spaltenbreite nicht veränderbar
- EnableWindow_(SpaltID, 0) ;wieder veränderbar: EnableWindow_(SpaltID, 1)
- FreeGadget(70) : FreeGadget(71) ;ProgressBarGadget
- If I_F_H\Characteristics & #IMAGE_FILE_DLL
- SetWindowState(1, #PB_Window_Normal)
- SetActiveGadget(25) ;for scrolling
- Else
- SetActiveGadget(20) ;for scrolling
- EndIf
- CreatePopupMenu(0) ;Bearbeitungs-Menü rechte Maus-Taste
- If Bin = 0
- MenuItem(1, "Show Address as Address in the File (20 Lines) / Switch back to Standard")
- EndIf
- MenuItem(2, "Jump to Address (if Call or Jump)")
- MenuItem(3, "Jump back last Step")
- If FileExt = 0
- MenuItem(4, "Jump to Program-Entrypoint")
- MenuItem(5, "Show Header-Infos")
- EndIf
- MenuItem(6, "Search")
- MenuItem(7, "Clear Search Results")
- MenuItem(8, "Copy the range between the last two marked lines to clipboard")
- MenuItem(9, "New File")
- If Bin = 2
- MenuItem(10, "New Range for File in Memory")
- EndIf
- MenuItem(11, "About")
- MenuItem(12, "Quit")
- If IsWindow(1)
- If GetWindowState(1) = #PB_Window_Minimize Or GetActiveWindow() = 0
- SetActiveGadget(20)
- Else
- SetActiveGadget(25)
- EndIf
- Else
- SetActiveGadget(20)
- EndIf
- Repeat ;hierhin gelegt, hatte Aufhänger mit Win 7 Prof. 64-Bit (nur damit!)
- Select WaitWindowEvent()
- Case #PB_Event_Gadget
- Select EventGadget()
- Case 20 ;Gadget #20
- Select EventType()
- Case #PB_EventType_LeftClick, #PB_EventType_LeftDoubleClick
- ZeileCopy2 = GetGadgetState(20) ;für Copy
- If ZeileCopy2 <> ZeileOld
- ZeileCopy1 = ZeileOld
- ZeileOld = ZeileCopy2
- Else
- ZeileCopy1 = ZeileCopy2
- EndIf
- Case #PB_EventType_RightClick
- DisplayPopupMenu(0, WindowID(0)) ;Popup-Menu
- EndSelect
- EndSelect
- Case #PB_Event_CloseWindow
- If IsWindow(1) And GetActiveWindow() = 1 ;DLL-Funktionen
- CloseWindow(1)
- SetActiveGadget(20) ;for scrolling
- ElseIf GetActiveWindow() = 0
- If IsWindow(1)
- CloseWindow(1)
- EndIf
- Quit = 1
- Break 2
- EndIf
- If IsWindow(2) And GetActiveWindow() = 2 ;Header-Infos
- CloseWindow(2)
- SetActiveGadget(20) ;for scrolling
- EndIf
- Case #PB_Event_Menu
- Select EventMenu()
- Case 1 ;Show Address as Address in the File (20 Lines) / Switch back to Standard
- SwitcherA = ~SwitcherA
- If SwitcherA ;sichern
- Zeile = GetGadgetState(20)
- ZeileOldA = Zeile
- SichA$ = ""
- LA$ = ""
- For i = 0 To 19
- E$ = Daten(Zeile + i)\Address ;read Address
- SichA$ + E$
- LA$ + RSet(Str(Len(E$)), 3, "0") ;Länge des jeweiligen "Zeilen-Strings"
- Next
- Else ;wiederherstellen
- Zeile = ZeileOldA
- j = 1 : k = 1
- For i = 0 To 19
- L = Val(Mid(LA$, j, 3))
- E$ = Mid(SichA$, k, L)
- Daten(Zeile + i)\Address = E$
- SetGadgetState(20, Zeile + i)
- k + L : j + 3
- Next
- EndIf
- If SwitcherA
- Zeile = GetGadgetState(20)
- For i = 0 To 19 ;20 Zeilen
- Adr$ = Daten(Zeile + i)\Address ;read Address
- RSPZ = Val(Adr$)
- If RSPZ <> 0
- k = 0
- For n = 1 To ANS ;um Adresse in der Datei zu ermitteln
- CopyMemory(Buffer + AST + k, @I_S_H, SizeOf(I_S_H))
- XRVA = I_S_H\VirtualAddress
- X = XRVA + I_S_H\SizeOfRawData ;+ Länge der Section
- RSE = IB + XRVA + I_S_H\SizeOfRawData - 1 ;rel.Ende der Sections
- If RSPZ < RSE ;Adresse in dieser Section ?
- SPZ = RSPZ - IB - XRVA + I_S_H\PointerToRawData ;Adresse in der Datei
- Break
- EndIf
- k + #IMAGE_SIZEOF_SECTION_HEADER
- Next
- Daten(Zeile + i)\Address = "$" + Hex(SPZ) + " (in the file)"
- SetGadgetState(20, Zeile + i)
- EndIf
- Next
- EndIf
- Case 2 ;Jump to Address (if Call or Jump)
- Zeile = GetGadgetState(20)
- E$ = Daten(Zeile)\Mnemonic ;read Mnemonic
- ItemCount = CountGadgetItems(20) - 1 ;max.Zeile
- FindAdr$ = "$"
- If IsProg64
- AdrL = 23 ;64-Bit-Adresse
- Else
- AdrL = 11 ;32-Bit-Adresse
- EndIf
- If Mid(E$, 1, 1) = "J" Or Mid(E$, 1, 4) = "CALL"
- For j = 3 To 6 ;max.JECXZ, min.JE e.g.
- If Asc(Mid(E$, j, 1)) = 32 ;Space?
- Break
- EndIf
- Next
- j + 2 ;2 Leerzeichen nach Instruction
- If Asc(Mid(E$, j, 1)) > 70 ;F
- Goto NoAdr ;keine direkte Adresse
- EndIf
- For i = j To j + AdrL Step 3
- If Mid(E$, i - 1, 1) <> " "
- Goto NoAdr ;keine direkte Adresse, Register
- EndIf
- FindAdr$ + Mid(E$, i, 2)
- Next
- FindAdr = Val(FindAdr$)
- ZAnf = 1
- ZEnd = ItemCount
- For i = 1 To ItemCount ;binary Search
- Zeilensprung = (ZAnf + ZEnd) >> 1
- ZWert = Val(Daten(Zeilensprung)\Address)
- If ZWert = FindAdr
- Break
- ElseIf ZWert < FindAdr
- ZAnf = Zeilensprung + 1
- ElseIf ZWert > FindAdr
- ZEnd = Zeilensprung - 1
- EndIf
- Next
- If ZZeile < 100
- ZZeile + 1
- ZArray(ZZeile) = Zeile
- SetGadgetState(20, Zeilensprung)
- SendMessage_(GID, #LVM_ENSUREVISIBLE, Zeilensprung, #True)
- EndIf
- EndIf
- NoAdr:
- Case 3 ;Jump back last Step
- If ZZeile
- ZeileOld = ZArray(ZZeile)
- SetGadgetState(20, ZeileOld) ;hier markieren
- SendMessage_(GID, #LVM_ENSUREVISIBLE, ZeileOld, #True)
- ZZeile - 1
- EndIf
- Case 4 ;Jump to Program-Entrypoint
- SendMessage_(GID, #LVM_ENSUREVISIBLE, ZeilePEP, #True)
- Case 5 ;Header-Infos
- Header_Infos()
- Case 6 ;Search, only instruction (todo)
- UseGadgetList(WindowID(0)) ;nötig, falls Window für DLL
- AddKeyboardShortcut(0, #PB_Shortcut_Return, 0) ;um das Stringgadget mit Return zu verlassen
- hStr = StringGadget(140, 440, 60, 430, 18, "Search for : ")
- SetActiveGadget(140)
- SendMessage_(hStr, #EM_SETSEL, $0fffffff, $0fffffff) ;Caret an Ende des Strings setzen
- Repeat
- Event = WaitWindowEvent()
- Select Event
- Case #PB_Event_CloseWindow
- Quit = 1
- Break 3
- Case #PB_Event_Menu
- Select EventMenu()
- Case 0 ;0 von AddKeyboardShortcut = Return
- Search$ = UCase(Mid(GetGadgetText(140), 15, Len(GetGadgetText(140))))
- Search$ = RTrim(Search$) + " " ;oder neu für komplexe Ausdrücke
- RemoveKeyboardShortcut(0, 0)
- FreeGadget(140)
- Break
- EndSelect
- EndSelect
- If GetActiveGadget() <> 140
- SetActiveGadget(140)
- EndIf
- ForEver
- Find = 0
- For f.l = 1 To Zeile
- Pos = FindString(Daten(f)\Mnemonic, Search$, 1)
- If Pos = 1 ;1=also nicht mittendrin
- Find + 1
- SendMessage_(GID, #LVM_ENSUREVISIBLE, f, #True) ;Scrollen zur Position
- AddElement(Search())
- Search() = f
- SetGadgetState(20, f) ;farbige Anzeige auch ohne Scrollen (wenn aktuelle Seite)
- If f < Zeile
- Query = MessageRequester("Search for " + Search$, "Continue ?", #MB_YESNO)
- If Query = #PB_MessageRequester_No
- Break
- EndIf
- Else
- Break
- EndIf
- EndIf
- Next
- If Find = 0
- MessageRequester("Search for " + Search$, Search$ + " not found !")
- Else
- MessageRequester("Search for " + Search$, "Search over !")
- EndIf
- Case 7 ;Clear Search Results
- ClearList(Search())
- SendMessage_(GID, #LVM_SETITEMCOUNT, Zeile, 0)
- Case 8 ;Copy
- If ZeileCopy1 > ZeileCopy2
- Swap ZeileCopy1, ZeileCopy2
- EndIf
- i = ZeileCopy1
- Copy$ = ""
- While i <= ZeileCopy2
- Copy$ + Daten(i)\Address + Space(5) ;Address
- Copy$ + LSet(Daten(i)\Opcode, 50) ;Opcode
- Copy$ + Daten(i)\Mnemonic + #CRLF$ ;Mnemonic
- i + 1
- Wend
- SetClipboardText(Copy$)
- Case 9 ;New File
- Break 2
- Case 10 ;New Range for File in Memory
- TextGadget(0, 10, 50, 400, 15, "Select : " + FileExt$ + " : " + File$ + Bit$)
- ListIconGadget(20, 10, 70, 1000, 460, "Start-Address", 135, #PB_ListIcon_GridLines | #PB_ListIcon_FullRowSelect)
- AddGadgetColumn(20, 1, "End-Address", 160)
- AddGadgetColumn(20, 2, "Length", 160)
- AddGadgetColumn(20, 3, "Status", 410)
- MemoryAreas()
- SendMessage_(GID, #LVM_SETITEMCOUNT, Zeile, 0) ;show now the ListIconGadget
- SendMessage_(GID, #LVM_SETEXTENDEDLISTVIEWSTYLE, #LVS_EX_GRIDLINES, #LVS_EX_GRIDLINES)
- SetWindowTitle(0, Main$)
- FreeGadget(70) : FreeGadget(71) ;ProgressBarGadget
- Case 11 ; About
- MessageRequester("About", Main$ + Date$, 0)
- Case 12 ;Quit
- Quit = 1
- Break 2
- EndSelect
- Case #WM_LBUTTONDBLCLK ;for DLL
- If GetActiveGadget() = 25
- Zeile = GetGadgetState(25)
- FindAdr$ = GetGadgetItemText(25, Zeile, 2) ;read Address
- ItemCount = CountGadgetItems(20) - 1
- FindAdr = Val(FindAdr$)
- ZAnf = 1
- ZEnd = ItemCount
- For i = 1 To ItemCount ;binary search
- Zeilensprung = (ZAnf + ZEnd) >> 1
- ZWert = Val(Daten(Zeilensprung)\Address)
- If ZWert = FindAdr
- Break
- ElseIf ZWert < FindAdr
- ZAnf = Zeilensprung + 1
- ElseIf ZWert > FindAdr
- ZEnd = Zeilensprung - 1
- EndIf
- Next
- SetWindowState(1, #PB_Window_Minimize)
- SetActiveWindow(0)
- SetWindowState(0, #PB_Window_Normal)
- SetActiveGadget(20)
- SendMessage_(GID, #LVM_ENSUREVISIBLE, Zeilensprung, #True)
- EndIf
- Case #WM_LBUTTONDOWN ;CPU-Info
- If CPUInfo
- DestroyWindow_(CPUInfo)
- Title$ = ""
- EndIf
- If WindowMouseY(0) >= 17 And WindowMouseY(0) <= 26 And GetActiveWindow() = 0 ;obere Zeile
- If WindowMouseX(0) >= 10 And WindowMouseX(0) <= 53
- Title$ = "3DNow!"
- Text$ = "AMD only"
- ElseIf WindowMouseX(0) >= 60 And WindowMouseX(0) <= 119
- Title$ = "Ext3DNow!"
- Text$ = "PF2IW, PFNACC, PFPNACC, PI2FW, PSWAPD" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 126 And WindowMouseX(0) <= 149
- Title$ = "AES"
- Text$ = "Intel and AMD"
- ElseIf WindowMouseX(0) >= 157 And WindowMouseX(0) <= 197
- Title$ = "AMDLM"
- Text$ = "AMD Long Mode" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 205 And WindowMouseX(0) <= 278
- Title$ = "AMDMISAL16"
- Text$ = "Misaligned 16-Byte Memory Access" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 285 And WindowMouseX(0) <= 307
- Title$ = "AVX"
- Text$ = "Intel and AMD"
- ElseIf WindowMouseX(0) >= 314 And WindowMouseX(0) <= 342
- Title$ = "AVX2"
- Text$ = "Intel only"
- ElseIf WindowMouseX(0) >= 349 And WindowMouseX(0) <= 369
- Title$ = "BMI"
- Text$ = "Bit Manipulation Instruction" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 376 And WindowMouseX(0) <= 416
- Title$ = "CLFSH"
- Text$ = "CLFLUSH" + #LFCR$ + "Intel and AMD"
- ElseIf WindowMouseX(0) >= 423 And WindowMouseX(0) <= 473
- Title$ = "(F)CMOVE"
- Text$ = "CMOVcc, FCMOVcc" + #LFCR$ + "Intel and AMD"
- ElseIf WindowMouseX(0) >= 480 And WindowMouseX(0) <= 517
- Title$ = "CVT16"
- Text$ = "Floating-Point Fraction Extract and Half-Precision Conversion" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 524 And WindowMouseX(0) <= 548
- Title$ = "CX8"
- Text$ = "CMPXCHG8B" + #LFCR$ + "Intel and AMD"
- ElseIf WindowMouseX(0) >= 555 And WindowMouseX(0) <= 585
- Title$ = "CX16"
- Text$ = "CMPXCHG16B" + #LFCR$ + "Intel and AMD"
- ElseIf WindowMouseX(0) >= 592 And WindowMouseX(0) <= 616
- Title$ = "FMA"
- Text$ = "Fused Multiply Add" + #LFCR$ + "Intel and AMD"
- ElseIf WindowMouseX(0) >= 623 And WindowMouseX(0) <= 652
- Title$ = "FMA4"
- Text$ = "Floating-Point Multiply Accumulate (4 Operands)" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 659 And WindowMouseX(0) <= 690
- Title$ = "FXSR"
- Text$ = "FXSAVE, FXRSTOR" + #LFCR$ + "Intel and AMD"
- ElseIf WindowMouseX(0) >= 697 And WindowMouseX(0) <= 722
- Title$ = "LWP"
- Text$ = "LightWeight Profiling" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 729 And WindowMouseX(0) <= 767
- Title$ = "LZCNT"
- Text$ = "AMD only"
- ElseIf WindowMouseX(0) >= 774 And WindowMouseX(0) <= 799
- Title$ = "MMX"
- Text$ = "Multi Media Extension" + #LFCR$ + "Intel and AMD"
- ElseIf WindowMouseX(0) >= 806 And WindowMouseX(0) <= 848
- Title$ = "(E)MMX"
- Text$ = "AMD Extensions to MMX" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 855 And WindowMouseX(0) <= 909
- Title$ = "MONITOR"
- Text$ = "MONITOR, MWAIT" + #LFCR$ + "Intel and AMD"
- ElseIf WindowMouseX(0) >= 916 And WindowMouseX(0) <= 956
- Title$ = "MOVBE"
- Text$ = "Intel only"
- ElseIf WindowMouseX(0) >= 963 And WindowMouseX(0) <= 989
- Title$ = "MSR"
- Text$ = "RDMSR, WRMSR" + #LFCR$ + "Intel and AMD"
- EndIf
- ElseIf WindowMouseY(0) >= 30 And WindowMouseY(0) <= 39 And GetActiveWindow() = 0 ;untere Zeile
- If WindowMouseX(0) >= 10 And WindowMouseX(0) <= 62
- Title$ = "OSXSAVE"
- Text$ = "OS Support for Processor extended State Management using XSAVE/XRSTOR" + #LFCR$ + "Intel only"
- ElseIf WindowMouseX(0) >= 69 And WindowMouseX(0) <= 145
- Title$ = "PCLMULQDQ"
- Text$ = "Carryless Multiplication" + #LFCR$ + "Intel only"
- ElseIf WindowMouseX(0) >= 152 And WindowMouseX(0) <= 202
- Title$ = "POPCNT"
- Text$ = "Intel and AMD"
- ElseIf WindowMouseX(0) >= 209 And WindowMouseX(0) <= 251
- Title$ = "RDTSC"
- Text$ = "Intel and AMD"
- ElseIf WindowMouseX(0) >= 258 And WindowMouseX(0) <= 308
- Title$ = "RDTSCP"
- Text$ = "Intel and AMD"
- ElseIf WindowMouseX(0) >= 315 And WindowMouseX(0) <= 339
- Title$ = "SEP"
- Text$ = "SYSENTER, SYSEXIT" + #LFCR$ + "Intel and AMD"
- ElseIf WindowMouseX(0) >= 346 And WindowMouseX(0) <= 370
- Title$ = "SMX"
- Text$ = "Safer Mode Extensions" + #LFCR$ + "Intel only"
- ElseIf WindowMouseX(0) >= 377 And WindowMouseX(0) <= 400
- Title$ = "SSE"
- Text$ = "Intel and AMD"
- ElseIf WindowMouseX(0) >= 407 And WindowMouseX(0) <= 438
- Title$ = "SSE2"
- Text$ = "Intel and AMD"
- ElseIf WindowMouseX(0) >= 445 And WindowMouseX(0) <= 476
- Title$ = "SSE3"
- Text$ = "Intel and AMD"
- ElseIf WindowMouseX(0) >= 483 And WindowMouseX(0) <= 522
- Title$ = "SSSE3"
- Text$ = "Intel and AMD"
- ElseIf WindowMouseX(0) >= 529 And WindowMouseX(0) <= 569
- Title$ = "SSE4.1"
- Text$ = "Intel and AMD"
- ElseIf WindowMouseX(0) >= 576 And WindowMouseX(0) <= 617
- Title$ = "SSE4.2"
- Text$ = "Intel and AMD"
- ElseIf WindowMouseX(0) >= 624 And WindowMouseX(0) <= 665
- Title$ = "SSE4A"
- Text$ = "EXTRQ, INSERTQ, MOVNTSD, MOVNTSS" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 672 And WindowMouseX(0) <= 697
- Title$ = "SVM"
- Text$ = "Secure Virtual Machine" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 704 And WindowMouseX(0) <= 729
- Title$ = "TBM"
- Text$ = "Trailing Bit Manipulation" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 736 And WindowMouseX(0) <= 761
- Title$ = "VMX"
- Text$ = "Virtual Machine Extensions" + #LFCR$ + "Intel only"
- ElseIf WindowMouseX(0) >= 768 And WindowMouseX(0) <= 793
- Title$ = "XOP"
- Text$ = "Extended Operations" + #LFCR$ + "AMD only"
- ElseIf WindowMouseX(0) >= 800 And WindowMouseX(0) <= 835
- Title$ = "XSAVE"
- Text$ = "XGETBV, XRSTOR, XSAVE, XSETBV" + #LFCR$ + "Intel and AMD"
- ElseIf WindowMouseX(0) >= 842 And WindowMouseX(0) <= 902
- Title$ = "XSAVEOPT"
- Text$ = "Intel and AMD"
- EndIf
- EndIf
- If Title$ <> ""
- CPUInfo(Title$, Text$)
- EndIf
- EndSelect
- ForEver
- ForEver
- EndProcedure
- If OpenWindow(0, 0, 0, 1020, 540, Main$, #PB_Window_MinimizeGadget | #PB_Window_ScreenCentered)
- FontHigh = Int(9.0 / (GetDeviceCaps_(GetDC_(WindowID(0)), #LOGPIXELSY) / 96.0))
- LoadFont(0, "Arial", FontHigh)
- SetWindowCallback(@ListIcon_Callback(), 0)
- ;ermitteln, ob 32- oder 64-Bit-Betriebssystem
- If OSVersion() > #PB_OS_Windows_2000 ;Mit W2k geht nachfolgende Abfrage nicht (gibt ja auch kein 64-Bit-W2k)!
- openlib = OpenLibrary(#PB_Any, "kernel32.dll")
- *GetNativeSystemInfo = GetFunction(openlib, "GetNativeSystemInfo")
- CallFunctionFast(*GetNativeSystemInfo, @S_I)
- CloseLibrary(openlib)
- If S_I\wProcessorArchitecture = #PROCESSOR_ARCHITECTURE_AMD64
- OS3264 = 1
- EndIf
- EndIf
- Repeat
- Main()
- If Quit = 1
- Break
- EndIf
- ReDim ArrayAdr.s(1)
- For i = 0 To 150
- If IsGadget(i)
- FreeGadget(i)
- EndIf
- Next
- If IsWindow(1) ;DLL-Funktionen
- CloseWindow(1)
- EndIf
- If IsWindow(2) ;Header-Infos
- CloseWindow(2)
- EndIf
- UseGadgetList(WindowID(0)) ;nötig, falls Window für DLL
- FreeMemory(Buffer)
- If CPUInfo
- CPUInfo = 0
- DestroyWindow_(CPUInfo)
- Title$ = ""
- EndIf
- IB = 0
- SZ = 0
- Zeile = 0
- SO = 0
- Bin = 0
- PEP = 0
- IsProg64 = 0
- Adr3264 = 8
- FileExt = 0
- ZeilePEP = 0
- FL = 0
- SwitcherA = 0
- SetWindowTitle(0, Main$)
- Dim Daten.Item(0) ;free array
- ClearList(Search())
- ClearList(DLLEP())
- ForEver
- End
- EndIf
- ; IDE Options = PureBasic 4.60 (Windows - x64)
- ; CursorPosition = 9633
- ; FirstLine = 9617
- ; Folding = ------
- ; UseIcon = comp-hardware100.ico
- ; Executable = DisAsm.exe
- ; DisableDebugger
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement