Disasm Function
The Disasm function alows you to decode all instructions coded according to the rules of IA-32 and Intel 64 architectures. It makes a precise analysis of the focused instruction and sends back a complete structure that is usable to make data-flow and control-flow studies. Disasm is able to decode all the documented intel instructions (standard instructions, FPU, MMX, SSE, SSE2, SSE3, SSSE3 ,SSE4.1, SSE4.2, VMX technologies) and undocumented ones like SALC, FEMMS (instruction AMD), HINT_NOP, ICEBP and aliases.
Syntax
int Disasm(
pDisasmStruc pMonDisasm
);
Parameters
pMonDisasm
[out] Pointer to a structure DisasmStruc.
Return
The function may sends you back 3 values. if it has analyzed an invalid opcode, it sends back UNKNOWN_OPCODE (-1). If it tried to read a byte located outside the Security Block, it sends back OUT_OF_RANGE (0). In others cases, it sends back the length instruction. Thus, you can use it as a LDE.
Examples
Examples you can see -- HERE -- show how to use the library in asm , C and Python.
Remarks
No function from the windows API is used in this library. It is coded in pure C and so can be used in ring3 and ring0.
