static void print_string_hex(unsigned char* str, size_t len)
{
unsigned char* c;
for (c = str; c < str + len; c++) {
printf("0x%02x ", *c & 0xff);
}
}
bool printAsm(unsigned char* codes,size_t codeSize, unsigned __int64 baseAddress)
{
csh handle = NULL;
cs_insn* insn = NULL;
cs_err err = cs_open(CS_ARCH_X86, CS_MODE_64, &handle);
if (err) {
abort();
return false;
}
cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON);
size_t count = cs_disasm(handle, codes, codeSize, baseAddress, 0, &insn);
if (count) {
for (int i = 0; i < count; i++) {
printf("0x%llx :\t", insn[i].address);
print_string_hex(insn[i].bytes, insn[i].size);
printf("\t%s\t%s\n", insn[i].mnemonic, insn[i].op_str);
}
cs_free(insn, count);
}
else {
abort();
}
cs_close(&handle);
return true;
}
int main()
{
#define X86_CODE64 "\x90\xFF\x25\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90"
printAsm((unsigned char*)X86_CODE64, sizeof(X86_CODE64) - 1, 0x1000);
std::cout << "Hello World!\n";
}
0x1000 : 0x90 nop
0x1001 : 0xff 0x25 0x00 0x00 0x00 0x00 jmp qword ptr [rip]
0x1007 : 0x00 0x00 add byte ptr [rax], al
0x1009 : 0x00 0x00 add byte ptr [rax], al
0x100b : 0x00 0x00 add byte ptr [rax], al
0x100d : 0x00 0x00 add byte ptr [rax], al
0x100f : 0x90 nop
It outputs:
FF 25 00 00 00 00 [ptr] its corresponding code should be: jmp far xx
why is that?