Lib.rs

Parser implementations | Hardware support
#x86-64 #length #disassembler #byte-slice

lde

Length disassembler for x86 and x86_64

by Casper and 2 contributors

3 releases (breaking)

Uses old Rust 2015

0.3.0 May 26, 2018
0.2.0 May 1, 2017
0.1.1 Jul 1, 2016

#1372 in Parser implementations

Download history 24/week @ 2024-03-24 53/week @ 2024-03-31 18/week @ 2024-04-07 41/week @ 2024-04-14 32/week @ 2024-04-21 33/week @ 2024-04-28 22/week @ 2024-05-05 34/week @ 2024-05-12 27/week @ 2024-05-19 34/week @ 2024-05-26 36/week @ 2024-06-02 26/week @ 2024-06-09 41/week @ 2024-06-16 34/week @ 2024-06-23 11/week @ 2024-06-30 11/week @ 2024-07-07

98 downloads per month
Used in 2 crates

MIT license

44KB
748 lines

Length Disassembler

MIT License crates.io docs.rs Build status Build Status

Given a byte slice, extract the lengths of the opcodes in it.

Supports x86 and x86_64.

Library

This library can be found on crates.io and its documentation on docs.rs.

In your Cargo.toml put

[dependencies]
lde = "0.3"

Examples

Gets the length of the first opcode in a byte slice:

let result = lde::X64.ld(b"\x40\x55\x48\x83\xEC\xFC\x00\x80");
assert_eq!(result, 2);

Iterates over the opcodes contained in a byte slice, returning the opcode and its virtual address:

let code = b"\x40\x55\x48\x83\xEC*\x00\x80";

for (opcode, va) in lde::X64.iter(code, 0x1000) {
	println!("{:x}: {}", va, opcode);
}

// 1000: 4055
// 1002: 4883EC2A

Find the opcode boundary after a minimum of 5 bytes:

// 1000: 56         push esi
// 1001: 33f6       xor esi,esi
// 1003: 57         push edi
// 1004: bfa0104000 mov edi,0x4010a0
// 1009: 85d2       test edx,edx
// 100b: 7410       je loc_0000001d
// 100d: 8bf2       mov esi,edx
// 100f: 8bfa       mov edi,edx

const INPUT_CODE: &[u8] = b"\x56\x33\xF6\x57\xBF\xA0\x10\x40\x00\x85\xD2\x74\x10\x8B\xF2\x8B\xFA";

// We'd like to overwrite the first 5 bytes with a jmp hook
// Find how many opcodes need to be copied for our hook to work

let mut count = 0;
for (opcode, _) in lde::X86.iter(INPUT_CODE, 0x1000) {
	count += opcode.len();
	if count >= 5 {
		break;
	}
}

// The answer is the first 4 opcodes, or 9 bytes

assert_eq!(count, 9);

Custom Display and Debug formatting including pretty printing support with the alternate flag:

let iter = lde::X64.iter(b"\x40\x55\x48\x83\xEC*\x00\x80", 0);

assert_eq!(format!("{:?}", iter), "[4055] [4883EC2A] 0080");
assert_eq!(format!("{:#?}", iter), "[40 55] [48 83 EC 2A] 00 80");
assert_eq!(format!("{:}", iter), "4055\n4883EC2A\n");
assert_eq!(format!("{:#}", iter), "40 55\n48 83 EC 2A\n");

License

Licensed under MIT License, see license.txt.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, shall be licensed as above, without any additional terms or conditions.

No runtime deps