Oy! Disassember

[Crunchy Cat]

Hi all. I am at the point (in multiple projects) where I need
to create a run-time disassembler. I basically envision passing it
the address of a function in memory and getting some sort of
opcode list which I could dynamically modify/copy/etc.

My biggest problem is I don't know where to begin. I want
to explicitly target 32-bit code and work with the x86 instruction
set exclusively (if this is at all possible). Some things I could use
right now are:

* Advice. Is what I'm proposing even feasable?
* Where can I get a listing of the x86 opcodes?
* How do I distinguish between code and data? Would
I even need to worry about this?
* Any tutorials (boy am I reaching) around on the subject?

Thanks,

-CC

[CornedBee]

It is feasible to some extent. Modifying works as long as the code length doesn't change, if it did you wouldn't have space to store the additional instructions. Or if you copied the whole thing to a new location you would have to find and modify each call to this function in the exe. Feasible, but hard and prone to bugs.

You can get a listing from intel, or from the AoA webpage (see Tutorials).

You can't distinguish. Code and data look the same in binary. But as long as only valid function addresses are passed you don't need to worry about it. Just disassemble until you hit a ret instruction.

No tutorials that I know of.

[Crunchy Cat]

Thanks Bee. That gives me a little more confidence in my
endeavor. BTW, I found an additional site for opcodes in
the interim:

http://www.sandpile.org/

-CC