NAME
X86::Disasm - Perl extension to wrap libdisasm - an X86 Disassembler
SYNOPSIS
use X86::Disasm ':all';
my $buffer = "\x8d\x4c\x24\x04\x83\xe4\xf0\xff\x71\xfc\x55\x89\xe5\x51";
my $buf_rva = 0;
my $offset = 0;
my $disasm = X86::Disasm->new;
my $data = $disasm->disassemble($buffer, $buf_rva, $offset, $x86_asm_format_enum->{$syntax});DESCRIPTION
X86::Disasm provides a Perl interface to the C X86 disassembler library, libdisasm. See http://bastard.sourceforge.net/libdisasm.html
EXPORT
None by default.
our %EXPORT_TAGS = ( 'all' => [ qw(
$x86_asm_format
$x86_asm_format_enum
$x86_options
$x86_op_foreach_type
$x86_report_codes
) ] );METHODS
new
my $disasm = X86::Disasm->new($options, $reporter, $reporter_args);All arguments are optional.
$options is defined by the hash
our $x86_options = { # these can be ORed together
0 => "opt_none",
1 => "opt_ignore_nulls", # ignore sequences of > 4 NULL bytes
2 => "opt_16_bit", # 16-bit/DOS disassembly
4 => "opt_att_mnemonics", # use AT&T syntax names for alternate opcode mnemonics
};If supplied, $reporter must be a code reference.
If supplied, $reporter_args must be a hash reference.
disassemble
my $data = $disasm->disassemble($buffer, $buf_rva, $offset, $x86_asm_format_enum->{$syntax});This method presents the instructions as a list of lists. Each instruction is the first element of the sub-list; subsequent elements are the associated operands.
disassemble_list
my $data = $disasm->disassemble_list($buffer, $buf_rva, $offset, $x86_asm_format_enum->{$syntax});This method presents the instructions as a list. Each instruction is presented as a string.
disassemble_hash
my $data = $disasm->disassemble_hash($buffer, $buf_rva, $offset);This method presents the instructions as a a list of hashes. Each instruction is totally deconstructed in to the hash - and provides a full representation of the information.
disassemble_range
No longer implemented.
# $disasm->disassemble_range($buffer, $buf_rva, $offset, $length, $callback_ref, $callback_data);
#
#This method disassembles the range of instructions from $offset for $length
#bytes. The supplied calback can be used to do *something* with the
#instructions.disassemble_forward
No longer implemented.
# my $retval = $disasm->disassemble_forward($buffer, $buf_rva, $offset, $callback_ref, $callback_data, $resolver_ref, $resolver_data);
#
#The disassembly in this case starts at 'offset', and proceeds forward following
#the flow of execution for the disassembled code. This means that when a jump,
#call, or conditional jump is encountered, disassemble_forward recurses, using
#the offset of the target of the jump or call as the 'offset' argument. When
#a jump or return is encountered, disassemble_forward returns, allowing its
#caller [either the application, or an outer invocation of disassemble_forward]
#to continue.SEE ALSO
If you use Debian and install libdisasm0 and libdisasm-dev then the following are a useful supplement to this documentation.
/usr/include/libdis.h
/usr/share/doc/libdisasm-dev/libdisasm.txt.gz
The latest version of this Perl module is available from https://sourceforge.net/projects/x86disasm/
AUTHOR
Bob Wilkinson, <bob@fourtheye.org>
COPYRIGHT AND LICENSE
Copyright (C) 2009 by Bob Wilkinson
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.10.0 or, at your option, any later version of Perl 5 you may have available.