Fix disassembly failing due to incorrect arch

holly-hacker · Jul 24, 2020 · 6587698 · 6587698
1 parent 86042dc
commit 6587698
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
 
+## [0.4.1] - 2020-07-24
+### Fixed
+- Native disassembly used incorrect values for architecture, causing disassembly to fail in some cases
+
 ## [0.4.0] - 2020-07-24
 ### Added
 - **Add Unity x86 DLL injection (#23)**

diff --git a/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeEntrypoint.cs b/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeEntrypoint.cs
@@ -35,7 +35,7 @@ public override void Execute(TreeNodeData context)
 
             var rvaStart = pe.ImageNTHeaders.OptionalHeader.AddressOfEntryPoint;
 
-            var instructions = IcedHelpers.ReadNativeFunction(node.Document.Filename, (uint) pe.ToFileOffset(rvaStart), is32Bit, (uint)rvaStart);
+            var instructions = IcedHelpers.ReadNativeFunction(node.Document.Filename, (uint) pe.ToFileOffset(rvaStart), is32Bit);
             var encodedBytes = IcedHelpers.EncodeBytes(instructions, is32Bit ? 32 : 64);
 
             var block = new NativeCodeBlock(NativeCodeBlockKind.Code, (uint)rvaStart, new ArraySegment<byte>(encodedBytes), null);

diff --git a/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeMethod.cs b/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeMethod.cs
@@ -26,13 +26,14 @@ public override void Execute(IMenuItemContext context)
         {
             var method = (MethodDef)context.Find<TextReference>().Reference!;
             var encodedBytes = IcedHelpers.ReadNativeMethodBodyBytes(method);
+            var is32Bit = !method.Module.IsAMD64;
 
             var block = new NativeCodeBlock(NativeCodeBlockKind.Code, (uint)method.NativeBody.RVA, new ArraySegment<byte>(encodedBytes), null);
             var vars = new NativeVariableInfo[method.Parameters.Count];
             for (var i = 0; i < method.Parameters.Count; i++)
                 vars[i] = new NativeVariableInfo(false, i, method.Parameters[i].Name);
 
-            var native = new NativeCode(method.Module.Is32BitRequired ? NativeCodeKind.X86_32 : NativeCodeKind.X86_64,
+            var native = new NativeCode(is32Bit ? NativeCodeKind.X86_32 : NativeCodeKind.X86_64,
                 NativeCodeOptimization.Unknown, new[] {block}, null, vars,
                 method.FullName, method.Name, method.Module.Name);
 

diff --git a/dnSpy.Extension.HoLLy/NativeDisassembler/IcedHelpers.cs b/dnSpy.Extension.HoLLy/NativeDisassembler/IcedHelpers.cs
@@ -12,20 +12,20 @@ namespace HoLLy.dnSpyExtension.NativeDisassembler
     public static class IcedHelpers
     {
         public static byte[] ReadNativeMethodBodyBytes(MethodDef method)
-            => EncodeBytes(ReadNativeMethodBody(method), method.Module.Is32BitRequired ? 32 : 64);
+            => EncodeBytes(ReadNativeMethodBody(method), method.Module.IsAMD64 ? 64 : 32);
 
         public static InstructionList ReadNativeMethodBody(MethodDef method)
         {
             var mod = method.Module;
             var loc = mod.Location;
-            var is32Bit = mod.Is32BitRequired;
+            bool is32Bit = !method.Module.IsAMD64;
             var rva = (uint)method.NativeBody.RVA;
             var fileOffset = mod.ToFileOffset(rva)!.Value;
 
-            return ReadNativeFunction(loc, fileOffset, is32Bit, rva);
+            return ReadNativeFunction(loc, fileOffset, is32Bit);
         }
 
-        public static InstructionList ReadNativeFunction(string loc, uint fileOffset, bool is32Bit, uint rva)
+        public static InstructionList ReadNativeFunction(string loc, uint fileOffset, bool is32Bit)
         {
             using var fs = File.OpenRead(loc);
             fs.Position = fileOffset;