From 6587698f1f8d283005e8f9559a66515b414a1e92 Mon Sep 17 00:00:00 2001 From: HoLLy Date: Fri, 24 Jul 2020 21:39:16 +0200 Subject: [PATCH] Fix disassembly failing due to incorrect arch --- CHANGELOG.md | 4 ++++ .../Commands/DisassembleNativeEntrypoint.cs | 2 +- .../Commands/DisassembleNativeMethod.cs | 3 ++- dnSpy.Extension.HoLLy/NativeDisassembler/IcedHelpers.cs | 8 ++++---- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5250ae4..fe919e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [Unreleased] +## [0.4.1] - 2020-07-24 +### Fixed +- Native disassembly used incorrect values for architecture, causing disassembly to fail in some cases + ## [0.4.0] - 2020-07-24 ### Added - **Add Unity x86 DLL injection (#23)** diff --git a/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeEntrypoint.cs b/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeEntrypoint.cs index ee05db0..82e828e 100644 --- a/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeEntrypoint.cs +++ b/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeEntrypoint.cs @@ -35,7 +35,7 @@ public override void Execute(TreeNodeData context) var rvaStart = pe.ImageNTHeaders.OptionalHeader.AddressOfEntryPoint; - var instructions = IcedHelpers.ReadNativeFunction(node.Document.Filename, (uint) pe.ToFileOffset(rvaStart), is32Bit, (uint)rvaStart); + var instructions = IcedHelpers.ReadNativeFunction(node.Document.Filename, (uint) pe.ToFileOffset(rvaStart), is32Bit); var encodedBytes = IcedHelpers.EncodeBytes(instructions, is32Bit ? 32 : 64); var block = new NativeCodeBlock(NativeCodeBlockKind.Code, (uint)rvaStart, new ArraySegment(encodedBytes), null); diff --git a/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeMethod.cs b/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeMethod.cs index 92db03e..002018f 100644 --- a/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeMethod.cs +++ b/dnSpy.Extension.HoLLy/NativeDisassembler/Commands/DisassembleNativeMethod.cs @@ -26,13 +26,14 @@ public override void Execute(IMenuItemContext context) { var method = (MethodDef)context.Find().Reference!; var encodedBytes = IcedHelpers.ReadNativeMethodBodyBytes(method); + var is32Bit = !method.Module.IsAMD64; var block = new NativeCodeBlock(NativeCodeBlockKind.Code, (uint)method.NativeBody.RVA, new ArraySegment(encodedBytes), null); var vars = new NativeVariableInfo[method.Parameters.Count]; for (var i = 0; i < method.Parameters.Count; i++) vars[i] = new NativeVariableInfo(false, i, method.Parameters[i].Name); - var native = new NativeCode(method.Module.Is32BitRequired ? NativeCodeKind.X86_32 : NativeCodeKind.X86_64, + var native = new NativeCode(is32Bit ? NativeCodeKind.X86_32 : NativeCodeKind.X86_64, NativeCodeOptimization.Unknown, new[] {block}, null, vars, method.FullName, method.Name, method.Module.Name); diff --git a/dnSpy.Extension.HoLLy/NativeDisassembler/IcedHelpers.cs b/dnSpy.Extension.HoLLy/NativeDisassembler/IcedHelpers.cs index 1decf7c..bbbcf85 100644 --- a/dnSpy.Extension.HoLLy/NativeDisassembler/IcedHelpers.cs +++ b/dnSpy.Extension.HoLLy/NativeDisassembler/IcedHelpers.cs @@ -12,20 +12,20 @@ namespace HoLLy.dnSpyExtension.NativeDisassembler public static class IcedHelpers { public static byte[] ReadNativeMethodBodyBytes(MethodDef method) - => EncodeBytes(ReadNativeMethodBody(method), method.Module.Is32BitRequired ? 32 : 64); + => EncodeBytes(ReadNativeMethodBody(method), method.Module.IsAMD64 ? 64 : 32); public static InstructionList ReadNativeMethodBody(MethodDef method) { var mod = method.Module; var loc = mod.Location; - var is32Bit = mod.Is32BitRequired; + bool is32Bit = !method.Module.IsAMD64; var rva = (uint)method.NativeBody.RVA; var fileOffset = mod.ToFileOffset(rva)!.Value; - return ReadNativeFunction(loc, fileOffset, is32Bit, rva); + return ReadNativeFunction(loc, fileOffset, is32Bit); } - public static InstructionList ReadNativeFunction(string loc, uint fileOffset, bool is32Bit, uint rva) + public static InstructionList ReadNativeFunction(string loc, uint fileOffset, bool is32Bit) { using var fs = File.OpenRead(loc); fs.Position = fileOffset;