Hey,

because i needed a good disassembler for my projects i check different distributions in the internet. most of them are homebrew and the support, or lets better talk about MAINTAINANCE is in most cases not the best.

I really hate it if use a component and realize that there is a bug and the releaser of the component is not able to fix it or sometimes has no real interest in fixing it. That sucks.

Thats why i focused on a disassembler which is well maintained and last but not least a good one.

During my search i stumbled over VirtualBox, which is an similar SUN implementation of VMWARES Workstation. The difference is that VirtualBox comes with source, or at least you can download the source ( http://www.sun.com/software/products/virtualbox/get.jsp ).

I thought that the pretty sure have to have an working disassembler inside there virtual machine and bingo....they have.
The problem was that the disassembler was not contained in form of a library, it was simple integrated in the source.

It took me about 2 hours to explant the needed source parts out of virtualbox and built a project for a library for it.

I now use it for my projects and it is very usefull for me.

There is only one problem you will discover when you try the example. I looking forward for your solutions for the problem

Regards,

OHPen aka PAPiLLiON

Addition:

To make you not thinking that the disassembler library i produced is buggy i have to mention that for some unknown reason it isn't working in the debug version.

the assignment

RTUINTPTR pInstr = (RTUINTPTR)testfunc;

results in wrong pointer, instead of pInstr pointing to the beginning of the testfunc. I will track the reason for it as soon as possible.

OHPen

Cool. Thanks for sharing OHPen, and looking forward to that bugfix update too.

CRCETL:
http://www.woodmann.com/collaborative/tools/VirtualBox_Disassembler_Library

@delta: I'm pretty sure that it is not bug in the library because what i do is just a simple casting. The casting cannot change a pointer, beside if you cast to a smaller data type the original pointer value is cut. But in this case the pointer i'm casting to is an unsigned int on my system 32bit large. No truncation in this case.

It's really strange, probably it's some bug in the msvs in debug mode...

REMARK:

I check the library again and i was wrong. There is no bug in it. Everything is working fine even as DEBUG-Release.

Regards,

OHPen.

I think the problem is that in VC debug mode, function pointers to your functions are pointers to JMPs to the real code.

exactly, although i debug nearly ever day, i forgot that and thought the libraries has some bug, hehe.

Wow! Innotek VirtualBox has been bought by Sun and comes Open Source! That is a great news!

If you do not want to point to the internal functions jump table, built by the Microsoft Linker in debug mode, you can always check for the first byte of the function and, if it is 0xE9 (JMP), you can redirect your disassembler to the true function address calculated from the following 4 bytes...


And do not forget to define LOG_ENABLED at top of file DisasmCore.cpp, else the registers names do not show in the disassembly!

Best regards, bilbo

Hehe, thats a nice suggestion, thank you

Actually i think about building up a tool which should be able to extract all necessary files out of the VirtualBox source archive automatically. Should be no problem and would be great to get a ready made project out of a new released version of VirtualBox in seconds.

Regards,

OHPen

That sounds really great I think OHPen.