x86 or x64 disassembler lib
I know o some disassemble libs , but what I'm looking for is one that has an api like:
void * findAddrOfFirstInstructionStartingFrom( void * startAddress , InstructionType instruction);
void* addr = findAddrOfFirstInstructionStartingFrom(startAd开发者_Python百科dress , JMP);
and other apis smiler to this one like search for something specific not disassemble all instructions stating from an address and get all sorts of info because it slow if you only want to find something specific not everything.
If you know any pls let me know , if there isn't any pls tell me one that is open source and easy to modify.
You did not tag nor tell the processor architecture, so it is unlikely that you get a real answer.
Commonly native code instructions are with very varying length depending on operands they take so you have to disassemble the thing before searching. Otherwise you just find first sequence of bytes that matches the pattern of instruction you search for. It is most likely not a real instruction but part of operands of previous instruction.
EDIT: Since you updated title, i can think of choices Borg and PEDasm are open source. If you drop that open-source thing then definitely IDA pro.
I'm not aware of any API that can do this but it can be accomplished using some command line scripting:
objdump -d --start-address address file | grep -m 1 instruction | cut -d : -f 1
So, for example, to find the first JMP
instruction starting at address 0x08048664 in the file a.out
, you can do this:
$ objdump -d --start-address 0x08048664 a.out | grep -m 1 jmp | cut -d : -f 1
8048675
What you probably want is not just a library, but some Disassembler Framework. Have a look at IDA-Pro, which also provides a versatile scripting interface (and a disassembler API)
精彩评论