Refactored Disassembler.

Author: KN4CK3R

Memory/Disassembler.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.Contracts;
+using System.Linq;
 using System.Runtime.InteropServices;
 using ReClassNET.Native;
 using ReClassNET.Util;
@@ -9,43 +10,73 @@ namespace ReClassNET.Memory
 {
 	public class Disassembler
 	{
-		public List<DisassembledInstruction> DisassembleRemoteCode(RemoteProcess process, IntPtr address, int length)
+		private readonly NativeHelper nativeHelper;
+
+		public Disassembler(NativeHelper nativeHelper)
 		{
-			Contract.Requires(process != null);
+			Contract.Requires(nativeHelper != null);
 
-			var instructions = new List<DisassembledInstruction>();
+			this.nativeHelper = nativeHelper;
+		}
+
+		public List<DisassembledInstruction> RemoteDisassembleCode(RemoteProcess process, IntPtr address, int length)
+		{
+			Contract.Requires(process != null);
 
 			var buffer = process.ReadRemoteMemory(address, length);
 
 			var handle = GCHandle.Alloc(buffer, GCHandleType.Pinned);
 			try
 			{
-				var eip = handle.AddrOfPinnedObject();
-				var end = eip + length;
-				var virtualAddress = address;
-
-				var instruction = new InstructionData();
-				while (true)
+				return DisassembleCode(handle.AddrOfPinnedObject(), length, address).ToList();
+			}
+			finally
+			{
+				if (handle.IsAllocated)
 				{
-					if (!process.NativeHelper.DisassembleCode(eip, end.Sub(eip).ToInt32(), virtualAddress, out instruction))
-					{
-						break;
-					}
+					handle.Free();
+				}
+			}
+		}
 
-					instructions.Add(new DisassembledInstruction
-					{
-						Address = virtualAddress,
-						Length = instruction.Length,
-						Instruction = instruction.Instruction
-					});
+		public IEnumerable<DisassembledInstruction> DisassembleCode(IntPtr address, int length, IntPtr virtualAddress)
+		{
+			var instructions = new List<DisassembledInstruction>();
 
-					eip = eip + instruction.Length;
-					if (eip.CompareTo(end) >= 0 || buffer[eip.Sub(handle.AddrOfPinnedObject()).ToInt32()] == 0xCC)
-					{
-						break;
-					}
-					virtualAddress = virtualAddress + instruction.Length;
+			var eip = address;
+			var end = address + length;
+
+			var instruction = new InstructionData();
+			while (eip.CompareTo(end) == -1)
+			{
+				if (!nativeHelper.DisassembleCode(eip, end.Sub(eip).ToInt32(), virtualAddress, out instruction))
+				{
+					break;
 				}
+
+				yield return new DisassembledInstruction
+				{
+					Address = virtualAddress,
+					Length = instruction.Length,
+					Data = instruction.Data,
+					Instruction = instruction.Instruction
+				};
+
+				eip = eip + instruction.Length;
+				virtualAddress = virtualAddress + instruction.Length;
+			}
+		}
+
+		public List<DisassembledInstruction> RemoteDisassembleFunction(RemoteProcess process, IntPtr address, int length)
+		{
+			Contract.Requires(process != null);
+
+			var buffer = process.ReadRemoteMemory(address, length);
+
+			var handle = GCHandle.Alloc(buffer, GCHandleType.Pinned);
+			try
+			{
+				return DisassembleFunction(handle.AddrOfPinnedObject(), length, address).ToList();
 			}
 			finally
 			{
@@ -54,8 +85,13 @@ public List<DisassembledInstruction> DisassembleRemoteCode(RemoteProcess process
 					handle.Free();
 				}
 			}
+		}
 
-			return instructions;
+		public IEnumerable<DisassembledInstruction> DisassembleFunction(IntPtr address, int length, IntPtr virtualAddress)
+		{
+			// Read until first CC.
+			return DisassembleCode(address, length, virtualAddress)
+				.TakeUntil(i => i.Length == 1 && i.Data[0] == 0xCC);
 		}
 
 		public DisassembledInstruction GetPreviousInstruction(RemoteProcess process, IntPtr address)
@@ -134,6 +170,9 @@ public class DisassembledInstruction
 	{
 		public IntPtr Address;
 		public int Length;
+		public byte[] Data;
 		public string Instruction;
+
+		public override string ToString() => $"{Address.ToString(Constants.StringHexFormat)} - {Instruction}";
 	}
 }

Native/NativeDataExchange.cs

@@ -105,6 +105,9 @@ public struct InstructionData
 	{
 		public int Length;
 
+		[MarshalAs(UnmanagedType.ByValArray, SizeConst = 15)]
+		public byte[] Data;
+
 		[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 64)]
 		public string Instruction;
 	};
@@ -196,10 +199,16 @@ public struct RegisterInfo
 		public RegisterInfo Registers;
 	}
 
+	public enum DebugContinueStatus
+	{
+		Handled,
+		NotHandled
+	}
+
 	[StructLayout(LayoutKind.Sequential)]
 	public struct DebugEventHeader
 	{
-		public int ContinueStatus;
+		public DebugContinueStatus ContinueStatus;
 
 		public IntPtr ProcessId;
 		public IntPtr ThreadId;

NativeHelper/DisassembleCode.cpp

@@ -23,6 +23,7 @@ bool __stdcall DisassembleCode(RC_Pointer address, RC_Size length, RC_Pointer vi
 	}
 
 	instruction->Length = disamLength;
+	std::memcpy(instruction->Data, address, disamLength);
 	MultiByteToWideChar(0, 0, disasm.CompleteInstr, -1, instruction->Instruction, 64);
 
 	return true;

NativeHelper/ReClassNET_Plugin.hpp

@@ -1,6 +1,7 @@
 #pragma once
 
 #include <type_traits>
+#include <cstdint>
 
 // Types
 
@@ -82,6 +83,12 @@ enum class ControlRemoteProcessAction
 	Terminate
 };
 
+enum DebugContinueStatus
+{
+	Handled,
+	NotHandled
+};
+
 enum class HardwareBreakpointRegister
 {
 	InvalidRegister,
@@ -92,19 +99,19 @@ enum class HardwareBreakpointRegister
 	Dr3
 };
 
-enum class HardwareBreakpointType
+enum class HardwareBreakpointTrigger
 {
+	Execute,
 	Access,
-	ReadWrite,
 	Write,
 };
 
 enum class HardwareBreakpointSize
 {
-	Size1,
-	Size2,
-	Size4,
-	Size8
+	Size1 = 1,
+	Size2 = 2,
+	Size4 = 4,
+	Size8 = 8
 };
 
 enum class DebugEventType
@@ -118,12 +125,6 @@ enum class DebugEventType
 	Exception
 };
 
-enum class ContinueStatus
-{
-	Continue,
-
-};
-
 // Structures
 
 struct EnumerateProcessData
@@ -135,6 +136,7 @@ struct EnumerateProcessData
 struct InstructionData
 {
 	int Length;
+	uint8_t Data[15];
 	RC_UnicodeChar Instruction[64];
 };
 
@@ -235,7 +237,7 @@ struct ExceptionDebugInfo
 
 struct DebugEvent
 {
-	ContinueStatus ContinueStatus;
+	DebugContinueStatus ContinueStatus;
 
 	RC_Pointer ProcessId;
 	RC_Pointer ThreadId;
@@ -287,8 +289,8 @@ typedef bool(__stdcall *DebuggerAttachToProcess_Delegate)(RC_Pointer id);
 
 typedef void(__stdcall *DebuggerDetachFromProcess_Delegate)(RC_Pointer id);
 
-typedef bool(__stdcall *DebuggerWaitForDebugEvent_Delegate)(DebugEvent* info);
+typedef bool(__stdcall *DebuggerWaitForDebugEvent_Delegate)(DebugEvent* evt, int timeoutInMilliseconds);
 
 typedef void(__stdcall *DebuggerContinueEvent_Delegate)(DebugEvent* evt);
 
-typedef bool(__stdcall *DebuggerSetHardwareBreakpoint_Delegate)(RC_Pointer processId, RC_Pointer address, HardwareBreakpointRegister reg, HardwareBreakpointType type, HardwareBreakpointSize size, bool set);
+typedef bool(__stdcall *DebuggerSetHardwareBreakpoint_Delegate)(RC_Pointer processId, RC_Pointer address, HardwareBreakpointRegister reg, HardwareBreakpointTrigger type, HardwareBreakpointSize size, bool set);

Nodes/BaseFunctionPtrNode.cs

@@ -118,14 +118,10 @@ private void DisassembleRemoteCode(MemoryBuffer memory, IntPtr address)
 
 				if (!address.IsNull() && memory.Process.IsValid)
 				{
-					var disassembler = new Disassembler();
+					var disassembler = new Disassembler(memory.Process.NativeHelper);
 					instructions.AddRange(
-						disassembler.DisassembleRemoteCode(memory.Process, address, 200)
-#if WIN64
-							.Select(i => $"{i.Address.ToString("X08")} {i.Instruction}")
-#else
-							.Select(i => $"{i.Address.ToString("X04")} {i.Instruction}")
-#endif
+						disassembler.RemoteDisassembleFunction(memory.Process, address, 200)
+							.Select(i => $"{i.Address.ToString(Constants.StringHexFormat)} {i.Instruction}")
 					);
 				}
 			}

Nodes/FunctionNode.cs

@@ -122,16 +122,12 @@ private void DisassembleRemoteCode(MemoryBuffer memory, IntPtr address)
 				{
 					memorySize = 0;
 
-					var disassembler = new Disassembler();
-					foreach (var instruction in disassembler.DisassembleRemoteCode(memory.Process, address, 4096))
+					var disassembler = new Disassembler(memory.Process.NativeHelper);
+					foreach (var instruction in disassembler.RemoteDisassembleFunction(memory.Process, address, 4096))
 					{
 						memorySize += instruction.Length;
 
-#if WIN64
-						instructions.Add($"{instruction.Address.ToString("X08")} {instruction.Instruction}");
-#else
-						instructions.Add($"{instruction.Address.ToString("X04")} {instruction.Instruction}");
-#endif
+						instructions.Add($"{instruction.Address.ToString(Constants.StringHexFormat)} {instruction.Instruction}");
 					}
 
 					ParentNode?.ChildHasChanged(this);