.hi all,
im try to get the commands operands size info out of my disassembled code - im using an idc-script and IDA 5 Freeware
(the script is at the end of the post, just as an reference)
my script produces following information:
dissasm: sub sp, 12h
code: 0x83
mnem: sub
operand 0: register 00000004 sp
operand 1: immediate 00000012 12h
dissasm: push di
code: 0x57
mnem: push
operand 0: register 00000007 di
dissasm: mov word_44CEE, dx
code: 0x89
mnem: mov
operand 0: memref 0000957e word_44CEE
operand 1: register 00000002 dx
dissasm: push [bp+arg_2]
code: 0xff
mnem: push
operand 0: base+index+disp 00000008 [bp+arg_2]
dissasm: mov word ptr dword_438E8+2, dx
code: 0x89
mnem: mov
operand 0: memref 0000817a word ptr dword_438E8+2
operand 1: register 00000002 dx
....
now my question is: how can get the size of the operands (its easy when registers are used nr=>register=>size), but
what about the immediate and the memory-access operand size?
to produce something like
sub sp,12h --> sub reg:sp(word), immediate:12h(byte)
push di --> push reg:di(word)
mov word_44CEE,dx --> mov mem:word_44CEE(word), reg:dx(word)
push [bp+arg_2] --> push mem:bp+arg_2(word)
mov word ptr dword_438E+2,dx --> mov mem:dword_438E+2(word),reg:dx(word)
...
i saw a op_t struct in my ida book but there seems to be no way of using this or DecodeInstruction inside
of my idc
any ideas how can i solve this problem - do i need to use the SDK?
the script:
#include <idc.idc>
static showoperands(f,ea)
{
auto i;
for (i=0 ; GetOpType(ea, i) ; i++)
{
fprintf(f,"operand %d: %s %08lx %s\n", i, OpTypeString(GetOpType(ea, i)), GetOperandValue(ea, i), GetOpnd(ea, i));
}
}
static OpTypeString(t)
{
if (t==1) return "register";
if (t==2) return "memref";
if (t==3) return "base+index";
if (t==4) return "base+index+disp";
if (t==5) return "immediate";
if (t==6) return "immfar";
if (t==7) return "immnear";
}
static main()
{
auto addr;
auto disass;
auto mnem;
auto f;
auto f_mnem;
auto op_type;
auto op_str;
auto op_nr;
auto i;
auto first_byte;
auto cmd;
auto prefix;
f = fopen("c:\\temp\\dis.txt", "w+");
f_mnem = fopen("c:\\temp\\dis.mnem.txt", "w+");
addr = 0;
for(;;)
{
addr = FindCode(addr,SEARCH_DOWN);
if(addr == BADADDR) break;
mnem = GetMnem(addr);
disass = GetDisasm(addr);
first_byte = Byte(addr);
fprintf(f,"dissasm: %s\n", disass);
fprintf(f,"code: 0x%02x\n",first_byte);
fprintf(f,"dis: %s\n",disass);
fprintf(f,"mnem: %s\n",mnem);
fprintf(f_mnem,"%s\t0x%02x\t%s\n",mnem,first_byte,prefix);
showoperands( f, addr );
fprintf(f,"\n");
}
}
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}