CyberChef/src/core/operations/DisassembleX86.mjs

/**
 * @author n1474335 [n1474335@gmail.com]
 * @copyright Crown Copyright 2017
 * @license Apache-2.0
 */

import Operation from "../Operation";
import * as disassemble from "../vendor/DisassembleX86-64";
import OperationError from "../errors/OperationError";

/**
 * Disassemble x86 operation
 */
class DisassembleX86 extends Operation {

    /**
     * DisassembleX86 constructor
     */
    constructor() {
        super();

        this.name = "Disassemble x86";
        this.module = "Shellcode";
        this.description = "Disassembly is the process of translating machine language into assembly language.<br><br>This operation supports 64-bit, 32-bit and 16-bit code written for Intel or AMD x86 processors. It is particularly useful for reverse engineering shellcode.<br><br>Input should be in hexadecimal.";
        this.infoURL = "https://wikipedia.org/wiki/X86";
        this.inputType = "string";
        this.outputType = "string";
        this.args = [
            {
                "name": "Bit mode",
                "type": "option",
                "value": ["64", "32", "16"]
            },
            {
                "name": "Compatibility",
                "type": "option",
                "value": [
                    "Full x86 architecture",
                    "Knights Corner",
                    "Larrabee",
                    "Cyrix",
                    "Geode",
                    "Centaur",
                    "X86/486"
                ]
            },
            {
                "name": "Code Segment (CS)",
                "type": "number",
                "value": 16
            },
            {
                "name": "Offset (IP)",
                "type": "number",
                "value": 0
            },
            {
                "name": "Show instruction hex",
                "type": "boolean",
                "value": true
            },
            {
                "name": "Show instruction position",
                "type": "boolean",
                "value": true
            }
        ];
    }

    /**
     * @param {string} input
     * @param {Object[]} args
     * @returns {string}
     *
     * @throws {OperationError} if invalid mode value
     */
    run(input, args) {
        const [
            mode,
            compatibility,
            codeSegment,
            offset,
            showInstructionHex,
            showInstructionPos
        ] = args;

        switch (mode) {
            case "64":
                disassemble.setBitMode(2);
                break;
            case "32":
                disassemble.setBitMode(1);
                break;
            case "16":
                disassemble.setBitMode(0);
                break;
            default:
                throw new OperationError("Invalid mode value");
        }

        switch (compatibility) {
            case "Full x86 architecture":
                disassemble.CompatibilityMode(0);
                break;
            case "Knights Corner":
                disassemble.CompatibilityMode(1);
                break;
            case "Larrabee":
                disassemble.CompatibilityMode(2);
                break;
            case "Cyrix":
                disassemble.CompatibilityMode(3);
                break;
            case "Geode":
                disassemble.CompatibilityMode(4);
                break;
            case "Centaur":
                disassemble.CompatibilityMode(5);
                break;
            case "X86/486":
                disassemble.CompatibilityMode(6);
                break;
        }

        disassemble.SetBasePosition(codeSegment + ":" + offset);
        disassemble.setShowInstructionHex(showInstructionHex);
        disassemble.setShowInstructionPos(showInstructionPos);
        disassemble.LoadBinCode(input.replace(/\s/g, ""));
        return disassemble.LDisassemble();
    }

}

export default DisassembleX86;
Ported x86 Disassembler & PGP ops 2018-05-15 10:15:31 +01:00			`/**`
			`* @author n1474335 [n1474335@gmail.com]`
			`* @copyright Crown Copyright 2017`
			`* @license Apache-2.0`
			`*/`

			`import Operation from "../Operation";`
Actually made these ops work 2018-05-15 16:04:57 +01:00			`import * as disassemble from "../vendor/DisassembleX86-64";`
Changed all error returns to OperationErrors 2018-05-15 18:01:04 +01:00			`import OperationError from "../errors/OperationError";`

Ported x86 Disassembler & PGP ops 2018-05-15 10:15:31 +01:00			`/**`
			`* Disassemble x86 operation`
			`*/`
			`class DisassembleX86 extends Operation {`

			`/**`
			`* DisassembleX86 constructor`
			`*/`
			`constructor() {`
			`super();`

			`this.name = "Disassemble x86";`
			`this.module = "Shellcode";`
			`this.description = "Disassembly is the process of translating machine language into assembly language.<br><br>This operation supports 64-bit, 32-bit and 16-bit code written for Intel or AMD x86 processors. It is particularly useful for reverse engineering shellcode.<br><br>Input should be in hexadecimal.";`
Added more infoLinks and updated newOperation script to include prompt for them. 2018-08-21 19:07:13 +01:00			`this.infoURL = "https://wikipedia.org/wiki/X86";`
Ported x86 Disassembler & PGP ops 2018-05-15 10:15:31 +01:00			`this.inputType = "string";`
			`this.outputType = "string";`
			`this.args = [`
			`{`
			`"name": "Bit mode",`
			`"type": "option",`
			`"value": ["64", "32", "16"]`
			`},`
			`{`
			`"name": "Compatibility",`
			`"type": "option",`
			`"value": [`
			`"Full x86 architecture",`
			`"Knights Corner",`
			`"Larrabee",`
			`"Cyrix",`
			`"Geode",`
			`"Centaur",`
			`"X86/486"`
			`]`
			`},`
			`{`
			`"name": "Code Segment (CS)",`
			`"type": "number",`
			`"value": 16`
			`},`
			`{`
			`"name": "Offset (IP)",`
			`"type": "number",`
			`"value": 0`
			`},`
			`{`
			`"name": "Show instruction hex",`
			`"type": "boolean",`
			`"value": true`
			`},`
			`{`
			`"name": "Show instruction position",`
			`"type": "boolean",`
			`"value": true`
			`}`
			`];`
			`}`

			`/**`
			`* @param {string} input`
			`* @param {Object[]} args`
			`* @returns {string}`
Changed all error returns to OperationErrors 2018-05-15 18:01:04 +01:00			`*`
			`* @throws {OperationError} if invalid mode value`
Ported x86 Disassembler & PGP ops 2018-05-15 10:15:31 +01:00			`*/`
			`run(input, args) {`
ESM: Fixed OperationError detection and tidied up ops. 2018-05-16 10:17:49 +01:00			`const [`
			`mode,`
			`compatibility,`
			`codeSegment,`
			`offset,`
			`showInstructionHex,`
			`showInstructionPos`
			`] = args;`
Ported x86 Disassembler & PGP ops 2018-05-15 10:15:31 +01:00
			`switch (mode) {`
			`case "64":`
			`disassemble.setBitMode(2);`
			`break;`
			`case "32":`
			`disassemble.setBitMode(1);`
			`break;`
			`case "16":`
			`disassemble.setBitMode(0);`
			`break;`
			`default:`
Changed all error returns to OperationErrors 2018-05-15 18:01:04 +01:00			`throw new OperationError("Invalid mode value");`
Ported x86 Disassembler & PGP ops 2018-05-15 10:15:31 +01:00			`}`

			`switch (compatibility) {`
			`case "Full x86 architecture":`
			`disassemble.CompatibilityMode(0);`
			`break;`
			`case "Knights Corner":`
			`disassemble.CompatibilityMode(1);`
			`break;`
			`case "Larrabee":`
			`disassemble.CompatibilityMode(2);`
			`break;`
			`case "Cyrix":`
			`disassemble.CompatibilityMode(3);`
			`break;`
			`case "Geode":`
			`disassemble.CompatibilityMode(4);`
			`break;`
			`case "Centaur":`
			`disassemble.CompatibilityMode(5);`
			`break;`
			`case "X86/486":`
			`disassemble.CompatibilityMode(6);`
			`break;`
			`}`

			`disassemble.SetBasePosition(codeSegment + ":" + offset);`
			`disassemble.setShowInstructionHex(showInstructionHex);`
			`disassemble.setShowInstructionPos(showInstructionPos);`
			`disassemble.LoadBinCode(input.replace(/\s/g, ""));`
			`return disassemble.LDisassemble();`
			`}`

			`}`

			`export default DisassembleX86;`