/////////////////////////////////////////////////////////////////////////
//
// Delphi 调用BeaEngine 反汇编的例子
// 这是使用 DLL 的版本,Release程序的时候需要将 BeaEngine.dll一同发布
//
// By Zoologist
// www.lab-z.com
// 2013-02-21
/////////////////////////////////////////////////////////////////////////
program BeaConsoleTest;

{$APPTYPE CONSOLE}

uses
SysUtils,BeaEngineDelphi32;

procedure DisasmCode;
var
MyDisasm:TDISASM;
i,len:integer;
begin
// ======== Init the TDisasm structure (important !)
FillChar(MyDisasm,sizeof(TDISASM),0);

// ======== Init EIP
MyDisasm.EIP:=Int64(@DisasmCode);
MyDisasm.Archi:=0;
MyDisasm.Options:=NoTabulation + MasmSyntax;

// ======== Loop for Disasm
for i:=1 to 20 do
begin
len:=Disasm(MyDisasm);
Writeln(IntToHex(MyDisasm.EIP,2)+' '+MyDisasm.CompleteInstr);
MyDisasm.EIP:=MyDisasm.EIP+len;
end;
end;

begin
Writeln('This is a BeaEngine Test program for delphi.');
DisasmCode;
Writeln('Press Enter to exit...');
Readln;
end.

特别的需要修改 BeaEngineDelphi32.pas 打开使用 DLL 反编译方式

// ====================================================================
// [+] BranchTaken,BranchNotTaken added in TPREFIXINFO v3.1.0
unit BeaEngineDelphi32;
// ====================================================================
// Default link type is static lib
// comment below line to switch link with DLL
// ====================================================================
{$DEFINE USEDLL}
// ====================================================================
// Copyright 2006-2009, BeatriX
// File coded by BeatriX

编译之后的EXE需要连同 DLL 一起发布才能正常工作。下面是完整的例子

Bea1

Leave a Reply

电子邮件地址不会被公开。 必填项已用*标注

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>