Commit cc5d9186 authored by Joao Eriberto Mota Filho's avatar Joao Eriberto Mota Filho Committed by Sophie Brun

Imported Debian patch 3.0-2

parents 7e7ec793 113b4151
COPYING
setup.cfg
setup.py
include\distorm.h
include\mnemonics.h
python\distorm3\__init__.py
python\distorm3\sample.py
src\config.h
src\decoder.c
src\decoder.h
src\distorm.c
src\instructions.c
src\instructions.h
src\insts.c
src\insts.h
src\mnemonics.c
src\operands.c
src\operands.h
src\prefix.c
src\prefix.h
src\textdefs.c
src\textdefs.h
src\wstring.c
src\wstring.h
src\x86defs.h
include COPYING setup.cfg setup.py
recursive-include src *.c *.h
recursive-include include *.c *.h
recursive-include . *.py
\ No newline at end of file
Metadata-Version: 1.1
Name: distorm3
Version: 3
Summary: The goal of diStorm3 is to decode x86/AMD64 binary streams and return a structure that describes each instruction.
Home-page: http://code.google.com/p/distorm/
Author: Gil Dabah
Author-email: arkon@ragestorm.net
License: UNKNOWN
Download-URL: http://code.google.com/p/distorm/
Description: Powerful Disassembler Library For AMD64
by Gil Dabah (arkon@ragestorm.net)
Python bindings by Mario Vilas (mvilas@gmail.com)
Platform: cygwin
Platform: win
Platform: linux
Platform: macosx
Classifier: License :: OSI Approved :: GPLv3 License
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Natural Language :: English
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Topic :: Software Development :: Disassemblers
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires: ctypes
Provides: distorm3
distorm3 (3.3-1kali0) kali; urgency=low
distorm3 (3.0-2) unstable; urgency=medium
* Initial release
* Bumped Standards-Version to 3.9.6.
* debian/control: added dh-python as build dependency.
-- Devon Kearns <dookie@kali.org> Mon, 01 Apr 2013 13:31:02 -0600
-- Joao Eriberto Mota Filho <eriberto@debian.org> Sun, 26 Oct 2014 19:27:10 -0200
distorm3 (3.0-1) unstable; urgency=low
* Initial release (Closes: #759767)
-- Joao Eriberto Mota Filho <eriberto@debian.org> Sat, 30 Aug 2014 00:45:31 -0300
Source: distorm3
Section: utils
Priority: extra
Maintainer: Devon Kearns <dookie@kali.org>
Build-Depends: debhelper (>= 8.0.0), python, python-support
Standards-Version: 3.9.3
Homepage: http://code.google.com/p/distorm/
Vcs-Git: ssh://git@git.kali.org/packages/distorm3.git
Vcs-Browser: http://git.kali.org/gitweb/?p=packages/distorm3.git;a=summary
Section: libs
Priority: optional
Maintainer: Joao Eriberto Mota Filho <eriberto@debian.org>
Build-Depends: debhelper (>= 9), python, dh-python
Standards-Version: 3.9.6
Homepage: http://code.google.com/p/distorm
Vcs-Git: git://anonscm.debian.org/collab-maint/distorm3.git
Vcs-Browser: http://anonscm.debian.org/cgit/collab-maint/distorm3.git
X-Python-Version: 2.6, 2.7
Package: distorm3
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, python, python-support
Description: Powerful Disassembler Library For x86/AMD64
diStorm is a lightweight, easy-to-use and fast decomposer library.
Package: libdistorm3-3
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: powerful disassembler library for x86/AMD64 binary streams
diStorm3 is a binary stream disassembler library project.
.
diStorm disassembles instructions in 16, 32 and 64 bit modes. Supported
instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow!
(w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX!
With diStorm3, no more parsing strings is needed. diStorm3 is really a
decomposer, which means it takes an instruction and returns a binary
structure which describes it rather than static text. This is great for
advanced binary code analysis.
.
The output of new interface of diStorm is a special structure that can describe
any x86 instruction, this structure can be later formatted into text for
display too.
This package provides the shared library.
Package: libdistorm3-dev
Architecture: any
Section: libdevel
Depends: ${misc:Depends}, libdistorm3-3 (= ${binary:Version})
Description: powerful disassembler library for x86/AMD64 binary streams (development files)
diStorm3 is a binary stream disassembler library project.
.
With diStorm3, no more parsing strings is needed. diStorm3 is really a
decomposer, which means it takes an instruction and returns a binary
structure which describes it rather than static text. This is great for
advanced binary code analysis.
.
diStorm is written in C, but for rapidly use, diStorm also has wrappers in
Python/Ruby/Java and can easily be used in C as well. It is also the fastest
disassembler library!
This package provides the development files.
Package: python-distorm3
Architecture: all
Section: python
Depends: ${misc:Depends}, libdistorm3-3 (>= ${source:Version})
Description: powerful disassembler library for x86/AMD64 binary streams (Python bindings)
diStorm3 is a binary stream disassembler library project.
.
The source code is very clean, readable, portable and platform independent
(supports both little and big endianity). diStorm solely depends on the C
library, therefore it can be used in embedded or kernel modules.
With diStorm3, no more parsing strings is needed. diStorm3 is really a
decomposer, which means it takes an instruction and returns a binary
structure which describes it rather than static text. This is great for
advanced binary code analysis.
.
Note that diStorm3 is backward compatible with the interface of diStorm64
(however, make sure you use the newest header files).
This package provides the Python bindings.
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: distorm3
Source: http://code.google.com/p/distorm/
Source: http://code.google.com/p/distorm/downloads/list
Files: *
Copyright: Gil Dabah <arkon@ragestorm.net>
Copyright: 2003-2012 Gil Dabah <distorm@gmail.com, arkon@ragestorm.net>
License: GPL-3+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>
.
On Debian systems, the complete text of the GNU General
Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
Files: setup.py
Copyright: 2009 Mario Vilas <mvilas@gmail.com>
2010 Rob Ruanda
? Gil Dabah <distorm@gmail.com>
License: GPL-3
Files: debian/*
Copyright: 2013 Devon Kearns <dookie@localhost.localdomain>
License: GPL-2+
This package is free software; you can redistribute it and/or modify
Copyright: 2014 Joao Eriberto Mota Filho <eriberto@debian.org>
License: GPL-3+
License: GPL-3 or GPL-3+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful,
......@@ -35,7 +28,7 @@ License: GPL-2+
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>
along with this program. If not, see <http://www.gnu.org/licenses/>.
.
On Debian systems, the complete text of the GNU General
Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
libdistorm3 for Debian
----------------------
The complete documentation for diStorm3 and code samples are available at
http://code.google.com/p/distorm/w/list.
-- Joao Eriberto Mota Filho <eriberto@debian.org> Thu, 04 Sep 2014 22:52:30 -0300
usr/lib/libdistorm3.so.3.0 usr/lib/libdistorm3.so.3
libdistorm3.so.3 libdistorm3-3 #MINVER#
CmpMnemonicOffsets@Base 3
FlagsTable@Base 3
II_3DNOW@Base 3
II_MOVSXD@Base 3
II_NOP@Base 3
II_PAUSE@Base 3
II_WAIT@Base 3
InstInfos@Base 3
InstInfosEx@Base 3
InstSharedInfoTable@Base 3
InstructionsTree@Base 3
Table_0F@Base 3
Table_0F_0F@Base 3
Table_0F_38@Base 3
Table_0F_3A@Base 3
VCmpMnemonicOffsets@Base 3
_MNEMONICS@Base 3
_REGISTERS@Base 3
_REGISTERTORCLASS@Base 3
chrcat_WS@Base 3
decode_internal@Base 3
distorm_decode64@Base 3
distorm_decompose64@Base 3
distorm_format64@Base 3
distorm_version@Base 3
inst_lookup@Base 3
inst_lookup_3dnow@Base 3
operands_extract@Base 3
prefixes_decode@Base 3
prefixes_ignore@Base 3
prefixes_ignore_all@Base 3
prefixes_is_valid@Base 3
prefixes_set_unused_mask@Base 3
prefixes_use_segment@Base 3
str_code_hb@Base 3
str_code_hdw@Base 3
str_code_hqw@Base 3
str_hex_b@Base 3
str_off64@Base 3
strcat_WS@Base 3
strcatlen_WS@Base 3
strclear_WS@Base 3
strcpylen_WS@Base 3
include/* usr/lib/include/distorm3
usr/lib/libdistorm3.so.3.0 usr/lib/libdistorm3.so
Description: add libdistorm3.so.3 to potential libraries list.
Author: Joao Eriberto Mota Filho <eriberto@debian.org>
Last-Update: 2014-09-04
Index: distorm3-3.0/python/distorm3/__init__.py
===================================================================
--- distorm3-3.0.orig/python/distorm3/__init__.py
+++ distorm3-3.0/python/distorm3/__init__.py
@@ -33,7 +33,7 @@ from os.path import split, join
# Guess the DLL filename and load the library.
_distorm_path = split(__file__)[0]
-potential_libs = ['distorm3.dll', 'libdistorm3.dll', 'libdistorm3.so', 'libdistorm3.dylib']
+potential_libs = ['/usr/lib/libdistorm3.so.3']
lib_was_found = False
for i in potential_libs:
try:
usr/lib/python*/dist-packages/distorm3/*init*.py
usr/lib/python*/dist-packages/*-info
usr/lib/python*/dist-packages/distorm3/sample.py usr/share/doc/python-distorm3/examples
#!/usr/bin/make -f
# -*- makefile -*-
# Sample debian/rules that uses debhelper.
# This file was originally written by Joey Hess and Craig Small.
# As a special exception, when this file is copied by dh-make into a
# dh-make output file, you may use that output file without restriction.
# This special exception was added by Craig Small in version 0.37 of dh-make.
#DH_VERBOSE=1
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
# The lib SONAME version:
LIBSVERSION=3
# The lib real version:
LIBRVERSION=3.0
DESTDIR=$(CURDIR)/debian/libdistorm3-3
TEMPDEB=$(CURDIR)/debian/tmp
export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed,-soname,libdistorm3.so.$(LIBSVERSION) -Wl,-z,now
%:
dh $@
dh $@ --parallel --with python2
override_dh_install:
dh_install
cp $(TEMPDEB)/usr/lib/python2.7/dist-packages/distorm3/libdistorm3.so $(DESTDIR)/usr/lib/libdistorm3.so.$(LIBRVERSION)
version=3
http://code.google.com/p/distorm/downloads/list?can=1 .*/distorm3.(?:zip|tgz|tbz2|txz|tar\.gz|tar\.bz2|tar\.xz)
opts=dversionmangle=s/\.0$// \
http://code.google.com/p/distorm/downloads/list .*distorm3-(\d\S*)-sdist\.(?:zip|tar\.(?:bz2|gz|xz)).*
This diff is collapsed.
This diff is collapsed.
#
# x86header.py
#
# Copyright (C) 2009 Gil Dabah, http://ragestorm.net/disops/
#
class OperandType:
""" Types of possible operands in an opcode.
Refer to the diStorm's documentation or diStorm's instructions.h
for more explanation about every one of them. """
(NONE,
IMM8,
IMM16,
IMM_FULL,
IMM32,
SEIMM8,
IMM16_1, # NEW
IMM8_1, # NEW
IMM8_2, # NEW
REG8,
REG16,
REG_FULL,
REG32,
REG32_64,
FREG32_64_RM,
RM8,
RM16,
RM_FULL,
RM32_64,
RM16_32,
FPUM16,
FPUM32,
FPUM64,
FPUM80,
R32_M8,
R32_M16,
R32_64_M8,
R32_64_M16,
RFULL_M16,
CREG,
DREG,
SREG,
SEG,
ACC8,
ACC16,
ACC_FULL,
ACC_FULL_NOT64,
MEM16_FULL,
PTR16_FULL,
MEM16_3264,
RELCB,
RELC_FULL,
MEM,
MEM_OPT, # NEW
MEM32,
MEM32_64, # NEW
MEM64,
MEM128,
MEM64_128,
MOFFS8,
MOFFS_FULL,
CONST1,
REGCL,
IB_RB,
IB_R_FULL,
REGI_ESI,
REGI_EDI,
REGI_EBXAL,
REGI_EAX,
REGDX,
REGECX,
FPU_SI,
FPU_SSI,
FPU_SIS,
MM,
MM_RM,
MM32,
MM64,
XMM,
XMM_RM,
XMM16,
XMM32,
XMM64,
XMM128,
REGXMM0,
# Below new for AVX:
RM32,
REG32_64_M8,
REG32_64_M16,
WREG32_64,
WRM32_64,
WXMM32_64,
VXMM,
XMM_IMM,
YXMM,
YXMM_IMM,
YMM,
YMM256,
VYMM,
VYXMM,
YXMM64_256,
YXMM128_256,
LXMM64_128,
LMEM128_256) = range(93)
class OpcodeLength:
""" The length of the opcode in bytes.
Where a suffix of '3' means we have to read the REG field of the ModR/M byte (REG size is 3 bits).
Suffix of 'd' means it's a Divided instruction (see documentation),
tells the disassembler to read the REG field or the whole next byte.
OL_33 and OL_4 are used in raw opcode bytes, they include the mandatory prefix,
therefore when they are defined in the instruction tables, the mandatory prefix table is added,
and they become OL_23 and OL_3 correspondingly. There is no effective opcode which is more than 3 bytes. """
(OL_1, # 0
OL_13, # 1
OL_1d, # 2 - Can be prefixed (only by WAIT/9b)
OL_2, # 3 - Can be prefixed
OL_23, # 4 - Can be prefixed
OL_2d, # 5
OL_3, # 6 - Can be prefixed
OL_33, # 7 - Internal only
OL_4 # 8 - Internal only
) = range(9)
""" Next-Opcode-Length dictionary is used in order to recursively build the instructions' tables dynamically.
It is used in such a way that it indicates how many more nested tables
we have to build and link starting from a given OL. """
NextOL = {OL_13: OL_1, OL_1d: OL_1, OL_2: OL_1, OL_23: OL_13,
OL_2d: OL_1d, OL_3: OL_2, OL_33: OL_23, OL_4: OL_3}
class InstFlag:
""" Instruction Flag contains all bit mask constants for describing an instruction.
You can bitwise-or the flags. See diStorm's documentation for more explanation.
The GEN_BLOCK is a special flag, it is used in the tables generator only;
See GenBlock class inside x86db.py. """
FLAGS_EX_START_INDEX = 32
INST_FLAGS_NONE = 0
(MODRM_REQUIRED, # 0
NOT_DIVIDED, # 1
_16BITS, # 2
_32BITS, # 3
PRE_LOCK, # 4
PRE_REPNZ, # 5
PRE_REP, # 6
PRE_CS, # 7
PRE_SS, # 8
PRE_DS, # 9
PRE_ES, # 10
PRE_FS, # 11
PRE_GS, # 12
PRE_OP_SIZE, # 13
PRE_ADDR_SIZE, # 14
NATIVE, # 15
USE_EXMNEMONIC, # 16
USE_OP3, # 17
USE_OP4, # 18
MNEMONIC_MODRM_BASED, # 19
MODRR_REQUIRED, # 20
_3DNOW_FETCH, # 21
PSEUDO_OPCODE, # 22
INVALID_64BITS, # 23
_64BITS, # 24
PRE_REX, # 25
USE_EXMNEMONIC2, # 26
_64BITS_FETCH, # 27
FORCE_REG0, # 28
PRE_VEX, # 29
MODRM_INCLUDED, # 30
DST_WR, # 31
VEX_L, # 32 From here on: flagsEx.
VEX_W, # 33
MNEMONIC_VEXW_BASED, # 34
MNEMONIC_VEXL_BASED, # 35
FORCE_VEXL, # 36
MODRR_BASED, # 37
VEX_V_UNUSED, # 38
GEN_BLOCK, # 39 From here on: internal to disOps.
EXPORTED # 40
) = [1 << i for i in xrange(41)]
# Nodes are extended if they have any of the following flags:
EXTENDED = (PRE_VEX | USE_EXMNEMONIC | USE_EXMNEMONIC2 | USE_OP3 | USE_OP4)
SEGMENTS = (PRE_CS | PRE_SS | PRE_DS | PRE_ES | PRE_FS | PRE_FS)
class ISetClass:
""" Instruction-Set-Class indicates to which set the instruction belongs.
These types are taken from the documentation of Intel/AMD. """
(INTEGER,
FPU,
P6,
MMX,
SSE,
SSE2,
SSE3,
SSSE3,
SSE4_1,
SSE4_2,
SSE4_A,
_3DNOW,
_3DNOWEXT,
VMX,
SVM,
AVX,
FMA,
CLMUL,
AES) = range(1, 20)
class FlowControl:
""" The flow control instruction will be flagged in the lo nibble of the 'meta' field in _InstInfo of diStorm.
They are used to distinguish between flow control instructions (such as: ret, call, jmp, jz, etc) to normal ones. """
(CALL,
RET,
SYS,
UNC_BRANCH,
CND_BRANCH,
INT,
CMOV) = range(1, 8)
class NodeType:
""" A node can really be an object holder for an instruction-info object or
another table (list) with a different size.
GROUP - 8 entries in the table
FULL - 256 entries in the table.
Divided - 72 entries in the table (ranges: 0x0-0x7, 0xc0-0xff).
Prefixed - 12 entries in the table (none, 0x66, 0xf2, 0xf3). """
(NONE, # 0
INFO, # 1
INFOEX, # 2
LIST_GROUP, # 3
LIST_FULL, # 4
LIST_DIVIDED, # 5
LIST_PREFIXED # 6
) = range(0, 7)
class CPUFlags:
""" Specifies all the flags that the x86/x64 CPU supports. """
(ZF, # 0
SF, # 1
CF, # 2
OF, # 3
PF, # 4
AF, # 5
DF, # 6
IF # 7
) = [1 << i for i in xrange(8)]
This source diff could not be displayed because it is too large. You can view the blob instead.
diStorm3 for Ring 0
Gil Dabah Aug 2010
http://ragestorm.net/distorm/
Tested sample with DDK 7600.16385.1 using WinXPSP2.
Steps of how to build the diStorm64 sample using the DDK.
Warning - Make sure the path you extracted diStorm to does not include any spaces, otherwise you will get an error from the build.
1) Open the DDK's build environment, for example: "Win XP Free Build Environment",
which readies the evnrionment variables for building a driver. Or run the SETENV.BAT in console.
2) Launch "build", once you're in the directory of the /ddkproj.
3) If everything worked smoothly, you should see a new file named "distorm.sys" under objfre_wxp_x86\i386
(that's if you use WinXP and the Free Environment).
- If you experienced any errors, try moving the whole distorm directory to c:\winddk\src\
(or any other directory tree which doesn't contain spaces in its name).
4) Now you will have to register the new driver:
a. Copy the distorm.sys file to \windows\system32\drivers\.
b. Use the DDK's regini.exe with the supplied distorm.ini.
c. Restart Windows for the effect to take place. :(
**The alternative is to use some tool like KmdManager.exe, which will register the driver without a need for the .ini file, nor a reboot.
5) Now open your favorite debug-strings monitor (mine is DebugView).
Make sure you monitor kernel debug-strings.
6) Launching "net start distorm" from command line, will run the DriverEntry code in "main.c",
which will disassemble a few instructions from the KeBugcheck routine and dump it using DbgPrint.
NOTES:
-+----
The sample uses the stack for storing the results from the decode function.
If you have too many structures on the stack, you better allocate memory before calling the decode function,
and later on free that memory. Don't use the NONPAGED pool if you don't really need it.
_OffsetType is the type of the DecodedInstruction.Offset field, which defaults to 64bits,
so make sure that when you print this variable you use %I64X, or when you use it anywhere else, you use the _OffsetType as well.
Notice that we call directly distorm_decode64, since we SUPPORT_64BIT_OFFSET and because we don't have the macros of distorm.h.
diStorm can be really compiled for all IRQL, it doesn't use any resource or the standard C library at all.
Although the sample uses diStorm at PASSIVE level.
\registry\machine\system\currentcontrolset\services\distorm
ImagePath = system32\drivers\distorm.sys
DisplayName = "distorm"
Type = REG_DWORD 0x1
Start = REG_DWORD 0x3
Group = Extended base
ErrorControl = REG_DWORD 0x1
\registry\machine\system\currentcontrolset\services\distorm\Parameters
BreakOnEntry = REG_DWORD 0x0
DebugMask = REG_DWORD 0x0
LogEvents = REG_DWORD 0x0
\ No newline at end of file
// Since the DDK's nmake is limited with directories, we will bypass that with this simple hack.
// Thanks to Razvan Hobeanu.
// Sep 2009.
#include "../src/mnemonics.c"
#include "../src/wstring.c"
#include "../src/textdefs.c"
#include "../src/x86defs.c"
#include "../src/prefix.c"
#include "../src/operands.c"
#include "../src/insts.c"
#include "../src/instructions.c"
#include "../src/distorm.c"
#include "../src/decoder.c"
/*
* main.c
* Sample kernel driver to show how diStorm can be easily compiled and used in Ring 0.
*
* /// Follow the README file in order to compile diStorm using the DDK. \\\
*
* Izik, Gil Dabah
* Jan 2007
* http://ragestorm.net/distorm/
*/
#include <ntddk.h>
#include "../include/distorm.h"
#include "dummy.c"
// The number of the array of instructions the decoder function will use to return the disassembled instructions.
// Play with this value for performance...
#define MAX_INSTRUCTIONS (15)
void DriverUnload(IN PDRIVER_OBJECT DriverObject)
{
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
UNICODE_STRING pFcnName;
// Holds the result of the decoding.
_DecodeResult res;
// Decoded instruction information.
_DecodedInst decodedInstructions[MAX_INSTRUCTIONS];
// next is used for instruction's offset synchronization.
// decodedInstructionsCount holds the count of filled instructions' array by the decoder.
unsigned int decodedInstructionsCount = 0, i, next;
// Default decoding mode is 32 bits, could be set by command line.
_DecodeType dt = Decode32Bits;
// Default offset for buffer is 0, could be set in command line.
_OffsetType offset = 0;
char* errch = NULL;
// Buffer to disassemble.
unsigned char *buf;
int len = 100;
// Register unload routine
DriverObject->DriverUnload = DriverUnload;
DbgPrint("diStorm Loaded!\n");
// Get address of KeBugCheck
RtlInitUnicodeString(&pFcnName, L"KeBugCheck");
buf = (char *)MmGetSystemRoutineAddress(&pFcnName);
offset = (unsigned) (_OffsetType)buf;
DbgPrint("Resolving KeBugCheck @ 0x%08x\n", buf);
// Decode the buffer at given offset (virtual address).
while (1) {
res = distorm_decode64(offset, (const unsigned char*)buf, len, dt, decodedInstructions, MAX_INSTRUCTIONS, &decodedInstructionsCount);
if (res == DECRES_INPUTERR) {
DbgPrint(("NULL Buffer?!\n"));
break;
}
for (i = 0; i < decodedInstructionsCount; i++) {
// Note that we print the offset as a 64 bits variable!!!
// It might be that you'll have to change it to %08X...