Lua:Class:Disassembler
{} Class
class Disassembler : Object
The Disassembler class represents a disassembler object.
A Disassembler inherits from Object. It can disassemble instructions and expose additional information about the last disassembled instruction through the LastDisassembleData table.
Contents
- 1 Inheritance
- 2 Creation
- 3 Function Parameters
- 4 Returns
- 5 Global Disassemble Overrides
- 6 Global Override Parameters
- 7 Global Override Callback
- 8 Global Override Returns
- 9 Syntax Highlighting Codes
- 10 Properties
- 11 OnDisassembleOverride Callback
- 12 OnPostDisassemble Callback
- 13 Methods
- 14 LastDisassembleData Fields
- 15 DisAssemblerValueType Values
- 16 Examples
- 17 See Also
Inheritance
| Class | Inherits From | Description |
|---|---|---|
| Disassembler | Object | Disassembles instructions and exposes additional information about the decoded instruction. |
Creation
<> Reference
function createDisassembler() : Disassembler
<> Reference
function getDefaultDisassembler() : Disassembler
<> Reference
function getVisibleDisassembler() : Disassembler
Creates or returns a Disassembler object.
getDefaultDisassembler returns the default disassembler object used by many of Cheat Engine's disassembler routines. Only use this from the main thread.
getVisibleDisassembler is deprecated and only exists for backward compatibility. It returns a stub disassembler. If function overrides are set on it, other visible disassemblers can use those overrides when they do not have their own override.
Function Parameters
These functions have no parameters.
Returns
Disassembler — A Disassembler object.
Global Disassemble Overrides
<> Reference
function registerGlobalDisassembleOverride(function) : userdata
<> Reference
function unregisterGlobalDisassembleOverride(id) : void
registerGlobalDisassembleOverride registers a disassemble override for all disassemblers, including newly created ones.
The registered function behaves like Disassembler.OnDisassembleOverride. Check the sender parameter to determine whether syntax highlighting codes should be used.
Global Override Parameters
| Function | Parameter | Description |
|---|---|---|
| registerGlobalDisassembleOverride(function) | function | The override function to register. It receives sender, address, and LastDisassembleData, and can return opcode and description. |
| unregisterGlobalDisassembleOverride(id) | id | The id returned by registerGlobalDisassembleOverride. |
Global Override Callback
| Parameter | Type | Description |
|---|---|---|
| sender | Disassembler | The Disassembler object that is currently disassembling. |
| address | Integer | The address being disassembled. |
| LastDisassembleData | Table | The last disassemble data table. |
Global Override Returns
| Return Value | Type | Description |
|---|---|---|
| opcode | String | The opcode text to use. |
| description | String | The description text to use. |
Syntax Highlighting Codes
| Code | Description |
|---|---|
| {H} | Marks the following text as a hex value. |
| {R} | Marks the following text as a register. |
| {S} | Marks the following text as a symbol. |
| {N} | Marks the following text as nothing special. |
| {C######} | Sets the foreground RGB color. The color format is 0xBBGGRR. |
| {B######} | Sets the background RGB color. The color format is 0xBBGGRR. |
Properties
| Property | Type | Description |
|---|---|---|
| LastDisassembleData | Table | Information about the last disassembled instruction. |
| OnDisassembleOverride | Function | Function called to override disassembly output. It can return a replacement opcode and description. |
| OnPostDisassemble | Function | Function called after disassembly. It can return a modified result and description. |
| syntaxhighlighting | Boolean | Set to true if syntax highlighting codes are accepted. |
OnDisassembleOverride Callback
| Signature | Description |
|---|---|
| function(sender, address, LastDisassembleData) | Called during disassembly. Can return opcode and description. |
OnPostDisassemble Callback
| Signature | Description |
|---|---|
| function(sender, address, LastDisassembleData, result, description) | Called after disassembly. Can return result and description. |
Methods
| Method | Return Type | Description |
|---|---|---|
| disassemble(address) | String | Disassembles the instruction at the given address and returns the opcode text. It also fills LastDisassembleData. |
| decodeLastParametersToString() | String | Returns the unedited comments information for the last disassembled instruction. This does not include user-defined comments. |
| getLastDisassembleData() | Table | Returns the LastDisassembleData table. |
LastDisassembleData Fields
| Field | Type | Description |
|---|---|---|
| address | Integer | The address that was disassembled. |
| opcode | String | The opcode without parameters. |
| parameters | String | The instruction parameters. |
| description | String | The description of the opcode. |
| commentsoverride | String | If set, this will be used as the comments or decodeLastParametersToString result. |
| bytes | Table | A table containing the bytes of the instruction. The table starts at index 1. |
| modrmValueType | DisAssemblerValueType | Defines the type of the modrmValue field. |
| modrmValue | Integer | The value specified by the ModR/M byte. modrmValueType defines what kind of value it is. |
| parameterValueType | DisAssemblerValueType | Defines the type of the parameterValue field. |
| parameterValue | Integer | The value specified by the parameter part of the instruction. |
| isJump | Boolean | True if the disassembled instruction can change EIP or RIP. This does not include ret. |
| isCall | Boolean | True if the instruction is a call. |
| isRet | Boolean | True if the instruction is a ret. |
| isRep | Boolean | True if the instruction is preceded by a rep prefix. |
| isConditionalJump | Boolean | True if the instruction is a conditional jump. |
DisAssemblerValueType Values
| Value | Integer | Description |
|---|---|---|
| dvtNone | 0 | No value. |
| dvtAddress | 1 | The value represents an address. |
| dvtValue | 2 | The value represents a normal value. |
Examples
local disassembler = createDisassembler()
local address = getAddress("kernel32.GetTickCount")
local opcode = disassembler.disassemble(address)
print(opcode)
local data = disassembler.getLastDisassembleData()
print("Address: " .. string.format("%X", data.address))
print("Opcode: " .. tostring(data.opcode))
print("Parameters: " .. tostring(data.parameters))
print("Description: " .. tostring(data.description))
local disassembler = createDisassembler()
local address = getAddress("kernel32.GetTickCount")
local opcode = disassembler.disassemble(address)
local comment = disassembler.decodeLastParametersToString()
print(opcode)
print(comment)
local disassembler = createDisassembler()
disassembler.OnPostDisassemble = function(sender, address, data, result, description)
if data.isCall then
description = "Call instruction"
elseif data.isJump then
description = "Jump instruction"
end
return result, description
end
local address = getAddress("kernel32.GetTickCount")
local opcode = disassembler.disassemble(address)
print(opcode)
print(disassembler.LastDisassembleData.description)
local id = registerGlobalDisassembleOverride(function(sender, address, data)
if data ~= nil and data.isRet then
return "ret", "Return instruction"
end
end)
-- Later, when the override is no longer needed:
unregisterGlobalDisassembleOverride(id)
See Also
Main Pages
