I spent a lot of time looking for SyntaxHighlighter brush for disassembler output. Unfortunately, I didn't find a good one. So, today I have to write my own brushes for it:
Common way to use SyntaxHighlighter in your blog:
<!--SYNTAX HIGHLIGHTER BEGINS-->
<link href='http://alexgorbatchev.com/pub/sh/current/styles/shCore.css' rel='stylesheet' type='text/css'/>
<link href='http://alexgorbatchev.com/pub/sh/current/styles/shThemeDefault.css' rel='stylesheet' type='text/css'/>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shCore.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCpp.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCSharp.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCss.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJava.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJScript.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPhp.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushSql.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushVb.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushXml.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPlain.js' type='text/javascript'></script>
<script src='http://pilin.name/scripts/shBrushWinDbgDisasm.js' type='text/javascript'></script>
<script src='http://pilin.name/scripts/shBrushWinDbgStack.js' type='text/javascript'></script>
<script language='javascript'>
SyntaxHighlighter.config.bloggerMode = true;
SyntaxHighlighter.defaults['toolbar'] = false;
SyntaxHighlighter.config.clipboardSwf = 'http://alexgorbatchev.com/pub/sh/current/scripts/clipboard.swf';
SyntaxHighlighter.all();
</script>
<style type='text/css'>
.syntaxhighlighter { overflow-y : hidden !important; }
</style>
<style>
.syntaxhighlighter table td.gutter .line {
padding: 0 5px !important;
}
.syntaxhighlighter table td.code .line {
padding: 0 !important;
}
.syntaxhighlighter .gutter {
padding-right: 1em !important;
}
.syntaxhighlighter table {
padding-bottom: 1px !important;
}
</style>
<!--SYNTAX HIGHLIGHTER ENDS-->
This is the example:
00000000`776e2b8f ba300d0000 mov edx,0D30h 00000000`776e2b94 48897c2428 mov qword ptr [rsp+28h],rdi 00000000`776e2b99 4889442420 mov qword ptr [rsp+20h],rax 00000000`776e2b9e e83de80600 call ntdll!LdrpLogDbgPrint (00000000`777513e0) 00000000`776e2ba3 8b05877d0d00 mov eax,dword ptr [ntdll!LdrpDebugFlags (00000000`777ba930)] 00000000`776e2ba9 a810 test al,10h 00000000`776e2bab e9b4030000 jmp ntdll!LdrpInitializeProcess+0x1bd0 (00000000`776e2f64) 00000000`776e2bb0 8b057a7d0d00 mov eax,dword ptr [ntdll!LdrpDebugFlags (00000000`777ba930)] 00000000`776e2bb6 a803 test al,3 00000000`776e2bb8 7443 je ntdll!LdrpInitializeProcess+0x1737 (00000000`776e2bfd) 00000000`776e2bba 895c2438 mov dword ptr [rsp+38h],ebx 00000000`776e2bbe 488d8424c0000000 lea rax,[rsp+0C0h] 00000000`776e2bc6 4c8d0533260200 lea r8,[ntdll! ?? ::FNODOBFM::`string' (00000000`77705200)] 00000000`776e2bcd 4889442430 mov qword ptr [rsp+30h],rax 00000000`776e2bd2 488d05e7290200 lea rax,[ntdll! ?? ::FNODOBFM::`string' (00000000`777055c0)] 00000000`776e2bd9 488d0d40d90900 lea rcx,[ntdll! ?? ::FNODOBFM::`string' (00000000`77780520)] 00000000`776e2be0 4533c9 xor r9d,r9d 00000000`776e2be3 ba3f0d0000 mov edx,0D3Fh 00000000`776e2be8 48897c2428 mov qword ptr [rsp+28h],rdi 00000000`776e2bed 4889442420 mov qword ptr [rsp+20h],rax 00000000`776e2bf2 e8e9e70600 call ntdll!LdrpLogDbgPrint (00000000`777513e0) 00000000`776e2bf7 8b05337d0d00 mov eax,dword ptr [ntdll!LdrpDebugFlags (00000000`777ba930)] 00000000`776e2bfd a810 test al,10h 00000000`776e2bff e960030000 jmp ntdll!LdrpInitializeProcess+0x1bd0 (00000000`776e2f64) 00000000`776e2c04 8b05267d0d00 mov eax,dword ptr [ntdll!LdrpDebugFlags (00000000`777ba930)] 00000000`776e2c0a a803 test al,3 00000000`776e2c0c 7443 je ntdll!LdrpInitializeProcess+0x17b6 (00000000`776e2c51) 00000000`776e2c0e 895c2438 mov dword ptr [rsp+38h],ebx 00000000`776e2c12 488d8424c0000000 lea rax,[rsp+0C0h] 00000000`776e2c1a 4c8d05df250200 lea r8,[ntdll! ?? ::FNODOBFM::`string' (00000000`77705200)] 00000000`776e2c21 4889442430 mov qword ptr [rsp+30h],rax 00000000`776e2c26 488d0593290200 lea rax,[ntdll! ?? ::FNODOBFM::`string' (00000000`777055c0)] 00000000`776e2c2d 488d0decd80900 lea rcx,[ntdll! ?? ::FNODOBFM::`string' (00000000`77780520)] 00000000`776e2c34 4533c9 xor r9d,r9d 00000000`776e2c37 ba4e0d0000 mov edx,0D4Eh 00000000`776e2c3c 48897c2428 mov qword ptr [rsp+28h],rdi 00000000`776e2c41 4889442420 mov qword ptr [rsp+20h],rax 00000000`776e2c46 e895e70600 call ntdll!LdrpLogDbgPrint (00000000`777513e0) 00000000`776e2c4b 8b05df7c0d00 mov eax,dword ptr [ntdll!LdrpDebugFlags (00000000`777ba930)] 00000000`776e2c51 a810 test al,10h 00000000`776e2c53 e90c030000 jmp ntdll!LdrpInitializeProcess+0x1bd0 (00000000`776e2f64) 00000000`776e2c58 e8d39e0400 call ntdll!LdrpDoDebuggerBreak (00000000`7772cb30) 00000000`776e2c5d 90 nop 00000000`776e2c5e e9d71cfeff jmp ntdll!LdrpInitializeProcess+0x17c8 (00000000`776c493a) 00000000`776e2c63 488b059ef70c00 mov rax,qword ptr [ntdll!LdrpImageEntry (00000000`777b2408)] 00000000`776e2c6a 498b7f10 mov rdi,qword ptr [r15+10h] 00000000`776e2c6e 498d6f10 lea rbp,[r15+10h] 00000000`776e2c72 488b7050 mov rsi,qword ptr [rax+50h] 00000000`776e2c76 4c392d3b480d00 cmp qword ptr [ntdll!LdrpMscoreeDllHandle (00000000`777b74b8)],r13 00000000`776e2c7d 750f jne ntdll!LdrpInitializeProcess+0x1821 (00000000`776e2c8e) 00000000`776e2c7f e86cac0800 call ntdll!LdrpCorInitialize (00000000`7776d8f0) 00000000`776e2c84 8bd8 mov ebx,eax 00000000`776e2c86 85c0 test eax,eax 00000000`776e2c88 0f88d9020000 js ntdll!LdrpInitializeProcess+0x1bd3 (00000000`776e2f67) 00000000`776e2c8e 488b0d33480d00 mov rcx,qword ptr [ntdll!LdrpCorValidateImageRoutine (00000000`777b74c8)] 00000000`776e2c95 e8b68afeff call ntdll!RtlDecodeSystemPointer (00000000`776cb750) 00000000`776e2c9a 488bd6 mov rdx,rsi 00000000`776e2c9d 488bcd mov rcx,rbp 00000000`776e2ca0 ffd0 call rax 00000000`776e2ca2 8bd8 mov ebx,eax 00000000`776e2ca4 85c0 test eax,eax 00000000`776e2ca6 7808 js ntdll!LdrpInitializeProcess+0x1843 (00000000`776e2cb0) 00000000`776e2ca8 ff0512480d00 inc dword ptr [ntdll!LdrpComPlusDllCount (00000000`777b74c0)] 00000000`776e2cae eb1c jmp ntdll!LdrpInitializeProcess+0x185f (00000000`776e2ccc) 00000000`776e2cb0 44392d09480d00 cmp dword ptr [ntdll!LdrpComPlusDllCount (00000000`777b74c0)],r13d 00000000`776e2cb7 7513 jne ntdll!LdrpInitializeProcess+0x185f (00000000`776e2ccc) 00000000`776e2cb9 488b0df8470d00 mov rcx,qword ptr [ntdll!LdrpMscoreeDllHandle (00000000`777b74b8)] 00000000`776e2cc0 e81b0efcff call ntdll!LdrUnloadDll (00000000`776a3ae0) 00000000`776e2cc5 4c892dec470d00 mov qword ptr [ntdll!LdrpMscoreeDllHandle (00000000`777b74b8)],r13 00000000`776e2ccc 85db test ebx,ebx 00000000`776e2cce 0f8893020000 js ntdll!LdrpInitializeProcess+0x1bd3 (00000000`776e2f67) 00000000`776e2cd4 483b7d00 cmp rdi,qword ptr [rbp] 00000000`776e2cd8 7464 je ntdll!LdrpInitializeProcess+0x18d1 (00000000`776e2d3e) 00000000`776e2cda 488bd7 mov rdx,rdi 00000000`776e2cdd 4883c9ff or rcx,0FFFFFFFFFFFFFFFFh 00000000`776e2ce1 e8cae8feff call ntdll!NtUnmapViewOfSection (00000000`776d15b0) 00000000`776e2ce6 488b5500 mov rdx,qword ptr [rbp]P.S. I will happy to see your feedback...
No comments:
Post a Comment