Searches for decoding data that starts on specified address. On success, sets *psize to size of located data and returns pointer to decoding information. If there is no decoding information, sets *psize to 0 and returns NULL. For each byte of analysed code, corresponding byte of decoding data contains combination of type, procedure and analysis fields:
Type field, use DEC_TYPEMASK to extract it from decoding data:
| DEC_UNKNOWN | Unknown type |
| DEC_BYTE | Byte |
| DEC_WORD | First byte of 16-bit integer |
| DEC_NEXTDATA | Subsequent byte of data |
| DEC_DWORD | First byte of 32-bit integer |
| DEC_FLOAT4 | First byte of 32-bit float |
| DEC_FWORD | First byte of descriptor or long pointer |
| DEC_FLOAT8 | First byte of 64-bit double |
| DEC_QWORD | First byte of 64-bit integer |
| DEC_FLOAT10 | First byte of 80-bit long double |
| DEC_TBYTE | First byte of 10-byte BCD integer |
| DEC_STRING | First byte of ASCII string |
| DEC_UNICODE | First byte of UNICODE string |
| DEC_3DNOW | First byte of 3DNow! operand |
| DEC_SSE | First byte of SSE operand |
| DEC_BYTESW | Byte which is a second-level switch index |
| DEC_NEXTCODE | Subsequent byte of command |
| DEC_COMMAND | First byte of command |
| DEC_JMPDEST | First byte of command that is jump destination |
| DEC_CALLDEST | First byte of command that is call (and maybe jump) destination |
Procedure field, use DEC_PROCMASK to extract it from decoding data:
| DEC_PROC | Start of procedure |
| DEC_PBODY | Body of procedure |
| DEC_PEND | End of procedure |
Bit DEC_CHECKED, if set, reports that byte was analyzed.
char *Finddecode(ulong addr,ulong *psize);
Parameters:
addr - address of the first byte in the memory space of debugged process for which decoding information is requested;
psize - pointer to variable that will receive size of found decoding data or NULL.
See also: Findmodule, Findfixup, Findfileoffset