Disassembles command, determines its size and decodes operands. Returns size of the command. Disasm functionality depends on the selected mode and global disassembling/analysis options. See description of t_disasm for more details:
| Mode | Actions |
| DISASM_SIZE | Fastest mode, only calculates command size |
| DISASM_DATA | Extracts most important data, no textual information |
| DISASM_TRACE | Extracts most important data and traces contents of integer registers, no textual information |
| DISASM_FILE | Disassembles command in assumption that registers are undefined and symbolic names are invalid. Usually used to disassemble contents of file |
| DISASM_CODE | Disassembles command assuming that registers are undefined |
| DISASM_ALL | Complete and relatively slow disassembly |
ulong Disasm(char *src,ulong srcsize,ulong srcip,char *srcdec,t_disasm *disasm,int disasmmode,ulong threadid);
Parameters:
src - pointer to binary command that must be disassembled;
srcsize - size of src. Length of 80x86 commands is limited to MAXCMDSIZE bytes;
srcip - address of the command;
srcdec - pointer to decoding data produced by Analyzer or NULL if decoding data is absent. You must supply srcdec if you want to decode switch tables, constants and strings;
disasm - pointer to t_disasm structure that receives results of disassembling;
disasmmode - disassembly mode, one of DISASM_xxx. See desctiption of t_disasm and table above;
threadid - identifier of thread containing registers, or NULL if registers are undefined.
See also: Readmemory, Finddecode, t_disasm, MAXCMDSIZE