t_disasm

Keeps information about the command disassembled by Disasm(). Which fields of t_disasm will be filled depends on the parameter cmdmode (combination of flags DA_xxx) passed to Disasm().

typedef struct t_disasm {              // Disassembled command
  ulong          hilitereg;            // (in) One of OP_SOMEREG if reg highlighting
  int            hiregindex;           // (in) Index of register to highlight
  int            hiliteindex;          // (in) Index of highlighting scheme (0: none)
  ulong          ip;                   // (out) Address of first command byte
  ulong          size;                 //
(out) Full length of command, bytes
  ulong          cmdtype;              //
(out) Type of command, D_xxx
  ulong          exttype;              // (out) More features, set of DX_xxx
  ulong          prefixes;             //
(out) List of prefixes, set of PF_xxx
  ulong          nprefix;              //
(out) Number of prefixes, including SSE2
  ulong          memfixup;             //
(out) Offset of first 4-byte fixup or -1
  ulong          immfixup;             //
(out) Offset of second 4-byte fixup or -1
  int            errors;               //
(out) Set of DAE_xxx
  int            warnings;             //
(out) Set of DAW_xxx
  ulong          uses;                 //
(out) List of used registers
  ulong          modifies;             //
(out) List of modified registers
  int            condition;            //
(out) Condition, one of DAF_xxx
  ulong          jmpaddr;              //
(out) Jump/call destination or 0
  ulong          memconst;             //
(out) Constant in memory address or 0
  ulong          stackinc;             //
(out) Data size in ENTER/RETN/RETF
  t_operand      op[NOPERAND];         //
(out) Operands
  wchar_t        dump[TEXTLEN];        //
(out) Hex dump of the command
  wchar_t        result[TEXTLEN];      //
(out) Fully decoded command as text
  uchar          mask[TEXTLEN];        //
(out) Mask to highlight result
  int            maskvalid;            //
(out) Mask corresponds to result
  wchar_t        comment[TEXTLEN];     //
(out) Comment that applies to the whole command
} t_disasm;


Members:

hilitereg
Input parameter, used only if flags DA_TEXT and DA_HILITE in call to Disasm() are both set. If hilitereg is one of the OP_SOMEREG bits and hiregindex is a valid register index (0..7), corresponding register or its part will be highlighted in the mask. For example, if hilitereg=OP_REGISTER and hiregindex=REG_EAX, Disasm() will highlight EAX, AX, AH, AL or any memory address that uses EAX as index or base. Register highlighting has higher priority than command or operand highlighting, but this can be changed by setting hidden initialization option "Remove code hilite on register hilite" to 0
hiregindex
Input parameter, index of register to highlight. If hilitereg is OP_REGISTER, use constants REG_EAX..REG_EDI
hiliteindex
Input parameter, index of command highlighting scheme (NOHILITE..HILITE7). Taken into account only if flags DA_TEXT and DA_HILITE are set and highlighting is not disabled by hilitereg
ip
Address of the disassembled command, repeats parameter cmdip in the call to Disasm()
size
Length of the disassembled command, bytes
cmdtype
Type of the disassembled command as a combination of flags D_xxx. If decoding information is supplied and specifies data, cmdtype is set to D_DATA
exttype
Continuation of cmdtype as a combination of flags DX_xxx. If decoding information is supplied and specifies data, exttype is set to 0
prefixes
List of prefixes in the disassembled command as a combination of flags PF_xxx
nprefix
Number of prefixes in the command, including SSE prefixes 0x66, 0xF2 and 0xF3. Note that OllyDbg treats code 0x0F as part of the command
memfixup
Offset of the first possible 4-byte fixup (memory offset) within the command or 0xFFFFFFFF if none
immfixup
Offset of the second possible 4-byte fixup (immediate constant) within the command or 0xFFFFFFFF if none
errors
List of errors detected by Disassembler or DAE_NOERR if no errors were detected. Several flags may be set at once:
DAE_BADCMD - unknown or unrecognized command
DAE_CROSS - command is longer than memory block passed to Disasm()
DAE_MEMORY - command specifies register where only memory is allowed
DAE_REGISTER
- command specifies memory where only register is allowed
DAE_LOCK - LOCK prefix is specified but is not allowed by the command
DAE_BADSEG - invalid segment register
DAE_SAMEPREF - two explicit prefixes from the same group are specified simultaneously
DAE_MANYPREF - command contains more than 4 prefixes
DAE_BADCR - invalid CR register
DAE_INTERN - internal error

warnings
List of warnings detected by Disassembler or 0 if no warnings were issued. Several flags may be set at once:
DAW_DATASIZE - superfluous data size prefix
DAW_ADDRSIZE - superfluous address size prefix
DAW_SEGPREFIX - superfluous segment override prefix
DAW_REPPREFIX - superfluous REPxx prefix
DAW_DEFSEG - segment override prefix coincides with default and is therefore unnecessary
DAW_JMP16 - 16-bit jump, call or return, usually won't work in flat 32-bit mode
DAW_FARADDR - far jump or call, unnecessary in flat 32-bit mode
DAW_SEGMOD - command modifies segment register
DAW_PRIV - privileged command
DAW_IO - I/O command
DAW_SHIFT - shift out of range 1..31
DAW_LOCK - command with (valid) LOCK prefix
DAW_STACK - unaligned stack operation
DAW_NOESP - suspicious use of stack pointer
DAW_RARE - rare, seldom used command
DAW_NONCLASS - non-standard or non-documented code
DAW_INTERRUPT - interrupt command

uses
List of general purpose registers used by command, i.e. registers which contents is necessary to calculate result. For example, MOV EAX,[ESI*4+EDX] uses registers EDX and ESI, and ADD EAX,EDX uses EAX and EDX
modifies
List of general purpose registers modified by command. For example, CMP EAX,[EDX] modifies no registers, whereas POP EAX modifies EAX and ESP
condition
Condition in disassembled command, one of the DAF_xxx:
DAF_NONE - command is unconditional, like CMP EAX,ESI
DAF_TRUE - command is conditional, contents of register EFL was passed to Disasm() in parameter cmdreg and condition is met (jump will be taken or data will be moved).
For example, if command is JC xxx and carry flag is set, condition is DAF_TRUE 
DAF_FALSE - command is conditional, contents of register EFL was passed to Disasm() and condition is not met (jump will not be taken and data will not be moved). For example, if command is SETNZ AL and zero flag is set, condition is DAF_FALSE
DAF_ANYCOND - command is conditional but contents of register EFL is unknown
jmpaddr
If command is jump or call and its destination is known or can be calculated, jmpaddr is set to the destination address. Otherwise, it's 0. It may be necessary to supply registers and/or allow memory access by setting flag DA_MEMORY
memconst
If command contains memory address, set to the value of the address constant. Otherwise, it's 0
stackinc
Data size, bytes, specified in commands ENTER, RETN and RETF
op
Descriptions of operands, includes implicit operands (pseudooperands) if flag DA_NOPSEUDO was not specified. See t_operand for details*
dump
Command dump as a zero-terminated UNICODE string, filled only if flag DA_DUMP was set
result
Disassembled command as a zero-terminated UNICODE string, filled only if flag DA_TEXT was set. Format of disassembled command is controlled by multiple global options that are not accessible by plugins
mask
Highlighting mask, byte string containing combinations of flags DRAW_xxx. Filled only if flag DA_TEXT was set and maskvalid is not 0. Each byte specifies colour and other attributes of the corresponding wide character in result
maskvalid
Specifies whether mask contains valid data
comment
Comment that applies to the command as a whole. Zero-terminated UNICODE string, filled only if flag DA_OPCOMM was set. Note that operands (op) may contain their own comments


See also:
t_operand, Disasm(), Comparecommand(), Comparesequence(), Cmdinfo()