一个快速查看API的汇编和机器码的工具.发布源码

提供一个早年写的一个小工具，一直在用，赶紧很顺手，特推荐给大家。

欢迎垂询。


1，在OD正在跟踪分析某个保护壳的一段code的时候，感觉似曾相识，好像在哪里见过，好像是某个API。----这个时候你就需要用【fosomAPI速查】，快速找到这个API。

2，在用OD手动Hook的时候，jmp长跳之后，用汇编写一个小小的Call的时候，需要用一个API，但是IAT被破坏了。---这个时候，你就需要用【fosomAPI速查】，快速查到API，然后把机器码直接copy到OD里面，就OK了。

3，随便一个Dll，需要查一下EAT，并且看看某个导出函数的汇编，---这个时候，你就需要用【fosomAPI速查】。

4，几个机器码，可以查看对应的汇编。

5，根据Call首地址，快速查找API Name。或者，反之。

API速查.rar.


Code First character after #:
      A: Direct Address.
      C: Reg field in ModRm specifies Control register.
      D: Reg field in ModRm specifies Debug register.
      E: General purpose register or memory address specified in the ModRM byte.
      F: EFlags register
      G: Reg field in ModRM specifies a general register
      H: Signed immidiate data
      I: Imidiate data
      J: Relative jump Offset
      M: memory address spcified in the ModRM byte.
      O: Relative Offset Word or DWord
      P: Reg field in ModRM specifies a MMX register
      Q: MMX register or memory address specified in the ModRM byte.
      R: general purpose register specified in the ModRM byte.
      S: Reg field in ModRM specifies a Segment register
      T: Reg field in ModRM specifies a MMX register
      P: Seg prefix override.

  Second character after #
      a: two Word or two DWord, only used by BOUND
      b: Byte.
      c: Byte or word
      d: DWord
      p: 32 or 16 bit pointer
      q: QWord
      s: 6Byte
      v: Word or DWord
      w: Word
      t: Tera byte

  Third character after #
      j: jump Operand (Relative or absolute)

  First character after @
      e: used by register (@eax, @esp ..) return e with the character following when
         operand size = 4 ortherwise only the following character.
      g: Group, return the group insruction specified by OperandType
         and the reg field of the ModRM byte.
      h: Operand for group, return operands for the group insruction specified
         by OperandType and the reg field of the ModRM byte.
      m: Must have size, Size indicator always set.
      o: Operand size, returns the name (bwdq) of the number following, divided
         by two when operand size <> 4.
      p: Seg prefix override. Sets the prefix to the following charchter + 's'
      s: Size override (address or operand).
         follow by o: operand size override
                   a: address size override

  First character after %
      c: Use the opcode instead in addition to the assembler instruction


今天发布源码。留着也没什么意思。

http://pan.baidu.com/share/link?shareid=3624365833&uk=3895584076