Remove address from instruction disassembled via dbgeng's DisassembleWide()

Question

I am disassembling instructions by passing their offset to DisassembleWide() function while writing an extension for Windbg. However, with the disassembled instruction, it adds the address of the instruction + hex opcode for that instruction.

I was able to remove the opcode by specifying DEBUG_ASMOPT_NO_CODE_BYTES flag in SetAssemblyOptions(). However I can't seem to get rid of the instruction offset. Neither DEBUG_ASMOPT_DEFAULT | DEBUG_ASMOPT_NO_CODE_BYTES, nor (DEBUG_ASMOPT_DEFAULT | DEBUG_ASMOPT_NO_CODE_BYTES) & ~DEBUG_ASMOPT_VERBOSE seem to work.

Am I missing something? Is there a way I can cleanly remove the offset from the instruction, or will I have to do it the manual way?

score 1 · Accepted Answer · answered Dec 19 '14 at 20:32

no Address will always be printed you have to parse it out yourself if you are on a windbg session you can achieve this with .shell and awk

0:000> .asm no_code_bytes
Assembly options: no_code_bytes
0:000> .shell -ci "u @eip l4" awk "{$1=\"\";print $0}"

 int 3
 ret
 mov edi,edi

 int 3
.shell: Process exited

Remove address from instruction disassembled via dbgeng's DisassembleWide()

1 Answers1