x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

fixed disassembler completed

This commit is contained in:
NtQuery 2014-03-12 22:31:30 +01:00
parent 4abe175c5e
commit e8da7ec7ad
1 changed files with 91 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
TitanEngine/TitanEngine.Disassembler.cpp
View File

@ -5,37 +5,72 @@
static char engineDisassembledInstruction[128]; static char engineDisassembledInstruction[128];
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress)
{
_DecodeResult DecodingResult;
_DecodedInst engineDecodedInstructions[MAX_DECODE_INSTRUCTIONS];
unsigned int DecodedInstructionsCount = 0;
#if !defined(_WIN64) #if !defined(_WIN64)
_DecodeType DecodingType = Decode32Bits; _DecodeType DecodingType = Decode32Bits;
#else #else
_DecodeType DecodingType = Decode64Bits; _DecodeType DecodingType = Decode64Bits;
#endif #endif
MEMORY_BASIC_INFORMATION MemInfo;
DWORD MaxDisassmSize;
VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
long IsBadReadPtrRemote(HANDLE hProcess, const VOID *lp, SIZE_T length)
{
MEMORY_BASIC_INFORMATION MemInfo = {0};
ULONG_PTR section = 0;
if (VirtualQueryEx(hProcess, lp, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)))
{
if(MemInfo.State == MEM_COMMIT) if(MemInfo.State == MEM_COMMIT)
{ {
if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE) SIZE_T res = (SIZE_T)MemInfo.BaseAddress + (SIZE_T)MemInfo.RegionSize - (SIZE_T)lp;
if (res >= length)
{ {
MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1); return length; //good
VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
if(MemInfo.State == MEM_COMMIT)
{
MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
}
} }
else else
{ {
MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; section = ((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize);
do
{
if (VirtualQueryEx(hProcess, (LPVOID)section, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)))
{
if(MemInfo.State == MEM_COMMIT)
{
res += MemInfo.RegionSize;
} }
DecodingResult = distorm_decode((ULONG_PTR)DisassmStart, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, engineDecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount); else
RtlZeroMemory(&engineDisassembledInstruction, 128); {
return res; //this is bad
}
}
section += (ULONG_PTR)MemInfo.RegionSize;
} while (res < length);
return length; //good
}
}
}
return 0;
}
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress)
{
_DecodedInst engineDecodedInstructions[1];
unsigned int DecodedInstructionsCount = 0;
long MaxDisassmSize = IsBadReadPtrRemote(GetCurrentProcess(), DisassmAddress, MAXIMUM_INSTRUCTION_SIZE);
if(MaxDisassmSize)
{
if (distorm_decode((ULONG_PTR)DisassmStart, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR)
{
RtlZeroMemory(engineDisassembledInstruction, sizeof(engineDisassembledInstruction));
lstrcpyA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].mnemonic.p); lstrcpyA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].mnemonic.p);
if(engineDecodedInstructions[0].size != NULL) if(engineDecodedInstructions[0].size != NULL)
{ {
@ -44,10 +79,9 @@ __declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart,
lstrcatA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].operands.p); lstrcatA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].operands.p);
return((char*)engineDisassembledInstruction); return((char*)engineDisassembledInstruction);
} }
else
{
return(NULL);
} }
return 0;
} }
__declspec(dllexport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress) __declspec(dllexport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress)
{ {
@ -55,54 +89,33 @@ __declspec(dllexport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress)
} }
__declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType) __declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType)
{ {
_DecodedInst engineDecodedInstructions[1];
_DecodeResult DecodingResult;
_DecodedInst engineDecodedInstructions[MAX_DECODE_INSTRUCTIONS];
unsigned int DecodedInstructionsCount = 0; unsigned int DecodedInstructionsCount = 0;
#if !defined(_WIN64) BYTE readBuffer[MAXIMUM_INSTRUCTION_SIZE] = {0};
_DecodeType DecodingType = Decode32Bits;
#else
_DecodeType DecodingType = Decode64Bits;
#endif
ULONG_PTR ueNumberOfBytesRead = 0;
DynBuf ueReadBuf;
LPVOID ueReadBuffer = ueReadBuf.Allocate(0x1000);
MEMORY_BASIC_INFORMATION MemInfo;
DWORD MaxDisassmSize;
if(hProcess != NULL) if(hProcess != NULL)
{ {
VirtualQueryEx(hProcess, DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); long MaxDisassmSize = IsBadReadPtrRemote(hProcess,DisassmAddress, sizeof(readBuffer));
if(MemInfo.State == MEM_COMMIT)
if(MaxDisassmSize)
{ {
if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE)
{
MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1);
VirtualQueryEx(hProcess, (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
if(MemInfo.State == MEM_COMMIT)
{
MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
}
}
else
{
MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
}
bool isbp=false; bool isbp=false;
if(IsBPXEnabled((ULONG_PTR)DisassmAddress)) if(IsBPXEnabled((ULONG_PTR)DisassmAddress))
{ {
isbp=true; isbp=true;
DisableBPX((ULONG_PTR)DisassmAddress); DisableBPX((ULONG_PTR)DisassmAddress);
} }
BOOL rpm=ReadProcessMemory(hProcess, (LPVOID)DisassmAddress, ueReadBuffer, MaxDisassmSize, &ueNumberOfBytesRead); BOOL rpm = MemoryReadSafe(hProcess, DisassmAddress, readBuffer, MaxDisassmSize, 0);
if(isbp) if(isbp)
{ {
EnableBPX((ULONG_PTR)DisassmAddress); EnableBPX((ULONG_PTR)DisassmAddress);
} }
if(rpm) if(rpm)
{ {
DecodingResult = distorm_decode((ULONG_PTR)DisassmAddress, (const unsigned char*)ueReadBuffer, MaxDisassmSize, DecodingType, engineDecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount); if (distorm_decode((ULONG_PTR)DisassmAddress, readBuffer, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR)
RtlZeroMemory(&engineDisassembledInstruction, 128); {
RtlZeroMemory(engineDisassembledInstruction, sizeof(engineDisassembledInstruction));
lstrcpyA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].mnemonic.p); lstrcpyA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].mnemonic.p);
if(!ReturnInstructionType) if(!ReturnInstructionType)
{ {
@ -114,20 +127,12 @@ __declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID Disass
} }
return((char*)engineDisassembledInstruction); return((char*)engineDisassembledInstruction);
} }
else
{
return(NULL);
} }
} }
else
{
return(NULL);
}
}
else
{
return(NULL);
} }
return 0;
} }
__declspec(dllexport) void* TITCALL Disassemble(LPVOID DisassmAddress) __declspec(dllexport) void* TITCALL Disassemble(LPVOID DisassmAddress)
{ {
@ -140,21 +145,18 @@ __declspec(dllexport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress
__declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress) __declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress)
{ {
unsigned int DecodedInstructionsCount = 0; unsigned int DecodedInstructionsCount = 0;
#if !defined(_WIN64)
_DecodeType DecodingType = Decode32Bits;
#else
_DecodeType DecodingType = Decode64Bits;
#endif
_CodeInfo decomposerCi = {0}; _CodeInfo decomposerCi = {0};
_DInst decomposerResult[2] = {0}; _DInst decomposerResult[1] = {0};
BYTE readBuffer[20] = {0}; //The maximum length of an Intel 64 and IA-32 instruction remains 15 bytes, but we are generous BYTE readBuffer[MAXIMUM_INSTRUCTION_SIZE] = {0}; //The maximum length of an Intel 64 and IA-32 instruction remains 15 bytes, but we are generous
if(hProcess != NULL) if(hProcess != NULL)
{ {
if (MemoryReadSafe(hProcess, (LPVOID)DisassmAddress, readBuffer, sizeof(readBuffer), 0)) long MaxDisassmSize = IsBadReadPtrRemote(hProcess,DisassmAddress, sizeof(readBuffer));
if (MaxDisassmSize && MemoryReadSafe(hProcess, (LPVOID)DisassmAddress, readBuffer, MaxDisassmSize, 0))
{ {
decomposerCi.code = readBuffer; decomposerCi.code = readBuffer;
decomposerCi.codeLen = sizeof(readBuffer); decomposerCi.codeLen = MaxDisassmSize;
decomposerCi.dt = DecodingType; decomposerCi.dt = DecodingType;
decomposerCi.codeOffset = (LONG_PTR)DisassmAddress; decomposerCi.codeOffset = (LONG_PTR)DisassmAddress;