DBG: fixed a bug with memory caching in log strings
This commit is contained in:
parent
4b29afb980
commit
1eed1efe4a
|
|
@ -369,14 +369,14 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR
|
|||
temp_string.append(StringUtils::Escape((unsigned char)constant));
|
||||
temp_string.push_back('\'');
|
||||
}
|
||||
else if(DbgGetStringAt(instr.arg[i].constant, string_text))
|
||||
else if(disasmgetstringatwrapper(instr.arg[i].constant, string_text))
|
||||
{
|
||||
temp_string.assign(instr.arg[i].mnemonic);
|
||||
temp_string.push_back(':');
|
||||
temp_string.append(string_text);
|
||||
}
|
||||
}
|
||||
else if(instr.arg[i].memvalue && (DbgGetStringAt(instr.arg[i].memvalue, string_text) || _dbg_addrinfoget(instr.arg[i].memvalue, instr.arg[i].segment, &newinfo)))
|
||||
else if(instr.arg[i].memvalue && (disasmgetstringatwrapper(instr.arg[i].memvalue, string_text) || _dbg_addrinfoget(instr.arg[i].memvalue, instr.arg[i].segment, &newinfo)))
|
||||
{
|
||||
if(*string_text)
|
||||
{
|
||||
|
|
@ -395,7 +395,7 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR
|
|||
temp_string.append(newinfo.label);
|
||||
}
|
||||
}
|
||||
else if(instr.arg[i].value && (DbgGetStringAt(instr.arg[i].value, string_text) || _dbg_addrinfoget(instr.arg[i].value, instr.arg[i].segment, &newinfo)))
|
||||
else if(instr.arg[i].value && (disasmgetstringatwrapper(instr.arg[i].value, string_text) || _dbg_addrinfoget(instr.arg[i].value, instr.arg[i].segment, &newinfo)))
|
||||
{
|
||||
if(instr.type != instr_normal) //stack/jumps (eg add esp, 4 or jmp 401110) cannot directly point to strings
|
||||
{
|
||||
|
|
@ -1282,46 +1282,7 @@ extern "C" DLL_EXPORT duint _dbg_sendmessage(DBGMSG type, void* param1, void* pa
|
|||
|
||||
case DBG_GET_STRING_AT:
|
||||
{
|
||||
auto addr = duint(param1);
|
||||
if(!MemIsValidReadPtrUnsafe(addr, true))
|
||||
return false;
|
||||
|
||||
auto readValidPtr = [](duint addr) -> duint
|
||||
{
|
||||
duint addrPtr;
|
||||
if(MemReadUnsafe(addr, &addrPtr, sizeof(addrPtr)) && MemIsValidReadPtrUnsafe(addrPtr, true))
|
||||
return addrPtr;
|
||||
return 0;
|
||||
};
|
||||
|
||||
auto dest = (char*)param2;
|
||||
*dest = '\0';
|
||||
char string[MAX_STRING_SIZE];
|
||||
duint addrPtr = readValidPtr(addr);
|
||||
STRING_TYPE strtype;
|
||||
auto possibleUnicode = disasmispossiblestring(addr, &strtype) && strtype == str_unicode;
|
||||
if(addrPtr && !possibleUnicode)
|
||||
{
|
||||
if(disasmgetstringat(addrPtr, &strtype, string, string, MAX_STRING_SIZE - 5))
|
||||
{
|
||||
if(int(strlen(string)) <= (strtype == str_ascii ? 3 : 2) && readValidPtr(addrPtr))
|
||||
return false;
|
||||
if(strtype == str_ascii)
|
||||
sprintf_s(dest, MAX_STRING_SIZE, "&\"%s\"", string);
|
||||
else //unicode
|
||||
sprintf_s(dest, MAX_STRING_SIZE, "&L\"%s\"", string);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
if(disasmgetstringat(addr, &strtype, string, string, MAX_STRING_SIZE - 4))
|
||||
{
|
||||
if(strtype == str_ascii)
|
||||
sprintf_s(dest, MAX_STRING_SIZE, "\"%s\"", string);
|
||||
else //unicode
|
||||
sprintf_s(dest, MAX_STRING_SIZE, "L\"%s\"", string);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
return disasmgetstringatwrapper(duint(param1), (char*)param2);
|
||||
}
|
||||
break;
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@
|
|||
#include "label.h"
|
||||
#include "yara/yara.h"
|
||||
#include "stringformat.h"
|
||||
#include "disasm_helper.h"
|
||||
|
||||
static int maxFindResults = 5000;
|
||||
|
||||
|
|
@ -485,12 +486,12 @@ static bool cbRefStr(Capstone* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINF
|
|||
};
|
||||
if((basicinfo->type & TYPE_VALUE) == TYPE_VALUE)
|
||||
{
|
||||
if(DbgGetStringAt(basicinfo->value.value, string))
|
||||
if(disasmgetstringatwrapper(basicinfo->value.value, string))
|
||||
addRef();
|
||||
}
|
||||
if((basicinfo->type & TYPE_MEMORY) == TYPE_MEMORY)
|
||||
{
|
||||
if(DbgGetStringAt(basicinfo->memory.value, string))
|
||||
if(disasmgetstringatwrapper(basicinfo->memory.value, string))
|
||||
addRef();
|
||||
}
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -364,6 +364,48 @@ bool disasmgetstringat(duint addr, STRING_TYPE* type, char* ascii, char* unicode
|
|||
return false;
|
||||
}
|
||||
|
||||
bool disasmgetstringatwrapper(duint addr, char* dest, bool cache)
|
||||
{
|
||||
if(!MemIsValidReadPtrUnsafe(addr, cache))
|
||||
return false;
|
||||
|
||||
auto readValidPtr = [cache](duint addr) -> duint
|
||||
{
|
||||
duint addrPtr;
|
||||
if(MemReadUnsafe(addr, &addrPtr, sizeof(addrPtr)) && MemIsValidReadPtrUnsafe(addrPtr, cache))
|
||||
return addrPtr;
|
||||
return 0;
|
||||
};
|
||||
|
||||
*dest = '\0';
|
||||
char string[MAX_STRING_SIZE];
|
||||
duint addrPtr = readValidPtr(addr);
|
||||
STRING_TYPE strtype;
|
||||
auto possibleUnicode = disasmispossiblestring(addr, &strtype) && strtype == str_unicode;
|
||||
if(addrPtr && !possibleUnicode)
|
||||
{
|
||||
if(disasmgetstringat(addrPtr, &strtype, string, string, MAX_STRING_SIZE - 5))
|
||||
{
|
||||
if(int(strlen(string)) <= (strtype == str_ascii ? 3 : 2) && readValidPtr(addrPtr))
|
||||
return false;
|
||||
if(strtype == str_ascii)
|
||||
sprintf_s(dest, MAX_STRING_SIZE, "&\"%s\"", string);
|
||||
else //unicode
|
||||
sprintf_s(dest, MAX_STRING_SIZE, "&L\"%s\"", string);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
if(disasmgetstringat(addr, &strtype, string, string, MAX_STRING_SIZE - 4))
|
||||
{
|
||||
if(strtype == str_ascii)
|
||||
sprintf_s(dest, MAX_STRING_SIZE, "\"%s\"", string);
|
||||
else //unicode
|
||||
sprintf_s(dest, MAX_STRING_SIZE, "L\"%s\"", string);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
int disasmgetsize(duint addr, unsigned char* data)
|
||||
{
|
||||
Capstone cp;
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ void disasmget(unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getr
|
|||
void disasmget(duint addr, DISASM_INSTR* instr, bool getregs = true);
|
||||
bool disasmispossiblestring(duint addr, STRING_TYPE* type = nullptr);
|
||||
bool disasmgetstringat(duint addr, STRING_TYPE* type, char* ascii, char* unicode, int maxlen);
|
||||
bool disasmgetstringatwrapper(duint addr, char* text, bool cache = true);
|
||||
int disasmgetsize(duint addr, unsigned char* data);
|
||||
int disasmgetsize(duint addr);
|
||||
|
||||
|
|
|
|||
|
|
@ -105,7 +105,7 @@ bool stackcommentget(duint addr, STACK_COMMENT* comment)
|
|||
|
||||
//string
|
||||
char string[MAX_STRING_SIZE] = "";
|
||||
if(DbgGetStringAt(data, string))
|
||||
if(disasmgetstringatwrapper(data, string))
|
||||
{
|
||||
strncpy_s(comment->comment, string, _TRUNCATE);
|
||||
return true;
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
#include "symbolinfo.h"
|
||||
#include "module.h"
|
||||
#include "disasm_fast.h"
|
||||
#include "disasm_helper.h"
|
||||
#include "formatfunctions.h"
|
||||
|
||||
enum class ValueType
|
||||
|
|
@ -54,13 +55,13 @@ static String printValue(FormatValueType value, ValueType type)
|
|||
result = StringUtils::sprintf("%p", valuint);
|
||||
break;
|
||||
case ValueType::String:
|
||||
if(DbgGetStringAt(valuint, string))
|
||||
if(disasmgetstringatwrapper(valuint, string, false))
|
||||
result = string;
|
||||
break;
|
||||
case ValueType::AddrInfo:
|
||||
{
|
||||
auto symbolic = SymGetSymbolicName(valuint);
|
||||
if(DbgGetStringAt(valuint, string))
|
||||
if(disasmgetstringatwrapper(valuint, string, false))
|
||||
result = string;
|
||||
else if(symbolic.length())
|
||||
result = symbolic;
|
||||
|
|
|
|||
Loading…
Reference in New Issue