DBG: no idea what happened...
This commit is contained in:
parent
d5c7c6f6a0
commit
2374dbb897
|
|
@ -17,65 +17,65 @@ ControlFlowAnalysis::ControlFlowAnalysis(uint base, uint size, bool exceptionDir
|
|||
memset(modulePath, 0, sizeof(modulePath));
|
||||
|
||||
ModPathFromAddr(_moduleBase, modulePath, ARRAYSIZE(modulePath));
|
||||
|
||||
HANDLE fileHandle;
|
||||
DWORD fileSize;
|
||||
HANDLE fileMapHandle;
|
||||
ULONG_PTR fileMapVa;
|
||||
if(StaticFileLoadW(
|
||||
StringUtils::Utf8ToUtf16(modulePath).c_str(),
|
||||
UE_ACCESS_READ,
|
||||
false,
|
||||
&fileHandle,
|
||||
&fileSize,
|
||||
&fileMapHandle,
|
||||
&fileMapVa))
|
||||
{
|
||||
// Find a pointer to IMAGE_DIRECTORY_ENTRY_EXCEPTION for later use
|
||||
ULONG_PTR virtualOffset = GetPE32DataFromMappedFile(fileMapVa, IMAGE_DIRECTORY_ENTRY_EXCEPTION, UE_SECTIONVIRTUALOFFSET);
|
||||
_functionInfoSize = (uint)GetPE32DataFromMappedFile(fileMapVa, IMAGE_DIRECTORY_ENTRY_EXCEPTION, UE_SECTIONVIRTUALSIZE);
|
||||
|
||||
// Unload the file
|
||||
StaticFileUnloadW(nullptr, false, fileHandle, fileSize, fileMapHandle, fileMapVa);
|
||||
|
||||
// Get a copy of the function table
|
||||
if(virtualOffset)
|
||||
{
|
||||
// Read the table into a buffer
|
||||
_functionInfoData = emalloc(_functionInfoSize);
|
||||
|
||||
if(_functionInfoData)
|
||||
MemRead(virtualOffset + _moduleBase, _functionInfoData, _functionInfoSize);
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif //_WIN64
|
||||
}
|
||||
|
||||
ControlFlowAnalysis::~ControlFlowAnalysis()
|
||||
{
|
||||
if(_functionInfoData)
|
||||
efree(_functionInfoData);
|
||||
}
|
||||
|
||||
void ControlFlowAnalysis::Analyse()
|
||||
{
|
||||
dputs("Starting analysis...");
|
||||
DWORD ticks = GetTickCount();
|
||||
|
||||
BasicBlockStarts();
|
||||
dprintf("Basic block starts in %ums!\n", GetTickCount() - ticks);
|
||||
ticks = GetTickCount();
|
||||
|
||||
BasicBlocks();
|
||||
dprintf("Basic blocks in %ums!\n", GetTickCount() - ticks);
|
||||
ticks = GetTickCount();
|
||||
|
||||
Functions();
|
||||
dprintf("Functions in %ums!\n", GetTickCount() - ticks);
|
||||
|
||||
dprintf("Analysis finished!\n");
|
||||
}
|
||||
|
||||
HANDLE fileHandle;
|
||||
DWORD fileSize;
|
||||
HANDLE fileMapHandle;
|
||||
ULONG_PTR fileMapVa;
|
||||
if(StaticFileLoadW(
|
||||
StringUtils::Utf8ToUtf16(modulePath).c_str(),
|
||||
UE_ACCESS_READ,
|
||||
false,
|
||||
&fileHandle,
|
||||
&fileSize,
|
||||
&fileMapHandle,
|
||||
&fileMapVa))
|
||||
{
|
||||
// Find a pointer to IMAGE_DIRECTORY_ENTRY_EXCEPTION for later use
|
||||
ULONG_PTR virtualOffset = GetPE32DataFromMappedFile(fileMapVa, IMAGE_DIRECTORY_ENTRY_EXCEPTION, UE_SECTIONVIRTUALOFFSET);
|
||||
_functionInfoSize = (uint)GetPE32DataFromMappedFile(fileMapVa, IMAGE_DIRECTORY_ENTRY_EXCEPTION, UE_SECTIONVIRTUALSIZE);
|
||||
|
||||
// Unload the file
|
||||
StaticFileUnloadW(nullptr, false, fileHandle, fileSize, fileMapHandle, fileMapVa);
|
||||
|
||||
// Get a copy of the function table
|
||||
if(virtualOffset)
|
||||
{
|
||||
// Read the table into a buffer
|
||||
_functionInfoData = emalloc(_functionInfoSize);
|
||||
|
||||
if(_functionInfoData)
|
||||
MemRead(virtualOffset + _moduleBase, _functionInfoData, _functionInfoSize);
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif //_WIN64
|
||||
}
|
||||
|
||||
ControlFlowAnalysis::~ControlFlowAnalysis()
|
||||
{
|
||||
if(_functionInfoData)
|
||||
efree(_functionInfoData);
|
||||
}
|
||||
|
||||
void ControlFlowAnalysis::Analyse()
|
||||
{
|
||||
dputs("Starting analysis...");
|
||||
DWORD ticks = GetTickCount();
|
||||
|
||||
BasicBlockStarts();
|
||||
dprintf("Basic block starts in %ums!\n", GetTickCount() - ticks);
|
||||
ticks = GetTickCount();
|
||||
|
||||
BasicBlocks();
|
||||
dprintf("Basic blocks in %ums!\n", GetTickCount() - ticks);
|
||||
ticks = GetTickCount();
|
||||
|
||||
Functions();
|
||||
dprintf("Functions in %ums!\n", GetTickCount() - ticks);
|
||||
|
||||
dprintf("Analysis finished!\n");
|
||||
}
|
||||
|
||||
void ControlFlowAnalysis::SetMarkers()
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue