x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

DBG: add mod.isexport expression function

This commit is contained in:
Duncan Ogilvie 2019-04-30 15:05:14 +02:00
parent 4c08468c46
commit 2cbafa369d
6 changed files with 35 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/dbg/expressionfunctions.cpp
View File

@ -67,6 +67,7 @@ void ExpressionFunctions::Init()
RegisterEasy("mod.rva", modrva);
RegisterEasy("mod.offset,mod.fileoffset", valvatofileoffset);
RegisterEasy("mod.headerva", modheaderva);
RegisterEasy("mod.isexport", modisexport);
//Process information
RegisterEasy("peb,PEB", peb);

12
src/dbg/exprfunc.cpp
View File

@ -61,6 +61,18 @@ namespace Exprfunc
return 0;
}
duint modisexport(duint addr)
{
SHARED_ACQUIRE(LockModules);
auto info = ModInfoFromAddr(addr);
if(info)
{
duint rva = addr - info->base;
return info->findExport(rva) ? 1 : 0;
}
return 0;
}
static duint selstart(int hWindow)
{
SELECTIONDATA selection;

1
src/dbg/exprfunc.h
View File

@ -12,6 +12,7 @@ namespace Exprfunc
duint moduser(duint addr);
duint modrva(duint addr);
duint modheaderva(duint addr);
duint modisexport(duint addr);
duint disasmsel();
duint dumpsel();

17
src/dbg/module.cpp
View File

@ -679,7 +679,7 @@ void GetModuleInfo(MODINFO & Info, ULONG_PTR FileMapVA)
Info.entrySymbol.name = "OptionalHeader.AddressOfEntryPoint";
Info.entrySymbol.forwarded = false;
Info.entrySymbol.ordinal = 0;
Info.entrySymbol.rva = moduleOEP;
Info.entrySymbol.rva = (DWORD)moduleOEP;
// Enumerate all PE sections
WORD sectionCount = Info.headers->FileHeader.NumberOfSections;
@ -1267,6 +1267,21 @@ void MODINFO::unmapFile()
StaticFileUnloadW(StringUtils::Utf8ToUtf16(path).c_str(), false, fileHandle, loadedSize, fileMap, fileMapVA);
}
const MODEXPORT* MODINFO::findExport(duint rva) const
{
if(exports.size())
{
auto found = std::lower_bound(exportsByRva.begin(), exportsByRva.end(), rva, [this](size_t index, duint rva)
{
return exports.at(index).rva < rva;
});
found = found != exportsByRva.end() && rva >= exports.at(*found).rva ? found : exportsByRva.end();
if(found != exportsByRva.end())
return &exports[*found];
}
return nullptr;
}
void MODIMPORT::convertToGuiSymbol(duint base, SYMBOLINFO* info) const
{
info->addr = base + iatRva;

1
src/dbg/module.h
View File

@ -132,6 +132,7 @@ struct MODINFO
bool loadSymbols();
void unloadSymbols();
void unmapFile();
const MODEXPORT* findExport(duint rva) const;
};
bool ModLoad(duint Base, duint Size, const char* FullPath);

14
src/dbg/symcache.cpp
View File

@ -29,20 +29,14 @@ bool SymbolFromAddressExact(duint address, SymbolInfo & symInfo)
}
// search in module exports
if(modInfo->exports.size())
{
auto found = std::lower_bound(modInfo->exportsByRva.begin(), modInfo->exportsByRva.end(), rva, [&modInfo](size_t index, duint rva)
auto modExport = modInfo->findExport(rva);
if(modExport)
{
return modInfo->exports.at(index).rva < rva;
});
found = found != modInfo->exportsByRva.end() && rva >= modInfo->exports.at(*found).rva ? found : modInfo->exportsByRva.end();
if(found != modInfo->exportsByRva.end())
{
auto & modExport = modInfo->exports.at(*found);
symInfo.rva = modExport.rva;
symInfo.rva = modExport->rva;
symInfo.size = 0;
symInfo.disp = 0;
symInfo.decoratedName = modExport.name;
symInfo.decoratedName = modExport->name;
symInfo.publicSymbol = true;
return true;
}