x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 4 Activity

DBG (ANALYSIS): formatting

This commit is contained in:
Mr. eXoDia 2014-08-27 15:20:53 +02:00
parent 8399a77015
commit 3cb5805d5c
8 changed files with 224 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
x64_dbg_dbg/Analysis/ClientApiResolver.cpp
View File

@ -36,7 +36,8 @@ void ClientApiResolver::see(const Instruction_t Instr, const RegisterEmulator* r
ttDebug("api: opcode is %x \n", (((n->outEdge->end))->instruction.BeaStruct.Instruction.Opcode) & 0xFF); ttDebug("api: opcode is %x \n", (((n->outEdge->end))->instruction.BeaStruct.Instruction.Opcode) & 0xFF);
ttDebug("api: opcode is %x \n", Analysis->graph()->node(n->outEdge->end->vaddr)->instruction.BeaStruct.Instruction.Opcode); ttDebug("api: opcode is %x \n", Analysis->graph()->node(n->outEdge->end->vaddr)->instruction.BeaStruct.Instruction.Opcode);
if(((n->outEdge->end))->instruction.BeaStruct.Instruction.Opcode == 0xFF){ if(((n->outEdge->end))->instruction.BeaStruct.Instruction.Opcode == 0xFF)
{
tDebug("api: --> is API CALL\n", (duint)n->outEdge->end->instruction.BeaStruct.VirtualAddr); tDebug("api: --> is API CALL\n", (duint)n->outEdge->end->instruction.BeaStruct.VirtualAddr);
// there is an api call // there is an api call
//DbgSetAutoCommentAt((duint)Instr.BeaStruct.VirtualAddr, "hi"); //DbgSetAutoCommentAt((duint)Instr.BeaStruct.VirtualAddr, "hi");

3
x64_dbg_dbg/Analysis/ClientFunctionFinder.cpp
View File

@ -45,7 +45,8 @@ void ClientFunctionFinder::see(const Instruction_t Instr, const RegisterEmulator
// there is a branching! // there is a branching!
if(n->outEdge->type == fa::RET) if(n->outEdge->type == fa::RET)
{ {
if((duint) n->outEdge->end->instruction.BeaStruct.Instruction.AddrValue != Analysis->oep()){ if((duint) n->outEdge->end->instruction.BeaStruct.Instruction.AddrValue != Analysis->oep())
{
// internal call // internal call
DbgSetAutoFunctionAt((duint)n->outEdge->end->instruction.BeaStruct.Instruction.AddrValue, (duint)Instr.BeaStruct.VirtualAddr); DbgSetAutoFunctionAt((duint)n->outEdge->end->instruction.BeaStruct.Instruction.AddrValue, (duint)Instr.BeaStruct.VirtualAddr);
tDebug("add function from "fhex" to "fhex"\n", (duint) n->outEdge->end->instruction.BeaStruct.Instruction.AddrValue, (duint)Instr.BeaStruct.VirtualAddr); tDebug("add function from "fhex" to "fhex"\n", (duint) n->outEdge->end->instruction.BeaStruct.Instruction.AddrValue, (duint)Instr.BeaStruct.VirtualAddr);

12
x64_dbg_dbg/Analysis/FlowGraph.cpp
View File

@ -28,10 +28,12 @@ namespace fa
{ {
Node_t* workStart; Node_t* workStart;
Node_t* workEnd; Node_t* workEnd;
if(!contains(nodes,startNode->vaddr)){ if(!contains(nodes, startNode->vaddr))
{
nodes.insert(std::pair<duint, Node_t*>(startNode->vaddr, startNode)); nodes.insert(std::pair<duint, Node_t*>(startNode->vaddr, startNode));
} }
if(!contains(nodes,endNode->vaddr)){ if(!contains(nodes, endNode->vaddr))
{
nodes.insert(std::pair<duint, Node_t*>(endNode->vaddr, endNode)); nodes.insert(std::pair<duint, Node_t*>(endNode->vaddr, endNode));
} }
@ -39,7 +41,8 @@ namespace fa
workEnd = &*(nodes.find(endNode->vaddr)->second); workEnd = &*(nodes.find(endNode->vaddr)->second);
if (startNode->hasInstr && !((nodes.find(startNode->vaddr)->second))->hasInstr){ if(startNode->hasInstr && !((nodes.find(startNode->vaddr)->second))->hasInstr)
{
ttDebug("updating old startnode"); ttDebug("updating old startnode");
workStart->instruction = startNode->instruction; workStart->instruction = startNode->instruction;
} }
@ -119,7 +122,8 @@ namespace fa
void FlowGraph::fillNodes() void FlowGraph::fillNodes()
{ {
for(std::map<duint, Node_t*>::iterator i=nodes.begin();i!=nodes.end();i++){ for(std::map<duint, Node_t*>::iterator i = nodes.begin(); i != nodes.end(); i++)
{
i->second->hasInstr = true; i->second->hasInstr = true;
i->second->instruction.BeaStruct = analysis->instruction_t(i->first).BeaStruct; i->second->instruction.BeaStruct = analysis->instruction_t(i->first).BeaStruct;
if(i->second->instruction.BeaStruct.Instruction.Opcode == 0xFF) if(i->second->instruction.BeaStruct.Instruction.Opcode == 0xFF)