diff --git a/help/PLUG_SETUPSTRUCT.htm b/help/PLUG_SETUPSTRUCT.htm index 1869c0f3..6192199f 100644 --- a/help/PLUG_SETUPSTRUCT.htm +++ b/help/PLUG_SETUPSTRUCT.htm @@ -12,18 +12,24 @@ html,body { } - + + - -

plugsetup
This structure is used by the function that allows the -creation of plugin menu entries:

-

- struct PLUG_SETUPSTRUCT -
{
    //data provided by the debugger to -the plugin. -
    [IN] HWND hwndDlg; //GUI window -handle
    [IN] -int hMenu; //plugin menu -handle
+ + +

plugsetup
This structure is used by the function that allows the +creation of plugin menu entries:

+

+ struct PLUG_SETUPSTRUCT +
{
    //data provided by the debugger to +the plugin. +
    [IN] HWND hwndDlg; //GUI window +handle
    [IN] +int hMenu; //plugin menu +handle
    [IN] int hMenuDisasm; +//plugin disasm menu handle
    [IN] int +hMenuDump; //plugin dump menu handle
    [IN] +int hMenuStack; //plugin stack menu +handle
};

diff --git a/release.bat b/release.bat index daea1b06..a471eae0 100644 --- a/release.bat +++ b/release.bat @@ -31,6 +31,7 @@ copy bin\x32\jansson.dll %RELEASEDIR%\bin_base\x32\jansson.dll copy bin\x32\lz4.dll %RELEASEDIR%\bin_base\x32\lz4.dll copy bin\x32\TitanEngine.dll %RELEASEDIR%\bin_base\x32\TitanEngine.dll copy bin\x32\XEDParse.dll %RELEASEDIR%\bin_base\x32\XEDParse.dll +copy bin\x32\yara.dll %RELEASEDIR%\bin_base\x32\yara.dll copy bin\x64\BeaEngine.dll %RELEASEDIR%\bin_base\x64\BeaEngine.dll copy bin\x64\dbghelp.dll %RELEASEDIR%\bin_base\x64\dbghelp.dll copy bin\x64\symsrv.dll %RELEASEDIR%\bin_base\x64\symsrv.dll @@ -40,6 +41,7 @@ copy bin\x64\jansson.dll %RELEASEDIR%\bin_base\x64\jansson.dll copy bin\x64\lz4.dll %RELEASEDIR%\bin_base\x64\lz4.dll copy bin\x64\TitanEngine.dll %RELEASEDIR%\bin_base\x64\TitanEngine.dll copy bin\x64\XEDParse.dll %RELEASEDIR%\bin_base\x64\XEDParse.dll +copy bin\x64\yara.dll %RELEASEDIR%\bin_base\x64\yara.dll echo help @@ -57,6 +59,8 @@ mkdir %RELEASEDIR%\pluginsdk\jansson mkdir %RELEASEDIR%\pluginsdk\lz4 mkdir %RELEASEDIR%\pluginsdk\TitanEngine mkdir %RELEASEDIR%\pluginsdk\XEDParse +mkdir %RELEASEDIR%\pluginsdk\yara +mkdir %RELEASEDIR%\pluginsdk\yara\yara xcopy x64_dbg_dbg\BeaEngine %RELEASEDIR%\pluginsdk\BeaEngine /S /Y xcopy x64_dbg_dbg\dbghelp %RELEASEDIR%\pluginsdk\dbghelp /S /Y @@ -66,6 +70,7 @@ xcopy x64_dbg_dbg\lz4 %RELEASEDIR%\pluginsdk\lz4 /S /Y xcopy x64_dbg_dbg\TitanEngine %RELEASEDIR%\pluginsdk\TitanEngine /S /Y del %RELEASEDIR%\pluginsdk\TitanEngine\TitanEngine.txt /F /Q xcopy x64_dbg_dbg\XEDParse %RELEASEDIR%\pluginsdk\XEDParse /S /Y +xcopy x64_dbg_dbg\yara %RELEASEDIR%\pluginsdk\yara /S /Y copy x64_dbg_dbg\_plugin_types.h %RELEASEDIR%\pluginsdk\_plugin_types.h copy x64_dbg_dbg\_plugins.h %RELEASEDIR%\pluginsdk\_plugins.h copy x64_dbg_dbg\_dbgfunctions.h %RELEASEDIR%\pluginsdk\_dbgfunctions.h diff --git a/rpm.cpp b/rpm.cpp new file mode 100644 index 00000000..fc354e12 --- /dev/null +++ b/rpm.cpp @@ -0,0 +1,93 @@ +#include +#include +#include + +#define uint size_t +#define PAGE_SIZE 0x1000 + +#ifdef _WIN64 +#define HIGHEST_USER_ADDR 0x7FFFFFEFFFF +#else //x86 +#define HIGHEST_USER_ADDR 0x7FFEFFFF +#endif // _WIN64 + +bool readblock(uint addr, unsigned char block[PAGE_SIZE]) +{ + printf("readblock(%X[%X])\n", addr, PAGE_SIZE); + memset(block, 0xFF, PAGE_SIZE); + return true; +} + +bool memread(uint addr, unsigned char* data, uint size) +{ + //check if the address is inside user space + if(addr > HIGHEST_USER_ADDR) + return false; + + puts("-start-"); + printf(" addr: %X\n size: %X\n", addr, size); + + //calculate the start page + uint start = addr & ~(PAGE_SIZE - 1); + printf(" start: %X\n", start); + + //calculate the end page + uint end = addr + size; + uint x = end & (PAGE_SIZE - 1); + if(x) + end += (PAGE_SIZE - x); + printf(" end: %X\n", end); + + //calculate the number of pages to read + uint npages = (end - start) / PAGE_SIZE; + printf("npages: %d\n\n", npages); + + //go over all pages + for(uint i = 0, j = start; i < npages; i++) + { + //read one page (j should always align with PAGE_SIZE) + unsigned char block[PAGE_SIZE]; + if(!readblock(j, block)) + { + return false; + } + + //these are the offsets and sizes in the block to write to append to the output buffer + uint roffset = 0; + uint rsize = PAGE_SIZE; + + if(i == npages - 1) //last page (first because there might only be one page) + { + rsize = size - (j - start); //remaining size + } + else if(i == 0) //first page + { + roffset = addr & (PAGE_SIZE - 1); + rsize = PAGE_SIZE - roffset; + } + + printf("roffset: %X\n rsize: %X\n", roffset, rsize); + puts(""); + + //copy the required block data in the output buffer + memcpy(data, block + roffset, rsize); + data += rsize; + + j += rsize; + } + + puts("--end--\n"); + return true; +} + +int main() +{ + unsigned char out[0x10000] = {0}; + memread(0x12A45, out, 0x3456); + memread(0x12000, out, 0x456); + memread(0x12000, out, 0x3456); + memread(0x12000, out, 0x4000); + memread(0x12ff0, out, 0x16); + memread(0x100, out, 0x3090); + return 0; +} \ No newline at end of file diff --git a/x64_dbg_bridge/bridgemain.cpp b/x64_dbg_bridge/bridgemain.cpp index 6a1559cf..79c0e56c 100644 --- a/x64_dbg_bridge/bridgemain.cpp +++ b/x64_dbg_bridge/bridgemain.cpp @@ -12,6 +12,7 @@ static HINSTANCE hInst; static wchar_t szIniFile[MAX_PATH] = L""; +static CRITICAL_SECTION csIni; #ifdef _WIN64 #define dbg_lib "x64_dbg.dll" @@ -37,6 +38,9 @@ static wchar_t szIniFile[MAX_PATH] = L""; BRIDGE_IMPEXP const char* BridgeInit() { + //Initialize critial section + InitializeCriticalSection(&csIni); + //Settings load if(!GetModuleFileNameW(0, szIniFile, MAX_PATH)) return "Error getting module path!"; @@ -87,6 +91,7 @@ BRIDGE_IMPEXP const char* BridgeStart() if(!_dbg_dbginit || !_gui_guiinit) return "\"_dbg_dbginit\" || \"_gui_guiinit\" was not loaded yet, call BridgeInit!"; _gui_guiinit(0, 0); //remove arguments + DeleteCriticalSection(&csIni); return 0; } @@ -111,14 +116,20 @@ BRIDGE_IMPEXP bool BridgeSettingGet(const char* section, const char* key, char* { if(!section || !key || !value) return false; + EnterCriticalSection(&csIni); CSimpleIniA inifile(true, false, false); - if(inifile.LoadFile(szIniFile) < 0) - return false; - const char* szValue = inifile.GetValue(section, key); - if(!szValue) - return false; - strcpy_s(value, MAX_SETTING_SIZE, szValue); - return true; + bool success = false; + if(inifile.LoadFile(szIniFile) >= 0) + { + const char* szValue = inifile.GetValue(section, key); + if(szValue) + { + strcpy_s(value, MAX_SETTING_SIZE, szValue); + success = true; + } + } + LeaveCriticalSection(&csIni); + return success; } BRIDGE_IMPEXP bool BridgeSettingGetUint(const char* section, const char* key, duint* value) @@ -140,15 +151,20 @@ BRIDGE_IMPEXP bool BridgeSettingGetUint(const char* section, const char* key, du BRIDGE_IMPEXP bool BridgeSettingSet(const char* section, const char* key, const char* value) { - if(!section) - return false; - CSimpleIniA inifile(true, false, false); - inifile.LoadFile(szIniFile); - if(!key || !value) //delete value/key when 0 - inifile.Delete(section, key, true); - else - inifile.SetValue(section, key, value); - return inifile.SaveFile(szIniFile, false) >= 0; + bool success = false; + if(section) + { + EnterCriticalSection(&csIni); + CSimpleIniA inifile(true, false, false); + inifile.LoadFile(szIniFile); + if(!key || !value) //delete value/key when 0 + inifile.Delete(section, key, true); + else + inifile.SetValue(section, key, value); + success = inifile.SaveFile(szIniFile, false) >= 0; + LeaveCriticalSection(&csIni); + } + return success; } BRIDGE_IMPEXP bool BridgeSettingSetUint(const char* section, const char* key, duint value) @@ -251,7 +267,7 @@ BRIDGE_IMPEXP bool DbgGetLabelAt(duint addr, SEGMENTREG segment, char* text) //( return false; sprintf_s(info.label, "&%s", ptrinfo.label); } - strcpy(text, info.label); + strcpy_s(text, MAX_LABEL_SIZE, info.label); return true; } @@ -262,7 +278,7 @@ BRIDGE_IMPEXP bool DbgSetLabelAt(duint addr, const char* text) ADDRINFO info; memset(&info, 0, sizeof(info)); info.flags = flaglabel; - strcpy(info.label, text); + strcpy_s(info.label, text); if(!_dbg_addrinfoset(addr, &info)) return false; return true; @@ -278,7 +294,7 @@ BRIDGE_IMPEXP bool DbgGetCommentAt(duint addr, char* text) //comment (not live) info.flags = flagcomment; if(!_dbg_addrinfoget(addr, SEG_DEFAULT, &info)) return false; - strcpy(text, info.comment); + strcpy_s(text, MAX_COMMENT_SIZE, info.comment); return true; } @@ -289,7 +305,7 @@ BRIDGE_IMPEXP bool DbgSetCommentAt(duint addr, const char* text) ADDRINFO info; memset(&info, 0, sizeof(info)); info.flags = flagcomment; - strcpy(info.comment, text); + strcpy_s(info.comment, MAX_COMMENT_SIZE, text); if(!_dbg_addrinfoset(addr, &info)) return false; return true; @@ -305,7 +321,7 @@ BRIDGE_IMPEXP bool DbgGetModuleAt(duint addr, char* text) info.flags = flagmodule; if(!_dbg_addrinfoget(addr, SEG_DEFAULT, &info)) return false; - strcpy(text, info.module); + strcpy_s(text, MAX_MODULE_SIZE, info.module); return true; } @@ -1092,4 +1108,3 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) hInst = hinstDLL; return TRUE; } - diff --git a/x64_dbg_bridge/bridgemain.h b/x64_dbg_bridge/bridgemain.h index 09f961f4..c64fe3c1 100644 --- a/x64_dbg_bridge/bridgemain.h +++ b/x64_dbg_bridge/bridgemain.h @@ -37,7 +37,7 @@ extern "C" //Bridge defines #define MAX_SETTING_SIZE 65536 -#define DBG_VERSION 23 +#define DBG_VERSION 24 //Bridge functions BRIDGE_IMPEXP const char* BridgeInit(); @@ -60,6 +60,7 @@ BRIDGE_IMPEXP int BridgeGetDbgVersion(); #define MAX_STRING_SIZE 512 #define MAX_ERROR_SIZE 512 #define RIGHTS_STRING_SIZE (sizeof("ERWCG") + 1) +#define MAX_SECTION_SIZE 10 #define TYPE_VALUE 1 #define TYPE_MEMORY 2 @@ -423,6 +424,18 @@ typedef struct } X87CONTROLWORDFIELDS; +typedef struct DECLSPEC_ALIGN(16) _XMMREGISTER +{ + ULONGLONG Low; + LONGLONG High; +} XMMREGISTER; + +typedef struct +{ + XMMREGISTER Low; //XMM/SSE part + XMMREGISTER High; //AVX part +} YMMREGISTER; + typedef struct { BYTE data[10]; @@ -480,11 +493,11 @@ typedef struct X87FPU x87fpu; DWORD MxCsr; #ifdef _WIN64 - M128A XmmRegisters[16]; - BYTE YmmRegisters[32 * 16]; + XMMREGISTER XmmRegisters[16]; + YMMREGISTER YmmRegisters[16]; #else // x86 - M128A XmmRegisters[8]; - BYTE YmmRegisters[32 * 8]; + XMMREGISTER XmmRegisters[8]; + YMMREGISTER YmmRegisters[8]; #endif } REGISTERCONTEXT; @@ -666,6 +679,9 @@ BRIDGE_IMPEXP bool DbgWinEventGlobal(MSG* message); //Gui defines #define GUI_PLUGIN_MENU 0 +#define GUI_DISASM_MENU 1 +#define GUI_DUMP_MENU 2 +#define GUI_STACK_MENU 3 #define GUI_DISASSEMBLY 0 #define GUI_DUMP 1 diff --git a/x64_dbg_dbg/TitanEngine/TitanEngine.h b/x64_dbg_dbg/TitanEngine/TitanEngine.h index 0576db7c..55d01c2b 100644 --- a/x64_dbg_dbg/TitanEngine/TitanEngine.h +++ b/x64_dbg_dbg/TitanEngine/TitanEngine.h @@ -10,14 +10,6 @@ #include #include -#ifdef __GNUC__ -typedef struct DECLSPEC_ALIGN(16) _M128A -{ - ULONGLONG Low; - LONGLONG High; -} M128A, *PM128A; -#endif //__GNUC__ - #pragma pack(push, 1) // Global.Constant.Structure.Declaration: @@ -594,10 +586,16 @@ typedef struct DWORD OriginalCOMTableSize; } FILE_FIX_INFO, *PFILE_FIX_INFO; +typedef struct DECLSPEC_ALIGN(16) _XmmRegister_t +{ + ULONGLONG Low; + LONGLONG High; +} XmmRegister_t; + typedef struct { - M128A Low; //XMM/SSE part - M128A High; //AVX part + XmmRegister_t Low; //XMM/SSE part + XmmRegister_t High; //AVX part } YmmRegister_t; typedef struct @@ -657,10 +655,10 @@ typedef struct x87FPU_t x87fpu; DWORD MxCsr; #ifdef _WIN64 - M128A XmmRegisters[16]; + XmmRegister_t XmmRegisters[16]; YmmRegister_t YmmRegisters[16]; #else // x86 - M128A XmmRegisters[8]; + XmmRegister_t XmmRegisters[8]; YmmRegister_t YmmRegisters[8]; #endif } TITAN_ENGINE_CONTEXT_t; diff --git a/x64_dbg_dbg/_dbgfunctions.cpp b/x64_dbg_dbg/_dbgfunctions.cpp index 03237fb1..caf8165b 100644 --- a/x64_dbg_dbg/_dbgfunctions.cpp +++ b/x64_dbg_dbg/_dbgfunctions.cpp @@ -14,6 +14,7 @@ #include "disasm_fast.h" #include "stackinfo.h" #include "symbolinfo.h" +#include "module.h" static DBGFUNCTIONS _dbgfunctions; @@ -47,7 +48,7 @@ static bool _sectionfromaddr(duint addr, char* section) { const char* name = (const char*)GetPE32DataFromMappedFile(FileMapVA, sectionNumber, UE_SECTIONNAME); if(section) - strcpy(section, name); + strcpy_s(section, MAX_SECTION_SIZE, name); //maxi StaticFileUnloadW(curModPath, false, FileHandle, LoadedSize, FileMap, FileMapVA); return true; } @@ -138,7 +139,7 @@ static bool _getjit(char* jit, bool jit64) { if(!dbggetjit(jit_tmp, jit64 ? x64 : x32, &dummy, NULL)) return false; - strcpy(jit, jit_tmp); + strcpy_s(jit, MAX_SETTING_SIZE, jit_tmp); } else // if jit input == NULL: it returns false if there are not an OLD JIT STORED. { diff --git a/x64_dbg_dbg/_exports.cpp b/x64_dbg_dbg/_exports.cpp index cb8b0fdc..3ec8a586 100644 --- a/x64_dbg_dbg/_exports.cpp +++ b/x64_dbg_dbg/_exports.cpp @@ -21,6 +21,12 @@ #include "disasm_fast.h" #include "plugin_loader.h" #include "_dbgfunctions.h" +#include "module.h" +#include "comment.h" +#include "label.h" +#include "bookmark.h" +#include "function.h" +#include "loop.h" static bool bOnlyCipAutoComments = false; @@ -107,10 +113,10 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer; pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO); pSymbol->MaxNameLen = MAX_LABEL_SIZE; - if(SymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) and !displacement) + if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) and !displacement) { pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0'; - if(!bUndecorateSymbolNames or !UnDecorateSymbolName(pSymbol->Name, addrinfo->label, MAX_LABEL_SIZE, UNDNAME_COMPLETE)) + if(!bUndecorateSymbolNames or !SafeUnDecorateSymbolName(pSymbol->Name, addrinfo->label, MAX_LABEL_SIZE, UNDNAME_COMPLETE)) strcpy_s(addrinfo->label, pSymbol->Name); retval = true; } @@ -123,10 +129,10 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR uint val = 0; if(memread(fdProcessInfo->hProcess, (const void*)basicinfo.memory.value, &val, sizeof(val), 0)) { - if(SymFromAddr(fdProcessInfo->hProcess, (DWORD64)val, &displacement, pSymbol) and !displacement) + if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)val, &displacement, pSymbol) and !displacement) { pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0'; - if(!bUndecorateSymbolNames or !UnDecorateSymbolName(pSymbol->Name, addrinfo->label, MAX_LABEL_SIZE, UNDNAME_COMPLETE)) + if(!bUndecorateSymbolNames or !SafeUnDecorateSymbolName(pSymbol->Name, addrinfo->label, MAX_LABEL_SIZE, UNDNAME_COMPLETE)) sprintf_s(addrinfo->label, "JMP.&%s", pSymbol->Name); retval = true; } @@ -160,10 +166,10 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR DWORD dwDisplacement; IMAGEHLP_LINE64 line; line.SizeOfStruct = sizeof(IMAGEHLP_LINE64); - if(SymGetLineFromAddr64(fdProcessInfo->hProcess, (DWORD64)addr, &dwDisplacement, &line) and !dwDisplacement) + if(SafeSymGetLineFromAddr64(fdProcessInfo->hProcess, (DWORD64)addr, &dwDisplacement, &line) and !dwDisplacement) { char filename[deflen] = ""; - strcpy(filename, line.FileName); + strcpy_s(filename, line.FileName); int len = (int)strlen(filename); while(filename[len] != '\\' and len != 0) len--; @@ -568,8 +574,8 @@ extern "C" DLL_EXPORT int _dbg_getbplist(BPXTYPE type, BPMAP* bpmap) //TODO: fix this if(memisvalidreadptr(fdProcessInfo->hProcess, curBp.addr)) curBp.active = true; - strcpy(curBp.mod, list[i].mod); - strcpy(curBp.name, list[i].name); + strcpy_s(curBp.mod, list[i].mod); + strcpy_s(curBp.name, list[i].name); curBp.singleshoot = list[i].singleshoot; curBp.slot = slot; if(curBp.active) diff --git a/x64_dbg_dbg/_global.cpp b/x64_dbg_dbg/_global.cpp index ce9375dc..3d650632 100644 --- a/x64_dbg_dbg/_global.cpp +++ b/x64_dbg_dbg/_global.cpp @@ -176,7 +176,7 @@ void formathex(char* string) for(int i = 0, j = 0; i < len; i++) if(isxdigit(string[i])) j += sprintf(new_string + j, "%c", string[i]); - strcpy(string, new_string); + strcpy_s(string, len + 1, new_string); } /** @@ -192,7 +192,7 @@ void formatdec(char* string) for(int i = 0, j = 0; i < len; i++) if(isdigit(string[i])) j += sprintf(new_string + j, "%c", string[i]); - strcpy(string, new_string); + strcpy_s(string, len + 1, new_string); } /** diff --git a/x64_dbg_dbg/_global.h b/x64_dbg_dbg/_global.h index 92f7feed..505bf2a1 100644 --- a/x64_dbg_dbg/_global.h +++ b/x64_dbg_dbg/_global.h @@ -11,23 +11,19 @@ #include #include #include +#include #include #include -#include #include #include #include #include "..\x64_dbg_bridge\bridgemain.h" #include "jansson\jansson.h" +#include "yara\yara.h" #include "DeviceNameResolver\DeviceNameResolver.h" #include "handle.h" #include "stringutils.h" - -#ifdef __GNUC__ -#include "dbghelp\dbghelp.h" -#else -#include -#endif //__GNUC__ +#include "dbghelp_safe.h" #ifndef __GNUC__ #define and && diff --git a/x64_dbg_dbg/_plugins.h b/x64_dbg_dbg/_plugins.h index a09d4637..969086e1 100644 --- a/x64_dbg_dbg/_plugins.h +++ b/x64_dbg_dbg/_plugins.h @@ -41,6 +41,9 @@ typedef struct //provided by the debugger HWND hwndDlg; //gui window handle int hMenu; //plugin menu handle + int hMenuDisasm; //plugin disasm menu handle + int hMenuDump; //plugin dump menu handle + int hMenuStack; //plugin stack menu handle } PLUG_SETUPSTRUCT; //callback structures diff --git a/x64_dbg_dbg/addrinfo.cpp b/x64_dbg_dbg/addrinfo.cpp index fd56bd44..a9760ab0 100644 --- a/x64_dbg_dbg/addrinfo.cpp +++ b/x64_dbg_dbg/addrinfo.cpp @@ -14,18 +14,15 @@ #include "murmurhash.h" #include "lz4\lz4file.h" #include "patches.h" +#include "module.h" +#include "comment.h" +#include "label.h" +#include "bookmark.h" +#include "function.h" +#include "loop.h" -static ModulesInfo modinfo; -static CommentsInfo comments; -static LabelsInfo labels; - -static BookmarksInfo bookmarks; - -static FunctionsInfo functions; - -static LoopsInfo loops; void dbsave() { @@ -55,7 +52,8 @@ void dbsave() return; } fclose(jsonFile); - LZ4_compress_fileW(wdbpath.c_str(), wdbpath.c_str()); + if(!settingboolget("Engine", "DisableCompression")) + LZ4_compress_fileW(wdbpath.c_str(), wdbpath.c_str()); } else //remove database when nothing is in there DeleteFileW(wdbpath.c_str()); @@ -70,8 +68,9 @@ void dbload() dprintf("loading database..."); DWORD ticks = GetTickCount(); WString wdbpath = StringUtils::Utf8ToUtf16(dbpath); + bool compress = !settingboolget("Engine", "DisableCompression"); LZ4_STATUS status = LZ4_decompress_fileW(wdbpath.c_str(), wdbpath.c_str()); - if(status != LZ4_SUCCESS && status != LZ4_INVALID_ARCHIVE) + if(status != LZ4_SUCCESS && status != LZ4_INVALID_ARCHIVE && compress) { dputs("\ninvalid database file!"); return; @@ -84,7 +83,7 @@ void dbload() } JSON root = json_loadf(jsonFile, 0, 0); fclose(jsonFile); - if(status != LZ4_INVALID_ARCHIVE) + if(status != LZ4_INVALID_ARCHIVE && compress) LZ4_compress_fileW(wdbpath.c_str(), wdbpath.c_str()); if(!root) { @@ -104,216 +103,15 @@ void dbload() void dbclose() { dbsave(); - CriticalSectionLocker commentLocker(LockComments); - CommentsInfo().swap(comments); - - CriticalSectionLocker labelLocker(LockLabels); - LabelsInfo().swap(labels); - - CriticalSectionLocker bookmarkLocker(LockBookmarks); - BookmarksInfo().swap(bookmarks); - - CriticalSectionLocker functionLocker(LockFunctions); - FunctionsInfo().swap(functions); - - CriticalSectionLocker loopLocker(LockLoops); - LoopsInfo().swap(loops); - + commentclear(); + labelclear(); + bookmarkclear(); + functionclear(); + loopclear(); bpclear(); patchclear(); } -bool modload(uint base, uint size, const char* fullpath) -{ - if(!base or !size or !fullpath) - return false; - char name[deflen] = ""; - - int len = (int)strlen(fullpath); - while(fullpath[len] != '\\' and len) - len--; - if(len) - len++; - strcpy(name, fullpath + len); - _strlwr(name); - len = (int)strlen(name); - name[MAX_MODULE_SIZE - 1] = 0; //ignore later characters - while(name[len] != '.' and len) - len--; - MODINFO info; - memset(&info, 0, sizeof(MODINFO)); - info.sections.clear(); - info.hash = modhashfromname(name); - if(len) - { - strcpy(info.extension, name + len); - name[len] = 0; //remove extension - } - info.base = base; - info.size = size; - strcpy(info.name, name); - - //process module sections - HANDLE FileHandle; - DWORD LoadedSize; - HANDLE FileMap; - ULONG_PTR FileMapVA; - WString wszFullPath = StringUtils::Utf8ToUtf16(fullpath); - if(StaticFileLoadW(wszFullPath.c_str(), UE_ACCESS_READ, false, &FileHandle, &LoadedSize, &FileMap, &FileMapVA)) - { - info.entry = GetPE32DataFromMappedFile(FileMapVA, 0, UE_OEP) + info.base; //get entry point - int SectionCount = (int)GetPE32DataFromMappedFile(FileMapVA, 0, UE_SECTIONNUMBER); - if(SectionCount > 0) - { - for(int i = 0; i < SectionCount; i++) - { - MODSECTIONINFO curSection; - curSection.addr = GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALOFFSET) + base; - curSection.size = GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALSIZE); - const char* SectionName = (const char*)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONNAME); - //escape section name when needed - int len = (int)strlen(SectionName); - int escape_count = 0; - for(int k = 0; k < len; k++) - if(SectionName[k] == '\\' or SectionName[k] == '\"' or !isprint(SectionName[k])) - escape_count++; - strcpy_s(curSection.name, StringUtils::Escape(SectionName).c_str()); - info.sections.push_back(curSection); - } - } - StaticFileUnloadW(wszFullPath.c_str(), false, FileHandle, LoadedSize, FileMap, FileMapVA); - } - - //add module to list - CriticalSectionLocker locker(LockModules); - modinfo.insert(std::make_pair(Range(base, base + size - 1), info)); - symupdatemodulelist(); - return true; -} - -bool modunload(uint base) -{ - CriticalSectionLocker locker(LockModules); - const ModulesInfo::iterator found = modinfo.find(Range(base, base)); - if(found == modinfo.end()) //not found - return false; - modinfo.erase(found); - symupdatemodulelist(); - return true; -} - -void modclear() -{ - CriticalSectionLocker locker(LockModules); - ModulesInfo().swap(modinfo); - symupdatemodulelist(); -} - -bool modnamefromaddr(uint addr, char* modname, bool extension) -{ - if(!modname) - return false; - *modname = '\0'; - CriticalSectionLocker locker(LockModules); - const ModulesInfo::iterator found = modinfo.find(Range(addr, addr)); - if(found == modinfo.end()) //not found - return false; - String mod = found->second.name; - if(extension) - mod += found->second.extension; - strcpy_s(modname, MAX_MODULE_SIZE, mod.c_str()); - return true; -} - -uint modbasefromaddr(uint addr) -{ - CriticalSectionLocker locker(LockModules); - const ModulesInfo::iterator found = modinfo.find(Range(addr, addr)); - if(found == modinfo.end()) //not found - return 0; - return found->second.base; -} - -uint modhashfromva(uint va) //return a unique hash from a VA -{ - CriticalSectionLocker locker(LockModules); - const ModulesInfo::iterator found = modinfo.find(Range(va, va)); - if(found == modinfo.end()) //not found - return va; - return found->second.hash + (va - found->second.base); -} - -uint modhashfromname(const char* mod) //return MODINFO.hash -{ - if(!mod or !*mod) - return 0; - int len = (int)strlen(mod); - return murmurhash(mod, len); -} - -uint modbasefromname(const char* modname) -{ - if(!modname or strlen(modname) >= MAX_MODULE_SIZE) - return 0; - CriticalSectionLocker locker(LockModules); - for(ModulesInfo::iterator i = modinfo.begin(); i != modinfo.end(); ++i) - { - MODINFO* curMod = &i->second; - char curmodname[MAX_MODULE_SIZE] = ""; - sprintf(curmodname, "%s%s", curMod->name, curMod->extension); - if(!_stricmp(curmodname, modname)) //with extension - return curMod->base; - if(!_stricmp(curMod->name, modname)) //without extension - return curMod->base; - } - return 0; -} - -uint modsizefromaddr(uint addr) -{ - CriticalSectionLocker locker(LockModules); - const ModulesInfo::iterator found = modinfo.find(Range(addr, addr)); - if(found == modinfo.end()) //not found - return 0; - return found->second.size; -} - -bool modsectionsfromaddr(uint addr, std::vector* sections) -{ - CriticalSectionLocker locker(LockModules); - const ModulesInfo::iterator found = modinfo.find(Range(addr, addr)); - if(found == modinfo.end()) //not found - return false; - *sections = found->second.sections; - return true; -} - -uint modentryfromaddr(uint addr) -{ - CriticalSectionLocker locker(LockModules); - const ModulesInfo::iterator found = modinfo.find(Range(addr, addr)); - if(found == modinfo.end()) //not found - return 0; - return found->second.entry; -} - -int modpathfromaddr(duint addr, char* path, int size) -{ - Memory wszModPath(size * sizeof(wchar_t), "modpathfromaddr:wszModPath"); - if(!GetModuleFileNameExW(fdProcessInfo->hProcess, (HMODULE)modbasefromaddr(addr), wszModPath, size)) - { - *path = '\0'; - return 0; - } - strcpy_s(path, size, StringUtils::Utf16ToUtf8(wszModPath()).c_str()); - return (int)strlen(path); -} - -int modpathfromname(const char* modname, char* path, int size) -{ - return modpathfromaddr(modbasefromname(modname), path, size); -} - bool apienumexports(uint base, EXPORTENUMCALLBACK cbEnum) { MEMORY_BASIC_INFORMATION mbi; @@ -385,882 +183,16 @@ bool apienumexports(uint base, EXPORTENUMCALLBACK cbEnum) return true; } -bool commentset(uint addr, const char* text, bool manual) -{ - if(!DbgIsDebugging() or !memisvalidreadptr(fdProcessInfo->hProcess, addr) or !text or text[0] == '\1' or strlen(text) >= MAX_COMMENT_SIZE - 1) - return false; - if(!*text) //NOTE: delete when there is no text - { - commentdel(addr); - return true; - } - COMMENTSINFO comment; - comment.manual = manual; - strcpy(comment.text, text); - modnamefromaddr(addr, comment.mod, true); - comment.addr = addr - modbasefromaddr(addr); - const uint key = modhashfromva(addr); - CriticalSectionLocker locker(LockComments); - if(!comments.insert(std::make_pair(key, comment)).second) //key already present - comments[key] = comment; - return true; -} -bool commentget(uint addr, char* text) -{ - if(!DbgIsDebugging()) - return false; - CriticalSectionLocker locker(LockComments); - const CommentsInfo::iterator found = comments.find(modhashfromva(addr)); - if(found == comments.end()) //not found - return false; - strcpy(text, found->second.text); - return true; -} -bool commentdel(uint addr) -{ - if(!DbgIsDebugging()) - return false; - CriticalSectionLocker locker(LockComments); - return (comments.erase(modhashfromva(addr)) == 1); -} -void commentdelrange(uint start, uint end) -{ - if(!DbgIsDebugging()) - return; - bool bDelAll = (start == 0 && end == ~0); //0x00000000-0xFFFFFFFF - uint modbase = modbasefromaddr(start); - if(modbase != modbasefromaddr(end)) - return; - start -= modbase; - end -= modbase; - CriticalSectionLocker locker(LockComments); - CommentsInfo::iterator i = comments.begin(); - while(i != comments.end()) - { - if(i->second.manual) //ignore manual - { - i++; - continue; - } - if(bDelAll || (i->second.addr >= start && i->second.addr < end)) - comments.erase(i++); - else - i++; - } -} -void commentcachesave(JSON root) -{ - CriticalSectionLocker locker(LockComments); - const JSON jsoncomments = json_array(); - const JSON jsonautocomments = json_array(); - for(CommentsInfo::iterator i = comments.begin(); i != comments.end(); ++i) - { - const COMMENTSINFO curComment = i->second; - JSON curjsoncomment = json_object(); - json_object_set_new(curjsoncomment, "module", json_string(curComment.mod)); - json_object_set_new(curjsoncomment, "address", json_hex(curComment.addr)); - json_object_set_new(curjsoncomment, "text", json_string(curComment.text)); - if(curComment.manual) - json_array_append_new(jsoncomments, curjsoncomment); - else - json_array_append_new(jsonautocomments, curjsoncomment); - } - if(json_array_size(jsoncomments)) - json_object_set(root, "comments", jsoncomments); - json_decref(jsoncomments); - if(json_array_size(jsonautocomments)) - json_object_set(root, "autocomments", jsonautocomments); - json_decref(jsonautocomments); -} -void commentcacheload(JSON root) -{ - CriticalSectionLocker locker(LockComments); - comments.clear(); - const JSON jsoncomments = json_object_get(root, "comments"); - if(jsoncomments) - { - size_t i; - JSON value; - json_array_foreach(jsoncomments, i, value) - { - COMMENTSINFO curComment; - const char* mod = json_string_value(json_object_get(value, "module")); - if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) - strcpy(curComment.mod, mod); - else - *curComment.mod = '\0'; - curComment.addr = (uint)json_hex_value(json_object_get(value, "address")); - curComment.manual = true; - const char* text = json_string_value(json_object_get(value, "text")); - if(text) - strcpy(curComment.text, text); - else - continue; //skip - const uint key = modhashfromname(curComment.mod) + curComment.addr; - comments.insert(std::make_pair(key, curComment)); - } - } - JSON jsonautocomments = json_object_get(root, "autocomments"); - if(jsonautocomments) - { - size_t i; - JSON value; - json_array_foreach(jsonautocomments, i, value) - { - COMMENTSINFO curComment; - const char* mod = json_string_value(json_object_get(value, "module")); - if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) - strcpy(curComment.mod, mod); - else - *curComment.mod = '\0'; - curComment.addr = (uint)json_hex_value(json_object_get(value, "address")); - curComment.manual = false; - const char* text = json_string_value(json_object_get(value, "text")); - if(text) - strcpy_s(curComment.text, text); - else - continue; //skip - const uint key = modhashfromname(curComment.mod) + curComment.addr; - comments.insert(std::make_pair(key, curComment)); - } - } -} -bool commentenum(COMMENTSINFO* commentlist, size_t* cbsize) -{ - if(!DbgIsDebugging()) - return false; - if(!commentlist && !cbsize) - return false; - CriticalSectionLocker locker(LockComments); - if(!commentlist && cbsize) - { - *cbsize = comments.size() * sizeof(COMMENTSINFO); - return true; - } - int j = 0; - for(CommentsInfo::iterator i = comments.begin(); i != comments.end(); ++i, j++) - { - commentlist[j] = i->second; - commentlist[j].addr += modbasefromname(commentlist[j].mod); - } - return true; -} -bool labelset(uint addr, const char* text, bool manual) -{ - if(!DbgIsDebugging() or !memisvalidreadptr(fdProcessInfo->hProcess, addr) or !text or strlen(text) >= MAX_LABEL_SIZE - 1 or strstr(text, "&")) - return false; - if(!*text) //NOTE: delete when there is no text - { - labeldel(addr); - return true; - } - LABELSINFO label; - label.manual = manual; - strcpy(label.text, text); - modnamefromaddr(addr, label.mod, true); - label.addr = addr - modbasefromaddr(addr); - uint key = modhashfromva(addr); - CriticalSectionLocker locker(LockLabels); - if(!labels.insert(std::make_pair(modhashfromva(key), label)).second) //already present - labels[key] = label; - return true; -} -bool labelfromstring(const char* text, uint* addr) -{ - if(!DbgIsDebugging()) - return false; - CriticalSectionLocker locker(LockLabels); - for(LabelsInfo::iterator i = labels.begin(); i != labels.end(); ++i) - { - if(!strcmp(i->second.text, text)) - { - if(addr) - *addr = i->second.addr + modbasefromname(i->second.mod); - return true; - } - } - return false; -} -bool labelget(uint addr, char* text) -{ - if(!DbgIsDebugging()) - return false; - CriticalSectionLocker locker(LockLabels); - const LabelsInfo::iterator found = labels.find(modhashfromva(addr)); - if(found == labels.end()) //not found - return false; - if(text) - strcpy(text, found->second.text); - return true; -} -bool labeldel(uint addr) -{ - if(!DbgIsDebugging()) - return false; - CriticalSectionLocker locker(LockLabels); - return (labels.erase(modhashfromva(addr)) > 0); -} - -void labeldelrange(uint start, uint end) -{ - if(!DbgIsDebugging()) - return; - bool bDelAll = (start == 0 && end == ~0); //0x00000000-0xFFFFFFFF - uint modbase = modbasefromaddr(start); - if(modbase != modbasefromaddr(end)) - return; - start -= modbase; - end -= modbase; - CriticalSectionLocker locker(LockLabels); - LabelsInfo::iterator i = labels.begin(); - while(i != labels.end()) - { - if(i->second.manual) //ignore manual - { - i++; - continue; - } - if(bDelAll || (i->second.addr >= start && i->second.addr < end)) - labels.erase(i++); - else - i++; - } -} - -void labelcachesave(JSON root) -{ - CriticalSectionLocker locker(LockLabels); - const JSON jsonlabels = json_array(); - const JSON jsonautolabels = json_array(); - for(LabelsInfo::iterator i = labels.begin(); i != labels.end(); ++i) - { - const LABELSINFO curLabel = i->second; - JSON curjsonlabel = json_object(); - json_object_set_new(curjsonlabel, "module", json_string(curLabel.mod)); - json_object_set_new(curjsonlabel, "address", json_hex(curLabel.addr)); - json_object_set_new(curjsonlabel, "text", json_string(curLabel.text)); - if(curLabel.manual) - json_array_append_new(jsonlabels, curjsonlabel); - else - json_array_append_new(jsonautolabels, curjsonlabel); - } - if(json_array_size(jsonlabels)) - json_object_set(root, "labels", jsonlabels); - json_decref(jsonlabels); - if(json_array_size(jsonautolabels)) - json_object_set(root, "autolabels", jsonautolabels); - json_decref(jsonautolabels); -} - -void labelcacheload(JSON root) -{ - CriticalSectionLocker locker(LockLabels); - labels.clear(); - const JSON jsonlabels = json_object_get(root, "labels"); - if(jsonlabels) - { - size_t i; - JSON value; - - json_array_foreach(jsonlabels, i, value) - { - LABELSINFO curLabel; - const char* mod = json_string_value(json_object_get(value, "module")); - if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) - strcpy(curLabel.mod, mod); - else - *curLabel.mod = '\0'; - curLabel.addr = (uint)json_hex_value(json_object_get(value, "address")); - curLabel.manual = true; - const char* text = json_string_value(json_object_get(value, "text")); - if(text) - strcpy(curLabel.text, text); - else - continue; //skip - int len = (int)strlen(curLabel.text); - for(int i = 0; i < len; i++) - if(curLabel.text[i] == '&') - curLabel.text[i] = ' '; - const uint key = modhashfromname(curLabel.mod) + curLabel.addr; - labels.insert(std::make_pair(key, curLabel)); - } - } - - JSON jsonautolabels = json_object_get(root, "autolabels"); - if(jsonautolabels) - { - size_t i; - JSON value; - - json_array_foreach(jsonautolabels, i, value) - { - LABELSINFO curLabel; - const char* mod = json_string_value(json_object_get(value, "module")); - if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) - strcpy(curLabel.mod, mod); - else - *curLabel.mod = '\0'; - curLabel.addr = (uint)json_hex_value(json_object_get(value, "address")); - curLabel.manual = false; - const char* text = json_string_value(json_object_get(value, "text")); - if(text) - strcpy_s(curLabel.text, text); - else - continue; //skip - const uint key = modhashfromname(curLabel.mod) + curLabel.addr; - labels.insert(std::make_pair(key, curLabel)); - } - } -} - -bool labelenum(LABELSINFO* labellist, size_t* cbsize) -{ - if(!DbgIsDebugging()) - return false; - if(!labellist && !cbsize) - return false; - CriticalSectionLocker locker(LockLabels); - if(!labellist && cbsize) - { - *cbsize = labels.size() * sizeof(LABELSINFO); - return true; - } - int j = 0; - for(LabelsInfo::iterator i = labels.begin(); i != labels.end(); ++i, j++) - { - labellist[j] = i->second; - labellist[j].addr += modbasefromname(labellist[j].mod); - } - return true; -} - -bool bookmarkset(uint addr, bool manual) -{ - if(!DbgIsDebugging() or !memisvalidreadptr(fdProcessInfo->hProcess, addr)) - return false; - BOOKMARKSINFO bookmark; - modnamefromaddr(addr, bookmark.mod, true); - bookmark.addr = addr - modbasefromaddr(addr); - bookmark.manual = manual; - CriticalSectionLocker locker(LockBookmarks); - if(!bookmarks.insert(std::make_pair(modhashfromva(addr), bookmark)).second) - return bookmarkdel(addr); - return true; -} - -bool bookmarkget(uint addr) -{ - if(!DbgIsDebugging()) - return false; - CriticalSectionLocker locker(LockBookmarks); - if(bookmarks.count(modhashfromva(addr))) - return true; - return false; -} - -bool bookmarkdel(uint addr) -{ - if(!DbgIsDebugging()) - return false; - CriticalSectionLocker locker(LockBookmarks); - return (bookmarks.erase(modhashfromva(addr)) > 0); -} - -void bookmarkdelrange(uint start, uint end) -{ - if(!DbgIsDebugging()) - return; - bool bDelAll = (start == 0 && end == ~0); //0x00000000-0xFFFFFFFF - uint modbase = modbasefromaddr(start); - if(modbase != modbasefromaddr(end)) - return; - start -= modbase; - end -= modbase; - CriticalSectionLocker locker(LockBookmarks); - BookmarksInfo::iterator i = bookmarks.begin(); - while(i != bookmarks.end()) - { - if(i->second.manual) //ignore manual - { - i++; - continue; - } - if(bDelAll || (i->second.addr >= start && i->second.addr < end)) - bookmarks.erase(i++); - else - i++; - } -} - -void bookmarkcachesave(JSON root) -{ - CriticalSectionLocker locker(LockBookmarks); - const JSON jsonbookmarks = json_array(); - const JSON jsonautobookmarks = json_array(); - for(BookmarksInfo::iterator i = bookmarks.begin(); i != bookmarks.end(); ++i) - { - const BOOKMARKSINFO curBookmark = i->second; - JSON curjsonbookmark = json_object(); - json_object_set_new(curjsonbookmark, "module", json_string(curBookmark.mod)); - json_object_set_new(curjsonbookmark, "address", json_hex(curBookmark.addr)); - if(curBookmark.manual) - json_array_append_new(jsonbookmarks, curjsonbookmark); - else - json_array_append_new(jsonautobookmarks, curjsonbookmark); - } - if(json_array_size(jsonbookmarks)) - json_object_set(root, "bookmarks", jsonbookmarks); - json_decref(jsonbookmarks); - if(json_array_size(jsonautobookmarks)) - json_object_set(root, "autobookmarks", jsonautobookmarks); - json_decref(jsonautobookmarks); -} - -void bookmarkcacheload(JSON root) -{ - CriticalSectionLocker locker(LockBookmarks); - bookmarks.clear(); - const JSON jsonbookmarks = json_object_get(root, "bookmarks"); - if(jsonbookmarks) - { - size_t i; - JSON value; - - json_array_foreach(jsonbookmarks, i, value) - { - BOOKMARKSINFO curBookmark; - const char* mod = json_string_value(json_object_get(value, "module")); - if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) - strcpy(curBookmark.mod, mod); - else - *curBookmark.mod = '\0'; - curBookmark.addr = (uint)json_hex_value(json_object_get(value, "address")); - curBookmark.manual = true; - const uint key = modhashfromname(curBookmark.mod) + curBookmark.addr; - bookmarks.insert(std::make_pair(key, curBookmark)); - } - } - - JSON jsonautobookmarks = json_object_get(root, "autobookmarks"); - if(jsonautobookmarks) - { - size_t i; - JSON value; - - json_array_foreach(jsonautobookmarks, i, value) - { - BOOKMARKSINFO curBookmark; - const char* mod = json_string_value(json_object_get(value, "module")); - if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) - strcpy(curBookmark.mod, mod); - else - *curBookmark.mod = '\0'; - curBookmark.addr = (uint)json_hex_value(json_object_get(value, "address")); - curBookmark.manual = false; - const uint key = modhashfromname(curBookmark.mod) + curBookmark.addr; - bookmarks.insert(std::make_pair(key, curBookmark)); - } - } -} - -bool bookmarkenum(BOOKMARKSINFO* bookmarklist, size_t* cbsize) -{ - if(!DbgIsDebugging()) - return false; - if(!bookmarklist && !cbsize) - return false; - CriticalSectionLocker locker(LockBookmarks); - if(!bookmarklist && cbsize) - { - *cbsize = bookmarks.size() * sizeof(BOOKMARKSINFO); - return true; - } - int j = 0; - for(BookmarksInfo::iterator i = bookmarks.begin(); i != bookmarks.end(); ++i, j++) - { - bookmarklist[j] = i->second; - bookmarklist[j].addr += modbasefromname(bookmarklist[j].mod); - } - return true; -} - -bool functionadd(uint start, uint end, bool manual) -{ - if(!DbgIsDebugging() or end < start or !memisvalidreadptr(fdProcessInfo->hProcess, start)) - return false; - const uint modbase = modbasefromaddr(start); - if(modbase != modbasefromaddr(end)) //the function boundaries are not in the same module - return false; - if(functionoverlaps(start, end)) - return false; - FUNCTIONSINFO function; - modnamefromaddr(start, function.mod, true); - function.start = start - modbase; - function.end = end - modbase; - function.manual = manual; - CriticalSectionLocker locker(LockFunctions); - functions.insert(std::make_pair(ModuleRange(modhashfromva(modbase), Range(function.start, function.end)), function)); - return true; -} - -bool functionget(uint addr, uint* start, uint* end) -{ - if(!DbgIsDebugging()) - return false; - uint modbase = modbasefromaddr(addr); - CriticalSectionLocker locker(LockFunctions); - const FunctionsInfo::iterator found = functions.find(ModuleRange(modhashfromva(modbase), Range(addr - modbase, addr - modbase))); - if(found == functions.end()) //not found - return false; - if(start) - *start = found->second.start + modbase; - if(end) - *end = found->second.end + modbase; - return true; -} - -bool functionoverlaps(uint start, uint end) -{ - if(!DbgIsDebugging() or end < start) - return false; - const uint modbase = modbasefromaddr(start); - CriticalSectionLocker locker(LockFunctions); - return (functions.count(ModuleRange(modhashfromva(modbase), Range(start - modbase, end - modbase))) > 0); -} - -bool functiondel(uint addr) -{ - if(!DbgIsDebugging()) - return false; - const uint modbase = modbasefromaddr(addr); - CriticalSectionLocker locker(LockFunctions); - return (functions.erase(ModuleRange(modhashfromva(modbase), Range(addr - modbase, addr - modbase))) > 0); -} - -void functiondelrange(uint start, uint end) -{ - if(!DbgIsDebugging()) - return; - bool bDelAll = (start == 0 && end == ~0); //0x00000000-0xFFFFFFFF - uint modbase = modbasefromaddr(start); - if(modbase != modbasefromaddr(end)) - return; - start -= modbase; - end -= modbase; - CriticalSectionLocker locker(LockFunctions); - FunctionsInfo::iterator i = functions.begin(); - while(i != functions.end()) - { - if(i->second.manual) //ignore manual - { - i++; - continue; - } - if(bDelAll or !(i->second.start <= end and i->second.end >= start)) - functions.erase(i++); - else - i++; - } -} - -void functioncachesave(JSON root) -{ - CriticalSectionLocker locker(LockFunctions); - const JSON jsonfunctions = json_array(); - const JSON jsonautofunctions = json_array(); - for(FunctionsInfo::iterator i = functions.begin(); i != functions.end(); ++i) - { - const FUNCTIONSINFO curFunction = i->second; - JSON curjsonfunction = json_object(); - json_object_set_new(curjsonfunction, "module", json_string(curFunction.mod)); - json_object_set_new(curjsonfunction, "start", json_hex(curFunction.start)); - json_object_set_new(curjsonfunction, "end", json_hex(curFunction.end)); - if(curFunction.manual) - json_array_append_new(jsonfunctions, curjsonfunction); - else - json_array_append_new(jsonautofunctions, curjsonfunction); - } - if(json_array_size(jsonfunctions)) - json_object_set(root, "functions", jsonfunctions); - json_decref(jsonfunctions); - if(json_array_size(jsonautofunctions)) - json_object_set(root, "autofunctions", jsonautofunctions); - json_decref(jsonautofunctions); -} - -void functioncacheload(JSON root) -{ - CriticalSectionLocker locker(LockFunctions); - functions.clear(); - const JSON jsonfunctions = json_object_get(root, "functions"); - if(jsonfunctions) - { - size_t i; - JSON value; - - json_array_foreach(jsonfunctions, i, value) - { - FUNCTIONSINFO curFunction; - const char* mod = json_string_value(json_object_get(value, "module")); - if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) - strcpy(curFunction.mod, mod); - else - *curFunction.mod = '\0'; - curFunction.start = (uint)json_hex_value(json_object_get(value, "start")); - curFunction.end = (uint)json_hex_value(json_object_get(value, "end")); - if(curFunction.end < curFunction.start) - continue; //invalid function - curFunction.manual = true; - const uint key = modhashfromname(curFunction.mod); - functions.insert(std::make_pair(ModuleRange(modhashfromname(curFunction.mod), Range(curFunction.start, curFunction.end)), curFunction)); - } - } - - JSON jsonautofunctions = json_object_get(root, "autofunctions"); - if(jsonautofunctions) - { - size_t i; - JSON value; - - json_array_foreach(jsonautofunctions, i, value) - { - FUNCTIONSINFO curFunction; - const char* mod = json_string_value(json_object_get(value, "module")); - if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) - strcpy(curFunction.mod, mod); - else - *curFunction.mod = '\0'; - curFunction.start = (uint)json_hex_value(json_object_get(value, "start")); - curFunction.end = (uint)json_hex_value(json_object_get(value, "end")); - if(curFunction.end < curFunction.start) - continue; //invalid function - curFunction.manual = true; - const uint key = modhashfromname(curFunction.mod); - functions.insert(std::make_pair(ModuleRange(modhashfromname(curFunction.mod), Range(curFunction.start, curFunction.end)), curFunction)); - } - } -} - -bool functionenum(FUNCTIONSINFO* functionlist, size_t* cbsize) -{ - if(!DbgIsDebugging()) - return false; - if(!functionlist && !cbsize) - return false; - CriticalSectionLocker locker(LockFunctions); - if(!functionlist && cbsize) - { - *cbsize = functions.size() * sizeof(FUNCTIONSINFO); - return true; - } - int j = 0; - for(FunctionsInfo::iterator i = functions.begin(); i != functions.end(); ++i, j++) - { - functionlist[j] = i->second; - uint modbase = modbasefromname(functionlist[j].mod); - functionlist[j].start += modbase; - functionlist[j].end += modbase; - } - return true; -} - -bool loopadd(uint start, uint end, bool manual) -{ - if(!DbgIsDebugging() or end < start or !memisvalidreadptr(fdProcessInfo->hProcess, start)) - return false; - const uint modbase = modbasefromaddr(start); - if(modbase != modbasefromaddr(end)) //the function boundaries are not in the same mem page - return false; - int finaldepth; - if(loopoverlaps(0, start, end, &finaldepth)) //loop cannot overlap another loop - return false; - LOOPSINFO loop; - modnamefromaddr(start, loop.mod, true); - loop.start = start - modbase; - loop.end = end - modbase; - loop.depth = finaldepth; - if(finaldepth) - loopget(finaldepth - 1, start, &loop.parent, 0); - else - loop.parent = 0; - loop.manual = manual; - CriticalSectionLocker locker(LockLoops); - loops.insert(std::make_pair(DepthModuleRange(finaldepth, ModuleRange(modhashfromva(modbase), Range(loop.start, loop.end))), loop)); - return true; -} - -bool loopget(int depth, uint addr, uint* start, uint* end) -{ - if(!DbgIsDebugging()) - return false; - const uint modbase = modbasefromaddr(addr); - CriticalSectionLocker locker(LockLoops); - LoopsInfo::iterator found = loops.find(DepthModuleRange(depth, ModuleRange(modhashfromva(modbase), Range(addr - modbase, addr - modbase)))); - if(found == loops.end()) //not found - return false; - if(start) - *start = found->second.start + modbase; - if(end) - *end = found->second.end + modbase; - return true; -} - -bool loopoverlaps(int depth, uint start, uint end, int* finaldepth) -{ - if(!DbgIsDebugging()) - return false; - - const uint modbase = modbasefromaddr(start); - uint curStart = start - modbase; - uint curEnd = end - modbase; - const uint key = modhashfromva(modbase); - - CriticalSectionLocker locker(LockLoops); - - //check if the new loop fits in the old loop - for(LoopsInfo::iterator i = loops.begin(); i != loops.end(); ++i) - { - if(i->first.second.first != key) //only look in the current module - continue; - LOOPSINFO* curLoop = &i->second; - if(curLoop->start < curStart and curLoop->end > curEnd and curLoop->depth == depth) - return loopoverlaps(depth + 1, curStart, curEnd, finaldepth); - } - - if(finaldepth) - *finaldepth = depth; - - //check for loop overlaps - for(LoopsInfo::iterator i = loops.begin(); i != loops.end(); ++i) - { - if(i->first.second.first != key) //only look in the current module - continue; - LOOPSINFO* curLoop = &i->second; - if(curLoop->start <= curEnd and curLoop->end >= curStart and curLoop->depth == depth) - return true; - } - return false; -} - -bool loopdel(int depth, uint addr) -{ - return false; -} - -void loopcachesave(JSON root) -{ - CriticalSectionLocker locker(LockLoops); - const JSON jsonloops = json_array(); - const JSON jsonautoloops = json_array(); - for(LoopsInfo::iterator i = loops.begin(); i != loops.end(); ++i) - { - const LOOPSINFO curLoop = i->second; - JSON curjsonloop = json_object(); - json_object_set_new(curjsonloop, "module", json_string(curLoop.mod)); - json_object_set_new(curjsonloop, "start", json_hex(curLoop.start)); - json_object_set_new(curjsonloop, "end", json_hex(curLoop.end)); - json_object_set_new(curjsonloop, "depth", json_integer(curLoop.depth)); - json_object_set_new(curjsonloop, "parent", json_hex(curLoop.parent)); - if(curLoop.manual) - json_array_append_new(jsonloops, curjsonloop); - else - json_array_append_new(jsonautoloops, curjsonloop); - } - if(json_array_size(jsonloops)) - json_object_set(root, "loops", jsonloops); - json_decref(jsonloops); - if(json_array_size(jsonautoloops)) - json_object_set(root, "autoloops", jsonautoloops); - json_decref(jsonautoloops); -} - -void loopcacheload(JSON root) -{ - CriticalSectionLocker locker(LockLoops); - loops.clear(); - const JSON jsonloops = json_object_get(root, "loops"); - if(jsonloops) - { - size_t i; - JSON value; - - json_array_foreach(jsonloops, i, value) - { - LOOPSINFO curLoop; - const char* mod = json_string_value(json_object_get(value, "module")); - if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) - strcpy(curLoop.mod, mod); - else - *curLoop.mod = '\0'; - curLoop.start = (uint)json_hex_value(json_object_get(value, "start")); - curLoop.end = (uint)json_hex_value(json_object_get(value, "end")); - curLoop.depth = (int)json_integer_value(json_object_get(value, "depth")); - curLoop.parent = (uint)json_hex_value(json_object_get(value, "parent")); - if(curLoop.end < curLoop.start) - continue; //invalid loop - curLoop.manual = true; - loops.insert(std::make_pair(DepthModuleRange(curLoop.depth, ModuleRange(modhashfromname(curLoop.mod), Range(curLoop.start, curLoop.end))), curLoop)); - } - } - - JSON jsonautoloops = json_object_get(root, "autoloops"); - if(jsonautoloops) - { - size_t i; - JSON value; - - json_array_foreach(jsonautoloops, i, value) - { - LOOPSINFO curLoop; - const char* mod = json_string_value(json_object_get(value, "module")); - if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) - strcpy(curLoop.mod, mod); - else - *curLoop.mod = '\0'; - curLoop.start = (uint)json_hex_value(json_object_get(value, "start")); - curLoop.end = (uint)json_hex_value(json_object_get(value, "end")); - curLoop.depth = (int)json_integer_value(json_object_get(value, "depth")); - curLoop.parent = (uint)json_hex_value(json_object_get(value, "parent")); - if(curLoop.end < curLoop.start) - continue; //invalid loop - curLoop.manual = false; - loops.insert(std::make_pair(DepthModuleRange(curLoop.depth, ModuleRange(modhashfromname(curLoop.mod), Range(curLoop.start, curLoop.end))), curLoop)); - } - } -} - -bool loopenum(LOOPSINFO* looplist, size_t* cbsize) -{ - if(!DbgIsDebugging()) - return false; - if(!looplist && !cbsize) - return false; - CriticalSectionLocker locker(LockLoops); - if(!looplist && cbsize) - { - *cbsize = loops.size() * sizeof(LOOPSINFO); - return true; - } - int j = 0; - for(LoopsInfo::iterator i = loops.begin(); i != loops.end(); ++i, j++) - { - looplist[j] = i->second; - uint modbase = modbasefromname(looplist[j].mod); - looplist[j].start += modbase; - looplist[j].end += modbase; - } - return true; -} \ No newline at end of file diff --git a/x64_dbg_dbg/addrinfo.h b/x64_dbg_dbg/addrinfo.h index 11599fd2..5d3f1e18 100644 --- a/x64_dbg_dbg/addrinfo.h +++ b/x64_dbg_dbg/addrinfo.h @@ -52,72 +52,6 @@ struct DepthModuleRangeCompare } }; -//structures -struct MODSECTIONINFO -{ - uint addr; //va - uint size; //virtual size - char name[50]; -}; - -struct MODINFO -{ - uint base; //module base - uint size; //module size - uint hash; //full module name hash - uint entry; //entry point - char name[MAX_MODULE_SIZE]; //module name (without extension) - char extension[MAX_MODULE_SIZE]; //file extension - std::vector sections; -}; -typedef std::map ModulesInfo; - -struct COMMENTSINFO -{ - char mod[MAX_MODULE_SIZE]; - uint addr; - char text[MAX_COMMENT_SIZE]; - bool manual; -}; -typedef std::map CommentsInfo; - -struct LABELSINFO -{ - char mod[MAX_MODULE_SIZE]; - uint addr; - char text[MAX_LABEL_SIZE]; - bool manual; -}; -typedef std::map LabelsInfo; - -struct BOOKMARKSINFO -{ - char mod[MAX_MODULE_SIZE]; - uint addr; - bool manual; -}; -typedef std::map BookmarksInfo; - -struct FUNCTIONSINFO -{ - char mod[MAX_MODULE_SIZE]; - uint start; - uint end; - bool manual; -}; -typedef std::map FunctionsInfo; - -struct LOOPSINFO -{ - char mod[MAX_MODULE_SIZE]; - uint start; - uint end; - uint parent; - int depth; - bool manual; -}; -typedef std::map LoopsInfo; - //typedefs typedef void (*EXPORTENUMCALLBACK)(uint base, const char* mod, const char* name, uint addr); @@ -125,62 +59,6 @@ void dbsave(); void dbload(); void dbclose(); -bool modload(uint base, uint size, const char* fullpath); -bool modunload(uint base); -void modclear(); -bool modnamefromaddr(uint addr, char* modname, bool extension); -uint modbasefromaddr(uint addr); -uint modhashfromva(uint va); -uint modhashfromname(const char* mod); -uint modbasefromname(const char* modname); -uint modsizefromaddr(uint addr); -bool modsectionsfromaddr(uint addr, std::vector* sections); -uint modentryfromaddr(uint addr); -int modpathfromaddr(duint addr, char* path, int size); -int modpathfromname(const char* modname, char* path, int size); - bool apienumexports(uint base, EXPORTENUMCALLBACK cbEnum); -bool commentset(uint addr, const char* text, bool manual); -bool commentget(uint addr, char* text); -bool commentdel(uint addr); -void commentdelrange(uint start, uint end); -void commentcachesave(JSON root); -void commentcacheload(JSON root); -bool commentenum(COMMENTSINFO* commentlist, size_t* cbsize); - -bool labelset(uint addr, const char* text, bool manual); -bool labelfromstring(const char* text, uint* addr); -bool labelget(uint addr, char* text); -bool labeldel(uint addr); -void labeldelrange(uint start, uint end); -void labelcachesave(JSON root); -void labelcacheload(JSON root); -bool labelenum(LABELSINFO* labellist, size_t* cbsize); - -bool bookmarkset(uint addr, bool manual); -bool bookmarkget(uint addr); -bool bookmarkdel(uint addr); -void bookmarkdelrange(uint start, uint end); -void bookmarkcachesave(JSON root); -void bookmarkcacheload(JSON root); -bool bookmarkenum(BOOKMARKSINFO* bookmarklist, size_t* cbsize); - -bool functionadd(uint start, uint end, bool manual); -bool functionget(uint addr, uint* start, uint* end); -bool functionoverlaps(uint start, uint end); -bool functiondel(uint addr); -void functiondelrange(uint start, uint end); -void functioncachesave(JSON root); -void functioncacheload(JSON root); -bool functionenum(FUNCTIONSINFO* functionlist, size_t* cbsize); - -bool loopadd(uint start, uint end, bool manual); -bool loopget(int depth, uint addr, uint* start, uint* end); -bool loopoverlaps(int depth, uint start, uint end, int* finaldepth); -bool loopdel(int depth, uint addr); -void loopcachesave(JSON root); -void loopcacheload(JSON root); -bool loopenum(LOOPSINFO* looplist, size_t* cbsize); - #endif // _ADDRINFO_H diff --git a/x64_dbg_dbg/argument.cpp b/x64_dbg_dbg/argument.cpp index 257a4175..ef2929f2 100644 --- a/x64_dbg_dbg/argument.cpp +++ b/x64_dbg_dbg/argument.cpp @@ -39,7 +39,7 @@ void argformat(char* cmd) char command_[deflen] = ""; char* command = command_; - strcpy(command, cmd); + strcpy_s(command, deflen, cmd); while(*command == ' ') command++; @@ -122,7 +122,7 @@ void argformat(char* cmd) j += sprintf(temp + j, "%c", arguments[i]); } arguments = arguments_; - strcpy(arguments, temp); + strcpy_s(arguments, deflen, temp); } len = (int)strlen(arguments); for(int i = 0; i < len; i++) @@ -138,7 +138,7 @@ void argformat(char* cmd) i += 2; j += sprintf(temp + j, "%c", arguments[i]); } - strcpy(arguments, temp); + strcpy_s(arguments, deflen, temp); len = (int)strlen(arguments); for(int i = 0, j = 0; i < len; i++) @@ -147,7 +147,7 @@ void argformat(char* cmd) i++; j += sprintf(temp + j, "%c", arguments[i]); } - strcpy(arguments, temp); + strcpy_s(arguments, deflen, temp); len = (int)strlen(arguments); for(int i = 0; i < len; i++) @@ -160,7 +160,7 @@ void argformat(char* cmd) if(strlen(arguments)) sprintf(cmd, "%s %s", command, arguments); else - strcpy(cmd, command); + strcpy_s(cmd, deflen, command); } /* @@ -189,7 +189,7 @@ int arggetcount(const char* cmd) arg_count = 1; char temp_[deflen] = ""; char* temp = temp_ + 1; - strcpy(temp, cmd); + strcpy_s(temp, deflen - 1, cmd); for(int i = start; i < len; i++) if(temp[i] == '\\' and (i < len - 1 and temp[i + 1] == '\\')) { @@ -239,7 +239,7 @@ bool argget(const char* cmd, char* arg, int arg_num, bool optional) start++; char temp_[deflen] = ""; char* temp = temp_ + 1; - strcpy(temp, cmd + start); + strcpy_s(temp, deflen - 1, cmd + start); int len = (int)strlen(temp); for(int i = 0; i < len; i++) @@ -279,7 +279,7 @@ bool argget(const char* cmd, char* arg, int arg_num, bool optional) memcpy(temp, new_temp, len + 1); if(arg_num == 0) //first argument { - strcpy(arg, temp); + strcpy_s(arg, deflen, temp); return true; } for(int i = 0, j = 0; i < len; i++) @@ -288,7 +288,7 @@ bool argget(const char* cmd, char* arg, int arg_num, bool optional) j++; if(j == arg_num) { - strcpy(arg, temp + i + 1); + strcpy_s(arg, deflen, temp + i + 1); return true; } } diff --git a/x64_dbg_dbg/assemble.cpp b/x64_dbg_dbg/assemble.cpp index 555e5278..b4376aab 100644 --- a/x64_dbg_dbg/assemble.cpp +++ b/x64_dbg_dbg/assemble.cpp @@ -36,11 +36,15 @@ bool assemble(uint addr, unsigned char* dest, int* size, const char* instruction #endif parse.cbUnknown = cbUnknown; parse.cip = addr; - strcpy(parse.instr, instruction); + String instr = instruction; + size_t pos = instr.find(" short "); + if(pos != String::npos) + instr.erase(pos, 6); + strcpy_s(parse.instr, instr.c_str()); if(XEDParseAssemble(&parse) == XEDPARSE_ERROR) { if(error) - strcpy(error, parse.error); + strcpy_s(error, MAX_ERROR_SIZE, parse.error); return false; } diff --git a/x64_dbg_dbg/bookmark.cpp b/x64_dbg_dbg/bookmark.cpp new file mode 100644 index 00000000..7f66977d --- /dev/null +++ b/x64_dbg_dbg/bookmark.cpp @@ -0,0 +1,162 @@ +#include "bookmark.h" +#include "threading.h" +#include "module.h" +#include "debugger.h" +#include "memory.h" + +typedef std::map BookmarksInfo; + +static BookmarksInfo bookmarks; + +bool bookmarkset(uint addr, bool manual) +{ + if(!DbgIsDebugging() or !memisvalidreadptr(fdProcessInfo->hProcess, addr)) + return false; + BOOKMARKSINFO bookmark; + modnamefromaddr(addr, bookmark.mod, true); + bookmark.addr = addr - modbasefromaddr(addr); + bookmark.manual = manual; + CriticalSectionLocker locker(LockBookmarks); + if(!bookmarks.insert(std::make_pair(modhashfromva(addr), bookmark)).second) + return bookmarkdel(addr); + return true; +} + +bool bookmarkget(uint addr) +{ + if(!DbgIsDebugging()) + return false; + CriticalSectionLocker locker(LockBookmarks); + if(bookmarks.count(modhashfromva(addr))) + return true; + return false; +} + +bool bookmarkdel(uint addr) +{ + if(!DbgIsDebugging()) + return false; + CriticalSectionLocker locker(LockBookmarks); + return (bookmarks.erase(modhashfromva(addr)) > 0); +} + +void bookmarkdelrange(uint start, uint end) +{ + if(!DbgIsDebugging()) + return; + bool bDelAll = (start == 0 && end == ~0); //0x00000000-0xFFFFFFFF + uint modbase = modbasefromaddr(start); + if(modbase != modbasefromaddr(end)) + return; + start -= modbase; + end -= modbase; + CriticalSectionLocker locker(LockBookmarks); + BookmarksInfo::iterator i = bookmarks.begin(); + while(i != bookmarks.end()) + { + if(i->second.manual) //ignore manual + { + i++; + continue; + } + if(bDelAll || (i->second.addr >= start && i->second.addr < end)) + bookmarks.erase(i++); + else + i++; + } +} + +void bookmarkcachesave(JSON root) +{ + CriticalSectionLocker locker(LockBookmarks); + const JSON jsonbookmarks = json_array(); + const JSON jsonautobookmarks = json_array(); + for(BookmarksInfo::iterator i = bookmarks.begin(); i != bookmarks.end(); ++i) + { + const BOOKMARKSINFO curBookmark = i->second; + JSON curjsonbookmark = json_object(); + json_object_set_new(curjsonbookmark, "module", json_string(curBookmark.mod)); + json_object_set_new(curjsonbookmark, "address", json_hex(curBookmark.addr)); + if(curBookmark.manual) + json_array_append_new(jsonbookmarks, curjsonbookmark); + else + json_array_append_new(jsonautobookmarks, curjsonbookmark); + } + if(json_array_size(jsonbookmarks)) + json_object_set(root, "bookmarks", jsonbookmarks); + json_decref(jsonbookmarks); + if(json_array_size(jsonautobookmarks)) + json_object_set(root, "autobookmarks", jsonautobookmarks); + json_decref(jsonautobookmarks); +} + +void bookmarkcacheload(JSON root) +{ + CriticalSectionLocker locker(LockBookmarks); + bookmarks.clear(); + const JSON jsonbookmarks = json_object_get(root, "bookmarks"); + if(jsonbookmarks) + { + size_t i; + JSON value; + json_array_foreach(jsonbookmarks, i, value) + { + BOOKMARKSINFO curBookmark; + const char* mod = json_string_value(json_object_get(value, "module")); + if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) + strcpy_s(curBookmark.mod, mod); + else + *curBookmark.mod = '\0'; + curBookmark.addr = (uint)json_hex_value(json_object_get(value, "address")); + curBookmark.manual = true; + const uint key = modhashfromname(curBookmark.mod) + curBookmark.addr; + bookmarks.insert(std::make_pair(key, curBookmark)); + } + } + JSON jsonautobookmarks = json_object_get(root, "autobookmarks"); + if(jsonautobookmarks) + { + size_t i; + JSON value; + json_array_foreach(jsonautobookmarks, i, value) + { + BOOKMARKSINFO curBookmark; + const char* mod = json_string_value(json_object_get(value, "module")); + if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) + strcpy_s(curBookmark.mod, mod); + else + *curBookmark.mod = '\0'; + curBookmark.addr = (uint)json_hex_value(json_object_get(value, "address")); + curBookmark.manual = false; + const uint key = modhashfromname(curBookmark.mod) + curBookmark.addr; + bookmarks.insert(std::make_pair(key, curBookmark)); + } + } +} + +bool bookmarkenum(BOOKMARKSINFO* bookmarklist, size_t* cbsize) +{ + if(!DbgIsDebugging()) + return false; + if(!bookmarklist && !cbsize) + return false; + CriticalSectionLocker locker(LockBookmarks); + if(!bookmarklist && cbsize) + { + *cbsize = bookmarks.size() * sizeof(BOOKMARKSINFO); + return true; + } + int j = 0; + for(BookmarksInfo::iterator i = bookmarks.begin(); i != bookmarks.end(); ++i, j++) + { + bookmarklist[j] = i->second; + bookmarklist[j].addr += modbasefromname(bookmarklist[j].mod); + } + return true; +} + +void bookmarkclear() +{ + CriticalSectionLocker locker(LockBookmarks); + BookmarksInfo().swap(bookmarks); +} \ No newline at end of file diff --git a/x64_dbg_dbg/bookmark.h b/x64_dbg_dbg/bookmark.h new file mode 100644 index 00000000..1ee9ee82 --- /dev/null +++ b/x64_dbg_dbg/bookmark.h @@ -0,0 +1,22 @@ +#ifndef _BOOKMARK_H +#define _BOOKMARK_H + +#include "_global.h" + +struct BOOKMARKSINFO +{ + char mod[MAX_MODULE_SIZE]; + uint addr; + bool manual; +}; + +bool bookmarkset(uint addr, bool manual); +bool bookmarkget(uint addr); +bool bookmarkdel(uint addr); +void bookmarkdelrange(uint start, uint end); +void bookmarkcachesave(JSON root); +void bookmarkcacheload(JSON root); +bool bookmarkenum(BOOKMARKSINFO* bookmarklist, size_t* cbsize); +void bookmarkclear(); + +#endif //_BOOKMARK_H \ No newline at end of file diff --git a/x64_dbg_dbg/breakpoint.cpp b/x64_dbg_dbg/breakpoint.cpp index 3e2c664c..a1ec2cae 100644 --- a/x64_dbg_dbg/breakpoint.cpp +++ b/x64_dbg_dbg/breakpoint.cpp @@ -10,6 +10,10 @@ #include "console.h" #include "memory.h" #include "threading.h" +#include "module.h" + +typedef std::pair BreakpointKey; +typedef std::map BreakpointsInfo; static BreakpointsInfo breakpoints; @@ -195,8 +199,8 @@ void bptobridge(const BREAKPOINT* bp, BRIDGEBP* bridge) bridge->active = bp->active; bridge->addr = bp->addr; bridge->enabled = bp->enabled; - strcpy(bridge->mod, bp->mod); - strcpy(bridge->name, bp->name); + strcpy_s(bridge->mod, bp->mod); + strcpy_s(bridge->name, bp->name); bridge->singleshoot = bp->singleshoot; switch(bp->type) { diff --git a/x64_dbg_dbg/breakpoint.h b/x64_dbg_dbg/breakpoint.h index 931913f3..bda1828c 100644 --- a/x64_dbg_dbg/breakpoint.h +++ b/x64_dbg_dbg/breakpoint.h @@ -36,8 +36,6 @@ struct BREAKPOINT //typedefs typedef bool (*BPENUMCALLBACK)(const BREAKPOINT* bp); -typedef std::pair BreakpointKey; -typedef std::map BreakpointsInfo; //functions int bpgetlist(std::vector* list); diff --git a/x64_dbg_dbg/command.cpp b/x64_dbg_dbg/command.cpp index 81dc9e3b..05f11673 100644 --- a/x64_dbg_dbg/command.cpp +++ b/x64_dbg_dbg/command.cpp @@ -110,7 +110,7 @@ bool cmdnew(COMMAND* command_list, const char* name, CBCOMMAND cbCommand, bool d COMMAND* cmdget(COMMAND* command_list, const char* cmd) { char new_cmd[deflen] = ""; - strcpy_s(new_cmd, cmd); + strcpy_s(new_cmd, deflen, cmd); int len = (int)strlen(new_cmd); int start = 0; while(new_cmd[start] != ' ' and start < len) diff --git a/x64_dbg_dbg/comment.cpp b/x64_dbg_dbg/comment.cpp new file mode 100644 index 00000000..ab9c1db8 --- /dev/null +++ b/x64_dbg_dbg/comment.cpp @@ -0,0 +1,182 @@ +#include "comment.h" +#include "threading.h" +#include "module.h" +#include "debugger.h" +#include "memory.h" + +typedef std::map CommentsInfo; + +static CommentsInfo comments; + +bool commentset(uint addr, const char* text, bool manual) +{ + if(!DbgIsDebugging() or !memisvalidreadptr(fdProcessInfo->hProcess, addr) or !text or text[0] == '\1' or strlen(text) >= MAX_COMMENT_SIZE - 1) + return false; + if(!*text) //NOTE: delete when there is no text + { + commentdel(addr); + return true; + } + COMMENTSINFO comment; + comment.manual = manual; + strcpy_s(comment.text, text); + modnamefromaddr(addr, comment.mod, true); + comment.addr = addr - modbasefromaddr(addr); + const uint key = modhashfromva(addr); + CriticalSectionLocker locker(LockComments); + if(!comments.insert(std::make_pair(key, comment)).second) //key already present + comments[key] = comment; + return true; +} + +bool commentget(uint addr, char* text) +{ + if(!DbgIsDebugging()) + return false; + CriticalSectionLocker locker(LockComments); + const CommentsInfo::iterator found = comments.find(modhashfromva(addr)); + if(found == comments.end()) //not found + return false; + strcpy_s(text, MAX_COMMENT_SIZE, found->second.text); + return true; +} + +bool commentdel(uint addr) +{ + if(!DbgIsDebugging()) + return false; + CriticalSectionLocker locker(LockComments); + return (comments.erase(modhashfromva(addr)) == 1); +} + +void commentdelrange(uint start, uint end) +{ + if(!DbgIsDebugging()) + return; + bool bDelAll = (start == 0 && end == ~0); //0x00000000-0xFFFFFFFF + uint modbase = modbasefromaddr(start); + if(modbase != modbasefromaddr(end)) + return; + start -= modbase; + end -= modbase; + CriticalSectionLocker locker(LockComments); + CommentsInfo::iterator i = comments.begin(); + while(i != comments.end()) + { + if(i->second.manual) //ignore manual + { + i++; + continue; + } + if(bDelAll || (i->second.addr >= start && i->second.addr < end)) + comments.erase(i++); + else + i++; + } +} + +void commentcachesave(JSON root) +{ + CriticalSectionLocker locker(LockComments); + const JSON jsoncomments = json_array(); + const JSON jsonautocomments = json_array(); + for(CommentsInfo::iterator i = comments.begin(); i != comments.end(); ++i) + { + const COMMENTSINFO curComment = i->second; + JSON curjsoncomment = json_object(); + json_object_set_new(curjsoncomment, "module", json_string(curComment.mod)); + json_object_set_new(curjsoncomment, "address", json_hex(curComment.addr)); + json_object_set_new(curjsoncomment, "text", json_string(curComment.text)); + if(curComment.manual) + json_array_append_new(jsoncomments, curjsoncomment); + else + json_array_append_new(jsonautocomments, curjsoncomment); + } + if(json_array_size(jsoncomments)) + json_object_set(root, "comments", jsoncomments); + json_decref(jsoncomments); + if(json_array_size(jsonautocomments)) + json_object_set(root, "autocomments", jsonautocomments); + json_decref(jsonautocomments); +} + +void commentcacheload(JSON root) +{ + CriticalSectionLocker locker(LockComments); + comments.clear(); + const JSON jsoncomments = json_object_get(root, "comments"); + if(jsoncomments) + { + size_t i; + JSON value; + json_array_foreach(jsoncomments, i, value) + { + COMMENTSINFO curComment; + const char* mod = json_string_value(json_object_get(value, "module")); + if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) + strcpy_s(curComment.mod, mod); + else + *curComment.mod = '\0'; + curComment.addr = (uint)json_hex_value(json_object_get(value, "address")); + curComment.manual = true; + const char* text = json_string_value(json_object_get(value, "text")); + if(text) + strcpy_s(curComment.text, text); + else + continue; //skip + const uint key = modhashfromname(curComment.mod) + curComment.addr; + comments.insert(std::make_pair(key, curComment)); + } + } + JSON jsonautocomments = json_object_get(root, "autocomments"); + if(jsonautocomments) + { + size_t i; + JSON value; + json_array_foreach(jsonautocomments, i, value) + { + COMMENTSINFO curComment; + const char* mod = json_string_value(json_object_get(value, "module")); + if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) + strcpy_s(curComment.mod, mod); + else + *curComment.mod = '\0'; + curComment.addr = (uint)json_hex_value(json_object_get(value, "address")); + curComment.manual = false; + const char* text = json_string_value(json_object_get(value, "text")); + if(text) + strcpy_s(curComment.text, text); + else + continue; //skip + const uint key = modhashfromname(curComment.mod) + curComment.addr; + comments.insert(std::make_pair(key, curComment)); + } + } +} + +bool commentenum(COMMENTSINFO* commentlist, size_t* cbsize) +{ + if(!DbgIsDebugging()) + return false; + if(!commentlist && !cbsize) + return false; + CriticalSectionLocker locker(LockComments); + if(!commentlist && cbsize) + { + *cbsize = comments.size() * sizeof(COMMENTSINFO); + return true; + } + int j = 0; + for(CommentsInfo::iterator i = comments.begin(); i != comments.end(); ++i, j++) + { + commentlist[j] = i->second; + commentlist[j].addr += modbasefromname(commentlist[j].mod); + } + return true; +} + +void commentclear() +{ + CriticalSectionLocker locker(LockComments); + CommentsInfo().swap(comments); +} \ No newline at end of file diff --git a/x64_dbg_dbg/comment.h b/x64_dbg_dbg/comment.h new file mode 100644 index 00000000..3f25f6ef --- /dev/null +++ b/x64_dbg_dbg/comment.h @@ -0,0 +1,23 @@ +#ifndef _COMMENT_H +#define _COMMENT_H + +#include "_global.h" + +struct COMMENTSINFO +{ + char mod[MAX_MODULE_SIZE]; + uint addr; + char text[MAX_COMMENT_SIZE]; + bool manual; +}; + +bool commentset(uint addr, const char* text, bool manual); +bool commentget(uint addr, char* text); +bool commentdel(uint addr); +void commentdelrange(uint start, uint end); +void commentcachesave(JSON root); +void commentcacheload(JSON root); +bool commentenum(COMMENTSINFO* commentlist, size_t* cbsize); +void commentclear(); + +#endif //_COMMENT_H \ No newline at end of file diff --git a/x64_dbg_dbg/dbghelp_safe.cpp b/x64_dbg_dbg/dbghelp_safe.cpp new file mode 100644 index 00000000..0e6488c2 --- /dev/null +++ b/x64_dbg_dbg/dbghelp_safe.cpp @@ -0,0 +1,158 @@ +#include "_global.h" +#include "dbghelp_safe.h" +#include "threading.h" + +DWORD +SafeUnDecorateSymbolName( + __in PCSTR name, + __out_ecount(maxStringLength) PSTR outputString, + __in DWORD maxStringLength, + __in DWORD flags +) +{ + CriticalSectionLocker locker(LockSym); + return UnDecorateSymbolName(name, outputString, maxStringLength, flags); +} +BOOL +SafeSymUnloadModule64( + __in HANDLE hProcess, + __in DWORD64 BaseOfDll +) +{ + CriticalSectionLocker locker(LockSym); + return SymUnloadModule64(hProcess, BaseOfDll); +} +BOOL +SafeSymSetSearchPath( + __in HANDLE hProcess, + __in_opt PCSTR SearchPath +) +{ + CriticalSectionLocker locker(LockSym); + return SymSetSearchPath(hProcess, SearchPath); +} +DWORD +SafeSymSetOptions( + __in DWORD SymOptions +) +{ + CriticalSectionLocker locker(LockSym); + return SymSetOptions(SymOptions); +} +BOOL +SafeSymInitialize( + __in HANDLE hProcess, + __in_opt PCSTR UserSearchPath, + __in BOOL fInvadeProcess +) +{ + CriticalSectionLocker locker(LockSym); + return SymInitialize(hProcess, UserSearchPath, fInvadeProcess); +} +BOOL +SafeSymRegisterCallback64( + __in HANDLE hProcess, + __in PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction, + __in ULONG64 UserContext +) +{ + CriticalSectionLocker locker(LockSym); + return SymRegisterCallback64(hProcess, CallbackFunction, UserContext); +} +DWORD64 +SafeSymLoadModuleEx( + __in HANDLE hProcess, + __in_opt HANDLE hFile, + __in_opt PCSTR ImageName, + __in_opt PCSTR ModuleName, + __in DWORD64 BaseOfDll, + __in DWORD DllSize, + __in_opt PMODLOAD_DATA Data, + __in_opt DWORD Flags +) +{ + CriticalSectionLocker locker(LockSym); + return SymLoadModuleEx(hProcess, hFile, ImageName, ModuleName, BaseOfDll, DllSize, Data, Flags); +} +BOOL +SafeSymGetModuleInfo64( + __in HANDLE hProcess, + __in DWORD64 qwAddr, + __out PIMAGEHLP_MODULE64 ModuleInfo +) +{ + CriticalSectionLocker locker(LockSym); + return SymGetModuleInfo64(hProcess, qwAddr, ModuleInfo); +} +BOOL +SafeSymGetSearchPath( + __in HANDLE hProcess, + __out_ecount(SearchPathLength) PSTR SearchPath, + __in DWORD SearchPathLength +) +{ + CriticalSectionLocker locker(LockSym); + return SymGetSearchPath(hProcess, SearchPath, SearchPathLength); +} +BOOL +SafeSymEnumSymbols( + __in HANDLE hProcess, + __in ULONG64 BaseOfDll, + __in_opt PCSTR Mask, + __in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback, + __in_opt PVOID UserContext +) +{ + CriticalSectionLocker locker(LockSym); + return SymEnumSymbols(hProcess, BaseOfDll, Mask, EnumSymbolsCallback, UserContext); +} +BOOL +SafeSymEnumerateModules( + __in HANDLE hProcess, + __in PSYM_ENUMMODULES_CALLBACK EnumModulesCallback, + __in_opt PVOID UserContext +) +{ + CriticalSectionLocker locker(LockSym); + return SymEnumerateModules(hProcess, EnumModulesCallback, UserContext); +} +BOOL +SafeSymGetLineFromAddr64( + __in HANDLE hProcess, + __in DWORD64 qwAddr, + __out PDWORD pdwDisplacement, + __out PIMAGEHLP_LINE64 Line64 +) +{ + CriticalSectionLocker locker(LockSym); + return SymGetLineFromAddr64(hProcess, qwAddr, pdwDisplacement, Line64); +} +BOOL +SafeSymFromName( + __in HANDLE hProcess, + __in PCSTR Name, + __inout PSYMBOL_INFO Symbol +) +{ + CriticalSectionLocker locker(LockSym); + return SymFromName(hProcess, Name, Symbol); +} +BOOL +SafeSymFromAddr( + __in HANDLE hProcess, + __in DWORD64 Address, + __out_opt PDWORD64 Displacement, + __inout PSYMBOL_INFO Symbol +) +{ + CriticalSectionLocker locker(LockSym); + return SymFromAddr(hProcess, Address, Displacement, Symbol); +} +BOOL +SafeSymCleanup( + __in HANDLE hProcess +) +{ + CriticalSectionLocker locker(LockSym); + return SymCleanup(hProcess); +} \ No newline at end of file diff --git a/x64_dbg_dbg/dbghelp_safe.h b/x64_dbg_dbg/dbghelp_safe.h new file mode 100644 index 00000000..20293018 --- /dev/null +++ b/x64_dbg_dbg/dbghelp_safe.h @@ -0,0 +1,105 @@ +#ifndef _DBGHELP_SAFE_H +#define _DBGHELP_SAFE_H + +#ifdef __GNUC__ +#include "dbghelp\dbghelp.h" +#else +#include +#endif //__GNUC__ + +DWORD +SafeUnDecorateSymbolName( + __in PCSTR name, + __out_ecount(maxStringLength) PSTR outputString, + __in DWORD maxStringLength, + __in DWORD flags +); +BOOL +SafeSymUnloadModule64( + __in HANDLE hProcess, + __in DWORD64 BaseOfDll +); +BOOL +SafeSymSetSearchPath( + __in HANDLE hProcess, + __in_opt PCSTR SearchPath +); +DWORD +SafeSymSetOptions( + __in DWORD SymOptions +); +BOOL +SafeSymInitialize( + __in HANDLE hProcess, + __in_opt PCSTR UserSearchPath, + __in BOOL fInvadeProcess +); +BOOL +SafeSymRegisterCallback64( + __in HANDLE hProcess, + __in PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction, + __in ULONG64 UserContext +); +DWORD64 +SafeSymLoadModuleEx( + __in HANDLE hProcess, + __in_opt HANDLE hFile, + __in_opt PCSTR ImageName, + __in_opt PCSTR ModuleName, + __in DWORD64 BaseOfDll, + __in DWORD DllSize, + __in_opt PMODLOAD_DATA Data, + __in_opt DWORD Flags +); +BOOL +SafeSymGetModuleInfo64( + __in HANDLE hProcess, + __in DWORD64 qwAddr, + __out PIMAGEHLP_MODULE64 ModuleInfo +); +BOOL +SafeSymGetSearchPath( + __in HANDLE hProcess, + __out_ecount(SearchPathLength) PSTR SearchPath, + __in DWORD SearchPathLength +); +BOOL +SafeSymEnumSymbols( + __in HANDLE hProcess, + __in ULONG64 BaseOfDll, + __in_opt PCSTR Mask, + __in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback, + __in_opt PVOID UserContext +); +BOOL +SafeSymEnumerateModules( + __in HANDLE hProcess, + __in PSYM_ENUMMODULES_CALLBACK EnumModulesCallback, + __in_opt PVOID UserContext +); +BOOL +SafeSymGetLineFromAddr64( + __in HANDLE hProcess, + __in DWORD64 qwAddr, + __out PDWORD pdwDisplacement, + __out PIMAGEHLP_LINE64 Line64 +); +BOOL +SafeSymFromName( + __in HANDLE hProcess, + __in PCSTR Name, + __inout PSYMBOL_INFO Symbol +); +BOOL +SafeSymFromAddr( + __in HANDLE hProcess, + __in DWORD64 Address, + __out_opt PDWORD64 Displacement, + __inout PSYMBOL_INFO Symbol +); +BOOL +SafeSymCleanup( + __in HANDLE hProcess +); + +#endif //_DBGHELP_SAFE_H \ No newline at end of file diff --git a/x64_dbg_dbg/debugger.cpp b/x64_dbg_dbg/debugger.cpp index 8addb79e..83b71d12 100644 --- a/x64_dbg_dbg/debugger.cpp +++ b/x64_dbg_dbg/debugger.cpp @@ -16,6 +16,9 @@ #include "symbolinfo.h" #include "variable.h" #include "x64_dbg.h" +#include "exception.h" +#include "error.h" +#include "module.h" static PROCESS_INFORMATION g_pi = {0, 0, 0, 0}; static char szBaseFileName[MAX_PATH] = ""; @@ -30,7 +33,6 @@ static bool bSkipExceptions = false; static bool bBreakOnNextDll = false; static int ecount = 0; static std::vector ignoredExceptionRange; -static std::map exceptionNames; static SIZE_T cachePrivateUsage = 0; static HANDLE hEvent = 0; static String lastDebugText; @@ -60,67 +62,8 @@ static DWORD WINAPI memMapThread(void* ptr) void dbginit() { - exceptionNames.insert(std::make_pair(0x40000005, "STATUS_SEGMENT_NOTIFICATION")); - exceptionNames.insert(std::make_pair(0x4000001C, "STATUS_WX86_UNSIMULATE")); - exceptionNames.insert(std::make_pair(0x4000001D, "STATUS_WX86_CONTINUE")); - exceptionNames.insert(std::make_pair(0x4000001E, "STATUS_WX86_SINGLE_STEP")); - exceptionNames.insert(std::make_pair(0x4000001F, "STATUS_WX86_BREAKPOINT")); - exceptionNames.insert(std::make_pair(0x40000020, "STATUS_WX86_EXCEPTION_CONTINUE")); - exceptionNames.insert(std::make_pair(0x40000021, "STATUS_WX86_EXCEPTION_LASTCHANCE")); - exceptionNames.insert(std::make_pair(0x40000022, "STATUS_WX86_EXCEPTION_CHAIN")); - exceptionNames.insert(std::make_pair(0x40000028, "STATUS_WX86_CREATEWX86TIB")); - exceptionNames.insert(std::make_pair(0x40010003, "DBG_TERMINATE_THREAD")); - exceptionNames.insert(std::make_pair(0x40010004, "DBG_TERMINATE_PROCESS")); - exceptionNames.insert(std::make_pair(0x40010005, "DBG_CONTROL_C")); - exceptionNames.insert(std::make_pair(0x40010006, "DBG_PRINTEXCEPTION_C")); - exceptionNames.insert(std::make_pair(0x40010007, "DBG_RIPEXCEPTION")); - exceptionNames.insert(std::make_pair(0x40010008, "DBG_CONTROL_BREAK")); - exceptionNames.insert(std::make_pair(0x40010009, "DBG_COMMAND_EXCEPTION")); - exceptionNames.insert(std::make_pair(0x80000001, "EXCEPTION_GUARD_PAGE")); - exceptionNames.insert(std::make_pair(0x80000002, "EXCEPTION_DATATYPE_MISALIGNMENT")); - exceptionNames.insert(std::make_pair(0x80000003, "EXCEPTION_BREAKPOINT")); - exceptionNames.insert(std::make_pair(0x80000004, "EXCEPTION_SINGLE_STEP")); - exceptionNames.insert(std::make_pair(0x80000026, "STATUS_LONGJUMP")); - exceptionNames.insert(std::make_pair(0x80000029, "STATUS_UNWIND_CONSOLIDATE")); - exceptionNames.insert(std::make_pair(0x80010001, "DBG_EXCEPTION_NOT_HANDLED")); - exceptionNames.insert(std::make_pair(0xC0000005, "EXCEPTION_ACCESS_VIOLATION")); - exceptionNames.insert(std::make_pair(0xC0000006, "EXCEPTION_IN_PAGE_ERROR")); - exceptionNames.insert(std::make_pair(0xC0000008, "EXCEPTION_INVALID_HANDLE")); - exceptionNames.insert(std::make_pair(0xC000000D, "STATUS_INVALID_PARAMETER")); - exceptionNames.insert(std::make_pair(0xC0000017, "STATUS_NO_MEMORY")); - exceptionNames.insert(std::make_pair(0xC000001D, "EXCEPTION_ILLEGAL_INSTRUCTION")); - exceptionNames.insert(std::make_pair(0xC0000025, "EXCEPTION_NONCONTINUABLE_EXCEPTION")); - exceptionNames.insert(std::make_pair(0xC0000026, "EXCEPTION_INVALID_DISPOSITION")); - exceptionNames.insert(std::make_pair(0xC000008C, "EXCEPTION_ARRAY_BOUNDS_EXCEEDED")); - exceptionNames.insert(std::make_pair(0xC000008D, "EXCEPTION_FLT_DENORMAL_OPERAND")); - exceptionNames.insert(std::make_pair(0xC000008E, "EXCEPTION_FLT_DIVIDE_BY_ZERO")); - exceptionNames.insert(std::make_pair(0xC000008F, "EXCEPTION_FLT_INEXACT_RESULT")); - exceptionNames.insert(std::make_pair(0xC0000090, "EXCEPTION_FLT_INVALID_OPERATION")); - exceptionNames.insert(std::make_pair(0xC0000091, "EXCEPTION_FLT_OVERFLOW")); - exceptionNames.insert(std::make_pair(0xC0000092, "EXCEPTION_FLT_STACK_CHECK")); - exceptionNames.insert(std::make_pair(0xC0000093, "EXCEPTION_FLT_UNDERFLOW")); - exceptionNames.insert(std::make_pair(0xC0000094, "EXCEPTION_INT_DIVIDE_BY_ZERO")); - exceptionNames.insert(std::make_pair(0xC0000095, "EXCEPTION_INT_OVERFLOW")); - exceptionNames.insert(std::make_pair(0xC0000096, "EXCEPTION_PRIV_INSTRUCTION")); - exceptionNames.insert(std::make_pair(0xC00000FD, "EXCEPTION_STACK_OVERFLOW")); - exceptionNames.insert(std::make_pair(0xC0000135, "STATUS_DLL_NOT_FOUND")); - exceptionNames.insert(std::make_pair(0xC0000138, "STATUS_ORDINAL_NOT_FOUND")); - exceptionNames.insert(std::make_pair(0xC0000139, "STATUS_ENTRYPOINT_NOT_FOUND")); - exceptionNames.insert(std::make_pair(0xC000013A, "STATUS_CONTROL_C_EXIT")); - exceptionNames.insert(std::make_pair(0xC0000142, "STATUS_DLL_INIT_FAILED")); - exceptionNames.insert(std::make_pair(0xC000014A, "STATUS_ILLEGAL_FLOAT_CONTEXT")); - exceptionNames.insert(std::make_pair(0xC0000194, "EXCEPTION_POSSIBLE_DEADLOCK")); - exceptionNames.insert(std::make_pair(0xC00002B4, "STATUS_FLOAT_MULTIPLE_FAULTS")); - exceptionNames.insert(std::make_pair(0xC00002B5, "STATUS_FLOAT_MULTIPLE_TRAPS")); - exceptionNames.insert(std::make_pair(0xC00002C5, "STATUS_DATATYPE_MISALIGNMENT_ERROR")); - exceptionNames.insert(std::make_pair(0xC00002C9, "STATUS_REG_NAT_CONSUMPTION")); - exceptionNames.insert(std::make_pair(0xC0000409, "STATUS_STACK_BUFFER_OVERRUN")); - exceptionNames.insert(std::make_pair(0xC0000417, "STATUS_INVALID_CRUNTIME_PARAMETER")); - exceptionNames.insert(std::make_pair(0xC0000420, "STATUS_ASSERTION_FAILURE")); - exceptionNames.insert(std::make_pair(0x04242420, "CLRDBG_NOTIFICATION_EXCEPTION_CODE")); - exceptionNames.insert(std::make_pair(0xE0434352, "CLR_EXCEPTION")); - exceptionNames.insert(std::make_pair(0xE06D7363, "CPP_EH_EXCEPTION")); - exceptionNames.insert(std::make_pair(MS_VC_EXCEPTION, "MS_VC_EXCEPTION")); + exceptioninit(); + errorinit(); CloseHandle(CreateThread(0, 0, memMapThread, 0, 0, 0)); } @@ -277,7 +220,7 @@ void cbUserBreakpoint() PLUG_CB_BREAKPOINT bpInfo; bpInfo.breakpoint = 0; if(!bpget(GetContextDataEx(hActiveThread, UE_CIP), BPNORMAL, 0, &bp) and bp.enabled) - dputs("breakpoint reached not in list!"); + dputs("Breakpoint reached not in list!"); else { const char* bptype = "INT3"; @@ -328,7 +271,7 @@ void cbHardwareBreakpoint(void* ExceptionAddress) PLUG_CB_BREAKPOINT bpInfo; bpInfo.breakpoint = 0; if(!bpget((uint)ExceptionAddress, BPHARDWARE, 0, &bp)) - dputs("hardware breakpoint reached not in list!"); + dputs("Hardware breakpoint reached not in list!"); else { const char* bpsize = ""; @@ -367,16 +310,16 @@ void cbHardwareBreakpoint(void* ExceptionAddress) if(symbolicname) { if(*bp.name) - dprintf("hardware breakpoint (%s%s) \"%s\" at %s ("fhex")!\n", bpsize, bptype, bp.name, symbolicname, bp.addr); + dprintf("Hardware breakpoint (%s%s) \"%s\" at %s ("fhex")!\n", bpsize, bptype, bp.name, symbolicname, bp.addr); else - dprintf("hardware breakpoint (%s%s) at %s ("fhex")!\n", bpsize, bptype, symbolicname, bp.addr); + dprintf("Hardware breakpoint (%s%s) at %s ("fhex")!\n", bpsize, bptype, symbolicname, bp.addr); } else { if(*bp.name) - dprintf("hardware breakpoint (%s%s) \"%s\" at "fhex"!\n", bpsize, bptype, bp.name, bp.addr); + dprintf("Hardware breakpoint (%s%s) \"%s\" at "fhex"!\n", bpsize, bptype, bp.name, bp.addr); else - dprintf("hardware breakpoint (%s%s) at "fhex"!\n", bpsize, bptype, bp.addr); + dprintf("Hardware breakpoint (%s%s) at "fhex"!\n", bpsize, bptype, bp.addr); } bptobridge(&bp, &pluginBp); bpInfo.breakpoint = &pluginBp; @@ -405,7 +348,7 @@ void cbMemoryBreakpoint(void* ExceptionAddress) PLUG_CB_BREAKPOINT bpInfo; bpInfo.breakpoint = 0; if(!bpget(base, BPMEMORY, 0, &bp)) - dputs("memory breakpoint reached not in list!"); + dputs("Memory breakpoint reached not in list!"); else { const char* bptype = ""; @@ -428,16 +371,16 @@ void cbMemoryBreakpoint(void* ExceptionAddress) if(symbolicname) { if(*bp.name) - dprintf("memory breakpoint%s \"%s\" at %s ("fhex", "fhex")!\n", bptype, bp.name, symbolicname, bp.addr, ExceptionAddress); + dprintf("Memory breakpoint%s \"%s\" at %s ("fhex", "fhex")!\n", bptype, bp.name, symbolicname, bp.addr, ExceptionAddress); else - dprintf("memory breakpoint%s at %s ("fhex", "fhex")!\n", bptype, symbolicname, bp.addr, ExceptionAddress); + dprintf("Memory breakpoint%s at %s ("fhex", "fhex")!\n", bptype, symbolicname, bp.addr, ExceptionAddress); } else { if(*bp.name) - dprintf("memory breakpoint%s \"%s\" at "fhex" ("fhex")!\n", bptype, bp.name, bp.addr, ExceptionAddress); + dprintf("Memory breakpoint%s \"%s\" at "fhex" ("fhex")!\n", bptype, bp.name, bp.addr, ExceptionAddress); else - dprintf("memory breakpoint%s at "fhex" ("fhex")!\n", bptype, bp.addr, ExceptionAddress); + dprintf("Memory breakpoint%s at "fhex" ("fhex")!\n", bptype, bp.addr, ExceptionAddress); } bptobridge(&bp, &pluginBp); bpInfo.breakpoint = &pluginBp; @@ -495,7 +438,7 @@ static BOOL CALLBACK SymRegisterCallbackProc64(HANDLE hProcess, ULONG ActionCode if(strstr(text, " bytes - ")) { Memory newtext(len + 1, "SymRegisterCallbackProc64:newtext"); - strcpy(newtext, text); + strcpy_s(newtext, len + 1, text); strstr(newtext, " bytes - ")[8] = 0; GuiSymbolLogAdd(newtext); suspress = true; @@ -541,7 +484,7 @@ static bool cbSetModuleBreakpoints(const BREAKPOINT* bp) case BPNORMAL: { if(!SetBPX(bp->addr, bp->titantype, (void*)cbUserBreakpoint)) - dprintf("could not set breakpoint "fhex"!\n", bp->addr); + dprintf("Could not set breakpoint "fhex"!\n", bp->addr); } break; @@ -550,7 +493,7 @@ static bool cbSetModuleBreakpoints(const BREAKPOINT* bp) uint size = 0; memfindbaseaddr(bp->addr, &size); if(!SetMemoryBPXEx(bp->addr, size, bp->titantype, !bp->singleshoot, (void*)cbMemoryBreakpoint)) - dprintf("could not set memory breakpoint "fhex"!\n", bp->addr); + dprintf("Could not set memory breakpoint "fhex"!\n", bp->addr); } break; @@ -559,14 +502,14 @@ static bool cbSetModuleBreakpoints(const BREAKPOINT* bp) DWORD drx = 0; if(!GetUnusedHardwareBreakPointRegister(&drx)) { - dputs("you can only set 4 hardware breakpoints"); + dputs("You can only set 4 hardware breakpoints"); return false; } int titantype = bp->titantype; TITANSETDRX(titantype, drx); bpsettitantype(bp->addr, BPHARDWARE, titantype); if(!SetHardwareBreakPoint(bp->addr, drx, TITANGETTYPE(bp->titantype), TITANGETSIZE(bp->titantype), (void*)cbHardwareBreakpoint)) - dprintf("could not set hardware breakpoint "fhex"!\n", bp->addr); + dprintf("Could not set hardware breakpoint "fhex"!\n", bp->addr); } break; @@ -658,12 +601,15 @@ static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo) { wchar_t wszFileName[MAX_PATH] = L""; if(!DevicePathFromFileHandleW(CreateProcessInfo->hFile, wszFileName, sizeof(wszFileName))) - strcpy(DebugFileName, "??? (GetFileNameFromHandle failed!)"); + strcpy_s(DebugFileName, "??? (GetFileNameFromHandle failed!)"); else strcpy_s(DebugFileName, MAX_PATH, StringUtils::Utf16ToUtf8(wszFileName).c_str()); } dprintf("Process Started: "fhex" %s\n", base, DebugFileName); + memupdatemap(fdProcessInfo->hProcess); + GuiDumpAt(memfindbaseaddr(GetContextData(UE_CIP), 0) + PAGE_SIZE); //dump somewhere + //init program database int len = (int)strlen(szFileName); while(szFileName[len] != '\\' && len != 0) @@ -679,17 +625,17 @@ static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo) sprintf(dbpath, "%s\\%s", dbbasepath, sqlitedb); dprintf("Database file: %s\n", dbpath); dbload(); - SymSetOptions(SYMOPT_DEBUG | SYMOPT_LOAD_LINES | SYMOPT_ALLOW_ABSOLUTE_SYMBOLS | SYMOPT_FAVOR_COMPRESSED | SYMOPT_IGNORE_NT_SYMPATH); + SafeSymSetOptions(SYMOPT_DEBUG | SYMOPT_LOAD_LINES | SYMOPT_ALLOW_ABSOLUTE_SYMBOLS | SYMOPT_FAVOR_COMPRESSED | SYMOPT_IGNORE_NT_SYMPATH); GuiSymbolLogClear(); char szServerSearchPath[MAX_PATH * 2] = ""; sprintf_s(szServerSearchPath, "SRV*%s", szSymbolCachePath); - SymInitialize(fdProcessInfo->hProcess, szServerSearchPath, false); //initialize symbols - SymRegisterCallback64(fdProcessInfo->hProcess, SymRegisterCallbackProc64, 0); - SymLoadModuleEx(fdProcessInfo->hProcess, CreateProcessInfo->hFile, DebugFileName, 0, (DWORD64)base, 0, 0, 0); + SafeSymInitialize(fdProcessInfo->hProcess, szServerSearchPath, false); //initialize symbols + SafeSymRegisterCallback64(fdProcessInfo->hProcess, SymRegisterCallbackProc64, 0); + SafeSymLoadModuleEx(fdProcessInfo->hProcess, CreateProcessInfo->hFile, DebugFileName, 0, (DWORD64)base, 0, 0, 0); IMAGEHLP_MODULE64 modInfo; memset(&modInfo, 0, sizeof(modInfo)); modInfo.SizeOfStruct = sizeof(modInfo); - if(SymGetModuleInfo64(fdProcessInfo->hProcess, (DWORD64)base, &modInfo)) + if(SafeSymGetModuleInfo64(fdProcessInfo->hProcess, (DWORD64)base, &modInfo)) modload((uint)base, modInfo.ImageSize, modInfo.ImageName); dbggetprivateusage(fdProcessInfo->hProcess, true); memupdatemap(fdProcessInfo->hProcess); //update memory map @@ -711,12 +657,13 @@ static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo) dprintf("TLS Callbacks: %d\n", NumberOfCallBacks); Memory TLSCallBacks(NumberOfCallBacks * sizeof(uint), "cbCreateProcess:TLSCallBacks"); if(!TLSGrabCallBackDataW(StringUtils::Utf8ToUtf16(DebugFileName).c_str(), TLSCallBacks, &NumberOfCallBacks)) - dputs("failed to get TLS callback addresses!"); + dputs("Failed to get TLS callback addresses!"); else { + uint ImageBase = GetPE32DataW(StringUtils::Utf8ToUtf16(DebugFileName).c_str(), 0, UE_IMAGEBASE); for(unsigned int i = 0; i < NumberOfCallBacks; i++) { - sprintf(command, "bp "fhex",\"TLS Callback %d\",ss", TLSCallBacks[i], i + 1); + sprintf(command, "bp "fhex",\"TLS Callback %d\",ss", TLSCallBacks[i] - ImageBase + pDebuggedBase, i + 1); cmddirectexec(dbggetcommandlist(), command); } } @@ -725,7 +672,7 @@ static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo) if(settingboolget("Events", "EntryBreakpoint")) { - sprintf(command, "bp "fhex",\"entry breakpoint\",ss", CreateProcessInfo->lpStartAddress); + sprintf(command, "bp "fhex",\"entry breakpoint\",ss", (uint)CreateProcessInfo->lpStartAddress); cmddirectexec(dbggetcommandlist(), command); } } @@ -753,7 +700,7 @@ static void cbExitProcess(EXIT_PROCESS_DEBUG_INFO* ExitProcess) callbackInfo.ExitProcess = ExitProcess; plugincbcall(CB_EXITPROCESS, &callbackInfo); //Cleanup - SymCleanup(fdProcessInfo->hProcess); + SafeSymCleanup(fdProcessInfo->hProcess); } static void cbCreateThread(CREATE_THREAD_DEBUG_INFO* CreateThread) @@ -765,7 +712,7 @@ static void cbCreateThread(CREATE_THREAD_DEBUG_INFO* CreateThread) if(settingboolget("Events", "ThreadEntry")) { char command[256] = ""; - sprintf(command, "bp "fhex",\"Thread %X\",ss", CreateThread->lpStartAddress, dwThreadId); + sprintf(command, "bp "fhex",\"Thread %X\",ss", (uint)CreateThread->lpStartAddress, dwThreadId); cmddirectexec(dbggetcommandlist(), command); } @@ -824,9 +771,9 @@ static void cbSystemBreakpoint(void* ExceptionData) hActiveThread = threadgethandle(((DEBUG_EVENT*)GetDebugData())->dwThreadId); //log message if(bIsAttached) - dputs("attach breakpoint reached!"); + dputs("Attach breakpoint reached!"); else - dputs("system breakpoint reached!"); + dputs("System breakpoint reached!"); bSkipExceptions = false; //we are not skipping first-chance exceptions uint cip = GetContextDataEx(hActiveThread, UE_CIP); GuiDumpAt(memfindbaseaddr(cip, 0, true)); //dump somewhere @@ -860,15 +807,15 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll) { wchar_t wszFileName[MAX_PATH] = L""; if(!DevicePathFromFileHandleW(LoadDll->hFile, wszFileName, sizeof(wszFileName))) - strcpy(DLLDebugFileName, "??? (GetFileNameFromHandle failed!)"); + strcpy_s(DLLDebugFileName, "??? (GetFileNameFromHandle failed!)"); else strcpy_s(DLLDebugFileName, MAX_PATH, StringUtils::Utf16ToUtf8(wszFileName).c_str()); } - SymLoadModuleEx(fdProcessInfo->hProcess, LoadDll->hFile, DLLDebugFileName, 0, (DWORD64)base, 0, 0, 0); + SafeSymLoadModuleEx(fdProcessInfo->hProcess, LoadDll->hFile, DLLDebugFileName, 0, (DWORD64)base, 0, 0, 0); IMAGEHLP_MODULE64 modInfo; memset(&modInfo, 0, sizeof(modInfo)); modInfo.SizeOfStruct = sizeof(IMAGEHLP_MODULE64); - if(SymGetModuleInfo64(fdProcessInfo->hProcess, (DWORD64)base, &modInfo)) + if(SafeSymGetModuleInfo64(fdProcessInfo->hProcess, (DWORD64)base, &modInfo)) modload((uint)base, modInfo.ImageSize, modInfo.ImageName); dbggetprivateusage(fdProcessInfo->hProcess, true); memupdatemap(fdProcessInfo->hProcess); //update memory map @@ -877,10 +824,13 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll) bpenumall(cbSetModuleBreakpoints, modname); GuiUpdateBreakpointsView(); bool bAlreadySetEntry = false; + + char command[256] = ""; + bool bIsDebuggingThis = false; if(bFileIsDll and !_stricmp(DLLDebugFileName, szFileName) and !bIsAttached) //Set entry breakpoint { + bIsDebuggingThis = true; pDebuggedBase = (uint)base; - char command[256] = ""; if(settingboolget("Events", "EntryBreakpoint")) { bAlreadySetEntry = true; @@ -890,6 +840,31 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll) } GuiUpdateBreakpointsView(); + if(settingboolget("Events", "TlsCallbacks")) + { + DWORD NumberOfCallBacks = 0; + TLSGrabCallBackDataW(StringUtils::Utf8ToUtf16(DLLDebugFileName).c_str(), 0, &NumberOfCallBacks); + if(NumberOfCallBacks) + { + dprintf("TLS Callbacks: %d\n", NumberOfCallBacks); + Memory TLSCallBacks(NumberOfCallBacks * sizeof(uint), "cbLoadDll:TLSCallBacks"); + if(!TLSGrabCallBackDataW(StringUtils::Utf8ToUtf16(DLLDebugFileName).c_str(), TLSCallBacks, &NumberOfCallBacks)) + dputs("Failed to get TLS callback addresses!"); + else + { + uint ImageBase = GetPE32DataW(StringUtils::Utf8ToUtf16(DLLDebugFileName).c_str(), 0, UE_IMAGEBASE); + for(unsigned int i = 0; i < NumberOfCallBacks; i++) + { + if(bIsDebuggingThis) + sprintf(command, "bp "fhex",\"TLS Callback %d\",ss", TLSCallBacks[i] - ImageBase + (uint)base, i + 1); + else + sprintf(command, "bp "fhex",\"TLS Callback %d (%s)\",ss", TLSCallBacks[i] - ImageBase + (uint)base, i + 1, modname); + cmddirectexec(dbggetcommandlist(), command); + } + } + } + } + if((bBreakOnNextDll || settingboolget("Events", "DllEntry")) && !bAlreadySetEntry) { uint oep = GetPE32Data(DLLDebugFileName, 0, UE_OEP); @@ -938,7 +913,7 @@ static void cbUnloadDll(UNLOAD_DLL_DEBUG_INFO* UnloadDll) if(modnamefromaddr((uint)base, modname, true)) bpenumall(cbRemoveModuleBreakpoints, modname); GuiUpdateBreakpointsView(); - SymUnloadModule64(fdProcessInfo->hProcess, (DWORD64)base); + SafeSymUnloadModule64(fdProcessInfo->hProcess, (DWORD64)base); dprintf("DLL Unloaded: "fhex" %s\n", base, modname); if(bBreakOnNextDll || settingboolget("Events", "DllUnload")) @@ -1018,7 +993,7 @@ static void cbException(EXCEPTION_DEBUG_INFO* ExceptionData) if(!DetachDebuggerEx(fdProcessInfo->dwProcessId)) dputs("DetachDebuggerEx failed..."); else - dputs("detached!"); + dputs("Detached!"); isDetachedByUser = false; return; } @@ -1058,15 +1033,13 @@ static void cbException(EXCEPTION_DEBUG_INFO* ExceptionData) } } } - const char* exceptionName = 0; - if(exceptionNames.count(ExceptionCode)) - exceptionName = exceptionNames[ExceptionCode]; + const char* exceptionName = exceptionnamefromcode(ExceptionCode); if(ExceptionData->dwFirstChance) //first chance exception { if(exceptionName) - dprintf("first chance exception on "fhex" (%.8X, %s)!\n", addr, ExceptionCode, exceptionName); + dprintf("First chance exception on "fhex" (%.8X, %s)!\n", addr, ExceptionCode, exceptionName); else - dprintf("first chance exception on "fhex" (%.8X)!\n", addr, ExceptionCode); + dprintf("First chance exception on "fhex" (%.8X)!\n", addr, ExceptionCode); SetNextDbgContinueStatus(DBG_EXCEPTION_NOT_HANDLED); if(bSkipExceptions || dbgisignoredexception(ExceptionCode)) return; @@ -1074,9 +1047,9 @@ static void cbException(EXCEPTION_DEBUG_INFO* ExceptionData) else //lock the exception { if(exceptionName) - dprintf("last chance exception on "fhex" (%.8X, %s)!\n", addr, ExceptionCode, exceptionName); + dprintf("Last chance exception on "fhex" (%.8X, %s)!\n", addr, ExceptionCode, exceptionName); else - dprintf("last chance exception on "fhex" (%.8X)!\n", addr, ExceptionCode); + dprintf("Last chance exception on "fhex" (%.8X)!\n", addr, ExceptionCode); SetNextDbgContinueStatus(DBG_CONTINUE); } @@ -1118,7 +1091,7 @@ DWORD WINAPI threadDebugLoop(void* lpParameter) if(!fdProcessInfo) { fdProcessInfo = &g_pi; - dputs("error starting process (invalid pe?)!"); + dputs("Error starting process (invalid pe?)!"); unlock(WAITID_STOP); return 0; } @@ -1159,12 +1132,12 @@ DWORD WINAPI threadDebugLoop(void* lpParameter) //inform GUI we started without problems GuiSetDebugState(initialized); //set GUI title - strcpy(szBaseFileName, szFileName); + strcpy_s(szBaseFileName, szFileName); int len = (int)strlen(szBaseFileName); while(szBaseFileName[len] != '\\' and len) len--; if(len) - strcpy(szBaseFileName, szBaseFileName + len + 1); + strcpy_s(szBaseFileName, szBaseFileName + len + 1); GuiUpdateWindowTitle(szBaseFileName); //call plugin callback PLUG_CB_INITDEBUG initInfo; @@ -1195,7 +1168,8 @@ bool cbDeleteAllBreakpoints(const BREAKPOINT* bp) { if(bpdel(bp->addr, BPNORMAL) and (!bp->enabled or DeleteBPX(bp->addr))) return true; - dprintf("delete breakpoint failed: "fhex"\n", bp->addr); + + dprintf("Delete breakpoint failed: "fhex"\n", bp->addr); return false; } @@ -1203,9 +1177,10 @@ bool cbEnableAllBreakpoints(const BREAKPOINT* bp) { if(bp->type != BPNORMAL or bp->enabled) return true; + if(!bpenable(bp->addr, BPNORMAL, true) or !SetBPX(bp->addr, bp->titantype, (void*)cbUserBreakpoint)) { - dprintf("could not enable breakpoint "fhex"\n", bp->addr); + dprintf("Could not enable breakpoint "fhex"\n", bp->addr); return false; } return true; @@ -1215,9 +1190,10 @@ bool cbDisableAllBreakpoints(const BREAKPOINT* bp) { if(bp->type != BPNORMAL or !bp->enabled) return true; + if(!bpenable(bp->addr, BPNORMAL, false) or !DeleteBPX(bp->addr)) { - dprintf("could not disable breakpoint "fhex"\n", bp->addr); + dprintf("Could not disable breakpoint "fhex"\n", bp->addr); return false; } return true; @@ -1230,7 +1206,7 @@ bool cbEnableAllHardwareBreakpoints(const BREAKPOINT* bp) DWORD drx = 0; if(!GetUnusedHardwareBreakPointRegister(&drx)) { - dprintf("did not enable hardware breakpoint "fhex" (all slots full)\n", bp->addr); + dprintf("Did not enable hardware breakpoint "fhex" (all slots full)\n", bp->addr); return true; } int titantype = bp->titantype; @@ -1250,7 +1226,7 @@ bool cbDisableAllHardwareBreakpoints(const BREAKPOINT* bp) return true; if(!bpenable(bp->addr, BPHARDWARE, false) or !DeleteHardwareBreakPoint(TITANGETDRX(bp->titantype))) { - dprintf("could not disable hardware breakpoint "fhex"\n", bp->addr); + dprintf("Could not disable hardware breakpoint "fhex"\n", bp->addr); return false; } return true; @@ -1264,7 +1240,7 @@ bool cbEnableAllMemoryBreakpoints(const BREAKPOINT* bp) memfindbaseaddr(bp->addr, &size); if(!bpenable(bp->addr, BPMEMORY, true) or !SetMemoryBPXEx(bp->addr, size, bp->titantype, !bp->singleshoot, (void*)cbMemoryBreakpoint)) { - dprintf("could not enable memory breakpoint "fhex"\n", bp->addr); + dprintf("Could not enable memory breakpoint "fhex"\n", bp->addr); return false; } return true; @@ -1276,7 +1252,7 @@ bool cbDisableAllMemoryBreakpoints(const BREAKPOINT* bp) return true; if(!bpenable(bp->addr, BPMEMORY, false) or !DeleteHardwareBreakPoint(TITANGETDRX(bp->titantype))) { - dprintf("could not disable memory breakpoint "fhex"\n", bp->addr); + dprintf("Could not disable memory breakpoint "fhex"\n", bp->addr); return false; } return true; @@ -1312,7 +1288,7 @@ bool cbDeleteAllMemoryBreakpoints(const BREAKPOINT* bp) memfindbaseaddr(bp->addr, &size); if(!bpdel(bp->addr, BPMEMORY) or !RemoveMemoryBPX(bp->addr, size)) { - dprintf("delete memory breakpoint failed: "fhex"\n", bp->addr); + dprintf("Delete memory breakpoint failed: "fhex"\n", bp->addr); return STATUS_ERROR; } return true; @@ -1324,7 +1300,7 @@ bool cbDeleteAllHardwareBreakpoints(const BREAKPOINT* bp) return true; if(!bpdel(bp->addr, BPHARDWARE) or !DeleteHardwareBreakPoint(TITANGETDRX(bp->titantype))) { - dprintf("delete hardware breakpoint failed: "fhex"\n", bp->addr); + dprintf("Delete hardware breakpoint failed: "fhex"\n", bp->addr); return STATUS_ERROR; } return true; @@ -1415,7 +1391,7 @@ void cbDetach() if(!DetachDebuggerEx(fdProcessInfo->dwProcessId)) dputs("DetachDebuggerEx failed..."); else - dputs("detached!"); + dputs("Detached!"); return; } @@ -1527,35 +1503,35 @@ bool dbgpagerightstostring(DWORD protect, char* rights) switch(protect & 0xFF) { case PAGE_EXECUTE: - strcpy(rights, "E---"); + strcpy_s(rights, RIGHTS_STRING_SIZE, "E---"); break; case PAGE_EXECUTE_READ: - strcpy(rights, "ER--"); + strcpy_s(rights, RIGHTS_STRING_SIZE, "ER--"); break; case PAGE_EXECUTE_READWRITE: - strcpy(rights, "ERW-"); + strcpy_s(rights, RIGHTS_STRING_SIZE, "ERW-"); break; case PAGE_EXECUTE_WRITECOPY: - strcpy(rights, "ERWC"); + strcpy_s(rights, RIGHTS_STRING_SIZE, "ERWC"); break; case PAGE_NOACCESS: - strcpy(rights, "----"); + strcpy_s(rights, RIGHTS_STRING_SIZE, "----"); break; case PAGE_READONLY: - strcpy(rights, "-R--"); + strcpy_s(rights, RIGHTS_STRING_SIZE, "-R--"); break; case PAGE_READWRITE: - strcpy(rights, "-RW-"); + strcpy_s(rights, RIGHTS_STRING_SIZE, "-RW-"); break; case PAGE_WRITECOPY: - strcpy(rights, "-RWC"); + strcpy_s(rights, RIGHTS_STRING_SIZE, "-RWC"); break; } if(protect & PAGE_GUARD) - strcat(rights, "G"); + strcat_s(rights, RIGHTS_STRING_SIZE, "G"); else - strcat(rights, "-"); + strcat_s(rights, RIGHTS_STRING_SIZE, "-"); return true; } @@ -1701,9 +1677,9 @@ bool dbggetdefjit(char* jit_entry) path[0] = '"'; wchar_t wszPath[MAX_PATH] = L""; GetModuleFileNameW(GetModuleHandleW(NULL), wszPath, MAX_PATH); - strcpy(&path[1], StringUtils::Utf16ToUtf8(wszPath).c_str()); + strcpy_s(&path[1], JIT_ENTRY_DEF_SIZE - 1, StringUtils::Utf16ToUtf8(wszPath).c_str()); strcat(path, ATTACH_CMD_LINE); - strcpy(jit_entry, path); + strcpy_s(jit_entry, JIT_ENTRY_DEF_SIZE, path); return true; } diff --git a/x64_dbg_dbg/debugger_commands.cpp b/x64_dbg_dbg/debugger_commands.cpp index 1cab927b..0b3ffad3 100644 --- a/x64_dbg_dbg/debugger_commands.cpp +++ b/x64_dbg_dbg/debugger_commands.cpp @@ -17,6 +17,11 @@ #include "symbolinfo.h" #include "assemble.h" #include "disasm_fast.h" +#include "module.h" +#include "comment.h" +#include "label.h" +#include "bookmark.h" +#include "function.h" static bool bScyllaLoaded = false; uint LoadLibThreadID; @@ -35,18 +40,18 @@ CMDRESULT cbDebugInit(int argc, char* argv[]) char szResolvedPath[MAX_PATH] = ""; if(ResolveShortcut(GuiGetWindowHandle(), StringUtils::Utf8ToUtf16(arg1).c_str(), szResolvedPath, _countof(szResolvedPath))) { - dprintf("resolved shortcut \"%s\"->\"%s\"\n", arg1, szResolvedPath); + dprintf("Resolved shortcut \"%s\"->\"%s\"\n", arg1, szResolvedPath); strcpy_s(arg1, szResolvedPath); } if(!FileExists(arg1)) { - dputs("file does not exist!"); + dputs("File does not exist!"); return STATUS_ERROR; } HANDLE hFile = CreateFileW(StringUtils::Utf8ToUtf16(arg1).c_str(), GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0); if(hFile == INVALID_HANDLE_VALUE) { - dputs("could not open file!"); + dputs("Could not open file!"); return STATUS_ERROR; } GetFileNameFromHandle(hFile, arg1); //get full path of the file @@ -56,14 +61,14 @@ CMDRESULT cbDebugInit(int argc, char* argv[]) switch(GetFileArchitecture(arg1)) { case invalid: - dputs("invalid PE file!"); + dputs("Invalid PE file!"); return STATUS_ERROR; #ifdef _WIN64 case x32: - dputs("use x32_dbg to debug this file!"); + dputs("Use x32_dbg to debug this file!"); #else //x86 case x64: - dputs("use x64_dbg to debug this file!"); + dputs("Use x64_dbg to debug this file!"); #endif //_WIN64 return STATUS_ERROR; default: @@ -80,14 +85,14 @@ CMDRESULT cbDebugInit(int argc, char* argv[]) argget(*argv, arg3, 2, true); static char currentfolder[deflen] = ""; - strcpy(currentfolder, arg1); + strcpy_s(currentfolder, arg1); int len = (int)strlen(currentfolder); while(currentfolder[len] != '\\' and len != 0) len--; currentfolder[len] = 0; if(DirExists(arg3)) - strcpy(currentfolder, arg3); + strcpy_s(currentfolder, arg3); //initialize wait(WAITID_STOP); //wait for the debugger to stop waitclear(); //clear waiting flags NOTE: thread-unsafe @@ -115,7 +120,7 @@ CMDRESULT cbDebugRun(int argc, char* argv[]) { if(!waitislocked(WAITID_RUN)) { - dputs("program is already running"); + dputs("Program is already running"); return STATUS_ERROR; } GuiSetDebugState(running); @@ -161,12 +166,12 @@ CMDRESULT cbDebugSetBPXOptions(int argc, char* argv[]) } else { - dputs("invalid type specified!"); + dputs("Invalid type specified!"); return STATUS_ERROR; } SetBPXOptions(type); BridgeSettingSetUint("Engine", "BreakpointType", setting_type); - dprintf("default breakpoint type set to: %s\n", a); + dprintf("Default breakpoint type set to: %s\n", a); return STATUS_CONTINUE; } @@ -181,14 +186,14 @@ CMDRESULT cbDebugSetBPX(int argc, char* argv[]) //bp addr [,name [,type]] bool has_arg2 = argget(*argv, argtype, 2, true); if(!has_arg2 and (scmp(argname, "ss") or scmp(argname, "long") or scmp(argname, "ud2"))) { - strcpy(argtype, argname); + strcpy_s(argtype, argname); *argname = 0; } _strlwr(argtype); uint addr = 0; if(!valfromstring(argaddr, &addr)) { - dprintf("invalid addr: \"%s\"\n", argaddr); + dprintf("Invalid addr: \"%s\"\n", argaddr); return STATUS_ERROR; } int type = 0; @@ -212,30 +217,30 @@ CMDRESULT cbDebugSetBPX(int argc, char* argv[]) //bp addr [,name [,type]] bpname = argname; if(bpget(addr, BPNORMAL, bpname, 0)) { - dputs("breakpoint already set!"); + dputs("Breakpoint already set!"); return STATUS_CONTINUE; } if(IsBPXEnabled(addr)) { - dprintf("error setting breakpoint at "fhex"! (IsBPXEnabled)\n", addr); + dprintf("Error setting breakpoint at "fhex"! (IsBPXEnabled)\n", addr); return STATUS_ERROR; } else if(!memread(fdProcessInfo->hProcess, (void*)addr, &oldbytes, sizeof(short), 0)) { - dprintf("error setting breakpoint at "fhex"! (memread)\n", addr); + dprintf("Error setting breakpoint at "fhex"! (memread)\n", addr); return STATUS_ERROR; } else if(!bpnew(addr, true, singleshoot, oldbytes, BPNORMAL, type, bpname)) { - dprintf("error setting breakpoint at "fhex"! (bpnew)\n", addr); + dprintf("Error setting breakpoint at "fhex"! (bpnew)\n", addr); return STATUS_ERROR; } else if(!SetBPX(addr, type, (void*)cbUserBreakpoint)) { - dprintf("error setting breakpoint at "fhex"! (SetBPX)\n", addr); + dprintf("Error setting breakpoint at "fhex"! (SetBPX)\n", addr); return STATUS_ERROR; } - dprintf("breakpoint at "fhex" set!\n", addr); + dprintf("Breakpoint at "fhex" set!\n", addr); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -247,12 +252,12 @@ CMDRESULT cbDebugDeleteBPX(int argc, char* argv[]) { if(!bpgetcount(BPNORMAL)) { - dputs("no breakpoints to delete!"); + dputs("No breakpoints to delete!"); return STATUS_CONTINUE; } if(!bpenumall(cbDeleteAllBreakpoints)) //at least one deletion failed return STATUS_ERROR; - dputs("all breakpoints deleted!"); + dputs("All breakpoints deleted!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -261,12 +266,12 @@ CMDRESULT cbDebugDeleteBPX(int argc, char* argv[]) { if(!bpdel(found.addr, BPNORMAL)) { - dprintf("delete breakpoint failed (bpdel): "fhex"\n", found.addr); + dprintf("Delete breakpoint failed (bpdel): "fhex"\n", found.addr); return STATUS_ERROR; } else if(found.enabled && !DeleteBPX(found.addr)) { - dprintf("delete breakpoint failed (DeleteBPX): "fhex"\n", found.addr); + dprintf("Delete breakpoint failed (DeleteBPX): "fhex"\n", found.addr); GuiUpdateAllViews(); return STATUS_ERROR; } @@ -275,21 +280,21 @@ CMDRESULT cbDebugDeleteBPX(int argc, char* argv[]) uint addr = 0; if(!valfromstring(arg1, &addr) or !bpget(addr, BPNORMAL, 0, &found)) //invalid breakpoint { - dprintf("no such breakpoint \"%s\"\n", arg1); + dprintf("No such breakpoint \"%s\"\n", arg1); return STATUS_ERROR; } if(!bpdel(found.addr, BPNORMAL)) { - dprintf("delete breakpoint failed (bpdel): "fhex"\n", found.addr); + dprintf("Delete breakpoint failed (bpdel): "fhex"\n", found.addr); return STATUS_ERROR; } else if(found.enabled && !DeleteBPX(found.addr)) { - dprintf("delete breakpoint failed (DeleteBPX): "fhex"\n", found.addr); + dprintf("Delete breakpoint failed (DeleteBPX): "fhex"\n", found.addr); GuiUpdateAllViews(); return STATUS_ERROR; } - dputs("breakpoint deleted!"); + dputs("Breakpoint deleted!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -301,12 +306,12 @@ CMDRESULT cbDebugEnableBPX(int argc, char* argv[]) { if(!bpgetcount(BPNORMAL)) { - dputs("no breakpoints to enable!"); + dputs("No breakpoints to enable!"); return STATUS_CONTINUE; } if(!bpenumall(cbEnableAllBreakpoints)) //at least one enable failed return STATUS_ERROR; - dputs("all breakpoints enabled!"); + dputs("All breakpoints enabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -315,7 +320,7 @@ CMDRESULT cbDebugEnableBPX(int argc, char* argv[]) { if(!bpenable(found.addr, BPNORMAL, true) or !SetBPX(found.addr, found.titantype, (void*)cbUserBreakpoint)) { - dprintf("could not enable breakpoint "fhex"\n", found.addr); + dprintf("Could not enable breakpoint "fhex"\n", found.addr); return STATUS_ERROR; } GuiUpdateAllViews(); @@ -324,21 +329,21 @@ CMDRESULT cbDebugEnableBPX(int argc, char* argv[]) uint addr = 0; if(!valfromstring(arg1, &addr) or !bpget(addr, BPNORMAL, 0, &found)) //invalid breakpoint { - dprintf("no such breakpoint \"%s\"\n", arg1); + dprintf("No such breakpoint \"%s\"\n", arg1); return STATUS_ERROR; } if(found.enabled) { - dputs("breakpoint already enabled!"); + dputs("Breakpoint already enabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } if(!bpenable(found.addr, BPNORMAL, true) or !SetBPX(found.addr, found.titantype, (void*)cbUserBreakpoint)) { - dprintf("could not enable breakpoint "fhex"\n", found.addr); + dprintf("Could not enable breakpoint "fhex"\n", found.addr); return STATUS_ERROR; } - dputs("breakpoint enabled!"); + dputs("Breakpoint enabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -350,12 +355,12 @@ CMDRESULT cbDebugDisableBPX(int argc, char* argv[]) { if(!bpgetcount(BPNORMAL)) { - dputs("no breakpoints to disable!"); + dputs("No breakpoints to disable!"); return STATUS_CONTINUE; } if(!bpenumall(cbDisableAllBreakpoints)) //at least one deletion failed return STATUS_ERROR; - dputs("all breakpoints disabled!"); + dputs("All breakpoints disabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -364,7 +369,7 @@ CMDRESULT cbDebugDisableBPX(int argc, char* argv[]) { if(!bpenable(found.addr, BPNORMAL, false) or !DeleteBPX(found.addr)) { - dprintf("could not disable breakpoint "fhex"\n", found.addr); + dprintf("Could not disable breakpoint "fhex"\n", found.addr); return STATUS_ERROR; } GuiUpdateAllViews(); @@ -373,20 +378,20 @@ CMDRESULT cbDebugDisableBPX(int argc, char* argv[]) uint addr = 0; if(!valfromstring(arg1, &addr) or !bpget(addr, BPNORMAL, 0, &found)) //invalid breakpoint { - dprintf("no such breakpoint \"%s\"\n", arg1); + dprintf("No such breakpoint \"%s\"\n", arg1); return STATUS_ERROR; } if(!found.enabled) { - dputs("breakpoint already disabled!"); + dputs("Breakpoint already disabled!"); return STATUS_CONTINUE; } if(!bpenable(found.addr, BPNORMAL, false) or !DeleteBPX(found.addr)) { - dprintf("could not disable breakpoint "fhex"\n", found.addr); + dprintf("Could not disable breakpoint "fhex"\n", found.addr); return STATUS_ERROR; } - dputs("breakpoint disabled!"); + dputs("Breakpoint disabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -446,9 +451,9 @@ CMDRESULT cbDebugeSingleStep(int argc, char* argv[]) CMDRESULT cbDebugHide(int argc, char* argv[]) { if(HideDebugger(fdProcessInfo->hProcess, UE_HIDE_PEBONLY)) - dputs("debugger hidden"); + dputs("Debugger hidden"); else - dputs("something went wrong"); + dputs("Something went wrong"); return STATUS_CONTINUE; } @@ -484,7 +489,7 @@ CMDRESULT cbDebugSetMemoryBpx(int argc, char* argv[]) else if(*arg2 == '0') restore = false; else - strcpy(arg3, arg2); + strcpy_s(arg3, arg2); } DWORD type = UE_MEMORY; if(*arg3) @@ -501,7 +506,7 @@ CMDRESULT cbDebugSetMemoryBpx(int argc, char* argv[]) type = UE_MEMORY_EXECUTE; //EXECUTE break; default: - dputs("invalid type (argument ignored)"); + dputs("Invalid type (argument ignored)"); break; } } @@ -512,15 +517,15 @@ CMDRESULT cbDebugSetMemoryBpx(int argc, char* argv[]) singleshoot = true; if(bpget(base, BPMEMORY, 0, 0)) { - dputs("hardware breakpoint already set!"); + dputs("Hardware breakpoint already set!"); return STATUS_CONTINUE; } if(!bpnew(base, true, singleshoot, 0, BPMEMORY, type, 0) or !SetMemoryBPXEx(base, size, type, restore, (void*)cbMemoryBreakpoint)) { - dputs("error setting memory breakpoint!"); + dputs("Error setting memory breakpoint!"); return STATUS_ERROR; } - dprintf("memory breakpoint at "fhex" set!\n", addr); + dprintf("Memory breakpoint at "fhex" set!\n", addr); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -537,7 +542,7 @@ CMDRESULT cbDebugDeleteMemoryBreakpoint(int argc, char* argv[]) } if(!bpenumall(cbDeleteAllMemoryBreakpoints)) //at least one deletion failed return STATUS_ERROR; - dputs("all memory breakpoints deleted!"); + dputs("All memory breakpoints deleted!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -548,7 +553,7 @@ CMDRESULT cbDebugDeleteMemoryBreakpoint(int argc, char* argv[]) memfindbaseaddr(found.addr, &size); if(!bpdel(found.addr, BPMEMORY) or !RemoveMemoryBPX(found.addr, size)) { - dprintf("delete memory breakpoint failed: "fhex"\n", found.addr); + dprintf("Delete memory breakpoint failed: "fhex"\n", found.addr); return STATUS_ERROR; } return STATUS_CONTINUE; @@ -556,17 +561,17 @@ CMDRESULT cbDebugDeleteMemoryBreakpoint(int argc, char* argv[]) uint addr = 0; if(!valfromstring(arg1, &addr) or !bpget(addr, BPMEMORY, 0, &found)) //invalid breakpoint { - dprintf("no such memory breakpoint \"%s\"\n", arg1); + dprintf("No such memory breakpoint \"%s\"\n", arg1); return STATUS_ERROR; } uint size; memfindbaseaddr(found.addr, &size); if(!bpdel(found.addr, BPMEMORY) or !RemoveMemoryBPX(found.addr, size)) { - dprintf("delete memory breakpoint failed: "fhex"\n", found.addr); + dprintf("Delete memory breakpoint failed: "fhex"\n", found.addr); return STATUS_ERROR; } - dputs("memory breakpoint deleted!"); + dputs("Memory breakpoint deleted!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -612,56 +617,66 @@ CMDRESULT cbDebugSetHardwareBreakpoint(int argc, char* argv[]) } } char arg3[deflen] = ""; //size - uint size = UE_HARDWARE_SIZE_1; + DWORD titsize = UE_HARDWARE_SIZE_1; if(argget(*argv, arg3, 2, true)) { + uint size; if(!valfromstring(arg3, &size)) return STATUS_ERROR; switch(size) { + case 1: + titsize = UE_HARDWARE_SIZE_1; + break; case 2: - size = UE_HARDWARE_SIZE_2; + titsize = UE_HARDWARE_SIZE_2; break; case 4: - size = UE_HARDWARE_SIZE_4; + titsize = UE_HARDWARE_SIZE_4; break; #ifdef _WIN64 case 8: - size = UE_HARDWARE_SIZE_8; + titsize = UE_HARDWARE_SIZE_8; break; #endif // _WIN64 default: - dputs("invalid size, using 1"); + titsize = UE_HARDWARE_SIZE_1; + dputs("Invalid size, using 1"); break; } if((addr % size) != 0) { - dprintf("address not aligned to %d\n", size); + dprintf("Address not aligned to %d\n", size); return STATUS_ERROR; } } DWORD drx = 0; if(!GetUnusedHardwareBreakPointRegister(&drx)) { - dputs("you can only set 4 hardware breakpoints"); + dputs("You can only set 4 hardware breakpoints"); return STATUS_ERROR; } int titantype = 0; TITANSETDRX(titantype, drx); TITANSETTYPE(titantype, type); - TITANSETSIZE(titantype, size); + TITANSETSIZE(titantype, titsize); //TODO: hwbp in multiple threads TEST if(bpget(addr, BPHARDWARE, 0, 0)) { - dputs("hardware breakpoint already set!"); + dputs("Hardware breakpoint already set!"); return STATUS_CONTINUE; } - if(!bpnew(addr, true, false, 0, BPHARDWARE, titantype, 0) or !SetHardwareBreakPoint(addr, drx, type, (DWORD)size, (void*)cbHardwareBreakpoint)) + if(!bpnew(addr, true, false, 0, BPHARDWARE, titantype, 0)) { - dputs("error setting hardware breakpoint!"); + dputs("error setting hardware breakpoint (bpnew)!"); return STATUS_ERROR; } - dprintf("hardware breakpoint at "fhex" set!\n", addr); + if(!SetHardwareBreakPoint(addr, drx, type, titsize, (void*)cbHardwareBreakpoint)) + { + dputs("error setting hardware breakpoint (TitanEngine)!"); + return STATUS_ERROR; + } + dprintf("Hardware breakpoint at "fhex" set!\n", addr); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -673,12 +688,12 @@ CMDRESULT cbDebugDeleteHardwareBreakpoint(int argc, char* argv[]) { if(!bpgetcount(BPHARDWARE)) { - dputs("no hardware breakpoints to delete!"); + dputs("No hardware breakpoints to delete!"); return STATUS_CONTINUE; } if(!bpenumall(cbDeleteAllHardwareBreakpoints)) //at least one deletion failed return STATUS_ERROR; - dputs("all hardware breakpoints deleted!"); + dputs("All hardware breakpoints deleted!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -687,7 +702,7 @@ CMDRESULT cbDebugDeleteHardwareBreakpoint(int argc, char* argv[]) { if(!bpdel(found.addr, BPHARDWARE) or !DeleteHardwareBreakPoint(TITANGETDRX(found.titantype))) { - dprintf("delete hardware breakpoint failed: "fhex"\n", found.addr); + dprintf("Delete hardware breakpoint failed: "fhex"\n", found.addr); return STATUS_ERROR; } return STATUS_CONTINUE; @@ -695,15 +710,15 @@ CMDRESULT cbDebugDeleteHardwareBreakpoint(int argc, char* argv[]) uint addr = 0; if(!valfromstring(arg1, &addr) or !bpget(addr, BPHARDWARE, 0, &found)) //invalid breakpoint { - dprintf("no such hardware breakpoint \"%s\"\n", arg1); + dprintf("No such hardware breakpoint \"%s\"\n", arg1); return STATUS_ERROR; } if(!bpdel(found.addr, BPHARDWARE) or !DeleteHardwareBreakPoint(TITANGETDRX(found.titantype))) { - dprintf("delete hardware breakpoint failed: "fhex"\n", found.addr); + dprintf("Delete hardware breakpoint failed: "fhex"\n", found.addr); return STATUS_ERROR; } - dputs("hardware breakpoint deleted!"); + dputs("Hardware breakpoint deleted!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -742,7 +757,7 @@ CMDRESULT cbDebugFree(int argc, char* argv[]) } else if(!lastalloc) { - dputs("lastalloc is zero, provide a page address"); + dputs("$lastalloc is zero, provide a page address"); return STATUS_ERROR; } if(addr == lastalloc) @@ -765,7 +780,7 @@ CMDRESULT cbDebugMemset(int argc, char* argv[]) uint size; if(argc < 3) { - dputs("not enough arguments"); + dputs("Not enough arguments"); return STATUS_ERROR; } if(!valfromstring(argv[1], &addr, false) or !valfromstring(argv[2], &value, false)) @@ -789,9 +804,9 @@ CMDRESULT cbDebugMemset(int argc, char* argv[]) } BYTE fi = value & 0xFF; if(!Fill((void*)addr, size & 0xFFFFFFFF, &fi)) - dputs("memset failed"); + dputs("Memset failed"); else - dprintf("memory "fhex" (size: %.8X) set to %.2X\n", addr, size & 0xFFFFFFFF, value & 0xFF); + dprintf("Memory "fhex" (size: %.8X) set to %.2X\n", addr, size & 0xFFFFFFFF, value & 0xFF); return STATUS_CONTINUE; } @@ -815,7 +830,7 @@ CMDRESULT cbDebugPause(int argc, char* argv[]) { if(waitislocked(WAITID_RUN)) { - dputs("program is not running"); + dputs("Program is not running"); return STATUS_ERROR; } dbgsetispausedbyuser(true); @@ -830,7 +845,7 @@ static DWORD WINAPI scyllaThread(void* lpParam) HINSTANCE hScylla = LoadLibraryW(L"Scylla.dll"); if(!hScylla) { - dputs("error loading Scylla.dll!"); + dputs("Error loading Scylla.dll!"); bScyllaLoaded = false; FreeLibrary(hScylla); return 0; @@ -838,7 +853,7 @@ static DWORD WINAPI scyllaThread(void* lpParam) ScyllaStartGui = (SCYLLASTARTGUI)GetProcAddress(hScylla, "ScyllaStartGui"); if(!ScyllaStartGui) { - dputs("could not find export 'ScyllaStartGui' inside Scylla.dll"); + dputs("Could not find export 'ScyllaStartGui' inside Scylla.dll"); bScyllaLoaded = false; FreeLibrary(hScylla); return 0; @@ -868,7 +883,7 @@ CMDRESULT cbDebugAttach(int argc, char* argv[]) { if(argc < 2) { - dputs("not enough arguments!"); + dputs("Not enough arguments!"); return STATUS_ERROR; } uint pid = 0; @@ -886,7 +901,7 @@ CMDRESULT cbDebugAttach(int argc, char* argv[]) Handle hProcess = TitanOpenProcess(PROCESS_ALL_ACCESS, false, (DWORD)pid); if(!hProcess) { - dprintf("could not open process %X!\n", pid); + dprintf("Could not open process %X!\n", pid); return STATUS_ERROR; } BOOL wow64 = false, mewow64 = false; @@ -907,7 +922,7 @@ CMDRESULT cbDebugAttach(int argc, char* argv[]) wchar_t wszFileName[MAX_PATH] = L""; if(!GetModuleFileNameExW(hProcess, 0, wszFileName, MAX_PATH)) { - dprintf("could not get module filename %X!\n", pid); + dprintf("Could not get module filename %X!\n", pid); return STATUS_ERROR; } strcpy_s(szFileName, StringUtils::Utf16ToUtf8(wszFileName).c_str()); @@ -934,7 +949,7 @@ CMDRESULT cbDebugDump(int argc, char* argv[]) duint addr = 0; if(!valfromstring(argv[1], &addr)) { - dprintf("invalid address \"%s\"!\n", argv[1]); + dprintf("Invalid address \"%s\"!\n", argv[1]); return STATUS_ERROR; } GuiDumpAt(addr); @@ -948,7 +963,7 @@ CMDRESULT cbDebugStackDump(int argc, char* argv[]) addr = GetContextDataEx(hActiveThread, UE_CSP); else if(!valfromstring(argv[1], &addr)) { - dprintf("invalid address \"%s\"!\n", argv[1]); + dprintf("Invalid address \"%s\"!\n", argv[1]); return STATUS_ERROR; } duint csp = GetContextDataEx(hActiveThread, UE_CSP); @@ -957,7 +972,7 @@ CMDRESULT cbDebugStackDump(int argc, char* argv[]) if(base && addr >= base && addr < (base + size)) GuiStackDumpAt(addr, csp); else - dputs("invalid stack address!"); + dputs("Invalid stack address!"); return STATUS_CONTINUE; } @@ -966,12 +981,12 @@ CMDRESULT cbDebugContinue(int argc, char* argv[]) if(argc < 2) { SetNextDbgContinueStatus(DBG_CONTINUE); - dputs("exception will be swallowed"); + dputs("Exception will be swallowed"); } else { SetNextDbgContinueStatus(DBG_EXCEPTION_NOT_HANDLED); - dputs("exception will be thrown in the program"); + dputs("Exception will be thrown in the program"); } return STATUS_CONTINUE; } @@ -1000,7 +1015,7 @@ CMDRESULT cbDebugBpDll(int argc, char* argv[]) if(argc > 3) singleshoot = false; LibrarianSetBreakPoint(argv[1], type, singleshoot, (void*)cbLibrarianBreakpoint); - dprintf("dll breakpoint set on \"%s\"!\n", argv[1]); + dprintf("Dll breakpoint set on \"%s\"!\n", argv[1]); return STATUS_CONTINUE; } @@ -1008,15 +1023,15 @@ CMDRESULT cbDebugBcDll(int argc, char* argv[]) { if(argc < 2) { - dputs("not enough arguments"); + dputs("Not enough arguments"); return STATUS_ERROR; } if(!LibrarianRemoveBreakPoint(argv[1], UE_ON_LIB_ALL)) { - dputs("failed to remove dll breakpoint..."); + dputs("Failed to remove DLL breakpoint..."); return STATUS_ERROR; } - dputs("dll breakpoint removed!"); + dputs("DLL breakpoint removed!"); return STATUS_CONTINUE; } @@ -1028,13 +1043,13 @@ CMDRESULT cbDebugSwitchthread(int argc, char* argv[]) return STATUS_ERROR; if(!threadisvalid((DWORD)threadid)) //check if the thread is valid { - dprintf("invalid thread %X\n", threadid); + dprintf("Invalid thread %X\n", threadid); return STATUS_ERROR; } //switch thread hActiveThread = threadgethandle((DWORD)threadid); DebugUpdateGui(GetContextDataEx(hActiveThread, UE_CIP), true); - dputs("thread switched!"); + dputs("Thread switched!"); return STATUS_CONTINUE; } @@ -1046,16 +1061,16 @@ CMDRESULT cbDebugSuspendthread(int argc, char* argv[]) return STATUS_ERROR; if(!threadisvalid((DWORD)threadid)) //check if the thread is valid { - dprintf("invalid thread %X\n", threadid); + dprintf("Invalid thread %X\n", threadid); return STATUS_ERROR; } //suspend thread if(SuspendThread(threadgethandle((DWORD)threadid)) == -1) { - dputs("error suspending thread"); + dputs("Error suspending thread"); return STATUS_ERROR; } - dputs("thread suspended"); + dputs("Thread suspended"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1068,16 +1083,16 @@ CMDRESULT cbDebugResumethread(int argc, char* argv[]) return STATUS_ERROR; if(!threadisvalid((DWORD)threadid)) //check if the thread is valid { - dprintf("invalid thread %X\n", threadid); + dprintf("Invalid thread %X\n", threadid); return STATUS_ERROR; } //resume thread if(ResumeThread(threadgethandle((DWORD)threadid)) == -1) { - dputs("error resuming thread"); + dputs("Error resuming thread"); return STATUS_ERROR; } - dputs("thread resumed!"); + dputs("Thread resumed!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1094,17 +1109,17 @@ CMDRESULT cbDebugKillthread(int argc, char* argv[]) return STATUS_ERROR; if(!threadisvalid((DWORD)threadid)) //check if the thread is valid { - dprintf("invalid thread %X\n", threadid); + dprintf("Invalid thread %X\n", threadid); return STATUS_ERROR; } //terminate thread if(TerminateThread(threadgethandle((DWORD)threadid), (DWORD)exitcode) != 0) { GuiUpdateAllViews(); - dputs("thread terminated"); + dputs("Thread terminated"); return STATUS_CONTINUE; } - dputs("error terminating thread!"); + dputs("Error terminating thread!"); return STATUS_ERROR; } @@ -1130,7 +1145,7 @@ CMDRESULT cbDebugSetPriority(int argc, char* argv[]) { if(argc < 3) { - dputs("not enough arguments!"); + dputs("Not enough arguments!"); return STATUS_ERROR; } uint threadid; @@ -1155,7 +1170,7 @@ CMDRESULT cbDebugSetPriority(int argc, char* argv[]) priority = THREAD_PRIORITY_LOWEST; else { - dputs("unknown priority value, read the help!"); + dputs("Unknown priority value, read the help!"); return STATUS_ERROR; } } @@ -1172,22 +1187,22 @@ CMDRESULT cbDebugSetPriority(int argc, char* argv[]) case THREAD_PRIORITY_LOWEST: break; default: - dputs("unknown priority value, read the help!"); + dputs("Unknown priority value, read the help!"); return STATUS_ERROR; } } if(!threadisvalid((DWORD)threadid)) //check if the thread is valid { - dprintf("invalid thread %X\n", threadid); + dprintf("Invalid thread %X\n", threadid); return STATUS_ERROR; } //set thread priority if(SetThreadPriority(threadgethandle((DWORD)threadid), (int)priority) == 0) { - dputs("error setting thread priority"); + dputs("Error setting thread priority"); return STATUS_ERROR; } - dputs("thread priority changed!"); + dputs("Thread priority changed!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1198,19 +1213,19 @@ CMDRESULT cbDebugEnableHardwareBreakpoint(int argc, char* argv[]) DWORD drx = 0; if(!GetUnusedHardwareBreakPointRegister(&drx)) { - dputs("you can only set 4 hardware breakpoints"); + dputs("You can only set 4 hardware breakpoints"); return STATUS_ERROR; } if(!argget(*argv, arg1, 0, true)) //enable all hardware breakpoints { if(!bpgetcount(BPHARDWARE)) { - dputs("no hardware breakpoints to enable!"); + dputs("No hardware breakpoints to enable!"); return STATUS_CONTINUE; } if(!bpenumall(cbEnableAllHardwareBreakpoints)) //at least one enable failed return STATUS_ERROR; - dputs("all hardware breakpoints enabled!"); + dputs("All hardware breakpoints enabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1218,12 +1233,12 @@ CMDRESULT cbDebugEnableHardwareBreakpoint(int argc, char* argv[]) uint addr = 0; if(!valfromstring(arg1, &addr) or !bpget(addr, BPHARDWARE, 0, &found)) //invalid hardware breakpoint { - dprintf("no such hardware breakpoint \"%s\"\n", arg1); + dprintf("No such hardware breakpoint \"%s\"\n", arg1); return STATUS_ERROR; } if(found.enabled) { - dputs("hardware breakpoint already enabled!"); + dputs("Hardware breakpoint already enabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1231,10 +1246,10 @@ CMDRESULT cbDebugEnableHardwareBreakpoint(int argc, char* argv[]) bpsettitantype(found.addr, BPHARDWARE, found.titantype); if(!bpenable(found.addr, BPHARDWARE, true) or !SetHardwareBreakPoint(found.addr, drx, TITANGETTYPE(found.titantype), TITANGETSIZE(found.titantype), (void*)cbHardwareBreakpoint)) { - dprintf("could not enable hardware breakpoint "fhex"\n", found.addr); + dprintf("Could not enable hardware breakpoint "fhex"\n", found.addr); return STATUS_ERROR; } - dputs("hardware breakpoint enabled!"); + dputs("Hardware breakpoint enabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1246,12 +1261,12 @@ CMDRESULT cbDebugDisableHardwareBreakpoint(int argc, char* argv[]) { if(!bpgetcount(BPHARDWARE)) { - dputs("no hardware breakpoints to disable!"); + dputs("No hardware breakpoints to disable!"); return STATUS_CONTINUE; } if(!bpenumall(cbDisableAllHardwareBreakpoints)) //at least one deletion failed return STATUS_ERROR; - dputs("all hardware breakpoints disabled!"); + dputs("All hardware breakpoints disabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1259,20 +1274,20 @@ CMDRESULT cbDebugDisableHardwareBreakpoint(int argc, char* argv[]) uint addr = 0; if(!valfromstring(arg1, &addr) or !bpget(addr, BPHARDWARE, 0, &found)) //invalid hardware breakpoint { - dprintf("no such hardware breakpoint \"%s\"\n", arg1); + dprintf("No such hardware breakpoint \"%s\"\n", arg1); return STATUS_ERROR; } if(!found.enabled) { - dputs("hardware breakpoint already disabled!"); + dputs("Hardware breakpoint already disabled!"); return STATUS_CONTINUE; } if(!bpenable(found.addr, BPHARDWARE, false) or !DeleteHardwareBreakPoint(TITANGETDRX(found.titantype))) { - dprintf("could not disable hardware breakpoint "fhex"\n", found.addr); + dprintf("Could not disable hardware breakpoint "fhex"\n", found.addr); return STATUS_ERROR; } - dputs("hardware breakpoint disabled!"); + dputs("Hardware breakpoint disabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1283,19 +1298,19 @@ CMDRESULT cbDebugEnableMemoryBreakpoint(int argc, char* argv[]) DWORD drx = 0; if(!GetUnusedHardwareBreakPointRegister(0)) { - dputs("you can only set 4 hardware breakpoints"); + dputs("You can only set 4 hardware breakpoints"); return STATUS_ERROR; } if(!argget(*argv, arg1, 0, true)) //enable all memory breakpoints { if(!bpgetcount(BPMEMORY)) { - dputs("no hardware breakpoints to enable!"); + dputs("No hardware breakpoints to enable!"); return STATUS_CONTINUE; } if(!bpenumall(cbEnableAllHardwareBreakpoints)) //at least one enable failed return STATUS_ERROR; - dputs("all memory breakpoints enabled!"); + dputs("All memory breakpoints enabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1303,12 +1318,12 @@ CMDRESULT cbDebugEnableMemoryBreakpoint(int argc, char* argv[]) uint addr = 0; if(!valfromstring(arg1, &addr) or !bpget(addr, BPMEMORY, 0, &found)) //invalid memory breakpoint { - dprintf("no such memory breakpoint \"%s\"\n", arg1); + dprintf("No such memory breakpoint \"%s\"\n", arg1); return STATUS_ERROR; } if(found.enabled) { - dputs("hardware memory already enabled!"); + dputs("Hardware memory already enabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1316,10 +1331,10 @@ CMDRESULT cbDebugEnableMemoryBreakpoint(int argc, char* argv[]) memfindbaseaddr(found.addr, &size); if(!bpenable(found.addr, BPMEMORY, true) or !SetMemoryBPXEx(found.addr, size, found.titantype, !found.singleshoot, (void*)cbMemoryBreakpoint)) { - dprintf("could not enable memory breakpoint "fhex"\n", found.addr); + dprintf("Could not enable memory breakpoint "fhex"\n", found.addr); return STATUS_ERROR; } - dputs("memory breakpoint enabled!"); + dputs("Memory breakpoint enabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1331,12 +1346,12 @@ CMDRESULT cbDebugDisableMemoryBreakpoint(int argc, char* argv[]) { if(!bpgetcount(BPMEMORY)) { - dputs("no memory breakpoints to disable!"); + dputs("No memory breakpoints to disable!"); return STATUS_CONTINUE; } if(!bpenumall(cbDisableAllMemoryBreakpoints)) //at least one deletion failed return STATUS_ERROR; - dputs("all memory breakpoints disabled!"); + dputs("All memory breakpoints disabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1344,22 +1359,22 @@ CMDRESULT cbDebugDisableMemoryBreakpoint(int argc, char* argv[]) uint addr = 0; if(!valfromstring(arg1, &addr) or !bpget(addr, BPMEMORY, 0, &found)) //invalid memory breakpoint { - dprintf("no such memory breakpoint \"%s\"\n", arg1); + dprintf("No such memory breakpoint \"%s\"\n", arg1); return STATUS_ERROR; } if(!found.enabled) { - dputs("memory breakpoint already disabled!"); + dputs("Memory breakpoint already disabled!"); return STATUS_CONTINUE; } uint size = 0; memfindbaseaddr(found.addr, &size); if(!bpenable(found.addr, BPMEMORY, false) or !RemoveMemoryBPX(found.addr, size)) { - dprintf("could not disable memory breakpoint "fhex"\n", found.addr); + dprintf("Could not disable memory breakpoint "fhex"\n", found.addr); return STATUS_ERROR; } - dputs("memory breakpoint disabled!"); + dputs("Memory breakpoint disabled!"); GuiUpdateAllViews(); return STATUS_CONTINUE; } @@ -1370,21 +1385,21 @@ CMDRESULT cbDebugDownloadSymbol(int argc, char* argv[]) const char* szSymbolStore = szDefaultStore; if(!BridgeSettingGet("Symbols", "DefaultStore", szDefaultStore)) //get default symbol store from settings { - strcpy(szDefaultStore, "http://msdl.microsoft.com/download/symbols"); + strcpy_s(szDefaultStore, "http://msdl.microsoft.com/download/symbols"); BridgeSettingSet("Symbols", "DefaultStore", szDefaultStore); } if(argc < 2) //no arguments { symdownloadallsymbols(szSymbolStore); //download symbols for all modules GuiSymbolRefreshCurrent(); - dputs("done! See symbol log for more information"); + dputs("Done! See symbol log for more information"); return STATUS_CONTINUE; } //get some module information uint modbase = modbasefromname(argv[1]); if(!modbase) { - dprintf("invalid module \"%s\"!\n", argv[1]); + dprintf("Invalid module \"%s\"!\n", argv[1]); return STATUS_ERROR; } wchar_t wszModulePath[MAX_PATH] = L""; @@ -1396,7 +1411,7 @@ CMDRESULT cbDebugDownloadSymbol(int argc, char* argv[]) char szModulePath[MAX_PATH] = ""; strcpy_s(szModulePath, StringUtils::Utf16ToUtf8(wszModulePath).c_str()); char szOldSearchPath[MAX_PATH] = ""; - if(!SymGetSearchPath(fdProcessInfo->hProcess, szOldSearchPath, MAX_PATH)) //backup current search path + if(!SafeSymGetSearchPath(fdProcessInfo->hProcess, szOldSearchPath, MAX_PATH)) //backup current search path { dputs("SymGetSearchPath failed!"); return STATUS_ERROR; @@ -1405,30 +1420,30 @@ CMDRESULT cbDebugDownloadSymbol(int argc, char* argv[]) if(argc > 2) szSymbolStore = argv[2]; sprintf_s(szServerSearchPath, "SRV*%s*%s", szSymbolCachePath, szSymbolStore); - if(!SymSetSearchPath(fdProcessInfo->hProcess, szServerSearchPath)) //set new search path + if(!SafeSymSetSearchPath(fdProcessInfo->hProcess, szServerSearchPath)) //set new search path { dputs("SymSetSearchPath (1) failed!"); return STATUS_ERROR; } - if(!SymUnloadModule64(fdProcessInfo->hProcess, (DWORD64)modbase)) //unload module + if(!SafeSymUnloadModule64(fdProcessInfo->hProcess, (DWORD64)modbase)) //unload module { - SymSetSearchPath(fdProcessInfo->hProcess, szOldSearchPath); + SafeSymSetSearchPath(fdProcessInfo->hProcess, szOldSearchPath); dputs("SymUnloadModule64 failed!"); return STATUS_ERROR; } - if(!SymLoadModuleEx(fdProcessInfo->hProcess, 0, szModulePath, 0, (DWORD64)modbase, 0, 0, 0)) //load module + if(!SafeSymLoadModuleEx(fdProcessInfo->hProcess, 0, szModulePath, 0, (DWORD64)modbase, 0, 0, 0)) //load module { dputs("SymLoadModuleEx failed!"); - SymSetSearchPath(fdProcessInfo->hProcess, szOldSearchPath); + SafeSymSetSearchPath(fdProcessInfo->hProcess, szOldSearchPath); return STATUS_ERROR; } - if(!SymSetSearchPath(fdProcessInfo->hProcess, szOldSearchPath)) + if(!SafeSymSetSearchPath(fdProcessInfo->hProcess, szOldSearchPath)) { dputs("SymSetSearchPath (2) failed!"); return STATUS_ERROR; } GuiSymbolRefreshCurrent(); - dputs("done! See symbol log for more information"); + dputs("Done! See symbol log for more information"); return STATUS_CONTINUE; } @@ -1829,7 +1844,7 @@ CMDRESULT cbDebugLoadLib(int argc, char* argv[]) int counter = 0; uint LoadLibraryA = 0; char command[50] = ""; - char error[256] = ""; + char error[MAX_ERROR_SIZE] = ""; GetFullContextDataEx(LoadLibThread, &backupctx); @@ -1837,7 +1852,7 @@ CMDRESULT cbDebugLoadLib(int argc, char* argv[]) // Arch specific asm code #ifdef _WIN64 - sprintf(command, "mov rcx, "fhex, DLLNameMem); + sprintf(command, "mov rcx, "fhex, (uint)DLLNameMem); #else sprintf(command, "push "fhex, DLLNameMem); #endif // _WIN64 diff --git a/x64_dbg_dbg/disasm_fast.cpp b/x64_dbg_dbg/disasm_fast.cpp index f9a1efd9..53280d67 100644 --- a/x64_dbg_dbg/disasm_fast.cpp +++ b/x64_dbg_dbg/disasm_fast.cpp @@ -29,7 +29,7 @@ void fillbasicinfo(DISASM* disasm, BASIC_INSTRUCTION_INFO* basicinfo) //zero basicinfo memset(basicinfo, 0, sizeof(BASIC_INSTRUCTION_INFO)); //copy instruction text - strcpy(basicinfo->instruction, disasm->CompleteInstr); + strcpy_s(basicinfo->instruction, disasm->CompleteInstr); //find immidiat if(disasm->Instruction.BranchType == 0) //no branch { @@ -61,7 +61,7 @@ void fillbasicinfo(DISASM* disasm, BASIC_INSTRUCTION_INFO* basicinfo) { basicinfo->type |= TYPE_MEMORY; basicinfo->memory.value = (ULONG_PTR)disasm->Argument1.Memory.Displacement; - strcpy(basicinfo->memory.mnemonic, disasm->Argument1.ArgMnemonic); + strcpy_s(basicinfo->memory.mnemonic, disasm->Argument1.ArgMnemonic); } basicinfo->memory.size = argsize2memsize(disasm->Argument1.ArgSize); } @@ -71,7 +71,7 @@ void fillbasicinfo(DISASM* disasm, BASIC_INSTRUCTION_INFO* basicinfo) { basicinfo->type |= TYPE_MEMORY; basicinfo->memory.value = (ULONG_PTR)disasm->Argument2.Memory.Displacement; - strcpy(basicinfo->memory.mnemonic, disasm->Argument2.ArgMnemonic); + strcpy_s(basicinfo->memory.mnemonic, disasm->Argument2.ArgMnemonic); } basicinfo->memory.size = argsize2memsize(disasm->Argument2.ArgSize); } @@ -88,14 +88,14 @@ void fillbasicinfo(DISASM* disasm, BASIC_INSTRUCTION_INFO* basicinfo) { basicinfo->type |= TYPE_MEMORY; basicinfo->memory.value = (ULONG_PTR)disasm->Instruction.AddrValue; - strcpy(basicinfo->memory.mnemonic, disasm->Argument1.ArgMnemonic); + strcpy_s(basicinfo->memory.mnemonic, disasm->Argument1.ArgMnemonic); basicinfo->memory.size = argsize2memsize(disasm->Argument1.ArgSize); } else if((disasm->Argument2.ArgType & RELATIVE_) == RELATIVE_) { basicinfo->type |= TYPE_MEMORY; basicinfo->memory.value = (ULONG_PTR)disasm->Instruction.AddrValue; - strcpy(basicinfo->memory.mnemonic, disasm->Argument2.ArgMnemonic); + strcpy_s(basicinfo->memory.mnemonic, disasm->Argument2.ArgMnemonic); basicinfo->memory.size = argsize2memsize(disasm->Argument2.ArgSize); } } diff --git a/x64_dbg_dbg/disasm_helper.cpp b/x64_dbg_dbg/disasm_helper.cpp index 9a7ef41b..88946eb6 100644 --- a/x64_dbg_dbg/disasm_helper.cpp +++ b/x64_dbg_dbg/disasm_helper.cpp @@ -133,9 +133,9 @@ const char* disasmtext(uint addr) int len = Disasm(&disasm); static char instruction[INSTRUCT_LENGTH] = ""; if(len == UNKNOWN_OPCODE) - strcpy(instruction, "???"); + strcpy_s(instruction, "???"); else - strcpy(instruction, disasm.CompleteInstr); + strcpy_s(instruction, disasm.CompleteInstr); return instruction; } @@ -172,7 +172,7 @@ static bool HandleArgument(ARGTYPE* Argument, INSTRTYPE* Instruction, DISASM_ARG if(!*argmnemonic) return false; arg->memvalue = 0; - strcpy(arg->mnemonic, argmnemonic); + strcpy_s(arg->mnemonic, argmnemonic); if((argtype & MEMORY_TYPE) == MEMORY_TYPE) { arg->type = arg_memory; @@ -239,7 +239,7 @@ void disasmget(unsigned char* buffer, uint addr, DISASM_INSTR* instr) disasm.VirtualAddr = addr; disasm.EIP = (UIntPtr)buffer; int len = Disasm(&disasm); - strcpy(instr->instruction, disasm.CompleteInstr); + strcpy_s(instr->instruction, disasm.CompleteInstr); if(len == UNKNOWN_OPCODE) { instr->instr_size = 1; diff --git a/x64_dbg_dbg/error.cpp b/x64_dbg_dbg/error.cpp new file mode 100644 index 00000000..c950011d --- /dev/null +++ b/x64_dbg_dbg/error.cpp @@ -0,0 +1,2202 @@ +#include "error.h" +#include + +static std::map errorNames; + +void errorinit() +{ + errorNames.insert(std::make_pair(0, "ERROR_SUCCESS")); + errorNames.insert(std::make_pair(1, "ERROR_INVALID_FUNCTION")); + errorNames.insert(std::make_pair(2, "ERROR_FILE_NOT_FOUND")); + errorNames.insert(std::make_pair(3, "ERROR_PATH_NOT_FOUND")); + errorNames.insert(std::make_pair(4, "ERROR_TOO_MANY_OPEN_FILES")); + errorNames.insert(std::make_pair(5, "ERROR_ACCESS_DENIED")); + errorNames.insert(std::make_pair(6, "ERROR_INVALID_HANDLE")); + errorNames.insert(std::make_pair(7, "ERROR_ARENA_TRASHED")); + errorNames.insert(std::make_pair(8, "ERROR_NOT_ENOUGH_MEMORY")); + errorNames.insert(std::make_pair(9, "ERROR_INVALID_BLOCK")); + errorNames.insert(std::make_pair(10, "ERROR_BAD_ENVIRONMENT")); + errorNames.insert(std::make_pair(11, "ERROR_BAD_FORMAT")); + errorNames.insert(std::make_pair(12, "ERROR_INVALID_ACCESS")); + errorNames.insert(std::make_pair(13, "ERROR_INVALID_DATA")); + errorNames.insert(std::make_pair(14, "ERROR_OUTOFMEMORY")); + errorNames.insert(std::make_pair(15, "ERROR_INVALID_DRIVE")); + errorNames.insert(std::make_pair(16, "ERROR_CURRENT_DIRECTORY")); + errorNames.insert(std::make_pair(17, "ERROR_NOT_SAME_DEVICE")); + errorNames.insert(std::make_pair(18, "ERROR_NO_MORE_FILES")); + errorNames.insert(std::make_pair(19, "ERROR_WRITE_PROTECT")); + errorNames.insert(std::make_pair(20, "ERROR_BAD_UNIT")); + errorNames.insert(std::make_pair(21, "ERROR_NOT_READY")); + errorNames.insert(std::make_pair(22, "ERROR_BAD_COMMAND")); + errorNames.insert(std::make_pair(23, "ERROR_CRC")); + errorNames.insert(std::make_pair(24, "ERROR_BAD_LENGTH")); + errorNames.insert(std::make_pair(25, "ERROR_SEEK")); + errorNames.insert(std::make_pair(26, "ERROR_NOT_DOS_DISK")); + errorNames.insert(std::make_pair(27, "ERROR_SECTOR_NOT_FOUND")); + errorNames.insert(std::make_pair(28, "ERROR_OUT_OF_PAPER")); + errorNames.insert(std::make_pair(29, "ERROR_WRITE_FAULT")); + errorNames.insert(std::make_pair(30, "ERROR_READ_FAULT")); + errorNames.insert(std::make_pair(31, "ERROR_GEN_FAILURE")); + errorNames.insert(std::make_pair(32, "ERROR_SHARING_VIOLATION")); + errorNames.insert(std::make_pair(33, "ERROR_LOCK_VIOLATION")); + errorNames.insert(std::make_pair(34, "ERROR_WRONG_DISK")); + errorNames.insert(std::make_pair(36, "ERROR_SHARING_BUFFER_EXCEEDED")); + errorNames.insert(std::make_pair(38, "ERROR_HANDLE_EOF")); + errorNames.insert(std::make_pair(39, "ERROR_HANDLE_DISK_FULL")); + errorNames.insert(std::make_pair(50, "ERROR_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(51, "ERROR_REM_NOT_LIST")); + errorNames.insert(std::make_pair(52, "ERROR_DUP_NAME")); + errorNames.insert(std::make_pair(53, "ERROR_BAD_NETPATH")); + errorNames.insert(std::make_pair(54, "ERROR_NETWORK_BUSY")); + errorNames.insert(std::make_pair(55, "ERROR_DEV_NOT_EXIST")); + errorNames.insert(std::make_pair(56, "ERROR_TOO_MANY_CMDS")); + errorNames.insert(std::make_pair(57, "ERROR_ADAP_HDW_ERR")); + errorNames.insert(std::make_pair(58, "ERROR_BAD_NET_RESP")); + errorNames.insert(std::make_pair(59, "ERROR_UNEXP_NET_ERR")); + errorNames.insert(std::make_pair(60, "ERROR_BAD_REM_ADAP")); + errorNames.insert(std::make_pair(61, "ERROR_PRINTQ_FULL")); + errorNames.insert(std::make_pair(62, "ERROR_NO_SPOOL_SPACE")); + errorNames.insert(std::make_pair(63, "ERROR_PRINT_CANCELLED")); + errorNames.insert(std::make_pair(64, "ERROR_NETNAME_DELETED")); + errorNames.insert(std::make_pair(65, "ERROR_NETWORK_ACCESS_DENIED")); + errorNames.insert(std::make_pair(66, "ERROR_BAD_DEV_TYPE")); + errorNames.insert(std::make_pair(67, "ERROR_BAD_NET_NAME")); + errorNames.insert(std::make_pair(68, "ERROR_TOO_MANY_NAMES")); + errorNames.insert(std::make_pair(69, "ERROR_TOO_MANY_SESS")); + errorNames.insert(std::make_pair(70, "ERROR_SHARING_PAUSED")); + errorNames.insert(std::make_pair(71, "ERROR_REQ_NOT_ACCEP")); + errorNames.insert(std::make_pair(72, "ERROR_REDIR_PAUSED")); + errorNames.insert(std::make_pair(80, "ERROR_FILE_EXISTS")); + errorNames.insert(std::make_pair(82, "ERROR_CANNOT_MAKE")); + errorNames.insert(std::make_pair(83, "ERROR_FAIL_I24")); + errorNames.insert(std::make_pair(84, "ERROR_OUT_OF_STRUCTURES")); + errorNames.insert(std::make_pair(85, "ERROR_ALREADY_ASSIGNED")); + errorNames.insert(std::make_pair(86, "ERROR_INVALID_PASSWORD")); + errorNames.insert(std::make_pair(87, "ERROR_INVALID_PARAMETER")); + errorNames.insert(std::make_pair(88, "ERROR_NET_WRITE_FAULT")); + errorNames.insert(std::make_pair(89, "ERROR_NO_PROC_SLOTS")); + errorNames.insert(std::make_pair(100, "ERROR_TOO_MANY_SEMAPHORES")); + errorNames.insert(std::make_pair(101, "ERROR_EXCL_SEM_ALREADY_OWNED")); + errorNames.insert(std::make_pair(102, "ERROR_SEM_IS_SET")); + errorNames.insert(std::make_pair(103, "ERROR_TOO_MANY_SEM_REQUESTS")); + errorNames.insert(std::make_pair(104, "ERROR_INVALID_AT_INTERRUPT_TIME")); + errorNames.insert(std::make_pair(105, "ERROR_SEM_OWNER_DIED")); + errorNames.insert(std::make_pair(106, "ERROR_SEM_USER_LIMIT")); + errorNames.insert(std::make_pair(107, "ERROR_DISK_CHANGE")); + errorNames.insert(std::make_pair(108, "ERROR_DRIVE_LOCKED")); + errorNames.insert(std::make_pair(109, "ERROR_BROKEN_PIPE")); + errorNames.insert(std::make_pair(110, "ERROR_OPEN_FAILED")); + errorNames.insert(std::make_pair(111, "ERROR_BUFFER_OVERFLOW")); + errorNames.insert(std::make_pair(112, "ERROR_DISK_FULL")); + errorNames.insert(std::make_pair(113, "ERROR_NO_MORE_SEARCH_HANDLES")); + errorNames.insert(std::make_pair(114, "ERROR_INVALID_TARGET_HANDLE")); + errorNames.insert(std::make_pair(117, "ERROR_INVALID_CATEGORY")); + errorNames.insert(std::make_pair(118, "ERROR_INVALID_VERIFY_SWITCH")); + errorNames.insert(std::make_pair(119, "ERROR_BAD_DRIVER_LEVEL")); + errorNames.insert(std::make_pair(120, "ERROR_CALL_NOT_IMPLEMENTED")); + errorNames.insert(std::make_pair(121, "ERROR_SEM_TIMEOUT")); + errorNames.insert(std::make_pair(122, "ERROR_INSUFFICIENT_BUFFER")); + errorNames.insert(std::make_pair(123, "ERROR_INVALID_NAME")); + errorNames.insert(std::make_pair(124, "ERROR_INVALID_LEVEL")); + errorNames.insert(std::make_pair(125, "ERROR_NO_VOLUME_LABEL")); + errorNames.insert(std::make_pair(126, "ERROR_MOD_NOT_FOUND")); + errorNames.insert(std::make_pair(127, "ERROR_PROC_NOT_FOUND")); + errorNames.insert(std::make_pair(128, "ERROR_WAIT_NO_CHILDREN")); + errorNames.insert(std::make_pair(129, "ERROR_CHILD_NOT_COMPLETE")); + errorNames.insert(std::make_pair(130, "ERROR_DIRECT_ACCESS_HANDLE")); + errorNames.insert(std::make_pair(131, "ERROR_NEGATIVE_SEEK")); + errorNames.insert(std::make_pair(132, "ERROR_SEEK_ON_DEVICE")); + errorNames.insert(std::make_pair(133, "ERROR_IS_JOIN_TARGET")); + errorNames.insert(std::make_pair(134, "ERROR_IS_JOINED")); + errorNames.insert(std::make_pair(135, "ERROR_IS_SUBSTED")); + errorNames.insert(std::make_pair(136, "ERROR_NOT_JOINED")); + errorNames.insert(std::make_pair(137, "ERROR_NOT_SUBSTED")); + errorNames.insert(std::make_pair(138, "ERROR_JOIN_TO_JOIN")); + errorNames.insert(std::make_pair(139, "ERROR_SUBST_TO_SUBST")); + errorNames.insert(std::make_pair(140, "ERROR_JOIN_TO_SUBST")); + errorNames.insert(std::make_pair(141, "ERROR_SUBST_TO_JOIN")); + errorNames.insert(std::make_pair(142, "ERROR_BUSY_DRIVE")); + errorNames.insert(std::make_pair(143, "ERROR_SAME_DRIVE")); + errorNames.insert(std::make_pair(144, "ERROR_DIR_NOT_ROOT")); + errorNames.insert(std::make_pair(145, "ERROR_DIR_NOT_EMPTY")); + errorNames.insert(std::make_pair(146, "ERROR_IS_SUBST_PATH")); + errorNames.insert(std::make_pair(147, "ERROR_IS_JOIN_PATH")); + errorNames.insert(std::make_pair(148, "ERROR_PATH_BUSY")); + errorNames.insert(std::make_pair(149, "ERROR_IS_SUBST_TARGET")); + errorNames.insert(std::make_pair(150, "ERROR_SYSTEM_TRACE")); + errorNames.insert(std::make_pair(151, "ERROR_INVALID_EVENT_COUNT")); + errorNames.insert(std::make_pair(152, "ERROR_TOO_MANY_MUXWAITERS")); + errorNames.insert(std::make_pair(153, "ERROR_INVALID_LIST_FORMAT")); + errorNames.insert(std::make_pair(154, "ERROR_LABEL_TOO_LONG")); + errorNames.insert(std::make_pair(155, "ERROR_TOO_MANY_TCBS")); + errorNames.insert(std::make_pair(156, "ERROR_SIGNAL_REFUSED")); + errorNames.insert(std::make_pair(157, "ERROR_DISCARDED")); + errorNames.insert(std::make_pair(158, "ERROR_NOT_LOCKED")); + errorNames.insert(std::make_pair(159, "ERROR_BAD_THREADID_ADDR")); + errorNames.insert(std::make_pair(160, "ERROR_BAD_ARGUMENTS")); + errorNames.insert(std::make_pair(161, "ERROR_BAD_PATHNAME")); + errorNames.insert(std::make_pair(162, "ERROR_SIGNAL_PENDING")); + errorNames.insert(std::make_pair(164, "ERROR_MAX_THRDS_REACHED")); + errorNames.insert(std::make_pair(167, "ERROR_LOCK_FAILED")); + errorNames.insert(std::make_pair(170, "ERROR_BUSY")); + errorNames.insert(std::make_pair(173, "ERROR_CANCEL_VIOLATION")); + errorNames.insert(std::make_pair(174, "ERROR_ATOMIC_LOCKS_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(180, "ERROR_INVALID_SEGMENT_NUMBER")); + errorNames.insert(std::make_pair(182, "ERROR_INVALID_ORDINAL")); + errorNames.insert(std::make_pair(183, "ERROR_ALREADY_EXISTS")); + errorNames.insert(std::make_pair(186, "ERROR_INVALID_FLAG_NUMBER")); + errorNames.insert(std::make_pair(187, "ERROR_SEM_NOT_FOUND")); + errorNames.insert(std::make_pair(188, "ERROR_INVALID_STARTING_CODESEG")); + errorNames.insert(std::make_pair(189, "ERROR_INVALID_STACKSEG")); + errorNames.insert(std::make_pair(190, "ERROR_INVALID_MODULETYPE")); + errorNames.insert(std::make_pair(191, "ERROR_INVALID_EXE_SIGNATURE")); + errorNames.insert(std::make_pair(192, "ERROR_EXE_MARKED_INVALID")); + errorNames.insert(std::make_pair(193, "ERROR_BAD_EXE_FORMAT")); + errorNames.insert(std::make_pair(194, "ERROR_ITERATED_DATA_EXCEEDS_64k")); + errorNames.insert(std::make_pair(195, "ERROR_INVALID_MINALLOCSIZE")); + errorNames.insert(std::make_pair(196, "ERROR_DYNLINK_FROM_INVALID_RING")); + errorNames.insert(std::make_pair(197, "ERROR_IOPL_NOT_ENABLED")); + errorNames.insert(std::make_pair(198, "ERROR_INVALID_SEGDPL")); + errorNames.insert(std::make_pair(199, "ERROR_AUTODATASEG_EXCEEDS_64k")); + errorNames.insert(std::make_pair(200, "ERROR_RING2SEG_MUST_BE_MOVABLE")); + errorNames.insert(std::make_pair(201, "ERROR_RELOC_CHAIN_XEEDS_SEGLIM")); + errorNames.insert(std::make_pair(202, "ERROR_INFLOOP_IN_RELOC_CHAIN")); + errorNames.insert(std::make_pair(203, "ERROR_ENVVAR_NOT_FOUND")); + errorNames.insert(std::make_pair(205, "ERROR_NO_SIGNAL_SENT")); + errorNames.insert(std::make_pair(206, "ERROR_FILENAME_EXCED_RANGE")); + errorNames.insert(std::make_pair(207, "ERROR_RING2_STACK_IN_USE")); + errorNames.insert(std::make_pair(208, "ERROR_META_EXPANSION_TOO_LONG")); + errorNames.insert(std::make_pair(209, "ERROR_INVALID_SIGNAL_NUMBER")); + errorNames.insert(std::make_pair(210, "ERROR_THREAD_1_INACTIVE")); + errorNames.insert(std::make_pair(212, "ERROR_LOCKED")); + errorNames.insert(std::make_pair(214, "ERROR_TOO_MANY_MODULES")); + errorNames.insert(std::make_pair(215, "ERROR_NESTING_NOT_ALLOWED")); + errorNames.insert(std::make_pair(216, "ERROR_EXE_MACHINE_TYPE_MISMATCH")); + errorNames.insert(std::make_pair(217, "ERROR_EXE_CANNOT_MODIFY_SIGNED_BINARY")); + errorNames.insert(std::make_pair(218, "ERROR_EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY")); + errorNames.insert(std::make_pair(220, "ERROR_FILE_CHECKED_OUT")); + errorNames.insert(std::make_pair(221, "ERROR_CHECKOUT_REQUIRED")); + errorNames.insert(std::make_pair(222, "ERROR_BAD_FILE_TYPE")); + errorNames.insert(std::make_pair(223, "ERROR_FILE_TOO_LARGE")); + errorNames.insert(std::make_pair(224, "ERROR_FORMS_AUTH_REQUIRED")); + errorNames.insert(std::make_pair(225, "ERROR_VIRUS_INFECTED")); + errorNames.insert(std::make_pair(226, "ERROR_VIRUS_DELETED")); + errorNames.insert(std::make_pair(229, "ERROR_PIPE_LOCAL")); + errorNames.insert(std::make_pair(230, "ERROR_BAD_PIPE")); + errorNames.insert(std::make_pair(231, "ERROR_PIPE_BUSY")); + errorNames.insert(std::make_pair(232, "ERROR_NO_DATA")); + errorNames.insert(std::make_pair(233, "ERROR_PIPE_NOT_CONNECTED")); + errorNames.insert(std::make_pair(234, "ERROR_MORE_DATA")); + errorNames.insert(std::make_pair(240, "ERROR_VC_DISCONNECTED")); + errorNames.insert(std::make_pair(254, "ERROR_INVALID_EA_NAME")); + errorNames.insert(std::make_pair(255, "ERROR_EA_LIST_INCONSISTENT")); + errorNames.insert(std::make_pair(259, "ERROR_NO_MORE_ITEMS")); + errorNames.insert(std::make_pair(266, "ERROR_CANNOT_COPY")); + errorNames.insert(std::make_pair(267, "ERROR_DIRECTORY")); + errorNames.insert(std::make_pair(275, "ERROR_EAS_DIDNT_FIT")); + errorNames.insert(std::make_pair(276, "ERROR_EA_FILE_CORRUPT")); + errorNames.insert(std::make_pair(277, "ERROR_EA_TABLE_FULL")); + errorNames.insert(std::make_pair(278, "ERROR_INVALID_EA_HANDLE")); + errorNames.insert(std::make_pair(282, "ERROR_EAS_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(288, "ERROR_NOT_OWNER")); + errorNames.insert(std::make_pair(298, "ERROR_TOO_MANY_POSTS")); + errorNames.insert(std::make_pair(299, "ERROR_PARTIAL_COPY")); + errorNames.insert(std::make_pair(300, "ERROR_OPLOCK_NOT_GRANTED")); + errorNames.insert(std::make_pair(301, "ERROR_INVALID_OPLOCK_PROTOCOL")); + errorNames.insert(std::make_pair(302, "ERROR_DISK_TOO_FRAGMENTED")); + errorNames.insert(std::make_pair(303, "ERROR_DELETE_PENDING")); + errorNames.insert(std::make_pair(304, "ERROR_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING")); + errorNames.insert(std::make_pair(305, "ERROR_SHORT_NAMES_NOT_ENABLED_ON_VOLUME")); + errorNames.insert(std::make_pair(306, "ERROR_SECURITY_STREAM_IS_INCONSISTENT")); + errorNames.insert(std::make_pair(307, "ERROR_INVALID_LOCK_RANGE")); + errorNames.insert(std::make_pair(308, "ERROR_IMAGE_SUBSYSTEM_NOT_PRESENT")); + errorNames.insert(std::make_pair(309, "ERROR_NOTIFICATION_GUID_ALREADY_DEFINED")); + errorNames.insert(std::make_pair(317, "ERROR_MR_MID_NOT_FOUND")); + errorNames.insert(std::make_pair(318, "ERROR_SCOPE_NOT_FOUND")); + errorNames.insert(std::make_pair(350, "ERROR_FAIL_NOACTION_REBOOT")); + errorNames.insert(std::make_pair(351, "ERROR_FAIL_SHUTDOWN")); + errorNames.insert(std::make_pair(352, "ERROR_FAIL_RESTART")); + errorNames.insert(std::make_pair(353, "ERROR_MAX_SESSIONS_REACHED")); + errorNames.insert(std::make_pair(400, "ERROR_THREAD_MODE_ALREADY_BACKGROUND")); + errorNames.insert(std::make_pair(401, "ERROR_THREAD_MODE_NOT_BACKGROUND")); + errorNames.insert(std::make_pair(402, "ERROR_PROCESS_MODE_ALREADY_BACKGROUND")); + errorNames.insert(std::make_pair(403, "ERROR_PROCESS_MODE_NOT_BACKGROUND")); + errorNames.insert(std::make_pair(487, "ERROR_INVALID_ADDRESS")); + errorNames.insert(std::make_pair(500, "ERROR_USER_PROFILE_LOAD")); + errorNames.insert(std::make_pair(534, "ERROR_ARITHMETIC_OVERFLOW")); + errorNames.insert(std::make_pair(535, "ERROR_PIPE_CONNECTED")); + errorNames.insert(std::make_pair(536, "ERROR_PIPE_LISTENING")); + errorNames.insert(std::make_pair(537, "ERROR_VERIFIER_STOP")); + errorNames.insert(std::make_pair(538, "ERROR_ABIOS_ERROR")); + errorNames.insert(std::make_pair(539, "ERROR_WX86_WARNING")); + errorNames.insert(std::make_pair(540, "ERROR_WX86_ERROR")); + errorNames.insert(std::make_pair(541, "ERROR_TIMER_NOT_CANCELED")); + errorNames.insert(std::make_pair(542, "ERROR_UNWIND")); + errorNames.insert(std::make_pair(543, "ERROR_BAD_STACK")); + errorNames.insert(std::make_pair(544, "ERROR_INVALID_UNWIND_TARGET")); + errorNames.insert(std::make_pair(545, "ERROR_INVALID_PORT_ATTRIBUTES")); + errorNames.insert(std::make_pair(546, "ERROR_PORT_MESSAGE_TOO_LONG")); + errorNames.insert(std::make_pair(547, "ERROR_INVALID_QUOTA_LOWER")); + errorNames.insert(std::make_pair(548, "ERROR_DEVICE_ALREADY_ATTACHED")); + errorNames.insert(std::make_pair(549, "ERROR_INSTRUCTION_MISALIGNMENT")); + errorNames.insert(std::make_pair(550, "ERROR_PROFILING_NOT_STARTED")); + errorNames.insert(std::make_pair(551, "ERROR_PROFILING_NOT_STOPPED")); + errorNames.insert(std::make_pair(552, "ERROR_COULD_NOT_INTERPRET")); + errorNames.insert(std::make_pair(553, "ERROR_PROFILING_AT_LIMIT")); + errorNames.insert(std::make_pair(554, "ERROR_CANT_WAIT")); + errorNames.insert(std::make_pair(555, "ERROR_CANT_TERMINATE_SELF")); + errorNames.insert(std::make_pair(556, "ERROR_UNEXPECTED_MM_CREATE_ERR")); + errorNames.insert(std::make_pair(557, "ERROR_UNEXPECTED_MM_MAP_ERROR")); + errorNames.insert(std::make_pair(558, "ERROR_UNEXPECTED_MM_EXTEND_ERR")); + errorNames.insert(std::make_pair(559, "ERROR_BAD_FUNCTION_TABLE")); + errorNames.insert(std::make_pair(560, "ERROR_NO_GUID_TRANSLATION")); + errorNames.insert(std::make_pair(561, "ERROR_INVALID_LDT_SIZE")); + errorNames.insert(std::make_pair(563, "ERROR_INVALID_LDT_OFFSET")); + errorNames.insert(std::make_pair(564, "ERROR_INVALID_LDT_DESCRIPTOR")); + errorNames.insert(std::make_pair(565, "ERROR_TOO_MANY_THREADS")); + errorNames.insert(std::make_pair(566, "ERROR_THREAD_NOT_IN_PROCESS")); + errorNames.insert(std::make_pair(567, "ERROR_PAGEFILE_QUOTA_EXCEEDED")); + errorNames.insert(std::make_pair(568, "ERROR_LOGON_SERVER_CONFLICT")); + errorNames.insert(std::make_pair(569, "ERROR_SYNCHRONIZATION_REQUIRED")); + errorNames.insert(std::make_pair(570, "ERROR_NET_OPEN_FAILED")); + errorNames.insert(std::make_pair(571, "ERROR_IO_PRIVILEGE_FAILED")); + errorNames.insert(std::make_pair(572, "ERROR_CONTROL_C_EXIT")); + errorNames.insert(std::make_pair(573, "ERROR_MISSING_SYSTEMFILE")); + errorNames.insert(std::make_pair(574, "ERROR_UNHANDLED_EXCEPTION")); + errorNames.insert(std::make_pair(575, "ERROR_APP_INIT_FAILURE")); + errorNames.insert(std::make_pair(576, "ERROR_PAGEFILE_CREATE_FAILED")); + errorNames.insert(std::make_pair(577, "ERROR_INVALID_IMAGE_HASH")); + errorNames.insert(std::make_pair(578, "ERROR_NO_PAGEFILE")); + errorNames.insert(std::make_pair(579, "ERROR_ILLEGAL_FLOAT_CONTEXT")); + errorNames.insert(std::make_pair(580, "ERROR_NO_EVENT_PAIR")); + errorNames.insert(std::make_pair(581, "ERROR_DOMAIN_CTRLR_CONFIG_ERROR")); + errorNames.insert(std::make_pair(582, "ERROR_ILLEGAL_CHARACTER")); + errorNames.insert(std::make_pair(583, "ERROR_UNDEFINED_CHARACTER")); + errorNames.insert(std::make_pair(584, "ERROR_FLOPPY_VOLUME")); + errorNames.insert(std::make_pair(585, "ERROR_BIOS_FAILED_TO_CONNECT_INTERRUPT")); + errorNames.insert(std::make_pair(586, "ERROR_BACKUP_CONTROLLER")); + errorNames.insert(std::make_pair(587, "ERROR_MUTANT_LIMIT_EXCEEDED")); + errorNames.insert(std::make_pair(588, "ERROR_FS_DRIVER_REQUIRED")); + errorNames.insert(std::make_pair(589, "ERROR_CANNOT_LOAD_REGISTRY_FILE")); + errorNames.insert(std::make_pair(590, "ERROR_DEBUG_ATTACH_FAILED")); + errorNames.insert(std::make_pair(591, "ERROR_SYSTEM_PROCESS_TERMINATED")); + errorNames.insert(std::make_pair(592, "ERROR_DATA_NOT_ACCEPTED")); + errorNames.insert(std::make_pair(593, "ERROR_VDM_HARD_ERROR")); + errorNames.insert(std::make_pair(594, "ERROR_DRIVER_CANCEL_TIMEOUT")); + errorNames.insert(std::make_pair(595, "ERROR_REPLY_MESSAGE_MISMATCH")); + errorNames.insert(std::make_pair(596, "ERROR_LOST_WRITEBEHIND_DATA")); + errorNames.insert(std::make_pair(597, "ERROR_CLIENT_SERVER_PARAMETERS_INVALID")); + errorNames.insert(std::make_pair(598, "ERROR_NOT_TINY_STREAM")); + errorNames.insert(std::make_pair(599, "ERROR_STACK_OVERFLOW_READ")); + errorNames.insert(std::make_pair(600, "ERROR_CONVERT_TO_LARGE")); + errorNames.insert(std::make_pair(601, "ERROR_FOUND_OUT_OF_SCOPE")); + errorNames.insert(std::make_pair(602, "ERROR_ALLOCATE_BUCKET")); + errorNames.insert(std::make_pair(603, "ERROR_MARSHALL_OVERFLOW")); + errorNames.insert(std::make_pair(604, "ERROR_INVALID_VARIANT")); + errorNames.insert(std::make_pair(605, "ERROR_BAD_COMPRESSION_BUFFER")); + errorNames.insert(std::make_pair(606, "ERROR_AUDIT_FAILED")); + errorNames.insert(std::make_pair(607, "ERROR_TIMER_RESOLUTION_NOT_SET")); + errorNames.insert(std::make_pair(608, "ERROR_INSUFFICIENT_LOGON_INFO")); + errorNames.insert(std::make_pair(609, "ERROR_BAD_DLL_ENTRYPOINT")); + errorNames.insert(std::make_pair(610, "ERROR_BAD_SERVICE_ENTRYPOINT")); + errorNames.insert(std::make_pair(611, "ERROR_IP_ADDRESS_CONFLICT1")); + errorNames.insert(std::make_pair(612, "ERROR_IP_ADDRESS_CONFLICT2")); + errorNames.insert(std::make_pair(613, "ERROR_REGISTRY_QUOTA_LIMIT")); + errorNames.insert(std::make_pair(614, "ERROR_NO_CALLBACK_ACTIVE")); + errorNames.insert(std::make_pair(615, "ERROR_PWD_TOO_SHORT")); + errorNames.insert(std::make_pair(616, "ERROR_PWD_TOO_RECENT")); + errorNames.insert(std::make_pair(617, "ERROR_PWD_HISTORY_CONFLICT")); + errorNames.insert(std::make_pair(618, "ERROR_UNSUPPORTED_COMPRESSION")); + errorNames.insert(std::make_pair(619, "ERROR_INVALID_HW_PROFILE")); + errorNames.insert(std::make_pair(620, "ERROR_INVALID_PLUGPLAY_DEVICE_PATH")); + errorNames.insert(std::make_pair(621, "ERROR_QUOTA_LIST_INCONSISTENT")); + errorNames.insert(std::make_pair(622, "ERROR_EVALUATION_EXPIRATION")); + errorNames.insert(std::make_pair(623, "ERROR_ILLEGAL_DLL_RELOCATION")); + errorNames.insert(std::make_pair(624, "ERROR_DLL_INIT_FAILED_LOGOFF")); + errorNames.insert(std::make_pair(625, "ERROR_VALIDATE_CONTINUE")); + errorNames.insert(std::make_pair(626, "ERROR_NO_MORE_MATCHES")); + errorNames.insert(std::make_pair(627, "ERROR_RANGE_LIST_CONFLICT")); + errorNames.insert(std::make_pair(628, "ERROR_SERVER_SID_MISMATCH")); + errorNames.insert(std::make_pair(629, "ERROR_CANT_ENABLE_DENY_ONLY")); + errorNames.insert(std::make_pair(630, "ERROR_FLOAT_MULTIPLE_FAULTS")); + errorNames.insert(std::make_pair(631, "ERROR_FLOAT_MULTIPLE_TRAPS")); + errorNames.insert(std::make_pair(632, "ERROR_NOINTERFACE")); + errorNames.insert(std::make_pair(633, "ERROR_DRIVER_FAILED_SLEEP")); + errorNames.insert(std::make_pair(634, "ERROR_CORRUPT_SYSTEM_FILE")); + errorNames.insert(std::make_pair(635, "ERROR_COMMITMENT_MINIMUM")); + errorNames.insert(std::make_pair(636, "ERROR_PNP_RESTART_ENUMERATION")); + errorNames.insert(std::make_pair(637, "ERROR_SYSTEM_IMAGE_BAD_SIGNATURE")); + errorNames.insert(std::make_pair(638, "ERROR_PNP_REBOOT_REQUIRED")); + errorNames.insert(std::make_pair(639, "ERROR_INSUFFICIENT_POWER")); + errorNames.insert(std::make_pair(640, "ERROR_MULTIPLE_FAULT_VIOLATION")); + errorNames.insert(std::make_pair(641, "ERROR_SYSTEM_SHUTDOWN")); + errorNames.insert(std::make_pair(642, "ERROR_PORT_NOT_SET")); + errorNames.insert(std::make_pair(643, "ERROR_DS_VERSION_CHECK_FAILURE")); + errorNames.insert(std::make_pair(644, "ERROR_RANGE_NOT_FOUND")); + errorNames.insert(std::make_pair(646, "ERROR_NOT_SAFE_MODE_DRIVER")); + errorNames.insert(std::make_pair(647, "ERROR_FAILED_DRIVER_ENTRY")); + errorNames.insert(std::make_pair(648, "ERROR_DEVICE_ENUMERATION_ERROR")); + errorNames.insert(std::make_pair(649, "ERROR_MOUNT_POINT_NOT_RESOLVED")); + errorNames.insert(std::make_pair(650, "ERROR_INVALID_DEVICE_OBJECT_PARAMETER")); + errorNames.insert(std::make_pair(651, "ERROR_MCA_OCCURED")); + errorNames.insert(std::make_pair(652, "ERROR_DRIVER_DATABASE_ERROR")); + errorNames.insert(std::make_pair(653, "ERROR_SYSTEM_HIVE_TOO_LARGE")); + errorNames.insert(std::make_pair(654, "ERROR_DRIVER_FAILED_PRIOR_UNLOAD")); + errorNames.insert(std::make_pair(655, "ERROR_VOLSNAP_PREPARE_HIBERNATE")); + errorNames.insert(std::make_pair(656, "ERROR_HIBERNATION_FAILURE")); + errorNames.insert(std::make_pair(665, "ERROR_FILE_SYSTEM_LIMITATION")); + errorNames.insert(std::make_pair(668, "ERROR_ASSERTION_FAILURE")); + errorNames.insert(std::make_pair(669, "ERROR_ACPI_ERROR")); + errorNames.insert(std::make_pair(670, "ERROR_WOW_ASSERTION")); + errorNames.insert(std::make_pair(671, "ERROR_PNP_BAD_MPS_TABLE")); + errorNames.insert(std::make_pair(672, "ERROR_PNP_TRANSLATION_FAILED")); + errorNames.insert(std::make_pair(673, "ERROR_PNP_IRQ_TRANSLATION_FAILED")); + errorNames.insert(std::make_pair(674, "ERROR_PNP_INVALID_ID")); + errorNames.insert(std::make_pair(675, "ERROR_WAKE_SYSTEM_DEBUGGER")); + errorNames.insert(std::make_pair(676, "ERROR_HANDLES_CLOSED")); + errorNames.insert(std::make_pair(677, "ERROR_EXTRANEOUS_INFORMATION")); + errorNames.insert(std::make_pair(678, "ERROR_RXACT_COMMIT_NECESSARY")); + errorNames.insert(std::make_pair(679, "ERROR_MEDIA_CHECK")); + errorNames.insert(std::make_pair(680, "ERROR_GUID_SUBSTITUTION_MADE")); + errorNames.insert(std::make_pair(681, "ERROR_STOPPED_ON_SYMLINK")); + errorNames.insert(std::make_pair(682, "ERROR_LONGJUMP")); + errorNames.insert(std::make_pair(683, "ERROR_PLUGPLAY_QUERY_VETOED")); + errorNames.insert(std::make_pair(684, "ERROR_UNWIND_CONSOLIDATE")); + errorNames.insert(std::make_pair(685, "ERROR_REGISTRY_HIVE_RECOVERED")); + errorNames.insert(std::make_pair(686, "ERROR_DLL_MIGHT_BE_INSECURE")); + errorNames.insert(std::make_pair(687, "ERROR_DLL_MIGHT_BE_INCOMPATIBLE")); + errorNames.insert(std::make_pair(688, "ERROR_DBG_EXCEPTION_NOT_HANDLED")); + errorNames.insert(std::make_pair(689, "ERROR_DBG_REPLY_LATER")); + errorNames.insert(std::make_pair(690, "ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE")); + errorNames.insert(std::make_pair(691, "ERROR_DBG_TERMINATE_THREAD")); + errorNames.insert(std::make_pair(692, "ERROR_DBG_TERMINATE_PROCESS")); + errorNames.insert(std::make_pair(693, "ERROR_DBG_CONTROL_C")); + errorNames.insert(std::make_pair(694, "ERROR_DBG_PRINTEXCEPTION_C")); + errorNames.insert(std::make_pair(695, "ERROR_DBG_RIPEXCEPTION")); + errorNames.insert(std::make_pair(696, "ERROR_DBG_CONTROL_BREAK")); + errorNames.insert(std::make_pair(697, "ERROR_DBG_COMMAND_EXCEPTION")); + errorNames.insert(std::make_pair(698, "ERROR_OBJECT_NAME_EXISTS")); + errorNames.insert(std::make_pair(699, "ERROR_THREAD_WAS_SUSPENDED")); + errorNames.insert(std::make_pair(700, "ERROR_IMAGE_NOT_AT_BASE")); + errorNames.insert(std::make_pair(701, "ERROR_RXACT_STATE_CREATED")); + errorNames.insert(std::make_pair(702, "ERROR_SEGMENT_NOTIFICATION")); + errorNames.insert(std::make_pair(703, "ERROR_BAD_CURRENT_DIRECTORY")); + errorNames.insert(std::make_pair(704, "ERROR_FT_READ_RECOVERY_FROM_BACKUP")); + errorNames.insert(std::make_pair(705, "ERROR_FT_WRITE_RECOVERY")); + errorNames.insert(std::make_pair(706, "ERROR_IMAGE_MACHINE_TYPE_MISMATCH")); + errorNames.insert(std::make_pair(707, "ERROR_RECEIVE_PARTIAL")); + errorNames.insert(std::make_pair(708, "ERROR_RECEIVE_EXPEDITED")); + errorNames.insert(std::make_pair(709, "ERROR_RECEIVE_PARTIAL_EXPEDITED")); + errorNames.insert(std::make_pair(710, "ERROR_EVENT_DONE")); + errorNames.insert(std::make_pair(711, "ERROR_EVENT_PENDING")); + errorNames.insert(std::make_pair(712, "ERROR_CHECKING_FILE_SYSTEM")); + errorNames.insert(std::make_pair(713, "ERROR_FATAL_APP_EXIT")); + errorNames.insert(std::make_pair(714, "ERROR_PREDEFINED_HANDLE")); + errorNames.insert(std::make_pair(715, "ERROR_WAS_UNLOCKED")); + errorNames.insert(std::make_pair(716, "ERROR_SERVICE_NOTIFICATION")); + errorNames.insert(std::make_pair(717, "ERROR_WAS_LOCKED")); + errorNames.insert(std::make_pair(718, "ERROR_LOG_HARD_ERROR")); + errorNames.insert(std::make_pair(719, "ERROR_ALREADY_WIN32")); + errorNames.insert(std::make_pair(720, "ERROR_IMAGE_MACHINE_TYPE_MISMATCH_EXE")); + errorNames.insert(std::make_pair(721, "ERROR_NO_YIELD_PERFORMED")); + errorNames.insert(std::make_pair(722, "ERROR_TIMER_RESUME_IGNORED")); + errorNames.insert(std::make_pair(723, "ERROR_ARBITRATION_UNHANDLED")); + errorNames.insert(std::make_pair(724, "ERROR_CARDBUS_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(725, "ERROR_MP_PROCESSOR_MISMATCH")); + errorNames.insert(std::make_pair(726, "ERROR_HIBERNATED")); + errorNames.insert(std::make_pair(727, "ERROR_RESUME_HIBERNATION")); + errorNames.insert(std::make_pair(728, "ERROR_FIRMWARE_UPDATED")); + errorNames.insert(std::make_pair(729, "ERROR_DRIVERS_LEAKING_LOCKED_PAGES")); + errorNames.insert(std::make_pair(730, "ERROR_WAKE_SYSTEM")); + errorNames.insert(std::make_pair(731, "ERROR_WAIT_1")); + errorNames.insert(std::make_pair(732, "ERROR_WAIT_2")); + errorNames.insert(std::make_pair(733, "ERROR_WAIT_3")); + errorNames.insert(std::make_pair(734, "ERROR_WAIT_63")); + errorNames.insert(std::make_pair(735, "ERROR_ABANDONED_WAIT_0")); + errorNames.insert(std::make_pair(736, "ERROR_ABANDONED_WAIT_63")); + errorNames.insert(std::make_pair(737, "ERROR_USER_APC")); + errorNames.insert(std::make_pair(738, "ERROR_KERNEL_APC")); + errorNames.insert(std::make_pair(739, "ERROR_ALERTED")); + errorNames.insert(std::make_pair(740, "ERROR_ELEVATION_REQUIRED")); + errorNames.insert(std::make_pair(741, "ERROR_REPARSE")); + errorNames.insert(std::make_pair(742, "ERROR_OPLOCK_BREAK_IN_PROGRESS")); + errorNames.insert(std::make_pair(743, "ERROR_VOLUME_MOUNTED")); + errorNames.insert(std::make_pair(744, "ERROR_RXACT_COMMITTED")); + errorNames.insert(std::make_pair(745, "ERROR_NOTIFY_CLEANUP")); + errorNames.insert(std::make_pair(746, "ERROR_PRIMARY_TRANSPORT_CONNECT_FAILED")); + errorNames.insert(std::make_pair(747, "ERROR_PAGE_FAULT_TRANSITION")); + errorNames.insert(std::make_pair(748, "ERROR_PAGE_FAULT_DEMAND_ZERO")); + errorNames.insert(std::make_pair(749, "ERROR_PAGE_FAULT_COPY_ON_WRITE")); + errorNames.insert(std::make_pair(750, "ERROR_PAGE_FAULT_GUARD_PAGE")); + errorNames.insert(std::make_pair(751, "ERROR_PAGE_FAULT_PAGING_FILE")); + errorNames.insert(std::make_pair(752, "ERROR_CACHE_PAGE_LOCKED")); + errorNames.insert(std::make_pair(753, "ERROR_CRASH_DUMP")); + errorNames.insert(std::make_pair(754, "ERROR_BUFFER_ALL_ZEROS")); + errorNames.insert(std::make_pair(755, "ERROR_REPARSE_OBJECT")); + errorNames.insert(std::make_pair(756, "ERROR_RESOURCE_REQUIREMENTS_CHANGED")); + errorNames.insert(std::make_pair(757, "ERROR_TRANSLATION_COMPLETE")); + errorNames.insert(std::make_pair(758, "ERROR_NOTHING_TO_TERMINATE")); + errorNames.insert(std::make_pair(759, "ERROR_PROCESS_NOT_IN_JOB")); + errorNames.insert(std::make_pair(760, "ERROR_PROCESS_IN_JOB")); + errorNames.insert(std::make_pair(761, "ERROR_VOLSNAP_HIBERNATE_READY")); + errorNames.insert(std::make_pair(762, "ERROR_FSFILTER_OP_COMPLETED_SUCCESSFULLY")); + errorNames.insert(std::make_pair(763, "ERROR_INTERRUPT_VECTOR_ALREADY_CONNECTED")); + errorNames.insert(std::make_pair(764, "ERROR_INTERRUPT_STILL_CONNECTED")); + errorNames.insert(std::make_pair(765, "ERROR_WAIT_FOR_OPLOCK")); + errorNames.insert(std::make_pair(766, "ERROR_DBG_EXCEPTION_HANDLED")); + errorNames.insert(std::make_pair(767, "ERROR_DBG_CONTINUE")); + errorNames.insert(std::make_pair(768, "ERROR_CALLBACK_POP_STACK")); + errorNames.insert(std::make_pair(769, "ERROR_COMPRESSION_DISABLED")); + errorNames.insert(std::make_pair(770, "ERROR_CANTFETCHBACKWARDS")); + errorNames.insert(std::make_pair(771, "ERROR_CANTSCROLLBACKWARDS")); + errorNames.insert(std::make_pair(772, "ERROR_ROWSNOTRELEASED")); + errorNames.insert(std::make_pair(773, "ERROR_BAD_ACCESSOR_FLAGS")); + errorNames.insert(std::make_pair(774, "ERROR_ERRORS_ENCOUNTERED")); + errorNames.insert(std::make_pair(775, "ERROR_NOT_CAPABLE")); + errorNames.insert(std::make_pair(776, "ERROR_REQUEST_OUT_OF_SEQUENCE")); + errorNames.insert(std::make_pair(777, "ERROR_VERSION_PARSE_ERROR")); + errorNames.insert(std::make_pair(778, "ERROR_BADSTARTPOSITION")); + errorNames.insert(std::make_pair(779, "ERROR_MEMORY_HARDWARE")); + errorNames.insert(std::make_pair(780, "ERROR_DISK_REPAIR_DISABLED")); + errorNames.insert(std::make_pair(781, "ERROR_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE")); + errorNames.insert(std::make_pair(782, "ERROR_SYSTEM_POWERSTATE_TRANSITION")); + errorNames.insert(std::make_pair(783, "ERROR_SYSTEM_POWERSTATE_COMPLEX_TRANSITION")); + errorNames.insert(std::make_pair(784, "ERROR_MCA_EXCEPTION")); + errorNames.insert(std::make_pair(785, "ERROR_ACCESS_AUDIT_BY_POLICY")); + errorNames.insert(std::make_pair(786, "ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY")); + errorNames.insert(std::make_pair(787, "ERROR_ABANDON_HIBERFILE")); + errorNames.insert(std::make_pair(788, "ERROR_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED")); + errorNames.insert(std::make_pair(789, "ERROR_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR")); + errorNames.insert(std::make_pair(790, "ERROR_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR")); + errorNames.insert(std::make_pair(791, "ERROR_BAD_MCFG_TABLE")); + errorNames.insert(std::make_pair(800, "ERROR_OPLOCK_SWITCHED_TO_NEW_HANDLE")); + errorNames.insert(std::make_pair(801, "ERROR_CANNOT_GRANT_REQUESTED_OPLOCK")); + errorNames.insert(std::make_pair(802, "ERROR_CANNOT_BREAK_OPLOCK")); + errorNames.insert(std::make_pair(803, "ERROR_OPLOCK_HANDLE_CLOSED")); + errorNames.insert(std::make_pair(804, "ERROR_NO_ACE_CONDITION")); + errorNames.insert(std::make_pair(805, "ERROR_INVALID_ACE_CONDITION")); + errorNames.insert(std::make_pair(994, "ERROR_EA_ACCESS_DENIED")); + errorNames.insert(std::make_pair(995, "ERROR_OPERATION_ABORTED")); + errorNames.insert(std::make_pair(996, "ERROR_IO_INCOMPLETE")); + errorNames.insert(std::make_pair(997, "ERROR_IO_PENDING")); + errorNames.insert(std::make_pair(998, "ERROR_NOACCESS")); + errorNames.insert(std::make_pair(999, "ERROR_SWAPERROR")); + errorNames.insert(std::make_pair(1001, "ERROR_STACK_OVERFLOW")); + errorNames.insert(std::make_pair(1002, "ERROR_INVALID_MESSAGE")); + errorNames.insert(std::make_pair(1003, "ERROR_CAN_NOT_COMPLETE")); + errorNames.insert(std::make_pair(1004, "ERROR_INVALID_FLAGS")); + errorNames.insert(std::make_pair(1005, "ERROR_UNRECOGNIZED_VOLUME")); + errorNames.insert(std::make_pair(1006, "ERROR_FILE_INVALID")); + errorNames.insert(std::make_pair(1007, "ERROR_FULLSCREEN_MODE")); + errorNames.insert(std::make_pair(1008, "ERROR_NO_TOKEN")); + errorNames.insert(std::make_pair(1009, "ERROR_BADDB")); + errorNames.insert(std::make_pair(1010, "ERROR_BADKEY")); + errorNames.insert(std::make_pair(1011, "ERROR_CANTOPEN")); + errorNames.insert(std::make_pair(1012, "ERROR_CANTREAD")); + errorNames.insert(std::make_pair(1013, "ERROR_CANTWRITE")); + errorNames.insert(std::make_pair(1014, "ERROR_REGISTRY_RECOVERED")); + errorNames.insert(std::make_pair(1015, "ERROR_REGISTRY_CORRUPT")); + errorNames.insert(std::make_pair(1016, "ERROR_REGISTRY_IO_FAILED")); + errorNames.insert(std::make_pair(1017, "ERROR_NOT_REGISTRY_FILE")); + errorNames.insert(std::make_pair(1018, "ERROR_KEY_DELETED")); + errorNames.insert(std::make_pair(1019, "ERROR_NO_LOG_SPACE")); + errorNames.insert(std::make_pair(1020, "ERROR_KEY_HAS_CHILDREN")); + errorNames.insert(std::make_pair(1021, "ERROR_CHILD_MUST_BE_VOLATILE")); + errorNames.insert(std::make_pair(1022, "ERROR_NOTIFY_ENUM_DIR")); + errorNames.insert(std::make_pair(1051, "ERROR_DEPENDENT_SERVICES_RUNNING")); + errorNames.insert(std::make_pair(1052, "ERROR_INVALID_SERVICE_CONTROL")); + errorNames.insert(std::make_pair(1053, "ERROR_SERVICE_REQUEST_TIMEOUT")); + errorNames.insert(std::make_pair(1054, "ERROR_SERVICE_NO_THREAD")); + errorNames.insert(std::make_pair(1055, "ERROR_SERVICE_DATABASE_LOCKED")); + errorNames.insert(std::make_pair(1056, "ERROR_SERVICE_ALREADY_RUNNING")); + errorNames.insert(std::make_pair(1057, "ERROR_INVALID_SERVICE_ACCOUNT")); + errorNames.insert(std::make_pair(1058, "ERROR_SERVICE_DISABLED")); + errorNames.insert(std::make_pair(1059, "ERROR_CIRCULAR_DEPENDENCY")); + errorNames.insert(std::make_pair(1060, "ERROR_SERVICE_DOES_NOT_EXIST")); + errorNames.insert(std::make_pair(1061, "ERROR_SERVICE_CANNOT_ACCEPT_CTRL")); + errorNames.insert(std::make_pair(1062, "ERROR_SERVICE_NOT_ACTIVE")); + errorNames.insert(std::make_pair(1063, "ERROR_FAILED_SERVICE_CONTROLLER_CONNECT")); + errorNames.insert(std::make_pair(1064, "ERROR_EXCEPTION_IN_SERVICE")); + errorNames.insert(std::make_pair(1065, "ERROR_DATABASE_DOES_NOT_EXIST")); + errorNames.insert(std::make_pair(1066, "ERROR_SERVICE_SPECIFIC_ERROR")); + errorNames.insert(std::make_pair(1067, "ERROR_PROCESS_ABORTED")); + errorNames.insert(std::make_pair(1068, "ERROR_SERVICE_DEPENDENCY_FAIL")); + errorNames.insert(std::make_pair(1069, "ERROR_SERVICE_LOGON_FAILED")); + errorNames.insert(std::make_pair(1070, "ERROR_SERVICE_START_HANG")); + errorNames.insert(std::make_pair(1071, "ERROR_INVALID_SERVICE_LOCK")); + errorNames.insert(std::make_pair(1072, "ERROR_SERVICE_MARKED_FOR_DELETE")); + errorNames.insert(std::make_pair(1073, "ERROR_SERVICE_EXISTS")); + errorNames.insert(std::make_pair(1074, "ERROR_ALREADY_RUNNING_LKG")); + errorNames.insert(std::make_pair(1075, "ERROR_SERVICE_DEPENDENCY_DELETED")); + errorNames.insert(std::make_pair(1076, "ERROR_BOOT_ALREADY_ACCEPTED")); + errorNames.insert(std::make_pair(1077, "ERROR_SERVICE_NEVER_STARTED")); + errorNames.insert(std::make_pair(1078, "ERROR_DUPLICATE_SERVICE_NAME")); + errorNames.insert(std::make_pair(1079, "ERROR_DIFFERENT_SERVICE_ACCOUNT")); + errorNames.insert(std::make_pair(1080, "ERROR_CANNOT_DETECT_DRIVER_FAILURE")); + errorNames.insert(std::make_pair(1081, "ERROR_CANNOT_DETECT_PROCESS_ABORT")); + errorNames.insert(std::make_pair(1082, "ERROR_NO_RECOVERY_PROGRAM")); + errorNames.insert(std::make_pair(1083, "ERROR_SERVICE_NOT_IN_EXE")); + errorNames.insert(std::make_pair(1084, "ERROR_NOT_SAFEBOOT_SERVICE")); + errorNames.insert(std::make_pair(1100, "ERROR_END_OF_MEDIA")); + errorNames.insert(std::make_pair(1101, "ERROR_FILEMARK_DETECTED")); + errorNames.insert(std::make_pair(1102, "ERROR_BEGINNING_OF_MEDIA")); + errorNames.insert(std::make_pair(1103, "ERROR_SETMARK_DETECTED")); + errorNames.insert(std::make_pair(1104, "ERROR_NO_DATA_DETECTED")); + errorNames.insert(std::make_pair(1105, "ERROR_PARTITION_FAILURE")); + errorNames.insert(std::make_pair(1106, "ERROR_INVALID_BLOCK_LENGTH")); + errorNames.insert(std::make_pair(1107, "ERROR_DEVICE_NOT_PARTITIONED")); + errorNames.insert(std::make_pair(1108, "ERROR_UNABLE_TO_LOCK_MEDIA")); + errorNames.insert(std::make_pair(1109, "ERROR_UNABLE_TO_UNLOAD_MEDIA")); + errorNames.insert(std::make_pair(1110, "ERROR_MEDIA_CHANGED")); + errorNames.insert(std::make_pair(1111, "ERROR_BUS_RESET")); + errorNames.insert(std::make_pair(1112, "ERROR_NO_MEDIA_IN_DRIVE")); + errorNames.insert(std::make_pair(1113, "ERROR_NO_UNICODE_TRANSLATION")); + errorNames.insert(std::make_pair(1114, "ERROR_DLL_INIT_FAILED")); + errorNames.insert(std::make_pair(1115, "ERROR_SHUTDOWN_IN_PROGRESS")); + errorNames.insert(std::make_pair(1116, "ERROR_NO_SHUTDOWN_IN_PROGRESS")); + errorNames.insert(std::make_pair(1117, "ERROR_IO_DEVICE")); + errorNames.insert(std::make_pair(1118, "ERROR_SERIAL_NO_DEVICE")); + errorNames.insert(std::make_pair(1119, "ERROR_IRQ_BUSY")); + errorNames.insert(std::make_pair(1120, "ERROR_MORE_WRITES")); + errorNames.insert(std::make_pair(1121, "ERROR_COUNTER_TIMEOUT")); + errorNames.insert(std::make_pair(1122, "ERROR_FLOPPY_ID_MARK_NOT_FOUND")); + errorNames.insert(std::make_pair(1123, "ERROR_FLOPPY_WRONG_CYLINDER")); + errorNames.insert(std::make_pair(1124, "ERROR_FLOPPY_UNKNOWN_ERROR")); + errorNames.insert(std::make_pair(1125, "ERROR_FLOPPY_BAD_REGISTERS")); + errorNames.insert(std::make_pair(1126, "ERROR_DISK_RECALIBRATE_FAILED")); + errorNames.insert(std::make_pair(1127, "ERROR_DISK_OPERATION_FAILED")); + errorNames.insert(std::make_pair(1128, "ERROR_DISK_RESET_FAILED")); + errorNames.insert(std::make_pair(1129, "ERROR_EOM_OVERFLOW")); + errorNames.insert(std::make_pair(1130, "ERROR_NOT_ENOUGH_SERVER_MEMORY")); + errorNames.insert(std::make_pair(1131, "ERROR_POSSIBLE_DEADLOCK")); + errorNames.insert(std::make_pair(1132, "ERROR_MAPPED_ALIGNMENT")); + errorNames.insert(std::make_pair(1140, "ERROR_SET_POWER_STATE_VETOED")); + errorNames.insert(std::make_pair(1141, "ERROR_SET_POWER_STATE_FAILED")); + errorNames.insert(std::make_pair(1142, "ERROR_TOO_MANY_LINKS")); + errorNames.insert(std::make_pair(1150, "ERROR_OLD_WIN_VERSION")); + errorNames.insert(std::make_pair(1151, "ERROR_APP_WRONG_OS")); + errorNames.insert(std::make_pair(1152, "ERROR_SINGLE_INSTANCE_APP")); + errorNames.insert(std::make_pair(1153, "ERROR_RMODE_APP")); + errorNames.insert(std::make_pair(1154, "ERROR_INVALID_DLL")); + errorNames.insert(std::make_pair(1155, "ERROR_NO_ASSOCIATION")); + errorNames.insert(std::make_pair(1156, "ERROR_DDE_FAIL")); + errorNames.insert(std::make_pair(1157, "ERROR_DLL_NOT_FOUND")); + errorNames.insert(std::make_pair(1158, "ERROR_NO_MORE_USER_HANDLES")); + errorNames.insert(std::make_pair(1159, "ERROR_MESSAGE_SYNC_ONLY")); + errorNames.insert(std::make_pair(1160, "ERROR_SOURCE_ELEMENT_EMPTY")); + errorNames.insert(std::make_pair(1161, "ERROR_DESTINATION_ELEMENT_FULL")); + errorNames.insert(std::make_pair(1162, "ERROR_ILLEGAL_ELEMENT_ADDRESS")); + errorNames.insert(std::make_pair(1163, "ERROR_MAGAZINE_NOT_PRESENT")); + errorNames.insert(std::make_pair(1164, "ERROR_DEVICE_REINITIALIZATION_NEEDED")); + errorNames.insert(std::make_pair(1165, "ERROR_DEVICE_REQUIRES_CLEANING")); + errorNames.insert(std::make_pair(1166, "ERROR_DEVICE_DOOR_OPEN")); + errorNames.insert(std::make_pair(1167, "ERROR_DEVICE_NOT_CONNECTED")); + errorNames.insert(std::make_pair(1168, "ERROR_NOT_FOUND")); + errorNames.insert(std::make_pair(1169, "ERROR_NO_MATCH")); + errorNames.insert(std::make_pair(1170, "ERROR_SET_NOT_FOUND")); + errorNames.insert(std::make_pair(1171, "ERROR_POINT_NOT_FOUND")); + errorNames.insert(std::make_pair(1172, "ERROR_NO_TRACKING_SERVICE")); + errorNames.insert(std::make_pair(1173, "ERROR_NO_VOLUME_ID")); + errorNames.insert(std::make_pair(1175, "ERROR_UNABLE_TO_REMOVE_REPLACED")); + errorNames.insert(std::make_pair(1176, "ERROR_UNABLE_TO_MOVE_REPLACEMENT")); + errorNames.insert(std::make_pair(1177, "ERROR_UNABLE_TO_MOVE_REPLACEMENT_2")); + errorNames.insert(std::make_pair(1178, "ERROR_JOURNAL_DELETE_IN_PROGRESS")); + errorNames.insert(std::make_pair(1179, "ERROR_JOURNAL_NOT_ACTIVE")); + errorNames.insert(std::make_pair(1180, "ERROR_POTENTIAL_FILE_FOUND")); + errorNames.insert(std::make_pair(1181, "ERROR_JOURNAL_ENTRY_DELETED")); + errorNames.insert(std::make_pair(1190, "ERROR_SHUTDOWN_IS_SCHEDULED")); + errorNames.insert(std::make_pair(1191, "ERROR_SHUTDOWN_USERS_LOGGED_ON")); + errorNames.insert(std::make_pair(1200, "ERROR_BAD_DEVICE")); + errorNames.insert(std::make_pair(1201, "ERROR_CONNECTION_UNAVAIL")); + errorNames.insert(std::make_pair(1202, "ERROR_DEVICE_ALREADY_REMEMBERED")); + errorNames.insert(std::make_pair(1203, "ERROR_NO_NET_OR_BAD_PATH")); + errorNames.insert(std::make_pair(1204, "ERROR_BAD_PROVIDER")); + errorNames.insert(std::make_pair(1205, "ERROR_CANNOT_OPEN_PROFILE")); + errorNames.insert(std::make_pair(1206, "ERROR_BAD_PROFILE")); + errorNames.insert(std::make_pair(1207, "ERROR_NOT_CONTAINER")); + errorNames.insert(std::make_pair(1208, "ERROR_EXTENDED_ERROR")); + errorNames.insert(std::make_pair(1209, "ERROR_INVALID_GROUPNAME")); + errorNames.insert(std::make_pair(1210, "ERROR_INVALID_COMPUTERNAME")); + errorNames.insert(std::make_pair(1211, "ERROR_INVALID_EVENTNAME")); + errorNames.insert(std::make_pair(1212, "ERROR_INVALID_DOMAINNAME")); + errorNames.insert(std::make_pair(1213, "ERROR_INVALID_SERVICENAME")); + errorNames.insert(std::make_pair(1214, "ERROR_INVALID_NETNAME")); + errorNames.insert(std::make_pair(1215, "ERROR_INVALID_SHARENAME")); + errorNames.insert(std::make_pair(1216, "ERROR_INVALID_PASSWORDNAME")); + errorNames.insert(std::make_pair(1217, "ERROR_INVALID_MESSAGENAME")); + errorNames.insert(std::make_pair(1218, "ERROR_INVALID_MESSAGEDEST")); + errorNames.insert(std::make_pair(1219, "ERROR_SESSION_CREDENTIAL_CONFLICT")); + errorNames.insert(std::make_pair(1220, "ERROR_REMOTE_SESSION_LIMIT_EXCEEDED")); + errorNames.insert(std::make_pair(1221, "ERROR_DUP_DOMAINNAME")); + errorNames.insert(std::make_pair(1222, "ERROR_NO_NETWORK")); + errorNames.insert(std::make_pair(1223, "ERROR_CANCELLED")); + errorNames.insert(std::make_pair(1224, "ERROR_USER_MAPPED_FILE")); + errorNames.insert(std::make_pair(1225, "ERROR_CONNECTION_REFUSED")); + errorNames.insert(std::make_pair(1226, "ERROR_GRACEFUL_DISCONNECT")); + errorNames.insert(std::make_pair(1227, "ERROR_ADDRESS_ALREADY_ASSOCIATED")); + errorNames.insert(std::make_pair(1228, "ERROR_ADDRESS_NOT_ASSOCIATED")); + errorNames.insert(std::make_pair(1229, "ERROR_CONNECTION_INVALID")); + errorNames.insert(std::make_pair(1230, "ERROR_CONNECTION_ACTIVE")); + errorNames.insert(std::make_pair(1231, "ERROR_NETWORK_UNREACHABLE")); + errorNames.insert(std::make_pair(1232, "ERROR_HOST_UNREACHABLE")); + errorNames.insert(std::make_pair(1233, "ERROR_PROTOCOL_UNREACHABLE")); + errorNames.insert(std::make_pair(1234, "ERROR_PORT_UNREACHABLE")); + errorNames.insert(std::make_pair(1235, "ERROR_REQUEST_ABORTED")); + errorNames.insert(std::make_pair(1236, "ERROR_CONNECTION_ABORTED")); + errorNames.insert(std::make_pair(1237, "ERROR_RETRY")); + errorNames.insert(std::make_pair(1238, "ERROR_CONNECTION_COUNT_LIMIT")); + errorNames.insert(std::make_pair(1239, "ERROR_LOGIN_TIME_RESTRICTION")); + errorNames.insert(std::make_pair(1240, "ERROR_LOGIN_WKSTA_RESTRICTION")); + errorNames.insert(std::make_pair(1241, "ERROR_INCORRECT_ADDRESS")); + errorNames.insert(std::make_pair(1242, "ERROR_ALREADY_REGISTERED")); + errorNames.insert(std::make_pair(1243, "ERROR_SERVICE_NOT_FOUND")); + errorNames.insert(std::make_pair(1244, "ERROR_NOT_AUTHENTICATED")); + errorNames.insert(std::make_pair(1245, "ERROR_NOT_LOGGED_ON")); + errorNames.insert(std::make_pair(1246, "ERROR_CONTINUE")); + errorNames.insert(std::make_pair(1247, "ERROR_ALREADY_INITIALIZED")); + errorNames.insert(std::make_pair(1248, "ERROR_NO_MORE_DEVICES")); + errorNames.insert(std::make_pair(1249, "ERROR_NO_SUCH_SITE")); + errorNames.insert(std::make_pair(1250, "ERROR_DOMAIN_CONTROLLER_EXISTS")); + errorNames.insert(std::make_pair(1251, "ERROR_ONLY_IF_CONNECTED")); + errorNames.insert(std::make_pair(1252, "ERROR_OVERRIDE_NOCHANGES")); + errorNames.insert(std::make_pair(1253, "ERROR_BAD_USER_PROFILE")); + errorNames.insert(std::make_pair(1254, "ERROR_NOT_SUPPORTED_ON_SBS")); + errorNames.insert(std::make_pair(1255, "ERROR_SERVER_SHUTDOWN_IN_PROGRESS")); + errorNames.insert(std::make_pair(1256, "ERROR_HOST_DOWN")); + errorNames.insert(std::make_pair(1257, "ERROR_NON_ACCOUNT_SID")); + errorNames.insert(std::make_pair(1258, "ERROR_NON_DOMAIN_SID")); + errorNames.insert(std::make_pair(1259, "ERROR_APPHELP_BLOCK")); + errorNames.insert(std::make_pair(1260, "ERROR_ACCESS_DISABLED_BY_POLICY")); + errorNames.insert(std::make_pair(1261, "ERROR_REG_NAT_CONSUMPTION")); + errorNames.insert(std::make_pair(1262, "ERROR_CSCSHARE_OFFLINE")); + errorNames.insert(std::make_pair(1263, "ERROR_PKINIT_FAILURE")); + errorNames.insert(std::make_pair(1264, "ERROR_SMARTCARD_SUBSYSTEM_FAILURE")); + errorNames.insert(std::make_pair(1265, "ERROR_DOWNGRADE_DETECTED")); + errorNames.insert(std::make_pair(1271, "ERROR_MACHINE_LOCKED")); + errorNames.insert(std::make_pair(1273, "ERROR_CALLBACK_SUPPLIED_INVALID_DATA")); + errorNames.insert(std::make_pair(1274, "ERROR_SYNC_FOREGROUND_REFRESH_REQUIRED")); + errorNames.insert(std::make_pair(1275, "ERROR_DRIVER_BLOCKED")); + errorNames.insert(std::make_pair(1276, "ERROR_INVALID_IMPORT_OF_NON_DLL")); + errorNames.insert(std::make_pair(1277, "ERROR_ACCESS_DISABLED_WEBBLADE")); + errorNames.insert(std::make_pair(1278, "ERROR_ACCESS_DISABLED_WEBBLADE_TAMPER")); + errorNames.insert(std::make_pair(1279, "ERROR_RECOVERY_FAILURE")); + errorNames.insert(std::make_pair(1280, "ERROR_ALREADY_FIBER")); + errorNames.insert(std::make_pair(1281, "ERROR_ALREADY_THREAD")); + errorNames.insert(std::make_pair(1282, "ERROR_STACK_BUFFER_OVERRUN")); + errorNames.insert(std::make_pair(1283, "ERROR_PARAMETER_QUOTA_EXCEEDED")); + errorNames.insert(std::make_pair(1284, "ERROR_DEBUGGER_INACTIVE")); + errorNames.insert(std::make_pair(1285, "ERROR_DELAY_LOAD_FAILED")); + errorNames.insert(std::make_pair(1286, "ERROR_VDM_DISALLOWED")); + errorNames.insert(std::make_pair(1287, "ERROR_UNIDENTIFIED_ERROR")); + errorNames.insert(std::make_pair(1288, "ERROR_INVALID_CRUNTIME_PARAMETER")); + errorNames.insert(std::make_pair(1289, "ERROR_BEYOND_VDL")); + errorNames.insert(std::make_pair(1290, "ERROR_INCOMPATIBLE_SERVICE_SID_TYPE")); + errorNames.insert(std::make_pair(1291, "ERROR_DRIVER_PROCESS_TERMINATED")); + errorNames.insert(std::make_pair(1292, "ERROR_IMPLEMENTATION_LIMIT")); + errorNames.insert(std::make_pair(1293, "ERROR_PROCESS_IS_PROTECTED")); + errorNames.insert(std::make_pair(1294, "ERROR_SERVICE_NOTIFY_CLIENT_LAGGING")); + errorNames.insert(std::make_pair(1295, "ERROR_DISK_QUOTA_EXCEEDED")); + errorNames.insert(std::make_pair(1296, "ERROR_CONTENT_BLOCKED")); + errorNames.insert(std::make_pair(1297, "ERROR_INCOMPATIBLE_SERVICE_PRIVILEGE")); + errorNames.insert(std::make_pair(1298, "ERROR_APP_HANG")); + errorNames.insert(std::make_pair(1299, "ERROR_INVALID_LABEL")); + errorNames.insert(std::make_pair(1300, "ERROR_NOT_ALL_ASSIGNED")); + errorNames.insert(std::make_pair(1301, "ERROR_SOME_NOT_MAPPED")); + errorNames.insert(std::make_pair(1302, "ERROR_NO_QUOTAS_FOR_ACCOUNT")); + errorNames.insert(std::make_pair(1303, "ERROR_LOCAL_USER_SESSION_KEY")); + errorNames.insert(std::make_pair(1304, "ERROR_NULL_LM_PASSWORD")); + errorNames.insert(std::make_pair(1305, "ERROR_UNKNOWN_REVISION")); + errorNames.insert(std::make_pair(1306, "ERROR_REVISION_MISMATCH")); + errorNames.insert(std::make_pair(1307, "ERROR_INVALID_OWNER")); + errorNames.insert(std::make_pair(1308, "ERROR_INVALID_PRIMARY_GROUP")); + errorNames.insert(std::make_pair(1309, "ERROR_NO_IMPERSONATION_TOKEN")); + errorNames.insert(std::make_pair(1310, "ERROR_CANT_DISABLE_MANDATORY")); + errorNames.insert(std::make_pair(1311, "ERROR_NO_LOGON_SERVERS")); + errorNames.insert(std::make_pair(1312, "ERROR_NO_SUCH_LOGON_SESSION")); + errorNames.insert(std::make_pair(1313, "ERROR_NO_SUCH_PRIVILEGE")); + errorNames.insert(std::make_pair(1314, "ERROR_PRIVILEGE_NOT_HELD")); + errorNames.insert(std::make_pair(1315, "ERROR_INVALID_ACCOUNT_NAME")); + errorNames.insert(std::make_pair(1316, "ERROR_USER_EXISTS")); + errorNames.insert(std::make_pair(1317, "ERROR_NO_SUCH_USER")); + errorNames.insert(std::make_pair(1318, "ERROR_GROUP_EXISTS")); + errorNames.insert(std::make_pair(1319, "ERROR_NO_SUCH_GROUP")); + errorNames.insert(std::make_pair(1320, "ERROR_MEMBER_IN_GROUP")); + errorNames.insert(std::make_pair(1321, "ERROR_MEMBER_NOT_IN_GROUP")); + errorNames.insert(std::make_pair(1322, "ERROR_LAST_ADMIN")); + errorNames.insert(std::make_pair(1323, "ERROR_WRONG_PASSWORD")); + errorNames.insert(std::make_pair(1324, "ERROR_ILL_FORMED_PASSWORD")); + errorNames.insert(std::make_pair(1325, "ERROR_PASSWORD_RESTRICTION")); + errorNames.insert(std::make_pair(1326, "ERROR_LOGON_FAILURE")); + errorNames.insert(std::make_pair(1327, "ERROR_ACCOUNT_RESTRICTION")); + errorNames.insert(std::make_pair(1328, "ERROR_INVALID_LOGON_HOURS")); + errorNames.insert(std::make_pair(1329, "ERROR_INVALID_WORKSTATION")); + errorNames.insert(std::make_pair(1330, "ERROR_PASSWORD_EXPIRED")); + errorNames.insert(std::make_pair(1331, "ERROR_ACCOUNT_DISABLED")); + errorNames.insert(std::make_pair(1332, "ERROR_NONE_MAPPED")); + errorNames.insert(std::make_pair(1333, "ERROR_TOO_MANY_LUIDS_REQUESTED")); + errorNames.insert(std::make_pair(1334, "ERROR_LUIDS_EXHAUSTED")); + errorNames.insert(std::make_pair(1335, "ERROR_INVALID_SUB_AUTHORITY")); + errorNames.insert(std::make_pair(1336, "ERROR_INVALID_ACL")); + errorNames.insert(std::make_pair(1337, "ERROR_INVALID_SID")); + errorNames.insert(std::make_pair(1338, "ERROR_INVALID_SECURITY_DESCR")); + errorNames.insert(std::make_pair(1340, "ERROR_BAD_INHERITANCE_ACL")); + errorNames.insert(std::make_pair(1341, "ERROR_SERVER_DISABLED")); + errorNames.insert(std::make_pair(1342, "ERROR_SERVER_NOT_DISABLED")); + errorNames.insert(std::make_pair(1343, "ERROR_INVALID_ID_AUTHORITY")); + errorNames.insert(std::make_pair(1344, "ERROR_ALLOTTED_SPACE_EXCEEDED")); + errorNames.insert(std::make_pair(1345, "ERROR_INVALID_GROUP_ATTRIBUTES")); + errorNames.insert(std::make_pair(1346, "ERROR_BAD_IMPERSONATION_LEVEL")); + errorNames.insert(std::make_pair(1347, "ERROR_CANT_OPEN_ANONYMOUS")); + errorNames.insert(std::make_pair(1348, "ERROR_BAD_VALIDATION_CLASS")); + errorNames.insert(std::make_pair(1349, "ERROR_BAD_TOKEN_TYPE")); + errorNames.insert(std::make_pair(1350, "ERROR_NO_SECURITY_ON_OBJECT")); + errorNames.insert(std::make_pair(1351, "ERROR_CANT_ACCESS_DOMAIN_INFO")); + errorNames.insert(std::make_pair(1352, "ERROR_INVALID_SERVER_STATE")); + errorNames.insert(std::make_pair(1353, "ERROR_INVALID_DOMAIN_STATE")); + errorNames.insert(std::make_pair(1354, "ERROR_INVALID_DOMAIN_ROLE")); + errorNames.insert(std::make_pair(1355, "ERROR_NO_SUCH_DOMAIN")); + errorNames.insert(std::make_pair(1356, "ERROR_DOMAIN_EXISTS")); + errorNames.insert(std::make_pair(1357, "ERROR_DOMAIN_LIMIT_EXCEEDED")); + errorNames.insert(std::make_pair(1358, "ERROR_INTERNAL_DB_CORRUPTION")); + errorNames.insert(std::make_pair(1359, "ERROR_INTERNAL_ERROR")); + errorNames.insert(std::make_pair(1360, "ERROR_GENERIC_NOT_MAPPED")); + errorNames.insert(std::make_pair(1361, "ERROR_BAD_DESCRIPTOR_FORMAT")); + errorNames.insert(std::make_pair(1362, "ERROR_NOT_LOGON_PROCESS")); + errorNames.insert(std::make_pair(1363, "ERROR_LOGON_SESSION_EXISTS")); + errorNames.insert(std::make_pair(1364, "ERROR_NO_SUCH_PACKAGE")); + errorNames.insert(std::make_pair(1365, "ERROR_BAD_LOGON_SESSION_STATE")); + errorNames.insert(std::make_pair(1366, "ERROR_LOGON_SESSION_COLLISION")); + errorNames.insert(std::make_pair(1367, "ERROR_INVALID_LOGON_TYPE")); + errorNames.insert(std::make_pair(1368, "ERROR_CANNOT_IMPERSONATE")); + errorNames.insert(std::make_pair(1369, "ERROR_RXACT_INVALID_STATE")); + errorNames.insert(std::make_pair(1370, "ERROR_RXACT_COMMIT_FAILURE")); + errorNames.insert(std::make_pair(1371, "ERROR_SPECIAL_ACCOUNT")); + errorNames.insert(std::make_pair(1372, "ERROR_SPECIAL_GROUP")); + errorNames.insert(std::make_pair(1373, "ERROR_SPECIAL_USER")); + errorNames.insert(std::make_pair(1374, "ERROR_MEMBERS_PRIMARY_GROUP")); + errorNames.insert(std::make_pair(1375, "ERROR_TOKEN_ALREADY_IN_USE")); + errorNames.insert(std::make_pair(1376, "ERROR_NO_SUCH_ALIAS")); + errorNames.insert(std::make_pair(1377, "ERROR_MEMBER_NOT_IN_ALIAS")); + errorNames.insert(std::make_pair(1378, "ERROR_MEMBER_IN_ALIAS")); + errorNames.insert(std::make_pair(1379, "ERROR_ALIAS_EXISTS")); + errorNames.insert(std::make_pair(1380, "ERROR_LOGON_NOT_GRANTED")); + errorNames.insert(std::make_pair(1381, "ERROR_TOO_MANY_SECRETS")); + errorNames.insert(std::make_pair(1382, "ERROR_SECRET_TOO_LONG")); + errorNames.insert(std::make_pair(1383, "ERROR_INTERNAL_DB_ERROR")); + errorNames.insert(std::make_pair(1384, "ERROR_TOO_MANY_CONTEXT_IDS")); + errorNames.insert(std::make_pair(1385, "ERROR_LOGON_TYPE_NOT_GRANTED")); + errorNames.insert(std::make_pair(1386, "ERROR_NT_CROSS_ENCRYPTION_REQUIRED")); + errorNames.insert(std::make_pair(1387, "ERROR_NO_SUCH_MEMBER")); + errorNames.insert(std::make_pair(1388, "ERROR_INVALID_MEMBER")); + errorNames.insert(std::make_pair(1389, "ERROR_TOO_MANY_SIDS")); + errorNames.insert(std::make_pair(1390, "ERROR_LM_CROSS_ENCRYPTION_REQUIRED")); + errorNames.insert(std::make_pair(1391, "ERROR_NO_INHERITANCE")); + errorNames.insert(std::make_pair(1392, "ERROR_FILE_CORRUPT")); + errorNames.insert(std::make_pair(1393, "ERROR_DISK_CORRUPT")); + errorNames.insert(std::make_pair(1394, "ERROR_NO_USER_SESSION_KEY")); + errorNames.insert(std::make_pair(1395, "ERROR_LICENSE_QUOTA_EXCEEDED")); + errorNames.insert(std::make_pair(1396, "ERROR_WRONG_TARGET_NAME")); + errorNames.insert(std::make_pair(1397, "ERROR_MUTUAL_AUTH_FAILED")); + errorNames.insert(std::make_pair(1398, "ERROR_TIME_SKEW")); + errorNames.insert(std::make_pair(1399, "ERROR_CURRENT_DOMAIN_NOT_ALLOWED")); + errorNames.insert(std::make_pair(1400, "ERROR_INVALID_WINDOW_HANDLE")); + errorNames.insert(std::make_pair(1401, "ERROR_INVALID_MENU_HANDLE")); + errorNames.insert(std::make_pair(1402, "ERROR_INVALID_CURSOR_HANDLE")); + errorNames.insert(std::make_pair(1403, "ERROR_INVALID_ACCEL_HANDLE")); + errorNames.insert(std::make_pair(1404, "ERROR_INVALID_HOOK_HANDLE")); + errorNames.insert(std::make_pair(1405, "ERROR_INVALID_DWP_HANDLE")); + errorNames.insert(std::make_pair(1406, "ERROR_TLW_WITH_WSCHILD")); + errorNames.insert(std::make_pair(1407, "ERROR_CANNOT_FIND_WND_CLASS")); + errorNames.insert(std::make_pair(1408, "ERROR_WINDOW_OF_OTHER_THREAD")); + errorNames.insert(std::make_pair(1409, "ERROR_HOTKEY_ALREADY_REGISTERED")); + errorNames.insert(std::make_pair(1410, "ERROR_CLASS_ALREADY_EXISTS")); + errorNames.insert(std::make_pair(1411, "ERROR_CLASS_DOES_NOT_EXIST")); + errorNames.insert(std::make_pair(1412, "ERROR_CLASS_HAS_WINDOWS")); + errorNames.insert(std::make_pair(1413, "ERROR_INVALID_INDEX")); + errorNames.insert(std::make_pair(1414, "ERROR_INVALID_ICON_HANDLE")); + errorNames.insert(std::make_pair(1415, "ERROR_PRIVATE_DIALOG_INDEX")); + errorNames.insert(std::make_pair(1416, "ERROR_LISTBOX_ID_NOT_FOUND")); + errorNames.insert(std::make_pair(1417, "ERROR_NO_WILDCARD_CHARACTERS")); + errorNames.insert(std::make_pair(1418, "ERROR_CLIPBOARD_NOT_OPEN")); + errorNames.insert(std::make_pair(1419, "ERROR_HOTKEY_NOT_REGISTERED")); + errorNames.insert(std::make_pair(1420, "ERROR_WINDOW_NOT_DIALOG")); + errorNames.insert(std::make_pair(1421, "ERROR_CONTROL_ID_NOT_FOUND")); + errorNames.insert(std::make_pair(1422, "ERROR_INVALID_COMBOBOX_MESSAGE")); + errorNames.insert(std::make_pair(1423, "ERROR_WINDOW_NOT_COMBOBOX")); + errorNames.insert(std::make_pair(1424, "ERROR_INVALID_EDIT_HEIGHT")); + errorNames.insert(std::make_pair(1425, "ERROR_DC_NOT_FOUND")); + errorNames.insert(std::make_pair(1426, "ERROR_INVALID_HOOK_FILTER")); + errorNames.insert(std::make_pair(1427, "ERROR_INVALID_FILTER_PROC")); + errorNames.insert(std::make_pair(1428, "ERROR_HOOK_NEEDS_HMOD")); + errorNames.insert(std::make_pair(1429, "ERROR_GLOBAL_ONLY_HOOK")); + errorNames.insert(std::make_pair(1430, "ERROR_JOURNAL_HOOK_SET")); + errorNames.insert(std::make_pair(1431, "ERROR_HOOK_NOT_INSTALLED")); + errorNames.insert(std::make_pair(1432, "ERROR_INVALID_LB_MESSAGE")); + errorNames.insert(std::make_pair(1433, "ERROR_SETCOUNT_ON_BAD_LB")); + errorNames.insert(std::make_pair(1434, "ERROR_LB_WITHOUT_TABSTOPS")); + errorNames.insert(std::make_pair(1435, "ERROR_DESTROY_OBJECT_OF_OTHER_THREAD")); + errorNames.insert(std::make_pair(1436, "ERROR_CHILD_WINDOW_MENU")); + errorNames.insert(std::make_pair(1437, "ERROR_NO_SYSTEM_MENU")); + errorNames.insert(std::make_pair(1438, "ERROR_INVALID_MSGBOX_STYLE")); + errorNames.insert(std::make_pair(1439, "ERROR_INVALID_SPI_VALUE")); + errorNames.insert(std::make_pair(1440, "ERROR_SCREEN_ALREADY_LOCKED")); + errorNames.insert(std::make_pair(1441, "ERROR_HWNDS_HAVE_DIFF_PARENT")); + errorNames.insert(std::make_pair(1442, "ERROR_NOT_CHILD_WINDOW")); + errorNames.insert(std::make_pair(1443, "ERROR_INVALID_GW_COMMAND")); + errorNames.insert(std::make_pair(1444, "ERROR_INVALID_THREAD_ID")); + errorNames.insert(std::make_pair(1445, "ERROR_NON_MDICHILD_WINDOW")); + errorNames.insert(std::make_pair(1446, "ERROR_POPUP_ALREADY_ACTIVE")); + errorNames.insert(std::make_pair(1447, "ERROR_NO_SCROLLBARS")); + errorNames.insert(std::make_pair(1448, "ERROR_INVALID_SCROLLBAR_RANGE")); + errorNames.insert(std::make_pair(1449, "ERROR_INVALID_SHOWWIN_COMMAND")); + errorNames.insert(std::make_pair(1450, "ERROR_NO_SYSTEM_RESOURCES")); + errorNames.insert(std::make_pair(1451, "ERROR_NONPAGED_SYSTEM_RESOURCES")); + errorNames.insert(std::make_pair(1452, "ERROR_PAGED_SYSTEM_RESOURCES")); + errorNames.insert(std::make_pair(1453, "ERROR_WORKING_SET_QUOTA")); + errorNames.insert(std::make_pair(1454, "ERROR_PAGEFILE_QUOTA")); + errorNames.insert(std::make_pair(1455, "ERROR_COMMITMENT_LIMIT")); + errorNames.insert(std::make_pair(1456, "ERROR_MENU_ITEM_NOT_FOUND")); + errorNames.insert(std::make_pair(1457, "ERROR_INVALID_KEYBOARD_HANDLE")); + errorNames.insert(std::make_pair(1458, "ERROR_HOOK_TYPE_NOT_ALLOWED")); + errorNames.insert(std::make_pair(1459, "ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION")); + errorNames.insert(std::make_pair(1460, "ERROR_TIMEOUT")); + errorNames.insert(std::make_pair(1461, "ERROR_INVALID_MONITOR_HANDLE")); + errorNames.insert(std::make_pair(1462, "ERROR_INCORRECT_SIZE")); + errorNames.insert(std::make_pair(1463, "ERROR_SYMLINK_CLASS_DISABLED")); + errorNames.insert(std::make_pair(1464, "ERROR_SYMLINK_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(1465, "ERROR_XML_PARSE_ERROR")); + errorNames.insert(std::make_pair(1466, "ERROR_XMLDSIG_ERROR")); + errorNames.insert(std::make_pair(1467, "ERROR_RESTART_APPLICATION")); + errorNames.insert(std::make_pair(1468, "ERROR_WRONG_COMPARTMENT")); + errorNames.insert(std::make_pair(1469, "ERROR_AUTHIP_FAILURE")); + errorNames.insert(std::make_pair(1470, "ERROR_NO_NVRAM_RESOURCES")); + errorNames.insert(std::make_pair(1500, "ERROR_EVENTLOG_FILE_CORRUPT")); + errorNames.insert(std::make_pair(1501, "ERROR_EVENTLOG_CANT_START")); + errorNames.insert(std::make_pair(1502, "ERROR_LOG_FILE_FULL")); + errorNames.insert(std::make_pair(1503, "ERROR_EVENTLOG_FILE_CHANGED")); + errorNames.insert(std::make_pair(1550, "ERROR_INVALID_TASK_NAME")); + errorNames.insert(std::make_pair(1551, "ERROR_INVALID_TASK_INDEX")); + errorNames.insert(std::make_pair(1552, "ERROR_THREAD_ALREADY_IN_TASK")); + errorNames.insert(std::make_pair(1601, "ERROR_INSTALL_SERVICE_FAILURE")); + errorNames.insert(std::make_pair(1602, "ERROR_INSTALL_USEREXIT")); + errorNames.insert(std::make_pair(1603, "ERROR_INSTALL_FAILURE")); + errorNames.insert(std::make_pair(1604, "ERROR_INSTALL_SUSPEND")); + errorNames.insert(std::make_pair(1605, "ERROR_UNKNOWN_PRODUCT")); + errorNames.insert(std::make_pair(1606, "ERROR_UNKNOWN_FEATURE")); + errorNames.insert(std::make_pair(1607, "ERROR_UNKNOWN_COMPONENT")); + errorNames.insert(std::make_pair(1608, "ERROR_UNKNOWN_PROPERTY")); + errorNames.insert(std::make_pair(1609, "ERROR_INVALID_HANDLE_STATE")); + errorNames.insert(std::make_pair(1610, "ERROR_BAD_CONFIGURATION")); + errorNames.insert(std::make_pair(1611, "ERROR_INDEX_ABSENT")); + errorNames.insert(std::make_pair(1612, "ERROR_INSTALL_SOURCE_ABSENT")); + errorNames.insert(std::make_pair(1613, "ERROR_INSTALL_PACKAGE_VERSION")); + errorNames.insert(std::make_pair(1614, "ERROR_PRODUCT_UNINSTALLED")); + errorNames.insert(std::make_pair(1615, "ERROR_BAD_QUERY_SYNTAX")); + errorNames.insert(std::make_pair(1616, "ERROR_INVALID_FIELD")); + errorNames.insert(std::make_pair(1617, "ERROR_DEVICE_REMOVED")); + errorNames.insert(std::make_pair(1618, "ERROR_INSTALL_ALREADY_RUNNING")); + errorNames.insert(std::make_pair(1619, "ERROR_INSTALL_PACKAGE_OPEN_FAILED")); + errorNames.insert(std::make_pair(1620, "ERROR_INSTALL_PACKAGE_INVALID")); + errorNames.insert(std::make_pair(1621, "ERROR_INSTALL_UI_FAILURE")); + errorNames.insert(std::make_pair(1622, "ERROR_INSTALL_LOG_FAILURE")); + errorNames.insert(std::make_pair(1623, "ERROR_INSTALL_LANGUAGE_UNSUPPORTED")); + errorNames.insert(std::make_pair(1624, "ERROR_INSTALL_TRANSFORM_FAILURE")); + errorNames.insert(std::make_pair(1625, "ERROR_INSTALL_PACKAGE_REJECTED")); + errorNames.insert(std::make_pair(1626, "ERROR_FUNCTION_NOT_CALLED")); + errorNames.insert(std::make_pair(1627, "ERROR_FUNCTION_FAILED")); + errorNames.insert(std::make_pair(1628, "ERROR_INVALID_TABLE")); + errorNames.insert(std::make_pair(1629, "ERROR_DATATYPE_MISMATCH")); + errorNames.insert(std::make_pair(1630, "ERROR_UNSUPPORTED_TYPE")); + errorNames.insert(std::make_pair(1631, "ERROR_CREATE_FAILED")); + errorNames.insert(std::make_pair(1632, "ERROR_INSTALL_TEMP_UNWRITABLE")); + errorNames.insert(std::make_pair(1633, "ERROR_INSTALL_PLATFORM_UNSUPPORTED")); + errorNames.insert(std::make_pair(1634, "ERROR_INSTALL_NOTUSED")); + errorNames.insert(std::make_pair(1635, "ERROR_PATCH_PACKAGE_OPEN_FAILED")); + errorNames.insert(std::make_pair(1636, "ERROR_PATCH_PACKAGE_INVALID")); + errorNames.insert(std::make_pair(1637, "ERROR_PATCH_PACKAGE_UNSUPPORTED")); + errorNames.insert(std::make_pair(1638, "ERROR_PRODUCT_VERSION")); + errorNames.insert(std::make_pair(1639, "ERROR_INVALID_COMMAND_LINE")); + errorNames.insert(std::make_pair(1640, "ERROR_INSTALL_REMOTE_DISALLOWED")); + errorNames.insert(std::make_pair(1641, "ERROR_SUCCESS_REBOOT_INITIATED")); + errorNames.insert(std::make_pair(1642, "ERROR_PATCH_TARGET_NOT_FOUND")); + errorNames.insert(std::make_pair(1643, "ERROR_PATCH_PACKAGE_REJECTED")); + errorNames.insert(std::make_pair(1644, "ERROR_INSTALL_TRANSFORM_REJECTED")); + errorNames.insert(std::make_pair(1645, "ERROR_INSTALL_REMOTE_PROHIBITED")); + errorNames.insert(std::make_pair(1646, "ERROR_PATCH_REMOVAL_UNSUPPORTED")); + errorNames.insert(std::make_pair(1647, "ERROR_UNKNOWN_PATCH")); + errorNames.insert(std::make_pair(1648, "ERROR_PATCH_NO_SEQUENCE")); + errorNames.insert(std::make_pair(1649, "ERROR_PATCH_REMOVAL_DISALLOWED")); + errorNames.insert(std::make_pair(1650, "ERROR_INVALID_PATCH_XML")); + errorNames.insert(std::make_pair(1651, "ERROR_PATCH_MANAGED_ADVERTISED_PRODUCT")); + errorNames.insert(std::make_pair(1652, "ERROR_INSTALL_SERVICE_SAFEBOOT")); + errorNames.insert(std::make_pair(1653, "ERROR_FAIL_FAST_EXCEPTION")); + errorNames.insert(std::make_pair(1784, "ERROR_INVALID_USER_BUFFER")); + errorNames.insert(std::make_pair(1785, "ERROR_UNRECOGNIZED_MEDIA")); + errorNames.insert(std::make_pair(1786, "ERROR_NO_TRUST_LSA_SECRET")); + errorNames.insert(std::make_pair(1787, "ERROR_NO_TRUST_SAM_ACCOUNT")); + errorNames.insert(std::make_pair(1788, "ERROR_TRUSTED_DOMAIN_FAILURE")); + errorNames.insert(std::make_pair(1789, "ERROR_TRUSTED_RELATIONSHIP_FAILURE")); + errorNames.insert(std::make_pair(1790, "ERROR_TRUST_FAILURE")); + errorNames.insert(std::make_pair(1792, "ERROR_NETLOGON_NOT_STARTED")); + errorNames.insert(std::make_pair(1793, "ERROR_ACCOUNT_EXPIRED")); + errorNames.insert(std::make_pair(1794, "ERROR_REDIRECTOR_HAS_OPEN_HANDLES")); + errorNames.insert(std::make_pair(1795, "ERROR_PRINTER_DRIVER_ALREADY_INSTALLED")); + errorNames.insert(std::make_pair(1796, "ERROR_UNKNOWN_PORT")); + errorNames.insert(std::make_pair(1797, "ERROR_UNKNOWN_PRINTER_DRIVER")); + errorNames.insert(std::make_pair(1798, "ERROR_UNKNOWN_PRINTPROCESSOR")); + errorNames.insert(std::make_pair(1799, "ERROR_INVALID_SEPARATOR_FILE")); + errorNames.insert(std::make_pair(1800, "ERROR_INVALID_PRIORITY")); + errorNames.insert(std::make_pair(1801, "ERROR_INVALID_PRINTER_NAME")); + errorNames.insert(std::make_pair(1802, "ERROR_PRINTER_ALREADY_EXISTS")); + errorNames.insert(std::make_pair(1803, "ERROR_INVALID_PRINTER_COMMAND")); + errorNames.insert(std::make_pair(1804, "ERROR_INVALID_DATATYPE")); + errorNames.insert(std::make_pair(1805, "ERROR_INVALID_ENVIRONMENT")); + errorNames.insert(std::make_pair(1807, "ERROR_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT")); + errorNames.insert(std::make_pair(1808, "ERROR_NOLOGON_WORKSTATION_TRUST_ACCOUNT")); + errorNames.insert(std::make_pair(1809, "ERROR_NOLOGON_SERVER_TRUST_ACCOUNT")); + errorNames.insert(std::make_pair(1810, "ERROR_DOMAIN_TRUST_INCONSISTENT")); + errorNames.insert(std::make_pair(1811, "ERROR_SERVER_HAS_OPEN_HANDLES")); + errorNames.insert(std::make_pair(1812, "ERROR_RESOURCE_DATA_NOT_FOUND")); + errorNames.insert(std::make_pair(1813, "ERROR_RESOURCE_TYPE_NOT_FOUND")); + errorNames.insert(std::make_pair(1814, "ERROR_RESOURCE_NAME_NOT_FOUND")); + errorNames.insert(std::make_pair(1815, "ERROR_RESOURCE_LANG_NOT_FOUND")); + errorNames.insert(std::make_pair(1816, "ERROR_NOT_ENOUGH_QUOTA")); + errorNames.insert(std::make_pair(1901, "ERROR_INVALID_TIME")); + errorNames.insert(std::make_pair(1902, "ERROR_INVALID_FORM_NAME")); + errorNames.insert(std::make_pair(1903, "ERROR_INVALID_FORM_SIZE")); + errorNames.insert(std::make_pair(1904, "ERROR_ALREADY_WAITING")); + errorNames.insert(std::make_pair(1905, "ERROR_PRINTER_DELETED")); + errorNames.insert(std::make_pair(1906, "ERROR_INVALID_PRINTER_STATE")); + errorNames.insert(std::make_pair(1907, "ERROR_PASSWORD_MUST_CHANGE")); + errorNames.insert(std::make_pair(1908, "ERROR_DOMAIN_CONTROLLER_NOT_FOUND")); + errorNames.insert(std::make_pair(1909, "ERROR_ACCOUNT_LOCKED_OUT")); + errorNames.insert(std::make_pair(1919, "ERROR_NO_SITENAME")); + errorNames.insert(std::make_pair(1920, "ERROR_CANT_ACCESS_FILE")); + errorNames.insert(std::make_pair(1921, "ERROR_CANT_RESOLVE_FILENAME")); + errorNames.insert(std::make_pair(1930, "ERROR_KM_DRIVER_BLOCKED")); + errorNames.insert(std::make_pair(1931, "ERROR_CONTEXT_EXPIRED")); + errorNames.insert(std::make_pair(1932, "ERROR_PER_USER_TRUST_QUOTA_EXCEEDED")); + errorNames.insert(std::make_pair(1933, "ERROR_ALL_USER_TRUST_QUOTA_EXCEEDED")); + errorNames.insert(std::make_pair(1934, "ERROR_USER_DELETE_TRUST_QUOTA_EXCEEDED")); + errorNames.insert(std::make_pair(1935, "ERROR_AUTHENTICATION_FIREWALL_FAILED")); + errorNames.insert(std::make_pair(1936, "ERROR_REMOTE_PRINT_CONNECTIONS_BLOCKED")); + errorNames.insert(std::make_pair(1937, "ERROR_NTLM_BLOCKED")); + errorNames.insert(std::make_pair(2000, "ERROR_INVALID_PIXEL_FORMAT")); + errorNames.insert(std::make_pair(2001, "ERROR_BAD_DRIVER")); + errorNames.insert(std::make_pair(2002, "ERROR_INVALID_WINDOW_STYLE")); + errorNames.insert(std::make_pair(2003, "ERROR_METAFILE_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(2004, "ERROR_TRANSFORM_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(2005, "ERROR_CLIPPING_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(2010, "ERROR_INVALID_CMM")); + errorNames.insert(std::make_pair(2011, "ERROR_INVALID_PROFILE")); + errorNames.insert(std::make_pair(2012, "ERROR_TAG_NOT_FOUND")); + errorNames.insert(std::make_pair(2013, "ERROR_TAG_NOT_PRESENT")); + errorNames.insert(std::make_pair(2014, "ERROR_DUPLICATE_TAG")); + errorNames.insert(std::make_pair(2015, "ERROR_PROFILE_NOT_ASSOCIATED_WITH_DEVICE")); + errorNames.insert(std::make_pair(2016, "ERROR_PROFILE_NOT_FOUND")); + errorNames.insert(std::make_pair(2017, "ERROR_INVALID_COLORSPACE")); + errorNames.insert(std::make_pair(2018, "ERROR_ICM_NOT_ENABLED")); + errorNames.insert(std::make_pair(2019, "ERROR_DELETING_ICM_XFORM")); + errorNames.insert(std::make_pair(2020, "ERROR_INVALID_TRANSFORM")); + errorNames.insert(std::make_pair(2021, "ERROR_COLORSPACE_MISMATCH")); + errorNames.insert(std::make_pair(2022, "ERROR_INVALID_COLORINDEX")); + errorNames.insert(std::make_pair(2023, "ERROR_PROFILE_DOES_NOT_MATCH_DEVICE")); + errorNames.insert(std::make_pair(2108, "ERROR_CONNECTED_OTHER_PASSWORD")); + errorNames.insert(std::make_pair(2109, "ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT")); + errorNames.insert(std::make_pair(2202, "ERROR_BAD_USERNAME")); + errorNames.insert(std::make_pair(2250, "ERROR_NOT_CONNECTED")); + errorNames.insert(std::make_pair(2401, "ERROR_OPEN_FILES")); + errorNames.insert(std::make_pair(2402, "ERROR_ACTIVE_CONNECTIONS")); + errorNames.insert(std::make_pair(2404, "ERROR_DEVICE_IN_USE")); + errorNames.insert(std::make_pair(3000, "ERROR_UNKNOWN_PRINT_MONITOR")); + errorNames.insert(std::make_pair(3001, "ERROR_PRINTER_DRIVER_IN_USE")); + errorNames.insert(std::make_pair(3002, "ERROR_SPOOL_FILE_NOT_FOUND")); + errorNames.insert(std::make_pair(3003, "ERROR_SPL_NO_STARTDOC")); + errorNames.insert(std::make_pair(3004, "ERROR_SPL_NO_ADDJOB")); + errorNames.insert(std::make_pair(3005, "ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED")); + errorNames.insert(std::make_pair(3006, "ERROR_PRINT_MONITOR_ALREADY_INSTALLED")); + errorNames.insert(std::make_pair(3007, "ERROR_INVALID_PRINT_MONITOR")); + errorNames.insert(std::make_pair(3008, "ERROR_PRINT_MONITOR_IN_USE")); + errorNames.insert(std::make_pair(3009, "ERROR_PRINTER_HAS_JOBS_QUEUED")); + errorNames.insert(std::make_pair(3010, "ERROR_SUCCESS_REBOOT_REQUIRED")); + errorNames.insert(std::make_pair(3011, "ERROR_SUCCESS_RESTART_REQUIRED")); + errorNames.insert(std::make_pair(3012, "ERROR_PRINTER_NOT_FOUND")); + errorNames.insert(std::make_pair(3013, "ERROR_PRINTER_DRIVER_WARNED")); + errorNames.insert(std::make_pair(3014, "ERROR_PRINTER_DRIVER_BLOCKED")); + errorNames.insert(std::make_pair(3015, "ERROR_PRINTER_DRIVER_PACKAGE_IN_USE")); + errorNames.insert(std::make_pair(3016, "ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND")); + errorNames.insert(std::make_pair(3017, "ERROR_FAIL_REBOOT_REQUIRED")); + errorNames.insert(std::make_pair(3018, "ERROR_FAIL_REBOOT_INITIATED")); + errorNames.insert(std::make_pair(3019, "ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED")); + errorNames.insert(std::make_pair(3020, "ERROR_PRINT_JOB_RESTART_REQUIRED")); + errorNames.insert(std::make_pair(3950, "ERROR_IO_REISSUE_AS_CACHED")); + errorNames.insert(std::make_pair(4000, "ERROR_WINS_INTERNAL")); + errorNames.insert(std::make_pair(4001, "ERROR_CAN_NOT_DEL_LOCAL_WINS")); + errorNames.insert(std::make_pair(4002, "ERROR_STATIC_INIT")); + errorNames.insert(std::make_pair(4003, "ERROR_INC_BACKUP")); + errorNames.insert(std::make_pair(4004, "ERROR_FULL_BACKUP")); + errorNames.insert(std::make_pair(4005, "ERROR_REC_NON_EXISTENT")); + errorNames.insert(std::make_pair(4006, "ERROR_RPL_NOT_ALLOWED")); + errorNames.insert(std::make_pair(4100, "ERROR_DHCP_ADDRESS_CONFLICT")); + errorNames.insert(std::make_pair(4200, "ERROR_WMI_GUID_NOT_FOUND")); + errorNames.insert(std::make_pair(4201, "ERROR_WMI_INSTANCE_NOT_FOUND")); + errorNames.insert(std::make_pair(4202, "ERROR_WMI_ITEMID_NOT_FOUND")); + errorNames.insert(std::make_pair(4203, "ERROR_WMI_TRY_AGAIN")); + errorNames.insert(std::make_pair(4204, "ERROR_WMI_DP_NOT_FOUND")); + errorNames.insert(std::make_pair(4205, "ERROR_WMI_UNRESOLVED_INSTANCE_REF")); + errorNames.insert(std::make_pair(4206, "ERROR_WMI_ALREADY_ENABLED")); + errorNames.insert(std::make_pair(4207, "ERROR_WMI_GUID_DISCONNECTED")); + errorNames.insert(std::make_pair(4208, "ERROR_WMI_SERVER_UNAVAILABLE")); + errorNames.insert(std::make_pair(4209, "ERROR_WMI_DP_FAILED")); + errorNames.insert(std::make_pair(4210, "ERROR_WMI_INVALID_MOF")); + errorNames.insert(std::make_pair(4211, "ERROR_WMI_INVALID_REGINFO")); + errorNames.insert(std::make_pair(4212, "ERROR_WMI_ALREADY_DISABLED")); + errorNames.insert(std::make_pair(4213, "ERROR_WMI_READ_ONLY")); + errorNames.insert(std::make_pair(4214, "ERROR_WMI_SET_FAILURE")); + errorNames.insert(std::make_pair(4300, "ERROR_INVALID_MEDIA")); + errorNames.insert(std::make_pair(4301, "ERROR_INVALID_LIBRARY")); + errorNames.insert(std::make_pair(4302, "ERROR_INVALID_MEDIA_POOL")); + errorNames.insert(std::make_pair(4303, "ERROR_DRIVE_MEDIA_MISMATCH")); + errorNames.insert(std::make_pair(4304, "ERROR_MEDIA_OFFLINE")); + errorNames.insert(std::make_pair(4305, "ERROR_LIBRARY_OFFLINE")); + errorNames.insert(std::make_pair(4306, "ERROR_EMPTY")); + errorNames.insert(std::make_pair(4307, "ERROR_NOT_EMPTY")); + errorNames.insert(std::make_pair(4308, "ERROR_MEDIA_UNAVAILABLE")); + errorNames.insert(std::make_pair(4309, "ERROR_RESOURCE_DISABLED")); + errorNames.insert(std::make_pair(4310, "ERROR_INVALID_CLEANER")); + errorNames.insert(std::make_pair(4311, "ERROR_UNABLE_TO_CLEAN")); + errorNames.insert(std::make_pair(4312, "ERROR_OBJECT_NOT_FOUND")); + errorNames.insert(std::make_pair(4313, "ERROR_DATABASE_FAILURE")); + errorNames.insert(std::make_pair(4314, "ERROR_DATABASE_FULL")); + errorNames.insert(std::make_pair(4315, "ERROR_MEDIA_INCOMPATIBLE")); + errorNames.insert(std::make_pair(4316, "ERROR_RESOURCE_NOT_PRESENT")); + errorNames.insert(std::make_pair(4317, "ERROR_INVALID_OPERATION")); + errorNames.insert(std::make_pair(4318, "ERROR_MEDIA_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(4319, "ERROR_DEVICE_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(4320, "ERROR_REQUEST_REFUSED")); + errorNames.insert(std::make_pair(4321, "ERROR_INVALID_DRIVE_OBJECT")); + errorNames.insert(std::make_pair(4322, "ERROR_LIBRARY_FULL")); + errorNames.insert(std::make_pair(4323, "ERROR_MEDIUM_NOT_ACCESSIBLE")); + errorNames.insert(std::make_pair(4324, "ERROR_UNABLE_TO_LOAD_MEDIUM")); + errorNames.insert(std::make_pair(4325, "ERROR_UNABLE_TO_INVENTORY_DRIVE")); + errorNames.insert(std::make_pair(4326, "ERROR_UNABLE_TO_INVENTORY_SLOT")); + errorNames.insert(std::make_pair(4327, "ERROR_UNABLE_TO_INVENTORY_TRANSPORT")); + errorNames.insert(std::make_pair(4328, "ERROR_TRANSPORT_FULL")); + errorNames.insert(std::make_pair(4329, "ERROR_CONTROLLING_IEPORT")); + errorNames.insert(std::make_pair(4330, "ERROR_UNABLE_TO_EJECT_MOUNTED_MEDIA")); + errorNames.insert(std::make_pair(4331, "ERROR_CLEANER_SLOT_SET")); + errorNames.insert(std::make_pair(4332, "ERROR_CLEANER_SLOT_NOT_SET")); + errorNames.insert(std::make_pair(4333, "ERROR_CLEANER_CARTRIDGE_SPENT")); + errorNames.insert(std::make_pair(4334, "ERROR_UNEXPECTED_OMID")); + errorNames.insert(std::make_pair(4335, "ERROR_CANT_DELETE_LAST_ITEM")); + errorNames.insert(std::make_pair(4336, "ERROR_MESSAGE_EXCEEDS_MAX_SIZE")); + errorNames.insert(std::make_pair(4337, "ERROR_VOLUME_CONTAINS_SYS_FILES")); + errorNames.insert(std::make_pair(4338, "ERROR_INDIGENOUS_TYPE")); + errorNames.insert(std::make_pair(4339, "ERROR_NO_SUPPORTING_DRIVES")); + errorNames.insert(std::make_pair(4340, "ERROR_CLEANER_CARTRIDGE_INSTALLED")); + errorNames.insert(std::make_pair(4341, "ERROR_IEPORT_FULL")); + errorNames.insert(std::make_pair(4350, "ERROR_FILE_OFFLINE")); + errorNames.insert(std::make_pair(4351, "ERROR_REMOTE_STORAGE_NOT_ACTIVE")); + errorNames.insert(std::make_pair(4352, "ERROR_REMOTE_STORAGE_MEDIA_ERROR")); + errorNames.insert(std::make_pair(4390, "ERROR_NOT_A_REPARSE_POINT")); + errorNames.insert(std::make_pair(4391, "ERROR_REPARSE_ATTRIBUTE_CONFLICT")); + errorNames.insert(std::make_pair(4392, "ERROR_INVALID_REPARSE_DATA")); + errorNames.insert(std::make_pair(4393, "ERROR_REPARSE_TAG_INVALID")); + errorNames.insert(std::make_pair(4394, "ERROR_REPARSE_TAG_MISMATCH")); + errorNames.insert(std::make_pair(4500, "ERROR_VOLUME_NOT_SIS_ENABLED")); + errorNames.insert(std::make_pair(5001, "ERROR_DEPENDENT_RESOURCE_EXISTS")); + errorNames.insert(std::make_pair(5002, "ERROR_DEPENDENCY_NOT_FOUND")); + errorNames.insert(std::make_pair(5003, "ERROR_DEPENDENCY_ALREADY_EXISTS")); + errorNames.insert(std::make_pair(5004, "ERROR_RESOURCE_NOT_ONLINE")); + errorNames.insert(std::make_pair(5005, "ERROR_HOST_NODE_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(5006, "ERROR_RESOURCE_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(5007, "ERROR_RESOURCE_NOT_FOUND")); + errorNames.insert(std::make_pair(5008, "ERROR_SHUTDOWN_CLUSTER")); + errorNames.insert(std::make_pair(5009, "ERROR_CANT_EVICT_ACTIVE_NODE")); + errorNames.insert(std::make_pair(5010, "ERROR_OBJECT_ALREADY_EXISTS")); + errorNames.insert(std::make_pair(5011, "ERROR_OBJECT_IN_LIST")); + errorNames.insert(std::make_pair(5012, "ERROR_GROUP_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(5013, "ERROR_GROUP_NOT_FOUND")); + errorNames.insert(std::make_pair(5014, "ERROR_GROUP_NOT_ONLINE")); + errorNames.insert(std::make_pair(5015, "ERROR_HOST_NODE_NOT_RESOURCE_OWNER")); + errorNames.insert(std::make_pair(5016, "ERROR_HOST_NODE_NOT_GROUP_OWNER")); + errorNames.insert(std::make_pair(5017, "ERROR_RESMON_CREATE_FAILED")); + errorNames.insert(std::make_pair(5018, "ERROR_RESMON_ONLINE_FAILED")); + errorNames.insert(std::make_pair(5019, "ERROR_RESOURCE_ONLINE")); + errorNames.insert(std::make_pair(5020, "ERROR_QUORUM_RESOURCE")); + errorNames.insert(std::make_pair(5021, "ERROR_NOT_QUORUM_CAPABLE")); + errorNames.insert(std::make_pair(5022, "ERROR_CLUSTER_SHUTTING_DOWN")); + errorNames.insert(std::make_pair(5023, "ERROR_INVALID_STATE")); + errorNames.insert(std::make_pair(5024, "ERROR_RESOURCE_PROPERTIES_STORED")); + errorNames.insert(std::make_pair(5025, "ERROR_NOT_QUORUM_CLASS")); + errorNames.insert(std::make_pair(5026, "ERROR_CORE_RESOURCE")); + errorNames.insert(std::make_pair(5027, "ERROR_QUORUM_RESOURCE_ONLINE_FAILED")); + errorNames.insert(std::make_pair(5028, "ERROR_QUORUMLOG_OPEN_FAILED")); + errorNames.insert(std::make_pair(5029, "ERROR_CLUSTERLOG_CORRUPT")); + errorNames.insert(std::make_pair(5030, "ERROR_CLUSTERLOG_RECORD_EXCEEDS_MAXSIZE")); + errorNames.insert(std::make_pair(5031, "ERROR_CLUSTERLOG_EXCEEDS_MAXSIZE")); + errorNames.insert(std::make_pair(5032, "ERROR_CLUSTERLOG_CHKPOINT_NOT_FOUND")); + errorNames.insert(std::make_pair(5033, "ERROR_CLUSTERLOG_NOT_ENOUGH_SPACE")); + errorNames.insert(std::make_pair(5034, "ERROR_QUORUM_OWNER_ALIVE")); + errorNames.insert(std::make_pair(5035, "ERROR_NETWORK_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(5036, "ERROR_NODE_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(5037, "ERROR_ALL_NODES_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(5038, "ERROR_RESOURCE_FAILED")); + errorNames.insert(std::make_pair(5039, "ERROR_CLUSTER_INVALID_NODE")); + errorNames.insert(std::make_pair(5040, "ERROR_CLUSTER_NODE_EXISTS")); + errorNames.insert(std::make_pair(5041, "ERROR_CLUSTER_JOIN_IN_PROGRESS")); + errorNames.insert(std::make_pair(5042, "ERROR_CLUSTER_NODE_NOT_FOUND")); + errorNames.insert(std::make_pair(5043, "ERROR_CLUSTER_LOCAL_NODE_NOT_FOUND")); + errorNames.insert(std::make_pair(5044, "ERROR_CLUSTER_NETWORK_EXISTS")); + errorNames.insert(std::make_pair(5045, "ERROR_CLUSTER_NETWORK_NOT_FOUND")); + errorNames.insert(std::make_pair(5046, "ERROR_CLUSTER_NETINTERFACE_EXISTS")); + errorNames.insert(std::make_pair(5047, "ERROR_CLUSTER_NETINTERFACE_NOT_FOUND")); + errorNames.insert(std::make_pair(5048, "ERROR_CLUSTER_INVALID_REQUEST")); + errorNames.insert(std::make_pair(5049, "ERROR_CLUSTER_INVALID_NETWORK_PROVIDER")); + errorNames.insert(std::make_pair(5050, "ERROR_CLUSTER_NODE_DOWN")); + errorNames.insert(std::make_pair(5051, "ERROR_CLUSTER_NODE_UNREACHABLE")); + errorNames.insert(std::make_pair(5052, "ERROR_CLUSTER_NODE_NOT_MEMBER")); + errorNames.insert(std::make_pair(5053, "ERROR_CLUSTER_JOIN_NOT_IN_PROGRESS")); + errorNames.insert(std::make_pair(5054, "ERROR_CLUSTER_INVALID_NETWORK")); + errorNames.insert(std::make_pair(5056, "ERROR_CLUSTER_NODE_UP")); + errorNames.insert(std::make_pair(5057, "ERROR_CLUSTER_IPADDR_IN_USE")); + errorNames.insert(std::make_pair(5058, "ERROR_CLUSTER_NODE_NOT_PAUSED")); + errorNames.insert(std::make_pair(5059, "ERROR_CLUSTER_NO_SECURITY_CONTEXT")); + errorNames.insert(std::make_pair(5060, "ERROR_CLUSTER_NETWORK_NOT_INTERNAL")); + errorNames.insert(std::make_pair(5061, "ERROR_CLUSTER_NODE_ALREADY_UP")); + errorNames.insert(std::make_pair(5062, "ERROR_CLUSTER_NODE_ALREADY_DOWN")); + errorNames.insert(std::make_pair(5063, "ERROR_CLUSTER_NETWORK_ALREADY_ONLINE")); + errorNames.insert(std::make_pair(5064, "ERROR_CLUSTER_NETWORK_ALREADY_OFFLINE")); + errorNames.insert(std::make_pair(5065, "ERROR_CLUSTER_NODE_ALREADY_MEMBER")); + errorNames.insert(std::make_pair(5066, "ERROR_CLUSTER_LAST_INTERNAL_NETWORK")); + errorNames.insert(std::make_pair(5067, "ERROR_CLUSTER_NETWORK_HAS_DEPENDENTS")); + errorNames.insert(std::make_pair(5068, "ERROR_INVALID_OPERATION_ON_QUORUM")); + errorNames.insert(std::make_pair(5069, "ERROR_DEPENDENCY_NOT_ALLOWED")); + errorNames.insert(std::make_pair(5070, "ERROR_CLUSTER_NODE_PAUSED")); + errorNames.insert(std::make_pair(5071, "ERROR_NODE_CANT_HOST_RESOURCE")); + errorNames.insert(std::make_pair(5072, "ERROR_CLUSTER_NODE_NOT_READY")); + errorNames.insert(std::make_pair(5073, "ERROR_CLUSTER_NODE_SHUTTING_DOWN")); + errorNames.insert(std::make_pair(5074, "ERROR_CLUSTER_JOIN_ABORTED")); + errorNames.insert(std::make_pair(5075, "ERROR_CLUSTER_INCOMPATIBLE_VERSIONS")); + errorNames.insert(std::make_pair(5076, "ERROR_CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED")); + errorNames.insert(std::make_pair(5077, "ERROR_CLUSTER_SYSTEM_CONFIG_CHANGED")); + errorNames.insert(std::make_pair(5078, "ERROR_CLUSTER_RESOURCE_TYPE_NOT_FOUND")); + errorNames.insert(std::make_pair(5079, "ERROR_CLUSTER_RESTYPE_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(5080, "ERROR_CLUSTER_RESNAME_NOT_FOUND")); + errorNames.insert(std::make_pair(5081, "ERROR_CLUSTER_NO_RPC_PACKAGES_REGISTERED")); + errorNames.insert(std::make_pair(5082, "ERROR_CLUSTER_OWNER_NOT_IN_PREFLIST")); + errorNames.insert(std::make_pair(5083, "ERROR_CLUSTER_DATABASE_SEQMISMATCH")); + errorNames.insert(std::make_pair(5084, "ERROR_RESMON_INVALID_STATE")); + errorNames.insert(std::make_pair(5085, "ERROR_CLUSTER_GUM_NOT_LOCKER")); + errorNames.insert(std::make_pair(5086, "ERROR_QUORUM_DISK_NOT_FOUND")); + errorNames.insert(std::make_pair(5087, "ERROR_DATABASE_BACKUP_CORRUPT")); + errorNames.insert(std::make_pair(5088, "ERROR_CLUSTER_NODE_ALREADY_HAS_DFS_ROOT")); + errorNames.insert(std::make_pair(5089, "ERROR_RESOURCE_PROPERTY_UNCHANGEABLE")); + errorNames.insert(std::make_pair(5890, "ERROR_CLUSTER_MEMBERSHIP_INVALID_STATE")); + errorNames.insert(std::make_pair(5891, "ERROR_CLUSTER_QUORUMLOG_NOT_FOUND")); + errorNames.insert(std::make_pair(5892, "ERROR_CLUSTER_MEMBERSHIP_HALT")); + errorNames.insert(std::make_pair(5893, "ERROR_CLUSTER_INSTANCE_ID_MISMATCH")); + errorNames.insert(std::make_pair(5894, "ERROR_CLUSTER_NETWORK_NOT_FOUND_FOR_IP")); + errorNames.insert(std::make_pair(5895, "ERROR_CLUSTER_PROPERTY_DATA_TYPE_MISMATCH")); + errorNames.insert(std::make_pair(5896, "ERROR_CLUSTER_EVICT_WITHOUT_CLEANUP")); + errorNames.insert(std::make_pair(5897, "ERROR_CLUSTER_PARAMETER_MISMATCH")); + errorNames.insert(std::make_pair(5898, "ERROR_NODE_CANNOT_BE_CLUSTERED")); + errorNames.insert(std::make_pair(5899, "ERROR_CLUSTER_WRONG_OS_VERSION")); + errorNames.insert(std::make_pair(5900, "ERROR_CLUSTER_CANT_CREATE_DUP_CLUSTER_NAME")); + errorNames.insert(std::make_pair(5901, "ERROR_CLUSCFG_ALREADY_COMMITTED")); + errorNames.insert(std::make_pair(5902, "ERROR_CLUSCFG_ROLLBACK_FAILED")); + errorNames.insert(std::make_pair(5903, "ERROR_CLUSCFG_SYSTEM_DISK_DRIVE_LETTER_CONFLICT")); + errorNames.insert(std::make_pair(5904, "ERROR_CLUSTER_OLD_VERSION")); + errorNames.insert(std::make_pair(5905, "ERROR_CLUSTER_MISMATCHED_COMPUTER_ACCT_NAME")); + errorNames.insert(std::make_pair(5906, "ERROR_CLUSTER_NO_NET_ADAPTERS")); + errorNames.insert(std::make_pair(5907, "ERROR_CLUSTER_POISONED")); + errorNames.insert(std::make_pair(5908, "ERROR_CLUSTER_GROUP_MOVING")); + errorNames.insert(std::make_pair(5909, "ERROR_CLUSTER_RESOURCE_TYPE_BUSY")); + errorNames.insert(std::make_pair(5910, "ERROR_RESOURCE_CALL_TIMED_OUT")); + errorNames.insert(std::make_pair(5911, "ERROR_INVALID_CLUSTER_IPV6_ADDRESS")); + errorNames.insert(std::make_pair(5912, "ERROR_CLUSTER_INTERNAL_INVALID_FUNCTION")); + errorNames.insert(std::make_pair(5913, "ERROR_CLUSTER_PARAMETER_OUT_OF_BOUNDS")); + errorNames.insert(std::make_pair(5914, "ERROR_CLUSTER_PARTIAL_SEND")); + errorNames.insert(std::make_pair(5915, "ERROR_CLUSTER_REGISTRY_INVALID_FUNCTION")); + errorNames.insert(std::make_pair(5916, "ERROR_CLUSTER_INVALID_STRING_TERMINATION")); + errorNames.insert(std::make_pair(5917, "ERROR_CLUSTER_INVALID_STRING_FORMAT")); + errorNames.insert(std::make_pair(5918, "ERROR_CLUSTER_DATABASE_TRANSACTION_IN_PROGRESS")); + errorNames.insert(std::make_pair(5919, "ERROR_CLUSTER_DATABASE_TRANSACTION_NOT_IN_PROGRESS")); + errorNames.insert(std::make_pair(5920, "ERROR_CLUSTER_NULL_DATA")); + errorNames.insert(std::make_pair(5921, "ERROR_CLUSTER_PARTIAL_READ")); + errorNames.insert(std::make_pair(5922, "ERROR_CLUSTER_PARTIAL_WRITE")); + errorNames.insert(std::make_pair(5923, "ERROR_CLUSTER_CANT_DESERIALIZE_DATA")); + errorNames.insert(std::make_pair(5924, "ERROR_DEPENDENT_RESOURCE_PROPERTY_CONFLICT")); + errorNames.insert(std::make_pair(5925, "ERROR_CLUSTER_NO_QUORUM")); + errorNames.insert(std::make_pair(5926, "ERROR_CLUSTER_INVALID_IPV6_NETWORK")); + errorNames.insert(std::make_pair(5927, "ERROR_CLUSTER_INVALID_IPV6_TUNNEL_NETWORK")); + errorNames.insert(std::make_pair(5928, "ERROR_QUORUM_NOT_ALLOWED_IN_THIS_GROUP")); + errorNames.insert(std::make_pair(5929, "ERROR_DEPENDENCY_TREE_TOO_COMPLEX")); + errorNames.insert(std::make_pair(5930, "ERROR_EXCEPTION_IN_RESOURCE_CALL")); + errorNames.insert(std::make_pair(5931, "ERROR_CLUSTER_RHS_FAILED_INITIALIZATION")); + errorNames.insert(std::make_pair(5932, "ERROR_CLUSTER_NOT_INSTALLED")); + errorNames.insert(std::make_pair(5933, "ERROR_CLUSTER_RESOURCES_MUST_BE_ONLINE_ON_THE_SAME_NODE")); + errorNames.insert(std::make_pair(5934, "ERROR_CLUSTER_MAX_NODES_IN_CLUSTER")); + errorNames.insert(std::make_pair(5935, "ERROR_CLUSTER_TOO_MANY_NODES")); + errorNames.insert(std::make_pair(5936, "ERROR_CLUSTER_OBJECT_ALREADY_USED")); + errorNames.insert(std::make_pair(5937, "ERROR_NONCORE_GROUPS_FOUND")); + errorNames.insert(std::make_pair(5938, "ERROR_FILE_SHARE_RESOURCE_CONFLICT")); + errorNames.insert(std::make_pair(5939, "ERROR_CLUSTER_EVICT_INVALID_REQUEST")); + errorNames.insert(std::make_pair(5940, "ERROR_CLUSTER_SINGLETON_RESOURCE")); + errorNames.insert(std::make_pair(5941, "ERROR_CLUSTER_GROUP_SINGLETON_RESOURCE")); + errorNames.insert(std::make_pair(5942, "ERROR_CLUSTER_RESOURCE_PROVIDER_FAILED")); + errorNames.insert(std::make_pair(5943, "ERROR_CLUSTER_RESOURCE_CONFIGURATION_ERROR")); + errorNames.insert(std::make_pair(5944, "ERROR_CLUSTER_GROUP_BUSY")); + errorNames.insert(std::make_pair(5945, "ERROR_CLUSTER_NOT_SHARED_VOLUME")); + errorNames.insert(std::make_pair(5946, "ERROR_CLUSTER_INVALID_SECURITY_DESCRIPTOR")); + errorNames.insert(std::make_pair(5947, "ERROR_CLUSTER_SHARED_VOLUMES_IN_USE")); + errorNames.insert(std::make_pair(5948, "ERROR_CLUSTER_USE_SHARED_VOLUMES_API")); + errorNames.insert(std::make_pair(5949, "ERROR_CLUSTER_BACKUP_IN_PROGRESS")); + errorNames.insert(std::make_pair(5950, "ERROR_NON_CSV_PATH")); + errorNames.insert(std::make_pair(5951, "ERROR_CSV_VOLUME_NOT_LOCAL")); + errorNames.insert(std::make_pair(5952, "ERROR_CLUSTER_WATCHDOG_TERMINATING")); + errorNames.insert(std::make_pair(6000, "ERROR_ENCRYPTION_FAILED")); + errorNames.insert(std::make_pair(6001, "ERROR_DECRYPTION_FAILED")); + errorNames.insert(std::make_pair(6002, "ERROR_FILE_ENCRYPTED")); + errorNames.insert(std::make_pair(6003, "ERROR_NO_RECOVERY_POLICY")); + errorNames.insert(std::make_pair(6004, "ERROR_NO_EFS")); + errorNames.insert(std::make_pair(6005, "ERROR_WRONG_EFS")); + errorNames.insert(std::make_pair(6006, "ERROR_NO_USER_KEYS")); + errorNames.insert(std::make_pair(6007, "ERROR_FILE_NOT_ENCRYPTED")); + errorNames.insert(std::make_pair(6008, "ERROR_NOT_EXPORT_FORMAT")); + errorNames.insert(std::make_pair(6009, "ERROR_FILE_READ_ONLY")); + errorNames.insert(std::make_pair(6010, "ERROR_DIR_EFS_DISALLOWED")); + errorNames.insert(std::make_pair(6011, "ERROR_EFS_SERVER_NOT_TRUSTED")); + errorNames.insert(std::make_pair(6012, "ERROR_BAD_RECOVERY_POLICY")); + errorNames.insert(std::make_pair(6013, "ERROR_EFS_ALG_BLOB_TOO_BIG")); + errorNames.insert(std::make_pair(6014, "ERROR_VOLUME_NOT_SUPPORT_EFS")); + errorNames.insert(std::make_pair(6015, "ERROR_EFS_DISABLED")); + errorNames.insert(std::make_pair(6016, "ERROR_EFS_VERSION_NOT_SUPPORT")); + errorNames.insert(std::make_pair(6017, "ERROR_CS_ENCRYPTION_INVALID_SERVER_RESPONSE")); + errorNames.insert(std::make_pair(6018, "ERROR_CS_ENCRYPTION_UNSUPPORTED_SERVER")); + errorNames.insert(std::make_pair(6019, "ERROR_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE")); + errorNames.insert(std::make_pair(6020, "ERROR_CS_ENCRYPTION_NEW_ENCRYPTED_FILE")); + errorNames.insert(std::make_pair(6021, "ERROR_CS_ENCRYPTION_FILE_NOT_CSE")); + errorNames.insert(std::make_pair(6022, "ERROR_ENCRYPTION_POLICY_DENIES_OPERATION")); + errorNames.insert(std::make_pair(6118, "ERROR_NO_BROWSER_SERVERS_FOUND")); + errorNames.insert(std::make_pair(6600, "ERROR_LOG_SECTOR_INVALID")); + errorNames.insert(std::make_pair(6601, "ERROR_LOG_SECTOR_PARITY_INVALID")); + errorNames.insert(std::make_pair(6602, "ERROR_LOG_SECTOR_REMAPPED")); + errorNames.insert(std::make_pair(6603, "ERROR_LOG_BLOCK_INCOMPLETE")); + errorNames.insert(std::make_pair(6604, "ERROR_LOG_INVALID_RANGE")); + errorNames.insert(std::make_pair(6605, "ERROR_LOG_BLOCKS_EXHAUSTED")); + errorNames.insert(std::make_pair(6606, "ERROR_LOG_READ_CONTEXT_INVALID")); + errorNames.insert(std::make_pair(6607, "ERROR_LOG_RESTART_INVALID")); + errorNames.insert(std::make_pair(6608, "ERROR_LOG_BLOCK_VERSION")); + errorNames.insert(std::make_pair(6609, "ERROR_LOG_BLOCK_INVALID")); + errorNames.insert(std::make_pair(6610, "ERROR_LOG_READ_MODE_INVALID")); + errorNames.insert(std::make_pair(6611, "ERROR_LOG_NO_RESTART")); + errorNames.insert(std::make_pair(6612, "ERROR_LOG_METADATA_CORRUPT")); + errorNames.insert(std::make_pair(6613, "ERROR_LOG_METADATA_INVALID")); + errorNames.insert(std::make_pair(6614, "ERROR_LOG_METADATA_INCONSISTENT")); + errorNames.insert(std::make_pair(6615, "ERROR_LOG_RESERVATION_INVALID")); + errorNames.insert(std::make_pair(6616, "ERROR_LOG_CANT_DELETE")); + errorNames.insert(std::make_pair(6617, "ERROR_LOG_CONTAINER_LIMIT_EXCEEDED")); + errorNames.insert(std::make_pair(6618, "ERROR_LOG_START_OF_LOG")); + errorNames.insert(std::make_pair(6619, "ERROR_LOG_POLICY_ALREADY_INSTALLED")); + errorNames.insert(std::make_pair(6620, "ERROR_LOG_POLICY_NOT_INSTALLED")); + errorNames.insert(std::make_pair(6621, "ERROR_LOG_POLICY_INVALID")); + errorNames.insert(std::make_pair(6622, "ERROR_LOG_POLICY_CONFLICT")); + errorNames.insert(std::make_pair(6623, "ERROR_LOG_PINNED_ARCHIVE_TAIL")); + errorNames.insert(std::make_pair(6624, "ERROR_LOG_RECORD_NONEXISTENT")); + errorNames.insert(std::make_pair(6625, "ERROR_LOG_RECORDS_RESERVED_INVALID")); + errorNames.insert(std::make_pair(6626, "ERROR_LOG_SPACE_RESERVED_INVALID")); + errorNames.insert(std::make_pair(6627, "ERROR_LOG_TAIL_INVALID")); + errorNames.insert(std::make_pair(6628, "ERROR_LOG_FULL")); + errorNames.insert(std::make_pair(6629, "ERROR_COULD_NOT_RESIZE_LOG")); + errorNames.insert(std::make_pair(6630, "ERROR_LOG_MULTIPLEXED")); + errorNames.insert(std::make_pair(6631, "ERROR_LOG_DEDICATED")); + errorNames.insert(std::make_pair(6632, "ERROR_LOG_ARCHIVE_NOT_IN_PROGRESS")); + errorNames.insert(std::make_pair(6633, "ERROR_LOG_ARCHIVE_IN_PROGRESS")); + errorNames.insert(std::make_pair(6634, "ERROR_LOG_EPHEMERAL")); + errorNames.insert(std::make_pair(6635, "ERROR_LOG_NOT_ENOUGH_CONTAINERS")); + errorNames.insert(std::make_pair(6636, "ERROR_LOG_CLIENT_ALREADY_REGISTERED")); + errorNames.insert(std::make_pair(6637, "ERROR_LOG_CLIENT_NOT_REGISTERED")); + errorNames.insert(std::make_pair(6638, "ERROR_LOG_FULL_HANDLER_IN_PROGRESS")); + errorNames.insert(std::make_pair(6639, "ERROR_LOG_CONTAINER_READ_FAILED")); + errorNames.insert(std::make_pair(6640, "ERROR_LOG_CONTAINER_WRITE_FAILED")); + errorNames.insert(std::make_pair(6641, "ERROR_LOG_CONTAINER_OPEN_FAILED")); + errorNames.insert(std::make_pair(6642, "ERROR_LOG_CONTAINER_STATE_INVALID")); + errorNames.insert(std::make_pair(6643, "ERROR_LOG_STATE_INVALID")); + errorNames.insert(std::make_pair(6644, "ERROR_LOG_PINNED")); + errorNames.insert(std::make_pair(6645, "ERROR_LOG_METADATA_FLUSH_FAILED")); + errorNames.insert(std::make_pair(6646, "ERROR_LOG_INCONSISTENT_SECURITY")); + errorNames.insert(std::make_pair(6647, "ERROR_LOG_APPENDED_FLUSH_FAILED")); + errorNames.insert(std::make_pair(6648, "ERROR_LOG_PINNED_RESERVATION")); + errorNames.insert(std::make_pair(6700, "ERROR_INVALID_TRANSACTION")); + errorNames.insert(std::make_pair(6701, "ERROR_TRANSACTION_NOT_ACTIVE")); + errorNames.insert(std::make_pair(6702, "ERROR_TRANSACTION_REQUEST_NOT_VALID")); + errorNames.insert(std::make_pair(6703, "ERROR_TRANSACTION_NOT_REQUESTED")); + errorNames.insert(std::make_pair(6704, "ERROR_TRANSACTION_ALREADY_ABORTED")); + errorNames.insert(std::make_pair(6705, "ERROR_TRANSACTION_ALREADY_COMMITTED")); + errorNames.insert(std::make_pair(6706, "ERROR_TM_INITIALIZATION_FAILED")); + errorNames.insert(std::make_pair(6707, "ERROR_RESOURCEMANAGER_READ_ONLY")); + errorNames.insert(std::make_pair(6708, "ERROR_TRANSACTION_NOT_JOINED")); + errorNames.insert(std::make_pair(6709, "ERROR_TRANSACTION_SUPERIOR_EXISTS")); + errorNames.insert(std::make_pair(6710, "ERROR_CRM_PROTOCOL_ALREADY_EXISTS")); + errorNames.insert(std::make_pair(6711, "ERROR_TRANSACTION_PROPAGATION_FAILED")); + errorNames.insert(std::make_pair(6712, "ERROR_CRM_PROTOCOL_NOT_FOUND")); + errorNames.insert(std::make_pair(6713, "ERROR_TRANSACTION_INVALID_MARSHALL_BUFFER")); + errorNames.insert(std::make_pair(6714, "ERROR_CURRENT_TRANSACTION_NOT_VALID")); + errorNames.insert(std::make_pair(6715, "ERROR_TRANSACTION_NOT_FOUND")); + errorNames.insert(std::make_pair(6716, "ERROR_RESOURCEMANAGER_NOT_FOUND")); + errorNames.insert(std::make_pair(6717, "ERROR_ENLISTMENT_NOT_FOUND")); + errorNames.insert(std::make_pair(6718, "ERROR_TRANSACTIONMANAGER_NOT_FOUND")); + errorNames.insert(std::make_pair(6719, "ERROR_TRANSACTIONMANAGER_NOT_ONLINE")); + errorNames.insert(std::make_pair(6720, "ERROR_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION")); + errorNames.insert(std::make_pair(6721, "ERROR_TRANSACTION_NOT_ROOT")); + errorNames.insert(std::make_pair(6722, "ERROR_TRANSACTION_OBJECT_EXPIRED")); + errorNames.insert(std::make_pair(6723, "ERROR_TRANSACTION_RESPONSE_NOT_ENLISTED")); + errorNames.insert(std::make_pair(6724, "ERROR_TRANSACTION_RECORD_TOO_LONG")); + errorNames.insert(std::make_pair(6725, "ERROR_IMPLICIT_TRANSACTION_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(6726, "ERROR_TRANSACTION_INTEGRITY_VIOLATED")); + errorNames.insert(std::make_pair(6727, "ERROR_TRANSACTIONMANAGER_IDENTITY_MISMATCH")); + errorNames.insert(std::make_pair(6728, "ERROR_RM_CANNOT_BE_FROZEN_FOR_SNAPSHOT")); + errorNames.insert(std::make_pair(6729, "ERROR_TRANSACTION_MUST_WRITETHROUGH")); + errorNames.insert(std::make_pair(6730, "ERROR_TRANSACTION_NO_SUPERIOR")); + errorNames.insert(std::make_pair(6731, "ERROR_HEURISTIC_DAMAGE_POSSIBLE")); + errorNames.insert(std::make_pair(6800, "ERROR_TRANSACTIONAL_CONFLICT")); + errorNames.insert(std::make_pair(6801, "ERROR_RM_NOT_ACTIVE")); + errorNames.insert(std::make_pair(6802, "ERROR_RM_METADATA_CORRUPT")); + errorNames.insert(std::make_pair(6803, "ERROR_DIRECTORY_NOT_RM")); + errorNames.insert(std::make_pair(6805, "ERROR_TRANSACTIONS_UNSUPPORTED_REMOTE")); + errorNames.insert(std::make_pair(6806, "ERROR_LOG_RESIZE_INVALID_SIZE")); + errorNames.insert(std::make_pair(6807, "ERROR_OBJECT_NO_LONGER_EXISTS")); + errorNames.insert(std::make_pair(6808, "ERROR_STREAM_MINIVERSION_NOT_FOUND")); + errorNames.insert(std::make_pair(6809, "ERROR_STREAM_MINIVERSION_NOT_VALID")); + errorNames.insert(std::make_pair(6810, "ERROR_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION")); + errorNames.insert(std::make_pair(6811, "ERROR_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT")); + errorNames.insert(std::make_pair(6812, "ERROR_CANT_CREATE_MORE_STREAM_MINIVERSIONS")); + errorNames.insert(std::make_pair(6814, "ERROR_REMOTE_FILE_VERSION_MISMATCH")); + errorNames.insert(std::make_pair(6815, "ERROR_HANDLE_NO_LONGER_VALID")); + errorNames.insert(std::make_pair(6816, "ERROR_NO_TXF_METADATA")); + errorNames.insert(std::make_pair(6817, "ERROR_LOG_CORRUPTION_DETECTED")); + errorNames.insert(std::make_pair(6818, "ERROR_CANT_RECOVER_WITH_HANDLE_OPEN")); + errorNames.insert(std::make_pair(6819, "ERROR_RM_DISCONNECTED")); + errorNames.insert(std::make_pair(6820, "ERROR_ENLISTMENT_NOT_SUPERIOR")); + errorNames.insert(std::make_pair(6821, "ERROR_RECOVERY_NOT_NEEDED")); + errorNames.insert(std::make_pair(6822, "ERROR_RM_ALREADY_STARTED")); + errorNames.insert(std::make_pair(6823, "ERROR_FILE_IDENTITY_NOT_PERSISTENT")); + errorNames.insert(std::make_pair(6824, "ERROR_CANT_BREAK_TRANSACTIONAL_DEPENDENCY")); + errorNames.insert(std::make_pair(6825, "ERROR_CANT_CROSS_RM_BOUNDARY")); + errorNames.insert(std::make_pair(6826, "ERROR_TXF_DIR_NOT_EMPTY")); + errorNames.insert(std::make_pair(6827, "ERROR_INDOUBT_TRANSACTIONS_EXIST")); + errorNames.insert(std::make_pair(6828, "ERROR_TM_VOLATILE")); + errorNames.insert(std::make_pair(6829, "ERROR_ROLLBACK_TIMER_EXPIRED")); + errorNames.insert(std::make_pair(6830, "ERROR_TXF_ATTRIBUTE_CORRUPT")); + errorNames.insert(std::make_pair(6831, "ERROR_EFS_NOT_ALLOWED_IN_TRANSACTION")); + errorNames.insert(std::make_pair(6832, "ERROR_TRANSACTIONAL_OPEN_NOT_ALLOWED")); + errorNames.insert(std::make_pair(6833, "ERROR_LOG_GROWTH_FAILED")); + errorNames.insert(std::make_pair(6834, "ERROR_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE")); + errorNames.insert(std::make_pair(6835, "ERROR_TXF_METADATA_ALREADY_PRESENT")); + errorNames.insert(std::make_pair(6836, "ERROR_TRANSACTION_SCOPE_CALLBACKS_NOT_SET")); + errorNames.insert(std::make_pair(6837, "ERROR_TRANSACTION_REQUIRED_PROMOTION")); + errorNames.insert(std::make_pair(6838, "ERROR_CANNOT_EXECUTE_FILE_IN_TRANSACTION")); + errorNames.insert(std::make_pair(6839, "ERROR_TRANSACTIONS_NOT_FROZEN")); + errorNames.insert(std::make_pair(6840, "ERROR_TRANSACTION_FREEZE_IN_PROGRESS")); + errorNames.insert(std::make_pair(6841, "ERROR_NOT_SNAPSHOT_VOLUME")); + errorNames.insert(std::make_pair(6842, "ERROR_NO_SAVEPOINT_WITH_OPEN_FILES")); + errorNames.insert(std::make_pair(6843, "ERROR_DATA_LOST_REPAIR")); + errorNames.insert(std::make_pair(6844, "ERROR_SPARSE_NOT_ALLOWED_IN_TRANSACTION")); + errorNames.insert(std::make_pair(6845, "ERROR_TM_IDENTITY_MISMATCH")); + errorNames.insert(std::make_pair(6846, "ERROR_FLOATED_SECTION")); + errorNames.insert(std::make_pair(6847, "ERROR_CANNOT_ACCEPT_TRANSACTED_WORK")); + errorNames.insert(std::make_pair(6848, "ERROR_CANNOT_ABORT_TRANSACTIONS")); + errorNames.insert(std::make_pair(6849, "ERROR_BAD_CLUSTERS")); + errorNames.insert(std::make_pair(6850, "ERROR_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION")); + errorNames.insert(std::make_pair(6851, "ERROR_VOLUME_DIRTY")); + errorNames.insert(std::make_pair(6852, "ERROR_NO_LINK_TRACKING_IN_TRANSACTION")); + errorNames.insert(std::make_pair(6853, "ERROR_OPERATION_NOT_SUPPORTED_IN_TRANSACTION")); + errorNames.insert(std::make_pair(6854, "ERROR_EXPIRED_HANDLE")); + errorNames.insert(std::make_pair(6855, "ERROR_TRANSACTION_NOT_ENLISTED")); + errorNames.insert(std::make_pair(7001, "ERROR_CTX_WINSTATION_NAME_INVALID")); + errorNames.insert(std::make_pair(7002, "ERROR_CTX_INVALID_PD")); + errorNames.insert(std::make_pair(7003, "ERROR_CTX_PD_NOT_FOUND")); + errorNames.insert(std::make_pair(7004, "ERROR_CTX_WD_NOT_FOUND")); + errorNames.insert(std::make_pair(7005, "ERROR_CTX_CANNOT_MAKE_EVENTLOG_ENTRY")); + errorNames.insert(std::make_pair(7006, "ERROR_CTX_SERVICE_NAME_COLLISION")); + errorNames.insert(std::make_pair(7007, "ERROR_CTX_CLOSE_PENDING")); + errorNames.insert(std::make_pair(7008, "ERROR_CTX_NO_OUTBUF")); + errorNames.insert(std::make_pair(7009, "ERROR_CTX_MODEM_INF_NOT_FOUND")); + errorNames.insert(std::make_pair(7010, "ERROR_CTX_INVALID_MODEMNAME")); + errorNames.insert(std::make_pair(7011, "ERROR_CTX_MODEM_RESPONSE_ERROR")); + errorNames.insert(std::make_pair(7012, "ERROR_CTX_MODEM_RESPONSE_TIMEOUT")); + errorNames.insert(std::make_pair(7013, "ERROR_CTX_MODEM_RESPONSE_NO_CARRIER")); + errorNames.insert(std::make_pair(7014, "ERROR_CTX_MODEM_RESPONSE_NO_DIALTONE")); + errorNames.insert(std::make_pair(7015, "ERROR_CTX_MODEM_RESPONSE_BUSY")); + errorNames.insert(std::make_pair(7016, "ERROR_CTX_MODEM_RESPONSE_VOICE")); + errorNames.insert(std::make_pair(7017, "ERROR_CTX_TD_ERROR")); + errorNames.insert(std::make_pair(7022, "ERROR_CTX_WINSTATION_NOT_FOUND")); + errorNames.insert(std::make_pair(7023, "ERROR_CTX_WINSTATION_ALREADY_EXISTS")); + errorNames.insert(std::make_pair(7024, "ERROR_CTX_WINSTATION_BUSY")); + errorNames.insert(std::make_pair(7025, "ERROR_CTX_BAD_VIDEO_MODE")); + errorNames.insert(std::make_pair(7035, "ERROR_CTX_GRAPHICS_INVALID")); + errorNames.insert(std::make_pair(7037, "ERROR_CTX_LOGON_DISABLED")); + errorNames.insert(std::make_pair(7038, "ERROR_CTX_NOT_CONSOLE")); + errorNames.insert(std::make_pair(7040, "ERROR_CTX_CLIENT_QUERY_TIMEOUT")); + errorNames.insert(std::make_pair(7041, "ERROR_CTX_CONSOLE_DISCONNECT")); + errorNames.insert(std::make_pair(7042, "ERROR_CTX_CONSOLE_CONNECT")); + errorNames.insert(std::make_pair(7044, "ERROR_CTX_SHADOW_DENIED")); + errorNames.insert(std::make_pair(7045, "ERROR_CTX_WINSTATION_ACCESS_DENIED")); + errorNames.insert(std::make_pair(7049, "ERROR_CTX_INVALID_WD")); + errorNames.insert(std::make_pair(7050, "ERROR_CTX_SHADOW_INVALID")); + errorNames.insert(std::make_pair(7051, "ERROR_CTX_SHADOW_DISABLED")); + errorNames.insert(std::make_pair(7052, "ERROR_CTX_CLIENT_LICENSE_IN_USE")); + errorNames.insert(std::make_pair(7053, "ERROR_CTX_CLIENT_LICENSE_NOT_SET")); + errorNames.insert(std::make_pair(7054, "ERROR_CTX_LICENSE_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(7055, "ERROR_CTX_LICENSE_CLIENT_INVALID")); + errorNames.insert(std::make_pair(7056, "ERROR_CTX_LICENSE_EXPIRED")); + errorNames.insert(std::make_pair(7057, "ERROR_CTX_SHADOW_NOT_RUNNING")); + errorNames.insert(std::make_pair(7058, "ERROR_CTX_SHADOW_ENDED_BY_MODE_CHANGE")); + errorNames.insert(std::make_pair(7059, "ERROR_ACTIVATION_COUNT_EXCEEDED")); + errorNames.insert(std::make_pair(7060, "ERROR_CTX_WINSTATIONS_DISABLED")); + errorNames.insert(std::make_pair(7061, "ERROR_CTX_ENCRYPTION_LEVEL_REQUIRED")); + errorNames.insert(std::make_pair(7062, "ERROR_CTX_SESSION_IN_USE")); + errorNames.insert(std::make_pair(7063, "ERROR_CTX_NO_FORCE_LOGOFF")); + errorNames.insert(std::make_pair(7064, "ERROR_CTX_ACCOUNT_RESTRICTION")); + errorNames.insert(std::make_pair(7065, "ERROR_RDP_PROTOCOL_ERROR")); + errorNames.insert(std::make_pair(7066, "ERROR_CTX_CDM_CONNECT")); + errorNames.insert(std::make_pair(7067, "ERROR_CTX_CDM_DISCONNECT")); + errorNames.insert(std::make_pair(7068, "ERROR_CTX_SECURITY_LAYER_ERROR")); + errorNames.insert(std::make_pair(7069, "ERROR_TS_INCOMPATIBLE_SESSIONS")); + errorNames.insert(std::make_pair(7070, "ERROR_TS_VIDEO_SUBSYSTEM_ERROR")); + errorNames.insert(std::make_pair(8200, "ERROR_DS_NOT_INSTALLED")); + errorNames.insert(std::make_pair(8201, "ERROR_DS_MEMBERSHIP_EVALUATED_LOCALLY")); + errorNames.insert(std::make_pair(8202, "ERROR_DS_NO_ATTRIBUTE_OR_VALUE")); + errorNames.insert(std::make_pair(8203, "ERROR_DS_INVALID_ATTRIBUTE_SYNTAX")); + errorNames.insert(std::make_pair(8204, "ERROR_DS_ATTRIBUTE_TYPE_UNDEFINED")); + errorNames.insert(std::make_pair(8205, "ERROR_DS_ATTRIBUTE_OR_VALUE_EXISTS")); + errorNames.insert(std::make_pair(8206, "ERROR_DS_BUSY")); + errorNames.insert(std::make_pair(8207, "ERROR_DS_UNAVAILABLE")); + errorNames.insert(std::make_pair(8208, "ERROR_DS_NO_RIDS_ALLOCATED")); + errorNames.insert(std::make_pair(8209, "ERROR_DS_NO_MORE_RIDS")); + errorNames.insert(std::make_pair(8210, "ERROR_DS_INCORRECT_ROLE_OWNER")); + errorNames.insert(std::make_pair(8211, "ERROR_DS_RIDMGR_INIT_ERROR")); + errorNames.insert(std::make_pair(8212, "ERROR_DS_OBJ_CLASS_VIOLATION")); + errorNames.insert(std::make_pair(8213, "ERROR_DS_CANT_ON_NON_LEAF")); + errorNames.insert(std::make_pair(8214, "ERROR_DS_CANT_ON_RDN")); + errorNames.insert(std::make_pair(8215, "ERROR_DS_CANT_MOD_OBJ_CLASS")); + errorNames.insert(std::make_pair(8216, "ERROR_DS_CROSS_DOM_MOVE_ERROR")); + errorNames.insert(std::make_pair(8217, "ERROR_DS_GC_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(8218, "ERROR_SHARED_POLICY")); + errorNames.insert(std::make_pair(8219, "ERROR_POLICY_OBJECT_NOT_FOUND")); + errorNames.insert(std::make_pair(8220, "ERROR_POLICY_ONLY_IN_DS")); + errorNames.insert(std::make_pair(8221, "ERROR_PROMOTION_ACTIVE")); + errorNames.insert(std::make_pair(8222, "ERROR_NO_PROMOTION_ACTIVE")); + errorNames.insert(std::make_pair(8224, "ERROR_DS_OPERATIONS_ERROR")); + errorNames.insert(std::make_pair(8225, "ERROR_DS_PROTOCOL_ERROR")); + errorNames.insert(std::make_pair(8226, "ERROR_DS_TIMELIMIT_EXCEEDED")); + errorNames.insert(std::make_pair(8227, "ERROR_DS_SIZELIMIT_EXCEEDED")); + errorNames.insert(std::make_pair(8228, "ERROR_DS_ADMIN_LIMIT_EXCEEDED")); + errorNames.insert(std::make_pair(8229, "ERROR_DS_COMPARE_FALSE")); + errorNames.insert(std::make_pair(8230, "ERROR_DS_COMPARE_TRUE")); + errorNames.insert(std::make_pair(8231, "ERROR_DS_AUTH_METHOD_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(8232, "ERROR_DS_STRONG_AUTH_REQUIRED")); + errorNames.insert(std::make_pair(8233, "ERROR_DS_INAPPROPRIATE_AUTH")); + errorNames.insert(std::make_pair(8234, "ERROR_DS_AUTH_UNKNOWN")); + errorNames.insert(std::make_pair(8235, "ERROR_DS_REFERRAL")); + errorNames.insert(std::make_pair(8236, "ERROR_DS_UNAVAILABLE_CRIT_EXTENSION")); + errorNames.insert(std::make_pair(8237, "ERROR_DS_CONFIDENTIALITY_REQUIRED")); + errorNames.insert(std::make_pair(8238, "ERROR_DS_INAPPROPRIATE_MATCHING")); + errorNames.insert(std::make_pair(8239, "ERROR_DS_CONSTRAINT_VIOLATION")); + errorNames.insert(std::make_pair(8240, "ERROR_DS_NO_SUCH_OBJECT")); + errorNames.insert(std::make_pair(8241, "ERROR_DS_ALIAS_PROBLEM")); + errorNames.insert(std::make_pair(8242, "ERROR_DS_INVALID_DN_SYNTAX")); + errorNames.insert(std::make_pair(8243, "ERROR_DS_IS_LEAF")); + errorNames.insert(std::make_pair(8244, "ERROR_DS_ALIAS_DEREF_PROBLEM")); + errorNames.insert(std::make_pair(8245, "ERROR_DS_UNWILLING_TO_PERFORM")); + errorNames.insert(std::make_pair(8246, "ERROR_DS_LOOP_DETECT")); + errorNames.insert(std::make_pair(8247, "ERROR_DS_NAMING_VIOLATION")); + errorNames.insert(std::make_pair(8248, "ERROR_DS_OBJECT_RESULTS_TOO_LARGE")); + errorNames.insert(std::make_pair(8249, "ERROR_DS_AFFECTS_MULTIPLE_DSAS")); + errorNames.insert(std::make_pair(8250, "ERROR_DS_SERVER_DOWN")); + errorNames.insert(std::make_pair(8251, "ERROR_DS_LOCAL_ERROR")); + errorNames.insert(std::make_pair(8252, "ERROR_DS_ENCODING_ERROR")); + errorNames.insert(std::make_pair(8253, "ERROR_DS_DECODING_ERROR")); + errorNames.insert(std::make_pair(8254, "ERROR_DS_FILTER_UNKNOWN")); + errorNames.insert(std::make_pair(8255, "ERROR_DS_PARAM_ERROR")); + errorNames.insert(std::make_pair(8256, "ERROR_DS_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(8257, "ERROR_DS_NO_RESULTS_RETURNED")); + errorNames.insert(std::make_pair(8258, "ERROR_DS_CONTROL_NOT_FOUND")); + errorNames.insert(std::make_pair(8259, "ERROR_DS_CLIENT_LOOP")); + errorNames.insert(std::make_pair(8260, "ERROR_DS_REFERRAL_LIMIT_EXCEEDED")); + errorNames.insert(std::make_pair(8261, "ERROR_DS_SORT_CONTROL_MISSING")); + errorNames.insert(std::make_pair(8262, "ERROR_DS_OFFSET_RANGE_ERROR")); + errorNames.insert(std::make_pair(8301, "ERROR_DS_ROOT_MUST_BE_NC")); + errorNames.insert(std::make_pair(8302, "ERROR_DS_ADD_REPLICA_INHIBITED")); + errorNames.insert(std::make_pair(8303, "ERROR_DS_ATT_NOT_DEF_IN_SCHEMA")); + errorNames.insert(std::make_pair(8304, "ERROR_DS_MAX_OBJ_SIZE_EXCEEDED")); + errorNames.insert(std::make_pair(8305, "ERROR_DS_OBJ_STRING_NAME_EXISTS")); + errorNames.insert(std::make_pair(8306, "ERROR_DS_NO_RDN_DEFINED_IN_SCHEMA")); + errorNames.insert(std::make_pair(8307, "ERROR_DS_RDN_DOESNT_MATCH_SCHEMA")); + errorNames.insert(std::make_pair(8308, "ERROR_DS_NO_REQUESTED_ATTS_FOUND")); + errorNames.insert(std::make_pair(8309, "ERROR_DS_USER_BUFFER_TO_SMALL")); + errorNames.insert(std::make_pair(8310, "ERROR_DS_ATT_IS_NOT_ON_OBJ")); + errorNames.insert(std::make_pair(8311, "ERROR_DS_ILLEGAL_MOD_OPERATION")); + errorNames.insert(std::make_pair(8312, "ERROR_DS_OBJ_TOO_LARGE")); + errorNames.insert(std::make_pair(8313, "ERROR_DS_BAD_INSTANCE_TYPE")); + errorNames.insert(std::make_pair(8314, "ERROR_DS_MASTERDSA_REQUIRED")); + errorNames.insert(std::make_pair(8315, "ERROR_DS_OBJECT_CLASS_REQUIRED")); + errorNames.insert(std::make_pair(8316, "ERROR_DS_MISSING_REQUIRED_ATT")); + errorNames.insert(std::make_pair(8317, "ERROR_DS_ATT_NOT_DEF_FOR_CLASS")); + errorNames.insert(std::make_pair(8318, "ERROR_DS_ATT_ALREADY_EXISTS")); + errorNames.insert(std::make_pair(8320, "ERROR_DS_CANT_ADD_ATT_VALUES")); + errorNames.insert(std::make_pair(8321, "ERROR_DS_SINGLE_VALUE_CONSTRAINT")); + errorNames.insert(std::make_pair(8322, "ERROR_DS_RANGE_CONSTRAINT")); + errorNames.insert(std::make_pair(8323, "ERROR_DS_ATT_VAL_ALREADY_EXISTS")); + errorNames.insert(std::make_pair(8324, "ERROR_DS_CANT_REM_MISSING_ATT")); + errorNames.insert(std::make_pair(8325, "ERROR_DS_CANT_REM_MISSING_ATT_VAL")); + errorNames.insert(std::make_pair(8326, "ERROR_DS_ROOT_CANT_BE_SUBREF")); + errorNames.insert(std::make_pair(8327, "ERROR_DS_NO_CHAINING")); + errorNames.insert(std::make_pair(8328, "ERROR_DS_NO_CHAINED_EVAL")); + errorNames.insert(std::make_pair(8329, "ERROR_DS_NO_PARENT_OBJECT")); + errorNames.insert(std::make_pair(8330, "ERROR_DS_PARENT_IS_AN_ALIAS")); + errorNames.insert(std::make_pair(8331, "ERROR_DS_CANT_MIX_MASTER_AND_REPS")); + errorNames.insert(std::make_pair(8332, "ERROR_DS_CHILDREN_EXIST")); + errorNames.insert(std::make_pair(8333, "ERROR_DS_OBJ_NOT_FOUND")); + errorNames.insert(std::make_pair(8334, "ERROR_DS_ALIASED_OBJ_MISSING")); + errorNames.insert(std::make_pair(8335, "ERROR_DS_BAD_NAME_SYNTAX")); + errorNames.insert(std::make_pair(8336, "ERROR_DS_ALIAS_POINTS_TO_ALIAS")); + errorNames.insert(std::make_pair(8337, "ERROR_DS_CANT_DEREF_ALIAS")); + errorNames.insert(std::make_pair(8338, "ERROR_DS_OUT_OF_SCOPE")); + errorNames.insert(std::make_pair(8339, "ERROR_DS_OBJECT_BEING_REMOVED")); + errorNames.insert(std::make_pair(8340, "ERROR_DS_CANT_DELETE_DSA_OBJ")); + errorNames.insert(std::make_pair(8341, "ERROR_DS_GENERIC_ERROR")); + errorNames.insert(std::make_pair(8342, "ERROR_DS_DSA_MUST_BE_INT_MASTER")); + errorNames.insert(std::make_pair(8343, "ERROR_DS_CLASS_NOT_DSA")); + errorNames.insert(std::make_pair(8344, "ERROR_DS_INSUFF_ACCESS_RIGHTS")); + errorNames.insert(std::make_pair(8345, "ERROR_DS_ILLEGAL_SUPERIOR")); + errorNames.insert(std::make_pair(8346, "ERROR_DS_ATTRIBUTE_OWNED_BY_SAM")); + errorNames.insert(std::make_pair(8347, "ERROR_DS_NAME_TOO_MANY_PARTS")); + errorNames.insert(std::make_pair(8348, "ERROR_DS_NAME_TOO_LONG")); + errorNames.insert(std::make_pair(8349, "ERROR_DS_NAME_VALUE_TOO_LONG")); + errorNames.insert(std::make_pair(8350, "ERROR_DS_NAME_UNPARSEABLE")); + errorNames.insert(std::make_pair(8351, "ERROR_DS_NAME_TYPE_UNKNOWN")); + errorNames.insert(std::make_pair(8352, "ERROR_DS_NOT_AN_OBJECT")); + errorNames.insert(std::make_pair(8353, "ERROR_DS_SEC_DESC_TOO_SHORT")); + errorNames.insert(std::make_pair(8354, "ERROR_DS_SEC_DESC_INVALID")); + errorNames.insert(std::make_pair(8355, "ERROR_DS_NO_DELETED_NAME")); + errorNames.insert(std::make_pair(8356, "ERROR_DS_SUBREF_MUST_HAVE_PARENT")); + errorNames.insert(std::make_pair(8357, "ERROR_DS_NCNAME_MUST_BE_NC")); + errorNames.insert(std::make_pair(8358, "ERROR_DS_CANT_ADD_SYSTEM_ONLY")); + errorNames.insert(std::make_pair(8359, "ERROR_DS_CLASS_MUST_BE_CONCRETE")); + errorNames.insert(std::make_pair(8360, "ERROR_DS_INVALID_DMD")); + errorNames.insert(std::make_pair(8361, "ERROR_DS_OBJ_GUID_EXISTS")); + errorNames.insert(std::make_pair(8362, "ERROR_DS_NOT_ON_BACKLINK")); + errorNames.insert(std::make_pair(8363, "ERROR_DS_NO_CROSSREF_FOR_NC")); + errorNames.insert(std::make_pair(8364, "ERROR_DS_SHUTTING_DOWN")); + errorNames.insert(std::make_pair(8365, "ERROR_DS_UNKNOWN_OPERATION")); + errorNames.insert(std::make_pair(8366, "ERROR_DS_INVALID_ROLE_OWNER")); + errorNames.insert(std::make_pair(8367, "ERROR_DS_COULDNT_CONTACT_FSMO")); + errorNames.insert(std::make_pair(8368, "ERROR_DS_CROSS_NC_DN_RENAME")); + errorNames.insert(std::make_pair(8369, "ERROR_DS_CANT_MOD_SYSTEM_ONLY")); + errorNames.insert(std::make_pair(8370, "ERROR_DS_REPLICATOR_ONLY")); + errorNames.insert(std::make_pair(8371, "ERROR_DS_OBJ_CLASS_NOT_DEFINED")); + errorNames.insert(std::make_pair(8372, "ERROR_DS_OBJ_CLASS_NOT_SUBCLASS")); + errorNames.insert(std::make_pair(8373, "ERROR_DS_NAME_REFERENCE_INVALID")); + errorNames.insert(std::make_pair(8374, "ERROR_DS_CROSS_REF_EXISTS")); + errorNames.insert(std::make_pair(8375, "ERROR_DS_CANT_DEL_MASTER_CROSSREF")); + errorNames.insert(std::make_pair(8376, "ERROR_DS_SUBTREE_NOTIFY_NOT_NC_HEAD")); + errorNames.insert(std::make_pair(8377, "ERROR_DS_NOTIFY_FILTER_TOO_COMPLEX")); + errorNames.insert(std::make_pair(8378, "ERROR_DS_DUP_RDN")); + errorNames.insert(std::make_pair(8379, "ERROR_DS_DUP_OID")); + errorNames.insert(std::make_pair(8380, "ERROR_DS_DUP_MAPI_ID")); + errorNames.insert(std::make_pair(8381, "ERROR_DS_DUP_SCHEMA_ID_GUID")); + errorNames.insert(std::make_pair(8382, "ERROR_DS_DUP_LDAP_DISPLAY_NAME")); + errorNames.insert(std::make_pair(8383, "ERROR_DS_SEMANTIC_ATT_TEST")); + errorNames.insert(std::make_pair(8384, "ERROR_DS_SYNTAX_MISMATCH")); + errorNames.insert(std::make_pair(8385, "ERROR_DS_EXISTS_IN_MUST_HAVE")); + errorNames.insert(std::make_pair(8386, "ERROR_DS_EXISTS_IN_MAY_HAVE")); + errorNames.insert(std::make_pair(8387, "ERROR_DS_NONEXISTENT_MAY_HAVE")); + errorNames.insert(std::make_pair(8388, "ERROR_DS_NONEXISTENT_MUST_HAVE")); + errorNames.insert(std::make_pair(8389, "ERROR_DS_AUX_CLS_TEST_FAIL")); + errorNames.insert(std::make_pair(8390, "ERROR_DS_NONEXISTENT_POSS_SUP")); + errorNames.insert(std::make_pair(8391, "ERROR_DS_SUB_CLS_TEST_FAIL")); + errorNames.insert(std::make_pair(8392, "ERROR_DS_BAD_RDN_ATT_ID_SYNTAX")); + errorNames.insert(std::make_pair(8393, "ERROR_DS_EXISTS_IN_AUX_CLS")); + errorNames.insert(std::make_pair(8394, "ERROR_DS_EXISTS_IN_SUB_CLS")); + errorNames.insert(std::make_pair(8395, "ERROR_DS_EXISTS_IN_POSS_SUP")); + errorNames.insert(std::make_pair(8396, "ERROR_DS_RECALCSCHEMA_FAILED")); + errorNames.insert(std::make_pair(8397, "ERROR_DS_TREE_DELETE_NOT_FINISHED")); + errorNames.insert(std::make_pair(8398, "ERROR_DS_CANT_DELETE")); + errorNames.insert(std::make_pair(8399, "ERROR_DS_ATT_SCHEMA_REQ_ID")); + errorNames.insert(std::make_pair(8400, "ERROR_DS_BAD_ATT_SCHEMA_SYNTAX")); + errorNames.insert(std::make_pair(8401, "ERROR_DS_CANT_CACHE_ATT")); + errorNames.insert(std::make_pair(8402, "ERROR_DS_CANT_CACHE_CLASS")); + errorNames.insert(std::make_pair(8403, "ERROR_DS_CANT_REMOVE_ATT_CACHE")); + errorNames.insert(std::make_pair(8404, "ERROR_DS_CANT_REMOVE_CLASS_CACHE")); + errorNames.insert(std::make_pair(8405, "ERROR_DS_CANT_RETRIEVE_DN")); + errorNames.insert(std::make_pair(8406, "ERROR_DS_MISSING_SUPREF")); + errorNames.insert(std::make_pair(8407, "ERROR_DS_CANT_RETRIEVE_INSTANCE")); + errorNames.insert(std::make_pair(8408, "ERROR_DS_CODE_INCONSISTENCY")); + errorNames.insert(std::make_pair(8409, "ERROR_DS_DATABASE_ERROR")); + errorNames.insert(std::make_pair(8410, "ERROR_DS_GOVERNSID_MISSING")); + errorNames.insert(std::make_pair(8411, "ERROR_DS_MISSING_EXPECTED_ATT")); + errorNames.insert(std::make_pair(8412, "ERROR_DS_NCNAME_MISSING_CR_REF")); + errorNames.insert(std::make_pair(8413, "ERROR_DS_SECURITY_CHECKING_ERROR")); + errorNames.insert(std::make_pair(8414, "ERROR_DS_SCHEMA_NOT_LOADED")); + errorNames.insert(std::make_pair(8415, "ERROR_DS_SCHEMA_ALLOC_FAILED")); + errorNames.insert(std::make_pair(8416, "ERROR_DS_ATT_SCHEMA_REQ_SYNTAX")); + errorNames.insert(std::make_pair(8417, "ERROR_DS_GCVERIFY_ERROR")); + errorNames.insert(std::make_pair(8418, "ERROR_DS_DRA_SCHEMA_MISMATCH")); + errorNames.insert(std::make_pair(8419, "ERROR_DS_CANT_FIND_DSA_OBJ")); + errorNames.insert(std::make_pair(8420, "ERROR_DS_CANT_FIND_EXPECTED_NC")); + errorNames.insert(std::make_pair(8421, "ERROR_DS_CANT_FIND_NC_IN_CACHE")); + errorNames.insert(std::make_pair(8422, "ERROR_DS_CANT_RETRIEVE_CHILD")); + errorNames.insert(std::make_pair(8423, "ERROR_DS_SECURITY_ILLEGAL_MODIFY")); + errorNames.insert(std::make_pair(8424, "ERROR_DS_CANT_REPLACE_HIDDEN_REC")); + errorNames.insert(std::make_pair(8425, "ERROR_DS_BAD_HIERARCHY_FILE")); + errorNames.insert(std::make_pair(8426, "ERROR_DS_BUILD_HIERARCHY_TABLE_FAILED")); + errorNames.insert(std::make_pair(8427, "ERROR_DS_CONFIG_PARAM_MISSING")); + errorNames.insert(std::make_pair(8428, "ERROR_DS_COUNTING_AB_INDICES_FAILED")); + errorNames.insert(std::make_pair(8429, "ERROR_DS_HIERARCHY_TABLE_MALLOC_FAILED")); + errorNames.insert(std::make_pair(8430, "ERROR_DS_INTERNAL_FAILURE")); + errorNames.insert(std::make_pair(8431, "ERROR_DS_UNKNOWN_ERROR")); + errorNames.insert(std::make_pair(8432, "ERROR_DS_ROOT_REQUIRES_CLASS_TOP")); + errorNames.insert(std::make_pair(8433, "ERROR_DS_REFUSING_FSMO_ROLES")); + errorNames.insert(std::make_pair(8434, "ERROR_DS_MISSING_FSMO_SETTINGS")); + errorNames.insert(std::make_pair(8435, "ERROR_DS_UNABLE_TO_SURRENDER_ROLES")); + errorNames.insert(std::make_pair(8436, "ERROR_DS_DRA_GENERIC")); + errorNames.insert(std::make_pair(8437, "ERROR_DS_DRA_INVALID_PARAMETER")); + errorNames.insert(std::make_pair(8438, "ERROR_DS_DRA_BUSY")); + errorNames.insert(std::make_pair(8439, "ERROR_DS_DRA_BAD_DN")); + errorNames.insert(std::make_pair(8440, "ERROR_DS_DRA_BAD_NC")); + errorNames.insert(std::make_pair(8441, "ERROR_DS_DRA_DN_EXISTS")); + errorNames.insert(std::make_pair(8442, "ERROR_DS_DRA_INTERNAL_ERROR")); + errorNames.insert(std::make_pair(8443, "ERROR_DS_DRA_INCONSISTENT_DIT")); + errorNames.insert(std::make_pair(8444, "ERROR_DS_DRA_CONNECTION_FAILED")); + errorNames.insert(std::make_pair(8445, "ERROR_DS_DRA_BAD_INSTANCE_TYPE")); + errorNames.insert(std::make_pair(8446, "ERROR_DS_DRA_OUT_OF_MEM")); + errorNames.insert(std::make_pair(8447, "ERROR_DS_DRA_MAIL_PROBLEM")); + errorNames.insert(std::make_pair(8448, "ERROR_DS_DRA_REF_ALREADY_EXISTS")); + errorNames.insert(std::make_pair(8449, "ERROR_DS_DRA_REF_NOT_FOUND")); + errorNames.insert(std::make_pair(8450, "ERROR_DS_DRA_OBJ_IS_REP_SOURCE")); + errorNames.insert(std::make_pair(8451, "ERROR_DS_DRA_DB_ERROR")); + errorNames.insert(std::make_pair(8452, "ERROR_DS_DRA_NO_REPLICA")); + errorNames.insert(std::make_pair(8453, "ERROR_DS_DRA_ACCESS_DENIED")); + errorNames.insert(std::make_pair(8454, "ERROR_DS_DRA_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(8455, "ERROR_DS_DRA_RPC_CANCELLED")); + errorNames.insert(std::make_pair(8456, "ERROR_DS_DRA_SOURCE_DISABLED")); + errorNames.insert(std::make_pair(8457, "ERROR_DS_DRA_SINK_DISABLED")); + errorNames.insert(std::make_pair(8458, "ERROR_DS_DRA_NAME_COLLISION")); + errorNames.insert(std::make_pair(8459, "ERROR_DS_DRA_SOURCE_REINSTALLED")); + errorNames.insert(std::make_pair(8460, "ERROR_DS_DRA_MISSING_PARENT")); + errorNames.insert(std::make_pair(8461, "ERROR_DS_DRA_PREEMPTED")); + errorNames.insert(std::make_pair(8462, "ERROR_DS_DRA_ABANDON_SYNC")); + errorNames.insert(std::make_pair(8463, "ERROR_DS_DRA_SHUTDOWN")); + errorNames.insert(std::make_pair(8464, "ERROR_DS_DRA_INCOMPATIBLE_PARTIAL_SET")); + errorNames.insert(std::make_pair(8465, "ERROR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA")); + errorNames.insert(std::make_pair(8466, "ERROR_DS_DRA_EXTN_CONNECTION_FAILED")); + errorNames.insert(std::make_pair(8467, "ERROR_DS_INSTALL_SCHEMA_MISMATCH")); + errorNames.insert(std::make_pair(8468, "ERROR_DS_DUP_LINK_ID")); + errorNames.insert(std::make_pair(8469, "ERROR_DS_NAME_ERROR_RESOLVING")); + errorNames.insert(std::make_pair(8470, "ERROR_DS_NAME_ERROR_NOT_FOUND")); + errorNames.insert(std::make_pair(8471, "ERROR_DS_NAME_ERROR_NOT_UNIQUE")); + errorNames.insert(std::make_pair(8472, "ERROR_DS_NAME_ERROR_NO_MAPPING")); + errorNames.insert(std::make_pair(8473, "ERROR_DS_NAME_ERROR_DOMAIN_ONLY")); + errorNames.insert(std::make_pair(8474, "ERROR_DS_NAME_ERROR_NO_SYNTACTICAL_MAPPING")); + errorNames.insert(std::make_pair(8475, "ERROR_DS_CONSTRUCTED_ATT_MOD")); + errorNames.insert(std::make_pair(8476, "ERROR_DS_WRONG_OM_OBJ_CLASS")); + errorNames.insert(std::make_pair(8477, "ERROR_DS_DRA_REPL_PENDING")); + errorNames.insert(std::make_pair(8478, "ERROR_DS_DS_REQUIRED")); + errorNames.insert(std::make_pair(8479, "ERROR_DS_INVALID_LDAP_DISPLAY_NAME")); + errorNames.insert(std::make_pair(8480, "ERROR_DS_NON_BASE_SEARCH")); + errorNames.insert(std::make_pair(8481, "ERROR_DS_CANT_RETRIEVE_ATTS")); + errorNames.insert(std::make_pair(8482, "ERROR_DS_BACKLINK_WITHOUT_LINK")); + errorNames.insert(std::make_pair(8483, "ERROR_DS_EPOCH_MISMATCH")); + errorNames.insert(std::make_pair(8484, "ERROR_DS_SRC_NAME_MISMATCH")); + errorNames.insert(std::make_pair(8485, "ERROR_DS_SRC_AND_DST_NC_IDENTICAL")); + errorNames.insert(std::make_pair(8486, "ERROR_DS_DST_NC_MISMATCH")); + errorNames.insert(std::make_pair(8487, "ERROR_DS_NOT_AUTHORITIVE_FOR_DST_NC")); + errorNames.insert(std::make_pair(8488, "ERROR_DS_SRC_GUID_MISMATCH")); + errorNames.insert(std::make_pair(8489, "ERROR_DS_CANT_MOVE_DELETED_OBJECT")); + errorNames.insert(std::make_pair(8490, "ERROR_DS_PDC_OPERATION_IN_PROGRESS")); + errorNames.insert(std::make_pair(8491, "ERROR_DS_CROSS_DOMAIN_CLEANUP_REQD")); + errorNames.insert(std::make_pair(8492, "ERROR_DS_ILLEGAL_XDOM_MOVE_OPERATION")); + errorNames.insert(std::make_pair(8493, "ERROR_DS_CANT_WITH_ACCT_GROUP_MEMBERSHPS")); + errorNames.insert(std::make_pair(8494, "ERROR_DS_NC_MUST_HAVE_NC_PARENT")); + errorNames.insert(std::make_pair(8495, "ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE")); + errorNames.insert(std::make_pair(8496, "ERROR_DS_DST_DOMAIN_NOT_NATIVE")); + errorNames.insert(std::make_pair(8497, "ERROR_DS_MISSING_INFRASTRUCTURE_CONTAINER")); + errorNames.insert(std::make_pair(8498, "ERROR_DS_CANT_MOVE_ACCOUNT_GROUP")); + errorNames.insert(std::make_pair(8499, "ERROR_DS_CANT_MOVE_RESOURCE_GROUP")); + errorNames.insert(std::make_pair(8500, "ERROR_DS_INVALID_SEARCH_FLAG")); + errorNames.insert(std::make_pair(8501, "ERROR_DS_NO_TREE_DELETE_ABOVE_NC")); + errorNames.insert(std::make_pair(8502, "ERROR_DS_COULDNT_LOCK_TREE_FOR_DELETE")); + errorNames.insert(std::make_pair(8503, "ERROR_DS_COULDNT_IDENTIFY_OBJECTS_FOR_TREE_DELETE")); + errorNames.insert(std::make_pair(8504, "ERROR_DS_SAM_INIT_FAILURE")); + errorNames.insert(std::make_pair(8505, "ERROR_DS_SENSITIVE_GROUP_VIOLATION")); + errorNames.insert(std::make_pair(8506, "ERROR_DS_CANT_MOD_PRIMARYGROUPID")); + errorNames.insert(std::make_pair(8507, "ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD")); + errorNames.insert(std::make_pair(8508, "ERROR_DS_NONSAFE_SCHEMA_CHANGE")); + errorNames.insert(std::make_pair(8509, "ERROR_DS_SCHEMA_UPDATE_DISALLOWED")); + errorNames.insert(std::make_pair(8510, "ERROR_DS_CANT_CREATE_UNDER_SCHEMA")); + errorNames.insert(std::make_pair(8511, "ERROR_DS_INSTALL_NO_SRC_SCH_VERSION")); + errorNames.insert(std::make_pair(8512, "ERROR_DS_INSTALL_NO_SCH_VERSION_IN_INIFILE")); + errorNames.insert(std::make_pair(8513, "ERROR_DS_INVALID_GROUP_TYPE")); + errorNames.insert(std::make_pair(8514, "ERROR_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN")); + errorNames.insert(std::make_pair(8515, "ERROR_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN")); + errorNames.insert(std::make_pair(8516, "ERROR_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER")); + errorNames.insert(std::make_pair(8517, "ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER")); + errorNames.insert(std::make_pair(8518, "ERROR_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER")); + errorNames.insert(std::make_pair(8519, "ERROR_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER")); + errorNames.insert(std::make_pair(8520, "ERROR_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER")); + errorNames.insert(std::make_pair(8521, "ERROR_DS_HAVE_PRIMARY_MEMBERS")); + errorNames.insert(std::make_pair(8522, "ERROR_DS_STRING_SD_CONVERSION_FAILED")); + errorNames.insert(std::make_pair(8523, "ERROR_DS_NAMING_MASTER_GC")); + errorNames.insert(std::make_pair(8524, "ERROR_DS_DNS_LOOKUP_FAILURE")); + errorNames.insert(std::make_pair(8525, "ERROR_DS_COULDNT_UPDATE_SPNS")); + errorNames.insert(std::make_pair(8526, "ERROR_DS_CANT_RETRIEVE_SD")); + errorNames.insert(std::make_pair(8527, "ERROR_DS_KEY_NOT_UNIQUE")); + errorNames.insert(std::make_pair(8528, "ERROR_DS_WRONG_LINKED_ATT_SYNTAX")); + errorNames.insert(std::make_pair(8529, "ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD")); + errorNames.insert(std::make_pair(8530, "ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY")); + errorNames.insert(std::make_pair(8531, "ERROR_DS_CANT_START")); + errorNames.insert(std::make_pair(8532, "ERROR_DS_INIT_FAILURE")); + errorNames.insert(std::make_pair(8533, "ERROR_DS_NO_PKT_PRIVACY_ON_CONNECTION")); + errorNames.insert(std::make_pair(8534, "ERROR_DS_SOURCE_DOMAIN_IN_FOREST")); + errorNames.insert(std::make_pair(8535, "ERROR_DS_DESTINATION_DOMAIN_NOT_IN_FOREST")); + errorNames.insert(std::make_pair(8536, "ERROR_DS_DESTINATION_AUDITING_NOT_ENABLED")); + errorNames.insert(std::make_pair(8537, "ERROR_DS_CANT_FIND_DC_FOR_SRC_DOMAIN")); + errorNames.insert(std::make_pair(8538, "ERROR_DS_SRC_OBJ_NOT_GROUP_OR_USER")); + errorNames.insert(std::make_pair(8539, "ERROR_DS_SRC_SID_EXISTS_IN_FOREST")); + errorNames.insert(std::make_pair(8540, "ERROR_DS_SRC_AND_DST_OBJECT_CLASS_MISMATCH")); + errorNames.insert(std::make_pair(8541, "ERROR_SAM_INIT_FAILURE")); + errorNames.insert(std::make_pair(8542, "ERROR_DS_DRA_SCHEMA_INFO_SHIP")); + errorNames.insert(std::make_pair(8543, "ERROR_DS_DRA_SCHEMA_CONFLICT")); + errorNames.insert(std::make_pair(8544, "ERROR_DS_DRA_EARLIER_SCHEMA_CONFLICT")); + errorNames.insert(std::make_pair(8545, "ERROR_DS_DRA_OBJ_NC_MISMATCH")); + errorNames.insert(std::make_pair(8546, "ERROR_DS_NC_STILL_HAS_DSAS")); + errorNames.insert(std::make_pair(8547, "ERROR_DS_GC_REQUIRED")); + errorNames.insert(std::make_pair(8548, "ERROR_DS_LOCAL_MEMBER_OF_LOCAL_ONLY")); + errorNames.insert(std::make_pair(8549, "ERROR_DS_NO_FPO_IN_UNIVERSAL_GROUPS")); + errorNames.insert(std::make_pair(8550, "ERROR_DS_CANT_ADD_TO_GC")); + errorNames.insert(std::make_pair(8551, "ERROR_DS_NO_CHECKPOINT_WITH_PDC")); + errorNames.insert(std::make_pair(8552, "ERROR_DS_SOURCE_AUDITING_NOT_ENABLED")); + errorNames.insert(std::make_pair(8553, "ERROR_DS_CANT_CREATE_IN_NONDOMAIN_NC")); + errorNames.insert(std::make_pair(8554, "ERROR_DS_INVALID_NAME_FOR_SPN")); + errorNames.insert(std::make_pair(8555, "ERROR_DS_FILTER_USES_CONTRUCTED_ATTRS")); + errorNames.insert(std::make_pair(8556, "ERROR_DS_UNICODEPWD_NOT_IN_QUOTES")); + errorNames.insert(std::make_pair(8557, "ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED")); + errorNames.insert(std::make_pair(8558, "ERROR_DS_MUST_BE_RUN_ON_DST_DC")); + errorNames.insert(std::make_pair(8559, "ERROR_DS_SRC_DC_MUST_BE_SP4_OR_GREATER")); + errorNames.insert(std::make_pair(8560, "ERROR_DS_CANT_TREE_DELETE_CRITICAL_OBJ")); + errorNames.insert(std::make_pair(8561, "ERROR_DS_INIT_FAILURE_CONSOLE")); + errorNames.insert(std::make_pair(8562, "ERROR_DS_SAM_INIT_FAILURE_CONSOLE")); + errorNames.insert(std::make_pair(8563, "ERROR_DS_FOREST_VERSION_TOO_HIGH")); + errorNames.insert(std::make_pair(8564, "ERROR_DS_DOMAIN_VERSION_TOO_HIGH")); + errorNames.insert(std::make_pair(8565, "ERROR_DS_FOREST_VERSION_TOO_LOW")); + errorNames.insert(std::make_pair(8566, "ERROR_DS_DOMAIN_VERSION_TOO_LOW")); + errorNames.insert(std::make_pair(8567, "ERROR_DS_INCOMPATIBLE_VERSION")); + errorNames.insert(std::make_pair(8568, "ERROR_DS_LOW_DSA_VERSION")); + errorNames.insert(std::make_pair(8569, "ERROR_DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN")); + errorNames.insert(std::make_pair(8570, "ERROR_DS_NOT_SUPPORTED_SORT_ORDER")); + errorNames.insert(std::make_pair(8571, "ERROR_DS_NAME_NOT_UNIQUE")); + errorNames.insert(std::make_pair(8572, "ERROR_DS_MACHINE_ACCOUNT_CREATED_PRENT4")); + errorNames.insert(std::make_pair(8573, "ERROR_DS_OUT_OF_VERSION_STORE")); + errorNames.insert(std::make_pair(8574, "ERROR_DS_INCOMPATIBLE_CONTROLS_USED")); + errorNames.insert(std::make_pair(8575, "ERROR_DS_NO_REF_DOMAIN")); + errorNames.insert(std::make_pair(8576, "ERROR_DS_RESERVED_LINK_ID")); + errorNames.insert(std::make_pair(8577, "ERROR_DS_LINK_ID_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(8578, "ERROR_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER")); + errorNames.insert(std::make_pair(8579, "ERROR_DS_MODIFYDN_DISALLOWED_BY_INSTANCE_TYPE")); + errorNames.insert(std::make_pair(8580, "ERROR_DS_NO_OBJECT_MOVE_IN_SCHEMA_NC")); + errorNames.insert(std::make_pair(8581, "ERROR_DS_MODIFYDN_DISALLOWED_BY_FLAG")); + errorNames.insert(std::make_pair(8582, "ERROR_DS_MODIFYDN_WRONG_GRANDPARENT")); + errorNames.insert(std::make_pair(8583, "ERROR_DS_NAME_ERROR_TRUST_REFERRAL")); + errorNames.insert(std::make_pair(8584, "ERROR_NOT_SUPPORTED_ON_STANDARD_SERVER")); + errorNames.insert(std::make_pair(8585, "ERROR_DS_CANT_ACCESS_REMOTE_PART_OF_AD")); + errorNames.insert(std::make_pair(8586, "ERROR_DS_CR_IMPOSSIBLE_TO_VALIDATE_V2")); + errorNames.insert(std::make_pair(8587, "ERROR_DS_THREAD_LIMIT_EXCEEDED")); + errorNames.insert(std::make_pair(8588, "ERROR_DS_NOT_CLOSEST")); + errorNames.insert(std::make_pair(8589, "ERROR_DS_CANT_DERIVE_SPN_WITHOUT_SERVER_REF")); + errorNames.insert(std::make_pair(8590, "ERROR_DS_SINGLE_USER_MODE_FAILED")); + errorNames.insert(std::make_pair(8591, "ERROR_DS_NTDSCRIPT_SYNTAX_ERROR")); + errorNames.insert(std::make_pair(8592, "ERROR_DS_NTDSCRIPT_PROCESS_ERROR")); + errorNames.insert(std::make_pair(8593, "ERROR_DS_DIFFERENT_REPL_EPOCHS")); + errorNames.insert(std::make_pair(8594, "ERROR_DS_DRS_EXTENSIONS_CHANGED")); + errorNames.insert(std::make_pair(8595, "ERROR_DS_REPLICA_SET_CHANGE_NOT_ALLOWED_ON_DISABLED_CR")); + errorNames.insert(std::make_pair(8596, "ERROR_DS_NO_MSDS_INTID")); + errorNames.insert(std::make_pair(8597, "ERROR_DS_DUP_MSDS_INTID")); + errorNames.insert(std::make_pair(8598, "ERROR_DS_EXISTS_IN_RDNATTID")); + errorNames.insert(std::make_pair(8599, "ERROR_DS_AUTHORIZATION_FAILED")); + errorNames.insert(std::make_pair(8600, "ERROR_DS_INVALID_SCRIPT")); + errorNames.insert(std::make_pair(8601, "ERROR_DS_REMOTE_CROSSREF_OP_FAILED")); + errorNames.insert(std::make_pair(8602, "ERROR_DS_CROSS_REF_BUSY")); + errorNames.insert(std::make_pair(8603, "ERROR_DS_CANT_DERIVE_SPN_FOR_DELETED_DOMAIN")); + errorNames.insert(std::make_pair(8604, "ERROR_DS_CANT_DEMOTE_WITH_WRITEABLE_NC")); + errorNames.insert(std::make_pair(8605, "ERROR_DS_DUPLICATE_ID_FOUND")); + errorNames.insert(std::make_pair(8606, "ERROR_DS_INSUFFICIENT_ATTR_TO_CREATE_OBJECT")); + errorNames.insert(std::make_pair(8607, "ERROR_DS_GROUP_CONVERSION_ERROR")); + errorNames.insert(std::make_pair(8608, "ERROR_DS_CANT_MOVE_APP_BASIC_GROUP")); + errorNames.insert(std::make_pair(8609, "ERROR_DS_CANT_MOVE_APP_QUERY_GROUP")); + errorNames.insert(std::make_pair(8610, "ERROR_DS_ROLE_NOT_VERIFIED")); + errorNames.insert(std::make_pair(8611, "ERROR_DS_WKO_CONTAINER_CANNOT_BE_SPECIAL")); + errorNames.insert(std::make_pair(8612, "ERROR_DS_DOMAIN_RENAME_IN_PROGRESS")); + errorNames.insert(std::make_pair(8613, "ERROR_DS_EXISTING_AD_CHILD_NC")); + errorNames.insert(std::make_pair(8614, "ERROR_DS_REPL_LIFETIME_EXCEEDED")); + errorNames.insert(std::make_pair(8615, "ERROR_DS_DISALLOWED_IN_SYSTEM_CONTAINER")); + errorNames.insert(std::make_pair(8616, "ERROR_DS_LDAP_SEND_QUEUE_FULL")); + errorNames.insert(std::make_pair(8617, "ERROR_DS_DRA_OUT_SCHEDULE_WINDOW")); + errorNames.insert(std::make_pair(8618, "ERROR_DS_POLICY_NOT_KNOWN")); + errorNames.insert(std::make_pair(8619, "ERROR_NO_SITE_SETTINGS_OBJECT")); + errorNames.insert(std::make_pair(8620, "ERROR_NO_SECRETS")); + errorNames.insert(std::make_pair(8621, "ERROR_NO_WRITABLE_DC_FOUND")); + errorNames.insert(std::make_pair(8622, "ERROR_DS_NO_SERVER_OBJECT")); + errorNames.insert(std::make_pair(8623, "ERROR_DS_NO_NTDSA_OBJECT")); + errorNames.insert(std::make_pair(8624, "ERROR_DS_NON_ASQ_SEARCH")); + errorNames.insert(std::make_pair(8625, "ERROR_DS_AUDIT_FAILURE")); + errorNames.insert(std::make_pair(8626, "ERROR_DS_INVALID_SEARCH_FLAG_SUBTREE")); + errorNames.insert(std::make_pair(8627, "ERROR_DS_INVALID_SEARCH_FLAG_TUPLE")); + errorNames.insert(std::make_pair(8628, "ERROR_DS_HIERARCHY_TABLE_TOO_DEEP")); + errorNames.insert(std::make_pair(8629, "ERROR_DS_DRA_CORRUPT_UTD_VECTOR")); + errorNames.insert(std::make_pair(8630, "ERROR_DS_DRA_SECRETS_DENIED")); + errorNames.insert(std::make_pair(8631, "ERROR_DS_RESERVED_MAPI_ID")); + errorNames.insert(std::make_pair(8632, "ERROR_DS_MAPI_ID_NOT_AVAILABLE")); + errorNames.insert(std::make_pair(8633, "ERROR_DS_DRA_MISSING_KRBTGT_SECRET")); + errorNames.insert(std::make_pair(8634, "ERROR_DS_DOMAIN_NAME_EXISTS_IN_FOREST")); + errorNames.insert(std::make_pair(8635, "ERROR_DS_FLAT_NAME_EXISTS_IN_FOREST")); + errorNames.insert(std::make_pair(8636, "ERROR_INVALID_USER_PRINCIPAL_NAME")); + errorNames.insert(std::make_pair(8637, "ERROR_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS")); + errorNames.insert(std::make_pair(8638, "ERROR_DS_OID_NOT_FOUND")); + errorNames.insert(std::make_pair(8639, "ERROR_DS_DRA_RECYCLED_TARGET")); + errorNames.insert(std::make_pair(13000, "ERROR_IPSEC_QM_POLICY_EXISTS")); + errorNames.insert(std::make_pair(13001, "ERROR_IPSEC_QM_POLICY_NOT_FOUND")); + errorNames.insert(std::make_pair(13002, "ERROR_IPSEC_QM_POLICY_IN_USE")); + errorNames.insert(std::make_pair(13003, "ERROR_IPSEC_MM_POLICY_EXISTS")); + errorNames.insert(std::make_pair(13004, "ERROR_IPSEC_MM_POLICY_NOT_FOUND")); + errorNames.insert(std::make_pair(13005, "ERROR_IPSEC_MM_POLICY_IN_USE")); + errorNames.insert(std::make_pair(13006, "ERROR_IPSEC_MM_FILTER_EXISTS")); + errorNames.insert(std::make_pair(13007, "ERROR_IPSEC_MM_FILTER_NOT_FOUND")); + errorNames.insert(std::make_pair(13008, "ERROR_IPSEC_TRANSPORT_FILTER_EXISTS")); + errorNames.insert(std::make_pair(13009, "ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND")); + errorNames.insert(std::make_pair(13010, "ERROR_IPSEC_MM_AUTH_EXISTS")); + errorNames.insert(std::make_pair(13011, "ERROR_IPSEC_MM_AUTH_NOT_FOUND")); + errorNames.insert(std::make_pair(13012, "ERROR_IPSEC_MM_AUTH_IN_USE")); + errorNames.insert(std::make_pair(13013, "ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND")); + errorNames.insert(std::make_pair(13014, "ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND")); + errorNames.insert(std::make_pair(13015, "ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND")); + errorNames.insert(std::make_pair(13016, "ERROR_IPSEC_TUNNEL_FILTER_EXISTS")); + errorNames.insert(std::make_pair(13017, "ERROR_IPSEC_TUNNEL_FILTER_NOT_FOUND")); + errorNames.insert(std::make_pair(13018, "ERROR_IPSEC_MM_FILTER_PENDING_DELETION")); + errorNames.insert(std::make_pair(13019, "ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION")); + errorNames.insert(std::make_pair(13020, "ERROR_IPSEC_TUNNEL_FILTER_PENDING_DELETION")); + errorNames.insert(std::make_pair(13021, "ERROR_IPSEC_MM_POLICY_PENDING_DELETION")); + errorNames.insert(std::make_pair(13022, "ERROR_IPSEC_MM_AUTH_PENDING_DELETION")); + errorNames.insert(std::make_pair(13023, "ERROR_IPSEC_QM_POLICY_PENDING_DELETION")); + errorNames.insert(std::make_pair(13800, "ERROR_IPSEC_IKE_NEG_STATUS_BEGIN")); + errorNames.insert(std::make_pair(13801, "ERROR_IPSEC_IKE_AUTH_FAIL")); + errorNames.insert(std::make_pair(13802, "ERROR_IPSEC_IKE_ATTRIB_FAIL")); + errorNames.insert(std::make_pair(13803, "ERROR_IPSEC_IKE_NEGOTIATION_PENDING")); + errorNames.insert(std::make_pair(13804, "ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR")); + errorNames.insert(std::make_pair(13805, "ERROR_IPSEC_IKE_TIMED_OUT")); + errorNames.insert(std::make_pair(13806, "ERROR_IPSEC_IKE_NO_CERT")); + errorNames.insert(std::make_pair(13807, "ERROR_IPSEC_IKE_SA_DELETED")); + errorNames.insert(std::make_pair(13808, "ERROR_IPSEC_IKE_SA_REAPED")); + errorNames.insert(std::make_pair(13809, "ERROR_IPSEC_IKE_MM_ACQUIRE_DROP")); + errorNames.insert(std::make_pair(13810, "ERROR_IPSEC_IKE_QM_ACQUIRE_DROP")); + errorNames.insert(std::make_pair(13811, "ERROR_IPSEC_IKE_QUEUE_DROP_MM")); + errorNames.insert(std::make_pair(13812, "ERROR_IPSEC_IKE_QUEUE_DROP_NO_MM")); + errorNames.insert(std::make_pair(13813, "ERROR_IPSEC_IKE_DROP_NO_RESPONSE")); + errorNames.insert(std::make_pair(13814, "ERROR_IPSEC_IKE_MM_DELAY_DROP")); + errorNames.insert(std::make_pair(13815, "ERROR_IPSEC_IKE_QM_DELAY_DROP")); + errorNames.insert(std::make_pair(13816, "ERROR_IPSEC_IKE_ERROR")); + errorNames.insert(std::make_pair(13817, "ERROR_IPSEC_IKE_CRL_FAILED")); + errorNames.insert(std::make_pair(13818, "ERROR_IPSEC_IKE_INVALID_KEY_USAGE")); + errorNames.insert(std::make_pair(13819, "ERROR_IPSEC_IKE_INVALID_CERT_TYPE")); + errorNames.insert(std::make_pair(13820, "ERROR_IPSEC_IKE_NO_PRIVATE_KEY")); + errorNames.insert(std::make_pair(13821, "ERROR_IPSEC_IKE_SIMULTANEOUS_REKEY")); + errorNames.insert(std::make_pair(13822, "ERROR_IPSEC_IKE_DH_FAIL")); + errorNames.insert(std::make_pair(13823, "ERROR_IPSEC_IKE_CRITICAL_PAYLOAD_NOT_RECOGNIZED")); + errorNames.insert(std::make_pair(13824, "ERROR_IPSEC_IKE_INVALID_HEADER")); + errorNames.insert(std::make_pair(13825, "ERROR_IPSEC_IKE_NO_POLICY")); + errorNames.insert(std::make_pair(13826, "ERROR_IPSEC_IKE_INVALID_SIGNATURE")); + errorNames.insert(std::make_pair(13827, "ERROR_IPSEC_IKE_KERBEROS_ERROR")); + errorNames.insert(std::make_pair(13828, "ERROR_IPSEC_IKE_NO_PUBLIC_KEY")); + errorNames.insert(std::make_pair(13829, "ERROR_IPSEC_IKE_PROCESS_ERR")); + errorNames.insert(std::make_pair(13830, "ERROR_IPSEC_IKE_PROCESS_ERR_SA")); + errorNames.insert(std::make_pair(13831, "ERROR_IPSEC_IKE_PROCESS_ERR_PROP")); + errorNames.insert(std::make_pair(13832, "ERROR_IPSEC_IKE_PROCESS_ERR_TRANS")); + errorNames.insert(std::make_pair(13833, "ERROR_IPSEC_IKE_PROCESS_ERR_KE")); + errorNames.insert(std::make_pair(13834, "ERROR_IPSEC_IKE_PROCESS_ERR_ID")); + errorNames.insert(std::make_pair(13835, "ERROR_IPSEC_IKE_PROCESS_ERR_CERT")); + errorNames.insert(std::make_pair(13836, "ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ")); + errorNames.insert(std::make_pair(13837, "ERROR_IPSEC_IKE_PROCESS_ERR_HASH")); + errorNames.insert(std::make_pair(13838, "ERROR_IPSEC_IKE_PROCESS_ERR_SIG")); + errorNames.insert(std::make_pair(13839, "ERROR_IPSEC_IKE_PROCESS_ERR_NONCE")); + errorNames.insert(std::make_pair(13840, "ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY")); + errorNames.insert(std::make_pair(13841, "ERROR_IPSEC_IKE_PROCESS_ERR_DELETE")); + errorNames.insert(std::make_pair(13842, "ERROR_IPSEC_IKE_PROCESS_ERR_VENDOR")); + errorNames.insert(std::make_pair(13843, "ERROR_IPSEC_IKE_INVALID_PAYLOAD")); + errorNames.insert(std::make_pair(13844, "ERROR_IPSEC_IKE_LOAD_SOFT_SA")); + errorNames.insert(std::make_pair(13845, "ERROR_IPSEC_IKE_SOFT_SA_TORN_DOWN")); + errorNames.insert(std::make_pair(13846, "ERROR_IPSEC_IKE_INVALID_COOKIE")); + errorNames.insert(std::make_pair(13847, "ERROR_IPSEC_IKE_NO_PEER_CERT")); + errorNames.insert(std::make_pair(13848, "ERROR_IPSEC_IKE_PEER_CRL_FAILED")); + errorNames.insert(std::make_pair(13849, "ERROR_IPSEC_IKE_POLICY_CHANGE")); + errorNames.insert(std::make_pair(13850, "ERROR_IPSEC_IKE_NO_MM_POLICY")); + errorNames.insert(std::make_pair(13851, "ERROR_IPSEC_IKE_NOTCBPRIV")); + errorNames.insert(std::make_pair(13852, "ERROR_IPSEC_IKE_SECLOADFAIL")); + errorNames.insert(std::make_pair(13853, "ERROR_IPSEC_IKE_FAILSSPINIT")); + errorNames.insert(std::make_pair(13854, "ERROR_IPSEC_IKE_FAILQUERYSSP")); + errorNames.insert(std::make_pair(13855, "ERROR_IPSEC_IKE_SRVACQFAIL")); + errorNames.insert(std::make_pair(13856, "ERROR_IPSEC_IKE_SRVQUERYCRED")); + errorNames.insert(std::make_pair(13857, "ERROR_IPSEC_IKE_GETSPIFAIL")); + errorNames.insert(std::make_pair(13858, "ERROR_IPSEC_IKE_INVALID_FILTER")); + errorNames.insert(std::make_pair(13859, "ERROR_IPSEC_IKE_OUT_OF_MEMORY")); + errorNames.insert(std::make_pair(13860, "ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED")); + errorNames.insert(std::make_pair(13861, "ERROR_IPSEC_IKE_INVALID_POLICY")); + errorNames.insert(std::make_pair(13862, "ERROR_IPSEC_IKE_UNKNOWN_DOI")); + errorNames.insert(std::make_pair(13863, "ERROR_IPSEC_IKE_INVALID_SITUATION")); + errorNames.insert(std::make_pair(13864, "ERROR_IPSEC_IKE_DH_FAILURE")); + errorNames.insert(std::make_pair(13865, "ERROR_IPSEC_IKE_INVALID_GROUP")); + errorNames.insert(std::make_pair(13866, "ERROR_IPSEC_IKE_ENCRYPT")); + errorNames.insert(std::make_pair(13867, "ERROR_IPSEC_IKE_DECRYPT")); + errorNames.insert(std::make_pair(13868, "ERROR_IPSEC_IKE_POLICY_MATCH")); + errorNames.insert(std::make_pair(13869, "ERROR_IPSEC_IKE_UNSUPPORTED_ID")); + errorNames.insert(std::make_pair(13870, "ERROR_IPSEC_IKE_INVALID_HASH")); + errorNames.insert(std::make_pair(13871, "ERROR_IPSEC_IKE_INVALID_HASH_ALG")); + errorNames.insert(std::make_pair(13872, "ERROR_IPSEC_IKE_INVALID_HASH_SIZE")); + errorNames.insert(std::make_pair(13873, "ERROR_IPSEC_IKE_INVALID_ENCRYPT_ALG")); + errorNames.insert(std::make_pair(13874, "ERROR_IPSEC_IKE_INVALID_AUTH_ALG")); + errorNames.insert(std::make_pair(13875, "ERROR_IPSEC_IKE_INVALID_SIG")); + errorNames.insert(std::make_pair(13876, "ERROR_IPSEC_IKE_LOAD_FAILED")); + errorNames.insert(std::make_pair(13877, "ERROR_IPSEC_IKE_RPC_DELETE")); + errorNames.insert(std::make_pair(13878, "ERROR_IPSEC_IKE_BENIGN_REINIT")); + errorNames.insert(std::make_pair(13879, "ERROR_IPSEC_IKE_INVALID_RESPONDER_LIFETIME_NOTIFY")); + errorNames.insert(std::make_pair(13880, "ERROR_IPSEC_IKE_INVALID_MAJOR_VERSION")); + errorNames.insert(std::make_pair(13881, "ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN")); + errorNames.insert(std::make_pair(13882, "ERROR_IPSEC_IKE_MM_LIMIT")); + errorNames.insert(std::make_pair(13883, "ERROR_IPSEC_IKE_NEGOTIATION_DISABLED")); + errorNames.insert(std::make_pair(13884, "ERROR_IPSEC_IKE_QM_LIMIT")); + errorNames.insert(std::make_pair(13885, "ERROR_IPSEC_IKE_MM_EXPIRED")); + errorNames.insert(std::make_pair(13886, "ERROR_IPSEC_IKE_PEER_MM_ASSUMED_INVALID")); + errorNames.insert(std::make_pair(13887, "ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH")); + errorNames.insert(std::make_pair(13888, "ERROR_IPSEC_IKE_UNEXPECTED_MESSAGE_ID")); + errorNames.insert(std::make_pair(13889, "ERROR_IPSEC_IKE_INVALID_AUTH_PAYLOAD")); + errorNames.insert(std::make_pair(13890, "ERROR_IPSEC_IKE_DOS_COOKIE_SENT")); + errorNames.insert(std::make_pair(13891, "ERROR_IPSEC_IKE_SHUTTING_DOWN")); + errorNames.insert(std::make_pair(13892, "ERROR_IPSEC_IKE_CGA_AUTH_FAILED")); + errorNames.insert(std::make_pair(13893, "ERROR_IPSEC_IKE_PROCESS_ERR_NATOA")); + errorNames.insert(std::make_pair(13894, "ERROR_IPSEC_IKE_INVALID_MM_FOR_QM")); + errorNames.insert(std::make_pair(13895, "ERROR_IPSEC_IKE_QM_EXPIRED")); + errorNames.insert(std::make_pair(13896, "ERROR_IPSEC_IKE_TOO_MANY_FILTERS")); + errorNames.insert(std::make_pair(13897, "ERROR_IPSEC_IKE_NEG_STATUS_END")); + errorNames.insert(std::make_pair(13898, "ERROR_IPSEC_IKE_KILL_DUMMY_NAP_TUNNEL")); + errorNames.insert(std::make_pair(13899, "ERROR_IPSEC_IKE_INNER_IP_ASSIGNMENT_FAILURE")); + errorNames.insert(std::make_pair(13900, "ERROR_IPSEC_IKE_REQUIRE_CP_PAYLOAD_MISSING")); + errorNames.insert(std::make_pair(13901, "ERROR_IPSEC_KEY_MODULE_IMPERSONATION_NEGOTIATION_PENDING")); + errorNames.insert(std::make_pair(13902, "ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS")); + errorNames.insert(std::make_pair(13903, "ERROR_IPSEC_IKE_RATELIMIT_DROP")); + errorNames.insert(std::make_pair(13904, "ERROR_IPSEC_IKE_PEER_DOESNT_SUPPORT_MOBIKE")); + errorNames.insert(std::make_pair(13905, "ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE")); + errorNames.insert(std::make_pair(13906, "ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_FAILURE")); + errorNames.insert(std::make_pair(13907, "ERROR_IPSEC_IKE_AUTHORIZATION_FAILURE_WITH_OPTIONAL_RETRY")); + errorNames.insert(std::make_pair(13908, "ERROR_IPSEC_IKE_STRONG_CRED_AUTHORIZATION_AND_CERTMAP_FAILURE")); + errorNames.insert(std::make_pair(13909, "ERROR_IPSEC_IKE_NEG_STATUS_EXTENDED_END")); + errorNames.insert(std::make_pair(13910, "ERROR_IPSEC_BAD_SPI")); + errorNames.insert(std::make_pair(13911, "ERROR_IPSEC_SA_LIFETIME_EXPIRED")); + errorNames.insert(std::make_pair(13912, "ERROR_IPSEC_WRONG_SA")); + errorNames.insert(std::make_pair(13913, "ERROR_IPSEC_REPLAY_CHECK_FAILED")); + errorNames.insert(std::make_pair(13914, "ERROR_IPSEC_INVALID_PACKET")); + errorNames.insert(std::make_pair(13915, "ERROR_IPSEC_INTEGRITY_CHECK_FAILED")); + errorNames.insert(std::make_pair(13916, "ERROR_IPSEC_CLEAR_TEXT_DROP")); + errorNames.insert(std::make_pair(13917, "ERROR_IPSEC_AUTH_FIREWALL_DROP")); + errorNames.insert(std::make_pair(13918, "ERROR_IPSEC_THROTTLE_DROP")); + errorNames.insert(std::make_pair(13925, "ERROR_IPSEC_DOSP_BLOCK")); + errorNames.insert(std::make_pair(13926, "ERROR_IPSEC_DOSP_RECEIVED_MULTICAST")); + errorNames.insert(std::make_pair(13927, "ERROR_IPSEC_DOSP_INVALID_PACKET")); + errorNames.insert(std::make_pair(13928, "ERROR_IPSEC_DOSP_STATE_LOOKUP_FAILED")); + errorNames.insert(std::make_pair(13929, "ERROR_IPSEC_DOSP_MAX_ENTRIES")); + errorNames.insert(std::make_pair(13930, "ERROR_IPSEC_DOSP_KEYMOD_NOT_ALLOWED")); + errorNames.insert(std::make_pair(13931, "ERROR_IPSEC_DOSP_NOT_INSTALLED")); + errorNames.insert(std::make_pair(13932, "ERROR_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES")); + errorNames.insert(std::make_pair(14000, "ERROR_SXS_SECTION_NOT_FOUND")); + errorNames.insert(std::make_pair(14001, "ERROR_SXS_CANT_GEN_ACTCTX")); + errorNames.insert(std::make_pair(14002, "ERROR_SXS_INVALID_ACTCTXDATA_FORMAT")); + errorNames.insert(std::make_pair(14003, "ERROR_SXS_ASSEMBLY_NOT_FOUND")); + errorNames.insert(std::make_pair(14004, "ERROR_SXS_MANIFEST_FORMAT_ERROR")); + errorNames.insert(std::make_pair(14005, "ERROR_SXS_MANIFEST_PARSE_ERROR")); + errorNames.insert(std::make_pair(14006, "ERROR_SXS_ACTIVATION_CONTEXT_DISABLED")); + errorNames.insert(std::make_pair(14007, "ERROR_SXS_KEY_NOT_FOUND")); + errorNames.insert(std::make_pair(14008, "ERROR_SXS_VERSION_CONFLICT")); + errorNames.insert(std::make_pair(14009, "ERROR_SXS_WRONG_SECTION_TYPE")); + errorNames.insert(std::make_pair(14010, "ERROR_SXS_THREAD_QUERIES_DISABLED")); + errorNames.insert(std::make_pair(14011, "ERROR_SXS_PROCESS_DEFAULT_ALREADY_SET")); + errorNames.insert(std::make_pair(14012, "ERROR_SXS_UNKNOWN_ENCODING_GROUP")); + errorNames.insert(std::make_pair(14013, "ERROR_SXS_UNKNOWN_ENCODING")); + errorNames.insert(std::make_pair(14014, "ERROR_SXS_INVALID_XML_NAMESPACE_URI")); + errorNames.insert(std::make_pair(14015, "ERROR_SXS_ROOT_MANIFEST_DEPENDENCY_NOT_INSTALLED")); + errorNames.insert(std::make_pair(14016, "ERROR_SXS_LEAF_MANIFEST_DEPENDENCY_NOT_INSTALLED")); + errorNames.insert(std::make_pair(14017, "ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE")); + errorNames.insert(std::make_pair(14018, "ERROR_SXS_MANIFEST_MISSING_REQUIRED_DEFAULT_NAMESPACE")); + errorNames.insert(std::make_pair(14019, "ERROR_SXS_MANIFEST_INVALID_REQUIRED_DEFAULT_NAMESPACE")); + errorNames.insert(std::make_pair(14020, "ERROR_SXS_PRIVATE_MANIFEST_CROSS_PATH_WITH_REPARSE_POINT")); + errorNames.insert(std::make_pair(14021, "ERROR_SXS_DUPLICATE_DLL_NAME")); + errorNames.insert(std::make_pair(14022, "ERROR_SXS_DUPLICATE_WINDOWCLASS_NAME")); + errorNames.insert(std::make_pair(14023, "ERROR_SXS_DUPLICATE_CLSID")); + errorNames.insert(std::make_pair(14024, "ERROR_SXS_DUPLICATE_IID")); + errorNames.insert(std::make_pair(14025, "ERROR_SXS_DUPLICATE_TLBID")); + errorNames.insert(std::make_pair(14026, "ERROR_SXS_DUPLICATE_PROGID")); + errorNames.insert(std::make_pair(14027, "ERROR_SXS_DUPLICATE_ASSEMBLY_NAME")); + errorNames.insert(std::make_pair(14028, "ERROR_SXS_FILE_HASH_MISMATCH")); + errorNames.insert(std::make_pair(14029, "ERROR_SXS_POLICY_PARSE_ERROR")); + errorNames.insert(std::make_pair(14030, "ERROR_SXS_XML_E_MISSINGQUOTE")); + errorNames.insert(std::make_pair(14031, "ERROR_SXS_XML_E_COMMENTSYNTAX")); + errorNames.insert(std::make_pair(14032, "ERROR_SXS_XML_E_BADSTARTNAMECHAR")); + errorNames.insert(std::make_pair(14033, "ERROR_SXS_XML_E_BADNAMECHAR")); + errorNames.insert(std::make_pair(14034, "ERROR_SXS_XML_E_BADCHARINSTRING")); + errorNames.insert(std::make_pair(14035, "ERROR_SXS_XML_E_XMLDECLSYNTAX")); + errorNames.insert(std::make_pair(14036, "ERROR_SXS_XML_E_BADCHARDATA")); + errorNames.insert(std::make_pair(14037, "ERROR_SXS_XML_E_MISSINGWHITESPACE")); + errorNames.insert(std::make_pair(14038, "ERROR_SXS_XML_E_EXPECTINGTAGEND")); + errorNames.insert(std::make_pair(14039, "ERROR_SXS_XML_E_MISSINGSEMICOLON")); + errorNames.insert(std::make_pair(14040, "ERROR_SXS_XML_E_UNBALANCEDPAREN")); + errorNames.insert(std::make_pair(14041, "ERROR_SXS_XML_E_INTERNALERROR")); + errorNames.insert(std::make_pair(14042, "ERROR_SXS_XML_E_UNEXPECTED_WHITESPACE")); + errorNames.insert(std::make_pair(14043, "ERROR_SXS_XML_E_INCOMPLETE_ENCODING")); + errorNames.insert(std::make_pair(14044, "ERROR_SXS_XML_E_MISSING_PAREN")); + errorNames.insert(std::make_pair(14045, "ERROR_SXS_XML_E_EXPECTINGCLOSEQUOTE")); + errorNames.insert(std::make_pair(14046, "ERROR_SXS_XML_E_MULTIPLE_COLONS")); + errorNames.insert(std::make_pair(14047, "ERROR_SXS_XML_E_INVALID_DECIMAL")); + errorNames.insert(std::make_pair(14048, "ERROR_SXS_XML_E_INVALID_HEXIDECIMAL")); + errorNames.insert(std::make_pair(14049, "ERROR_SXS_XML_E_INVALID_UNICODE")); + errorNames.insert(std::make_pair(14050, "ERROR_SXS_XML_E_WHITESPACEORQUESTIONMARK")); + errorNames.insert(std::make_pair(14051, "ERROR_SXS_XML_E_UNEXPECTEDENDTAG")); + errorNames.insert(std::make_pair(14052, "ERROR_SXS_XML_E_UNCLOSEDTAG")); + errorNames.insert(std::make_pair(14053, "ERROR_SXS_XML_E_DUPLICATEATTRIBUTE")); + errorNames.insert(std::make_pair(14054, "ERROR_SXS_XML_E_MULTIPLEROOTS")); + errorNames.insert(std::make_pair(14055, "ERROR_SXS_XML_E_INVALIDATROOTLEVEL")); + errorNames.insert(std::make_pair(14056, "ERROR_SXS_XML_E_BADXMLDECL")); + errorNames.insert(std::make_pair(14057, "ERROR_SXS_XML_E_MISSINGROOT")); + errorNames.insert(std::make_pair(14058, "ERROR_SXS_XML_E_UNEXPECTEDEOF")); + errorNames.insert(std::make_pair(14059, "ERROR_SXS_XML_E_BADPEREFINSUBSET")); + errorNames.insert(std::make_pair(14060, "ERROR_SXS_XML_E_UNCLOSEDSTARTTAG")); + errorNames.insert(std::make_pair(14061, "ERROR_SXS_XML_E_UNCLOSEDENDTAG")); + errorNames.insert(std::make_pair(14062, "ERROR_SXS_XML_E_UNCLOSEDSTRING")); + errorNames.insert(std::make_pair(14063, "ERROR_SXS_XML_E_UNCLOSEDCOMMENT")); + errorNames.insert(std::make_pair(14064, "ERROR_SXS_XML_E_UNCLOSEDDECL")); + errorNames.insert(std::make_pair(14065, "ERROR_SXS_XML_E_UNCLOSEDCDATA")); + errorNames.insert(std::make_pair(14066, "ERROR_SXS_XML_E_RESERVEDNAMESPACE")); + errorNames.insert(std::make_pair(14067, "ERROR_SXS_XML_E_INVALIDENCODING")); + errorNames.insert(std::make_pair(14068, "ERROR_SXS_XML_E_INVALIDSWITCH")); + errorNames.insert(std::make_pair(14069, "ERROR_SXS_XML_E_BADXMLCASE")); + errorNames.insert(std::make_pair(14070, "ERROR_SXS_XML_E_INVALID_STANDALONE")); + errorNames.insert(std::make_pair(14071, "ERROR_SXS_XML_E_UNEXPECTED_STANDALONE")); + errorNames.insert(std::make_pair(14072, "ERROR_SXS_XML_E_INVALID_VERSION")); + errorNames.insert(std::make_pair(14073, "ERROR_SXS_XML_E_MISSINGEQUALS")); + errorNames.insert(std::make_pair(14074, "ERROR_SXS_PROTECTION_RECOVERY_FAILED")); + errorNames.insert(std::make_pair(14075, "ERROR_SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT")); + errorNames.insert(std::make_pair(14076, "ERROR_SXS_PROTECTION_CATALOG_NOT_VALID")); + errorNames.insert(std::make_pair(14077, "ERROR_SXS_UNTRANSLATABLE_HRESULT")); + errorNames.insert(std::make_pair(14078, "ERROR_SXS_PROTECTION_CATALOG_FILE_MISSING")); + errorNames.insert(std::make_pair(14079, "ERROR_SXS_MISSING_ASSEMBLY_IDENTITY_ATTRIBUTE")); + errorNames.insert(std::make_pair(14080, "ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE_NAME")); + errorNames.insert(std::make_pair(14081, "ERROR_SXS_ASSEMBLY_MISSING")); + errorNames.insert(std::make_pair(14082, "ERROR_SXS_CORRUPT_ACTIVATION_STACK")); + errorNames.insert(std::make_pair(14083, "ERROR_SXS_CORRUPTION")); + errorNames.insert(std::make_pair(14084, "ERROR_SXS_EARLY_DEACTIVATION")); + errorNames.insert(std::make_pair(14085, "ERROR_SXS_INVALID_DEACTIVATION")); + errorNames.insert(std::make_pair(14086, "ERROR_SXS_MULTIPLE_DEACTIVATION")); + errorNames.insert(std::make_pair(14087, "ERROR_SXS_PROCESS_TERMINATION_REQUESTED")); + errorNames.insert(std::make_pair(14088, "ERROR_SXS_RELEASE_ACTIVATION_CONTEXT")); + errorNames.insert(std::make_pair(14089, "ERROR_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY")); + errorNames.insert(std::make_pair(14090, "ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE")); + errorNames.insert(std::make_pair(14091, "ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME")); + errorNames.insert(std::make_pair(14092, "ERROR_SXS_IDENTITY_DUPLICATE_ATTRIBUTE")); + errorNames.insert(std::make_pair(14093, "ERROR_SXS_IDENTITY_PARSE_ERROR")); + errorNames.insert(std::make_pair(14094, "ERROR_MALFORMED_SUBSTITUTION_STRING")); + errorNames.insert(std::make_pair(14095, "ERROR_SXS_INCORRECT_PUBLIC_KEY_TOKEN")); + errorNames.insert(std::make_pair(14096, "ERROR_UNMAPPED_SUBSTITUTION_STRING")); + errorNames.insert(std::make_pair(14097, "ERROR_SXS_ASSEMBLY_NOT_LOCKED")); + errorNames.insert(std::make_pair(14098, "ERROR_SXS_COMPONENT_STORE_CORRUPT")); + errorNames.insert(std::make_pair(14099, "ERROR_ADVANCED_INSTALLER_FAILED")); + errorNames.insert(std::make_pair(14100, "ERROR_XML_ENCODING_MISMATCH")); + errorNames.insert(std::make_pair(14101, "ERROR_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT")); + errorNames.insert(std::make_pair(14102, "ERROR_SXS_IDENTITIES_DIFFERENT")); + errorNames.insert(std::make_pair(14103, "ERROR_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT")); + errorNames.insert(std::make_pair(14104, "ERROR_SXS_FILE_NOT_PART_OF_ASSEMBLY")); + errorNames.insert(std::make_pair(14105, "ERROR_SXS_MANIFEST_TOO_BIG")); + errorNames.insert(std::make_pair(14106, "ERROR_SXS_SETTING_NOT_REGISTERED")); + errorNames.insert(std::make_pair(14107, "ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE")); + errorNames.insert(std::make_pair(14108, "ERROR_SMI_PRIMITIVE_INSTALLER_FAILED")); + errorNames.insert(std::make_pair(14109, "ERROR_GENERIC_COMMAND_FAILED")); + errorNames.insert(std::make_pair(14110, "ERROR_SXS_FILE_HASH_MISSING")); + errorNames.insert(std::make_pair(15000, "ERROR_EVT_INVALID_CHANNEL_PATH")); + errorNames.insert(std::make_pair(15001, "ERROR_EVT_INVALID_QUERY")); + errorNames.insert(std::make_pair(15002, "ERROR_EVT_PUBLISHER_METADATA_NOT_FOUND")); + errorNames.insert(std::make_pair(15003, "ERROR_EVT_EVENT_TEMPLATE_NOT_FOUND")); + errorNames.insert(std::make_pair(15004, "ERROR_EVT_INVALID_PUBLISHER_NAME")); + errorNames.insert(std::make_pair(15005, "ERROR_EVT_INVALID_EVENT_DATA")); + errorNames.insert(std::make_pair(15007, "ERROR_EVT_CHANNEL_NOT_FOUND")); + errorNames.insert(std::make_pair(15008, "ERROR_EVT_MALFORMED_XML_TEXT")); + errorNames.insert(std::make_pair(15009, "ERROR_EVT_SUBSCRIPTION_TO_DIRECT_CHANNEL")); + errorNames.insert(std::make_pair(15010, "ERROR_EVT_CONFIGURATION_ERROR")); + errorNames.insert(std::make_pair(15011, "ERROR_EVT_QUERY_RESULT_STALE")); + errorNames.insert(std::make_pair(15012, "ERROR_EVT_QUERY_RESULT_INVALID_POSITION")); + errorNames.insert(std::make_pair(15013, "ERROR_EVT_NON_VALIDATING_MSXML")); + errorNames.insert(std::make_pair(15014, "ERROR_EVT_FILTER_ALREADYSCOPED")); + errorNames.insert(std::make_pair(15015, "ERROR_EVT_FILTER_NOTELTSET")); + errorNames.insert(std::make_pair(15016, "ERROR_EVT_FILTER_INVARG")); + errorNames.insert(std::make_pair(15017, "ERROR_EVT_FILTER_INVTEST")); + errorNames.insert(std::make_pair(15018, "ERROR_EVT_FILTER_INVTYPE")); + errorNames.insert(std::make_pair(15019, "ERROR_EVT_FILTER_PARSEERR")); + errorNames.insert(std::make_pair(15020, "ERROR_EVT_FILTER_UNSUPPORTEDOP")); + errorNames.insert(std::make_pair(15021, "ERROR_EVT_FILTER_UNEXPECTEDTOKEN")); + errorNames.insert(std::make_pair(15022, "ERROR_EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL")); + errorNames.insert(std::make_pair(15023, "ERROR_EVT_INVALID_CHANNEL_PROPERTY_VALUE")); + errorNames.insert(std::make_pair(15024, "ERROR_EVT_INVALID_PUBLISHER_PROPERTY_VALUE")); + errorNames.insert(std::make_pair(15025, "ERROR_EVT_CHANNEL_CANNOT_ACTIVATE")); + errorNames.insert(std::make_pair(15026, "ERROR_EVT_FILTER_TOO_COMPLEX")); + errorNames.insert(std::make_pair(15027, "ERROR_EVT_MESSAGE_NOT_FOUND")); + errorNames.insert(std::make_pair(15028, "ERROR_EVT_MESSAGE_ID_NOT_FOUND")); + errorNames.insert(std::make_pair(15029, "ERROR_EVT_UNRESOLVED_VALUE_INSERT")); + errorNames.insert(std::make_pair(15030, "ERROR_EVT_UNRESOLVED_PARAMETER_INSERT")); + errorNames.insert(std::make_pair(15031, "ERROR_EVT_MAX_INSERTS_REACHED")); + errorNames.insert(std::make_pair(15032, "ERROR_EVT_EVENT_DEFINITION_NOT_FOUND")); + errorNames.insert(std::make_pair(15033, "ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND")); + errorNames.insert(std::make_pair(15034, "ERROR_EVT_VERSION_TOO_OLD")); + errorNames.insert(std::make_pair(15035, "ERROR_EVT_VERSION_TOO_NEW")); + errorNames.insert(std::make_pair(15036, "ERROR_EVT_CANNOT_OPEN_CHANNEL_OF_QUERY")); + errorNames.insert(std::make_pair(15037, "ERROR_EVT_PUBLISHER_DISABLED")); + errorNames.insert(std::make_pair(15038, "ERROR_EVT_FILTER_OUT_OF_RANGE")); + errorNames.insert(std::make_pair(15080, "ERROR_EC_SUBSCRIPTION_CANNOT_ACTIVATE")); + errorNames.insert(std::make_pair(15081, "ERROR_EC_LOG_DISABLED")); + errorNames.insert(std::make_pair(15082, "ERROR_EC_CIRCULAR_FORWARDING")); + errorNames.insert(std::make_pair(15083, "ERROR_EC_CREDSTORE_FULL")); + errorNames.insert(std::make_pair(15084, "ERROR_EC_CRED_NOT_FOUND")); + errorNames.insert(std::make_pair(15085, "ERROR_EC_NO_ACTIVE_CHANNEL")); + errorNames.insert(std::make_pair(15100, "ERROR_MUI_FILE_NOT_FOUND")); + errorNames.insert(std::make_pair(15101, "ERROR_MUI_INVALID_FILE")); + errorNames.insert(std::make_pair(15102, "ERROR_MUI_INVALID_RC_CONFIG")); + errorNames.insert(std::make_pair(15103, "ERROR_MUI_INVALID_LOCALE_NAME")); + errorNames.insert(std::make_pair(15104, "ERROR_MUI_INVALID_ULTIMATEFALLBACK_NAME")); + errorNames.insert(std::make_pair(15105, "ERROR_MUI_FILE_NOT_LOADED")); + errorNames.insert(std::make_pair(15106, "ERROR_RESOURCE_ENUM_USER_STOP")); + errorNames.insert(std::make_pair(15107, "ERROR_MUI_INTLSETTINGS_UILANG_NOT_INSTALLED")); + errorNames.insert(std::make_pair(15108, "ERROR_MUI_INTLSETTINGS_INVALID_LOCALE_NAME")); + errorNames.insert(std::make_pair(15200, "ERROR_MCA_INVALID_CAPABILITIES_STRING")); + errorNames.insert(std::make_pair(15201, "ERROR_MCA_INVALID_VCP_VERSION")); + errorNames.insert(std::make_pair(15202, "ERROR_MCA_MONITOR_VIOLATES_MCCS_SPECIFICATION")); + errorNames.insert(std::make_pair(15203, "ERROR_MCA_MCCS_VERSION_MISMATCH")); + errorNames.insert(std::make_pair(15204, "ERROR_MCA_UNSUPPORTED_MCCS_VERSION")); + errorNames.insert(std::make_pair(15205, "ERROR_MCA_INTERNAL_ERROR")); + errorNames.insert(std::make_pair(15206, "ERROR_MCA_INVALID_TECHNOLOGY_TYPE_RETURNED")); + errorNames.insert(std::make_pair(15207, "ERROR_MCA_UNSUPPORTED_COLOR_TEMPERATURE")); + errorNames.insert(std::make_pair(15250, "ERROR_AMBIGUOUS_SYSTEM_DEVICE")); + errorNames.insert(std::make_pair(15299, "ERROR_SYSTEM_DEVICE_NOT_FOUND")); + errorNames.insert(std::make_pair(15300, "ERROR_HASH_NOT_SUPPORTED")); + errorNames.insert(std::make_pair(15301, "ERROR_HASH_NOT_PRESENT")); +} + +const char* errornamefromcode(unsigned int ErrorCode) +{ + if(!errorNames.count(ErrorCode)) + return 0; + return errorNames[ErrorCode]; +} \ No newline at end of file diff --git a/x64_dbg_dbg/error.h b/x64_dbg_dbg/error.h new file mode 100644 index 00000000..7b4eeac1 --- /dev/null +++ b/x64_dbg_dbg/error.h @@ -0,0 +1,7 @@ +#ifndef _ERROR_H +#define _ERROR_H + +void errorinit(); +const char* errornamefromcode(unsigned int ErrorCode); + +#endif //_ERROR_H \ No newline at end of file diff --git a/x64_dbg_dbg/exception.cpp b/x64_dbg_dbg/exception.cpp new file mode 100644 index 00000000..8e000e6b --- /dev/null +++ b/x64_dbg_dbg/exception.cpp @@ -0,0 +1,77 @@ +#include "exception.h" +#include + +static std::map exceptionNames; + +void exceptioninit() +{ + exceptionNames.insert(std::make_pair(0x40000005, "STATUS_SEGMENT_NOTIFICATION")); + exceptionNames.insert(std::make_pair(0x4000001C, "STATUS_WX86_UNSIMULATE")); + exceptionNames.insert(std::make_pair(0x4000001D, "STATUS_WX86_CONTINUE")); + exceptionNames.insert(std::make_pair(0x4000001E, "STATUS_WX86_SINGLE_STEP")); + exceptionNames.insert(std::make_pair(0x4000001F, "STATUS_WX86_BREAKPOINT")); + exceptionNames.insert(std::make_pair(0x40000020, "STATUS_WX86_EXCEPTION_CONTINUE")); + exceptionNames.insert(std::make_pair(0x40000021, "STATUS_WX86_EXCEPTION_LASTCHANCE")); + exceptionNames.insert(std::make_pair(0x40000022, "STATUS_WX86_EXCEPTION_CHAIN")); + exceptionNames.insert(std::make_pair(0x40000028, "STATUS_WX86_CREATEWX86TIB")); + exceptionNames.insert(std::make_pair(0x40010003, "DBG_TERMINATE_THREAD")); + exceptionNames.insert(std::make_pair(0x40010004, "DBG_TERMINATE_PROCESS")); + exceptionNames.insert(std::make_pair(0x40010005, "DBG_CONTROL_C")); + exceptionNames.insert(std::make_pair(0x40010006, "DBG_PRINTEXCEPTION_C")); + exceptionNames.insert(std::make_pair(0x40010007, "DBG_RIPEXCEPTION")); + exceptionNames.insert(std::make_pair(0x40010008, "DBG_CONTROL_BREAK")); + exceptionNames.insert(std::make_pair(0x40010009, "DBG_COMMAND_EXCEPTION")); + exceptionNames.insert(std::make_pair(0x80000001, "EXCEPTION_GUARD_PAGE")); + exceptionNames.insert(std::make_pair(0x80000002, "EXCEPTION_DATATYPE_MISALIGNMENT")); + exceptionNames.insert(std::make_pair(0x80000003, "EXCEPTION_BREAKPOINT")); + exceptionNames.insert(std::make_pair(0x80000004, "EXCEPTION_SINGLE_STEP")); + exceptionNames.insert(std::make_pair(0x80000026, "STATUS_LONGJUMP")); + exceptionNames.insert(std::make_pair(0x80000029, "STATUS_UNWIND_CONSOLIDATE")); + exceptionNames.insert(std::make_pair(0x80010001, "DBG_EXCEPTION_NOT_HANDLED")); + exceptionNames.insert(std::make_pair(0xC0000005, "EXCEPTION_ACCESS_VIOLATION")); + exceptionNames.insert(std::make_pair(0xC0000006, "EXCEPTION_IN_PAGE_ERROR")); + exceptionNames.insert(std::make_pair(0xC0000008, "EXCEPTION_INVALID_HANDLE")); + exceptionNames.insert(std::make_pair(0xC000000D, "STATUS_INVALID_PARAMETER")); + exceptionNames.insert(std::make_pair(0xC0000017, "STATUS_NO_MEMORY")); + exceptionNames.insert(std::make_pair(0xC000001D, "EXCEPTION_ILLEGAL_INSTRUCTION")); + exceptionNames.insert(std::make_pair(0xC0000025, "EXCEPTION_NONCONTINUABLE_EXCEPTION")); + exceptionNames.insert(std::make_pair(0xC0000026, "EXCEPTION_INVALID_DISPOSITION")); + exceptionNames.insert(std::make_pair(0xC000008C, "EXCEPTION_ARRAY_BOUNDS_EXCEEDED")); + exceptionNames.insert(std::make_pair(0xC000008D, "EXCEPTION_FLT_DENORMAL_OPERAND")); + exceptionNames.insert(std::make_pair(0xC000008E, "EXCEPTION_FLT_DIVIDE_BY_ZERO")); + exceptionNames.insert(std::make_pair(0xC000008F, "EXCEPTION_FLT_INEXACT_RESULT")); + exceptionNames.insert(std::make_pair(0xC0000090, "EXCEPTION_FLT_INVALID_OPERATION")); + exceptionNames.insert(std::make_pair(0xC0000091, "EXCEPTION_FLT_OVERFLOW")); + exceptionNames.insert(std::make_pair(0xC0000092, "EXCEPTION_FLT_STACK_CHECK")); + exceptionNames.insert(std::make_pair(0xC0000093, "EXCEPTION_FLT_UNDERFLOW")); + exceptionNames.insert(std::make_pair(0xC0000094, "EXCEPTION_INT_DIVIDE_BY_ZERO")); + exceptionNames.insert(std::make_pair(0xC0000095, "EXCEPTION_INT_OVERFLOW")); + exceptionNames.insert(std::make_pair(0xC0000096, "EXCEPTION_PRIV_INSTRUCTION")); + exceptionNames.insert(std::make_pair(0xC00000FD, "EXCEPTION_STACK_OVERFLOW")); + exceptionNames.insert(std::make_pair(0xC0000135, "STATUS_DLL_NOT_FOUND")); + exceptionNames.insert(std::make_pair(0xC0000138, "STATUS_ORDINAL_NOT_FOUND")); + exceptionNames.insert(std::make_pair(0xC0000139, "STATUS_ENTRYPOINT_NOT_FOUND")); + exceptionNames.insert(std::make_pair(0xC000013A, "STATUS_CONTROL_C_EXIT")); + exceptionNames.insert(std::make_pair(0xC0000142, "STATUS_DLL_INIT_FAILED")); + exceptionNames.insert(std::make_pair(0xC000014A, "STATUS_ILLEGAL_FLOAT_CONTEXT")); + exceptionNames.insert(std::make_pair(0xC0000194, "EXCEPTION_POSSIBLE_DEADLOCK")); + exceptionNames.insert(std::make_pair(0xC00002B4, "STATUS_FLOAT_MULTIPLE_FAULTS")); + exceptionNames.insert(std::make_pair(0xC00002B5, "STATUS_FLOAT_MULTIPLE_TRAPS")); + exceptionNames.insert(std::make_pair(0xC00002C5, "STATUS_DATATYPE_MISALIGNMENT_ERROR")); + exceptionNames.insert(std::make_pair(0xC00002C9, "STATUS_REG_NAT_CONSUMPTION")); + exceptionNames.insert(std::make_pair(0xC0000409, "STATUS_STACK_BUFFER_OVERRUN")); + exceptionNames.insert(std::make_pair(0xC0000417, "STATUS_INVALID_CRUNTIME_PARAMETER")); + exceptionNames.insert(std::make_pair(0xC0000420, "STATUS_ASSERTION_FAILURE")); + exceptionNames.insert(std::make_pair(0x04242420, "CLRDBG_NOTIFICATION_EXCEPTION_CODE")); + exceptionNames.insert(std::make_pair(0xE0434352, "CLR_EXCEPTION")); + exceptionNames.insert(std::make_pair(0xE06D7363, "CPP_EH_EXCEPTION")); + exceptionNames.insert(std::make_pair(0x406D1388, "MS_VC_EXCEPTION")); + exceptionNames.insert(std::make_pair(0xC00001A5, "STATUS_INVALID_EXCEPTION_HANDLER")); +} + +const char* exceptionnamefromcode(unsigned int ExceptionCode) +{ + if(!exceptionNames.count(ExceptionCode)) + return 0; + return exceptionNames[ExceptionCode]; +} \ No newline at end of file diff --git a/x64_dbg_dbg/exception.h b/x64_dbg_dbg/exception.h new file mode 100644 index 00000000..df0ea2a3 --- /dev/null +++ b/x64_dbg_dbg/exception.h @@ -0,0 +1,7 @@ +#ifndef _EXCEPTION_H +#define _EXCEPTION_H + +void exceptioninit(); +const char* exceptionnamefromcode(unsigned int ExceptionCode); + +#endif //_EXCEPTIONS_H \ No newline at end of file diff --git a/x64_dbg_dbg/function.cpp b/x64_dbg_dbg/function.cpp new file mode 100644 index 00000000..cc5406d6 --- /dev/null +++ b/x64_dbg_dbg/function.cpp @@ -0,0 +1,192 @@ +#include "function.h" +#include "module.h" +#include "debugger.h" +#include "memory.h" +#include "threading.h" + +typedef std::map FunctionsInfo; + +static FunctionsInfo functions; + +bool functionadd(uint start, uint end, bool manual) +{ + if(!DbgIsDebugging() or end < start or !memisvalidreadptr(fdProcessInfo->hProcess, start)) + return false; + const uint modbase = modbasefromaddr(start); + if(modbase != modbasefromaddr(end)) //the function boundaries are not in the same module + return false; + if(functionoverlaps(start, end)) + return false; + FUNCTIONSINFO function; + modnamefromaddr(start, function.mod, true); + function.start = start - modbase; + function.end = end - modbase; + function.manual = manual; + CriticalSectionLocker locker(LockFunctions); + functions.insert(std::make_pair(ModuleRange(modhashfromva(modbase), Range(function.start, function.end)), function)); + return true; +} + +bool functionget(uint addr, uint* start, uint* end) +{ + if(!DbgIsDebugging()) + return false; + uint modbase = modbasefromaddr(addr); + CriticalSectionLocker locker(LockFunctions); + const FunctionsInfo::iterator found = functions.find(ModuleRange(modhashfromva(modbase), Range(addr - modbase, addr - modbase))); + if(found == functions.end()) //not found + return false; + if(start) + *start = found->second.start + modbase; + if(end) + *end = found->second.end + modbase; + return true; +} + +bool functionoverlaps(uint start, uint end) +{ + if(!DbgIsDebugging() or end < start) + return false; + const uint modbase = modbasefromaddr(start); + CriticalSectionLocker locker(LockFunctions); + return (functions.count(ModuleRange(modhashfromva(modbase), Range(start - modbase, end - modbase))) > 0); +} + +bool functiondel(uint addr) +{ + if(!DbgIsDebugging()) + return false; + const uint modbase = modbasefromaddr(addr); + CriticalSectionLocker locker(LockFunctions); + return (functions.erase(ModuleRange(modhashfromva(modbase), Range(addr - modbase, addr - modbase))) > 0); +} + +void functiondelrange(uint start, uint end) +{ + if(!DbgIsDebugging()) + return; + bool bDelAll = (start == 0 && end == ~0); //0x00000000-0xFFFFFFFF + uint modbase = modbasefromaddr(start); + if(modbase != modbasefromaddr(end)) + return; + start -= modbase; + end -= modbase; + CriticalSectionLocker locker(LockFunctions); + FunctionsInfo::iterator i = functions.begin(); + while(i != functions.end()) + { + if(i->second.manual) //ignore manual + { + i++; + continue; + } + if(bDelAll or !(i->second.start <= end and i->second.end >= start)) + functions.erase(i++); + else + i++; + } +} + +void functioncachesave(JSON root) +{ + CriticalSectionLocker locker(LockFunctions); + const JSON jsonfunctions = json_array(); + const JSON jsonautofunctions = json_array(); + for(FunctionsInfo::iterator i = functions.begin(); i != functions.end(); ++i) + { + const FUNCTIONSINFO curFunction = i->second; + JSON curjsonfunction = json_object(); + json_object_set_new(curjsonfunction, "module", json_string(curFunction.mod)); + json_object_set_new(curjsonfunction, "start", json_hex(curFunction.start)); + json_object_set_new(curjsonfunction, "end", json_hex(curFunction.end)); + if(curFunction.manual) + json_array_append_new(jsonfunctions, curjsonfunction); + else + json_array_append_new(jsonautofunctions, curjsonfunction); + } + if(json_array_size(jsonfunctions)) + json_object_set(root, "functions", jsonfunctions); + json_decref(jsonfunctions); + if(json_array_size(jsonautofunctions)) + json_object_set(root, "autofunctions", jsonautofunctions); + json_decref(jsonautofunctions); +} + +void functioncacheload(JSON root) +{ + CriticalSectionLocker locker(LockFunctions); + functions.clear(); + const JSON jsonfunctions = json_object_get(root, "functions"); + if(jsonfunctions) + { + size_t i; + JSON value; + json_array_foreach(jsonfunctions, i, value) + { + FUNCTIONSINFO curFunction; + const char* mod = json_string_value(json_object_get(value, "module")); + if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) + strcpy_s(curFunction.mod, mod); + else + *curFunction.mod = '\0'; + curFunction.start = (uint)json_hex_value(json_object_get(value, "start")); + curFunction.end = (uint)json_hex_value(json_object_get(value, "end")); + if(curFunction.end < curFunction.start) + continue; //invalid function + curFunction.manual = true; + const uint key = modhashfromname(curFunction.mod); + functions.insert(std::make_pair(ModuleRange(modhashfromname(curFunction.mod), Range(curFunction.start, curFunction.end)), curFunction)); + } + } + JSON jsonautofunctions = json_object_get(root, "autofunctions"); + if(jsonautofunctions) + { + size_t i; + JSON value; + json_array_foreach(jsonautofunctions, i, value) + { + FUNCTIONSINFO curFunction; + const char* mod = json_string_value(json_object_get(value, "module")); + if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) + strcpy_s(curFunction.mod, mod); + else + *curFunction.mod = '\0'; + curFunction.start = (uint)json_hex_value(json_object_get(value, "start")); + curFunction.end = (uint)json_hex_value(json_object_get(value, "end")); + if(curFunction.end < curFunction.start) + continue; //invalid function + curFunction.manual = true; + const uint key = modhashfromname(curFunction.mod); + functions.insert(std::make_pair(ModuleRange(modhashfromname(curFunction.mod), Range(curFunction.start, curFunction.end)), curFunction)); + } + } +} + +bool functionenum(FUNCTIONSINFO* functionlist, size_t* cbsize) +{ + if(!DbgIsDebugging()) + return false; + if(!functionlist && !cbsize) + return false; + CriticalSectionLocker locker(LockFunctions); + if(!functionlist && cbsize) + { + *cbsize = functions.size() * sizeof(FUNCTIONSINFO); + return true; + } + int j = 0; + for(FunctionsInfo::iterator i = functions.begin(); i != functions.end(); ++i, j++) + { + functionlist[j] = i->second; + uint modbase = modbasefromname(functionlist[j].mod); + functionlist[j].start += modbase; + functionlist[j].end += modbase; + } + return true; +} + +void functionclear() +{ + CriticalSectionLocker locker(LockFunctions); + FunctionsInfo().swap(functions); +} \ No newline at end of file diff --git a/x64_dbg_dbg/function.h b/x64_dbg_dbg/function.h new file mode 100644 index 00000000..53f4adda --- /dev/null +++ b/x64_dbg_dbg/function.h @@ -0,0 +1,24 @@ +#ifndef _FUNCTION_H +#define _FUNCTION_H + +#include "addrinfo.h" + +struct FUNCTIONSINFO +{ + char mod[MAX_MODULE_SIZE]; + uint start; + uint end; + bool manual; +}; + +bool functionadd(uint start, uint end, bool manual); +bool functionget(uint addr, uint* start, uint* end); +bool functionoverlaps(uint start, uint end); +bool functiondel(uint addr); +void functiondelrange(uint start, uint end); +void functioncachesave(JSON root); +void functioncacheload(JSON root); +bool functionenum(FUNCTIONSINFO* functionlist, size_t* cbsize); +void functionclear(); + +#endif //_FUNCTION_H \ No newline at end of file diff --git a/x64_dbg_dbg/instruction.cpp b/x64_dbg_dbg/instruction.cpp index 1b15060f..ea6da302 100644 --- a/x64_dbg_dbg/instruction.cpp +++ b/x64_dbg_dbg/instruction.cpp @@ -18,6 +18,13 @@ #include "disasm_fast.h" #include "reference.h" #include "disasm_helper.h" +#include "comment.h" +#include "label.h" +#include "bookmark.h" +#include "function.h" +#include "loop.h" +#include "patternfind.h" +#include "module.h" static bool bRefinit = false; @@ -241,7 +248,7 @@ CMDRESULT cbInstrVarList(int argc, char* argv[]) if(variables[i].alias.length()) continue; char name[deflen] = ""; - strcpy(name, variables[i].name.c_str()); + strcpy_s(name, variables[i].name.c_str()); uint value = (uint)variables[i].value.u.value; if(variables[i].type != VAR_HIDDEN) { @@ -430,7 +437,7 @@ CMDRESULT cbAssemble(int argc, char* argv[]) bool fillnop = false; if(argc > 3) fillnop = true; - char error[256] = ""; + char error[MAX_ERROR_SIZE] = ""; int size = 0; if(!assembleat(addr, argv[2], &size, error, fillnop)) { @@ -1075,9 +1082,9 @@ CMDRESULT cbInstrFind(int argc, char* argv[]) char pattern[deflen] = ""; //remove # from the start and end of the pattern (ODBGScript support) if(argv[2][0] == '#') - strcpy(pattern, argv[2] + 1); + strcpy_s(pattern, argv[2] + 1); else - strcpy(pattern, argv[2]); + strcpy_s(pattern, argv[2]); int len = (int)strlen(pattern); if(pattern[len - 1] == '#') pattern[len - 1] = '\0'; @@ -1105,7 +1112,7 @@ CMDRESULT cbInstrFind(int argc, char* argv[]) } else find_size = size - start; - uint foundoffset = memfindpattern(data + start, find_size, pattern); + uint foundoffset = patternfind(data + start, find_size, pattern); uint result = 0; if(foundoffset != -1) result = addr + foundoffset; @@ -1127,9 +1134,9 @@ CMDRESULT cbInstrFindAll(int argc, char* argv[]) char pattern[deflen] = ""; //remove # from the start and end of the pattern (ODBGScript support) if(argv[2][0] == '#') - strcpy(pattern, argv[2] + 1); + strcpy_s(pattern, argv[2] + 1); else - strcpy(pattern, argv[2]); + strcpy_s(pattern, argv[2]); int len = (int)strlen(pattern); if(pattern[len - 1] == '#') pattern[len - 1] = '\0'; @@ -1178,7 +1185,7 @@ CMDRESULT cbInstrFindAll(int argc, char* argv[]) while(refCount < 5000) { int patternsize = 0; - uint foundoffset = memfindpattern(data + start + i, find_size - i, pattern, &patternsize); + uint foundoffset = patternfind(data + start + i, find_size - i, pattern, &patternsize); if(foundoffset == -1) break; i += foundoffset + 1; @@ -1510,7 +1517,7 @@ CMDRESULT cbInstrFindAsm(int argc, char* argv[]) unsigned char dest[16]; int asmsize = 0; - char error[256] = ""; + char error[MAX_ERROR_SIZE] = ""; if(!assemble(addr + size / 2, dest, &asmsize, argv[1], error)) { dprintf("failed to assemble \"%s\" (%s)!\n", argv[1], error); @@ -1526,3 +1533,234 @@ CMDRESULT cbInstrFindAsm(int argc, char* argv[]) varset("$result", found, false); return STATUS_CONTINUE; } + +static void yaraCompilerCallback(int error_level, const char* file_name, int line_number, const char* message, void* user_data) +{ + switch(error_level) + { + case YARA_ERROR_LEVEL_ERROR: + dprintf("[YARA ERROR] "); + break; + case YARA_ERROR_LEVEL_WARNING: + dprintf("[YARA WARNING] "); + break; + } + dprintf("File: \"%s\", Line: %d, Message: \"%s\"\n", file_name, line_number, message); +} + +static String yara_print_string(const uint8_t* data, int length) +{ + String result = "\""; + const char* str = (const char*)data; + for(int i = 0; i < length; i++) + { + char cur[16] = ""; + if(str[i] >= 32 && str[i] <= 126) + sprintf_s(cur, "%c", str[i]); + else + sprintf_s(cur, "\\x%02X", (uint8_t) str[i]); + result += cur; + } + result += "\""; + return result; +} + +static String yara_print_hex_string(const uint8_t* data, int length) +{ + String result = ""; + for(int i = 0; i < length; i++) + { + if(i) + result += " "; + char cur[16] = ""; + sprintf_s(cur, "%02X", (uint8_t) data[i]); + result += cur; + } + return result; +} + +struct YaraScanInfo +{ + uint base; + int index; +}; + +static int yaraScanCallback(int message, void* message_data, void* user_data) +{ + YaraScanInfo* scanInfo = (YaraScanInfo*)user_data; + switch(message) + { + case CALLBACK_MSG_RULE_MATCHING: + { + uint base = scanInfo->base; + YR_RULE* yrRule = (YR_RULE*)message_data; + dprintf("[YARA] Rule \"%s\" matched:\n", yrRule->identifier); + YR_STRING* string; + yr_rule_strings_foreach(yrRule, string) + { + YR_MATCH* match; + yr_string_matches_foreach(string, match) + { + String pattern; + if(STRING_IS_HEX(string)) + pattern = yara_print_hex_string(match->data, match->length); + else + pattern = yara_print_string(match->data, match->length); + uint addr = (uint)(base + match->base + match->offset); + //dprintf("[YARA] String \"%s\" : %s on 0x%"fext"X\n", string->identifier, pattern.c_str(), addr); + + //update references + int index = scanInfo->index; + GuiReferenceSetRowCount(index + 1); + scanInfo->index++; + char addr_text[deflen] = ""; + sprintf(addr_text, fhex, addr); + GuiReferenceSetCellContent(index, 0, addr_text); //Address + String ruleFullName = ""; + ruleFullName += yrRule->identifier; + ruleFullName += "."; + ruleFullName += string->identifier; + GuiReferenceSetCellContent(index, 1, ruleFullName.c_str()); //Rule + GuiReferenceSetCellContent(index, 2, pattern.c_str()); //Data + } + } + } + break; + + case CALLBACK_MSG_RULE_NOT_MATCHING: + { + YR_RULE* yrRule = (YR_RULE*)message_data; + dprintf("[YARA] Rule \"%s\" did not match!\n", yrRule->identifier); + } + break; + + case CALLBACK_MSG_SCAN_FINISHED: + { + dputs("[YARA] Scan finished!"); + } + break; + + case CALLBACK_MSG_IMPORT_MODULE: + { + YR_MODULE_IMPORT* yrModuleImport = (YR_MODULE_IMPORT*)message_data; + dprintf("[YARA] Imported module \"%s\"!\n", yrModuleImport->module_name); + } + break; + } + return ERROR_SUCCESS; //nicely undocumented what this should be +} + +CMDRESULT cbInstrYara(int argc, char* argv[]) +{ + if(argc < 2) //yara rulesFile, addr_of_mempage, size_of_scan + { + dputs("not enough arguments!"); + return STATUS_ERROR; + } + uint addr = 0; + if(argc < 3 || !valfromstring(argv[2], &addr)) + addr = GetContextDataEx(hActiveThread, UE_CIP); + uint size = 0; + if(argc >= 4) + if(!valfromstring(argv[3], &size)) + size = 0; + if(!size) + addr = memfindbaseaddr(addr, &size); + uint base=addr; + dprintf("%p[%p]\n",base,size); + Memory data(size); + if(!memread(fdProcessInfo->hProcess, (const void*)base, data(), size, 0)) + { + dprintf("failed to read memory page %p[%X]!\n", base, size); + return STATUS_ERROR; + } + + FILE* rulesFile = 0; + if(_wfopen_s(&rulesFile, StringUtils::Utf8ToUtf16(argv[1]).c_str(), L"rb")) + { + dputs("failed to open yara rules file!"); + return STATUS_ERROR; + } + + bool bSuccess = false; + YR_COMPILER* yrCompiler; + if(yr_compiler_create(&yrCompiler) == ERROR_SUCCESS) + { + yr_compiler_set_callback(yrCompiler, yaraCompilerCallback, 0); + if(yr_compiler_add_file(yrCompiler, rulesFile, NULL, argv[1]) == 0) //no errors found + { + fclose(rulesFile); + YR_RULES* yrRules; + if(yr_compiler_get_rules(yrCompiler, &yrRules) == ERROR_SUCCESS) + { + //initialize new reference tab + char modname[MAX_MODULE_SIZE] = ""; + if(!modnamefromaddr(base, modname, true)) + sprintf_s(modname, "%p", base); + String fullName; + const char* fileName = strrchr(argv[1], '\\'); + if(fileName) + fullName = fileName + 1; + else + fullName = argv[1]; + fullName += " ("; + fullName += modname; + fullName += ")"; //nanana, very ugly code (long live open source) + GuiReferenceInitialize(fullName.c_str()); + GuiReferenceAddColumn(sizeof(uint) * 2, "Address"); + GuiReferenceAddColumn(48, "Rule"); + GuiReferenceAddColumn(0, "Data"); + GuiReferenceSetRowCount(0); + GuiReferenceReloadData(); + YaraScanInfo scanInfo; + scanInfo.base = base; + scanInfo.index = 0; + uint ticks = GetTickCount(); + dputs("[YARA] Scan started..."); + int err = yr_rules_scan_mem(yrRules, data(), size, 0, yaraScanCallback, &scanInfo, 0); + GuiReferenceReloadData(); + switch(err) + { + case ERROR_SUCCESS: + dprintf("%u scan results in %ums...\n", scanInfo.index, GetTickCount() - ticks); + bSuccess = true; + break; + case ERROR_TOO_MANY_MATCHES: + dputs("too many matches!"); + break; + default: + dputs("error while scanning memory!"); + break; + } + yr_rules_destroy(yrRules); + } + else + dputs("error while getting the rules!"); + } + else + dputs("errors in the rules file!"); + yr_compiler_destroy(yrCompiler); + } + else + dputs("yr_compiler_create failed!"); + return bSuccess ? STATUS_CONTINUE : STATUS_ERROR; +} + +CMDRESULT cbInstrYaramod(int argc, char* argv[]) +{ + if(argc < 3) + { + dputs("not enough arguments!"); + return STATUS_ERROR; + } + uint base = modbasefromname(argv[2]); + if(!base) + { + dprintf("invalid module \"%s\"!\n", argv[2]); + return STATUS_ERROR; + } + uint size = modsizefromaddr(base); + char newcmd[deflen]=""; + sprintf_s(newcmd, "yara \"%s\",%p,%p", argv[1], base, size); + return cmddirectexec(dbggetcommandlist(), newcmd); +} diff --git a/x64_dbg_dbg/instruction.h b/x64_dbg_dbg/instruction.h index 231f0fc8..c490cac2 100644 --- a/x64_dbg_dbg/instruction.h +++ b/x64_dbg_dbg/instruction.h @@ -62,5 +62,7 @@ CMDRESULT cbInstrFunctionList(int argc, char* argv[]); CMDRESULT cbInstrLoopList(int argc, char* argv[]); CMDRESULT cbInstrSleep(int argc, char* argv[]); CMDRESULT cbInstrFindAsm(int argc, char* argv[]); +CMDRESULT cbInstrYara(int argc, char* argv[]); +CMDRESULT cbInstrYaramod(int argc, char* argv[]); #endif // _INSTRUCTIONS_H diff --git a/x64_dbg_dbg/label.cpp b/x64_dbg_dbg/label.cpp new file mode 100644 index 00000000..9421ef7f --- /dev/null +++ b/x64_dbg_dbg/label.cpp @@ -0,0 +1,204 @@ +#include "label.h" +#include "threading.h" +#include "module.h" +#include "memory.h" +#include "debugger.h" + +typedef std::map LabelsInfo; + +static LabelsInfo labels; + +bool labelset(uint addr, const char* text, bool manual) +{ + if(!DbgIsDebugging() or !memisvalidreadptr(fdProcessInfo->hProcess, addr) or !text or strlen(text) >= MAX_LABEL_SIZE - 1 or strstr(text, "&")) + return false; + if(!*text) //NOTE: delete when there is no text + { + labeldel(addr); + return true; + } + LABELSINFO label; + label.manual = manual; + strcpy_s(label.text, text); + modnamefromaddr(addr, label.mod, true); + label.addr = addr - modbasefromaddr(addr); + uint key = modhashfromva(addr); + CriticalSectionLocker locker(LockLabels); + if(!labels.insert(std::make_pair(modhashfromva(key), label)).second) //already present + labels[key] = label; + return true; +} + +bool labelfromstring(const char* text, uint* addr) +{ + if(!DbgIsDebugging()) + return false; + CriticalSectionLocker locker(LockLabels); + for(LabelsInfo::iterator i = labels.begin(); i != labels.end(); ++i) + { + if(!strcmp(i->second.text, text)) + { + if(addr) + *addr = i->second.addr + modbasefromname(i->second.mod); + return true; + } + } + return false; +} + +bool labelget(uint addr, char* text) +{ + if(!DbgIsDebugging()) + return false; + CriticalSectionLocker locker(LockLabels); + const LabelsInfo::iterator found = labels.find(modhashfromva(addr)); + if(found == labels.end()) //not found + return false; + if(text) + strcpy_s(text, MAX_LABEL_SIZE, found->second.text); + return true; +} + +bool labeldel(uint addr) +{ + if(!DbgIsDebugging()) + return false; + CriticalSectionLocker locker(LockLabels); + return (labels.erase(modhashfromva(addr)) > 0); +} + +void labeldelrange(uint start, uint end) +{ + if(!DbgIsDebugging()) + return; + bool bDelAll = (start == 0 && end == ~0); //0x00000000-0xFFFFFFFF + uint modbase = modbasefromaddr(start); + if(modbase != modbasefromaddr(end)) + return; + start -= modbase; + end -= modbase; + CriticalSectionLocker locker(LockLabels); + LabelsInfo::iterator i = labels.begin(); + while(i != labels.end()) + { + if(i->second.manual) //ignore manual + { + i++; + continue; + } + if(bDelAll || (i->second.addr >= start && i->second.addr < end)) + labels.erase(i++); + else + i++; + } +} + +void labelcachesave(JSON root) +{ + CriticalSectionLocker locker(LockLabels); + const JSON jsonlabels = json_array(); + const JSON jsonautolabels = json_array(); + for(LabelsInfo::iterator i = labels.begin(); i != labels.end(); ++i) + { + const LABELSINFO curLabel = i->second; + JSON curjsonlabel = json_object(); + json_object_set_new(curjsonlabel, "module", json_string(curLabel.mod)); + json_object_set_new(curjsonlabel, "address", json_hex(curLabel.addr)); + json_object_set_new(curjsonlabel, "text", json_string(curLabel.text)); + if(curLabel.manual) + json_array_append_new(jsonlabels, curjsonlabel); + else + json_array_append_new(jsonautolabels, curjsonlabel); + } + if(json_array_size(jsonlabels)) + json_object_set(root, "labels", jsonlabels); + json_decref(jsonlabels); + if(json_array_size(jsonautolabels)) + json_object_set(root, "autolabels", jsonautolabels); + json_decref(jsonautolabels); +} + +void labelcacheload(JSON root) +{ + CriticalSectionLocker locker(LockLabels); + labels.clear(); + const JSON jsonlabels = json_object_get(root, "labels"); + if(jsonlabels) + { + size_t i; + JSON value; + json_array_foreach(jsonlabels, i, value) + { + LABELSINFO curLabel; + const char* mod = json_string_value(json_object_get(value, "module")); + if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) + strcpy_s(curLabel.mod, mod); + else + *curLabel.mod = '\0'; + curLabel.addr = (uint)json_hex_value(json_object_get(value, "address")); + curLabel.manual = true; + const char* text = json_string_value(json_object_get(value, "text")); + if(text) + strcpy_s(curLabel.text, text); + else + continue; //skip + int len = (int)strlen(curLabel.text); + for(int i = 0; i < len; i++) + if(curLabel.text[i] == '&') + curLabel.text[i] = ' '; + const uint key = modhashfromname(curLabel.mod) + curLabel.addr; + labels.insert(std::make_pair(key, curLabel)); + } + } + JSON jsonautolabels = json_object_get(root, "autolabels"); + if(jsonautolabels) + { + size_t i; + JSON value; + json_array_foreach(jsonautolabels, i, value) + { + LABELSINFO curLabel; + const char* mod = json_string_value(json_object_get(value, "module")); + if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) + strcpy_s(curLabel.mod, mod); + else + *curLabel.mod = '\0'; + curLabel.addr = (uint)json_hex_value(json_object_get(value, "address")); + curLabel.manual = false; + const char* text = json_string_value(json_object_get(value, "text")); + if(text) + strcpy_s(curLabel.text, text); + else + continue; //skip + const uint key = modhashfromname(curLabel.mod) + curLabel.addr; + labels.insert(std::make_pair(key, curLabel)); + } + } +} + +bool labelenum(LABELSINFO* labellist, size_t* cbsize) +{ + if(!DbgIsDebugging()) + return false; + if(!labellist && !cbsize) + return false; + CriticalSectionLocker locker(LockLabels); + if(!labellist && cbsize) + { + *cbsize = labels.size() * sizeof(LABELSINFO); + return true; + } + int j = 0; + for(LabelsInfo::iterator i = labels.begin(); i != labels.end(); ++i, j++) + { + labellist[j] = i->second; + labellist[j].addr += modbasefromname(labellist[j].mod); + } + return true; +} + +void labelclear() +{ + CriticalSectionLocker locker(LockLabels); + LabelsInfo().swap(labels); +} \ No newline at end of file diff --git a/x64_dbg_dbg/label.h b/x64_dbg_dbg/label.h new file mode 100644 index 00000000..3b4d06fd --- /dev/null +++ b/x64_dbg_dbg/label.h @@ -0,0 +1,24 @@ +#ifndef _LABEL_H +#define _LABEL_H + +#include "_global.h" + +struct LABELSINFO +{ + char mod[MAX_MODULE_SIZE]; + uint addr; + char text[MAX_LABEL_SIZE]; + bool manual; +}; + +bool labelset(uint addr, const char* text, bool manual); +bool labelfromstring(const char* text, uint* addr); +bool labelget(uint addr, char* text); +bool labeldel(uint addr); +void labeldelrange(uint start, uint end); +void labelcachesave(JSON root); +void labelcacheload(JSON root); +bool labelenum(LABELSINFO* labellist, size_t* cbsize); +void labelclear(); + +#endif //_LABEL_H \ No newline at end of file diff --git a/x64_dbg_dbg/loop.cpp b/x64_dbg_dbg/loop.cpp new file mode 100644 index 00000000..a390513d --- /dev/null +++ b/x64_dbg_dbg/loop.cpp @@ -0,0 +1,203 @@ +#include "loop.h" +#include "debugger.h" +#include "memory.h" +#include "threading.h" +#include "module.h" + +typedef std::map LoopsInfo; + +static LoopsInfo loops; + +bool loopadd(uint start, uint end, bool manual) +{ + if(!DbgIsDebugging() or end < start or !memisvalidreadptr(fdProcessInfo->hProcess, start)) + return false; + const uint modbase = modbasefromaddr(start); + if(modbase != modbasefromaddr(end)) //the function boundaries are not in the same mem page + return false; + int finaldepth; + if(loopoverlaps(0, start, end, &finaldepth)) //loop cannot overlap another loop + return false; + LOOPSINFO loop; + modnamefromaddr(start, loop.mod, true); + loop.start = start - modbase; + loop.end = end - modbase; + loop.depth = finaldepth; + if(finaldepth) + loopget(finaldepth - 1, start, &loop.parent, 0); + else + loop.parent = 0; + loop.manual = manual; + CriticalSectionLocker locker(LockLoops); + loops.insert(std::make_pair(DepthModuleRange(finaldepth, ModuleRange(modhashfromva(modbase), Range(loop.start, loop.end))), loop)); + return true; +} + +//get the start/end of a loop at a certain depth and addr +bool loopget(int depth, uint addr, uint* start, uint* end) +{ + if(!DbgIsDebugging()) + return false; + const uint modbase = modbasefromaddr(addr); + CriticalSectionLocker locker(LockLoops); + LoopsInfo::iterator found = loops.find(DepthModuleRange(depth, ModuleRange(modhashfromva(modbase), Range(addr - modbase, addr - modbase)))); + if(found == loops.end()) //not found + return false; + if(start) + *start = found->second.start + modbase; + if(end) + *end = found->second.end + modbase; + return true; +} + +//check if a loop overlaps a range, inside is not overlapping +bool loopoverlaps(int depth, uint start, uint end, int* finaldepth) +{ + if(!DbgIsDebugging()) + return false; + + const uint modbase = modbasefromaddr(start); + uint curStart = start - modbase; + uint curEnd = end - modbase; + const uint key = modhashfromva(modbase); + + CriticalSectionLocker locker(LockLoops); + + //check if the new loop fits in the old loop + for(LoopsInfo::iterator i = loops.begin(); i != loops.end(); ++i) + { + if(i->first.second.first != key) //only look in the current module + continue; + LOOPSINFO* curLoop = &i->second; + if(curLoop->start < curStart and curLoop->end > curEnd and curLoop->depth == depth) + return loopoverlaps(depth + 1, curStart, curEnd, finaldepth); + } + + if(finaldepth) + *finaldepth = depth; + + //check for loop overlaps + for(LoopsInfo::iterator i = loops.begin(); i != loops.end(); ++i) + { + if(i->first.second.first != key) //only look in the current module + continue; + LOOPSINFO* curLoop = &i->second; + if(curLoop->start <= curEnd and curLoop->end >= curStart and curLoop->depth == depth) + return true; + } + return false; +} + +//this should delete a loop and all sub-loops that matches a certain addr +bool loopdel(int depth, uint addr) +{ + return false; +} + +void loopcachesave(JSON root) +{ + CriticalSectionLocker locker(LockLoops); + const JSON jsonloops = json_array(); + const JSON jsonautoloops = json_array(); + for(LoopsInfo::iterator i = loops.begin(); i != loops.end(); ++i) + { + const LOOPSINFO curLoop = i->second; + JSON curjsonloop = json_object(); + json_object_set_new(curjsonloop, "module", json_string(curLoop.mod)); + json_object_set_new(curjsonloop, "start", json_hex(curLoop.start)); + json_object_set_new(curjsonloop, "end", json_hex(curLoop.end)); + json_object_set_new(curjsonloop, "depth", json_integer(curLoop.depth)); + json_object_set_new(curjsonloop, "parent", json_hex(curLoop.parent)); + if(curLoop.manual) + json_array_append_new(jsonloops, curjsonloop); + else + json_array_append_new(jsonautoloops, curjsonloop); + } + if(json_array_size(jsonloops)) + json_object_set(root, "loops", jsonloops); + json_decref(jsonloops); + if(json_array_size(jsonautoloops)) + json_object_set(root, "autoloops", jsonautoloops); + json_decref(jsonautoloops); +} + +void loopcacheload(JSON root) +{ + CriticalSectionLocker locker(LockLoops); + loops.clear(); + const JSON jsonloops = json_object_get(root, "loops"); + if(jsonloops) + { + size_t i; + JSON value; + json_array_foreach(jsonloops, i, value) + { + LOOPSINFO curLoop; + const char* mod = json_string_value(json_object_get(value, "module")); + if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) + strcpy_s(curLoop.mod, mod); + else + *curLoop.mod = '\0'; + curLoop.start = (uint)json_hex_value(json_object_get(value, "start")); + curLoop.end = (uint)json_hex_value(json_object_get(value, "end")); + curLoop.depth = (int)json_integer_value(json_object_get(value, "depth")); + curLoop.parent = (uint)json_hex_value(json_object_get(value, "parent")); + if(curLoop.end < curLoop.start) + continue; //invalid loop + curLoop.manual = true; + loops.insert(std::make_pair(DepthModuleRange(curLoop.depth, ModuleRange(modhashfromname(curLoop.mod), Range(curLoop.start, curLoop.end))), curLoop)); + } + } + JSON jsonautoloops = json_object_get(root, "autoloops"); + if(jsonautoloops) + { + size_t i; + JSON value; + json_array_foreach(jsonautoloops, i, value) + { + LOOPSINFO curLoop; + const char* mod = json_string_value(json_object_get(value, "module")); + if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE) + strcpy_s(curLoop.mod, mod); + else + *curLoop.mod = '\0'; + curLoop.start = (uint)json_hex_value(json_object_get(value, "start")); + curLoop.end = (uint)json_hex_value(json_object_get(value, "end")); + curLoop.depth = (int)json_integer_value(json_object_get(value, "depth")); + curLoop.parent = (uint)json_hex_value(json_object_get(value, "parent")); + if(curLoop.end < curLoop.start) + continue; //invalid loop + curLoop.manual = false; + loops.insert(std::make_pair(DepthModuleRange(curLoop.depth, ModuleRange(modhashfromname(curLoop.mod), Range(curLoop.start, curLoop.end))), curLoop)); + } + } +} + +bool loopenum(LOOPSINFO* looplist, size_t* cbsize) +{ + if(!DbgIsDebugging()) + return false; + if(!looplist && !cbsize) + return false; + CriticalSectionLocker locker(LockLoops); + if(!looplist && cbsize) + { + *cbsize = loops.size() * sizeof(LOOPSINFO); + return true; + } + int j = 0; + for(LoopsInfo::iterator i = loops.begin(); i != loops.end(); ++i, j++) + { + looplist[j] = i->second; + uint modbase = modbasefromname(looplist[j].mod); + looplist[j].start += modbase; + looplist[j].end += modbase; + } + return true; +} + +void loopclear() +{ + CriticalSectionLocker locker(LockLoops); + LoopsInfo().swap(loops); +} \ No newline at end of file diff --git a/x64_dbg_dbg/loop.h b/x64_dbg_dbg/loop.h new file mode 100644 index 00000000..14b87c1d --- /dev/null +++ b/x64_dbg_dbg/loop.h @@ -0,0 +1,25 @@ +#ifndef _LOOP_H +#define _LOOP_H + +#include "addrinfo.h" + +struct LOOPSINFO +{ + char mod[MAX_MODULE_SIZE]; + uint start; + uint end; + uint parent; + int depth; + bool manual; +}; + +bool loopadd(uint start, uint end, bool manual); +bool loopget(int depth, uint addr, uint* start, uint* end); +bool loopoverlaps(int depth, uint start, uint end, int* finaldepth); +bool loopdel(int depth, uint addr); +void loopcachesave(JSON root); +void loopcacheload(JSON root); +bool loopenum(LOOPSINFO* looplist, size_t* cbsize); +void loopclear(); + +#endif //_LOOP_H \ No newline at end of file diff --git a/x64_dbg_dbg/memory.cpp b/x64_dbg_dbg/memory.cpp index fd292a28..c03fc24a 100644 --- a/x64_dbg_dbg/memory.cpp +++ b/x64_dbg_dbg/memory.cpp @@ -9,6 +9,7 @@ #include "patches.h" #include "console.h" #include "threading.h" +#include "module.h" MemoryMap memoryPages; bool bListAllPages = false; @@ -226,104 +227,4 @@ void* memalloc(HANDLE hProcess, uint addr, SIZE_T size, DWORD fdProtect) void memfree(HANDLE hProcess, uint addr) { VirtualFreeEx(hProcess, (void*)addr, 0, MEM_RELEASE); -} - -static int formathexpattern(char* string) -{ - int len = (int)strlen(string); - _strupr(string); - Memory new_string(len + 1, "formathexpattern:new_string"); - memset(new_string, 0, len + 1); - for(int i = 0, j = 0; i < len; i++) - if(string[i] == '?' or isxdigit(string[i])) - j += sprintf(new_string + j, "%c", string[i]); - strcpy(string, new_string); - return (int)strlen(string); -} - -static bool patterntransform(const char* text, std::vector* pattern) -{ - if(!text or !pattern) - return false; - pattern->clear(); - int len = (int)strlen(text); - if(!len) - return false; - Memory newtext(len + 2, "transformpattern:newtext"); - strcpy(newtext, text); - len = formathexpattern(newtext); - if(len % 2) //not a multiple of 2 - { - newtext[len] = '?'; - newtext[len + 1] = '\0'; - len++; - } - PATTERNBYTE newByte; - for(int i = 0, j = 0; i < len; i++) - { - if(newtext[i] == '?') //wildcard - { - newByte.n[j].all = true; //match anything - newByte.n[j].n = 0; - j++; - } - else //hex - { - char x[2] = ""; - *x = newtext[i]; - unsigned int val = 0; - sscanf(x, "%x", &val); - newByte.n[j].all = false; - newByte.n[j].n = val & 0xF; - j++; - } - - if(j == 2) //two nibbles = one byte - { - j = 0; - pattern->push_back(newByte); - } - } - return true; -} - -static bool patternmatchbyte(unsigned char byte, PATTERNBYTE* pbyte) -{ - unsigned char n1 = (byte >> 4) & 0xF; - unsigned char n2 = byte & 0xF; - int matched = 0; - if(pbyte->n[0].all) - matched++; - else if(pbyte->n[0].n == n1) - matched++; - if(pbyte->n[1].all) - matched++; - else if(pbyte->n[1].n == n2) - matched++; - return (matched == 2); -} - -uint memfindpattern(unsigned char* data, uint size, const char* pattern, int* patternsize) -{ - std::vector searchpattern; - if(!patterntransform(pattern, &searchpattern)) - return -1; - int searchpatternsize = (int)searchpattern.size(); - if(patternsize) - *patternsize = searchpatternsize; - for(uint i = 0, pos = 0; i < size; i++) //search for the pattern - { - if(patternmatchbyte(data[i], &searchpattern.at(pos))) //check if our pattern matches the current byte - { - pos++; - if(pos == searchpatternsize) //everything matched - return i - searchpatternsize + 1; - } - else if(pos > 0) //fix by Computer_Angel - { - i -= pos; // return to previous byte - pos = 0; //reset current pattern position - } - } - return -1; -} +} diff --git a/x64_dbg_dbg/memory.h b/x64_dbg_dbg/memory.h index 4f6c8276..c17c6f18 100644 --- a/x64_dbg_dbg/memory.h +++ b/x64_dbg_dbg/memory.h @@ -9,17 +9,6 @@ typedef std::map MemoryMap; extern MemoryMap memoryPages; extern bool bListAllPages; -struct PATTERNNIBBLE -{ - unsigned char n; - bool all; -}; - -struct PATTERNBYTE -{ - PATTERNNIBBLE n[2]; -}; - void memupdatemap(HANDLE hProcess); uint memfindbaseaddr(uint addr, uint* size, bool refresh = false); bool memread(HANDLE hProcess, const void* lpBaseAddress, void* lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead); @@ -28,6 +17,5 @@ bool mempatch(HANDLE hProcess, void* lpBaseAddress, const void* lpBuffer, SIZE_T bool memisvalidreadptr(HANDLE hProcess, uint addr); void* memalloc(HANDLE hProcess, uint addr, SIZE_T size, DWORD fdProtect); void memfree(HANDLE hProcess, uint addr); -uint memfindpattern(unsigned char* data, uint size, const char* pattern, int* patternsize = 0); #endif // _MEMORY_H diff --git a/x64_dbg_dbg/module.cpp b/x64_dbg_dbg/module.cpp new file mode 100644 index 00000000..3d4c91cf --- /dev/null +++ b/x64_dbg_dbg/module.cpp @@ -0,0 +1,199 @@ +#include "module.h" +#include "debugger.h" +#include "threading.h" +#include "symbolinfo.h" +#include "murmurhash.h" + +static ModulesInfo modinfo; + +///module functions +bool modload(uint base, uint size, const char* fullpath) +{ + if(!base or !size or !fullpath) + return false; + char name[deflen] = ""; + + int len = (int)strlen(fullpath); + while(fullpath[len] != '\\' and len) + len--; + if(len) + len++; + strcpy_s(name, fullpath + len); + _strlwr(name); + len = (int)strlen(name); + name[MAX_MODULE_SIZE - 1] = 0; //ignore later characters + while(name[len] != '.' and len) + len--; + MODINFO info; + memset(&info, 0, sizeof(MODINFO)); + info.sections.clear(); + info.hash = modhashfromname(name); + if(len) + { + strcpy_s(info.extension, name + len); + name[len] = 0; //remove extension + } + info.base = base; + info.size = size; + strcpy_s(info.name, name); + + //process module sections + HANDLE FileHandle; + DWORD LoadedSize; + HANDLE FileMap; + ULONG_PTR FileMapVA; + WString wszFullPath = StringUtils::Utf8ToUtf16(fullpath); + if(StaticFileLoadW(wszFullPath.c_str(), UE_ACCESS_READ, false, &FileHandle, &LoadedSize, &FileMap, &FileMapVA)) + { + info.entry = GetPE32DataFromMappedFile(FileMapVA, 0, UE_OEP) + info.base; //get entry point + int SectionCount = (int)GetPE32DataFromMappedFile(FileMapVA, 0, UE_SECTIONNUMBER); + if(SectionCount > 0) + { + for(int i = 0; i < SectionCount; i++) + { + MODSECTIONINFO curSection; + curSection.addr = GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALOFFSET) + base; + curSection.size = GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALSIZE); + const char* SectionName = (const char*)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONNAME); + //escape section name when needed + int len = (int)strlen(SectionName); + int escape_count = 0; + for(int k = 0; k < len; k++) + if(SectionName[k] == '\\' or SectionName[k] == '\"' or !isprint(SectionName[k])) + escape_count++; + strcpy_s(curSection.name, StringUtils::Escape(SectionName).c_str()); + info.sections.push_back(curSection); + } + } + StaticFileUnloadW(wszFullPath.c_str(), false, FileHandle, LoadedSize, FileMap, FileMapVA); + } + + //add module to list + CriticalSectionLocker locker(LockModules); + modinfo.insert(std::make_pair(Range(base, base + size - 1), info)); + symupdatemodulelist(); + return true; +} + +bool modunload(uint base) +{ + CriticalSectionLocker locker(LockModules); + const ModulesInfo::iterator found = modinfo.find(Range(base, base)); + if(found == modinfo.end()) //not found + return false; + modinfo.erase(found); + symupdatemodulelist(); + return true; +} + +void modclear() +{ + CriticalSectionLocker locker(LockModules); + ModulesInfo().swap(modinfo); + symupdatemodulelist(); +} + +bool modnamefromaddr(uint addr, char* modname, bool extension) +{ + if(!modname) + return false; + *modname = '\0'; + CriticalSectionLocker locker(LockModules); + const ModulesInfo::iterator found = modinfo.find(Range(addr, addr)); + if(found == modinfo.end()) //not found + return false; + String mod = found->second.name; + if(extension) + mod += found->second.extension; + strcpy_s(modname, MAX_MODULE_SIZE, mod.c_str()); + return true; +} + +uint modbasefromaddr(uint addr) +{ + CriticalSectionLocker locker(LockModules); + const ModulesInfo::iterator found = modinfo.find(Range(addr, addr)); + if(found == modinfo.end()) //not found + return 0; + return found->second.base; +} + +uint modhashfromva(uint va) //return a unique hash from a VA +{ + CriticalSectionLocker locker(LockModules); + const ModulesInfo::iterator found = modinfo.find(Range(va, va)); + if(found == modinfo.end()) //not found + return va; + return found->second.hash + (va - found->second.base); +} + +uint modhashfromname(const char* mod) //return MODINFO.hash +{ + if(!mod or !*mod) + return 0; + int len = (int)strlen(mod); + return murmurhash(mod, len); +} + +uint modbasefromname(const char* modname) +{ + if(!modname or strlen(modname) >= MAX_MODULE_SIZE) + return 0; + CriticalSectionLocker locker(LockModules); + for(ModulesInfo::iterator i = modinfo.begin(); i != modinfo.end(); ++i) + { + MODINFO* curMod = &i->second; + char curmodname[MAX_MODULE_SIZE] = ""; + sprintf(curmodname, "%s%s", curMod->name, curMod->extension); + if(!_stricmp(curmodname, modname)) //with extension + return curMod->base; + if(!_stricmp(curMod->name, modname)) //without extension + return curMod->base; + } + return 0; +} + +uint modsizefromaddr(uint addr) +{ + CriticalSectionLocker locker(LockModules); + const ModulesInfo::iterator found = modinfo.find(Range(addr, addr)); + if(found == modinfo.end()) //not found + return 0; + return found->second.size; +} + +bool modsectionsfromaddr(uint addr, std::vector* sections) +{ + CriticalSectionLocker locker(LockModules); + const ModulesInfo::iterator found = modinfo.find(Range(addr, addr)); + if(found == modinfo.end()) //not found + return false; + *sections = found->second.sections; + return true; +} + +uint modentryfromaddr(uint addr) +{ + CriticalSectionLocker locker(LockModules); + const ModulesInfo::iterator found = modinfo.find(Range(addr, addr)); + if(found == modinfo.end()) //not found + return 0; + return found->second.entry; +} + +int modpathfromaddr(duint addr, char* path, int size) +{ + Memory wszModPath(size * sizeof(wchar_t), "modpathfromaddr:wszModPath"); + if(!GetModuleFileNameExW(fdProcessInfo->hProcess, (HMODULE)modbasefromaddr(addr), wszModPath, size)) + { + *path = '\0'; + return 0; + } + strcpy_s(path, size, StringUtils::Utf16ToUtf8(wszModPath()).c_str()); + return (int)strlen(path); +} + +int modpathfromname(const char* modname, char* path, int size) +{ + return modpathfromaddr(modbasefromname(modname), path, size); +} diff --git a/x64_dbg_dbg/module.h b/x64_dbg_dbg/module.h new file mode 100644 index 00000000..95edba18 --- /dev/null +++ b/x64_dbg_dbg/module.h @@ -0,0 +1,40 @@ +#ifndef _MODULE_H +#define _MODULE_H + +#include "_global.h" +#include "addrinfo.h" + +struct MODSECTIONINFO +{ + uint addr; //va + uint size; //virtual size + char name[50]; +}; + +struct MODINFO +{ + uint base; //module base + uint size; //module size + uint hash; //full module name hash + uint entry; //entry point + char name[MAX_MODULE_SIZE]; //module name (without extension) + char extension[MAX_MODULE_SIZE]; //file extension + std::vector sections; +}; +typedef std::map ModulesInfo; + +bool modload(uint base, uint size, const char* fullpath); +bool modunload(uint base); +void modclear(); +bool modnamefromaddr(uint addr, char* modname, bool extension); +uint modbasefromaddr(uint addr); +uint modhashfromva(uint va); +uint modhashfromname(const char* mod); +uint modbasefromname(const char* modname); +uint modsizefromaddr(uint addr); +bool modsectionsfromaddr(uint addr, std::vector* sections); +uint modentryfromaddr(uint addr); +int modpathfromaddr(duint addr, char* path, int size); +int modpathfromname(const char* modname, char* path, int size); + +#endif //_MODULE_H \ No newline at end of file diff --git a/x64_dbg_dbg/patches.cpp b/x64_dbg_dbg/patches.cpp index 73a84460..958d3fc1 100644 --- a/x64_dbg_dbg/patches.cpp +++ b/x64_dbg_dbg/patches.cpp @@ -10,6 +10,7 @@ #include "debugger.h" #include "console.h" #include "threading.h" +#include "module.h" static PatchesInfo patches; @@ -129,7 +130,7 @@ bool patchenum(PATCHINFO* patcheslist, size_t* cbsize) CriticalSectionLocker locker(LockPatches); if(!patcheslist && cbsize) { - *cbsize = patches.size() * sizeof(LOOPSINFO); + *cbsize = patches.size() * sizeof(PATCHINFO); return true; } int j = 0; @@ -147,11 +148,11 @@ int patchfile(const PATCHINFO* patchlist, int count, const char* szFileName, cha if(!count) { if(error) - strcpy(error, "no patches to apply"); + strcpy_s(error, MAX_ERROR_SIZE, "no patches to apply"); return -1; } char modname[MAX_MODULE_SIZE] = ""; - strcpy(modname, patchlist[0].mod); + strcpy_s(modname, patchlist[0].mod); //check if all patches are in the same module for(int i = 0; i < count; i++) if(_stricmp(patchlist[i].mod, modname)) @@ -177,7 +178,7 @@ int patchfile(const PATCHINFO* patchlist, int count, const char* szFileName, cha if(!CopyFileW(szOriginalName, StringUtils::Utf8ToUtf16(szFileName).c_str(), false)) { if(error) - strcpy(error, "failed to make a copy of the original file (patch target is in use?)"); + strcpy_s(error, MAX_ERROR_SIZE, "failed to make a copy of the original file (patch target is in use?)"); return -1; } HANDLE FileHandle; @@ -199,11 +200,11 @@ int patchfile(const PATCHINFO* patchlist, int count, const char* szFileName, cha if(!StaticFileUnloadW(StringUtils::Utf8ToUtf16(szFileName).c_str(), true, FileHandle, LoadedSize, FileMap, FileMapVA)) { if(error) - strcpy(error, "StaticFileUnload failed"); + strcpy_s(error, MAX_ERROR_SIZE, "StaticFileUnload failed"); return -1; } return patched; } - strcpy(error, "StaticFileLoad failed"); + strcpy_s(error, MAX_ERROR_SIZE, "StaticFileLoad failed"); return -1; } diff --git a/x64_dbg_dbg/patternfind.cpp b/x64_dbg_dbg/patternfind.cpp new file mode 100644 index 00000000..069451bd --- /dev/null +++ b/x64_dbg_dbg/patternfind.cpp @@ -0,0 +1,169 @@ +#include "patternfind.h" +#include +#include + +using namespace std; + +struct PatternByte +{ + struct PatternNibble + { + unsigned char data; + bool wildcard; + } nibble[2]; +}; + +static string formathexpattern(string patterntext) +{ + string result; + int len = patterntext.length(); + for(int i = 0; i < len; i++) + if(patterntext[i] == '?' || isxdigit(patterntext[i])) + result += toupper(patterntext[i]); + return result; +} + +static int hexchtoint(char ch) +{ + if(ch >= '0' && ch <= '9') + return ch - '0'; + else if(ch >= 'A' && ch <= 'F') + return ch - 'A' + 10; + else if(ch >= 'a' && ch <= 'f') + return ch - 'a' + 10; + return 0; +} + +static bool patterntransform(string patterntext, vector & pattern) +{ + pattern.clear(); + patterntext = formathexpattern(patterntext); + int len = patterntext.length(); + if(!len) + return false; + + if(len % 2) //not a multiple of 2 + { + patterntext += '?'; + len++; + } + + PatternByte newByte; + for(int i = 0, j = 0; i < len; i++) + { + if(patterntext[i] == '?') //wildcard + { + newByte.nibble[j].wildcard = true; //match anything + } + else //hex + { + newByte.nibble[j].wildcard = false; + newByte.nibble[j].data = hexchtoint(patterntext[i]) & 0xF; + } + + j++; + if(j == 2) //two nibbles = one byte + { + j = 0; + pattern.push_back(newByte); + } + } + return true; +} + +static bool patternmatchbyte(unsigned char byte, const PatternByte & pbyte) +{ + int matched = 0; + + unsigned char n1 = (byte >> 4) & 0xF; + if(pbyte.nibble[0].wildcard) + matched++; + else if(pbyte.nibble[0].data == n1) + matched++; + + unsigned char n2 = byte & 0xF; + if(pbyte.nibble[1].wildcard) + matched++; + else if(pbyte.nibble[1].data == n2) + matched++; + + return (matched == 2); +} + +size_t patternfind(unsigned char* data, size_t datasize, const char* pattern, int* patternsize) +{ + vector searchpattern; + if(!patterntransform(pattern, searchpattern)) + return -1; + size_t searchpatternsize = searchpattern.size(); + if(patternsize) + *patternsize = (int)searchpatternsize; + for(size_t i = 0, pos = 0; i < datasize; i++) //search for the pattern + { + if(patternmatchbyte(data[i], searchpattern.at(pos))) //check if our pattern matches the current byte + { + pos++; + if(pos == searchpatternsize) //everything matched + return i - searchpatternsize + 1; + } + else if(pos > 0) //fix by Computer_Angel + { + i -= pos; + pos = 0; //reset current pattern position + } + } + return -1; +} + +size_t patternfind(unsigned char* data, size_t datasize, unsigned char* pattern, size_t patternsize) +{ + if(patternsize > datasize) + patternsize = datasize; + for(size_t i = 0, pos = 0; i < datasize; i++) + { + if(data[i] == pattern[pos]) + { + pos++; + if(pos == patternsize) + return i - patternsize + 1; + } + else if(pos > 0) + { + i -= pos; + pos = 0; //reset current pattern position + } + } + return -1; +} + +static void patternwritebyte(unsigned char* byte, const PatternByte & pbyte) +{ + unsigned char n1 = (*byte >> 4) & 0xF; + unsigned char n2 = *byte & 0xF; + if(!pbyte.nibble[0].wildcard) + n1 = pbyte.nibble[0].data; + if(!pbyte.nibble[1].wildcard) + n2 = pbyte.nibble[1].data; + *byte = ((n1 << 4) & 0xF0) | (n2 & 0xF); +} + +void patternwrite(unsigned char* data, size_t datasize, const char* pattern) +{ + vector writepattern; + if(!patterntransform(pattern, writepattern)) + return; + size_t writepatternsize = writepattern.size(); + if(writepatternsize > datasize) + writepatternsize = datasize; + for(size_t i = 0; i < writepatternsize; i++) + patternwritebyte(&data[i], writepattern.at(i)); +} + +bool patternsnr(unsigned char* data, size_t datasize, const char* searchpattern, const char* replacepattern) +{ + size_t found = patternfind(data, datasize, searchpattern); + if(found == -1) + return false; + patternwrite(data + found, datasize - found, replacepattern); + return true; +} diff --git a/x64_dbg_dbg/patternfind.h b/x64_dbg_dbg/patternfind.h new file mode 100644 index 00000000..ce1102a2 --- /dev/null +++ b/x64_dbg_dbg/patternfind.h @@ -0,0 +1,35 @@ +#ifndef _PATTERNFIND_H +#define _PATTERNFIND_H + +//returns: offset to data when found, -1 when not found +size_t patternfind( + unsigned char* data, //data + size_t datasize, //size of data + const char* pattern, //pattern to search + int* patternsize = 0 //outputs the number of bytes the pattern is +); + +//returns: offset to data when found, -1 when not found +size_t patternfind( + unsigned char* data, //data + size_t datasize, //size of data + unsigned char* pattern, //bytes to search + size_t patternsize //size of bytes to search +); + +//returns: nothing +void patternwrite( + unsigned char* data, //data + size_t datasize, //size of data + const char* pattern //pattern to write +); + +//returns: true on success, false on failure +bool patternsnr( + unsigned char* data, //data + size_t datasize, //size of data + const char* searchpattern, //pattern to search + const char* replacepattern //pattern to write +); + +#endif // _PATTERNFIND_H diff --git a/x64_dbg_dbg/plugin_loader.cpp b/x64_dbg_dbg/plugin_loader.cpp index c9c1ad06..30576db1 100644 --- a/x64_dbg_dbg/plugin_loader.cpp +++ b/x64_dbg_dbg/plugin_loader.cpp @@ -190,7 +190,7 @@ void pluginload(const char* pluginDir) int hNewMenu = GuiMenuAdd(GUI_PLUGIN_MENU, pluginData.initStruct.pluginName); if(hNewMenu == -1) { - dprintf("[PLUGIN] GuiMenuAdd failed for plugin: %s\n", pluginData.initStruct.pluginName); + dprintf("[PLUGIN] GuiMenuAdd(GUI_PLUGIN_MENU) failed for plugin: %s\n", pluginData.initStruct.pluginName); pluginData.hMenu = -1; } else @@ -200,7 +200,55 @@ void pluginload(const char* pluginDir) newMenu.hEntryPlugin = -1; newMenu.pluginHandle = pluginData.initStruct.pluginHandle; pluginMenuList.push_back(newMenu); - pluginData.hMenu = hNewMenu; + pluginData.hMenu = newMenu.hEntryMenu; + } + //add disasm plugin menu + hNewMenu = GuiMenuAdd(GUI_DISASM_MENU, pluginData.initStruct.pluginName); + if(hNewMenu == -1) + { + dprintf("[PLUGIN] GuiMenuAdd(GUI_DISASM_MENU) failed for plugin: %s\n", pluginData.initStruct.pluginName); + pluginData.hMenu = -1; + } + else + { + PLUG_MENU newMenu; + newMenu.hEntryMenu = hNewMenu; + newMenu.hEntryPlugin = -1; + newMenu.pluginHandle = pluginData.initStruct.pluginHandle; + pluginMenuList.push_back(newMenu); + pluginData.hMenuDisasm = newMenu.hEntryMenu; + } + //add dump plugin menu + hNewMenu = GuiMenuAdd(GUI_DUMP_MENU, pluginData.initStruct.pluginName); + if(hNewMenu == -1) + { + dprintf("[PLUGIN] GuiMenuAdd(GUI_DUMP_MENU) failed for plugin: %s\n", pluginData.initStruct.pluginName); + pluginData.hMenu = -1; + } + else + { + PLUG_MENU newMenu; + newMenu.hEntryMenu = hNewMenu; + newMenu.hEntryPlugin = -1; + newMenu.pluginHandle = pluginData.initStruct.pluginHandle; + pluginMenuList.push_back(newMenu); + pluginData.hMenuDump = newMenu.hEntryMenu; + } + //add stack plugin menu + hNewMenu = GuiMenuAdd(GUI_STACK_MENU, pluginData.initStruct.pluginName); + if(hNewMenu == -1) + { + dprintf("[PLUGIN] GuiMenuAdd(GUI_STACK_MENU) failed for plugin: %s\n", pluginData.initStruct.pluginName); + pluginData.hMenu = -1; + } + else + { + PLUG_MENU newMenu; + newMenu.hEntryMenu = hNewMenu; + newMenu.hEntryPlugin = -1; + newMenu.pluginHandle = pluginData.initStruct.pluginHandle; + pluginMenuList.push_back(newMenu); + pluginData.hMenuStack = newMenu.hEntryMenu; } pluginList.push_back(pluginData); //setup plugin @@ -208,7 +256,10 @@ void pluginload(const char* pluginDir) { PLUG_SETUPSTRUCT setupStruct; setupStruct.hwndDlg = GuiGetWindowHandle(); - setupStruct.hMenu = hNewMenu; + setupStruct.hMenu = pluginData.hMenu; + setupStruct.hMenuDisasm = pluginData.hMenuDisasm; + setupStruct.hMenuDump = pluginData.hMenuDump; + setupStruct.hMenuStack = pluginData.hMenuStack; pluginData.plugsetup(&setupStruct); } curPluginHandle++; @@ -322,7 +373,7 @@ bool plugincmdregister(int pluginHandle, const char* command, CBPLUGINCOMMAND cb return false; PLUG_COMMAND plugCmd; plugCmd.pluginHandle = pluginHandle; - strcpy(plugCmd.command, command); + strcpy_s(plugCmd.command, command); if(!dbgcmdnew(command, (CBCOMMAND)cbCommand, debugonly)) return false; pluginCommandList.push_back(plugCmd); diff --git a/x64_dbg_dbg/plugin_loader.h b/x64_dbg_dbg/plugin_loader.h index 22ca7cda..5f9421f4 100644 --- a/x64_dbg_dbg/plugin_loader.h +++ b/x64_dbg_dbg/plugin_loader.h @@ -24,6 +24,9 @@ struct PLUG_DATA PLUGSTOP plugstop; PLUGSETUP plugsetup; int hMenu; + int hMenuDisasm; + int hMenuDump; + int hMenuStack; PLUG_INITSTRUCT initStruct; }; diff --git a/x64_dbg_dbg/reference.cpp b/x64_dbg_dbg/reference.cpp index 8d283aa8..14ba194c 100644 --- a/x64_dbg_dbg/reference.cpp +++ b/x64_dbg_dbg/reference.cpp @@ -8,6 +8,7 @@ #include "debugger.h" #include "memory.h" #include "console.h" +#include "module.h" int reffind(uint addr, uint size, CBREF cbRef, void* userinfo, bool silent, const char* name) { diff --git a/x64_dbg_dbg/simplescript.cpp b/x64_dbg_dbg/simplescript.cpp index 6b700323..4cde0608 100644 --- a/x64_dbg_dbg/simplescript.cpp +++ b/x64_dbg_dbg/simplescript.cpp @@ -109,7 +109,7 @@ static bool scriptcreatelinemap(const char* filename) int add = 0; while(temp[add] == ' ') add++; - strcpy(entry.raw, temp + add); + strcpy_s(entry.raw, temp + add); *temp = 0; j = 0; i++; @@ -121,7 +121,7 @@ static bool scriptcreatelinemap(const char* filename) int add = 0; while(temp[add] == ' ') add++; - strcpy(entry.raw, temp + add); + strcpy_s(entry.raw, temp + add); *temp = 0; j = 0; linemap.push_back(entry); @@ -132,7 +132,7 @@ static bool scriptcreatelinemap(const char* filename) int add = 0; while(temp[add] == ' ') add++; - strcpy(entry.raw, temp + add); + strcpy_s(entry.raw, temp + add); *temp = 0; j = 0; linemap.push_back(entry); @@ -143,7 +143,7 @@ static bool scriptcreatelinemap(const char* filename) if(*temp) { memset(&entry, 0, sizeof(entry)); - strcpy(entry.raw, temp); + strcpy_s(entry.raw, temp); linemap.push_back(entry); } unsigned int linemapsize = (unsigned int)linemap.size(); @@ -163,7 +163,7 @@ static bool scriptcreatelinemap(const char* filename) { if(*(comment - 1) == ' ') //space before comment { - strcpy(line_comment, comment); + strcpy_s(line_comment, comment); *(comment - 1) = '\0'; } else //no space before comment @@ -181,7 +181,7 @@ static bool scriptcreatelinemap(const char* filename) else if(!strncmp(cur.raw, "//", 2)) //comment { cur.type = linecomment; - strcpy(cur.u.comment, cur.raw); + strcpy_s(cur.u.comment, cur.raw); } else if(cur.raw[rawlen - 1] == ':') //label { @@ -214,20 +214,20 @@ static bool scriptcreatelinemap(const char* filename) cur.type = linebranch; cur.u.branch.type = scriptgetbranchtype(cur.raw); char newraw[MAX_SCRIPT_LINE_SIZE] = ""; - strcpy(newraw, cur.raw); + strcpy_s(newraw, cur.raw); argformat(newraw); int len = (int)strlen(newraw); for(int i = 0; i < len; i++) if(newraw[i] == ' ') { - strcpy(cur.u.branch.branchlabel, newraw + i + 1); + strcpy_s(cur.u.branch.branchlabel, newraw + i + 1); break; } } else { cur.type = linecommand; - strcpy(cur.u.command, cur.raw); + strcpy_s(cur.u.command, cur.raw); } //append the comment to the raw line again @@ -257,8 +257,8 @@ static bool scriptcreatelinemap(const char* filename) { memset(&entry, 0, sizeof(entry)); entry.type = linecommand; - strcpy(entry.raw, "ret"); - strcpy(entry.u.command, "ret"); + strcpy_s(entry.raw, "ret"); + strcpy_s(entry.u.command, "ret"); linemap.push_back(entry); } return true; diff --git a/x64_dbg_dbg/stackinfo.cpp b/x64_dbg_dbg/stackinfo.cpp index 3d0a53d5..215bb663 100644 --- a/x64_dbg_dbg/stackinfo.cpp +++ b/x64_dbg_dbg/stackinfo.cpp @@ -12,6 +12,7 @@ #include "BeaEngine\BeaEngine.h" #include "addrinfo.h" #include "_exports.h" +#include "module.h" bool stackcommentget(uint addr, STACK_COMMENT* comment) { @@ -47,7 +48,7 @@ bool stackcommentget(uint addr, STACK_COMMENT* comment) ADDRINFO addrinfo; addrinfo.flags = flaglabel; if(_dbg_addrinfoget(data, SEG_DEFAULT, &addrinfo)) - strcpy(label, addrinfo.label); + strcpy_s(label, addrinfo.label); char module[MAX_MODULE_SIZE] = ""; modnamefromaddr(data, module, false); char returnToAddr[MAX_COMMENT_SIZE] = ""; @@ -63,7 +64,7 @@ bool stackcommentget(uint addr, STACK_COMMENT* comment) *label = 0; addrinfo.flags = flaglabel; if(_dbg_addrinfoget(data, SEG_DEFAULT, &addrinfo)) - strcpy(label, addrinfo.label); + strcpy_s(label, addrinfo.label); *module = 0; modnamefromaddr(data, module, false); char returnFromAddr[MAX_COMMENT_SIZE] = ""; @@ -76,7 +77,7 @@ bool stackcommentget(uint addr, STACK_COMMENT* comment) } else sprintf_s(comment->comment, "return to %s from ???", returnToAddr); - strcpy(comment->color, "#ff0000"); + strcpy_s(comment->color, "#ff0000"); return true; } @@ -97,7 +98,7 @@ bool stackcommentget(uint addr, STACK_COMMENT* comment) ADDRINFO addrinfo; addrinfo.flags = flaglabel; if(_dbg_addrinfoget(data, SEG_DEFAULT, &addrinfo)) - strcpy(label, addrinfo.label); + strcpy_s(label, addrinfo.label); char module[MAX_MODULE_SIZE] = ""; modnamefromaddr(data, module, false); char addrInfo[MAX_COMMENT_SIZE] = ""; @@ -157,7 +158,7 @@ void stackgetcallstack(uint csp, CALLSTACK* callstack) ADDRINFO addrinfo; addrinfo.flags = flaglabel; if(_dbg_addrinfoget(data, SEG_DEFAULT, &addrinfo)) - strcpy(label, addrinfo.label); + strcpy_s(label, addrinfo.label); char module[MAX_MODULE_SIZE] = ""; modnamefromaddr(data, module, false); char returnToAddr[MAX_COMMENT_SIZE] = ""; @@ -180,7 +181,7 @@ void stackgetcallstack(uint csp, CALLSTACK* callstack) *label = 0; addrinfo.flags = flaglabel; if(_dbg_addrinfoget(data, SEG_DEFAULT, &addrinfo)) - strcpy(label, addrinfo.label); + strcpy_s(label, addrinfo.label); *module = 0; modnamefromaddr(data, module, false); char returnFromAddr[MAX_COMMENT_SIZE] = ""; diff --git a/x64_dbg_dbg/symbolinfo.cpp b/x64_dbg_dbg/symbolinfo.cpp index 7bd55553..bdd974a2 100644 --- a/x64_dbg_dbg/symbolinfo.cpp +++ b/x64_dbg_dbg/symbolinfo.cpp @@ -8,6 +8,8 @@ #include "debugger.h" #include "addrinfo.h" #include "console.h" +#include "module.h" +#include "label.h" struct SYMBOLCBDATA { @@ -24,7 +26,7 @@ static BOOL CALLBACK EnumSymbols(PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID memset(&curSymbol, 0, sizeof(SYMBOLINFO)); curSymbol.addr = (duint)pSymInfo->Address; curSymbol.decoratedSymbol = (char*)BridgeAlloc(len + 1); - strcpy(curSymbol.decoratedSymbol, pSymInfo->Name); + strcpy_s(curSymbol.decoratedSymbol, len + 1, pSymInfo->Name); curSymbol.undecoratedSymbol = (char*)BridgeAlloc(MAX_SYM_NAME); if(strstr(pSymInfo->Name, "Ordinal")) { @@ -32,7 +34,7 @@ static BOOL CALLBACK EnumSymbols(PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID if(pSymInfo->Address == pSymInfo->ModBase) return TRUE; } - if(!UnDecorateSymbolName(pSymInfo->Name, curSymbol.undecoratedSymbol, MAX_SYM_NAME, UNDNAME_COMPLETE)) + if(!SafeUnDecorateSymbolName(pSymInfo->Name, curSymbol.undecoratedSymbol, MAX_SYM_NAME, UNDNAME_COMPLETE)) { BridgeFree(curSymbol.undecoratedSymbol); curSymbol.undecoratedSymbol = 0; @@ -53,7 +55,7 @@ void symenum(uint base, CBSYMBOLENUM cbSymbolEnum, void* user) symbolCbData.cbSymbolEnum = cbSymbolEnum; symbolCbData.user = user; char mask[] = "*"; - SymEnumSymbols(fdProcessInfo->hProcess, base, mask, EnumSymbols, &symbolCbData); + SafeSymEnumSymbols(fdProcessInfo->hProcess, base, mask, EnumSymbols, &symbolCbData); } #ifdef _WIN64 @@ -76,7 +78,7 @@ void symupdatemodulelist() { std::vector modList; modList.clear(); - SymEnumerateModules(fdProcessInfo->hProcess, EnumModules, &modList); + SafeSymEnumerateModules(fdProcessInfo->hProcess, EnumModules, &modList); int modcount = (int)modList.size(); SYMBOLMODULEINFO* modListBridge = (SYMBOLMODULEINFO*)BridgeAlloc(sizeof(SYMBOLMODULEINFO) * modcount); for(int i = 0; i < modcount; i++) @@ -90,19 +92,19 @@ void symdownloadallsymbols(const char* szSymbolStore) szSymbolStore = "http://msdl.microsoft.com/download/symbols"; std::vector modList; modList.clear(); - SymEnumerateModules(fdProcessInfo->hProcess, EnumModules, &modList); + SafeSymEnumerateModules(fdProcessInfo->hProcess, EnumModules, &modList); int modcount = (int)modList.size(); if(!modcount) return; char szOldSearchPath[MAX_PATH] = ""; - if(!SymGetSearchPath(fdProcessInfo->hProcess, szOldSearchPath, MAX_PATH)) //backup current path + if(!SafeSymGetSearchPath(fdProcessInfo->hProcess, szOldSearchPath, MAX_PATH)) //backup current path { dputs("SymGetSearchPath failed!"); return; } char szServerSearchPath[MAX_PATH * 2] = ""; sprintf_s(szServerSearchPath, "SRV*%s*%s", szSymbolCachePath, szSymbolStore); - if(!SymSetSearchPath(fdProcessInfo->hProcess, szServerSearchPath)) //update search path + if(!SafeSymSetSearchPath(fdProcessInfo->hProcess, szServerSearchPath)) //update search path { dputs("SymSetSearchPath (1) failed!"); return; @@ -117,18 +119,18 @@ void symdownloadallsymbols(const char* szSymbolStore) dprintf("GetModuleFileNameExW("fhex") failed!\n", modbase); continue; } - if(!SymUnloadModule64(fdProcessInfo->hProcess, (DWORD64)modbase)) + if(!SafeSymUnloadModule64(fdProcessInfo->hProcess, (DWORD64)modbase)) { dprintf("SymUnloadModule64("fhex") failed!\n", modbase); continue; } - if(!SymLoadModuleEx(fdProcessInfo->hProcess, 0, StringUtils::Utf16ToUtf8(szModulePath).c_str(), 0, (DWORD64)modbase, 0, 0, 0)) + if(!SafeSymLoadModuleEx(fdProcessInfo->hProcess, 0, StringUtils::Utf16ToUtf8(szModulePath).c_str(), 0, (DWORD64)modbase, 0, 0, 0)) { dprintf("SymLoadModuleEx("fhex") failed!\n", modbase); continue; } } - if(!SymSetSearchPath(fdProcessInfo->hProcess, szOldSearchPath)) //restore search path + if(!SafeSymSetSearchPath(fdProcessInfo->hProcess, szOldSearchPath)) //restore search path { dputs("SymSetSearchPath (2) failed!"); } @@ -142,7 +144,7 @@ bool symfromname(const char* name, uint* addr) PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer; pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO); pSymbol->MaxNameLen = MAX_LABEL_SIZE; - if(!SymFromName(fdProcessInfo->hProcess, name, pSymbol)) + if(!SafeSymFromName(fdProcessInfo->hProcess, name, pSymbol)) return false; *addr = (uint)pSymbol->Address; return true; @@ -163,10 +165,10 @@ const char* symgetsymbolicname(uint addr) PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer; pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO); pSymbol->MaxNameLen = MAX_LABEL_SIZE; - if(SymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) and !displacement) + if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) and !displacement) { pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0'; - if(!bUndecorateSymbolNames or !UnDecorateSymbolName(pSymbol->Name, label, MAX_SYM_NAME, UNDNAME_COMPLETE)) + if(!bUndecorateSymbolNames or !SafeUnDecorateSymbolName(pSymbol->Name, label, MAX_SYM_NAME, UNDNAME_COMPLETE)) strcpy_s(label, pSymbol->Name); retval = true; } diff --git a/x64_dbg_dbg/thread.cpp b/x64_dbg_dbg/thread.cpp index 86c11e9b..cf6fddf1 100644 --- a/x64_dbg_dbg/thread.cpp +++ b/x64_dbg_dbg/thread.cpp @@ -26,7 +26,7 @@ void threadcreate(CREATE_THREAD_DEBUG_INFO* CreateThread) curInfo.ThreadLocalBase = (uint)CreateThread->lpThreadLocalBase; *curInfo.threadName = '\0'; if(!threadNum) - strcpy(curInfo.threadName, "Main Thread"); + strcpy_s(curInfo.threadName, "Main Thread"); CriticalSectionLocker locker(LockThreads); threadList.push_back(curInfo); threadNum++; diff --git a/x64_dbg_dbg/threading.h b/x64_dbg_dbg/threading.h index 41d1ca54..ec05e13a 100644 --- a/x64_dbg_dbg/threading.h +++ b/x64_dbg_dbg/threading.h @@ -34,6 +34,7 @@ enum CriticalSectionLock LockPatches, LockThreads, LockDprintf, + LockSym, LockLast }; diff --git a/x64_dbg_dbg/value.cpp b/x64_dbg_dbg/value.cpp index fcda5dd3..c4d78a0c 100644 --- a/x64_dbg_dbg/value.cpp +++ b/x64_dbg_dbg/value.cpp @@ -12,7 +12,8 @@ #include "memory.h" #include "addrinfo.h" #include "symbolinfo.h" -#include +#include "module.h" +#include "label.h" static bool dosignedcalc = false; @@ -1529,9 +1530,9 @@ bool valfromstring(const char* string, uint* value, bool silent, bool baseonly, } } else - strcpy(newstring, string); + strcpy_s(newstring, len * 2, string); Memory string_(len + 256, "valfromstring:string_"); - strcpy(string_, newstring); + strcpy_s(string_, len + 256, newstring); int add = 0; bool negative = (*string_ == '-'); while(mathisoperator(string_[add + negative]) > 2) @@ -1583,7 +1584,7 @@ bool valfromstring(const char* string, uint* value, bool silent, bool baseonly, } } else - strcpy(newstring, string); + strcpy_s(newstring, len * 2, string); int read_size = sizeof(uint); int add = 1; if(newstring[2] == ':' and isdigit((newstring[1]))) //@n: (number of bytes to read) @@ -2154,7 +2155,7 @@ bool valtostring(const char* string, uint value, bool silent) } } else - strcpy(newstring, string); + strcpy_s(newstring, len * 2, string); int read_size = sizeof(uint); int add = 1; if(newstring[2] == ':' and isdigit((newstring[1]))) @@ -2189,8 +2190,9 @@ bool valtostring(const char* string, uint value, bool silent) return false; } bool ok = setregister(string, value); - Memory regName(strlen(string) + 1, "valtostring:regname"); - strcpy(regName, string); + int len = (int)strlen(string); + Memory regName(len + 1, "valtostring:regname"); + strcpy_s(regName, len + 1, string); _strlwr(regName); if(strstr(regName, "ip")) DebugUpdateGui(GetContextDataEx(hActiveThread, UE_CIP), false); //update disassembly + register view diff --git a/x64_dbg_dbg/x64_dbg.cpp b/x64_dbg_dbg/x64_dbg.cpp index 7b217407..6bce5c6e 100644 --- a/x64_dbg_dbg/x64_dbg.cpp +++ b/x64_dbg_dbg/x64_dbg.cpp @@ -198,6 +198,8 @@ static void registercommands() dbgcmdnew("getstr\1strget", cbInstrGetstr, false); //get a string variable dbgcmdnew("copystr\1strcpy", cbInstrCopystr, true); //write a string variable to memory dbgcmdnew("looplist", cbInstrLoopList, true); //list loops + dbgcmdnew("yara", cbInstrYara, true); //yara test command + dbgcmdnew("yaramod", cbInstrYaramod, true); } static bool cbCommandProvider(char* cmd, int maxlen) @@ -210,7 +212,7 @@ static bool cbCommandProvider(char* cmd, int maxlen) dprintf("command cut at ~%d characters\n", deflen); newcmd[deflen - 2] = 0; } - strcpy(cmd, newcmd); + strcpy_s(cmd, deflen, newcmd); efree(newcmd, "cbCommandProvider:newcmd"); //free allocated command return true; } @@ -219,7 +221,7 @@ extern "C" DLL_EXPORT bool _dbg_dbgcmdexec(const char* cmd) { int len = (int)strlen(cmd); char* newcmd = (char*)emalloc((len + 1) * sizeof(char), "_dbg_dbgcmdexec:newcmd"); - strcpy(newcmd, cmd); + strcpy_s(newcmd, len + 1, cmd); return msgsend(gMsgStack, 0, (uint)newcmd, 0); } @@ -243,9 +245,13 @@ extern "C" DLL_EXPORT const char* _dbg_dbginit() { if(!EngineCheckStructAlignment(UE_STRUCT_TITAN_ENGINE_CONTEXT, sizeof(TITAN_ENGINE_CONTEXT_t))) return "Invalid TITAN_ENGINE_CONTEXT_t alignment!"; + if(sizeof(TITAN_ENGINE_CONTEXT_t) != sizeof(REGISTERCONTEXT)) + return "Invalid REGISTERCONTEXT alignment!"; dbginit(); dbgfunctionsinit(); json_set_alloc_funcs(emalloc_json, efree_json); + if(yr_initialize() != ERROR_SUCCESS) + return "Failed to initialize Yara!"; wchar_t wszDir[deflen] = L""; if(!GetModuleFileNameW(hInst, wszDir, deflen)) return "GetModuleFileNameW failed!"; @@ -255,14 +261,14 @@ extern "C" DLL_EXPORT const char* _dbg_dbginit() while(dir[len] != '\\') len--; dir[len] = 0; - strcpy(alloctrace, dir); + strcpy_s(alloctrace, dir); PathAppendA(alloctrace, "\\alloctrace.txt"); DeleteFileW(StringUtils::Utf8ToUtf16(alloctrace).c_str()); setalloctrace(alloctrace); - strcpy(dbbasepath, dir); //debug directory + strcpy_s(dbbasepath, dir); //debug directory PathAppendA(dbbasepath, "db"); CreateDirectoryW(StringUtils::Utf8ToUtf16(dbbasepath).c_str(), 0); //create database directory - strcpy(szSymbolCachePath, dir); + strcpy_s(szSymbolCachePath, dir); PathAppendA(szSymbolCachePath, "symbols"); SetCurrentDirectoryW(StringUtils::Utf8ToUtf16(dir).c_str());; gMsgStack = msgallocstack(); @@ -272,7 +278,7 @@ extern "C" DLL_EXPORT const char* _dbg_dbginit() registercommands(); hCommandLoopThread = CreateThread(0, 0, DbgCommandLoopThread, 0, 0, 0); char plugindir[deflen] = ""; - strcpy(plugindir, dir); + strcpy_s(plugindir, dir); PathAppendA(plugindir, "plugins"); CreateDirectoryW(StringUtils::Utf8ToUtf16(plugindir).c_str(), 0); pluginload(plugindir); @@ -313,6 +319,7 @@ extern "C" DLL_EXPORT void _dbg_dbgexitsignal() cmdfree(command_list); varfree(); msgfreestack(gMsgStack); + yr_finalize(); if(memleaks()) { char msg[256] = ""; diff --git a/x64_dbg_dbg/x64_dbg_dbg.vcxproj b/x64_dbg_dbg/x64_dbg_dbg.vcxproj index 6b11c7c9..40ae0a77 100644 --- a/x64_dbg_dbg/x64_dbg_dbg.vcxproj +++ b/x64_dbg_dbg/x64_dbg_dbg.vcxproj @@ -14,21 +14,31 @@ + + + + + + + + + + @@ -53,29 +63,39 @@ + + + + + + + + + + @@ -90,6 +110,36 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -143,7 +193,7 @@ Windows true true - lz4\lz4_x86.lib;jansson\jansson_x86.lib;DeviceNameResolver\DeviceNameResolver_x86.lib;XEDParse\XEDParse_x86.lib;$(SolutionDir)bin\x32\x32_bridge.lib;dbghelp\dbghelp_x86.lib;TitanEngine\TitanEngine_x86.lib;BeaEngine\BeaEngine.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) + yara\yara_x86.lib;lz4\lz4_x86.lib;jansson\jansson_x86.lib;DeviceNameResolver\DeviceNameResolver_x86.lib;XEDParse\XEDParse_x86.lib;$(SolutionDir)bin\x32\x32_bridge.lib;dbghelp\dbghelp_x86.lib;TitanEngine\TitanEngine_x86.lib;BeaEngine\BeaEngine.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) @@ -158,7 +208,7 @@ Windows true true - lz4\lz4_x64.lib;jansson\jansson_x64.lib;DeviceNameResolver\DeviceNameResolver_x64.lib;XEDParse\XEDParse_x64.lib;$(SolutionDir)bin\x64\x64_bridge.lib;dbghelp\dbghelp_x64.lib;TitanEngine\TitanEngine_x64.lib;BeaEngine\BeaEngine_64.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) + yara\yara_x64.lib;lz4\lz4_x64.lib;jansson\jansson_x64.lib;DeviceNameResolver\DeviceNameResolver_x64.lib;XEDParse\XEDParse_x64.lib;$(SolutionDir)bin\x64\x64_bridge.lib;dbghelp\dbghelp_x64.lib;TitanEngine\TitanEngine_x64.lib;BeaEngine\BeaEngine_64.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) diff --git a/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters b/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters index 5f0ef7ad..a3697cff 100644 --- a/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters +++ b/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters @@ -67,6 +67,12 @@ {b006b04c-d7ea-49cb-b097-0cac1388f98e} + + {efe5d058-e77c-49e9-a25b-75b90346dbf2} + + + {f79c5166-e315-44ca-9e93-dabc9f00fa78} + @@ -123,15 +129,9 @@ Source Files\Utilities - - Source Files\Utilities - Source Files\Core - - Source Files\Utilities - Source Files\Utilities @@ -144,9 +144,6 @@ Source Files\Information - - Source Files\Utilities - Source Files\Debugger Core @@ -168,6 +165,45 @@ Source Files\Utilities + + Source Files\Information + + + Source Files\Information + + + Source Files\Information + + + Source Files\Information + + + Source Files\Information + + + Source Files\Information + + + Source Files\Information + + + Source Files\Information + + + Source Files\Information + + + Source Files\Information + + + Source Files\Information + + + Source Files\Utilities + + + Source Files\Utilities + @@ -281,21 +317,12 @@ Header Files\Utilities - - Header Files\Utilities - - - Header Files\Utilities - Header Files\Utilities Header Files\Utilities - - Header Files\Utilities - Header Files\Utilities @@ -317,5 +344,134 @@ Header Files\Utilities + + Header Files\Information + + + Header Files\Information + + + Header Files\Information + + + Header Files\Information + + + Header Files\Information + + + Header Files\Information + + + Header Files\Information + + + Header Files\Information + + + Header Files\Information + + + Header Files\Information + + + Header Files\Information + + + Header Files\Utilities + + + Header Files\Utilities + + + Header Files\Third Party\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + + + Header Files\Third Party\yara\yara + \ No newline at end of file diff --git a/x64_dbg_dbg/yara/yara.h b/x64_dbg_dbg/yara/yara.h new file mode 100644 index 00000000..0a176bbb --- /dev/null +++ b/x64_dbg_dbg/yara/yara.h @@ -0,0 +1,28 @@ +/* +Copyright (c) 2007-2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_YARA_H +#define YR_YARA_H + +#include "yara/utils.h" +#include "yara/filemap.h" +#include "yara/compiler.h" +#include "yara/modules.h" +#include "yara/object.h" +#include "yara/libyara.h" +#include "yara/error.h" + +#endif diff --git a/x64_dbg_dbg/yara/yara/ahocorasick.h b/x64_dbg_dbg/yara/yara/ahocorasick.h new file mode 100644 index 00000000..7d88413d --- /dev/null +++ b/x64_dbg_dbg/yara/yara/ahocorasick.h @@ -0,0 +1,50 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef _AHOCORASICK_H +#define _AHOCORASICK_H + +#include "limits.h" +#include "atoms.h" +#include "types.h" + + +int yr_ac_create_automaton( + YR_ARENA* arena, + YR_AC_AUTOMATON** automaton); + + +int yr_ac_add_string( + YR_ARENA* arena, + YR_AC_AUTOMATON* automaton, + YR_STRING* string, + YR_ATOM_LIST_ITEM* atom); + + +YR_AC_STATE* yr_ac_next_state( + YR_AC_STATE* state, + uint8_t input); + + +int yr_ac_create_failure_links( + YR_ARENA* arena, + YR_AC_AUTOMATON* automaton); + + +void yr_ac_print_automaton( + YR_AC_AUTOMATON* automaton); + +#endif diff --git a/x64_dbg_dbg/yara/yara/arena.h b/x64_dbg_dbg/yara/yara/arena.h new file mode 100644 index 00000000..acc7d6f4 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/arena.h @@ -0,0 +1,151 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_ARENA_H +#define YR_ARENA_H + +#include +#include + + +#define ARENA_FLAGS_FIXED_SIZE 1 +#define ARENA_FLAGS_COALESCED 2 +#define ARENA_FILE_VERSION 6 + +#define EOL ((size_t) -1) + + +typedef struct _YR_RELOC +{ + int32_t offset; + struct _YR_RELOC* next; + +} YR_RELOC; + + +typedef struct _YR_ARENA_PAGE +{ + + uint8_t* new_address; + uint8_t* address; + + size_t size; + size_t used; + + YR_RELOC* reloc_list_head; + YR_RELOC* reloc_list_tail; + + struct _YR_ARENA_PAGE* next; + struct _YR_ARENA_PAGE* prev; + +} YR_ARENA_PAGE; + + +typedef struct _YR_ARENA +{ + int flags; + + YR_ARENA_PAGE* page_list_head; + YR_ARENA_PAGE* current_page; + +} YR_ARENA; + + +int yr_arena_create( + size_t initial_size, + int flags, + YR_ARENA** arena); + + +void yr_arena_destroy( + YR_ARENA* arena); + + +void* yr_arena_base_address( + YR_ARENA* arena); + + +void* yr_arena_next_address( + YR_ARENA* arena, + void* address, + int offset); + + +int yr_arena_coalesce( + YR_ARENA* arena); + + +int yr_arena_reserve_memory( + YR_ARENA* arena, + size_t size); + + +int yr_arena_allocate_memory( + YR_ARENA* arena, + size_t size, + void** allocated_memory); + + +int yr_arena_allocate_struct( + YR_ARENA* arena, + size_t size, + void** allocated_memory, + ...); + + +int yr_arena_make_relocatable( + YR_ARENA* arena, + void* base, + ...); + + +int yr_arena_write_data( + YR_ARENA* arena, + void* data, + size_t size, + void** written_data); + + +int yr_arena_write_string( + YR_ARENA* arena, + const char* string, + char** written_string); + + +int yr_arena_append( + YR_ARENA* target_arena, + YR_ARENA* source_arena); + + +int yr_arena_save( + YR_ARENA* arena, + const char* filename); + + +int yr_arena_load( + const char* filename, + YR_ARENA** arena); + + +int yr_arena_duplicate( + YR_ARENA* arena, + YR_ARENA** duplicated); + + +void yr_arena_print( + YR_ARENA* arena); + +#endif diff --git a/x64_dbg_dbg/yara/yara/atoms.h b/x64_dbg_dbg/yara/yara/atoms.h new file mode 100644 index 00000000..f0625cec --- /dev/null +++ b/x64_dbg_dbg/yara/yara/atoms.h @@ -0,0 +1,89 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_ATOMS_H +#define YR_ATOMS_H + +#include "limits.h" +#include "re.h" + +#define ATOM_TREE_LEAF 1 +#define ATOM_TREE_AND 2 +#define ATOM_TREE_OR 3 + + +typedef struct _ATOM_TREE_NODE +{ + uint8_t type; + uint8_t atom_length; + uint8_t atom[MAX_ATOM_LENGTH]; + + uint8_t* forward_code; + uint8_t* backward_code; + + RE_NODE* recent_nodes[MAX_ATOM_LENGTH]; + + struct _ATOM_TREE_NODE* children_head; + struct _ATOM_TREE_NODE* children_tail; + struct _ATOM_TREE_NODE* next_sibling; + +} ATOM_TREE_NODE; + + +typedef struct _ATOM_TREE +{ + ATOM_TREE_NODE* current_leaf; + ATOM_TREE_NODE* root_node; + +} ATOM_TREE; + + +typedef struct _YR_ATOM_LIST_ITEM +{ + uint8_t atom_length; + uint8_t atom[MAX_ATOM_LENGTH]; + + uint16_t backtrack; + + uint8_t* forward_code; + uint8_t* backward_code; + + struct _YR_ATOM_LIST_ITEM* next; + +} YR_ATOM_LIST_ITEM; + + +int yr_atoms_extract_from_re( + RE* re, + int flags, + YR_ATOM_LIST_ITEM** atoms); + + +int yr_atoms_extract_from_string( + uint8_t* string, + int string_length, + int flags, + YR_ATOM_LIST_ITEM** atoms); + + +int yr_atoms_min_quality( + YR_ATOM_LIST_ITEM* atom_list); + + +void yr_atoms_list_destroy( + YR_ATOM_LIST_ITEM* list_head); + +#endif diff --git a/x64_dbg_dbg/yara/yara/compiler.h b/x64_dbg_dbg/yara/yara/compiler.h new file mode 100644 index 00000000..e7d29f09 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/compiler.h @@ -0,0 +1,196 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_COMPILER_H +#define YR_COMPILER_H + +#include +#include + +#include "ahocorasick.h" +#include "arena.h" +#include "hash.h" +#include "utils.h" + + +#define YARA_ERROR_LEVEL_ERROR 0 +#define YARA_ERROR_LEVEL_WARNING 1 + + +typedef void (*YR_COMPILER_CALLBACK_FUNC)( + int error_level, + const char* file_name, + int line_number, + const char* message, + void* user_data); + + +typedef struct _YR_COMPILER +{ + int errors; + int error_line; + int last_error; + int last_error_line; + int last_result; + + jmp_buf error_recovery; + + YR_ARENA* sz_arena; + YR_ARENA* rules_arena; + YR_ARENA* strings_arena; + YR_ARENA* code_arena; + YR_ARENA* re_code_arena; + YR_ARENA* automaton_arena; + YR_ARENA* compiled_rules_arena; + YR_ARENA* externals_arena; + YR_ARENA* namespaces_arena; + YR_ARENA* metas_arena; + + YR_AC_AUTOMATON* automaton; + YR_HASH_TABLE* rules_table; + YR_HASH_TABLE* objects_table; + YR_NAMESPACE* current_namespace; + YR_STRING* current_rule_strings; + + int current_rule_flags; + int namespaces_count; + + int8_t* loop_address[MAX_LOOP_NESTING]; + char* loop_identifier[MAX_LOOP_NESTING]; + int loop_depth; + int loop_for_of_mem_offset; + + int allow_includes; + + char* file_name_stack[MAX_INCLUDE_DEPTH]; + int file_name_stack_ptr; + + FILE* file_stack[MAX_INCLUDE_DEPTH]; + int file_stack_ptr; + + char last_error_extra_info[MAX_COMPILER_ERROR_EXTRA_INFO]; + + char lex_buf[LEX_BUF_SIZE]; + char* lex_buf_ptr; + unsigned short lex_buf_len; + + char include_base_dir[MAX_PATH]; + void* user_data; + + YR_COMPILER_CALLBACK_FUNC callback; + +} YR_COMPILER; + + +#define yr_compiler_set_error_extra_info(compiler, info) \ + strlcpy( \ + compiler->last_error_extra_info, \ + info, \ + sizeof(compiler->last_error_extra_info)); \ + + +#define yr_compiler_set_error_extra_info_fmt(compiler, fmt, ...) \ + snprintf( \ + compiler->last_error_extra_info, \ + sizeof(compiler->last_error_extra_info), \ + fmt, __VA_ARGS__); + + +int _yr_compiler_push_file( + YR_COMPILER* compiler, + FILE* fh); + + +FILE* _yr_compiler_pop_file( + YR_COMPILER* compiler); + + +int _yr_compiler_push_file_name( + YR_COMPILER* compiler, + const char* file_name); + + +void _yr_compiler_pop_file_name( + YR_COMPILER* compiler); + + +YR_API int yr_compiler_create( + YR_COMPILER** compiler); + + +YR_API void yr_compiler_destroy( + YR_COMPILER* compiler); + + +YR_API void yr_compiler_set_callback( + YR_COMPILER* compiler, + YR_COMPILER_CALLBACK_FUNC callback, + void* user_data); + + +YR_API int yr_compiler_add_file( + YR_COMPILER* compiler, + FILE* rules_file, + const char* namespace_, + const char* file_name); + + +YR_API int yr_compiler_add_string( + YR_COMPILER* compiler, + const char* rules_string, + const char* namespace_); + + +YR_API char* yr_compiler_get_error_message( + YR_COMPILER* compiler, + char* buffer, + int buffer_size); + + +YR_API char* yr_compiler_get_current_file_name( + YR_COMPILER* context); + + +YR_API int yr_compiler_define_integer_variable( + YR_COMPILER* compiler, + const char* identifier, + int64_t value); + + +YR_API int yr_compiler_define_boolean_variable( + YR_COMPILER* compiler, + const char* identifier, + int value); + + +YR_API int yr_compiler_define_float_variable( + YR_COMPILER* compiler, + const char* identifier, + double value); + + +YR_API int yr_compiler_define_string_variable( + YR_COMPILER* compiler, + const char* identifier, + const char* value); + + +YR_API int yr_compiler_get_rules( + YR_COMPILER* compiler, + YR_RULES** rules); + + +#endif diff --git a/x64_dbg_dbg/yara/yara/elf.h b/x64_dbg_dbg/yara/yara/elf.h new file mode 100644 index 00000000..5f6515ea --- /dev/null +++ b/x64_dbg_dbg/yara/yara/elf.h @@ -0,0 +1,202 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef _ELF_H +#define _ELF_H + +#include + + +// 32-bit ELF base types + +typedef uint32_t elf32_addr_t; +typedef uint16_t elf32_half_t; +typedef uint32_t elf32_off_t; +typedef uint32_t elf32_word_t; + +// 64-bit ELF base types + +typedef uint64_t elf64_addr_t; +typedef uint16_t elf64_half_t; +typedef uint64_t elf64_off_t; +typedef uint32_t elf64_word_t; +typedef uint64_t elf64_xword_t; + +#define ELF_MAGIC 0x464C457F + +#define ELF_ET_NONE 0x0000 // no type +#define ELF_ET_REL 0x0001 // relocatable +#define ELF_ET_EXEC 0x0002 // executeable +#define ELF_ET_DYN 0x0003 // Shared-Object-File +#define ELF_ET_CORE 0x0004 // Corefile +#define ELF_ET_LOPROC 0xFF00 // Processor-specific +#define ELF_ET_HIPROC 0x00FF // Processor-specific + +#define ELF_EM_NONE 0x0000 // no type +#define ELF_EM_M32 0x0001 // AT&T WE 32100 +#define ELF_EM_SPARC 0x0002 // SPARC +#define ELF_EM_386 0x0003 // Intel 80386 +#define ELF_EM_68K 0x0004 // Motorola 68000 +#define ELF_EM_88K 0x0005 // Motorola 88000 +#define ELF_EM_860 0x0007 // Intel 80860 +#define ELF_EM_MIPS 0x0008 // MIPS RS3000 +#define ELF_EM_ARM 0x0032 // ARM +#define ELF_EM_X86_64 0x003E // AMD/Intel x86_64 + +#define ELF_CLASS_NONE 0x0000 +#define ELF_CLASS_32 0x0001 // 32bit file +#define ELF_CLASS_64 0x0002 // 64bit file + +#define ELF_DATA_NONE 0x0000 +#define ELF_DATA_2LSB 0x0001 +#define ELF_DATA_2MSB 0x002 + + +#define ELF_SHT_NULL 0 // Section header table entry unused +#define ELF_SHT_PROGBITS 1 // Program data +#define ELF_SHT_SYMTAB 2 // Symbol table +#define ELF_SHT_STRTAB 3 // String table +#define ELF_SHT_RELA 4 // Relocation entries with addends +#define ELF_SHT_HASH 5 // Symbol hash table +#define ELF_SHT_DYNAMIC 6 // Dynamic linking information +#define ELF_SHT_NOTE 7 // Notes +#define ELF_SHT_NOBITS 8 // Program space with no data (bss) +#define ELF_SHT_REL 9 // Relocation entries, no addends +#define ELF_SHT_SHLIB 10 // Reserved +#define ELF_SHT_DYNSYM 11 // Dynamic linker symbol table +#define ELF_SHT_NUM 12 // Number of defined types + +#define ELF_SHF_WRITE 0x1 // Section is writable +#define ELF_SHF_ALLOC 0x2 // Section is present during execution +#define ELF_SHF_EXECINSTR 0x4 // Section contains executable instructions + +#pragma pack(push,1) + +typedef struct +{ + uint32_t magic; + uint8_t _class; + uint8_t data; + uint8_t version; + uint8_t pad[8]; + uint8_t nident; + +} elf_ident_t; + + +typedef struct +{ + elf_ident_t ident; + elf32_half_t type; + elf32_half_t machine; + elf32_word_t version; + elf32_addr_t entry; + elf32_off_t ph_offset; + elf32_off_t sh_offset; + elf32_word_t flags; + elf32_half_t header_size; + elf32_half_t ph_entry_size; + elf32_half_t ph_entry_count; + elf32_half_t sh_entry_size; + elf32_half_t sh_entry_count; + elf32_half_t sh_str_table_index; + +} elf32_header_t; + + +typedef struct +{ + elf_ident_t ident; + elf64_half_t type; + elf64_half_t machine; + elf64_word_t version; + elf64_addr_t entry; + elf64_off_t ph_offset; + elf64_off_t sh_offset; + elf64_word_t flags; + elf64_half_t header_size; + elf64_half_t ph_entry_size; + elf64_half_t ph_entry_count; + elf64_half_t sh_entry_size; + elf64_half_t sh_entry_count; + elf64_half_t sh_str_table_index; + +} elf64_header_t; + + +typedef struct +{ + elf32_word_t type; + elf32_off_t offset; + elf32_addr_t virt_addr; + elf32_addr_t phys_addr; + elf32_word_t file_size; + elf32_word_t mem_size; + elf32_word_t flags; + elf32_word_t alignment; + +} elf32_program_header_t; + + +typedef struct +{ + elf64_word_t type; + elf64_word_t flags; + elf64_off_t offset; + elf64_addr_t virt_addr; + elf64_addr_t phys_addr; + elf64_xword_t file_size; + elf64_xword_t mem_size; + elf64_xword_t alignment; + +} elf64_program_header_t; + + +typedef struct +{ + elf32_word_t name; + elf32_word_t type; + elf32_word_t flags; + elf32_addr_t addr; + elf32_off_t offset; + elf32_word_t size; + elf32_word_t link; + elf32_word_t info; + elf32_word_t align; + elf32_word_t entry_size; + +} elf32_section_header_t; + + +typedef struct +{ + elf64_word_t name; + elf64_word_t type; + elf64_xword_t flags; + elf64_addr_t addr; + elf64_off_t offset; + elf64_xword_t size; + elf64_word_t link; + elf64_word_t info; + elf64_xword_t align; + elf64_xword_t entry_size; + +} elf64_section_header_t; + + +#pragma pack(pop) + +#endif diff --git a/x64_dbg_dbg/yara/yara/error.h b/x64_dbg_dbg/yara/yara/error.h new file mode 100644 index 00000000..1e2b6f70 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/error.h @@ -0,0 +1,100 @@ +/* +Copyright (c) 2014. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_ERROR_H +#define YR_ERROR_H + +#include + +#ifndef ERROR_SUCCESS +#define ERROR_SUCCESS 0 +#endif + +#define ERROR_INSUFICIENT_MEMORY 1 +#define ERROR_COULD_NOT_ATTACH_TO_PROCESS 2 +#define ERROR_COULD_NOT_OPEN_FILE 3 +#define ERROR_COULD_NOT_MAP_FILE 4 +#define ERROR_INVALID_FILE 6 +#define ERROR_CORRUPT_FILE 7 +#define ERROR_UNSUPPORTED_FILE_VERSION 8 +#define ERROR_INVALID_REGULAR_EXPRESSION 9 +#define ERROR_INVALID_HEX_STRING 10 +#define ERROR_SYNTAX_ERROR 11 +#define ERROR_LOOP_NESTING_LIMIT_EXCEEDED 12 +#define ERROR_DUPLICATED_LOOP_IDENTIFIER 13 +#define ERROR_DUPLICATED_IDENTIFIER 14 +#define ERROR_DUPLICATED_TAG_IDENTIFIER 15 +#define ERROR_DUPLICATED_META_IDENTIFIER 16 +#define ERROR_DUPLICATED_STRING_IDENTIFIER 17 +#define ERROR_UNREFERENCED_STRING 18 +#define ERROR_UNDEFINED_STRING 19 +#define ERROR_UNDEFINED_IDENTIFIER 20 +#define ERROR_MISPLACED_ANONYMOUS_STRING 21 +#define ERROR_INCLUDES_CIRCULAR_REFERENCE 22 +#define ERROR_INCLUDE_DEPTH_EXCEEDED 23 +#define ERROR_WRONG_TYPE 24 +#define ERROR_EXEC_STACK_OVERFLOW 25 +#define ERROR_SCAN_TIMEOUT 26 +#define ERROR_TOO_MANY_SCAN_THREADS 27 +#define ERROR_CALLBACK_ERROR 28 +#define ERROR_INVALID_ARGUMENT 29 +#define ERROR_TOO_MANY_MATCHES 30 +#define ERROR_INTERNAL_FATAL_ERROR 31 +#define ERROR_NESTED_FOR_OF_LOOP 32 +#define ERROR_INVALID_FIELD_NAME 33 +#define ERROR_UNKNOWN_MODULE 34 +#define ERROR_NOT_A_STRUCTURE 35 +#define ERROR_NOT_INDEXABLE 36 +#define ERROR_NOT_A_FUNCTION 37 +#define ERROR_INVALID_FORMAT 38 +#define ERROR_TOO_MANY_ARGUMENTS 39 +#define ERROR_WRONG_ARGUMENTS 40 +#define ERROR_WRONG_RETURN_TYPE 41 +#define ERROR_DUPLICATED_STRUCTURE_MEMBER 42 + + +#define FAIL_ON_ERROR(x) { \ + int result = (x); \ + if (result != ERROR_SUCCESS) \ + return result; \ +} + +#define FAIL_ON_ERROR_WITH_CLEANUP(x, cleanup) { \ + int result = (x); \ + if (result != ERROR_SUCCESS) { \ + cleanup; \ + return result; \ + } \ +} + +#define FAIL_ON_COMPILER_ERROR(x) { \ + compiler->last_result = (x); \ + if (compiler->last_result != ERROR_SUCCESS) \ + return compiler->last_result; \ +} + + +#ifdef NDEBUG +#define assertf(expr, msg) ((void)0) +#else +#define assertf(expr, msg, ...) \ + if(!(expr)) { \ + fprintf(stderr, "%s:%d: " msg "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ + abort(); \ + } +#endif + +#endif diff --git a/x64_dbg_dbg/yara/yara/exec.h b/x64_dbg_dbg/yara/yara/exec.h new file mode 100644 index 00000000..eaf8e02b --- /dev/null +++ b/x64_dbg_dbg/yara/yara/exec.h @@ -0,0 +1,156 @@ +/* +Copyright (c) 2013-2014. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_EXEC_H +#define YR_EXEC_H + +#include "hash.h" +#include "scan.h" +#include "types.h" +#include "rules.h" + + +#define UNDEFINED 0xFFFABADAFABADAFFLL +#define IS_UNDEFINED(x) ((size_t)(x) == (size_t) UNDEFINED) + +#define OP_ERROR 0 +#define OP_HALT 255 + +#define OP_AND 1 +#define OP_OR 2 +#define OP_NOT 3 +#define OP_BITWISE_NOT 4 +#define OP_BITWISE_AND 5 +#define OP_BITWISE_OR 6 +#define OP_BITWISE_XOR 7 +#define OP_SHL 8 +#define OP_SHR 9 +#define OP_MOD 10 +#define OP_INT_TO_DBL 11 +#define OP_STR_TO_BOOL 12 +#define OP_PUSH 13 +#define OP_POP 14 +#define OP_CALL 15 +#define OP_OBJ_LOAD 16 +#define OP_OBJ_VALUE 17 +#define OP_OBJ_FIELD 18 +#define OP_INDEX_ARRAY 19 +#define OP_COUNT 20 +#define OP_FOUND 21 +#define OP_FOUND_AT 22 +#define OP_FOUND_IN 23 +#define OP_OFFSET 24 +#define OP_OF 25 +#define OP_PUSH_RULE 26 +#define OP_MATCH_RULE 27 +#define OP_INCR_M 28 +#define OP_CLEAR_M 29 +#define OP_ADD_M 30 +#define OP_POP_M 31 +#define OP_PUSH_M 32 +#define OP_SWAPUNDEF 33 +#define OP_JNUNDEF 34 +#define OP_JLE 35 +#define OP_FILESIZE 36 +#define OP_ENTRYPOINT 37 +#define OP_CONTAINS 38 +#define OP_MATCHES 39 +#define OP_IMPORT 40 +#define OP_LOOKUP_DICT 41 + +#define _OP_EQ 0 +#define _OP_NEQ 1 +#define _OP_LT 2 +#define _OP_GT 3 +#define _OP_LE 4 +#define _OP_GE 5 +#define _OP_ADD 6 +#define _OP_SUB 7 +#define _OP_MUL 8 +#define _OP_DIV 9 +#define _OP_MINUS 10 + +#define OP_INT_BEGIN 100 +#define OP_INT_EQ (OP_INT_BEGIN + _OP_EQ) +#define OP_INT_NEQ (OP_INT_BEGIN + _OP_NEQ) +#define OP_INT_LT (OP_INT_BEGIN + _OP_LT) +#define OP_INT_GT (OP_INT_BEGIN + _OP_GT) +#define OP_INT_LE (OP_INT_BEGIN + _OP_LE) +#define OP_INT_GE (OP_INT_BEGIN + _OP_GE) +#define OP_INT_ADD (OP_INT_BEGIN + _OP_ADD) +#define OP_INT_SUB (OP_INT_BEGIN + _OP_SUB) +#define OP_INT_MUL (OP_INT_BEGIN + _OP_MUL) +#define OP_INT_DIV (OP_INT_BEGIN + _OP_DIV) +#define OP_INT_MINUS (OP_INT_BEGIN + _OP_MINUS) +#define OP_INT_END OP_INT_MINUS + +#define OP_DBL_BEGIN 120 +#define OP_DBL_EQ (OP_DBL_BEGIN + _OP_EQ) +#define OP_DBL_NEQ (OP_DBL_BEGIN + _OP_NEQ) +#define OP_DBL_LT (OP_DBL_BEGIN + _OP_LT) +#define OP_DBL_GT (OP_DBL_BEGIN + _OP_GT) +#define OP_DBL_LE (OP_DBL_BEGIN + _OP_LE) +#define OP_DBL_GE (OP_DBL_BEGIN + _OP_GE) +#define OP_DBL_ADD (OP_DBL_BEGIN + _OP_ADD) +#define OP_DBL_SUB (OP_DBL_BEGIN + _OP_SUB) +#define OP_DBL_MUL (OP_DBL_BEGIN + _OP_MUL) +#define OP_DBL_DIV (OP_DBL_BEGIN + _OP_DIV) +#define OP_DBL_MINUS (OP_DBL_BEGIN + _OP_MINUS) +#define OP_DBL_END OP_DBL_MINUS + +#define OP_STR_BEGIN 140 +#define OP_STR_EQ (OP_STR_BEGIN + _OP_EQ) +#define OP_STR_NEQ (OP_STR_BEGIN + _OP_NEQ) +#define OP_STR_LT (OP_STR_BEGIN + _OP_LT) +#define OP_STR_GT (OP_STR_BEGIN + _OP_GT) +#define OP_STR_LE (OP_STR_BEGIN + _OP_LE) +#define OP_STR_GE (OP_STR_BEGIN + _OP_GE) +#define OP_STR_END OP_STR_GE + +#define IS_INT_OP(x) ((x) >= OP_INT_BEGIN && (x) <= OP_INT_END) +#define IS_DBL_OP(x) ((x) >= OP_DBL_BEGIN && (x) <= OP_DBL_END) +#define IS_STR_OP(x) ((x) >= OP_STR_BEGIN && (x) <= OP_STR_END) + +#define OP_READ_INT 240 +#define OP_INT8 (OP_READ_INT + 0) +#define OP_INT16 (OP_READ_INT + 1) +#define OP_INT32 (OP_READ_INT + 2) +#define OP_UINT8 (OP_READ_INT + 3) +#define OP_UINT16 (OP_READ_INT + 4) +#define OP_UINT32 (OP_READ_INT + 5) +#define OP_INT8BE (OP_READ_INT + 6) +#define OP_INT16BE (OP_READ_INT + 7) +#define OP_INT32BE (OP_READ_INT + 8) +#define OP_UINT8BE (OP_READ_INT + 9) +#define OP_UINT16BE (OP_READ_INT + 10) +#define OP_UINT32BE (OP_READ_INT + 11) + + +#define OPERATION(operator, op1, op2) \ + (IS_UNDEFINED(op1) || IS_UNDEFINED(op2)) ? (UNDEFINED) : (op1 operator op2) + + +#define COMPARISON(operator, op1, op2) \ + (IS_UNDEFINED(op1) || IS_UNDEFINED(op2)) ? (0) : (op1 operator op2) + + +int yr_execute_code( + YR_RULES* rules, + YR_SCAN_CONTEXT* context, + int timeout, + time_t start_time); + +#endif diff --git a/x64_dbg_dbg/yara/yara/exefiles.h b/x64_dbg_dbg/yara/yara/exefiles.h new file mode 100644 index 00000000..c52cd932 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/exefiles.h @@ -0,0 +1,30 @@ +/* +Copyright (c) 2007. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_EXEFILES_H +#define YR_EXEFILES_H + +uint64_t yr_get_entry_point_offset( + uint8_t* buffer, + size_t buffer_length); + + +uint64_t yr_get_entry_point_address( + uint8_t* buffer, + size_t buffer_length, + size_t base_address); + +#endif diff --git a/x64_dbg_dbg/yara/yara/filemap.h b/x64_dbg_dbg/yara/yara/filemap.h new file mode 100644 index 00000000..7ea4318b --- /dev/null +++ b/x64_dbg_dbg/yara/yara/filemap.h @@ -0,0 +1,62 @@ +/* +Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_FILEMAP_H +#define YR_FILEMAP_H + +#ifdef _WIN32 +#include +#define FILE_DESCRIPTOR HANDLE +#define off_t int64_t +#else +#include +#define FILE_DESCRIPTOR int +#endif + +#include +#include + +#include "utils.h" + + +typedef struct _YR_MAPPED_FILE +{ + FILE_DESCRIPTOR file; + size_t size; + uint8_t* data; +#ifdef _WIN32 + HANDLE mapping; +#endif + +} YR_MAPPED_FILE; + + +YR_API int yr_filemap_map( + const char* file_path, + YR_MAPPED_FILE* pmapped_file); + + +YR_API int yr_filemap_map_ex( + const char* file_path, + off_t offset, + size_t size, + YR_MAPPED_FILE* pmapped_file); + + +YR_API void yr_filemap_unmap( + YR_MAPPED_FILE* pmapped_file); + +#endif diff --git a/x64_dbg_dbg/yara/yara/globals.h b/x64_dbg_dbg/yara/yara/globals.h new file mode 100644 index 00000000..dfeb683d --- /dev/null +++ b/x64_dbg_dbg/yara/yara/globals.h @@ -0,0 +1,23 @@ +/* +Copyright (c) 2014. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_GLOBALS_H +#define YR_GLOBALS_H + +extern char lowercase[256]; +extern char altercase[256]; + +#endif diff --git a/x64_dbg_dbg/yara/yara/hash.h b/x64_dbg_dbg/yara/yara/hash.h new file mode 100644 index 00000000..957afa09 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/hash.h @@ -0,0 +1,66 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_HASH_H +#define YR_HASH_H + + +typedef struct _YR_HASH_TABLE_ENTRY +{ + char* key; + char* ns; + void* value; + + struct _YR_HASH_TABLE_ENTRY* next; + +} YR_HASH_TABLE_ENTRY; + + +typedef struct _YR_HASH_TABLE +{ + int size; + + YR_HASH_TABLE_ENTRY* buckets[1]; + +} YR_HASH_TABLE; + + +typedef int (*YR_HASH_TABLE_FREE_VALUE_FUNC)(void* value); + + +int yr_hash_table_create( + int size, + YR_HASH_TABLE** table); + + +void yr_hash_table_destroy( + YR_HASH_TABLE* table, + YR_HASH_TABLE_FREE_VALUE_FUNC free_value); + + +void* yr_hash_table_lookup( + YR_HASH_TABLE* table, + const char* key, + const char* ns); + + +int yr_hash_table_add( + YR_HASH_TABLE* table, + const char* key, + const char* ns, + void* value); + +#endif diff --git a/x64_dbg_dbg/yara/yara/hex_lexer.h b/x64_dbg_dbg/yara/yara/hex_lexer.h new file mode 100644 index 00000000..27f1e332 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/hex_lexer.h @@ -0,0 +1,98 @@ +/* +Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com]. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include "re.h" + +#undef yyparse +#undef yylex +#undef yyerror +#undef yyfatal +#undef yychar +#undef yydebug +#undef yynerrs +#undef yyget_extra +#undef yyget_lineno + +#undef YY_FATAL_ERROR +#undef YY_DECL +#undef LEX_ENV + +#define yyparse hex_yyparse +#define yylex hex_yylex +#define yyerror hex_yyerror +#define yyfatal hex_yyfatal +#define yychar hex_yychar +#define yydebug hex_yydebug +#define yynerrs hex_yynerrs +#define yyget_extra hex_yyget_extra +#define yyget_lineno hex_yyget_lineno + + +#ifndef YY_TYPEDEF_YY_SCANNER_T +#define YY_TYPEDEF_YY_SCANNER_T +typedef void* yyscan_t; +#endif + +#define YY_EXTRA_TYPE RE* +#define YY_USE_CONST + + +typedef struct _HEX_LEX_ENVIRONMENT +{ + int token_count; + int inside_or; + int last_error_code; + char last_error_message[256]; + +} HEX_LEX_ENVIRONMENT; + + +#define YY_FATAL_ERROR(msg) hex_yyfatal(yyscanner, msg) + +#define LEX_ENV ((HEX_LEX_ENVIRONMENT*) lex_env) + +#include + +#define YY_DECL int hex_yylex \ + (YYSTYPE * yylval_param , yyscan_t yyscanner, HEX_LEX_ENVIRONMENT* lex_env) + + +YY_EXTRA_TYPE yyget_extra( + yyscan_t yyscanner); + +int yylex( + YYSTYPE* yylval_param, + yyscan_t yyscanner, + HEX_LEX_ENVIRONMENT* lex_env); + +int yyparse( + void* yyscanner, + HEX_LEX_ENVIRONMENT* lex_env); + +void yyerror( + yyscan_t yyscanner, + HEX_LEX_ENVIRONMENT* lex_env, + const char* error_message); + +void yyfatal( + yyscan_t yyscanner, + const char* error_message); + +int yr_parse_hex_string( + const char* hex_string, + int flags, + RE** re, + RE_ERROR* error); diff --git a/x64_dbg_dbg/yara/yara/lexer.h b/x64_dbg_dbg/yara/yara/lexer.h new file mode 100644 index 00000000..9e440327 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/lexer.h @@ -0,0 +1,131 @@ +/* +Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com]. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include "compiler.h" + + +#undef yyparse +#undef yylex +#undef yyerror +#undef yyfatal +#undef yychar +#undef yydebug +#undef yynerrs +#undef yyget_extra +#undef yyget_lineno + +#undef YY_DECL +#undef YY_FATAL_ERROR +#undef YY_EXTRA_TYPE + +#define yyparse yara_yyparse +#define yylex yara_yylex +#define yyerror yara_yyerror +#define yyfatal yara_yyfatal +#define yywarning yara_yywarning +#define yychar yara_yychar +#define yydebug yara_yydebug +#define yynerrs yara_yynerrs +#define yyget_extra yara_yyget_extra +#define yyget_lineno yara_yyget_lineno + + +#ifndef YY_TYPEDEF_YY_SCANNER_T +#define YY_TYPEDEF_YY_SCANNER_T +typedef void* yyscan_t; +#endif + +#ifndef YY_TYPEDEF_EXPRESSION_T +#define YY_TYPEDEF_EXPRESSION_T + + +// Expression type constants are powers of two because they are used as flags. +// For example: +// CHECK_TYPE(whatever, EXPRESSION_TYPE_INTEGER | EXPRESSION_TYPE_FLOAT) +// The expression above is used to ensure that the type of "whatever" is either +// integer or float. + +#define EXPRESSION_TYPE_BOOLEAN 1 +#define EXPRESSION_TYPE_INTEGER 2 +#define EXPRESSION_TYPE_STRING 4 +#define EXPRESSION_TYPE_REGEXP 8 +#define EXPRESSION_TYPE_OBJECT 16 +#define EXPRESSION_TYPE_FLOAT 32 + +typedef struct _EXPRESSION +{ + int type; + + union + { + int64_t integer; + YR_OBJECT* object; + } value; + + const char* identifier; + +} EXPRESSION; + +union YYSTYPE; + +#endif + + +#define YY_DECL int yylex( \ + union YYSTYPE* yylval_param, yyscan_t yyscanner, YR_COMPILER* compiler) + + +#define YY_FATAL_ERROR(msg) yara_yyfatal(yyscanner, msg) + + +#define YY_EXTRA_TYPE YR_COMPILER* +#define YY_USE_CONST + + +int yyget_lineno(yyscan_t yyscanner); + +int yylex( + union YYSTYPE* yylval_param, + yyscan_t yyscanner, + YR_COMPILER* compiler); + +int yyparse( + void* yyscanner, + YR_COMPILER* compiler); + +void yyerror( + yyscan_t yyscanner, + YR_COMPILER* compiler, + const char* error_message); + +void yywarning( + yyscan_t yyscanner, + const char* warning_message); + +void yyfatal( + yyscan_t yyscanner, + const char* error_message); + +YY_EXTRA_TYPE yyget_extra( + yyscan_t yyscanner); + +int yr_lex_parse_rules_string( + const char* rules_string, + YR_COMPILER* compiler); + +int yr_lex_parse_rules_file( + FILE* rules_file, + YR_COMPILER* compiler); diff --git a/x64_dbg_dbg/yara/yara/libyara.h b/x64_dbg_dbg/yara/yara/libyara.h new file mode 100644 index 00000000..23a42906 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/libyara.h @@ -0,0 +1,49 @@ +/* +Copyright (c) 2014. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_LIBYARA_H +#define YR_LIBYARA_H + +#include "utils.h" + +#define YR_MAJOR_VERSION 3 +#define YR_MINOR_VERSION 3 +#define YR_MICRO_VERSION 0 + +// Version as a string +#define YR_VERSION "3.3.0" + +// Version as a single 4-byte hex number, e.g. 0x030401 == 3.4.1. +#define YR_VERSION_HEX ((YR_MAJOR_VERSION << 16) | \ + (YR_MINOR_VERSION << 8) | \ + (YR_MICRO_VERSION << 0) + + +YR_API int yr_initialize(void); + + +YR_API int yr_finalize(void); + + +YR_API void yr_finalize_thread(void); + + +YR_API int yr_get_tidx(void); + + +YR_API void yr_set_tidx(int); + +#endif diff --git a/x64_dbg_dbg/yara/yara/limits.h b/x64_dbg_dbg/yara/yara/limits.h new file mode 100644 index 00000000..62ba7d74 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/limits.h @@ -0,0 +1,48 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_LIMITS_H +#define YR_LIMITS_H + + +// MAX_THREADS is the number of threads that can use a YR_RULES +// object simultaneosly. This value is limited by the number of +// bits in tidx_mask. + +#define MAX_THREADS 32 + + +#ifndef MAX_PATH +#define MAX_PATH 1024 +#endif + +#define MAX_COMPILER_ERROR_EXTRA_INFO 256 +#define MAX_ATOM_LENGTH 4 +#define MAX_LOOP_NESTING 4 +#define MAX_ARENA_PAGES 32 +#define MAX_INCLUDE_DEPTH 16 +#define MAX_STRING_MATCHES 1000000 +#define MAX_FUNCTION_ARGS 128 +#define MAX_FAST_HEX_RE_STACK 300 +#define MAX_OVERLOADED_FUNCTIONS 10 +#define MAX_HEX_STRING_TOKENS 10000 + +#define LOOP_LOCAL_VARS 4 +#define STRING_CHAINING_THRESHOLD 200 +#define LEX_BUF_SIZE 1024 + + +#endif diff --git a/x64_dbg_dbg/yara/yara/mem.h b/x64_dbg_dbg/yara/yara/mem.h new file mode 100644 index 00000000..bbbc6075 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/mem.h @@ -0,0 +1,63 @@ +/* +Copyright (c) 2007. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_MEM_H +#define YR_MEM_H + +#include + +#include "config.h" + +#ifdef DMALLOC + +#define yr_malloc malloc +#define yr_calloc calloc +#define yr_realloc realloc +#define yr_free free +#define yr_strdup strdup +#define yr_strndup strndup + +#include + +#else + +void* yr_calloc( + size_t count, + size_t size); + +void* yr_malloc( + size_t size); + +void* yr_realloc( + void* ptr, + size_t size); + +void yr_free( + void* ptr); + +char* yr_strdup( + const char* str); + +char* yr_strndup( + const char* str, size_t n); + +#endif + +int yr_heap_alloc(); + +int yr_heap_free(); + +#endif diff --git a/x64_dbg_dbg/yara/yara/modules.h b/x64_dbg_dbg/yara/yara/modules.h new file mode 100644 index 00000000..8ecc89a8 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/modules.h @@ -0,0 +1,439 @@ +/* +Copyright (c) 2014. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_MODULES_H +#define YR_MODULES_H + +#include +#include +#include +#include + +#include "utils.h" +#include "limits.h" +#include "error.h" +#include "exec.h" +#include "types.h" +#include "object.h" +#include "libyara.h" + +// Concatenation that macro-expands its arguments. + +#define CONCAT(arg1, arg2) _CONCAT(arg1, arg2) // expands the arguments. +#define _CONCAT(arg1, arg2) arg1 ## arg2 // do the actual concatenation. + + +#define module_declarations CONCAT(MODULE_NAME, __declarations) +#define module_load CONCAT(MODULE_NAME, __load) +#define module_unload CONCAT(MODULE_NAME, __unload) +#define module_initialize CONCAT(MODULE_NAME, __initialize) +#define module_finalize CONCAT(MODULE_NAME, __finalize) + +#define begin_declarations \ + int module_declarations(YR_OBJECT* module) { \ + YR_OBJECT* stack[64]; \ + int stack_top = 0; \ + stack[stack_top] = module; + + +#define end_declarations \ + return ERROR_SUCCESS; } + + +#define begin_struct(name) { \ + YR_OBJECT* structure; \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_STRUCTURE, \ + name, \ + stack[stack_top], \ + &structure)); \ + assertf( \ + stack_top < sizeof(stack)/sizeof(stack[0]) - 1, \ + "too many nested structures"); \ + stack[++stack_top] = structure; \ + } + + +#define begin_struct_array(name) { \ + YR_OBJECT* structure; \ + YR_OBJECT* array; \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_ARRAY, \ + name, \ + stack[stack_top], \ + &array)); \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_STRUCTURE, \ + name, \ + array, \ + &structure)); \ + assertf( \ + stack_top < sizeof(stack)/sizeof(stack[0]) - 1, \ + "too many nested structures"); \ + stack[++stack_top] = structure; \ + } + + +#define begin_struct_dictionary(name) { \ + YR_OBJECT* structure; \ + YR_OBJECT* array; \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_DICTIONARY, \ + name, \ + stack[stack_top], \ + &array)); \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_STRUCTURE, \ + name, \ + array, \ + &structure)); \ + assertf( \ + stack_top < sizeof(stack)/sizeof(stack[0]) - 1, \ + "too many nested structures"); \ + stack[++stack_top] = structure; \ + } + + +#define end_struct(name) { \ + assert(stack[stack_top]->type == OBJECT_TYPE_STRUCTURE); \ + assertf( \ + strcmp(stack[stack_top]->identifier, name) == 0, \ + "unbalanced begin_struct/end_struct"); \ + stack_top--; \ + } + + +#define end_struct_array(name) end_struct(name) + + +#define end_struct_dictionary(name) end_struct(name) + + +#define declare_integer(name) { \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_INTEGER, \ + name, \ + stack[stack_top], \ + NULL)); \ + } + + +#define declare_integer_array(name) { \ + YR_OBJECT* array; \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_ARRAY, \ + name, \ + stack[stack_top], \ + &array)); \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_INTEGER, \ + name, \ + array, \ + NULL)); \ + } + + +#define declare_integer_dictionary(name) { \ + YR_OBJECT* dict; \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_DICTIONARY, \ + name, \ + stack[stack_top], \ + &dict)); \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_INTEGER, \ + name, \ + dict, \ + NULL)); \ + } + + +#define declare_float(name) { \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_FLOAT, \ + name, \ + stack[stack_top], \ + NULL)); \ + } + + +#define declare_float_array(name) { \ + YR_OBJECT* array; \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_ARRAY, \ + name, \ + stack[stack_top], \ + &array)); \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_FLOAT, \ + name, \ + array, \ + NULL)); \ + } + + +#define declare_float_dictionary(name) { \ + YR_OBJECT* dict; \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_DICTIONARY, \ + name, \ + stack[stack_top], \ + &dict)); \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_FLOAT, \ + name, \ + dict, \ + NULL)); \ + } + + +#define declare_string(name) { \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_STRING, \ + name, \ + stack[stack_top], \ + NULL)); \ + } + + +#define declare_string_array(name) { \ + YR_OBJECT* array; \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_ARRAY, \ + name, \ + stack[stack_top], \ + &array)); \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_STRING, \ + name, \ + array, \ + NULL)); \ + } + + +#define declare_string_dictionary(name) { \ + YR_OBJECT* dict; \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_DICTIONARY, \ + name, \ + stack[stack_top], \ + &dict)); \ + FAIL_ON_ERROR(yr_object_create( \ + OBJECT_TYPE_STRING, \ + name, \ + dict, \ + NULL)); \ + } + + +#define declare_function(name, args_fmt, ret_fmt, func) { \ + YR_OBJECT* function; \ + FAIL_ON_ERROR(yr_object_function_create( \ + name, \ + args_fmt, \ + ret_fmt, \ + func, \ + stack[stack_top], \ + &function)); \ + } + + +#define define_function(func) \ + int func ( \ + void* __args, \ + YR_SCAN_CONTEXT* __context, \ + YR_OBJECT_FUNCTION* __function_obj) + + +#define sized_string_argument(n) \ + ((SIZED_STRING*)(size_t)((int64_t*) __args)[n-1]) + +#define string_argument(n) \ + (sized_string_argument(n)->c_string) + +#define integer_argument(n) \ + (((int64_t*) __args)[n-1]) + +#define float_argument(n) \ + (((double*) __args)[n-1]) + +#define regexp_argument(n) \ + ((RE_CODE)((int64_t*) __args)[n-1]) + + +#define module() yr_object_get_root((YR_OBJECT*) __function_obj) +#define parent() (__function_obj->parent) +#define scan_context() (__context) + + +#define foreach_memory_block(context, block) \ + for (block = (context)->mem_block; \ + block != NULL; \ + block = block->next) \ + + +#define first_memory_block(context) \ + (context)->mem_block + + +#define is_undefined(object, ...) \ + yr_object_has_undefined_value(object, __VA_ARGS__) + + +#define get_object(object, ...) \ + yr_object_lookup(object, 0, __VA_ARGS__) + + +#define get_integer(object, ...) \ + yr_object_get_integer(object, __VA_ARGS__) + + +#define get_float(object, ...) \ + yr_object_get_float(object, __VA_ARGS__) + + +#define get_string(object, ...) \ + yr_object_get_string(object, __VA_ARGS__) + + +#define set_integer(value, object, ...) \ + yr_object_set_integer(value, object, __VA_ARGS__) + + +#define set_float(value, object, ...) \ + yr_object_set_float(value, object, __VA_ARGS__) + + +#define set_sized_string(value, len, object, ...) \ + yr_object_set_string(value, len, object, __VA_ARGS__) + + +#define set_string(value, object, ...) \ + set_sized_string(value, strlen(value), object, __VA_ARGS__) + + +#define return_integer(integer) { \ + assertf( \ + __function_obj->return_obj->type == OBJECT_TYPE_INTEGER, \ + "return type differs from function declaration"); \ + yr_object_set_integer( \ + (integer), \ + __function_obj->return_obj, \ + NULL); \ + return ERROR_SUCCESS; \ + } + + +#define return_float(double_) { \ + assertf( \ + __function_obj->return_obj->type == OBJECT_TYPE_FLOAT, \ + "return type differs from function declaration"); \ + double d = (double) (double_); \ + yr_object_set_float( \ + (d != (double) UNDEFINED) ? d : NAN, \ + __function_obj->return_obj, \ + NULL); \ + return ERROR_SUCCESS; \ + } + + +#define return_string(string) { \ + assertf( \ + __function_obj->return_obj->type == OBJECT_TYPE_STRING, \ + "return type differs from function declaration"); \ + char* s = (char*) (string); \ + yr_object_set_string( \ + (s != (char*) UNDEFINED) ? s : NULL, \ + (s != (char*) UNDEFINED) ? strlen(s) : 0, \ + __function_obj->return_obj, \ + NULL); \ + return ERROR_SUCCESS; \ + } + + +struct _YR_MODULE; + + +typedef int (*YR_EXT_INITIALIZE_FUNC)( + struct _YR_MODULE* module); + + +typedef int (*YR_EXT_FINALIZE_FUNC)( + struct _YR_MODULE* module); + + +typedef int (*YR_EXT_DECLARATIONS_FUNC)( + YR_OBJECT* module_object); + + +typedef int (*YR_EXT_LOAD_FUNC)( + YR_SCAN_CONTEXT* context, + YR_OBJECT* module_object, + void* module_data, + size_t module_data_size); + + +typedef int (*YR_EXT_UNLOAD_FUNC)( + YR_OBJECT* module_object); + + +typedef struct _YR_MODULE +{ + tidx_mask_t is_loaded; + + char* name; + + YR_EXT_DECLARATIONS_FUNC declarations; + YR_EXT_LOAD_FUNC load; + YR_EXT_UNLOAD_FUNC unload; + YR_EXT_INITIALIZE_FUNC initialize; + YR_EXT_FINALIZE_FUNC finalize; + +} YR_MODULE; + + +typedef struct _YR_MODULE_IMPORT +{ + const char* module_name; + void* module_data; + size_t module_data_size; + +} YR_MODULE_IMPORT; + + +int yr_modules_initialize(void); + + +int yr_modules_finalize(void); + + +int yr_modules_do_declarations( + const char* module_name, + YR_OBJECT* main_structure); + + +int yr_modules_load( + const char* module_name, + YR_SCAN_CONTEXT* context); + + +int yr_modules_unload_all( + YR_SCAN_CONTEXT* context); + + +void yr_modules_print_data( + YR_SCAN_CONTEXT* context); +#endif diff --git a/x64_dbg_dbg/yara/yara/object.h b/x64_dbg_dbg/yara/yara/object.h new file mode 100644 index 00000000..8d6e1521 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/object.h @@ -0,0 +1,156 @@ +/* +Copyright (c) 2014. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_OBJECT_H +#define YR_OBJECT_H + +#ifdef _MSC_VER +#include +#define isnan _isnan +#define INFINITY (DBL_MAX + DBL_MAX) +#define NAN (INFINITY-INFINITY) +#endif + +#include "types.h" + + +#define OBJECT_CREATE 1 + +#define OBJECT_TYPE_INTEGER 1 +#define OBJECT_TYPE_STRING 2 +#define OBJECT_TYPE_STRUCTURE 3 +#define OBJECT_TYPE_ARRAY 4 +#define OBJECT_TYPE_FUNCTION 5 +#define OBJECT_TYPE_REGEXP 6 +#define OBJECT_TYPE_DICTIONARY 7 +#define OBJECT_TYPE_FLOAT 8 + + +int yr_object_create( + int8_t type, + const char* identifier, + YR_OBJECT* parent, + YR_OBJECT** object); + + +int yr_object_function_create( + const char* identifier, + const char* arguments_fmt, + const char* return_fmt, + YR_MODULE_FUNC func, + YR_OBJECT* parent, + YR_OBJECT** function); + + +int yr_object_from_external_variable( + YR_EXTERNAL_VARIABLE* external, + YR_OBJECT** object); + + +void yr_object_destroy( + YR_OBJECT* object); + + +YR_OBJECT* yr_object_lookup_field( + YR_OBJECT* object, + const char* field_name); + + +YR_OBJECT* yr_object_lookup( + YR_OBJECT* root, + int flags, + const char* pattern, + ...); + + +int yr_object_has_undefined_value( + YR_OBJECT* object, + const char* field, + ...); + +int64_t yr_object_get_integer( + YR_OBJECT* object, + const char* field, + ...); + + +SIZED_STRING* yr_object_get_string( + YR_OBJECT* object, + const char* field, + ...); + + +int yr_object_set_integer( + int64_t value, + YR_OBJECT* object, + const char* field, + ...); + + +int yr_object_set_float( + double value, + YR_OBJECT* object, + const char* field, + ...); + + +int yr_object_set_string( + const char* value, + size_t len, + YR_OBJECT* object, + const char* field, + ...); + + +YR_OBJECT* yr_object_array_get_item( + YR_OBJECT* object, + int flags, + int index); + + +int yr_object_array_set_item( + YR_OBJECT* object, + YR_OBJECT* item, + int index); + + +YR_OBJECT* yr_object_dict_get_item( + YR_OBJECT* object, + int flags, + const char* key); + + +int yr_object_dict_set_item( + YR_OBJECT* object, + YR_OBJECT* item, + const char* key); + + +int yr_object_structure_set_member( + YR_OBJECT* object, + YR_OBJECT* member); + + +YR_OBJECT* yr_object_get_root( + YR_OBJECT* object); + + +void yr_object_print_data( + YR_OBJECT* object, + int indent); + + +#endif diff --git a/x64_dbg_dbg/yara/yara/parser.h b/x64_dbg_dbg/yara/yara/parser.h new file mode 100644 index 00000000..41904be7 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/parser.h @@ -0,0 +1,120 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_PARSER_H +#define YR_PARSER_H + + +#include "lexer.h" + + +int yr_parser_emit( + yyscan_t yyscanner, + int8_t instruction, + int8_t** instruction_address); + + +int yr_parser_emit_with_arg( + yyscan_t yyscanner, + int8_t instruction, + int64_t argument, + int8_t** instruction_address); + + +int yr_parser_emit_with_arg_double( + yyscan_t yyscanner, + int8_t instruction, + double argument, + int8_t** instruction_address); + + +int yr_parser_emit_with_arg_reloc( + yyscan_t yyscanner, + int8_t instruction, + int64_t argument, + int8_t** instruction_address); + + +int yr_parser_check_types( + YR_COMPILER* compiler, + YR_OBJECT_FUNCTION* function, + const char* actual_args_fmt); + + +YR_STRING* yr_parser_lookup_string( + yyscan_t yyscanner, + const char* identifier); + + +int yr_parser_lookup_loop_variable( + yyscan_t yyscanner, + const char* identifier); + + +int yr_parser_reduce_rule_declaration( + yyscan_t yyscanner, + int flags, + const char* identifier, + char* tags, + YR_STRING* strings, + YR_META* metas); + + +YR_STRING* yr_parser_reduce_string_declaration( + yyscan_t yyscanner, + int flags, + const char* identifier, + SIZED_STRING* str); + + +YR_META* yr_parser_reduce_meta_declaration( + yyscan_t yyscanner, + int32_t type, + const char* identifier, + const char* string, + int32_t integer); + + +int yr_parser_reduce_string_identifier( + yyscan_t yyscanner, + const char* identifier, + int8_t instruction, + uint64_t at_offset); + + +int yr_parser_emit_pushes_for_strings( + yyscan_t yyscanner, + const char* identifier); + + +int yr_parser_reduce_external( + yyscan_t yyscanner, + const char* identifier, + int8_t intruction); + + +int yr_parser_reduce_import( + yyscan_t yyscanner, + SIZED_STRING* module_name); + + +int yr_parser_reduce_operation( + yyscan_t yyscanner, + const char* operation, + EXPRESSION left_operand, + EXPRESSION right_operand); + +#endif diff --git a/x64_dbg_dbg/yara/yara/pe.h b/x64_dbg_dbg/yara/yara/pe.h new file mode 100644 index 00000000..f8518324 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/pe.h @@ -0,0 +1,491 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#pragma pack(push, 1) + +#ifdef _WIN32 +#include + +// These definitions are not present in older Windows headers. + +#ifndef IMAGE_FILE_MACHINE_ARMNT +#define IMAGE_FILE_MACHINE_ARMNT 0x01c4 +#endif + +#ifndef IMAGE_FILE_MACHINE_ARM64 +#define IMAGE_FILE_MACHINE_ARM64 0xaa64 +#endif + +#else + +#include +#include + +typedef uint8_t BYTE; +typedef uint16_t WORD; +typedef uint32_t DWORD; +typedef int32_t LONG; +typedef uint32_t ULONG; +typedef uint64_t ULONGLONG; + + +#define FIELD_OFFSET(type, field) ((size_t)&(((type *)0)->field)) + +#ifndef _MAC + +#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ +#define IMAGE_OS2_SIGNATURE 0x454E // NE +#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE +#define IMAGE_VXD_SIGNATURE 0x454C // LE +#define IMAGE_NT_SIGNATURE 0x00004550 // PE00 + +#else + +#define IMAGE_DOS_SIGNATURE 0x4D5A // MZ +#define IMAGE_OS2_SIGNATURE 0x4E45 // NE +#define IMAGE_OS2_SIGNATURE_LE 0x4C45 // LE +#define IMAGE_NT_SIGNATURE 0x50450000 // PE00 + +#endif + +#pragma pack(push, 2) + +typedef struct _IMAGE_DOS_HEADER // DOS .EXE header +{ + WORD e_magic; // Magic number + WORD e_cblp; // Bytes on last page of file + WORD e_cp; // Pages in file + WORD e_crlc; // Relocations + WORD e_cparhdr; // Size of header in paragraphs + WORD e_minalloc; // Minimum extra paragraphs needed + WORD e_maxalloc; // Maximum extra paragraphs needed + WORD e_ss; // Initial (relative) SS value + WORD e_sp; // Initial SP value + WORD e_csum; // Checksum + WORD e_ip; // Initial IP value + WORD e_cs; // Initial (relative) CS value + WORD e_lfarlc; // File address of relocation table + WORD e_ovno; // Overlay number + WORD e_res[4]; // Reserved words + WORD e_oemid; // OEM identifier (for e_oeminfo) + WORD e_oeminfo; // OEM information; e_oemid specific + WORD e_res2[10]; // Reserved words + LONG e_lfanew; // File address of new exe header +} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER; + +#pragma pack(pop) + +// +// File header format. +// + +#pragma pack(push,4) + +typedef struct _IMAGE_FILE_HEADER +{ + WORD Machine; + WORD NumberOfSections; + DWORD TimeDateStamp; + DWORD PointerToSymbolTable; + DWORD NumberOfSymbols; + WORD SizeOfOptionalHeader; + WORD Characteristics; +} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; + + + +#define IMAGE_SIZEOF_FILE_HEADER 20 + + +#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file. +#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references). +#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file. +#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file. +#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Agressively trim working set +#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 // App can handle >2gb addresses +#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed. +#define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine. +#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file +#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file. +#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file. +#define IMAGE_FILE_SYSTEM 0x1000 // System File. +#define IMAGE_FILE_DLL 0x2000 // File is a DLL. +#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine +#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed. + + +#define IMAGE_FILE_MACHINE_UNKNOWN 0x0000 +#define IMAGE_FILE_MACHINE_AM33 0x01d3 +#define IMAGE_FILE_MACHINE_AMD64 0x8664 +#define IMAGE_FILE_MACHINE_ARM 0x01c0 +#define IMAGE_FILE_MACHINE_ARMNT 0x01c4 +#define IMAGE_FILE_MACHINE_ARM64 0xaa64 +#define IMAGE_FILE_MACHINE_EBC 0x0ebc +#define IMAGE_FILE_MACHINE_I386 0x014c +#define IMAGE_FILE_MACHINE_IA64 0x0200 +#define IMAGE_FILE_MACHINE_M32R 0x9041 +#define IMAGE_FILE_MACHINE_MIPS16 0x0266 +#define IMAGE_FILE_MACHINE_MIPSFPU 0x0366 +#define IMAGE_FILE_MACHINE_MIPSFPU16 0x0466 +#define IMAGE_FILE_MACHINE_POWERPC 0x01f0 +#define IMAGE_FILE_MACHINE_POWERPCFP 0x01f1 +#define IMAGE_FILE_MACHINE_R4000 0x0166 +#define IMAGE_FILE_MACHINE_SH3 0x01a2 +#define IMAGE_FILE_MACHINE_SH3DSP 0x01a3 +#define IMAGE_FILE_MACHINE_SH4 0x01a6 +#define IMAGE_FILE_MACHINE_SH5 0x01a8 +#define IMAGE_FILE_MACHINE_THUMB 0x01c2 +#define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 + +// Section characteristics +#define IMAGE_SCN_CNT_CODE 0x00000020 +#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 +#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 +#define IMAGE_SCN_GPREL 0x00008000 +#define IMAGE_SCN_MEM_16BIT 0x00020000 +#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 +#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 +#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 +#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 +#define IMAGE_SCN_MEM_SHARED 0x10000000 +#define IMAGE_SCN_MEM_EXECUTE 0x20000000 +#define IMAGE_SCN_MEM_READ 0x40000000 +#define IMAGE_SCN_MEM_WRITE 0x80000000 + +// +// Directory format. +// + +typedef struct _IMAGE_DATA_DIRECTORY +{ + DWORD VirtualAddress; + DWORD Size; +} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY; + +#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 + + +#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory +#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory +#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory +#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory +#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory +#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table +#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory +#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage) +#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 // Architecture Specific Data +#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // RVA of GP +#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory +#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory +#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers +#define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table +#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 // Delay Load Import Descriptors +#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14 // COM Runtime descriptor + + +// +// Optional header format. +// + +typedef struct _IMAGE_OPTIONAL_HEADER32 +{ + WORD Magic; + BYTE MajorLinkerVersion; + BYTE MinorLinkerVersion; + DWORD SizeOfCode; + DWORD SizeOfInitializedData; + DWORD SizeOfUninitializedData; + DWORD AddressOfEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; + DWORD ImageBase; + DWORD SectionAlignment; + DWORD FileAlignment; + WORD MajorOperatingSystemVersion; + WORD MinorOperatingSystemVersion; + WORD MajorImageVersion; + WORD MinorImageVersion; + WORD MajorSubsystemVersion; + WORD MinorSubsystemVersion; + DWORD Win32VersionValue; + DWORD SizeOfImage; + DWORD SizeOfHeaders; + DWORD CheckSum; + WORD Subsystem; + WORD DllCharacteristics; + DWORD SizeOfStackReserve; + DWORD SizeOfStackCommit; + DWORD SizeOfHeapReserve; + DWORD SizeOfHeapCommit; + DWORD LoaderFlags; + DWORD NumberOfRvaAndSizes; + IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; + +} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32; + + +typedef struct _IMAGE_OPTIONAL_HEADER64 +{ + WORD Magic; + BYTE MajorLinkerVersion; + BYTE MinorLinkerVersion; + DWORD SizeOfCode; + DWORD SizeOfInitializedData; + DWORD SizeOfUninitializedData; + DWORD AddressOfEntryPoint; + DWORD BaseOfCode; + ULONGLONG ImageBase; + DWORD SectionAlignment; + DWORD FileAlignment; + WORD MajorOperatingSystemVersion; + WORD MinorOperatingSystemVersion; + WORD MajorImageVersion; + WORD MinorImageVersion; + WORD MajorSubsystemVersion; + WORD MinorSubsystemVersion; + DWORD Win32VersionValue; + DWORD SizeOfImage; + DWORD SizeOfHeaders; + DWORD CheckSum; + WORD Subsystem; + WORD DllCharacteristics; + ULONGLONG SizeOfStackReserve; + ULONGLONG SizeOfStackCommit; + ULONGLONG SizeOfHeapReserve; + ULONGLONG SizeOfHeapCommit; + DWORD LoaderFlags; + DWORD NumberOfRvaAndSizes; + IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; + +} IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64; + + +#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10b +#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b + + +typedef struct _IMAGE_NT_HEADERS32 +{ + DWORD Signature; + IMAGE_FILE_HEADER FileHeader; + IMAGE_OPTIONAL_HEADER32 OptionalHeader; + +} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32; + + +typedef struct _IMAGE_NT_HEADERS64 +{ + DWORD Signature; + IMAGE_FILE_HEADER FileHeader; + IMAGE_OPTIONAL_HEADER64 OptionalHeader; + +} IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64; + + +// IMAGE_FIRST_SECTION doesn't need 32/64 versions since the file header is +// the same either way. + +#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \ + ((BYTE*)ntheader + \ + FIELD_OFFSET( IMAGE_NT_HEADERS32, OptionalHeader ) + \ + ((PIMAGE_NT_HEADERS32)(ntheader))->FileHeader.SizeOfOptionalHeader \ + )) + +// Subsystem Values + +#define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem. +#define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem. +#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem. +#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem. +#define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem. +#define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image runs in the Posix character subsystem. +#define IMAGE_SUBSYSTEM_NATIVE_WINDOWS 8 // image is a native Win9x driver. + +// +// Section header format. +// + +#define IMAGE_SIZEOF_SHORT_NAME 8 + +typedef struct _IMAGE_SECTION_HEADER +{ + BYTE Name[IMAGE_SIZEOF_SHORT_NAME]; + union + { + DWORD PhysicalAddress; + DWORD VirtualSize; + } Misc; + DWORD VirtualAddress; + DWORD SizeOfRawData; + DWORD PointerToRawData; + DWORD PointerToRelocations; + DWORD PointerToLinenumbers; + WORD NumberOfRelocations; + WORD NumberOfLinenumbers; + DWORD Characteristics; + +} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER; + +#define IMAGE_SIZEOF_SECTION_HEADER 40 + + +typedef struct _IMAGE_EXPORT_DIRECTORY +{ + DWORD Characteristics; + DWORD TimeDateStamp; + WORD MajorVersion; + WORD MinorVersion; + DWORD Name; + DWORD Base; + DWORD NumberOfFunctions; + DWORD NumberOfNames; + DWORD AddressOfFunctions; + DWORD AddressOfNames; + DWORD AddressOfNameOrdinals; +} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY; + + +typedef struct _IMAGE_IMPORT_DESCRIPTOR +{ + union + { + DWORD Characteristics; + DWORD OriginalFirstThunk; + } ; + DWORD TimeDateStamp; + DWORD ForwarderChain; + DWORD Name; + DWORD FirstThunk; + +} IMAGE_IMPORT_DESCRIPTOR, *PIMAGE_IMPORT_DESCRIPTOR; + + +typedef struct _IMAGE_IMPORT_BY_NAME +{ + WORD Hint; + BYTE Name[1]; + +} IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; + +typedef struct _IMAGE_THUNK_DATA32 +{ + union + { + DWORD ForwarderString; + DWORD Function; + DWORD Ordinal; + DWORD AddressOfData; + } u1; + +} IMAGE_THUNK_DATA32, *PIMAGE_THUNK_DATA32; + + +#define IMAGE_ORDINAL_FLAG32 0x80000000 +#define IMAGE_ORDINAL_FLAG64 0x8000000000000000L + +typedef struct _IMAGE_THUNK_DATA64 +{ + union + { + ULONGLONG ForwarderString; + ULONGLONG Function; + ULONGLONG Ordinal; + ULONGLONG AddressOfData; + } u1; + +} IMAGE_THUNK_DATA64, *PIMAGE_THUNK_DATA64; + + +typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY +{ + DWORD Name; + DWORD OffsetToData; +} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY; + + +typedef struct _IMAGE_RESOURCE_DATA_ENTRY +{ + DWORD OffsetToData; + DWORD Size; + DWORD CodePage; + DWORD Reserved; +} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY; + + +typedef struct _IMAGE_RESOURCE_DIRECTORY +{ + DWORD Characteristics; + DWORD TimeDateStamp; + WORD MajorVersion; + WORD MinorVersion; + WORD NumberOfNamedEntries; + WORD NumberOfIdEntries; +} IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY; + +#pragma pack(pop) + +#endif // _WIN32 + +typedef struct _VERSION_INFO +{ + WORD Length; + WORD ValueLength; + WORD Type; + char Key[0]; +} VERSION_INFO, *PVERSION_INFO; + + +#define WIN_CERT_REVISION_1_0 0x0100 +#define WIN_CERT_REVISION_2_0 0x0200 + +#define WIN_CERT_TYPE_X509 0x0001 +#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 +#define WIN_CERT_TYPE_RESERVED_1 0x0003 +#define WIN_CERT_TYPE_TS_STACK_SIGNED 0x0004 + +typedef struct _WIN_CERTIFICATE +{ + DWORD Length; + WORD Revision; + WORD CertificateType; + BYTE Certificate[1]; +} WIN_CERTIFICATE, *PWIN_CERTIFICATE; + + +// +// Rich signature. +// http://www.ntcore.com/files/richsign.htm +// + +typedef struct _RICH_SIGNATURE +{ + DWORD dans; + DWORD key1; + DWORD key2; + DWORD key3; +} RICH_SIGNATURE, *PRICH_SIGNATURE; + +#define RICH_DANS 0x536e6144 // "DanS" +#define RICH_RICH 0x68636952 // "Rich" + +typedef struct _RICH_DATA +{ + size_t len; + BYTE* raw_data; + BYTE* clear_data; +} RICH_DATA, *PRICH_DATA; + +#pragma pack(pop) diff --git a/x64_dbg_dbg/yara/yara/proc.h b/x64_dbg_dbg/yara/yara/proc.h new file mode 100644 index 00000000..0e894261 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/proc.h @@ -0,0 +1,26 @@ +/* +Copyright (c) 2007. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_PROC_H +#define YR_PROC_H + +#include "types.h" + +int yr_process_get_memory( + int pid, + YR_MEMORY_BLOCK** first_block); + +#endif diff --git a/x64_dbg_dbg/yara/yara/re.h b/x64_dbg_dbg/yara/yara/re.h new file mode 100644 index 00000000..b6e1ff78 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/re.h @@ -0,0 +1,240 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_RE_H +#define YR_RE_H + +#include + +#include "arena.h" +#include "sizedstr.h" + +#define RE_NODE_LITERAL 1 +#define RE_NODE_MASKED_LITERAL 2 +#define RE_NODE_ANY 3 +#define RE_NODE_CONCAT 4 +#define RE_NODE_ALT 5 +#define RE_NODE_RANGE 6 +#define RE_NODE_STAR 7 +#define RE_NODE_PLUS 8 +#define RE_NODE_CLASS 9 +#define RE_NODE_WORD_CHAR 10 +#define RE_NODE_NON_WORD_CHAR 11 +#define RE_NODE_SPACE 12 +#define RE_NODE_NON_SPACE 13 +#define RE_NODE_DIGIT 14 +#define RE_NODE_NON_DIGIT 15 +#define RE_NODE_EMPTY 16 +#define RE_NODE_ANCHOR_START 17 +#define RE_NODE_ANCHOR_END 18 +#define RE_NODE_WORD_BOUNDARY 19 +#define RE_NODE_NON_WORD_BOUNDARY 20 + + +#define RE_OPCODE_ANY 0xA0 +#define RE_OPCODE_ANY_EXCEPT_NEW_LINE 0xA1 +#define RE_OPCODE_LITERAL 0xA2 +#define RE_OPCODE_LITERAL_NO_CASE 0xA3 +#define RE_OPCODE_MASKED_LITERAL 0xA4 +#define RE_OPCODE_CLASS 0xA5 +#define RE_OPCODE_CLASS_NO_CASE 0xA6 +#define RE_OPCODE_WORD_CHAR 0xA7 +#define RE_OPCODE_NON_WORD_CHAR 0xA8 +#define RE_OPCODE_SPACE 0xA9 +#define RE_OPCODE_NON_SPACE 0xAA +#define RE_OPCODE_DIGIT 0xAB +#define RE_OPCODE_NON_DIGIT 0xAC +#define RE_OPCODE_MATCH 0xAD + +#define RE_OPCODE_MATCH_AT_END 0xB0 +#define RE_OPCODE_MATCH_AT_START 0xB1 +#define RE_OPCODE_WORD_BOUNDARY 0xB2 +#define RE_OPCODE_NON_WORD_BOUNDARY 0xB3 + +#define RE_OPCODE_SPLIT_A 0xC0 +#define RE_OPCODE_SPLIT_B 0xC1 +#define RE_OPCODE_PUSH 0xC2 +#define RE_OPCODE_POP 0xC3 +#define RE_OPCODE_JNZ 0xC4 +#define RE_OPCODE_JUMP 0xC5 + + +#define RE_FLAGS_FAST_HEX_REGEXP 0x02 +#define RE_FLAGS_BACKWARDS 0x04 +#define RE_FLAGS_EXHAUSTIVE 0x08 +#define RE_FLAGS_WIDE 0x10 +#define RE_FLAGS_NO_CASE 0x20 +#define RE_FLAGS_SCAN 0x40 +#define RE_FLAGS_DOT_ALL 0x80 +#define RE_FLAGS_NOT_AT_START 0x100 + + +typedef struct RE RE; +typedef struct RE_NODE RE_NODE; +typedef struct RE_ERROR RE_ERROR; + +typedef uint8_t* RE_CODE; + +#define CHAR_IN_CLASS(chr, cls) \ + ((cls)[(chr) / 8] & 1 << ((chr) % 8)) + + +#define IS_WORD_CHAR(chr) \ + (isalnum(chr) || (chr) == '_') + + +struct RE_NODE +{ + int type; + + union + { + int value; + int count; + int start; + }; + + union + { + int mask; + int end; + }; + + int greedy; + + uint8_t* class_vector; + + RE_NODE* left; + RE_NODE* right; + + RE_CODE forward_code; + RE_CODE backward_code; +}; + + +struct RE +{ + + uint32_t flags; + RE_NODE* root_node; + YR_ARENA* code_arena; + RE_CODE code; +}; + + +struct RE_ERROR +{ + + char message[512]; + +}; + + +typedef int RE_MATCH_CALLBACK_FUNC( + uint8_t* match, + int match_length, + int flags, + void* args); + + +int yr_re_create( + RE** re); + + +int yr_re_parse( + const char* re_string, + int flags, + RE** re, + RE_ERROR* error); + + +int yr_re_parse_hex( + const char* hex_string, + int flags, + RE** re, + RE_ERROR* error); + + +int yr_re_compile( + const char* re_string, + int flags, + YR_ARENA* code_arena, + RE** re, + RE_ERROR* error); + + +void yr_re_destroy( + RE* re); + + +void yr_re_print( + RE* re); + + +RE_NODE* yr_re_node_create( + int type, + RE_NODE* left, + RE_NODE* right); + + +void yr_re_node_destroy( + RE_NODE* node); + + +SIZED_STRING* yr_re_extract_literal( + RE* re); + + +int yr_re_contains_dot_star( + RE* re); + + +int yr_re_split_at_chaining_point( + RE* re, + RE** result_re, + RE** remainder_re, + int32_t* min_gap, + int32_t* max_gap); + + +int yr_re_emit_code( + RE* re, + YR_ARENA* arena); + + +int yr_re_exec( + RE_CODE re_code, + uint8_t* input, + size_t input_size, + int flags, + RE_MATCH_CALLBACK_FUNC callback, + void* callback_args); + + +int yr_re_match( + RE_CODE re_code, + const char* target); + + +int yr_re_initialize(void); + + +int yr_re_finalize(void); + + +int yr_re_finalize_thread(void); + +#endif diff --git a/x64_dbg_dbg/yara/yara/re_lexer.h b/x64_dbg_dbg/yara/yara/re_lexer.h new file mode 100644 index 00000000..1bf7aa30 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/re_lexer.h @@ -0,0 +1,97 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#undef yyparse +#undef yylex +#undef yyerror +#undef yyfatal +#undef yychar +#undef yydebug +#undef yynerrs +#undef yyget_extra +#undef yyget_lineno + +#undef YY_FATAL_ERROR +#undef YY_DECL +#undef LEX_ENV + + +#define yyparse re_yyparse +#define yylex re_yylex +#define yyerror re_yyerror +#define yyfatal re_yyfatal +#define yychar re_yychar +#define yydebug re_yydebug +#define yynerrs re_yynerrs +#define yyget_extra re_yyget_extra +#define yyget_lineno re_yyget_lineno + + +#ifndef YY_TYPEDEF_YY_SCANNER_T +#define YY_TYPEDEF_YY_SCANNER_T +typedef void* yyscan_t; +#endif + +#define YY_EXTRA_TYPE RE* +#define YY_USE_CONST + + +typedef struct _RE_LEX_ENVIRONMENT +{ + int negated_class; + uint8_t class_vector[32]; + int last_error_code; + char last_error_message[256]; + +} RE_LEX_ENVIRONMENT; + + +#define LEX_ENV ((RE_LEX_ENVIRONMENT*) lex_env) + +#define YY_FATAL_ERROR(msg) re_yyfatal(yyscanner, msg) + +#include + +#define YY_DECL int re_yylex \ + (YYSTYPE * yylval_param , yyscan_t yyscanner, RE_LEX_ENVIRONMENT* lex_env) + + +YY_EXTRA_TYPE yyget_extra( + yyscan_t yyscanner); + +int yylex( + YYSTYPE* yylval_param, + yyscan_t yyscanner, + RE_LEX_ENVIRONMENT* lex_env); + +int yyparse( + void* yyscanner, + RE_LEX_ENVIRONMENT* lex_env); + +void yyerror( + yyscan_t yyscanner, + RE_LEX_ENVIRONMENT* lex_env, + const char* error_message); + +void yyfatal( + yyscan_t yyscanner, + const char* error_message); + +int yr_parse_re_string( + const char* re_string, + int flags, + RE** re, + RE_ERROR* error); diff --git a/x64_dbg_dbg/yara/yara/rules.h b/x64_dbg_dbg/yara/yara/rules.h new file mode 100644 index 00000000..9bab0623 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/rules.h @@ -0,0 +1,127 @@ +/* +Copyright (c) 2014. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +#ifndef YR_RULES_H +#define YR_RULES_H + +#include "types.h" +#include "utils.h" + + +#define CALLBACK_MSG_RULE_MATCHING 1 +#define CALLBACK_MSG_RULE_NOT_MATCHING 2 +#define CALLBACK_MSG_SCAN_FINISHED 3 +#define CALLBACK_MSG_IMPORT_MODULE 4 + +#define CALLBACK_CONTINUE 0 +#define CALLBACK_ABORT 1 +#define CALLBACK_ERROR 2 + + +#define yr_rule_tags_foreach(rule, tag_name) \ + for (tag_name = rule->tags; \ + tag_name != NULL && *tag_name != '\0'; \ + tag_name += strlen(tag_name) + 1) + + +#define yr_rule_metas_foreach(rule, meta) \ + for (meta = rule->metas; !META_IS_NULL(meta); meta++) + + +#define yr_rule_strings_foreach(rule, string) \ + for (string = rule->strings; !STRING_IS_NULL(string); string++) + + +#define yr_string_matches_foreach(string, match) \ + for (match = STRING_MATCHES(string).head; match != NULL; match = match->next) + + +#define yr_rules_foreach(rules, rule) \ + for (rule = rules->rules_list_head; !RULE_IS_NULL(rule); rule++) + + + +YR_API int yr_rules_scan_mem( + YR_RULES* rules, + uint8_t* buffer, + size_t buffer_size, + int flags, + YR_CALLBACK_FUNC callback, + void* user_data, + int timeout); + + +YR_API int yr_rules_scan_file( + YR_RULES* rules, + const char* filename, + int flags, + YR_CALLBACK_FUNC callback, + void* user_data, + int timeout); + + +YR_API int yr_rules_scan_proc( + YR_RULES* rules, + int pid, + int flags, + YR_CALLBACK_FUNC callback, + void* user_data, + int timeout); + + +YR_API int yr_rules_save( + YR_RULES* rules, + const char* filename); + + +YR_API int yr_rules_load( + const char* filename, + YR_RULES** rules); + + +YR_API int yr_rules_destroy( + YR_RULES* rules); + + +YR_API int yr_rules_define_integer_variable( + YR_RULES* rules, + const char* identifier, + int64_t value); + + +YR_API int yr_rules_define_boolean_variable( + YR_RULES* rules, + const char* identifier, + int value); + + +YR_API int yr_rules_define_float_variable( + YR_RULES* rules, + const char* identifier, + double value); + + +YR_API int yr_rules_define_string_variable( + YR_RULES* rules, + const char* identifier, + const char* value); + + +YR_API void yr_rules_print_profiling_info( + YR_RULES* rules); + +#endif diff --git a/x64_dbg_dbg/yara/yara/scan.h b/x64_dbg_dbg/yara/yara/scan.h new file mode 100644 index 00000000..ece9f766 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/scan.h @@ -0,0 +1,35 @@ +/* +Copyright (c) 2014. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_SCAN_H +#define YR_SCAN_H + +#include "types.h" + +#define SCAN_FLAGS_FAST_MODE 1 +#define SCAN_FLAGS_PROCESS_MEMORY 2 + + +int yr_scan_verify_match( + YR_AC_MATCH* ac_match, + uint8_t* data, + size_t data_size, + size_t data_base, + size_t offset, + YR_ARENA* matches_arena, + int flags); + +#endif diff --git a/x64_dbg_dbg/yara/yara/sizedstr.h b/x64_dbg_dbg/yara/yara/sizedstr.h new file mode 100644 index 00000000..fe8a2833 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/sizedstr.h @@ -0,0 +1,42 @@ +/* +Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef _SIZEDSTR_H +#define _SIZEDSTR_H + +// +// This struct is used to support strings containing null chars. The length of +// the string is stored along the string data. However the string data is also +// terminated with a null char. +// + +#define SIZED_STRING_FLAGS_NO_CASE 1 +#define SIZED_STRING_FLAGS_DOT_ALL 2 + +typedef struct _SIZED_STRING +{ + int length; + int flags; + char c_string[1]; + +} SIZED_STRING; + + +int sized_string_cmp( + SIZED_STRING* s1, + SIZED_STRING* s2); + +#endif diff --git a/x64_dbg_dbg/yara/yara/strutils.h b/x64_dbg_dbg/yara/yara/strutils.h new file mode 100644 index 00000000..9ad7aa4e --- /dev/null +++ b/x64_dbg_dbg/yara/yara/strutils.h @@ -0,0 +1,77 @@ +/* +Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_STRUTILS_H +#define YR_STRUTILS_H + +#include +#include +#include + +#include "config.h" + +#ifdef _WIN32 +#define snprintf _snprintf +#define strcasecmp _stricmp +#define strncasecmp _strnicmp +#endif + + +uint64_t xtoi( + const char* hexstr); + + +#if !HAVE_STRLCPY +size_t strlcpy( + char* dst, + const char* src, + size_t size); +#endif + + +#if !HAVE_STRLCAT +size_t strlcat( + char* dst, + const char* src, + size_t size); +#endif + + +#if !HAVE_MEMMEM +void* memmem( + const void* haystack, + size_t haystack_size, + const void* needle, + size_t needle_size); +#endif + + +int strlen_w( + const char* w_str); + + +int strcmp_w( + const char* w_str, + const char* str); + + +size_t strlcpy_w( + char* dst, + const char* w_src, + size_t n); + +#endif + diff --git a/x64_dbg_dbg/yara/yara/types.h b/x64_dbg_dbg/yara/yara/types.h new file mode 100644 index 00000000..6c13aa80 --- /dev/null +++ b/x64_dbg_dbg/yara/yara/types.h @@ -0,0 +1,524 @@ +/* +Copyright (c) 2013. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#ifndef YR_TYPES_H +#define YR_TYPES_H + + +#include "arena.h" +#include "re.h" +#include "limits.h" +#include "hash.h" + +#ifdef _WIN32 +#include +typedef HANDLE mutex_t; +#else +#include +typedef pthread_mutex_t mutex_t; +#endif + +typedef int32_t tidx_mask_t; + + +#define DECLARE_REFERENCE(type, name) \ + union { type name; int64_t name##_; } + +#pragma pack(push) +#pragma pack(1) + + +#define NAMESPACE_TFLAGS_UNSATISFIED_GLOBAL 0x01 + +#define NAMESPACE_HAS_UNSATISFIED_GLOBAL(x) \ + ((x)->t_flags[yr_get_tidx()] & NAMESPACE_TFLAGS_UNSATISFIED_GLOBAL) + + +typedef struct _YR_NAMESPACE +{ + int32_t t_flags[MAX_THREADS]; // Thread-specific flags + DECLARE_REFERENCE(char*, name); + +} YR_NAMESPACE; + + +#define META_TYPE_NULL 0 +#define META_TYPE_INTEGER 1 +#define META_TYPE_STRING 2 +#define META_TYPE_BOOLEAN 3 + +#define META_IS_NULL(x) \ + ((x) != NULL ? (x)->type == META_TYPE_NULL : TRUE) + + +typedef struct _YR_META +{ + int32_t type; + int32_t integer; + + DECLARE_REFERENCE(const char*, identifier); + DECLARE_REFERENCE(char*, string); + +} YR_META; + + +typedef struct _YR_MATCH +{ + int64_t base; + int64_t offset; + int32_t length; + + union + { + uint8_t* data; // Confirmed matches use "data", + int32_t chain_length; // unconfirmed ones use "chain_length" + }; + + struct _YR_MATCH* prev; + struct _YR_MATCH* next; + +} YR_MATCH; + + +typedef struct _YR_MATCHES +{ + int32_t count; + + DECLARE_REFERENCE(YR_MATCH*, head); + DECLARE_REFERENCE(YR_MATCH*, tail); + +} YR_MATCHES; + + +#define STRING_GFLAGS_REFERENCED 0x01 +#define STRING_GFLAGS_HEXADECIMAL 0x02 +#define STRING_GFLAGS_NO_CASE 0x04 +#define STRING_GFLAGS_ASCII 0x08 +#define STRING_GFLAGS_WIDE 0x10 +#define STRING_GFLAGS_REGEXP 0x20 +#define STRING_GFLAGS_FAST_HEX_REGEXP 0x40 +#define STRING_GFLAGS_FULL_WORD 0x80 +#define STRING_GFLAGS_ANONYMOUS 0x100 +#define STRING_GFLAGS_SINGLE_MATCH 0x200 +#define STRING_GFLAGS_LITERAL 0x400 +#define STRING_GFLAGS_FITS_IN_ATOM 0x800 +#define STRING_GFLAGS_NULL 0x1000 +#define STRING_GFLAGS_CHAIN_PART 0x2000 +#define STRING_GFLAGS_CHAIN_TAIL 0x4000 +#define STRING_GFLAGS_FIXED_OFFSET 0x8000 + + +#define STRING_IS_HEX(x) \ + (((x)->g_flags) & STRING_GFLAGS_HEXADECIMAL) + +#define STRING_IS_NO_CASE(x) \ + (((x)->g_flags) & STRING_GFLAGS_NO_CASE) + +#define STRING_IS_ASCII(x) \ + (((x)->g_flags) & STRING_GFLAGS_ASCII) + +#define STRING_IS_WIDE(x) \ + (((x)->g_flags) & STRING_GFLAGS_WIDE) + +#define STRING_IS_REGEXP(x) \ + (((x)->g_flags) & STRING_GFLAGS_REGEXP) + +#define STRING_IS_FULL_WORD(x) \ + (((x)->g_flags) & STRING_GFLAGS_FULL_WORD) + +#define STRING_IS_ANONYMOUS(x) \ + (((x)->g_flags) & STRING_GFLAGS_ANONYMOUS) + +#define STRING_IS_REFERENCED(x) \ + (((x)->g_flags) & STRING_GFLAGS_REFERENCED) + +#define STRING_IS_SINGLE_MATCH(x) \ + (((x)->g_flags) & STRING_GFLAGS_SINGLE_MATCH) + +#define STRING_IS_FIXED_OFFSET(x) \ + (((x)->g_flags) & STRING_GFLAGS_FIXED_OFFSET) + +#define STRING_IS_LITERAL(x) \ + (((x)->g_flags) & STRING_GFLAGS_LITERAL) + +#define STRING_IS_FAST_HEX_REGEXP(x) \ + (((x)->g_flags) & STRING_GFLAGS_FAST_HEX_REGEXP) + +#define STRING_IS_CHAIN_PART(x) \ + (((x)->g_flags) & STRING_GFLAGS_CHAIN_PART) + +#define STRING_IS_CHAIN_TAIL(x) \ + (((x)->g_flags) & STRING_GFLAGS_CHAIN_TAIL) + +#define STRING_IS_NULL(x) \ + ((x) == NULL || ((x)->g_flags) & STRING_GFLAGS_NULL) + +#define STRING_FITS_IN_ATOM(x) \ + (((x)->g_flags) & STRING_GFLAGS_FITS_IN_ATOM) + +#define STRING_FOUND(x) \ + ((x)->matches[yr_get_tidx()].tail != NULL) + +#define STRING_MATCHES(x) \ + ((x)->matches[yr_get_tidx()]) + + +typedef struct _YR_STRING +{ + int32_t g_flags; + int32_t length; + + DECLARE_REFERENCE(char*, identifier); + DECLARE_REFERENCE(uint8_t*, string); + DECLARE_REFERENCE(struct _YR_STRING*, chained_to); + + int32_t chain_gap_min; + int32_t chain_gap_max; + + int64_t fixed_offset; + + YR_MATCHES matches[MAX_THREADS]; + YR_MATCHES unconfirmed_matches[MAX_THREADS]; + +#ifdef PROFILING_ENABLED + uint64_t clock_ticks; +#endif + +} YR_STRING; + + +#define RULE_TFLAGS_MATCH 0x01 + +#define RULE_GFLAGS_PRIVATE 0x01 +#define RULE_GFLAGS_GLOBAL 0x02 +#define RULE_GFLAGS_REQUIRE_EXECUTABLE 0x04 +#define RULE_GFLAGS_REQUIRE_FILE 0x08 +#define RULE_GFLAGS_NULL 0x1000 + +#define RULE_IS_PRIVATE(x) \ + (((x)->g_flags) & RULE_GFLAGS_PRIVATE) + +#define RULE_IS_GLOBAL(x) \ + (((x)->g_flags) & RULE_GFLAGS_GLOBAL) + +#define RULE_IS_NULL(x) \ + (((x)->g_flags) & RULE_GFLAGS_NULL) + +#define RULE_MATCHES(x) \ + ((x)->t_flags[yr_get_tidx()] & RULE_TFLAGS_MATCH) + + +typedef struct _YR_RULE +{ + int32_t g_flags; // Global flags + int32_t t_flags[MAX_THREADS]; // Thread-specific flags + + DECLARE_REFERENCE(const char*, identifier); + DECLARE_REFERENCE(const char*, tags); + DECLARE_REFERENCE(YR_META*, metas); + DECLARE_REFERENCE(YR_STRING*, strings); + DECLARE_REFERENCE(YR_NAMESPACE*, ns); + +#ifdef PROFILING_ENABLED + uint64_t clock_ticks; +#endif + +} YR_RULE; + + +#define EXTERNAL_VARIABLE_TYPE_NULL 0 +#define EXTERNAL_VARIABLE_TYPE_FLOAT 1 +#define EXTERNAL_VARIABLE_TYPE_INTEGER 2 +#define EXTERNAL_VARIABLE_TYPE_BOOLEAN 3 +#define EXTERNAL_VARIABLE_TYPE_STRING 4 +#define EXTERNAL_VARIABLE_TYPE_MALLOC_STRING 5 + + +#define EXTERNAL_VARIABLE_IS_NULL(x) \ + ((x) != NULL ? (x)->type == EXTERNAL_VARIABLE_TYPE_NULL : TRUE) + + +typedef struct _YR_EXTERNAL_VARIABLE +{ + int32_t type; + + union + { + int64_t i; + double f; + char* s; + } value; + + DECLARE_REFERENCE(char*, identifier); + +} YR_EXTERNAL_VARIABLE; + + +typedef struct _YR_AC_MATCH +{ + uint16_t backtrack; + + DECLARE_REFERENCE(YR_STRING*, string); + DECLARE_REFERENCE(uint8_t*, forward_code); + DECLARE_REFERENCE(uint8_t*, backward_code); + DECLARE_REFERENCE(struct _YR_AC_MATCH*, next); + +} YR_AC_MATCH; + + +typedef struct _YR_AC_STATE +{ + int8_t depth; + + DECLARE_REFERENCE(struct _YR_AC_STATE*, failure); + DECLARE_REFERENCE(YR_AC_MATCH*, matches); + +} YR_AC_STATE; + + +typedef struct _YR_AC_STATE_TRANSITION +{ + uint8_t input; + + DECLARE_REFERENCE(YR_AC_STATE*, state); + DECLARE_REFERENCE(struct _YR_AC_STATE_TRANSITION*, next); + +} YR_AC_STATE_TRANSITION; + + +typedef struct _YR_AC_TABLE_BASED_STATE +{ + int8_t depth; + + DECLARE_REFERENCE(YR_AC_STATE*, failure); + DECLARE_REFERENCE(YR_AC_MATCH*, matches); + DECLARE_REFERENCE(YR_AC_STATE*, state) transitions[256]; + +} YR_AC_TABLE_BASED_STATE; + + +typedef struct _YR_AC_LIST_BASED_STATE +{ + int8_t depth; + + DECLARE_REFERENCE(YR_AC_STATE*, failure); + DECLARE_REFERENCE(YR_AC_MATCH*, matches); + DECLARE_REFERENCE(YR_AC_STATE_TRANSITION*, transitions); + +} YR_AC_LIST_BASED_STATE; + + +typedef struct _YR_AC_AUTOMATON +{ + DECLARE_REFERENCE(YR_AC_STATE*, root); + +} YR_AC_AUTOMATON; + + +typedef struct _YARA_RULES_FILE_HEADER +{ + uint32_t version; + + DECLARE_REFERENCE(YR_RULE*, rules_list_head); + DECLARE_REFERENCE(YR_EXTERNAL_VARIABLE*, externals_list_head); + DECLARE_REFERENCE(uint8_t*, code_start); + DECLARE_REFERENCE(YR_AC_AUTOMATON*, automaton); + +} YARA_RULES_FILE_HEADER; + + + +#pragma pack(pop) + + +typedef struct _YR_RULES +{ + + tidx_mask_t tidx_mask; + uint8_t* code_start; + + mutex_t mutex; + + YR_ARENA* arena; + YR_RULE* rules_list_head; + YR_EXTERNAL_VARIABLE* externals_list_head; + YR_AC_AUTOMATON* automaton; + +} YR_RULES; + + +typedef struct _YR_MEMORY_BLOCK +{ + uint8_t* data; + size_t size; + size_t base; + + struct _YR_MEMORY_BLOCK* next; + +} YR_MEMORY_BLOCK; + + +typedef int (*YR_CALLBACK_FUNC)( + int message, + void* message_data, + void* user_data); + + +typedef struct _YR_SCAN_CONTEXT +{ + uint64_t file_size; + uint64_t entry_point; + + int flags; + void* user_data; + + YR_MEMORY_BLOCK* mem_block; + YR_HASH_TABLE* objects_table; + YR_CALLBACK_FUNC callback; + +} YR_SCAN_CONTEXT; + + + +#define OBJECT_COMMON_FIELDS \ + int8_t type; \ + const char* identifier; \ + void* data; \ + struct _YR_OBJECT* parent; + + +typedef struct _YR_OBJECT +{ + OBJECT_COMMON_FIELDS + +} YR_OBJECT; + + +typedef struct _YR_OBJECT_INTEGER +{ + OBJECT_COMMON_FIELDS + int64_t value; + +} YR_OBJECT_INTEGER; + + +typedef struct _YR_OBJECT_DOUBLE +{ + OBJECT_COMMON_FIELDS + double value; + +} YR_OBJECT_DOUBLE; + + +typedef struct _YR_OBJECT_STRING +{ + OBJECT_COMMON_FIELDS + SIZED_STRING* value; + +} YR_OBJECT_STRING; + + +typedef struct _YR_OBJECT_REGEXP +{ + OBJECT_COMMON_FIELDS + RE* value; + +} YR_OBJECT_REGEXP; + + +typedef struct _YR_OBJECT_STRUCTURE +{ + OBJECT_COMMON_FIELDS + struct _YR_STRUCTURE_MEMBER* members; + +} YR_OBJECT_STRUCTURE; + + +typedef struct _YR_OBJECT_ARRAY +{ + OBJECT_COMMON_FIELDS + YR_OBJECT* prototype_item; + struct _YR_ARRAY_ITEMS* items; + +} YR_OBJECT_ARRAY; + + +typedef struct _YR_OBJECT_DICTIONARY +{ + OBJECT_COMMON_FIELDS + YR_OBJECT* prototype_item; + struct _YR_DICTIONARY_ITEMS* items; + +} YR_OBJECT_DICTIONARY; + + +struct _YR_OBJECT_FUNCTION; + + +typedef int (*YR_MODULE_FUNC)( + void* args, + YR_SCAN_CONTEXT* context, + struct _YR_OBJECT_FUNCTION* function_obj); + + +typedef struct _YR_OBJECT_FUNCTION +{ + OBJECT_COMMON_FIELDS + + YR_OBJECT* return_obj; + + struct + { + const char* arguments_fmt; + YR_MODULE_FUNC code; + } prototypes[MAX_OVERLOADED_FUNCTIONS]; + +} YR_OBJECT_FUNCTION; + + +typedef struct _YR_STRUCTURE_MEMBER +{ + YR_OBJECT* object; + struct _YR_STRUCTURE_MEMBER* next; + +} YR_STRUCTURE_MEMBER; + + +typedef struct _YR_ARRAY_ITEMS +{ + int count; + YR_OBJECT* objects[1]; + +} YR_ARRAY_ITEMS; + + +typedef struct _YR_DICTIONARY_ITEMS +{ + int used; + int free; + + struct + { + + char* key; + YR_OBJECT* obj; + + } objects[1]; + +} YR_DICTIONARY_ITEMS; + + +#endif diff --git a/x64_dbg_dbg/yara/yara/utils.h b/x64_dbg_dbg/yara/yara/utils.h new file mode 100644 index 00000000..6fe4e64d --- /dev/null +++ b/x64_dbg_dbg/yara/yara/utils.h @@ -0,0 +1,67 @@ +/* +Copyright (c) 2014. The YARA Authors. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +#ifndef YR_UTILS_H +#define YR_UTILS_H + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifndef NULL +#define NULL 0 +#endif + +#ifdef __cplusplus +#define YR_API extern "C" __declspec(dllimport) +#else +#define YR_API +#endif + +#ifndef min +#define min(x, y) ((x < y) ? (x) : (y)) +#endif + +#ifndef max +#define max(x, y) ((x > y) ? (x) : (y)) +#endif + + +#define PTR_TO_UINT64(x) ((uint64_t) (size_t) x) + + +#ifdef NDEBUG + +#define assertf(expr, msg) ((void)0) + +#else + +#include + +#define assertf(expr, msg, ...) \ + if(!(expr)) { \ + fprintf(stderr, "%s:%d: " msg "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ + abort(); \ + } + +#endif + +#endif diff --git a/x64_dbg_dbg/yara/yara_x64.a b/x64_dbg_dbg/yara/yara_x64.a new file mode 100644 index 00000000..3eb1a7dd Binary files /dev/null and b/x64_dbg_dbg/yara/yara_x64.a differ diff --git a/x64_dbg_dbg/yara/yara_x64.lib b/x64_dbg_dbg/yara/yara_x64.lib new file mode 100644 index 00000000..46dc5f33 Binary files /dev/null and b/x64_dbg_dbg/yara/yara_x64.lib differ diff --git a/x64_dbg_dbg/yara/yara_x86.a b/x64_dbg_dbg/yara/yara_x86.a new file mode 100644 index 00000000..f1d9971c Binary files /dev/null and b/x64_dbg_dbg/yara/yara_x86.a differ diff --git a/x64_dbg_dbg/yara/yara_x86.lib b/x64_dbg_dbg/yara/yara_x86.lib new file mode 100644 index 00000000..d0b35fbd Binary files /dev/null and b/x64_dbg_dbg/yara/yara_x86.lib differ diff --git a/x64_dbg_exe/resource.rc b/x64_dbg_exe/resource.rc index f95d4139..15456905 100644 --- a/x64_dbg_exe/resource.rc +++ b/x64_dbg_exe/resource.rc @@ -67,8 +67,8 @@ IDI_ICON1 ICON "..\\bug.ico" // VS_VERSION_INFO VERSIONINFO - FILEVERSION 0,0,2,3 - PRODUCTVERSION 0,0,2,3 + FILEVERSION 0,0,2,4 + PRODUCTVERSION 0,0,2,4 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -84,10 +84,10 @@ BEGIN BLOCK "040904b0" BEGIN VALUE "FileDescription", "x64_dbg" - VALUE "FileVersion", "0.0.2.3" + VALUE "FileVersion", "0.0.2.4" VALUE "LegalCopyright", "x64dbg.com" VALUE "ProductName", "x64_dbg" - VALUE "ProductVersion", "V2.2ALPHA" + VALUE "ProductVersion", "0.0.2.4" END END BLOCK "VarFileInfo" diff --git a/x64_dbg_gui/Project/Src/BasicView/HexDump.cpp b/x64_dbg_gui/Project/Src/BasicView/HexDump.cpp index 31f9cf63..ef3bba90 100644 --- a/x64_dbg_gui/Project/Src/BasicView/HexDump.cpp +++ b/x64_dbg_gui/Project/Src/BasicView/HexDump.cpp @@ -128,6 +128,7 @@ void HexDump::mouseMoveEvent(QMouseEvent* event) { expandSelectionUpTo(wStartingAddress); mSelection.toIndex += dataSize; + emit selectionUpdated(); } else expandSelectionUpTo(wEndingAddress); @@ -197,7 +198,10 @@ void HexDump::mousePressEvent(QMouseEvent* event) } expandSelectionUpTo(wEndingAddress); if(bUpdateTo) + { mSelection.toIndex += dataSize; + emit selectionUpdated(); + } mGuiState = HexDump::MultiRowsSelectionState; @@ -238,7 +242,7 @@ QString HexDump::paintContent(QPainter* painter, int_t rowBase, int rowOffset, i { // Reset byte offset when base address is reached if(rowBase == 0 && mByteOffset != 0) - printDumpAt(mMemPage->getBase(), false); + printDumpAt(mMemPage->getBase(), false, false); // Compute RVA int wBytePerRowCount = getBytePerRowCount(); @@ -304,11 +308,13 @@ void HexDump::expandSelectionUpTo(int_t rva) { mSelection.fromIndex = rva; mSelection.toIndex = mSelection.firstSelectedIndex; + emit selectionUpdated(); } else if(rva > mSelection.firstSelectedIndex) { mSelection.fromIndex = mSelection.firstSelectedIndex; mSelection.toIndex = rva; + emit selectionUpdated(); } else if(rva == mSelection.firstSelectedIndex) { @@ -321,6 +327,7 @@ void HexDump::setSingleSelection(int_t rva) mSelection.firstSelectedIndex = rva; mSelection.fromIndex = rva; mSelection.toIndex = rva; + emit selectionUpdated(); } int_t HexDump::getInitialSelection() diff --git a/x64_dbg_gui/Project/Src/BasicView/HexDump.h b/x64_dbg_gui/Project/Src/BasicView/HexDump.h index 9a1e28bf..5822a212 100644 --- a/x64_dbg_gui/Project/Src/BasicView/HexDump.h +++ b/x64_dbg_gui/Project/Src/BasicView/HexDump.h @@ -131,6 +131,9 @@ public: void printDumpAt(int_t parVA, bool select, bool repaint = true); uint_t rvaToVa(int_t rva); +signals: + void selectionUpdated(); + public slots: void printDumpAt(int_t parVA); void debugStateChanged(DBGSTATE state); diff --git a/x64_dbg_gui/Project/Src/BasicView/ReferenceView.cpp b/x64_dbg_gui/Project/Src/BasicView/ReferenceView.cpp index 428fec2a..b9d335cf 100644 --- a/x64_dbg_gui/Project/Src/BasicView/ReferenceView.cpp +++ b/x64_dbg_gui/Project/Src/BasicView/ReferenceView.cpp @@ -2,20 +2,33 @@ #include #include "Configuration.h" #include "Bridge.h" +#include ReferenceView::ReferenceView() { // Setup SearchListView settings mSearchStartCol = 1; + mFollowDumpDefault = false; + + QHBoxLayout* layout = new QHBoxLayout(); // Create search progress bar mSearchProgress = new QProgressBar(); mSearchProgress->setRange(0, 100); mSearchProgress->setTextVisible(false); mSearchProgress->setMaximumHeight(15); + layout->addWidget(mSearchProgress); - // Add the progress bar to the main layout - mMainLayout->addWidget(mSearchProgress); + // Label for the number of references + mCountLabel = new QLabel("tst"); + mCountLabel->setAlignment(Qt::AlignCenter); + mCountLabel->setMaximumHeight(16); + mCountLabel->setMinimumWidth(40); + mCountLabel->setContentsMargins(2, 0, 5, 0); + layout->addWidget(mCountLabel); + + // Add the progress bar and label to the main layout + mMainLayout->addLayout(layout); // Setup signals connect(Bridge::getBridge(), SIGNAL(referenceAddColumnAt(int, QString)), this, SLOT(addColumnAt(int, QString))); @@ -93,6 +106,7 @@ void ReferenceView::addColumnAt(int width, QString title) void ReferenceView::setRowCount(int_t count) { + emit mCountLabel->setText(QString("%1").arg(count)); mSearchBox->setText(""); mList->setRowCount(count); } @@ -187,7 +201,6 @@ void ReferenceView::toggleBreakpoint() } DbgCmdExec(wCmd.toUtf8().constData()); - this->mSearchList->selectNext(); } void ReferenceView::toggleBookmark() diff --git a/x64_dbg_gui/Project/Src/BasicView/ReferenceView.h b/x64_dbg_gui/Project/Src/BasicView/ReferenceView.h index d94b0d4e..e7a25ec5 100644 --- a/x64_dbg_gui/Project/Src/BasicView/ReferenceView.h +++ b/x64_dbg_gui/Project/Src/BasicView/ReferenceView.h @@ -2,6 +2,7 @@ #define REFERENCEVIEW_H #include +#include #include "SearchListView.h" class ReferenceView : public SearchListView @@ -38,6 +39,7 @@ private: QAction* mToggleBreakpoint; QAction* mToggleBookmark; bool mFollowDumpDefault; + QLabel* mCountLabel; }; #endif // REFERENCEVIEW_H diff --git a/x64_dbg_gui/Project/Src/Bridge/Bridge.cpp b/x64_dbg_gui/Project/Src/Bridge/Bridge.cpp index 0a30219c..ee8702eb 100644 --- a/x64_dbg_gui/Project/Src/Bridge/Bridge.cpp +++ b/x64_dbg_gui/Project/Src/Bridge/Bridge.cpp @@ -33,7 +33,7 @@ void Bridge::CopyToClipboard(const QString & text) clipboard->setText(text); } -void Bridge::BridgeSetResult(int_t result) +void Bridge::setResult(int_t result) { bridgeResult = result; hasBridgeResult = true; @@ -89,12 +89,9 @@ void Bridge::emitDumpAt(int_t va) void Bridge::emitScriptAdd(int count, const char** lines) { - mBridgeMutex->lock(); - hasBridgeResult = false; + BridgeResult result; emit scriptAdd(count, lines); - while(!hasBridgeResult) //wait for thread completion - Sleep(100); - mBridgeMutex->unlock(); + result.Wait(); } void Bridge::emitScriptClear() @@ -109,7 +106,9 @@ void Bridge::emitScriptSetIp(int line) void Bridge::emitScriptError(int line, QString message) { + BridgeResult result; emit scriptError(line, message); + result.Wait(); } void Bridge::emitScriptSetTitle(QString title) @@ -124,18 +123,16 @@ void Bridge::emitScriptSetInfoLine(int line, QString info) void Bridge::emitScriptMessage(QString message) { + BridgeResult result; emit scriptMessage(message); + result.Wait(); } int Bridge::emitScriptQuestion(QString message) { - mBridgeMutex->lock(); - hasBridgeResult = false; + BridgeResult result; emit scriptQuestion(message); - while(!hasBridgeResult) //wait for thread completion - Sleep(100); - mBridgeMutex->unlock(); - return bridgeResult; + return result.Wait(); } void Bridge::emitScriptEnableHighlighting(bool enable) @@ -200,12 +197,9 @@ void Bridge::emitReferenceSetSearchStartCol(int col) void Bridge::emitReferenceInitialize(QString name) { - mBridgeMutex->lock(); - hasBridgeResult = false; + BridgeResult result; emit referenceInitialize(name); - while(!hasBridgeResult) //wait for thread completion - Sleep(100); - mBridgeMutex->unlock(); + result.Wait(); } void Bridge::emitStackDumpAt(uint_t va, uint_t csp) @@ -238,36 +232,39 @@ void Bridge::emitSetLastException(unsigned int exceptionCode) emit setLastException(exceptionCode); } +void Bridge::emitMenuAddToList(QWidget* parent, QMenu* menu, int hMenu, int hParentMenu) +{ + BridgeResult result; + emit menuAddMenuToList(parent, menu, hMenu, hParentMenu); + result.Wait(); +} + int Bridge::emitMenuAddMenu(int hMenu, QString title) { - mBridgeMutex->lock(); - hasBridgeResult = false; + BridgeResult result; emit menuAddMenu(hMenu, title); - while(!hasBridgeResult) //wait for thread completion - Sleep(100); - mBridgeMutex->unlock(); - return bridgeResult; + return result.Wait(); } int Bridge::emitMenuAddMenuEntry(int hMenu, QString title) { - mBridgeMutex->lock(); - hasBridgeResult = false; + BridgeResult result; emit menuAddMenuEntry(hMenu, title); - while(!hasBridgeResult) //wait for thread completion - Sleep(100); - mBridgeMutex->unlock(); - return bridgeResult; + return result.Wait(); } void Bridge::emitMenuAddSeparator(int hMenu) { + BridgeResult result; emit menuAddSeparator(hMenu); + result.Wait(); } void Bridge::emitMenuClearMenu(int hMenu) { + BridgeResult result; emit menuClearMenu(hMenu); + result.Wait(); } void Bridge::emitAddMsgToStatusBar(QString msg) @@ -279,8 +276,7 @@ bool Bridge::emitSelectionGet(int hWindow, SELECTIONDATA* selection) { if(!DbgIsDebugging()) return false; - mBridgeMutex->lock(); - hasBridgeResult = false; + BridgeResult result; switch(hWindow) { case GUI_DISASSEMBLY: @@ -293,12 +289,9 @@ bool Bridge::emitSelectionGet(int hWindow, SELECTIONDATA* selection) emit selectionStackGet(selection); break; default: - mBridgeMutex->unlock(); return false; } - while(!hasBridgeResult) //wait for thread completion - Sleep(100); - mBridgeMutex->unlock(); + result.Wait(); if(selection->start > selection->end) //swap start and end { int_t temp = selection->end; @@ -312,8 +305,7 @@ bool Bridge::emitSelectionSet(int hWindow, const SELECTIONDATA* selection) { if(!DbgIsDebugging()) return false; - mBridgeMutex->lock(); - hasBridgeResult = false; + BridgeResult result; switch(hWindow) { case GUI_DISASSEMBLY: @@ -326,24 +318,16 @@ bool Bridge::emitSelectionSet(int hWindow, const SELECTIONDATA* selection) emit selectionStackSet(selection); break; default: - mBridgeMutex->unlock(); return false; } - while(!hasBridgeResult) //wait for thread completion - Sleep(100); - mBridgeMutex->unlock(); - return bridgeResult; + return result.Wait(); } bool Bridge::emitGetStrWindow(const QString title, QString* text) { - mBridgeMutex->lock(); - hasBridgeResult = false; + BridgeResult result; emit getStrWindow(title, text); - while(!hasBridgeResult) //wait for thread completion - Sleep(100); - mBridgeMutex->unlock(); - return bridgeResult; + return result.Wait(); } void Bridge::emitAutoCompleteAddCmd(const QString cmd) diff --git a/x64_dbg_gui/Project/Src/Bridge/Bridge.h b/x64_dbg_gui/Project/Src/Bridge/Bridge.h index 33b56e2f..eb6c39dc 100644 --- a/x64_dbg_gui/Project/Src/Bridge/Bridge.h +++ b/x64_dbg_gui/Project/Src/Bridge/Bridge.h @@ -6,10 +6,14 @@ #include "Imports.h" #include "NewTypes.h" #include "ReferenceManager.h" +#include "BridgeResult.h" class Bridge : public QObject { Q_OBJECT + + friend class BridgeResult; + public: explicit Bridge(QObject* parent = 0); ~Bridge(); @@ -21,7 +25,7 @@ public: static void CopyToClipboard(const QString & text); //result function - void BridgeSetResult(int_t result); + void setResult(int_t result = 0); // Exports Binding void emitDisassembleAtSignal(int_t va, int_t eip); @@ -60,10 +64,12 @@ public: void emitUpdateMemory(); void emitAddRecentFile(QString file); void emitSetLastException(unsigned int exceptionCode); + void emitMenuAddToList(QWidget* parent, QMenu* menu, int hMenu, int hParentMenu = -1); int emitMenuAddMenu(int hMenu, QString title); int emitMenuAddMenuEntry(int hMenu, QString title); void emitMenuAddSeparator(int hMenu); void emitMenuClearMenu(int hMenu); + void emitMenuRemoveEntry(int hEntry); bool emitSelectionGet(int hWindow, SELECTIONDATA* selection); bool emitSelectionSet(int hWindow, const SELECTIONDATA* selection); bool emitGetStrWindow(const QString title, QString* text); @@ -119,10 +125,12 @@ signals: void updateMemory(); void addRecentFile(QString file); void setLastException(unsigned int exceptionCode); + void menuAddMenuToList(QWidget* parent, QMenu* menu, int hMenu, int hParentMenu); void menuAddMenu(int hMenu, QString title); void menuAddMenuEntry(int hMenu, QString title); void menuAddSeparator(int hMenu); void menuClearMenu(int hMenu); + void menuRemoveMenuEntry(int hEntry); void selectionDisasmGet(SELECTIONDATA* selection); void selectionDisasmSet(const SELECTIONDATA* selection); void selectionDumpGet(SELECTIONDATA* selection); @@ -143,7 +151,7 @@ signals: private: QMutex* mBridgeMutex; int_t bridgeResult; - bool hasBridgeResult; + volatile bool hasBridgeResult; public: diff --git a/x64_dbg_gui/Project/Src/Bridge/BridgeResult.cpp b/x64_dbg_gui/Project/Src/Bridge/BridgeResult.cpp new file mode 100644 index 00000000..77ad3655 --- /dev/null +++ b/x64_dbg_gui/Project/Src/Bridge/BridgeResult.cpp @@ -0,0 +1,20 @@ +#include "BridgeResult.h" +#include "Bridge.h" + +BridgeResult::BridgeResult() +{ + Bridge::getBridge()->mBridgeMutex->lock(); + Bridge::getBridge()->hasBridgeResult = false; +} + +BridgeResult::~BridgeResult() +{ + Bridge::getBridge()->mBridgeMutex->unlock(); +} + +int_t BridgeResult::Wait() +{ + while(!Bridge::getBridge()->hasBridgeResult) //wait for thread completion + Sleep(100); + return Bridge::getBridge()->bridgeResult; +} diff --git a/x64_dbg_gui/Project/Src/Bridge/BridgeResult.h b/x64_dbg_gui/Project/Src/Bridge/BridgeResult.h new file mode 100644 index 00000000..9499a759 --- /dev/null +++ b/x64_dbg_gui/Project/Src/Bridge/BridgeResult.h @@ -0,0 +1,14 @@ +#ifndef BRIDGERESULT_H +#define BRIDGERESULT_H + +#include "NewTypes.h" + +class BridgeResult +{ +public: + BridgeResult(); + ~BridgeResult(); + int_t Wait(); +}; + +#endif // BRIDGERESULT_H diff --git a/x64_dbg_gui/Project/Src/Gui/BreakpointsView.cpp b/x64_dbg_gui/Project/Src/Gui/BreakpointsView.cpp index 74266e41..a6106ed1 100644 --- a/x64_dbg_gui/Project/Src/Gui/BreakpointsView.cpp +++ b/x64_dbg_gui/Project/Src/Gui/BreakpointsView.cpp @@ -59,10 +59,13 @@ BreakpointsView::BreakpointsView(QWidget* parent) : QWidget(parent) connect(Bridge::getBridge(), SIGNAL(updateBreakpoints()), this, SLOT(reloadData())); connect(mHardBPTable, SIGNAL(contextMenuSignal(const QPoint &)), this, SLOT(hardwareBPContextMenuSlot(const QPoint &))); connect(mHardBPTable, SIGNAL(doubleClickedSignal()), this, SLOT(doubleClickHardwareSlot())); + connect(mHardBPTable, SIGNAL(enterPressedSignal()), this, SLOT(doubleClickHardwareSlot())); connect(mSoftBPTable, SIGNAL(contextMenuSignal(const QPoint &)), this, SLOT(softwareBPContextMenuSlot(const QPoint &))); connect(mSoftBPTable, SIGNAL(doubleClickedSignal()), this, SLOT(doubleClickSoftwareSlot())); + connect(mSoftBPTable, SIGNAL(enterPressedSignal()), this, SLOT(doubleClickSoftwareSlot())); connect(mMemBPTable, SIGNAL(contextMenuSignal(const QPoint &)), this, SLOT(memoryBPContextMenuSlot(const QPoint &))); connect(mMemBPTable, SIGNAL(doubleClickedSignal()), this, SLOT(doubleClickMemorySlot())); + connect(mMemBPTable, SIGNAL(enterPressedSignal()), this, SLOT(doubleClickMemorySlot())); } @@ -292,9 +295,7 @@ void BreakpointsView::enableDisableHardBPActionSlot() { StdTable* table = mHardBPTable; Breakpoints::toggleBPByDisabling(bp_hardware, table->getCellContent(table->getInitialSelection(), 0).toULongLong(0, 16)); - int_t sel = table->getInitialSelection(); - if(sel + 1 < table->getRowCount()) - table->setSingleSelection(sel + 1); + table->selectNext(); } void BreakpointsView::doubleClickHardwareSlot() @@ -402,9 +403,7 @@ void BreakpointsView::enableDisableSoftBPActionSlot() { StdTable* table = mSoftBPTable; Breakpoints::toggleBPByDisabling(bp_normal, table->getCellContent(table->getInitialSelection(), 0).toULongLong(0, 16)); - int_t sel = table->getInitialSelection(); - if(sel + 1 < table->getRowCount()) - table->setSingleSelection(sel + 1); + table->selectNext(); } void BreakpointsView::doubleClickSoftwareSlot() @@ -512,9 +511,7 @@ void BreakpointsView::enableDisableMemBPActionSlot() { StdTable* table = mMemBPTable; Breakpoints::toggleBPByDisabling(bp_memory, table->getCellContent(table->getInitialSelection(), 0).toULongLong(0, 16)); - int_t sel = table->getInitialSelection(); - if(sel + 1 < table->getRowCount()) - table->setSingleSelection(sel + 1); + table->selectNext(); } void BreakpointsView::doubleClickMemorySlot() diff --git a/x64_dbg_gui/Project/Src/Gui/CPUDisassembly.cpp b/x64_dbg_gui/Project/Src/Gui/CPUDisassembly.cpp index 2503a4d2..789ed713 100644 --- a/x64_dbg_gui/Project/Src/Gui/CPUDisassembly.cpp +++ b/x64_dbg_gui/Project/Src/Gui/CPUDisassembly.cpp @@ -6,6 +6,7 @@ #include "LineEditDialog.h" #include "WordEditDialog.h" #include "HexEditDialog.h" +#include "YaraRuleSelectionDialog.h" CPUDisassembly::CPUDisassembly(QWidget* parent) : Disassembly(parent) { @@ -228,7 +229,6 @@ void CPUDisassembly::contextMenuEvent(QContextMenuEvent* event) wMenu->addAction(mEnableHighlightingMode); wMenu->addSeparator(); - wMenu->addAction(mSetLabel); wMenu->addAction(mSetComment); wMenu->addAction(mSetBookmark); @@ -249,6 +249,7 @@ void CPUDisassembly::contextMenuEvent(QContextMenuEvent* event) wMenu->addAction(mAssemble); wMenu->addAction(mPatchesAction); + wMenu->addAction(mYaraAction); wMenu->addSeparator(); @@ -273,6 +274,9 @@ void CPUDisassembly::contextMenuEvent(QContextMenuEvent* event) mReferencesMenu->addAction(mReferenceSelectedAddress); wMenu->addMenu(mReferencesMenu); + wMenu->addSeparator(); + wMenu->addActions(mPluginMenu->actions()); + wMenu->exec(event->globalPos()); } } @@ -402,6 +406,11 @@ void CPUDisassembly::setupRightClickContextMenu() mPatchesAction->setShortcutContext(Qt::WidgetShortcut); connect(mPatchesAction, SIGNAL(triggered()), this, SLOT(showPatchesSlot())); + mYaraAction = new QAction(QIcon(":/icons/images/yara.png"), "&Yara...", this); + mYaraAction->setShortcutContext(Qt::WidgetShortcut); + this->addAction(mYaraAction); + connect(mYaraAction, SIGNAL(triggered()), this, SLOT(yaraSlot())); + //-------------------------------------------------------------------- //---------------------- New origin here ----------------------------- @@ -519,6 +528,10 @@ void CPUDisassembly::setupRightClickContextMenu() this->addAction(mEnableHighlightingMode); connect(mEnableHighlightingMode, SIGNAL(triggered()), this, SLOT(enableHighlightingMode())); + // Plugins + mPluginMenu = new QMenu(this); + Bridge::getBridge()->emitMenuAddToList(this, mPluginMenu, GUI_DISASM_MENU); + refreshShortcutsSlot(); connect(Config(), SIGNAL(shortcutsUpdated()), this, SLOT(refreshShortcutsSlot())); } @@ -539,6 +552,7 @@ void CPUDisassembly::refreshShortcutsSlot() mAssemble->setShortcut(ConfigShortcut("ActionAssemble")); mToggleInt3BpAction->setShortcut(ConfigShortcut("ActionToggleBreakpoint")); mPatchesAction->setShortcut(ConfigShortcut("ViewPatches")); + mYaraAction->setShortcut(ConfigShortcut("ActionYara")); mSetNewOriginHere->setShortcut(ConfigShortcut("ActionSetNewOriginHere")); mGotoOrigin->setShortcut(ConfigShortcut("ActionGotoOrigin")); mGotoPrevious->setShortcut(ConfigShortcut("ActionGotoPrevious")); @@ -992,7 +1006,7 @@ void CPUDisassembly::selectionGet(SELECTIONDATA* selection) { selection->start = rvaToVa(getSelectionStart()); selection->end = rvaToVa(getSelectionEnd()); - Bridge::getBridge()->BridgeSetResult(1); + Bridge::getBridge()->setResult(1); } void CPUDisassembly::selectionSet(const SELECTIONDATA* selection) @@ -1003,13 +1017,13 @@ void CPUDisassembly::selectionSet(const SELECTIONDATA* selection) int_t end = selection->end; if(start < selMin || start >= selMax || end < selMin || end >= selMax) //selection out of range { - Bridge::getBridge()->BridgeSetResult(0); + Bridge::getBridge()->setResult(0); return; } setSingleSelection(start - selMin); expandSelectionUpTo(end - selMin); reloadData(); - Bridge::getBridge()->BridgeSetResult(1); + Bridge::getBridge()->setResult(1); } void CPUDisassembly::enableHighlightingMode() @@ -1137,6 +1151,17 @@ void CPUDisassembly::showPatchesSlot() emit showPatches(); } +void CPUDisassembly::yaraSlot() +{ + YaraRuleSelectionDialog yaraDialog(this); + if(yaraDialog.exec() == QDialog::Accepted) + { + QString addrText = QString("%1").arg(rvaToVa(getInitialSelection()), sizeof(int_t) * 2, 16, QChar('0')).toUpper(); + DbgCmdExec(QString("yara \"%0\",%1").arg(yaraDialog.getSelectedFile()).arg(addrText).toUtf8().constData()); + emit displayReferencesWidget(); + } +} + void CPUDisassembly::copySelection(bool copyBytes) { QList instBuffer; diff --git a/x64_dbg_gui/Project/Src/Gui/CPUDisassembly.h b/x64_dbg_gui/Project/Src/Gui/CPUDisassembly.h index f29e486e..612b5d7d 100644 --- a/x64_dbg_gui/Project/Src/Gui/CPUDisassembly.h +++ b/x64_dbg_gui/Project/Src/Gui/CPUDisassembly.h @@ -63,6 +63,7 @@ public slots: void binaryPasteIgnoreSizeSlot(); void undoSelectionSlot(); void showPatchesSlot(); + void yaraSlot(); void copySelection(); void copySelectionNoBytes(); void copyAddress(); @@ -80,6 +81,7 @@ private: QMenu* mReferencesMenu; QMenu* mSearchMenu; QMenu* mCopyMenu; + QMenu* mPluginMenu; QAction* mBinaryEditAction; QAction* mBinaryFillAction; @@ -114,6 +116,7 @@ private: QAction* mSearchPattern; QAction* mEnableHighlightingMode; QAction* mPatchesAction; + QAction* mYaraAction; QAction* mCopySelection; QAction* mCopySelectionNoBytes; QAction* mCopyAddress; diff --git a/x64_dbg_gui/Project/Src/Gui/CPUDump.cpp b/x64_dbg_gui/Project/Src/Gui/CPUDump.cpp index 3ca26842..c3639772 100644 --- a/x64_dbg_gui/Project/Src/Gui/CPUDump.cpp +++ b/x64_dbg_gui/Project/Src/Gui/CPUDump.cpp @@ -5,6 +5,7 @@ #include "Bridge.h" #include "LineEditDialog.h" #include "HexEditDialog.h" +#include "YaraRuleSelectionDialog.h" CPUDump::CPUDump(QWidget* parent) : HexDump(parent) { @@ -75,6 +76,7 @@ CPUDump::CPUDump(QWidget* parent) : HexDump(parent) connect(Bridge::getBridge(), SIGNAL(dumpAt(int_t)), this, SLOT(printDumpAt(int_t))); connect(Bridge::getBridge(), SIGNAL(selectionDumpGet(SELECTIONDATA*)), this, SLOT(selectionGet(SELECTIONDATA*))); connect(Bridge::getBridge(), SIGNAL(selectionDumpSet(const SELECTIONDATA*)), this, SLOT(selectionSet(const SELECTIONDATA*))); + connect(this, SIGNAL(selectionUpdated()), this, SLOT(selectionUpdatedSlot())); setupContextMenu(); @@ -231,6 +233,12 @@ void CPUDump::setupContextMenu() this->addAction(mFindPatternAction); connect(mFindPatternAction, SIGNAL(triggered()), this, SLOT(findPattern())); + //Yara + mYaraAction = new QAction(QIcon(":/icons/images/yara.png"), "&Yara...", this); + mYaraAction->setShortcutContext(Qt::WidgetShortcut); + this->addAction(mYaraAction); + connect(mYaraAction, SIGNAL(triggered()), this, SLOT(yaraSlot())); + //Find References mFindReferencesAction = new QAction("Find &References", this); mFindReferencesAction->setShortcutContext(Qt::WidgetShortcut); @@ -341,6 +349,10 @@ void CPUDump::setupContextMenu() mDisassemblyAction = new QAction("&Disassembly", this); connect(mDisassemblyAction, SIGNAL(triggered()), this, SLOT(disassemblySlot())); + //Plugins + mPluginMenu = new QMenu(this); + Bridge::getBridge()->emitMenuAddToList(this, mPluginMenu, GUI_DUMP_MENU); + refreshShortcutsSlot(); connect(Config(), SIGNAL(shortcutsUpdated()), this, SLOT(refreshShortcutsSlot())); } @@ -357,10 +369,15 @@ void CPUDump::refreshShortcutsSlot() mFindPatternAction->setShortcut(ConfigShortcut("ActionFindPattern")); mFindReferencesAction->setShortcut(ConfigShortcut("ActionFindReferences")); mGotoExpression->setShortcut(ConfigShortcut("ActionGotoExpression")); + mYaraAction->setShortcut(ConfigShortcut("ActionYara")); } QString CPUDump::paintContent(QPainter* painter, int_t rowBase, int rowOffset, int col, int x, int y, int w, int h) { + // Reset byte offset when base address is reached + if(rowBase == 0 && mByteOffset != 0) + printDumpAt(mMemPage->getBase(), false, false); + QString wStr = ""; if(!col) //address { @@ -455,6 +472,7 @@ void CPUDump::contextMenuEvent(QContextMenuEvent* event) wMenu->addAction(mSetLabelAction); wMenu->addMenu(mBreakpointMenu); wMenu->addAction(mFindPatternAction); + wMenu->addAction(mYaraAction); wMenu->addMenu(mGotoMenu); wMenu->addSeparator(); wMenu->addMenu(mHexMenu); @@ -494,6 +512,9 @@ void CPUDump::contextMenuEvent(QContextMenuEvent* event) mMemoryRemove->setVisible(false); } + wMenu->addSeparator(); + wMenu->addActions(mPluginMenu->actions()); + wMenu->exec(event->globalPos()); //execute context menu } @@ -1053,7 +1074,7 @@ void CPUDump::selectionGet(SELECTIONDATA* selection) { selection->start = rvaToVa(getSelectionStart()); selection->end = rvaToVa(getSelectionEnd()); - Bridge::getBridge()->BridgeSetResult(1); + Bridge::getBridge()->setResult(1); } void CPUDump::selectionSet(const SELECTIONDATA* selection) @@ -1064,13 +1085,13 @@ void CPUDump::selectionSet(const SELECTIONDATA* selection) int_t end = selection->end; if(start < selMin || start >= selMax || end < selMin || end >= selMax) //selection out of range { - Bridge::getBridge()->BridgeSetResult(0); + Bridge::getBridge()->setResult(0); return; } setSingleSelection(start - selMin); expandSelectionUpTo(end - selMin); reloadData(); - Bridge::getBridge()->BridgeSetResult(1); + Bridge::getBridge()->setResult(1); } void CPUDump::memoryAccessSingleshootSlot() @@ -1303,3 +1324,25 @@ void CPUDump::followStackSlot() QString addrText = QString("%1").arg(rvaToVa(getSelectionStart()), sizeof(int_t) * 2, 16, QChar('0')).toUpper(); DbgCmdExec(QString("sdump " + addrText).toUtf8().constData()); } + +void CPUDump::selectionUpdatedSlot() +{ + QString selStart = QString("%1").arg(rvaToVa(getSelectionStart()), sizeof(int_t) * 2, 16, QChar('0')).toUpper(); + QString selEnd = QString("%1").arg(rvaToVa(getSelectionEnd()), sizeof(int_t) * 2, 16, QChar('0')).toUpper(); + QString info = "Dump"; + char mod[MAX_MODULE_SIZE] = ""; + if(DbgFunctions()->ModNameFromAddr(rvaToVa(getSelectionStart()), mod, true)) + info = QString(mod) + ""; + GuiAddStatusBarMessage(QString(info + ": " + selStart + " -> " + selEnd + QString().sprintf(" (0x%.8X bytes)\n", getSelectionEnd() - getSelectionStart() + 1)).toUtf8().constData()); +} + +void CPUDump::yaraSlot() +{ + YaraRuleSelectionDialog yaraDialog(this); + if(yaraDialog.exec() == QDialog::Accepted) + { + QString addrText = QString("%1").arg(rvaToVa(getInitialSelection()), sizeof(int_t) * 2, 16, QChar('0')).toUpper(); + DbgCmdExec(QString("yara \"%0\",%1").arg(yaraDialog.getSelectedFile()).arg(addrText).toUtf8().constData()); + emit displayReferencesWidget(); + } +} diff --git a/x64_dbg_gui/Project/Src/Gui/CPUDump.h b/x64_dbg_gui/Project/Src/Gui/CPUDump.h index 4c315d95..dc8a837c 100644 --- a/x64_dbg_gui/Project/Src/Gui/CPUDump.h +++ b/x64_dbg_gui/Project/Src/Gui/CPUDump.h @@ -77,6 +77,9 @@ public slots: void followStackSlot(); void findReferencesSlot(); + void selectionUpdatedSlot(); + void yaraSlot(); + private: QMenu* mBreakpointMenu; @@ -156,10 +159,12 @@ private: QAction* mBinaryPasteIgnoreSizeAction; QAction* mFindPatternAction; QAction* mFindReferencesAction; + QAction* mYaraAction; QAction* mUndoSelection; QMenu* mSpecialMenu; QMenu* mCustomMenu; + QMenu* mPluginMenu; GotoDialog* mGoto; diff --git a/x64_dbg_gui/Project/Src/Gui/CPUInfoBox.cpp b/x64_dbg_gui/Project/Src/Gui/CPUInfoBox.cpp index 5900859b..7d033177 100644 --- a/x64_dbg_gui/Project/Src/Gui/CPUInfoBox.cpp +++ b/x64_dbg_gui/Project/Src/Gui/CPUInfoBox.cpp @@ -181,7 +181,7 @@ void CPUInfoBox::disasmSelectionChanged(int_t parVA) else info = QString(mod) + " | "; } - char section[10] = ""; + char section[MAX_SECTION_SIZE] = ""; if(DbgFunctions()->SectionFromAddr(parVA, section)) info += "\"" + QString(section) + "\":"; info += QString("%1").arg(parVA, sizeof(int_t) * 2, 16, QChar('0')).toUpper(); diff --git a/x64_dbg_gui/Project/Src/Gui/CPUStack.cpp b/x64_dbg_gui/Project/Src/Gui/CPUStack.cpp index 059646cf..3041bd4d 100644 --- a/x64_dbg_gui/Project/Src/Gui/CPUStack.cpp +++ b/x64_dbg_gui/Project/Src/Gui/CPUStack.cpp @@ -150,6 +150,9 @@ void CPUStack::setupContextMenu() mFollowStack = new QAction("Follow in &Stack", this); connect(mFollowStack, SIGNAL(triggered()), this, SLOT(followStackSlot())); + mPluginMenu = new QMenu(this); + Bridge::getBridge()->emitMenuAddToList(this, mPluginMenu, GUI_STACK_MENU); + refreshShortcutsSlot(); connect(Config(), SIGNAL(shortcutsUpdated()), this, SLOT(refreshShortcutsSlot())); } @@ -169,6 +172,10 @@ void CPUStack::refreshShortcutsSlot() QString CPUStack::paintContent(QPainter* painter, int_t rowBase, int rowOffset, int col, int x, int y, int w, int h) { + // Reset byte offset when base address is reached + if(rowBase == 0 && mByteOffset != 0) + printDumpAt(mMemPage->getBase(), false, false); + // Compute RVA int wBytePerRowCount = getBytePerRowCount(); int_t wRva = (rowBase + rowOffset) * wBytePerRowCount - mByteOffset; @@ -329,6 +336,9 @@ void CPUStack::contextMenuEvent(QContextMenuEvent* event) wMenu->addAction(mFollowDump); } + wMenu->addSeparator(); + wMenu->addActions(mPluginMenu->actions()); + wMenu->exec(event->globalPos()); } @@ -409,7 +419,7 @@ void CPUStack::selectionGet(SELECTIONDATA* selection) { selection->start = rvaToVa(getSelectionStart()); selection->end = rvaToVa(getSelectionEnd()); - Bridge::getBridge()->BridgeSetResult(1); + Bridge::getBridge()->setResult(1); } void CPUStack::selectionSet(const SELECTIONDATA* selection) @@ -420,13 +430,13 @@ void CPUStack::selectionSet(const SELECTIONDATA* selection) int_t end = selection->end; if(start < selMin || start >= selMax || end < selMin || end >= selMax) //selection out of range { - Bridge::getBridge()->BridgeSetResult(0); + Bridge::getBridge()->setResult(0); return; } setSingleSelection(start - selMin); expandSelectionUpTo(end - selMin); reloadData(); - Bridge::getBridge()->BridgeSetResult(1); + Bridge::getBridge()->setResult(1); } void CPUStack::followDisasmSlot() diff --git a/x64_dbg_gui/Project/Src/Gui/CPUStack.h b/x64_dbg_gui/Project/Src/Gui/CPUStack.h index dd030d21..4170ecfe 100644 --- a/x64_dbg_gui/Project/Src/Gui/CPUStack.h +++ b/x64_dbg_gui/Project/Src/Gui/CPUStack.h @@ -57,6 +57,7 @@ private: QAction* mFollowDisasm; QAction* mFollowDump; QAction* mFollowStack; + QMenu* mPluginMenu; GotoDialog* mGoto; }; diff --git a/x64_dbg_gui/Project/Src/Gui/HexEditDialog.cpp b/x64_dbg_gui/Project/Src/Gui/HexEditDialog.cpp index 97cf167a..44e27f6d 100644 --- a/x64_dbg_gui/Project/Src/Gui/HexEditDialog.cpp +++ b/x64_dbg_gui/Project/Src/Gui/HexEditDialog.cpp @@ -122,3 +122,13 @@ void HexEditDialog::dataChangedSlot() ui->lineEditAscii->setText(ascii); ui->lineEditUnicode->setText(unicode); } + +void HexEditDialog::on_lineEditAscii_textEdited(const QString & arg1) +{ + on_btnAscii2Hex_clicked(); +} + +void HexEditDialog::on_lineEditUnicode_textEdited(const QString & arg1) +{ + on_btnUnicode2Hex_clicked(); +} diff --git a/x64_dbg_gui/Project/Src/Gui/HexEditDialog.h b/x64_dbg_gui/Project/Src/Gui/HexEditDialog.h index 752ae6e6..8616abf3 100644 --- a/x64_dbg_gui/Project/Src/Gui/HexEditDialog.h +++ b/x64_dbg_gui/Project/Src/Gui/HexEditDialog.h @@ -28,6 +28,8 @@ private slots: void on_btnUnicode2Hex_clicked(); void on_chkKeepSize_toggled(bool checked); void dataChangedSlot(); + void on_lineEditAscii_textEdited(const QString & arg1); + void on_lineEditUnicode_textEdited(const QString & arg1); private: Ui::HexEditDialog* ui; diff --git a/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp b/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp index 00d9b4a5..626ebf4b 100644 --- a/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp +++ b/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp @@ -17,6 +17,22 @@ MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWi { ui->setupUi(this); + //setup bridge signals + connect(Bridge::getBridge(), SIGNAL(updateWindowTitle(QString)), this, SLOT(updateWindowTitleSlot(QString))); + connect(Bridge::getBridge(), SIGNAL(addRecentFile(QString)), this, SLOT(addRecentFile(QString))); + connect(Bridge::getBridge(), SIGNAL(setLastException(uint)), this, SLOT(setLastException(uint))); + connect(Bridge::getBridge(), SIGNAL(menuAddMenuToList(QWidget*, QMenu*, int, int)), this, SLOT(addMenuToList(QWidget*, QMenu*, int, int))); + connect(Bridge::getBridge(), SIGNAL(menuAddMenu(int, QString)), this, SLOT(addMenu(int, QString))); + connect(Bridge::getBridge(), SIGNAL(menuAddMenuEntry(int, QString)), this, SLOT(addMenuEntry(int, QString))); + connect(Bridge::getBridge(), SIGNAL(menuAddSeparator(int)), this, SLOT(addSeparator(int))); + connect(Bridge::getBridge(), SIGNAL(menuClearMenu(int)), this, SLOT(clearMenu(int))); + connect(Bridge::getBridge(), SIGNAL(menuRemoveMenuEntry(int)), this, SLOT(removeMenuEntry(int))); + connect(Bridge::getBridge(), SIGNAL(getStrWindow(QString, QString*)), this, SLOT(getStrWindow(QString, QString*))); + + //setup menu api + initMenuApi(); + addMenuToList(this, ui->menuPlugins, GUI_PLUGIN_MENU); + this->showMaximized(); #ifdef _WIN64 @@ -61,6 +77,7 @@ MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWi // Memory Map View mMemMapView = new MemoryMapView(); connect(mMemMapView, SIGNAL(showCpu()), this, SLOT(displayCpuWidget())); + connect(mMemMapView, SIGNAL(showReferences()), this, SLOT(displayReferencesWidget())); mMemMapView->setWindowTitle("Memory Map"); mMemMapView->setWindowIcon(QIcon(":/icons/images/memory-map.png")); mMemMapView->hide(); @@ -152,6 +169,7 @@ MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWi connect(ui->actionCpu, SIGNAL(triggered()), this, SLOT(displayCpuWidget())); connect(ui->actionSymbolInfo, SIGNAL(triggered()), this, SLOT(displaySymbolWidget())); connect(mSymbolView, SIGNAL(showCpu()), this, SLOT(displayCpuWidget())); + connect(mSymbolView, SIGNAL(showReferences()), this, SLOT(displayReferencesWidget())); connect(mReferenceManager, SIGNAL(showCpu()), this, SLOT(displayCpuWidget())); connect(ui->actionReferences, SIGNAL(triggered()), this, SLOT(displayReferencesWidget())); connect(ui->actionThreads, SIGNAL(triggered()), this, SLOT(displayThreadsWidget())); @@ -160,6 +178,7 @@ MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWi connect(ui->actionCalls, SIGNAL(triggered()), this, SLOT(findModularCalls())); connect(ui->actionAppearance, SIGNAL(triggered()), this, SLOT(openAppearance())); connect(ui->actionShortcuts, SIGNAL(triggered()), this, SLOT(openShortcuts())); + connect(ui->actionTopmost, SIGNAL(toggled(bool)), this, SLOT(changeTopmost(bool))); connect(ui->actionCalculator, SIGNAL(triggered()), this, SLOT(openCalculator())); connect(ui->actionPatches, SIGNAL(triggered()), this, SLOT(patchWindow())); connect(ui->actionComments, SIGNAL(triggered()), this, SLOT(displayComments())); @@ -169,22 +188,15 @@ MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWi connect(ui->actionCheckUpdates, SIGNAL(triggered()), this, SLOT(checkUpdates())); connect(ui->actionCallStack, SIGNAL(triggered()), this, SLOT(displayCallstack())); connect(ui->actionDonate, SIGNAL(triggered()), this, SLOT(donate())); + connect(ui->actionReportBug, SIGNAL(triggered()), this, SLOT(reportBug())); connect(ui->actionAttach, SIGNAL(triggered()), this, SLOT(displayAttach())); connect(ui->actionDetach, SIGNAL(triggered()), this, SLOT(detach())); connect(ui->actionChangeCommandLine, SIGNAL(triggered()), this, SLOT(changeCommandLine())); - connect(Bridge::getBridge(), SIGNAL(updateWindowTitle(QString)), this, SLOT(updateWindowTitleSlot(QString))); - connect(Bridge::getBridge(), SIGNAL(addRecentFile(QString)), this, SLOT(addRecentFile(QString))); - connect(Bridge::getBridge(), SIGNAL(setLastException(uint)), this, SLOT(setLastException(uint))); - connect(Bridge::getBridge(), SIGNAL(menuAddMenu(int, QString)), this, SLOT(addMenu(int, QString))); - connect(Bridge::getBridge(), SIGNAL(menuAddMenuEntry(int, QString)), this, SLOT(addMenuEntry(int, QString))); - connect(Bridge::getBridge(), SIGNAL(menuAddSeparator(int)), this, SLOT(addSeparator(int))); - connect(Bridge::getBridge(), SIGNAL(menuClearMenu(int)), this, SLOT(clearMenu(int))); connect(mCpuWidget->mDisas, SIGNAL(displayReferencesWidget()), this, SLOT(displayReferencesWidget())); connect(mCpuWidget->mDisas, SIGNAL(showPatches()), this, SLOT(patchWindow())); connect(mCpuWidget->mDump, SIGNAL(displayReferencesWidget()), this, SLOT(displayReferencesWidget())); connect(mCpuWidget->mStack, SIGNAL(displayReferencesWidget()), this, SLOT(displayReferencesWidget())); - connect(Bridge::getBridge(), SIGNAL(getStrWindow(QString, QString*)), this, SLOT(getStrWindow(QString, QString*))); connect(Config(), SIGNAL(shortcutsUpdated()), this, SLOT(refreshShortcuts())); //Set default setttings (when not set) @@ -195,9 +207,6 @@ MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWi //Create updatechecker mUpdateChecker = new UpdateChecker(this); - //setup menu api - initMenuApi(); - refreshShortcuts(); bClose = false; @@ -289,11 +298,13 @@ void MainWindow::refreshShortcuts() ui->actionSettings->setShortcut(ConfigShortcut("OptionsPreferences")); ui->actionAppearance->setShortcut(ConfigShortcut("OptionsAppearance")); ui->actionShortcuts->setShortcut(ConfigShortcut("OptionsShortcuts")); + ui->actionTopmost->setShortcut(ConfigShortcut("OptionsTopmost")); ui->actionAbout->setShortcut(ConfigShortcut("HelpAbout")); ui->actionDonate->setShortcut(ConfigShortcut("HelpDonate")); ui->actionCheckUpdates->setShortcut(ConfigShortcut("HelpCheckForUpdates")); ui->actionCalculator->setShortcut(ConfigShortcut("HelpCalculator")); + ui->actionReportBug->setShortcut(ConfigShortcut("HelpReportBug")); ui->actionStrings->setShortcut(ConfigShortcut("ActionFindStrings")); ui->actionCalls->setShortcut(ConfigShortcut("ActionFindIntermodularCalls")); @@ -682,6 +693,14 @@ void MainWindow::openShortcuts() shortcuts.exec(); } +void MainWindow::changeTopmost(bool checked) +{ + if(checked) + SetWindowPos((HWND)this->winId(), HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE | SWP_NOACTIVATE); + else + SetWindowPos((HWND)this->winId(), HWND_NOTOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE | SWP_NOACTIVATE); +} + void MainWindow::addRecentFile(QString file) { addMRUEntry(file); @@ -706,8 +725,10 @@ void MainWindow::findModularCalls() displayReferencesWidget(); } -void MainWindow::addMenu(int hMenu, QString title) +const MainWindow::MenuInfo* MainWindow::findMenu(int hMenu) { + if(hMenu == -1) + return 0; int nFound = -1; for(int i = 0; i < mMenuList.size(); i++) { @@ -717,90 +738,94 @@ void MainWindow::addMenu(int hMenu, QString title) break; } } - if(nFound == -1 && hMenu != -1) + return nFound == -1 ? 0 : &mMenuList.at(nFound); +} + +void MainWindow::addMenuToList(QWidget* parent, QMenu* menu, int hMenu, int hParentMenu) +{ + if(!findMenu(hMenu)) + mMenuList.push_back(MenuInfo(parent, menu, hMenu, hParentMenu)); + Bridge::getBridge()->setResult(); +} + +void MainWindow::addMenu(int hMenu, QString title) +{ + const MenuInfo* menu = findMenu(hMenu); + if(!menu && hMenu != -1) { - Bridge::getBridge()->BridgeSetResult(-1); + Bridge::getBridge()->setResult(-1); return; } - MenuInfo newInfo; - int hMenuNew = hMenuNext; - hMenuNext++; - QMenu* wMenu = new QMenu(title, this); - newInfo.mMenu = wMenu; - newInfo.hMenu = hMenuNew; - newInfo.hParentMenu = hMenu; - mMenuList.push_back(newInfo); + int hMenuNew = hMenuNext++; + QWidget* parent = hMenu == -1 ? this : menu->parent; + QMenu* wMenu = new QMenu(title, parent); + wMenu->menuAction()->setVisible(false); + mMenuList.push_back(MenuInfo(parent, wMenu, hMenuNew, hMenu)); if(hMenu == -1) //top-level ui->menuBar->addMenu(wMenu); else //deeper level - mMenuList.at(nFound).mMenu->addMenu(wMenu); - Bridge::getBridge()->BridgeSetResult(hMenuNew); + menu->mMenu->addMenu(wMenu); + Bridge::getBridge()->setResult(hMenuNew); } void MainWindow::addMenuEntry(int hMenu, QString title) { - int nFound = -1; - for(int i = 0; i < mMenuList.size(); i++) + const MenuInfo* menu = findMenu(hMenu); + if(!menu && hMenu != -1) { - if(hMenu == mMenuList.at(i).hMenu) - { - nFound = i; - break; - } - } - if(nFound == -1 && hMenu != -1) - { - Bridge::getBridge()->BridgeSetResult(-1); + Bridge::getBridge()->setResult(-1); return; } MenuEntryInfo newInfo; - int hEntryNew = hEntryNext; - hEntryNext++; + int hEntryNew = hEntryNext++; newInfo.hEntry = hEntryNew; newInfo.hParentMenu = hMenu; - QAction* wAction = new QAction(title, this); + QWidget* parent = hMenu == -1 ? this : menu->parent; + QAction* wAction = new QAction(title, parent); wAction->setObjectName(QString().sprintf("ENTRY|%d", hEntryNew)); - this->addAction(wAction); + parent->addAction(wAction); connect(wAction, SIGNAL(triggered()), this, SLOT(menuEntrySlot())); newInfo.mAction = wAction; mEntryList.push_back(newInfo); if(hMenu == -1) //top level ui->menuBar->addAction(wAction); else //deeper level - mMenuList.at(nFound).mMenu->addAction(wAction); - Bridge::getBridge()->BridgeSetResult(hEntryNew); + { + menu->mMenu->addAction(wAction); + menu->mMenu->menuAction()->setVisible(true); + } + Bridge::getBridge()->setResult(hEntryNew); } void MainWindow::addSeparator(int hMenu) { - int nFound = -1; - for(int i = 0; i < mMenuList.size(); i++) + const MenuInfo* menu = findMenu(hMenu); + if(menu) { - if(hMenu == mMenuList.at(i).hMenu) //we found a menu that has the menu as parent - { - nFound = i; - break; - } + MenuEntryInfo newInfo; + newInfo.hEntry = -1; + newInfo.hParentMenu = hMenu; + newInfo.mAction = menu->mMenu->addSeparator(); + mEntryList.push_back(newInfo); } - if(nFound == -1) //not found - return; - MenuEntryInfo newInfo; - newInfo.hEntry = -1; - newInfo.hParentMenu = hMenu; - newInfo.mAction = mMenuList.at(nFound).mMenu->addSeparator(); - mEntryList.push_back(newInfo); + Bridge::getBridge()->setResult(); } void MainWindow::clearMenu(int hMenu) { if(!mMenuList.size() || hMenu == -1) + { + Bridge::getBridge()->setResult(); return; + } + const MenuInfo* menu = findMenu(hMenu); //delete menu entries for(int i = mEntryList.size() - 1; i > -1; i--) { if(hMenu == mEntryList.at(i).hParentMenu) //we found an entry that has the menu as parent { - this->removeAction(mEntryList.at(i).mAction); + QWidget* parent = menu == 0 ? this : menu->parent; + parent->removeAction(mEntryList.at(i).mAction); delete mEntryList.at(i).mAction; //delete the entry object mEntryList.erase(mEntryList.begin() + i); } @@ -815,6 +840,10 @@ void MainWindow::clearMenu(int hMenu) mMenuList.erase(mMenuList.begin() + i); //delete the child entry } } + //hide the empty menu + if(menu) + menu->mMenu->menuAction()->setVisible(false); + Bridge::getBridge()->setResult(); } void MainWindow::initMenuApi() @@ -824,12 +853,6 @@ void MainWindow::initMenuApi() hEntryNext = 256; mMenuList.clear(); hMenuNext = 256; - MenuInfo newInfo; - //add plugin menu - newInfo.mMenu = ui->menuPlugins; - newInfo.hMenu = GUI_PLUGIN_MENU; - newInfo.hParentMenu = -1; - mMenuList.push_back(newInfo); } void MainWindow::menuEntrySlot() @@ -843,6 +866,24 @@ void MainWindow::menuEntrySlot() } } +void MainWindow::removeMenuEntry(int hEntry) +{ + for(int i = 0; i < mEntryList.size(); i++) + { + if(mEntryList.at(i).hEntry == hEntry) + { + const MenuEntryInfo & entry = mEntryList.at(i); + const MenuInfo* menu = findMenu(entry.hParentMenu); + QWidget* parent = menu == 0 ? this : menu->parent; + parent->removeAction(entry.mAction); + delete entry.mAction; + mEntryList.erase(mEntryList.begin() + i); + break; + } + } + Bridge::getBridge()->setResult(); +} + void MainWindow::runSelection() { if(!DbgIsDebugging()) @@ -860,7 +901,7 @@ void MainWindow::getStrWindow(const QString title, QString* text) if(mLineEdit.exec() != QDialog::Accepted) bResult = false; *text = mLineEdit.editText; - Bridge::getBridge()->BridgeSetResult(bResult); + Bridge::getBridge()->setResult(bResult); } void MainWindow::patchWindow() @@ -932,7 +973,20 @@ void MainWindow::donate() msg.setDefaultButton(QMessageBox::Ok); if(msg.exec() != QMessageBox::Ok) return; - QDesktopServices::openUrl(QUrl("https://blockchain.info/address/1GuXgtCrLk4aYgivAT7xAi8zVHWk5CkEoY")); + QDesktopServices::openUrl(QUrl("http://donate.x64dbg.com")); +} + +void MainWindow::reportBug() +{ + QMessageBox msg(QMessageBox::Information, "Report Bug", "You will be taken to a website where you can report a bug.\nMake sure to fill in as much information as possible."); + msg.setWindowIcon(QIcon(":/icons/images/bug-report.png")); + msg.setParent(this, Qt::Dialog); + msg.setWindowFlags(msg.windowFlags() & (~Qt::WindowContextHelpButtonHint)); + msg.setStandardButtons(QMessageBox::Ok | QMessageBox::Cancel); + msg.setDefaultButton(QMessageBox::Ok); + if(msg.exec() != QMessageBox::Ok) + return; + QDesktopServices::openUrl(QUrl("http://report.x64dbg.com")); } void MainWindow::displayAttach() diff --git a/x64_dbg_gui/Project/Src/Gui/MainWindow.h b/x64_dbg_gui/Project/Src/Gui/MainWindow.h index 75e33498..dfab6940 100644 --- a/x64_dbg_gui/Project/Src/Gui/MainWindow.h +++ b/x64_dbg_gui/Project/Src/Gui/MainWindow.h @@ -71,11 +71,13 @@ public slots: void setLastException(unsigned int exceptionCode); void findStrings(); void findModularCalls(); + void addMenuToList(QWidget* parent, QMenu* menu, int hMenu, int hParentMenu = -1); void addMenu(int hMenu, QString title); void addMenuEntry(int hMenu, QString title); void addSeparator(int hMenu); void clearMenu(int hMenu); void menuEntrySlot(); + void removeMenuEntry(int hEntry); void runSelection(); void getStrWindow(const QString title, QString* text); void patchWindow(); @@ -87,7 +89,9 @@ public slots: void displayCallstack(); void refreshShortcuts(); void openShortcuts(); + void changeTopmost(bool checked); void donate(); + void reportBug(); void displayAttach(); void detach(); void changeCommandLine(); @@ -137,6 +141,16 @@ private: struct MenuInfo { + public: + MenuInfo(QWidget* parent, QMenu* mMenu, int hMenu, int hParentMenu) + { + this->parent = parent; + this->mMenu = mMenu; + this->hMenu = hMenu; + this->hParentMenu = hParentMenu; + } + + QWidget* parent; QMenu* mMenu; int hMenu; int hParentMenu; @@ -148,6 +162,7 @@ private: int hMenuNext; void initMenuApi(); + const MenuInfo* findMenu(int hMenu); protected: void dragEnterEvent(QDragEnterEvent* pEvent); diff --git a/x64_dbg_gui/Project/Src/Gui/MainWindow.ui b/x64_dbg_gui/Project/Src/Gui/MainWindow.ui index df4201a7..795e2188 100644 --- a/x64_dbg_gui/Project/Src/Gui/MainWindow.ui +++ b/x64_dbg_gui/Project/Src/Gui/MainWindow.ui @@ -91,6 +91,7 @@ + @@ -107,6 +108,7 @@ + @@ -164,8 +166,11 @@ - + + + + @@ -617,6 +622,33 @@ Skip next instruction + + + true + + + + :/icons/images/topmost.png:/icons/images/topmost.png + + + Topmost + + + Topmost Window + + + + + + :/icons/images/bug-report.png:/icons/images/bug-report.png + + + &Report Bug + + + Report Bug + + diff --git a/x64_dbg_gui/Project/Src/Gui/MemoryMapView.cpp b/x64_dbg_gui/Project/Src/Gui/MemoryMapView.cpp index 8d053128..d88122ac 100644 --- a/x64_dbg_gui/Project/Src/Gui/MemoryMapView.cpp +++ b/x64_dbg_gui/Project/Src/Gui/MemoryMapView.cpp @@ -2,6 +2,7 @@ #include "Configuration.h" #include "Bridge.h" #include "PageMemoryRights.h" +#include "YaraRuleSelectionDialog.h" MemoryMapView::MemoryMapView(StdTable* parent) : StdTable(parent) { @@ -9,12 +10,12 @@ MemoryMapView::MemoryMapView(StdTable* parent) : StdTable(parent) int charwidth = getCharWidth(); - addColumnAt(8 + charwidth * 2 * sizeof(uint_t), "ADDR", false, "Address"); //addr - addColumnAt(8 + charwidth * 2 * sizeof(uint_t), "SIZE", false, "Size"); //size - addColumnAt(8 + charwidth * 32, "INFO", false, "Page Information"); //page information - addColumnAt(8 + charwidth * 3, "TYP", false, "Allocation Type"); //allocation type - addColumnAt(8 + charwidth * 5, "CPROT", false, "Current Protection"); //current protection - addColumnAt(8 + charwidth * 5, "APROT", false, "Allocation Protection"); //allocation protection + addColumnAt(8 + charwidth * 2 * sizeof(uint_t), "Address", false, "Address"); //addr + addColumnAt(8 + charwidth * 2 * sizeof(uint_t), "Size", false, "Size"); //size + addColumnAt(8 + charwidth * 32, "Info", false, "Page Information"); //page information + addColumnAt(8 + charwidth * 5, "Type", false, "Allocation Type"); //allocation type + addColumnAt(8 + charwidth * 11, "Protection", false, "Current Protection"); //current protection + addColumnAt(8 + charwidth * 8, "Initial", false, "Allocation Protection"); //allocation protection addColumnAt(100, "", false); connect(Bridge::getBridge(), SIGNAL(updateMemory()), this, SLOT(refreshMap())); @@ -37,6 +38,10 @@ void MemoryMapView::setupContextMenu() connect(mFollowDisassembly, SIGNAL(triggered()), this, SLOT(followDisassemblerSlot())); connect(this, SIGNAL(enterPressedSignal()), this, SLOT(followDisassemblerSlot())); + //Yara + mYara = new QAction(QIcon(":/icons/images/yara.png"), "&Yara...", this); + connect(mYara, SIGNAL(triggered()), this, SLOT(yaraSlot())); + //Set PageMemory Rights mPageMemoryRights = new QAction("Set Page Memory Rights", this); connect(mPageMemoryRights, SIGNAL(triggered()), this, SLOT(pageMemoryRights())); @@ -109,6 +114,7 @@ void MemoryMapView::contextMenuSlot(const QPoint & pos) QMenu* wMenu = new QMenu(this); //create context menu wMenu->addAction(mFollowDisassembly); wMenu->addAction(mFollowDump); + wMenu->addAction(mYara); wMenu->addAction(mSwitchView); wMenu->addSeparator(); wMenu->addAction(mPageMemoryRights); @@ -301,6 +307,18 @@ void MemoryMapView::followDisassemblerSlot() emit showCpu(); } +void MemoryMapView::yaraSlot() +{ + YaraRuleSelectionDialog yaraDialog(this); + if(yaraDialog.exec() == QDialog::Accepted) + { + QString addr_text = getCellContent(getInitialSelection(), 0); + QString size_text = getCellContent(getInitialSelection(), 1); + DbgCmdExec(QString("yara \"%0\",%1,%2").arg(yaraDialog.getSelectedFile()).arg(addr_text).arg(size_text).toUtf8().constData()); + emit showReferences(); + } +} + void MemoryMapView::memoryAccessSingleshootSlot() { QString addr_text = getCellContent(getInitialSelection(), 0); diff --git a/x64_dbg_gui/Project/Src/Gui/MemoryMapView.h b/x64_dbg_gui/Project/Src/Gui/MemoryMapView.h index 1d7e4e37..2e64c810 100644 --- a/x64_dbg_gui/Project/Src/Gui/MemoryMapView.h +++ b/x64_dbg_gui/Project/Src/Gui/MemoryMapView.h @@ -13,12 +13,14 @@ public: signals: void showCpu(); + void showReferences(); public slots: void refreshShortcutsSlot(); void stateChangedSlot(DBGSTATE state); void followDumpSlot(); void followDisassemblerSlot(); + void yaraSlot(); void memoryAccessSingleshootSlot(); void memoryAccessRestoreSlot(); void memoryWriteSingleshootSlot(); @@ -37,6 +39,7 @@ private: QAction* mFollowDump; QAction* mFollowDisassembly; + QAction* mYara; QAction* mSwitchView; QAction* mPageMemoryRights; diff --git a/x64_dbg_gui/Project/Src/Gui/PatchDialog.cpp b/x64_dbg_gui/Project/Src/Gui/PatchDialog.cpp index a4fe10b9..96db5e97 100644 --- a/x64_dbg_gui/Project/Src/Gui/PatchDialog.cpp +++ b/x64_dbg_gui/Project/Src/Gui/PatchDialog.cpp @@ -180,7 +180,11 @@ void PatchDialog::groupToggle() continue; ui->listPatches->item(i)->setCheckState(checkState); curPatchList[i].second.checked = enabled; + //change the byte to reflect the change for the user (cypherpunk reported this) + unsigned char writebyte = curPatchList[i].second.checked ? curPatchList[i].first.newbyte : curPatchList[i].first.oldbyte; + DbgMemWrite(curPatchList[i].first.addr, &writebyte, sizeof(writebyte)); } + GuiUpdateAllViews(); mIsWorking = false; int_t groupStart = getGroupAddress(curPatchList, group); if(!groupStart) @@ -280,6 +284,9 @@ void PatchDialog::on_listPatches_itemChanged(QListWidgetItem* item) //checkbox c if(patch.second.checked == checked) //check state did not change return; patch.second.checked = checked; + //change the byte to reflect the change for the user (cypherpunk reported this) + unsigned char writebyte = patch.second.checked ? patch.first.newbyte : patch.first.oldbyte; + DbgMemWrite(patch.first.addr, &writebyte, sizeof(writebyte)); //check state changed if((QApplication::keyboardModifiers() & Qt::ControlModifier) != Qt::ControlModifier) { @@ -288,11 +295,16 @@ void PatchDialog::on_listPatches_itemChanged(QListWidgetItem* item) //checkbox c for(int i = 0; i < curPatchList.size(); i++) if(curPatchList.at(i).second.group == patch.second.group) { - curPatchList[i].second.checked = checked; + //change the patch state + curPatchList[i].second.checked = checked; ui->listPatches->item(i)->setCheckState(item->checkState()); + //change the byte to reflect the change for the user (cypherpunk reported this) + unsigned char writebyte = curPatchList[i].second.checked ? curPatchList[i].first.newbyte : curPatchList[i].first.oldbyte; + DbgMemWrite(curPatchList[i].first.addr, &writebyte, sizeof(writebyte)); } mIsWorking = false; } + GuiUpdateAllViews(); int group = mGroupSelector->group(); QString color = isGroupEnabled(curPatchList, group) ? "#00DD00" : "red"; QString addrText = QString("%1").arg(getGroupAddress(curPatchList, group), sizeof(int_t) * 2, 16, QChar('0')).toUpper(); @@ -316,7 +328,10 @@ void PatchDialog::on_btnSelectAll_clicked() { ui->listPatches->item(i)->setCheckState(Qt::Checked); curPatchList[i].second.checked = true; + //change the byte to reflect the change for the user (cypherpunk reported this) + DbgMemWrite(curPatchList[i].first.addr, &curPatchList[i].first.newbyte, sizeof(unsigned char)); } + GuiUpdateAllViews(); mIsWorking = false; } @@ -334,7 +349,10 @@ void PatchDialog::on_btnDeselectAll_clicked() { ui->listPatches->item(i)->setCheckState(Qt::Unchecked); curPatchList[i].second.checked = false; + //change the byte to reflect the change for the user (cypherpunk reported this) + DbgMemWrite(curPatchList[i].first.addr, &curPatchList[i].first.oldbyte, sizeof(unsigned char)); } + GuiUpdateAllViews(); mIsWorking = false; } @@ -507,8 +525,8 @@ void PatchDialog::on_btnImport_clicked() typedef struct _IMPORTSTATUS { - bool nomatchoriginal; - bool matchold; + bool badoriginal; + bool alreadypatched; } IMPORTSTATUS; QList> patchList; DBGPATCHINFO curPatch; @@ -545,13 +563,13 @@ void PatchDialog::on_btnImport_clicked() continue; unsigned char checkbyte = 0; DbgMemRead(curPatch.addr, &checkbyte, sizeof(checkbyte)); - if(checkbyte == newbyte) + IMPORTSTATUS status; + if(status.alreadypatched = checkbyte == newbyte) bAlreadyDone = true; - else if(checkbyte != oldbyte) + else if(status.badoriginal = checkbyte != oldbyte) bBadOriginal = true; curPatch.oldbyte = oldbyte; curPatch.newbyte = newbyte; - IMPORTSTATUS status = {checkbyte != oldbyte && !checkbyte == newbyte, checkbyte == newbyte}; patchList.push_back(QPair(curPatch, status)); } @@ -590,12 +608,11 @@ void PatchDialog::on_btnImport_clicked() int patched = 0; for(int i = 0; i < patchList.size(); i++) { - if(!bPatchBadOriginals && patchList.at(i).second.nomatchoriginal) + if(!bPatchBadOriginals && patchList.at(i).second.badoriginal) continue; curPatch = patchList.at(i).first; - if(bUndoPatched && patchList.at(i).second.matchold) + if(bUndoPatched && patchList.at(i).second.alreadypatched) { - GuiAddStatusBarMessage("undo!"); if(DbgFunctions()->MemPatch(curPatch.addr, &curPatch.oldbyte, 1)) patched++; } diff --git a/x64_dbg_gui/Project/Src/Gui/ReferenceManager.cpp b/x64_dbg_gui/Project/Src/Gui/ReferenceManager.cpp index 20b0499a..afdc1f20 100644 --- a/x64_dbg_gui/Project/Src/Gui/ReferenceManager.cpp +++ b/x64_dbg_gui/Project/Src/Gui/ReferenceManager.cpp @@ -1,11 +1,21 @@ #include "ReferenceManager.h" #include "Bridge.h" -ReferenceManager::ReferenceManager(QWidget* parent) : MHTabWidget(parent, false, true) +ReferenceManager::ReferenceManager(QWidget* parent) : QTabWidget(parent) { - this->setMovable(true); + setMovable(true); + setTabsClosable(true); mCurrentReferenceView = 0; + + //Close All Tabs + mCloseAllTabs = new QPushButton(this); + mCloseAllTabs->setIcon(QIcon(":/icons/images/close-all-tabs.png")); + mCloseAllTabs->setToolTip("Close All Tabs"); + connect(mCloseAllTabs, SIGNAL(clicked()), this, SLOT(closeAllTabs())); + setCornerWidget(mCloseAllTabs, Qt::TopLeftCorner); + connect(Bridge::getBridge(), SIGNAL(referenceInitialize(QString)), this, SLOT(newReferenceView(QString))); + connect(this, SIGNAL(tabCloseRequested(int)), this, SLOT(closeTab(int))); } ReferenceView* ReferenceManager::currentReferenceView() @@ -21,5 +31,15 @@ void ReferenceManager::newReferenceView(QString name) connect(mCurrentReferenceView, SIGNAL(showCpu()), this, SIGNAL(showCpu())); insertTab(0, mCurrentReferenceView, name); setCurrentIndex(0); - Bridge::getBridge()->BridgeSetResult(1); + Bridge::getBridge()->setResult(1); +} + +void ReferenceManager::closeTab(int index) +{ + removeTab(index); +} + +void ReferenceManager::closeAllTabs() +{ + clear(); } diff --git a/x64_dbg_gui/Project/Src/Gui/ReferenceManager.h b/x64_dbg_gui/Project/Src/Gui/ReferenceManager.h index 8f131ed9..3cf87575 100644 --- a/x64_dbg_gui/Project/Src/Gui/ReferenceManager.h +++ b/x64_dbg_gui/Project/Src/Gui/ReferenceManager.h @@ -1,24 +1,28 @@ #ifndef REFERENCEMANAGER_H #define REFERENCEMANAGER_H -#include "TabWidget.h" +#include +#include #include "ReferenceView.h" -class ReferenceManager : public MHTabWidget +class ReferenceManager : public QTabWidget { Q_OBJECT public: explicit ReferenceManager(QWidget* parent = 0); ReferenceView* currentReferenceView(); -public slots: +private slots: void newReferenceView(QString name); + void closeTab(int index); + void closeAllTabs(); signals: void showCpu(); private: ReferenceView* mCurrentReferenceView; + QPushButton* mCloseAllTabs; }; #endif // REFERENCEMANAGER_H diff --git a/x64_dbg_gui/Project/Src/Gui/RegistersView.cpp b/x64_dbg_gui/Project/Src/Gui/RegistersView.cpp index d00d39f5..1d95ab00 100644 --- a/x64_dbg_gui/Project/Src/Gui/RegistersView.cpp +++ b/x64_dbg_gui/Project/Src/Gui/RegistersView.cpp @@ -2375,22 +2375,22 @@ char* RegistersView::registerValue(const REGDUMP* regd, const REGISTER_NAME reg) if(reg == XMM14) return (char*) & (regd->regcontext.XmmRegisters[14]); if(reg == XMM15) return (char*) & (regd->regcontext.XmmRegisters[15]); - if(reg == YMM0) return (char*) & (regd->regcontext.YmmRegisters[32 * 0]); - if(reg == YMM1) return (char*) & (regd->regcontext.YmmRegisters[32 * 1]); - if(reg == YMM2) return (char*) & (regd->regcontext.YmmRegisters[32 * 2]); - if(reg == YMM3) return (char*) & (regd->regcontext.YmmRegisters[32 * 3]); - if(reg == YMM4) return (char*) & (regd->regcontext.YmmRegisters[32 * 4]); - if(reg == YMM5) return (char*) & (regd->regcontext.YmmRegisters[32 * 5]); - if(reg == YMM6) return (char*) & (regd->regcontext.YmmRegisters[32 * 6]); - if(reg == YMM7) return (char*) & (regd->regcontext.YmmRegisters[32 * 7]); - if(reg == YMM8) return (char*) & (regd->regcontext.YmmRegisters[32 * 8]); - if(reg == YMM9) return (char*) & (regd->regcontext.YmmRegisters[32 * 9]); - if(reg == YMM10) return (char*) & (regd->regcontext.YmmRegisters[32 * 10]); - if(reg == YMM11) return (char*) & (regd->regcontext.YmmRegisters[32 * 11]); - if(reg == YMM12) return (char*) & (regd->regcontext.YmmRegisters[32 * 12]); - if(reg == YMM13) return (char*) & (regd->regcontext.YmmRegisters[32 * 13]); - if(reg == YMM14) return (char*) & (regd->regcontext.YmmRegisters[32 * 14]); - if(reg == YMM15) return (char*) & (regd->regcontext.YmmRegisters[32 * 15]); + if(reg == YMM0) return (char*) & (regd->regcontext.YmmRegisters[0]); + if(reg == YMM1) return (char*) & (regd->regcontext.YmmRegisters[1]); + if(reg == YMM2) return (char*) & (regd->regcontext.YmmRegisters[2]); + if(reg == YMM3) return (char*) & (regd->regcontext.YmmRegisters[3]); + if(reg == YMM4) return (char*) & (regd->regcontext.YmmRegisters[4]); + if(reg == YMM5) return (char*) & (regd->regcontext.YmmRegisters[5]); + if(reg == YMM6) return (char*) & (regd->regcontext.YmmRegisters[6]); + if(reg == YMM7) return (char*) & (regd->regcontext.YmmRegisters[7]); + if(reg == YMM8) return (char*) & (regd->regcontext.YmmRegisters[8]); + if(reg == YMM9) return (char*) & (regd->regcontext.YmmRegisters[9]); + if(reg == YMM10) return (char*) & (regd->regcontext.YmmRegisters[10]); + if(reg == YMM11) return (char*) & (regd->regcontext.YmmRegisters[11]); + if(reg == YMM12) return (char*) & (regd->regcontext.YmmRegisters[12]); + if(reg == YMM13) return (char*) & (regd->regcontext.YmmRegisters[13]); + if(reg == YMM14) return (char*) & (regd->regcontext.YmmRegisters[14]); + if(reg == YMM15) return (char*) & (regd->regcontext.YmmRegisters[15]); return (char*) & null_value; } diff --git a/x64_dbg_gui/Project/Src/Gui/ScriptView.cpp b/x64_dbg_gui/Project/Src/Gui/ScriptView.cpp index 19cb1423..4ee7adf5 100644 --- a/x64_dbg_gui/Project/Src/Gui/ScriptView.cpp +++ b/x64_dbg_gui/Project/Src/Gui/ScriptView.cpp @@ -73,7 +73,7 @@ QString ScriptView::paintContent(QPainter* painter, int_t rowBase, int rowOffset else if(DbgScriptBpGet(line)) //breakpoint { painter->fillRect(QRect(x, y, w, h), QBrush(ConfigColor("DisassemblyBreakpointBackgroundColor"))); - painter->setPen(QPen(ConfigColor("DisassemblyBreakpointBackgroundColor"))); //black address //ScripViewMainBpTextColor + painter->setPen(QPen(ConfigColor("DisassemblyBreakpointColor"))); //black address //ScripViewMainBpTextColor } else { @@ -434,7 +434,7 @@ void ScriptView::add(int count, const char** lines) setCellContent(i, 1, QString(lines[i])); BridgeFree(lines); reloadData(); //repaint - Bridge::getBridge()->BridgeSetResult(1); + Bridge::getBridge()->setResult(1); } void ScriptView::clear() @@ -490,6 +490,7 @@ void ScriptView::error(int line, QString message) msg.setParent(this, Qt::Dialog); msg.setWindowFlags(msg.windowFlags() & (~Qt::WindowContextHelpButtonHint)); msg.exec(); + Bridge::getBridge()->setResult(); } void ScriptView::setTitle(QString title) @@ -582,6 +583,7 @@ void ScriptView::message(QString message) msg.setParent(this, Qt::Dialog); msg.setWindowFlags(msg.windowFlags() & (~Qt::WindowContextHelpButtonHint)); msg.exec(); + Bridge::getBridge()->setResult(); } void ScriptView::newIp() @@ -600,9 +602,9 @@ void ScriptView::question(QString message) msg.setParent(this, Qt::Dialog); msg.setWindowFlags(msg.windowFlags() & (~Qt::WindowContextHelpButtonHint)); if(msg.exec() == QMessageBox::Yes) - Bridge::getBridge()->BridgeSetResult(1); + Bridge::getBridge()->setResult(1); else - Bridge::getBridge()->BridgeSetResult(0); + Bridge::getBridge()->setResult(0); } void ScriptView::enableHighlighting(bool enable) diff --git a/x64_dbg_gui/Project/Src/Gui/SettingsDialog.cpp b/x64_dbg_gui/Project/Src/Gui/SettingsDialog.cpp index c631bb41..f1b14186 100644 --- a/x64_dbg_gui/Project/Src/Gui/SettingsDialog.cpp +++ b/x64_dbg_gui/Project/Src/Gui/SettingsDialog.cpp @@ -12,9 +12,8 @@ SettingsDialog::SettingsDialog(QWidget* parent) : ui->setupUi(this); //set window flags #if QT_VERSION < QT_VERSION_CHECK(5,0,0) - setWindowFlags(Qt::Dialog | Qt::WindowSystemMenuHint | Qt::WindowTitleHint | Qt::MSWindowsFixedSizeDialogHint); + setWindowFlags(Qt::Dialog | Qt::WindowSystemMenuHint | Qt::WindowTitleHint); #endif - setFixedSize(this->size()); //fixed size setModal(true); LoadSettings(); //load settings from file connect(Bridge::getBridge(), SIGNAL(setLastException(uint)), this, SLOT(setLastException(uint))); diff --git a/x64_dbg_gui/Project/Src/Gui/SettingsDialog.ui b/x64_dbg_gui/Project/Src/Gui/SettingsDialog.ui index 2e422f0d..cb9a94af 100644 --- a/x64_dbg_gui/Project/Src/Gui/SettingsDialog.ui +++ b/x64_dbg_gui/Project/Src/Gui/SettingsDialog.ui @@ -26,553 +26,468 @@ true - - - - 2 - 2 - 301 - 181 - - - - true - - - 0 - - - - Events - - - - - 10 - 10 - 241 - 16 - + + + + + true - - Break on: + + 0 + + + Events + + + + + + Break on: + + + + + + + System Breakpoint* + + + false + + + + + + + DLL Load + + + + + + + DLL Unload + + + + + + + TLS Callbacks* + + + false + + + + + + + Qt::Vertical + + + + 20 + 40 + + + + + + + + DLL Entry + + + + + + + Attach Breakpoint + + + + + + + Entry Breakpoint* + + + false + + + + + + + Thread Entry + + + + + + + Thread Start + + + + + + + Thread End + + + + + + + Debug Strings + + + + + + + + Engine + + + + + + + 0 + 0 + + + + Calculation Type: + + + + + + + QLayout::SetNoConstraint + + + + + &Signed + + + true + + + + + + + &Unsigned + + + + + + + + + + 0 + 0 + + + + Default Breakpoint Type: + + + + + + + + + INT3 + + + true + + + + + + + Long INT3 + + + + + + + UD2 + + + + + + + + + Undecorate Symbol Names + + + + + + + Enable Debug &Privilege + + + + + + + Qt::Vertical + + + + 20 + 40 + + + + + + + + + Exceptions + + + + + + Ignored Exceptions: + + + + + + + + + + Courier New + 8 + + + + Qt::ScrollBarAlwaysOn + + + + + + + + + Qt::Vertical + + + + 20 + 40 + + + + + + + + Add &Range + + + + + + + &Delete Range + + + + + + + Add &Last + + + + + + + Qt::Vertical + + + + 20 + 40 + + + + + + + + + + + + + Disasm + + + + + + Argument Spaces + + + + + + + Memory Spaces + + + + + + + Uppercase + + + + + + + Autocomments only on CIP + + + + + + + Qt::Vertical + + + + 20 + 40 + + + + + + + + + Misc + + + + + + Set x64_dbg as Just In Time Debugger + + + + + + + + + JIT: + + + + + + + true + + + + + + + + + Confirm before attaching + + + + + + + Qt::Vertical + + + + 20 + 40 + + + + + + + + + + + + + - - - - 20 - 30 - 121 - 17 - - - - System Breakpoint* - - - false - - - - - - 20 - 50 - 121 - 17 - - - - TLS Callbacks* - - - false - - - - - - 20 - 70 - 121 - 17 - - - - Entry Breakpoint* - - - false - - - - - - 150 - 30 - 101 - 17 - - - - DLL Load - - - - - - 150 - 50 - 101 - 17 - - - - DLL Unload - - - - - - 150 - 70 - 101 - 17 - - - - Thread Start - - - - - - 150 - 90 - 101 - 17 - - - - Thread End - - - - - - 150 - 110 - 101 - 17 - - - - Debug Strings - - - - - - 20 - 90 - 121 - 17 - - - - DLL Entry - - - - - - 20 - 110 - 121 - 17 - - - - Thread Entry - - - - - - 20 - 130 - 121 - 17 - - - - Attach Breakpoint - - - - - - Engine - - - - - 10 - 10 - 241 - 16 - - - - Calculation Type: - - - - - - 10 - 60 - 241 - 16 - - - - Default Breakpoint Type: - - - - - - 20 - 30 - 231 - 19 - - - - - - - &Signed - - - true - - - - - - - &Unsigned - - - - - - - - - 20 - 80 - 231 - 19 - - - - - - - INT3 - - - true - - - - - - - Long INT3 - - - - - - - UD2 - - - - - - - - - 10 - 110 - 241 - 17 - - - - Undecorate Symbol Names - - - - - - 10 - 130 - 241 - 17 - - - - Enable Debug &Privilege - - - - - - Exceptions - - - - - 10 - 30 - 151 - 111 - - - - - Courier New - 8 - - - - Qt::ScrollBarAlwaysOn - - - - - - 10 - 10 - 241 - 16 - - - - Ignored Exceptions: - - - - - - 170 - 30 - 77 - 83 - - - - - - - Add &Range - - - - - - - &Delete Range - - - - - - - Add &Last - - - - - - - - - Disasm - - - - - 10 - 10 - 241 - 17 - - - - Argument Spaces - - - - - - 10 - 30 - 241 - 17 - - - - Memory Spaces - - - - - - 10 - 50 - 241 - 17 - - - - Uppercase - - - - - - 10 - 70 - 241 - 17 - - - - Autocomments only on CIP - - - - - - Misc - - - - - 10 - 10 - 281 - 17 - - - - Set x64_dbg as Just In Time Debugger - - - - - - 10 - 30 - 281 - 22 - - - - - - - JIT: - - - - - - - true - - - - - - - - - 150 - 60 - 141 - 17 - - - - Confirm before attaching - - - - - - 10 - 80 - 271 - 31 - - - - - - - - - - - - 100 - 190 - 75 - 23 - - - - Save - - - true - - - - - - 180 - 190 - 75 - 23 - - - - Cancel - - + + + + + + + Qt::Horizontal + + + + 40 + 20 + + + + + + + + Save + + + true + + + + + + + Cancel + + + + + + - tabWidget - chkSystemBreakpoint - chkTlsCallbacks - chkEntryBreakpoint - chkDllEntry - chkThreadEntry - chkDllLoad - chkDllUnload - chkThreadStart - chkThreadEnd - chkDebugStrings radioSigned radioUnsigned radioInt3Short @@ -584,8 +499,6 @@ btnAddRange btnDeleteRange btnAddLast - btnSave - btnCancel diff --git a/x64_dbg_gui/Project/Src/Gui/SymbolView.cpp b/x64_dbg_gui/Project/Src/Gui/SymbolView.cpp index 8e96cb3e..0fcf3232 100644 --- a/x64_dbg_gui/Project/Src/Gui/SymbolView.cpp +++ b/x64_dbg_gui/Project/Src/Gui/SymbolView.cpp @@ -3,6 +3,7 @@ #include #include "Configuration.h" #include "Bridge.h" +#include "YaraRuleSelectionDialog.h" SymbolView::SymbolView(QWidget* parent) : QWidget(parent), ui(new Ui::SymbolView) { @@ -123,6 +124,9 @@ void SymbolView::setupContextMenu() mCopyPathAction = new QAction("Copy File &Path", this); connect(mCopyPathAction, SIGNAL(triggered()), this, SLOT(moduleCopyPath())); + mYaraAction = new QAction(QIcon(":/icons/images/yara.png"), "&Yara...", this); + connect(mYaraAction, SIGNAL(triggered()), this, SLOT(moduleYara())); + //Shortcuts refreshShortcutsSlot(); connect(Config(), SIGNAL(shortcutsUpdated()), this, SLOT(refreshShortcutsSlot())); @@ -244,6 +248,7 @@ void SymbolView::moduleContextMenu(const QPoint & pos) char szModPath[MAX_PATH] = ""; if(DbgFunctions()->ModPathFromAddr(modbase, szModPath, _countof(szModPath))) wMenu->addAction(mCopyPathAction); + wMenu->addAction(mYaraAction); QMenu wCopyMenu("&Copy", this); mModuleList->setupCopyMenu(&wCopyMenu); if(wCopyMenu.actions().length()) @@ -274,6 +279,17 @@ void SymbolView::moduleCopyPath() Bridge::CopyToClipboard(szModPath); } +void SymbolView::moduleYara() +{ + QString modname = mModuleList->getCellContent(mModuleList->getInitialSelection(), 1); + YaraRuleSelectionDialog yaraDialog(this); + if(yaraDialog.exec() == QDialog::Accepted) + { + DbgCmdExec(QString("yara \"%0\",\"%1\"").arg(yaraDialog.getSelectedFile()).arg(modname).toUtf8().constData()); + emit showReferences(); + } +} + void SymbolView::moduleDownloadSymbols() { DbgCmdExec(QString("symdownload " + mModuleList->getCellContent(mModuleList->getInitialSelection(), 1)).toUtf8().constData()); diff --git a/x64_dbg_gui/Project/Src/Gui/SymbolView.h b/x64_dbg_gui/Project/Src/Gui/SymbolView.h index b421b14a..02d45fd3 100644 --- a/x64_dbg_gui/Project/Src/Gui/SymbolView.h +++ b/x64_dbg_gui/Project/Src/Gui/SymbolView.h @@ -34,12 +34,14 @@ private slots: void moduleDownloadSymbols(); void moduleDownloadAllSymbols(); void moduleCopyPath(); + void moduleYara(); void toggleBreakpoint(); void toggleBookmark(); void refreshShortcutsSlot(); signals: void showCpu(); + void showReferences(); private: Ui::SymbolView* ui; @@ -58,6 +60,7 @@ private: QAction* mDownloadSymbolsAction; QAction* mDownloadAllSymbolsAction; QAction* mCopyPathAction; + QAction* mYaraAction; static void cbSymbolEnum(SYMBOLINFO* symbol, void* user); }; diff --git a/x64_dbg_gui/Project/Src/Gui/ThreadView.cpp b/x64_dbg_gui/Project/Src/Gui/ThreadView.cpp index b1232ac6..4266b420 100644 --- a/x64_dbg_gui/Project/Src/Gui/ThreadView.cpp +++ b/x64_dbg_gui/Project/Src/Gui/ThreadView.cpp @@ -198,8 +198,8 @@ ThreadView::ThreadView(StdTable* parent) : StdTable(parent) #endif //_WIN64 addColumnAt(8 + charwidth * 14, "Suspend Count", false); addColumnAt(8 + charwidth * 12, "Priority", false); - addColumnAt(8 + charwidth * 16, "WaitReason", false); - addColumnAt(8 + charwidth * 10, "LastError", false); + addColumnAt(8 + charwidth * 12, "Wait Reason", false); + addColumnAt(8 + charwidth * 11, "Last Error", false); addColumnAt(0, "Name", false); //setCopyMenuOnly(true); diff --git a/x64_dbg_gui/Project/Src/Gui/YaraRuleSelectionDialog.cpp b/x64_dbg_gui/Project/Src/Gui/YaraRuleSelectionDialog.cpp new file mode 100644 index 00000000..444bcd71 --- /dev/null +++ b/x64_dbg_gui/Project/Src/Gui/YaraRuleSelectionDialog.cpp @@ -0,0 +1,75 @@ +#include "YaraRuleSelectionDialog.h" +#include "ui_YaraRuleSelectionDialog.h" +#include +#include +#include +#include +#include "Imports.h" + +YaraRuleSelectionDialog::YaraRuleSelectionDialog(QWidget *parent) : + QDialog(parent), + ui(new Ui::YaraRuleSelectionDialog) +{ + ui->setupUi(this); +#if QT_VERSION < QT_VERSION_CHECK(5,0,0) + setWindowFlags(Qt::Dialog | Qt::WindowSystemMenuHint | Qt::WindowTitleHint | Qt::MSWindowsFixedSizeDialogHint); +#endif + setFixedSize(this->size()); //fixed size + + char setting[MAX_SETTING_SIZE]=""; + if(BridgeSettingGet("Misc", "YaraRulesDirectory", setting)) + { + rulesDirectory = QString(setting); + enumRulesDirectory(); + } +} + +YaraRuleSelectionDialog::~YaraRuleSelectionDialog() +{ + delete ui; +} + +QString YaraRuleSelectionDialog::getSelectedFile() +{ + return selectedFile; +} + +void YaraRuleSelectionDialog::on_buttonDirectory_clicked() +{ + QString dir = QFileDialog::getExistingDirectory(this, "Select Yara Rules Directory..."); + if(!dir.length()) + return; + rulesDirectory = QDir::toNativeSeparators(dir); + BridgeSettingSet("Misc", "YaraRulesDirectory", dir.toUtf8().constData()); + enumRulesDirectory(); +} + +void YaraRuleSelectionDialog::on_buttonFile_clicked() +{ + QString file = QFileDialog::getOpenFileName(this, "Select Yara Rule...", rulesDirectory); + if(!file.length()) + return; + selectedFile = QDir::toNativeSeparators(file); + this->accept(); +} + +void YaraRuleSelectionDialog::on_buttonSelect_clicked() +{ + int selectedIndex=ui->listRules->row(ui->listRules->selectedItems().at(0)); + selectedFile = ruleFiles.at(selectedIndex).first; + this->accept(); +} + +void YaraRuleSelectionDialog::enumRulesDirectory() +{ + ruleFiles.clear(); + ui->listRules->clear(); + QDirIterator it(rulesDirectory, QDir::Files, QDirIterator::Subdirectories); + while(it.hasNext()) + { + it.next(); + ruleFiles.append(QPair(QDir::toNativeSeparators(it.filePath()), it.fileName())); + ui->listRules->addItem(it.fileName()); + } + ui->listRules->setCurrentRow(0); +} diff --git a/x64_dbg_gui/Project/Src/Gui/YaraRuleSelectionDialog.h b/x64_dbg_gui/Project/Src/Gui/YaraRuleSelectionDialog.h new file mode 100644 index 00000000..7414a393 --- /dev/null +++ b/x64_dbg_gui/Project/Src/Gui/YaraRuleSelectionDialog.h @@ -0,0 +1,33 @@ +#ifndef YARARULESELECTIONDIALOG_H +#define YARARULESELECTIONDIALOG_H + +#include + +namespace Ui { +class YaraRuleSelectionDialog; +} + +class YaraRuleSelectionDialog : public QDialog +{ + Q_OBJECT + +public: + explicit YaraRuleSelectionDialog(QWidget *parent = 0); + ~YaraRuleSelectionDialog(); + QString getSelectedFile(); + +private slots: + void on_buttonDirectory_clicked(); + void on_buttonFile_clicked(); + void on_buttonSelect_clicked(); + +private: + Ui::YaraRuleSelectionDialog *ui; + QList> ruleFiles; + QString rulesDirectory; + QString selectedFile; + + void enumRulesDirectory(); +}; + +#endif // YARARULESELECTIONDIALOG_H diff --git a/x64_dbg_gui/Project/Src/Gui/YaraRuleSelectionDialog.ui b/x64_dbg_gui/Project/Src/Gui/YaraRuleSelectionDialog.ui new file mode 100644 index 00000000..6ecc259b --- /dev/null +++ b/x64_dbg_gui/Project/Src/Gui/YaraRuleSelectionDialog.ui @@ -0,0 +1,95 @@ + + + YaraRuleSelectionDialog + + + + 0 + 0 + 341 + 361 + + + + Yara + + + + :/icons/images/yara.png:/icons/images/Yara.png + + + + + 10 + 10 + 322 + 341 + + + + + + + + + + + + + 0 + 0 + + + + Directory... + + + + + + + &File... + + + + + + + &Select + + + + + + + &Cancel + + + + + + + + + + + + + + buttonCancel + clicked() + YaraRuleSelectionDialog + reject() + + + 341 + 280 + + + 361 + 246 + + + + + diff --git a/x64_dbg_gui/Project/Src/Utils/Configuration.cpp b/x64_dbg_gui/Project/Src/Utils/Configuration.cpp index 0bcca800..c1365a7e 100644 --- a/x64_dbg_gui/Project/Src/Utils/Configuration.cpp +++ b/x64_dbg_gui/Project/Src/Utils/Configuration.cpp @@ -215,11 +215,13 @@ Configuration::Configuration() : QObject() defaultShortcuts.insert("OptionsPreferences", Shortcut(tr("Options -> Preferences"), "", true)); defaultShortcuts.insert("OptionsAppearance", Shortcut(tr("Options -> Appearance"), "", true)); defaultShortcuts.insert("OptionsShortcuts", Shortcut(tr("Options -> Shortcuts"), "", true)); + defaultShortcuts.insert("OptionsTopmost", Shortcut(tr("Options -> Topmost"), "Ctrl+F5", true)); defaultShortcuts.insert("HelpAbout", Shortcut(tr("Help -> About"), "", true)); defaultShortcuts.insert("HelpDonate", Shortcut(tr("Help -> Donate"), "", true)); defaultShortcuts.insert("HelpCheckForUpdates", Shortcut(tr("Help -> Check for Updates"), "", true)); defaultShortcuts.insert("HelpCalculator", Shortcut(tr("Help -> Calculator"), "?")); + defaultShortcuts.insert("HelpReportBug", Shortcut(tr("Help -> Report Bug"), "", true)); defaultShortcuts.insert("ActionFindStrings", Shortcut(tr("Actions -> Find Strings"), "", true)); defaultShortcuts.insert("ActionFindIntermodularCalls", Shortcut(tr("Actions -> Find Intermodular Calls"), "", true)); @@ -239,6 +241,7 @@ Configuration::Configuration() : QObject() defaultShortcuts.insert("ActionSetComment", Shortcut(tr("Actions -> Set Comment"), ";")); defaultShortcuts.insert("ActionToggleFunction", Shortcut(tr("Actions -> Toggle Function"), "Shift+F")); defaultShortcuts.insert("ActionAssemble", Shortcut(tr("Actions -> Assemble"), "Space")); + defaultShortcuts.insert("ActionYara", Shortcut(tr("Actions -> Yara"), "Ctrl+Y")); defaultShortcuts.insert("ActionSetNewOriginHere", Shortcut(tr("Actions -> Set New Origin Here"), "Ctrl+*")); defaultShortcuts.insert("ActionGotoOrigin", Shortcut(tr("Actions -> Goto Origin"), "*")); defaultShortcuts.insert("ActionGotoPrevious", Shortcut(tr("Actions -> Goto Previous"), "-")); diff --git a/x64_dbg_gui/Project/Src/main.cpp b/x64_dbg_gui/Project/Src/main.cpp index bfda6ced..a6eb4122 100644 --- a/x64_dbg_gui/Project/Src/main.cpp +++ b/x64_dbg_gui/Project/Src/main.cpp @@ -66,8 +66,10 @@ int main(int argc, char* argv[]) // Set QString codec to UTF-8 QTextCodec::setCodecForLocale(QTextCodec::codecForName("UTF-8")); +#if QT_VERSION < QT_VERSION_CHECK(5,0,0) QTextCodec::setCodecForCStrings(QTextCodec::codecForName("UTF-8")); QTextCodec::setCodecForTr(QTextCodec::codecForName("UTF-8")); +#endif // Init communication with debugger Bridge::initBridge(); diff --git a/x64_dbg_gui/Project/images/bug-report.png b/x64_dbg_gui/Project/images/bug-report.png new file mode 100644 index 00000000..fe12b199 Binary files /dev/null and b/x64_dbg_gui/Project/images/bug-report.png differ diff --git a/x64_dbg_gui/Project/images/close-all-tabs.png b/x64_dbg_gui/Project/images/close-all-tabs.png new file mode 100644 index 00000000..6b9fa6dd Binary files /dev/null and b/x64_dbg_gui/Project/images/close-all-tabs.png differ diff --git a/x64_dbg_gui/Project/images/topmost.png b/x64_dbg_gui/Project/images/topmost.png new file mode 100644 index 00000000..cf936261 Binary files /dev/null and b/x64_dbg_gui/Project/images/topmost.png differ diff --git a/x64_dbg_gui/Project/images/yara.png b/x64_dbg_gui/Project/images/yara.png new file mode 100644 index 00000000..ecac5a43 Binary files /dev/null and b/x64_dbg_gui/Project/images/yara.png differ diff --git a/x64_dbg_gui/Project/resource.qrc b/x64_dbg_gui/Project/resource.qrc index c6826e71..7357e1d8 100644 --- a/x64_dbg_gui/Project/resource.qrc +++ b/x64_dbg_gui/Project/resource.qrc @@ -48,5 +48,9 @@ images/trace.png images/changeargs.png images/arrow-skip.png + images/topmost.png + images/close-all-tabs.png + images/bug-report.png + images/yara.png diff --git a/x64_dbg_gui/Project/x64_dbg.pro b/x64_dbg_gui/Project/x64_dbg.pro index d4a70978..e80fa89f 100644 --- a/x64_dbg_gui/Project/x64_dbg.pro +++ b/x64_dbg_gui/Project/x64_dbg.pro @@ -85,7 +85,9 @@ SOURCES += \ Src/Gui/AttachDialog.cpp \ Src/Gui/PageMemoryRights.cpp \ Src/Gui/SelectFields.cpp \ - Src/Gui/ReferenceManager.cpp + Src/Gui/ReferenceManager.cpp \ + Src/Bridge/BridgeResult.cpp \ + Src/Gui/YaraRuleSelectionDialog.cpp HEADERS += \ @@ -149,7 +151,9 @@ HEADERS += \ Src/Gui/AttachDialog.h \ Src/Gui/PageMemoryRights.h \ Src/Gui/SelectFields.h \ - Src/Gui/ReferenceManager.h + Src/Gui/ReferenceManager.h \ + Src/Bridge/BridgeResult.h \ + Src/Gui/YaraRuleSelectionDialog.h INCLUDEPATH += \ @@ -184,7 +188,8 @@ FORMS += \ Src/Gui/CalculatorDialog.ui \ Src/Gui/AttachDialog.ui \ Src/Gui/PageMemoryRights.ui \ - Src/Gui/SelectFields.ui + Src/Gui/SelectFields.ui \ + Src/Gui/YaraRuleSelectionDialog.ui INCLUDEPATH += $$PWD/Src/Bridge