x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

DBG: commands for marking data

This commit is contained in:
mrexodia 2016-09-07 13:06:25 +02:00
parent 4fde953636
commit 4f78001ae1
No known key found for this signature in database
GPG Key ID: FC89E0AAA0C1AAD8
5 changed files with 167 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/dbg/encodemap.cpp
View File

@ -82,7 +82,7 @@ struct EncodeMap : AddrInfoHashMap<LockEncodeMaps, ENCODEMAP, EncodeMapSerialize
static EncodeMap encmaps;
bool EncodeMapGetorCreate(duint addr, ENCODEMAP & map)
static bool EncodeMapGetorCreate(duint addr, ENCODEMAP & map, bool* created = nullptr)
{
duint base, segsize;
@ -93,6 +93,8 @@ bool EncodeMapGetorCreate(duint addr, ENCODEMAP & map)
duint key = EncodeMap::VaKey(base);
if(!encmaps.Contains(key))
{
if(created)
*created = true;
map.size = segsize;
map.data = (byte*)VirtualAlloc(NULL, segsize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if(map.data == NULL) return false;
@ -221,14 +223,16 @@ duint EncodeMapGetSize(duint addr, duint codesize)
return codesize;
}
bool EncodeMapSetType(duint addr, duint size, ENCODETYPE type)
bool EncodeMapSetType(duint addr, duint size, ENCODETYPE type, bool* created)
{
auto base = MemFindBaseAddr(addr, nullptr);
if(!base)
return false;
ENCODEMAP map;
if(!EncodeMapGetorCreate(base, map))
if(created)
*created = false;
if(!EncodeMapGetorCreate(base, map, created))
return false;
auto offset = addr - base;
size = min(map.size - offset, size);

2
src/dbg/encodemap.h
View File

@ -7,7 +7,7 @@ ENCODETYPE EncodeMapGetType(duint addr, duint codesize);
duint EncodeMapGetSize(duint addr, duint codesize);
void EncodeMapDelSegment(duint addr);
void EncodeMapDelRange(duint addr, duint size);
bool EncodeMapSetType(duint addr, duint size, ENCODETYPE type);
bool EncodeMapSetType(duint addr, duint size, ENCODETYPE type, bool* created = nullptr);
void EncodeMapDelRange(duint Start, duint End);
void EncodeMapCacheSave(JSON Root);
void EncodeMapCacheLoad(JSON Root);

120
src/dbg/instruction.cpp
View File

@ -44,6 +44,7 @@
#include "historycontext.h"
#include "exception.h"
#include "TraceRecord.h"
#include "encodemap.h"
static bool bRefinit = false;
static int maxFindResults = 5000;
@ -2544,6 +2545,125 @@ CMDRESULT cbInstrMnemonicbrief(int argc, char* argv[])
return STATUS_CONTINUE;
}
static CMDRESULT cbInstrDataGeneric(ENCODETYPE type, int argc, char* argv[])
{
if(IsArgumentsLessThan(argc, 2))
return STATUS_ERROR;
duint addr;
if(!valfromstring(argv[1], &addr, false))
return STATUS_ERROR;
duint size = 1;
if(argc >= 3)
if(!valfromstring(argv[2], &size, false))
return STATUS_ERROR;
bool created;
if(!EncodeMapSetType(addr, size, type, &created))
{
dputs(QT_TRANSLATE_NOOP("DBG", "EncodeMapSetType failed..."));
return STATUS_ERROR;
}
if(created)
DbgCmdExec("disasm dis.sel()");
else
GuiUpdateDisassemblyView();
return STATUS_ERROR;
}
CMDRESULT cbInstrDataUnknown(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_unknown, argc, argv);
}
CMDRESULT cbInstrDataByte(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_byte, argc, argv);
}
CMDRESULT cbInstrDataWord(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_word, argc, argv);
}
CMDRESULT cbInstrDataDword(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_dword, argc, argv);
}
CMDRESULT cbInstrDataFword(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_fword, argc, argv);
}
CMDRESULT cbInstrDataQword(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_qword, argc, argv);
}
CMDRESULT cbInstrDataTbyte(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_tbyte, argc, argv);
}
CMDRESULT cbInstrDataOword(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_oword, argc, argv);
}
CMDRESULT cbInstrDataMmword(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_mmword, argc, argv);
}
CMDRESULT cbInstrDataXmmword(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_xmmword, argc, argv);
}
CMDRESULT cbInstrDataYmmword(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_ymmword, argc, argv);
}
CMDRESULT cbInstrDataFloat(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_real4, argc, argv);
}
CMDRESULT cbInstrDataDouble(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_real8, argc, argv);
}
CMDRESULT cbInstrDataLongdouble(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_real10, argc, argv);
}
CMDRESULT cbInstrDataAscii(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_ascii, argc, argv);
}
CMDRESULT cbInstrDataUnicode(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_unicode, argc, argv);
}
CMDRESULT cbInstrDataCode(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_code, argc, argv);
}
CMDRESULT cbInstrDataJunk(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_junk, argc, argv);
}
CMDRESULT cbInstrDataMiddle(int argc, char* argv[])
{
return cbInstrDataGeneric(enc_middle, argc, argv);
}
CMDRESULT cbGetPrivilegeState(int argc, char* argv[])
{
if(IsArgumentsLessThan(argc, 2))

20
src/dbg/instruction.h
View File

@ -91,6 +91,26 @@ CMDRESULT cbInstrSavedata(int argc, char* argv[]);
CMDRESULT cbInstrMnemonichelp(int argc, char* argv[]);
CMDRESULT cbInstrMnemonicbrief(int argc, char* argv[]);
CMDRESULT cbInstrDataUnknown(int argc, char* argv[]);
CMDRESULT cbInstrDataByte(int argc, char* argv[]);
CMDRESULT cbInstrDataWord(int argc, char* argv[]);
CMDRESULT cbInstrDataDword(int argc, char* argv[]);
CMDRESULT cbInstrDataFword(int argc, char* argv[]);
CMDRESULT cbInstrDataQword(int argc, char* argv[]);
CMDRESULT cbInstrDataTbyte(int argc, char* argv[]);
CMDRESULT cbInstrDataOword(int argc, char* argv[]);
CMDRESULT cbInstrDataMmword(int argc, char* argv[]);
CMDRESULT cbInstrDataXmmword(int argc, char* argv[]);
CMDRESULT cbInstrDataYmmword(int argc, char* argv[]);
CMDRESULT cbInstrDataFloat(int argc, char* argv[]);
CMDRESULT cbInstrDataDouble(int argc, char* argv[]);
CMDRESULT cbInstrDataLongdouble(int argc, char* argv[]);
CMDRESULT cbInstrDataAscii(int argc, char* argv[]);
CMDRESULT cbInstrDataUnicode(int argc, char* argv[]);
CMDRESULT cbInstrDataCode(int argc, char* argv[]);
CMDRESULT cbInstrDataJunk(int argc, char* argv[]);
CMDRESULT cbInstrDataMiddle(int argc, char* argv[]);
CMDRESULT cbGetPrivilegeState(int argc, char* argv[]);
CMDRESULT cbEnablePrivilege(int argc, char* argv[]);
CMDRESULT cbDisablePrivilege(int argc, char* argv[]);

19
src/dbg/x64_dbg.cpp
View File

@ -309,6 +309,25 @@ static void registercommands()
dbgcmdnew("yara", cbInstrYara, true); //yara test command
dbgcmdnew("yaramod", cbInstrYaramod, true); //yara rule on module
dbgcmdnew("savedata", cbInstrSavedata, true); //save data to disk
dbgcmdnew("DataUnknown", cbInstrDataUnknown, true); //mark as Unknown
dbgcmdnew("DataByte\1db", cbInstrDataByte, true); //mark as Byte
dbgcmdnew("DataWord\1dw", cbInstrDataWord, true); //mark as Word
dbgcmdnew("DataDword\1dd", cbInstrDataDword, true); //mark as Dword
dbgcmdnew("DataFword", cbInstrDataFword, true); //mark as Fword
dbgcmdnew("DataQword", cbInstrDataQword, true); //mark as Qword
dbgcmdnew("DataTbyte", cbInstrDataTbyte, true); //mark as Tbyte
dbgcmdnew("DataOword", cbInstrDataOword, true); //mark as Oword
dbgcmdnew("DataMmword", cbInstrDataMmword, true); //mark as Mmword
dbgcmdnew("DataXmmword", cbInstrDataXmmword, true); //mark as Xmmword
dbgcmdnew("DataYmmword", cbInstrDataYmmword, true); //mark as Ymmword
dbgcmdnew("DataFloat\1DataReal4\1df", cbInstrDataFloat, true); //mark as Float
dbgcmdnew("DataDouble\1DataReal8", cbInstrDataDouble, true); //mark as Double
dbgcmdnew("DataLongdouble\1DataReal10", cbInstrDataLongdouble, true); //mark as Longdouble
dbgcmdnew("DataAscii\1da", cbInstrDataAscii, true); //mark as Ascii
dbgcmdnew("DataUnicode\1du", cbInstrDataUnicode, true); //mark as Unicode
dbgcmdnew("DataCode\1dc", cbInstrDataCode, true); //mark as Code
dbgcmdnew("DataJunk", cbInstrDataJunk, true); //mark as Junk
dbgcmdnew("DataMiddle", cbInstrDataMiddle, true); //mark as Middle
//analysis
dbgcmdnew("analyse\1analyze\1anal", cbInstrAnalyse, true); //secret analysis command