DBG: Fix a few out-of-bounds bugs
This commit is contained in:
Nukem
parent
8e34d10712
commit
8e7690d00a
|
|
@ -154,7 +154,7 @@ void LinearPass::AnalysisWorker(duint Start, duint End, BBlockArray* Blocks)
|
||||||
|
|
||||||
for(duint i = Start; i < End;)
|
for(duint i = Start; i < End;)
|
||||||
{
|
{
|
||||||
if(!disasm.Disassemble(i, TranslateAddress(i)))
|
if(!disasm.Disassemble(i, TranslateAddress(i), End - i))
|
||||||
{
|
{
|
||||||
// Skip instructions that can't be determined
|
// Skip instructions that can't be determined
|
||||||
i++;
|
i++;
|
||||||
|
|
|
||||||
|
|
@ -497,6 +497,9 @@ bool MemPageRightsToString(DWORD Protect, char* Rights)
|
||||||
case PAGE_EXECUTE_WRITECOPY:
|
case PAGE_EXECUTE_WRITECOPY:
|
||||||
strcpy_s(Rights, RIGHTS_STRING_SIZE, "ERWC");
|
strcpy_s(Rights, RIGHTS_STRING_SIZE, "ERWC");
|
||||||
break;
|
break;
|
||||||
|
default:
|
||||||
|
memset(Rights, 0, RIGHTS_STRING_SIZE);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
strcat_s(Rights, RIGHTS_STRING_SIZE, ((Protect & PAGE_GUARD) == PAGE_GUARD) ? "G" : "-");
|
strcat_s(Rights, RIGHTS_STRING_SIZE, ((Protect & PAGE_GUARD) == PAGE_GUARD) ? "G" : "-");
|
||||||
|
|
|
||||||
|
|
@ -320,10 +320,9 @@ bool SymGetSourceLine(duint Cip, char* FileName, int* Line)
|
||||||
|
|
||||||
void SymClearMemoryCache()
|
void SymClearMemoryCache()
|
||||||
{
|
{
|
||||||
SYMBOLINFOMAP::iterator it = modulesCacheList.begin();
|
for (auto& itr : modulesCacheList)
|
||||||
for (; it != modulesCacheList.end(); it++)
|
|
||||||
{
|
{
|
||||||
SYMBOLINFOVECTOR* pModuleVector = &((*it).second);
|
SYMBOLINFOVECTOR* pModuleVector = &itr.second;
|
||||||
|
|
||||||
// Free up previously allocated memory
|
// Free up previously allocated memory
|
||||||
for (duint i = 0; i < pModuleVector->size(); i++)
|
for (duint i = 0; i < pModuleVector->size(); i++)
|
||||||
|
|
@ -376,7 +375,7 @@ bool SymGetSymbolInfo(PSYMBOL_INFO SymInfo, SYMBOLINFO* curSymbol, bool isImport
|
||||||
|
|
||||||
void SymEnumImports(duint Base, SYMBOLCBDATA* pSymbolCbData)
|
void SymEnumImports(duint Base, SYMBOLCBDATA* pSymbolCbData)
|
||||||
{
|
{
|
||||||
char buf[MAX_IMPORT_SIZE];
|
char modImportString[MAX_IMPORT_SIZE];
|
||||||
char buffer[sizeof(SYMBOL_INFO) + MAX_SYM_NAME]; // Reserve enough space for symbol name, see msdn for this
|
char buffer[sizeof(SYMBOL_INFO) + MAX_SYM_NAME]; // Reserve enough space for symbol name, see msdn for this
|
||||||
SYMBOLINFO curSymbol;
|
SYMBOLINFO curSymbol;
|
||||||
PSYMBOL_INFO pSymInfo;
|
PSYMBOL_INFO pSymInfo;
|
||||||
|
|
@ -408,37 +407,52 @@ void SymEnumImports(duint Base, SYMBOLCBDATA* pSymbolCbData)
|
||||||
{
|
{
|
||||||
for (duint i = 0; i < imports.size(); i++)
|
for (duint i = 0; i < imports.size(); i++)
|
||||||
{
|
{
|
||||||
// Can we get symbol for the import address
|
// Can we get symbol for the import address?
|
||||||
if (SafeSymFromAddr(fdProcessInfo->hProcess, (duint)imports[i].addr, 0, pSymInfo))
|
if (SafeSymFromAddr(fdProcessInfo->hProcess, (duint)imports[i].addr, 0, pSymInfo))
|
||||||
{
|
{
|
||||||
// Does the symbol point to the module base?
|
// Does the symbol point to the module base?
|
||||||
if (!SymGetSymbolInfo(pSymInfo, &curSymbol, true))
|
if (!SymGetSymbolInfo(pSymInfo, &curSymbol, true))
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
// Otherwise just use import info from module itself
|
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
// Otherwise just use import info from module itself
|
||||||
curSymbol.addr = imports[i].addr;
|
curSymbol.addr = imports[i].addr;
|
||||||
curSymbol.isImported = true;
|
curSymbol.isImported = true;
|
||||||
curSymbol.undecoratedSymbol = nullptr;
|
curSymbol.undecoratedSymbol = nullptr;
|
||||||
curSymbol.decoratedSymbol = imports[i].name;
|
curSymbol.decoratedSymbol = imports[i].name;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Format so that we get : moduleName.importSymbol
|
// Format so that we get: moduleName.importSymbol
|
||||||
duint lenWithoutExt = strlen(imports[i].moduleName) - 3; // Remove extension
|
strcpy_s(modImportString, imports[i].moduleName);
|
||||||
strncpy_s(buf, lenWithoutExt, imports[i].moduleName, _TRUNCATE);
|
|
||||||
strcat_s(buf , ".");
|
// Trim the extension if present
|
||||||
|
char *modExt = strrchr(modImportString, '.');
|
||||||
|
|
||||||
|
if (modExt)
|
||||||
|
*modExt = '\0';
|
||||||
|
|
||||||
|
// Buffers to hold the decorated and undecorated strings. Must be declared
|
||||||
|
// outside of the if() scope.
|
||||||
|
char undecBuf[MAX_IMPORT_SIZE];
|
||||||
|
char decBuf[MAX_IMPORT_SIZE];
|
||||||
|
|
||||||
if (curSymbol.undecoratedSymbol)
|
if (curSymbol.undecoratedSymbol)
|
||||||
{
|
{
|
||||||
strcat(buf, curSymbol.undecoratedSymbol);
|
// module.undecorated
|
||||||
curSymbol.undecoratedSymbol = buf;
|
strcpy_s(undecBuf, modImportString);
|
||||||
|
strncpy_s(undecBuf, curSymbol.undecoratedSymbol, _TRUNCATE);
|
||||||
|
|
||||||
|
curSymbol.undecoratedSymbol = undecBuf;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (curSymbol.decoratedSymbol)
|
if (curSymbol.decoratedSymbol)
|
||||||
{
|
{
|
||||||
strcat(buf, curSymbol.decoratedSymbol);
|
// module.decorated
|
||||||
curSymbol.decoratedSymbol = buf;
|
strcpy_s(decBuf, modImportString);
|
||||||
|
strncpy_s(decBuf, curSymbol.decoratedSymbol, _TRUNCATE);
|
||||||
|
|
||||||
|
curSymbol.decoratedSymbol = decBuf;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Callback
|
// Callback
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue