DBG+GUI: resolved issue #431 + added "sub_" prefix for functions without label + added "function+offset" in the disassembly
This commit is contained in:
parent
dc16750418
commit
9a814f54a3
|
|
@ -101,6 +101,77 @@ extern "C" DLL_EXPORT bool _dbg_isjumpgoingtoexecute(duint addr)
|
|||
return cacheResult;
|
||||
}
|
||||
|
||||
static bool shouldFilterSymbol(const char* name)
|
||||
{
|
||||
if (!name)
|
||||
return true;
|
||||
if (!strcmp(name, "`string'"))
|
||||
return true;
|
||||
if (strstr(name, "__imp__") == name)
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool getLabel(duint addr, char* label)
|
||||
{
|
||||
bool retval = false;
|
||||
if (LabelGet(addr, label))
|
||||
retval = true;
|
||||
else //no user labels
|
||||
{
|
||||
DWORD64 displacement = 0;
|
||||
char buffer[sizeof(SYMBOL_INFO) + MAX_SYM_NAME * sizeof(char)];
|
||||
PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer;
|
||||
pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO);
|
||||
pSymbol->MaxNameLen = MAX_LABEL_SIZE;
|
||||
if (SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) && !displacement)
|
||||
{
|
||||
pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0';
|
||||
if (!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, label, MAX_LABEL_SIZE, UNDNAME_COMPLETE))
|
||||
strcpy_s(label, MAX_LABEL_SIZE, pSymbol->Name);
|
||||
retval = !shouldFilterSymbol(label);
|
||||
}
|
||||
if (!retval) //search for CALL <jmp.&user32.MessageBoxA>
|
||||
{
|
||||
BASIC_INSTRUCTION_INFO basicinfo;
|
||||
memset(&basicinfo, 0, sizeof(BASIC_INSTRUCTION_INFO));
|
||||
if (disasmfast(addr, &basicinfo) && basicinfo.branch && !basicinfo.call && basicinfo.memory.value) //thing is a JMP
|
||||
{
|
||||
duint val = 0;
|
||||
if (MemRead(basicinfo.memory.value, &val, sizeof(val)))
|
||||
{
|
||||
if (SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)val, &displacement, pSymbol) && !displacement)
|
||||
{
|
||||
pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0';
|
||||
if (!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, label, MAX_LABEL_SIZE, UNDNAME_COMPLETE))
|
||||
sprintf_s(label, MAX_LABEL_SIZE, "JMP.&%s", pSymbol->Name);
|
||||
retval = !shouldFilterSymbol(label);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!retval) //search for module entry
|
||||
{
|
||||
duint entry = ModEntryFromAddr(addr);
|
||||
if (entry && entry == addr)
|
||||
{
|
||||
strcpy_s(label, MAX_LABEL_SIZE, "EntryPoint");
|
||||
retval = true;
|
||||
}
|
||||
}
|
||||
if (!retval) //search for function+offset
|
||||
{
|
||||
duint start;
|
||||
if (FunctionGet(addr, &start, nullptr) && addr == start)
|
||||
{
|
||||
sprintf_s(label, MAX_LABEL_SIZE, "sub_%" fext "X", start);
|
||||
retval = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return retval;
|
||||
}
|
||||
|
||||
extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDRINFO* addrinfo)
|
||||
{
|
||||
if(!DbgIsDebugging())
|
||||
|
|
@ -113,51 +184,7 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR
|
|||
}
|
||||
if(addrinfo->flags & flaglabel)
|
||||
{
|
||||
if(LabelGet(addr, addrinfo->label))
|
||||
retval = true;
|
||||
else //no user labels
|
||||
{
|
||||
DWORD64 displacement = 0;
|
||||
char buffer[sizeof(SYMBOL_INFO) + MAX_SYM_NAME * sizeof(char)];
|
||||
PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer;
|
||||
pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO);
|
||||
pSymbol->MaxNameLen = MAX_LABEL_SIZE;
|
||||
if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) && !displacement)
|
||||
{
|
||||
pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0';
|
||||
if(!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, addrinfo->label, MAX_LABEL_SIZE, UNDNAME_COMPLETE))
|
||||
strcpy_s(addrinfo->label, pSymbol->Name);
|
||||
retval = true;
|
||||
}
|
||||
if(!retval) //search for CALL <jmp.&user32.MessageBoxA>
|
||||
{
|
||||
BASIC_INSTRUCTION_INFO basicinfo;
|
||||
memset(&basicinfo, 0, sizeof(BASIC_INSTRUCTION_INFO));
|
||||
if(disasmfast(addr, &basicinfo) && basicinfo.branch && !basicinfo.call && basicinfo.memory.value) //thing is a JMP
|
||||
{
|
||||
duint val = 0;
|
||||
if(MemRead(basicinfo.memory.value, &val, sizeof(val)))
|
||||
{
|
||||
if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)val, &displacement, pSymbol) && !displacement)
|
||||
{
|
||||
pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0';
|
||||
if(!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, addrinfo->label, MAX_LABEL_SIZE, UNDNAME_COMPLETE))
|
||||
sprintf_s(addrinfo->label, "JMP.&%s", pSymbol->Name);
|
||||
retval = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if(!retval) //search for module entry
|
||||
{
|
||||
duint entry = ModEntryFromAddr(addr);
|
||||
if(entry && entry == addr)
|
||||
{
|
||||
strcpy_s(addrinfo->label, "EntryPoint");
|
||||
retval = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
retval = getLabel(addr, addrinfo->label);
|
||||
}
|
||||
if(addrinfo->flags & flagbookmark)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@
|
|||
#include "module.h"
|
||||
#include "label.h"
|
||||
#include "expressionparser.h"
|
||||
#include "function.h"
|
||||
|
||||
static bool dosignedcalc = false;
|
||||
|
||||
|
|
@ -1634,12 +1635,18 @@ bool valfromstring_noexpr(const char* string, duint* value, bool silent, bool ba
|
|||
return true;
|
||||
else if(SymAddrFromName(string, value)) //then come symbols
|
||||
return true;
|
||||
else if(varget(string, value, value_size, 0)) //finally variables
|
||||
else if(varget(string, value, value_size, 0)) //then come variables
|
||||
{
|
||||
if(isvar)
|
||||
*isvar = true;
|
||||
return true;
|
||||
}
|
||||
else if (strstr(string, "sub_") == string) //then come sub_ functions
|
||||
{
|
||||
auto result = sscanf(string, "sub_%" fext "X", value) == 1;
|
||||
duint start;
|
||||
return result && FunctionGet(*value, &start, nullptr) && *value == start;
|
||||
}
|
||||
if(!silent)
|
||||
dprintf("invalid value: \"%s\"!\n", string);
|
||||
return false; //nothing was OK
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
#include "capstone_gui.h"
|
||||
#include "Configuration.h"
|
||||
#include "StringUtil.h"
|
||||
|
||||
CapstoneTokenizer::CapstoneTokenizer(int maxModuleLength)
|
||||
: _maxModuleLength(maxModuleLength),
|
||||
|
|
@ -223,19 +224,30 @@ void CapstoneTokenizer::addMemoryOperator(char operatorText)
|
|||
|
||||
QString CapstoneTokenizer::printValue(const TokenValue & value, bool expandModule, int maxModuleLength) const
|
||||
{
|
||||
char labelText[MAX_LABEL_SIZE] = "";
|
||||
QString labelText;
|
||||
char label_[MAX_LABEL_SIZE] = "";
|
||||
char module_[MAX_MODULE_SIZE] = "";
|
||||
QString moduleText;
|
||||
duint addr = value.value;
|
||||
bool bHasLabel = DbgGetLabelAt(addr, SEG_DEFAULT, labelText);
|
||||
bool bHasLabel = DbgGetLabelAt(addr, SEG_DEFAULT, label_);
|
||||
if(!bHasLabel) //handle function+offset
|
||||
{
|
||||
duint start;
|
||||
if(DbgFunctionGet(addr, &start, nullptr) && DbgGetLabelAt(start, SEG_DEFAULT, label_))
|
||||
{
|
||||
labelText = QString("%1+%2").arg(label_).arg(ToHexString(addr - start));
|
||||
bHasLabel = true;
|
||||
}
|
||||
}
|
||||
else
|
||||
labelText = QString(label_);
|
||||
bool bHasModule = (expandModule && DbgGetModuleAt(addr, module_) && !QString(labelText).startsWith("JMP.&"));
|
||||
moduleText = QString(module_);
|
||||
if(maxModuleLength != -1)
|
||||
moduleText.truncate(maxModuleLength);
|
||||
if(moduleText.length())
|
||||
moduleText += ".";
|
||||
QString addrText;
|
||||
addrText = QString("%1").arg(addr & (duint) - 1, 0, 16, QChar('0')).toUpper();
|
||||
QString addrText = ToHexString(addr);
|
||||
QString finalText;
|
||||
if(bHasLabel && bHasModule) //<module.label>
|
||||
finalText = QString("<%1%2>").arg(moduleText).arg(labelText);
|
||||
|
|
|
|||
Loading…
Reference in New Issue