diff --git a/src/dbg/_exports.cpp b/src/dbg/_exports.cpp index 4c2822e8..9bde5079 100644 --- a/src/dbg/_exports.cpp +++ b/src/dbg/_exports.cpp @@ -101,6 +101,77 @@ extern "C" DLL_EXPORT bool _dbg_isjumpgoingtoexecute(duint addr) return cacheResult; } +static bool shouldFilterSymbol(const char* name) +{ + if (!name) + return true; + if (!strcmp(name, "`string'")) + return true; + if (strstr(name, "__imp__") == name) + return true; + return false; +} + +static bool getLabel(duint addr, char* label) +{ + bool retval = false; + if (LabelGet(addr, label)) + retval = true; + else //no user labels + { + DWORD64 displacement = 0; + char buffer[sizeof(SYMBOL_INFO) + MAX_SYM_NAME * sizeof(char)]; + PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer; + pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO); + pSymbol->MaxNameLen = MAX_LABEL_SIZE; + if (SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) && !displacement) + { + pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0'; + if (!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, label, MAX_LABEL_SIZE, UNDNAME_COMPLETE)) + strcpy_s(label, MAX_LABEL_SIZE, pSymbol->Name); + retval = !shouldFilterSymbol(label); + } + if (!retval) //search for CALL + { + BASIC_INSTRUCTION_INFO basicinfo; + memset(&basicinfo, 0, sizeof(BASIC_INSTRUCTION_INFO)); + if (disasmfast(addr, &basicinfo) && basicinfo.branch && !basicinfo.call && basicinfo.memory.value) //thing is a JMP + { + duint val = 0; + if (MemRead(basicinfo.memory.value, &val, sizeof(val))) + { + if (SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)val, &displacement, pSymbol) && !displacement) + { + pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0'; + if (!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, label, MAX_LABEL_SIZE, UNDNAME_COMPLETE)) + sprintf_s(label, MAX_LABEL_SIZE, "JMP.&%s", pSymbol->Name); + retval = !shouldFilterSymbol(label); + } + } + } + } + if (!retval) //search for module entry + { + duint entry = ModEntryFromAddr(addr); + if (entry && entry == addr) + { + strcpy_s(label, MAX_LABEL_SIZE, "EntryPoint"); + retval = true; + } + } + if (!retval) //search for function+offset + { + duint start; + if (FunctionGet(addr, &start, nullptr) && addr == start) + { + sprintf_s(label, MAX_LABEL_SIZE, "sub_%" fext "X", start); + retval = true; + } + } + } + return retval; +} + extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDRINFO* addrinfo) { if(!DbgIsDebugging()) @@ -113,51 +184,7 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR } if(addrinfo->flags & flaglabel) { - if(LabelGet(addr, addrinfo->label)) - retval = true; - else //no user labels - { - DWORD64 displacement = 0; - char buffer[sizeof(SYMBOL_INFO) + MAX_SYM_NAME * sizeof(char)]; - PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer; - pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO); - pSymbol->MaxNameLen = MAX_LABEL_SIZE; - if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) && !displacement) - { - pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0'; - if(!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, addrinfo->label, MAX_LABEL_SIZE, UNDNAME_COMPLETE)) - strcpy_s(addrinfo->label, pSymbol->Name); - retval = true; - } - if(!retval) //search for CALL - { - BASIC_INSTRUCTION_INFO basicinfo; - memset(&basicinfo, 0, sizeof(BASIC_INSTRUCTION_INFO)); - if(disasmfast(addr, &basicinfo) && basicinfo.branch && !basicinfo.call && basicinfo.memory.value) //thing is a JMP - { - duint val = 0; - if(MemRead(basicinfo.memory.value, &val, sizeof(val))) - { - if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)val, &displacement, pSymbol) && !displacement) - { - pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0'; - if(!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, addrinfo->label, MAX_LABEL_SIZE, UNDNAME_COMPLETE)) - sprintf_s(addrinfo->label, "JMP.&%s", pSymbol->Name); - retval = true; - } - } - } - } - if(!retval) //search for module entry - { - duint entry = ModEntryFromAddr(addr); - if(entry && entry == addr) - { - strcpy_s(addrinfo->label, "EntryPoint"); - retval = true; - } - } - } + retval = getLabel(addr, addrinfo->label); } if(addrinfo->flags & flagbookmark) { diff --git a/src/dbg/value.cpp b/src/dbg/value.cpp index b6aa775a..4cb46ee8 100644 --- a/src/dbg/value.cpp +++ b/src/dbg/value.cpp @@ -13,6 +13,7 @@ #include "module.h" #include "label.h" #include "expressionparser.h" +#include "function.h" static bool dosignedcalc = false; @@ -1634,12 +1635,18 @@ bool valfromstring_noexpr(const char* string, duint* value, bool silent, bool ba return true; else if(SymAddrFromName(string, value)) //then come symbols return true; - else if(varget(string, value, value_size, 0)) //finally variables + else if(varget(string, value, value_size, 0)) //then come variables { if(isvar) *isvar = true; return true; } + else if (strstr(string, "sub_") == string) //then come sub_ functions + { + auto result = sscanf(string, "sub_%" fext "X", value) == 1; + duint start; + return result && FunctionGet(*value, &start, nullptr) && *value == start; + } if(!silent) dprintf("invalid value: \"%s\"!\n", string); return false; //nothing was OK diff --git a/src/gui/Src/Disassembler/capstone_gui.cpp b/src/gui/Src/Disassembler/capstone_gui.cpp index 5c030362..3fb36ac5 100644 --- a/src/gui/Src/Disassembler/capstone_gui.cpp +++ b/src/gui/Src/Disassembler/capstone_gui.cpp @@ -1,5 +1,6 @@ #include "capstone_gui.h" #include "Configuration.h" +#include "StringUtil.h" CapstoneTokenizer::CapstoneTokenizer(int maxModuleLength) : _maxModuleLength(maxModuleLength), @@ -223,19 +224,30 @@ void CapstoneTokenizer::addMemoryOperator(char operatorText) QString CapstoneTokenizer::printValue(const TokenValue & value, bool expandModule, int maxModuleLength) const { - char labelText[MAX_LABEL_SIZE] = ""; + QString labelText; + char label_[MAX_LABEL_SIZE] = ""; char module_[MAX_MODULE_SIZE] = ""; QString moduleText; duint addr = value.value; - bool bHasLabel = DbgGetLabelAt(addr, SEG_DEFAULT, labelText); + bool bHasLabel = DbgGetLabelAt(addr, SEG_DEFAULT, label_); + if(!bHasLabel) //handle function+offset + { + duint start; + if(DbgFunctionGet(addr, &start, nullptr) && DbgGetLabelAt(start, SEG_DEFAULT, label_)) + { + labelText = QString("%1+%2").arg(label_).arg(ToHexString(addr - start)); + bHasLabel = true; + } + } + else + labelText = QString(label_); bool bHasModule = (expandModule && DbgGetModuleAt(addr, module_) && !QString(labelText).startsWith("JMP.&")); moduleText = QString(module_); if(maxModuleLength != -1) moduleText.truncate(maxModuleLength); if(moduleText.length()) moduleText += "."; - QString addrText; - addrText = QString("%1").arg(addr & (duint) - 1, 0, 16, QChar('0')).toUpper(); + QString addrText = ToHexString(addr); QString finalText; if(bHasLabel && bHasModule) // finalText = QString("<%1%2>").arg(moduleText).arg(labelText);