x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

DBG: fixed a bug in the memory (would not display the actual module)

This commit is contained in:
Mr. eXoDia 2014-07-11 02:28:58 +02:00
parent 2e60ae8388
commit a7e7d6d59a
1 changed files with 69 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
x64_dbg_dbg/memory.cpp
View File

@ -70,80 +70,79 @@ void memupdatemap(HANDLE hProcess)
char curMod[MAX_MODULE_SIZE]="";
for(int i=pagecount-1; i>-1; i--)
{
if(pageVector.at(i).info[0]) //there is a module
if(bListAllPages || !pageVector.at(i).info[0] || scmp(curMod, pageVector.at(i).info)) //there is a module
continue; //skip non-modules
strcpy(curMod, pageVector.at(i).info);
uint base=modbasefromname(pageVector.at(i).info);
if(!base)
continue;
std::vector<MODSECTIONINFO> sections;
if(!modsectionsfromaddr(base, &sections))
continue;
int SectionNumber=(int)sections.size();
MEMPAGE newPage;
//remove the current module page (page = size of module at this point) and insert the module sections
pageVector.erase(pageVector.begin()+i); //remove the SizeOfImage page
for(int j=SectionNumber-1; j>-1; j--)
{
if(!scmp(curMod, pageVector.at(i).info)) //mod is not the current mod
memset(&newPage, 0, sizeof(MEMPAGE));
VirtualQueryEx(hProcess, (LPCVOID)sections.at(j).addr, &newPage.mbi, sizeof(MEMORY_BASIC_INFORMATION));
uint SectionSize=sections.at(j).size;
if(SectionSize%PAGE_SIZE) //unaligned page size
SectionSize+=PAGE_SIZE-(SectionSize%PAGE_SIZE); //fix this
if(SectionSize)
newPage.mbi.RegionSize=SectionSize;
const char* SectionName=&sections.at(j).name[0];
int len=(int)strlen(SectionName);
int escape_count=0;
for(int k=0; k<len; k++)
if(SectionName[k]=='\\' or SectionName[k]=='\"' or !isprint(SectionName[k]))
escape_count++;
char* SectionNameEscaped=(char*)emalloc(len+escape_count*3+1, "_dbg_memmap:SectionNameEscaped");
memset(SectionNameEscaped, 0, len+escape_count*3+1);
for(int k=0,l=0; k<len; k++)
{
uint base=modbasefromname(pageVector.at(i).info);
if(!base)
continue;
std::vector<MODSECTIONINFO> sections;
if(!modsectionsfromaddr(base, &sections))
continue;
int SectionNumber=(int)sections.size();
MEMPAGE newPage;
pageVector.erase(pageVector.begin()+i); //remove the SizeOfImage page
for(int j=SectionNumber-1; j>-1; j--)
switch(SectionName[k])
{
memset(&newPage, 0, sizeof(MEMPAGE));
VirtualQueryEx(hProcess, (LPCVOID)sections.at(j).addr, &newPage.mbi, sizeof(MEMORY_BASIC_INFORMATION));
uint SectionSize=sections.at(j).size;
if(SectionSize%PAGE_SIZE) //unaligned page size
SectionSize+=PAGE_SIZE-(SectionSize%PAGE_SIZE); //fix this
if(SectionSize)
newPage.mbi.RegionSize=SectionSize;
const char* SectionName=&sections.at(j).name[0];
int len=(int)strlen(SectionName);
int escape_count=0;
for(int k=0; k<len; k++)
if(SectionName[k]=='\\' or SectionName[k]=='\"' or !isprint(SectionName[k]))
escape_count++;
char* SectionNameEscaped=(char*)emalloc(len+escape_count*3+1, "_dbg_memmap:SectionNameEscaped");
memset(SectionNameEscaped, 0, len+escape_count*3+1);
for(int k=0,l=0; k<len; k++)
{
switch(SectionName[k])
{
case '\t':
l+=sprintf(SectionNameEscaped+l, "\\t");
break;
case '\f':
l+=sprintf(SectionNameEscaped+l, "\\f");
break;
case '\v':
l+=sprintf(SectionNameEscaped+l, "\\v");
break;
case '\n':
l+=sprintf(SectionNameEscaped+l, "\\n");
break;
case '\r':
l+=sprintf(SectionNameEscaped+l, "\\r");
break;
case '\\':
l+=sprintf(SectionNameEscaped+l, "\\\\");
break;
case '\"':
l+=sprintf(SectionNameEscaped+l, "\\\"");
break;
default:
if(!isprint(SectionName[k])) //unknown unprintable character
l+=sprintf(SectionNameEscaped+l, "\\x%.2X", SectionName[k]);
else
l+=sprintf(SectionNameEscaped+l, "%c", SectionName[k]);
break;
}
}
sprintf(newPage.info, " \"%s\"", SectionNameEscaped);
efree(SectionNameEscaped, "_dbg_memmap:SectionNameEscaped");
pageVector.insert(pageVector.begin()+i, newPage);
case '\t':
l+=sprintf(SectionNameEscaped+l, "\\t");
break;
case '\f':
l+=sprintf(SectionNameEscaped+l, "\\f");
break;
case '\v':
l+=sprintf(SectionNameEscaped+l, "\\v");
break;
case '\n':
l+=sprintf(SectionNameEscaped+l, "\\n");
break;
case '\r':
l+=sprintf(SectionNameEscaped+l, "\\r");
break;
case '\\':
l+=sprintf(SectionNameEscaped+l, "\\\\");
break;
case '\"':
l+=sprintf(SectionNameEscaped+l, "\\\"");
break;
default:
if(!isprint(SectionName[k])) //unknown unprintable character
l+=sprintf(SectionNameEscaped+l, "\\x%.2X", SectionName[k]);
else
l+=sprintf(SectionNameEscaped+l, "%c", SectionName[k]);
break;
}
memset(&newPage, 0, sizeof(MEMPAGE));
VirtualQueryEx(hProcess, (LPCVOID)base, &newPage.mbi, sizeof(MEMORY_BASIC_INFORMATION));
strcpy(newPage.info, curMod);
pageVector.insert(pageVector.begin()+i, newPage);
}
sprintf(newPage.info, " \"%s\"", SectionNameEscaped);
efree(SectionNameEscaped, "_dbg_memmap:SectionNameEscaped");
pageVector.insert(pageVector.begin()+i, newPage);
}
//insert the module itself (the module header)
memset(&newPage, 0, sizeof(MEMPAGE));
VirtualQueryEx(hProcess, (LPCVOID)base, &newPage.mbi, sizeof(MEMORY_BASIC_INFORMATION));
strcpy(newPage.info, curMod);
pageVector.insert(pageVector.begin()+i, newPage);
}
//convert to memoryPages map
@ -354,8 +353,8 @@ uint memfindpattern(unsigned char* data, uint size, const char* pattern, int* pa
}
else if (pos>0) //fix by Computer_Angel
{
i-=pos; // return to previous byte
pos=0; //reset current pattern position
i-=pos; // return to previous byte
pos=0; //reset current pattern position
}
}
return -1;