1
0
Fork 0

PROJECT: documentation

This commit is contained in:
Mr. eXoDia 2015-04-27 01:00:42 +02:00
parent edec2c8c3b
commit d655fb94d7
11 changed files with 197 additions and 30 deletions

View File

@ -0,0 +1,30 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>_plugin_menuentryseticon</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>_plugin_menuseticon</STRONG><BR>This
function sets an icon to a menu.<BR>
<P><STRONG>void _plugin_menuseticon (<BR>int</STRONG>
pluginHandle, //plugin handle<BR><STRONG>int</STRONG>
hEntry, //handle of the menu entry<BR><STRONG>const ICONDATA*</STRONG> icon //icon data<BR><STRONG>);</STRONG> </P>
<P><STRONG>Parameters</STRONG></P>
<P><U>pluginHandle</U>: Handle of the calling plugin.</P>
<P><U>hEntry</U>: Menu handle from a
previously-added child menu or from the main plugin menu.</P>
<P><U>icon</U>: Icon data. See
bridgemain.h for a definition.</P>
<P><STRONG>Return Values</STRONG> <BR>This function does not return a value.</P></body>
</html>

View File

@ -0,0 +1,29 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>_plugin_menuseticon</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>_plugin_menuseticon</STRONG><BR>This function
sets an icon to a menu.<BR>
<P><STRONG>void _plugin_menuseticon
(<BR>int</STRONG> hMenu, //handle of the menu<BR><STRONG>const ICONDATA*</STRONG>
icon //icon data<BR><STRONG>);</STRONG>
</P>
<P><STRONG>Parameters</STRONG></P>
<P><U>hMenu</U>: Menu handle from a
previously-added child menu or from the main plugin menu.</P>
<P><U>icon</U>: Icon data. See bridgemain.h for a definition.</P>
<P><STRONG>Return Values</STRONG> <BR>This function does not return a value.</P></body>
</html>

View File

@ -0,0 +1,23 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>analyse/analyze/anal</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>analyse[,analyze,anal]</STRONG><BR>Do function
analysis.</P>
<P><U>arguments</U><BR>This command has no arguments.</P>
<P><U>result</U><BR>This command does not set any result
variables.</P></body>
</html>

31
help/log.htm Normal file
View File

@ -0,0 +1,31 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>log</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>log</STRONG><BR>Put information in the log.</P>
<P><U>arguments</U><BR>[arg1]: Format string (see down for
more information). When not specified, a newline will be logged.</P>
<P>[argN]: Data for the format string.</P>
<P><U>format string</U><BR>A format string like "Info 1:
{0}, Info 2: {1}\n Info 3:{2}". In place of {n} the n-th argument after the
format string is inserted. You can specify how to format the inserted data by
prepending a format type: "{s0}" logs a string. Other types are: "d" (log as
signed decimal), "u" (log as unsigned decimal), "p" (log as 0x????????), "s"
(log the string at the address specified).<BR>You can print a "{" by escaping it
like "{{". Same for "{". "\n" inserts a newline.</P>
<P><U>result</U><BR>This command does not set any result
variables.</P></body>
</html>

View File

@ -15,6 +15,7 @@ html,body {
</head> </head>
<body> <body>
<P><STRONG>modcallfind<BR></STRONG>Find all inter-modular <P><STRONG>modcallfind<BR></STRONG>Find all inter-modular
calls.</P> calls.</P>
@ -23,9 +24,6 @@ inter-modular calls in. When not specified CIP will be used.</P>
<P class=rvps3>[arg2]: The size of the data to search <P class=rvps3>[arg2]: The size of the data to search
in.</P> in.</P>
<P class=rvps3> <P class=rvps3>
<U> <U>result</U><BR>The $result variable is set to the number of
result
<BR>
</U>The $result variable is set to the number of
inter-modular calls found.</P></body> inter-modular calls found.</P></body>
</html> </html>

View File

@ -14,6 +14,7 @@ html,body {
</head> </head>
<body> <body>
<P><STRONG>_plugin_menuclear<BR></STRONG>This function removes all entries and child menus <P><STRONG>_plugin_menuclear<BR></STRONG>This function removes all entries and child menus
from a menu. It will <STRONG>not </STRONG>remove the menu itself.</P> from a menu. It will <STRONG>not </STRONG>remove the menu itself.</P>

Binary file not shown.

27
help/yara.htm Normal file
View File

@ -0,0 +1,27 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>yara</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>yara<BR></STRONG>Apply Yara rules to a memory range.</P>
<P><U>arguments</U><BR>&nbsp; arg1: Rules file to apply.
This should be a full path.</P>
<P>[arg2]: Start address of the range to apply the rules to. If not specified,
the disassembly selection will be used.</P>
<P> [arg3]: Size of the range to apply the rules to. When not specified,
the whole page will be used.</P>
<P><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

25
help/yaramod.htm Normal file
View File

@ -0,0 +1,25 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>yaramod</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>yaramod<BR></STRONG>Apply Yara rules to a module.</P>
<P><U>arguments</U><BR>&nbsp; arg1: Rules file to apply. This should be a full
path.</P>
<P>&nbsp; arg2: Name of the module to apply the rules
to.</P>
<P><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

View File

@ -1677,7 +1677,11 @@ CMDRESULT cbInstrYara(int argc, char* argv[])
} }
uint addr = 0; uint addr = 0;
if(argc < 3 || !valfromstring(argv[2], &addr)) if(argc < 3 || !valfromstring(argv[2], &addr))
addr = GetContextDataEx(hActiveThread, UE_CIP); {
SELECTIONDATA sel;
GuiSelectionGet(GUI_DISASSEMBLY, &sel);
addr = sel.start;
}
uint size = 0; uint size = 0;
if(argc >= 4) if(argc >= 4)
if(!valfromstring(argv[3], &size)) if(!valfromstring(argv[3], &size))
@ -1685,7 +1689,6 @@ CMDRESULT cbInstrYara(int argc, char* argv[])
if(!size) if(!size)
addr = MemFindBaseAddr(addr, &size); addr = MemFindBaseAddr(addr, &size);
uint base = addr; uint base = addr;
dprintf("%p[%p]\n", base, size);
Memory<uint8_t*> data(size); Memory<uint8_t*> data(size);
if(!MemRead((void*)base, data(), size, 0)) if(!MemRead((void*)base, data(), size, 0))
{ {

View File

@ -180,6 +180,7 @@ static void registercommands()
dbgcmdnew("scriptload", cbScriptLoad, false); dbgcmdnew("scriptload", cbScriptLoad, false);
dbgcmdnew("msg", cbScriptMsg, false); dbgcmdnew("msg", cbScriptMsg, false);
dbgcmdnew("msgyn", cbScriptMsgyn, false); dbgcmdnew("msgyn", cbScriptMsgyn, false);
dbgcmdnew("log", cbInstrLog, false); //log command with superawesome hax
//data //data
dbgcmdnew("reffind\1findref\1ref", cbInstrRefFind, true); //find references to a value dbgcmdnew("reffind\1findref\1ref", cbInstrRefFind, true); //find references to a value
@ -189,6 +190,9 @@ static void registercommands()
dbgcmdnew("modcallfind", cbInstrModCallFind, true); //find intermodular calls dbgcmdnew("modcallfind", cbInstrModCallFind, true); //find intermodular calls
dbgcmdnew("findasm\1asmfind", cbInstrFindAsm, true); //find instruction dbgcmdnew("findasm\1asmfind", cbInstrFindAsm, true); //find instruction
dbgcmdnew("reffindrange\1findrefrange\1refrange", cbInstrRefFindRange, true); dbgcmdnew("reffindrange\1findrefrange\1refrange", cbInstrRefFindRange, true);
dbgcmdnew("yara", cbInstrYara, true); //yara test command
dbgcmdnew("yaramod", cbInstrYaramod, true); //yara rule on module
dbgcmdnew("analyse\1analyze\1anal", cbInstrAnalyse, true); //secret analysis command
//undocumented //undocumented
dbgcmdnew("bench", cbDebugBenchmark, true); //benchmark test (readmem etc) dbgcmdnew("bench", cbDebugBenchmark, true); //benchmark test (readmem etc)
@ -198,10 +202,6 @@ static void registercommands()
dbgcmdnew("copystr\1strcpy", cbInstrCopystr, true); //write a string variable to memory dbgcmdnew("copystr\1strcpy", cbInstrCopystr, true); //write a string variable to memory
dbgcmdnew("looplist", cbInstrLoopList, true); //list loops dbgcmdnew("looplist", cbInstrLoopList, true); //list loops
dbgcmdnew("capstone", cbInstrCapstone, true); //disassemble using capstone dbgcmdnew("capstone", cbInstrCapstone, true); //disassemble using capstone
dbgcmdnew("yara", cbInstrYara, true); //yara test command
dbgcmdnew("yaramod", cbInstrYaramod, true); //yara rule on module
dbgcmdnew("log", cbInstrLog, false); //log command with superawesome hax
dbgcmdnew("analyse\1analyze\1anal", cbInstrAnalyse, true); //secret analysis command
} }
static bool cbCommandProvider(char* cmd, int maxlen) static bool cbCommandProvider(char* cmd, int maxlen)