PROJECT: documentation

help/_plugin_menuentryseticon.htm

@@ -0,0 +1,30 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>_plugin_menuentryseticon</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>_plugin_menuseticon</STRONG><BR>This 
+function sets an icon to a menu.<BR>
+<P><STRONG>void _plugin_menuseticon (<BR>int</STRONG> 
+pluginHandle, //plugin handle<BR><STRONG>int</STRONG> 
+hEntry, //handle of the menu entry<BR><STRONG>const ICONDATA*</STRONG> icon //icon data<BR><STRONG>);</STRONG> </P>
+<P><STRONG>Parameters</STRONG></P>
+<P><U>pluginHandle</U>: Handle of the calling plugin.</P>
+<P><U>hEntry</U>: Menu handle from a 
+previously-added child menu or from the main plugin menu.</P>
+<P><U>icon</U>: Icon data. See 
+bridgemain.h for a definition.</P>
+<P><STRONG>Return Values</STRONG> <BR>This function does not return a value.</P></body>
+</html>

help/_plugin_menuseticon.htm

@@ -0,0 +1,29 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>_plugin_menuseticon</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>_plugin_menuseticon</STRONG><BR>This function 
+sets an icon to a menu.<BR>
+<P><STRONG>void _plugin_menuseticon 
+(<BR>int</STRONG> hMenu, //handle of the menu<BR><STRONG>const ICONDATA*</STRONG>  
+    icon //icon data<BR><STRONG>);</STRONG>   
+  </P>
+<P><STRONG>Parameters</STRONG></P>
+<P><U>hMenu</U>: Menu handle from a 
+previously-added child menu or from the main plugin menu.</P>
+<P><U>icon</U>: Icon data. See bridgemain.h for a definition.</P>
+<P><STRONG>Return Values</STRONG> <BR>This function does not return a value.</P></body>
+</html>

help/analyse_analyze_anal.htm

@@ -0,0 +1,23 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>analyse/analyze/anal</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>analyse[,analyze,anal]</STRONG><BR>Do function 
+analysis.</P>
+<P><U>arguments</U><BR>This command has no arguments.</P>
+<P><U>result</U><BR>This command does not set any result 
+variables.</P></body>
+</html>

help/log.htm

@@ -0,0 +1,31 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>log</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>log</STRONG><BR>Put information in the log.</P>
+<P><U>arguments</U><BR>[arg1]: Format string (see down for 
+more information). When not specified, a newline will be logged.</P>
+<P>[argN]: Data for the format string.</P>
+<P><U>format string</U><BR>A format string like "Info 1: 
+{0}, Info 2: {1}\n Info 3:{2}". In place of {n} the n-th argument after the 
+format string is inserted. You can specify how to format the inserted data by 
+prepending a format type: "{s0}" logs a string. Other types are: "d" (log as 
+signed decimal), "u" (log as unsigned decimal), "p" (log as 0x????????), "s" 
+(log the string at the address specified).<BR>You can print a "{" by escaping it 
+like "{{". Same for "{". "\n" inserts a newline.</P>
+<P><U>result</U><BR>This command does not set any result 
+variables.</P></body>
+</html>

help/modcallfind.htm

@@ -15,6 +15,7 @@ html,body {
 </head>
 
 
+
 <body>
 <P><STRONG>modcallfind<BR></STRONG>Find all inter-modular 
 calls.</P>
@@ -23,9 +24,6 @@ inter-modular calls in. When not specified CIP will be used.</P>
 <P class=rvps3>[arg2]: The size of the data to search 
 in.</P>
 <P class=rvps3>
-<U>
+<U>result</U><BR>The $result variable is set to the number of 
-result 
-<BR>
-</U>The $result variable is set to the number of 
 inter-modular calls found.</P></body>
 </html>

help/plugin_menuclear.htm

@@ -14,6 +14,7 @@ html,body {
 
 </head>
 
+
 <body>
 <P><STRONG>_plugin_menuclear<BR></STRONG>This function removes all entries and child menus 
 from a menu. It will <STRONG>not </STRONG>remove the menu itself.</P>
@@ -26,7 +27,7 @@ _plugin_menuclear
 
 </STRONG>
 <STRONG>(
-<BR > int</STRONG>hMenu
+<BR >int</STRONG> hMenu
 <STRONG ></STRONG>//menu handle&nbsp;of the menu to clear&nbsp;
 
 <BR>

help/yara.htm

@@ -0,0 +1,27 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>yara</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>yara<BR></STRONG>Apply Yara rules to a memory range.</P>
+<P><U>arguments</U><BR>&nbsp; arg1: Rules file to apply. 
+This should be a full path.</P>
+<P>[arg2]: Start address of the range to apply the rules to. If not specified, 
+the disassembly selection will be used.</P>
+<P>  [arg3]: Size of the range to apply the rules  to. When not specified, 
+the whole page will be used.</P>
+<P><U>result<BR></U>This command does not set any result 
+variables.</P></body>
+</html>

help/yaramod.htm

@@ -0,0 +1,25 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>yaramod</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>yaramod<BR></STRONG>Apply Yara rules to a module.</P>
+<P><U>arguments</U><BR>&nbsp; arg1: Rules file to apply. This should be a full 
+path.</P>
+<P>&nbsp; arg2: Name of the module to apply the rules 
+to.</P>
+<P><U>result<BR></U>This command does not set any result 
+variables.</P></body>
+</html>

x64_dbg_dbg/instruction.cpp

@@ -1677,7 +1677,11 @@ CMDRESULT cbInstrYara(int argc, char* argv[])
     }
     uint addr = 0;
     if(argc < 3 || !valfromstring(argv[2], &addr))
-        addr = GetContextDataEx(hActiveThread, UE_CIP);
+    {
+        SELECTIONDATA sel;
+        GuiSelectionGet(GUI_DISASSEMBLY, &sel);
+        addr = sel.start;
+    }
     uint size = 0;
     if(argc >= 4)
         if(!valfromstring(argv[3], &size))
@@ -1685,7 +1689,6 @@ CMDRESULT cbInstrYara(int argc, char* argv[])
     if(!size)
         addr = MemFindBaseAddr(addr, &size);
     uint base = addr;
-    dprintf("%p[%p]\n", base, size);
     Memory<uint8_t*> data(size);
     if(!MemRead((void*)base, data(), size, 0))
     {

x64_dbg_dbg/x64_dbg.cpp

@@ -180,6 +180,7 @@ static void registercommands()
     dbgcmdnew("scriptload", cbScriptLoad, false);
     dbgcmdnew("msg", cbScriptMsg, false);
     dbgcmdnew("msgyn", cbScriptMsgyn, false);
+    dbgcmdnew("log", cbInstrLog, false); //log command with superawesome hax
 
     //data
     dbgcmdnew("reffind\1findref\1ref", cbInstrRefFind, true); //find references to a value
@@ -189,6 +190,9 @@ static void registercommands()
     dbgcmdnew("modcallfind", cbInstrModCallFind, true); //find intermodular calls
     dbgcmdnew("findasm\1asmfind", cbInstrFindAsm, true); //find instruction
     dbgcmdnew("reffindrange\1findrefrange\1refrange", cbInstrRefFindRange, true);
+    dbgcmdnew("yara", cbInstrYara, true); //yara test command
+    dbgcmdnew("yaramod", cbInstrYaramod, true); //yara rule on module
+    dbgcmdnew("analyse\1analyze\1anal", cbInstrAnalyse, true); //secret analysis command
 
     //undocumented
     dbgcmdnew("bench", cbDebugBenchmark, true); //benchmark test (readmem etc)
@@ -198,10 +202,6 @@ static void registercommands()
     dbgcmdnew("copystr\1strcpy", cbInstrCopystr, true); //write a string variable to memory
     dbgcmdnew("looplist", cbInstrLoopList, true); //list loops
     dbgcmdnew("capstone", cbInstrCapstone, true); //disassemble using capstone
-    dbgcmdnew("yara", cbInstrYara, true); //yara test command
-    dbgcmdnew("yaramod", cbInstrYaramod, true); //yara rule on module
-    dbgcmdnew("log", cbInstrLog, false); //log command with superawesome hax
-    dbgcmdnew("analyse\1analyze\1anal", cbInstrAnalyse, true); //secret analysis command
 }
 
 static bool cbCommandProvider(char* cmd, int maxlen)