x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 4 Activity

Refactor the findallusermem and findallsysmem commands into findallmem

This commit is contained in:
Duncan Ogilvie 2022-06-15 19:54:49 +02:00
parent ca2a96ed5c
commit d87675a22f
7 changed files with 83 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

245
src/dbg/commands/cmd-searching.cpp
View File

@ -218,200 +218,6 @@ bool cbInstrFindAll(int argc, char* argv[])
return true;
}
bool cbInstrFindAllUserMem(int argc, char* argv[])
{
if(IsArgumentsLessThan(argc, 3))
return false;
duint addr = 0;
if(!valfromstring(argv[1], &addr, false))
return false;
std::vector<PatternByte> searchpattern;
String patternshort;
if(!handlePatternArgument(argv[2], searchpattern, &patternshort))
{
dputs(QT_TRANSLATE_NOOP("DBG", "Failed to transform pattern!"));
return false;
}
duint find_size = -1;
bool findData = false;
if(argc >= 4)
{
if(!_stricmp(argv[3], "&data&"))
findData = true;
else if(!valfromstring(argv[3], &find_size))
findData = false;
}
SHARED_ACQUIRE(LockMemoryPages);
std::vector<SimplePage> searchPages;
for(auto & itr : memoryPages)
{
if(itr.second.mbi.State != MEM_COMMIT)
continue;
int party = ModGetParty(duint(itr.second.mbi.BaseAddress));
if(party != mod_user)
continue;
SimplePage page(duint(itr.second.mbi.BaseAddress), itr.second.mbi.RegionSize);
if(page.address >= addr && (find_size == -1 || page.address + page.size <= addr + find_size))
searchPages.push_back(page);
}
SHARED_RELEASE();
DWORD ticks = GetTickCount();
std::vector<duint> results;
if(!MemFindInMap(searchPages, searchpattern, results, maxFindResults))
{
dputs(QT_TRANSLATE_NOOP("DBG", "MemFindInMap failed!"));
return false;
}
//setup reference view
String patterntitle = StringUtils::sprintf(GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Pattern: %s")), patternshort.c_str());
GuiReferenceInitialize(patterntitle.c_str());
GuiReferenceAddColumn(2 * sizeof(duint), GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Address")));
if(findData)
GuiReferenceAddColumn(0, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Data")));
else
GuiReferenceAddColumn(0, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Disassembly")));
GuiReferenceSetRowCount(0);
GuiReferenceReloadData();
int refCount = 0;
for(duint result : results)
{
char msg[deflen] = "";
sprintf_s(msg, "%p", result);
GuiReferenceSetRowCount(refCount + 1);
GuiReferenceSetCellContent(refCount, 0, msg);
if(findData)
{
Memory<unsigned char*> printData(searchpattern.size(), "cbInstrFindAll:printData");
MemRead(result, printData(), printData.size());
for(size_t j = 0, k = 0; j < printData.size(); j++)
{
if(j)
k += sprintf_s(msg + k, sizeof(msg) - k, " ");
k += sprintf_s(msg + k, sizeof(msg) - k, "%.2X", printData()[j]);
}
}
else
{
if(!GuiGetDisassembly(result, msg))
strcpy_s(msg, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "[Error disassembling]")));
}
GuiReferenceSetCellContent(refCount, 1, msg);
refCount++;
}
GuiReferenceReloadData();
dprintf(QT_TRANSLATE_NOOP("DBG", "%d occurrences found in %ums\n"), refCount, GetTickCount() - ticks);
varset("$result", refCount, false);
return true;
}
bool cbInstrFindAllSystemMem(int argc, char* argv[])
{
if(IsArgumentsLessThan(argc, 3))
return false;
duint addr = 0;
if(!valfromstring(argv[1], &addr, false))
return false;
std::vector<PatternByte> searchpattern;
String patternshort;
if(!handlePatternArgument(argv[2], searchpattern, &patternshort))
{
dputs(QT_TRANSLATE_NOOP("DBG", "Failed to transform pattern!"));
return false;
}
duint find_size = -1;
bool findData = false;
if(argc >= 4)
{
if(!_stricmp(argv[3], "&data&"))
findData = true;
else if(!valfromstring(argv[3], &find_size))
findData = false;
}
SHARED_ACQUIRE(LockMemoryPages);
std::vector<SimplePage> searchPages;
for(auto & itr : memoryPages)
{
if(itr.second.mbi.State != MEM_COMMIT)
continue;
int party = ModGetParty(duint(itr.second.mbi.BaseAddress));
if(party != mod_system)
continue;
SimplePage page(duint(itr.second.mbi.BaseAddress), itr.second.mbi.RegionSize);
if(page.address >= addr && (find_size == -1 || page.address + page.size <= addr + find_size))
searchPages.push_back(page);
}
SHARED_RELEASE();
DWORD ticks = GetTickCount();
std::vector<duint> results;
if(!MemFindInMap(searchPages, searchpattern, results, maxFindResults))
{
dputs(QT_TRANSLATE_NOOP("DBG", "MemFindInMap failed!"));
return false;
}
//setup reference view
String patterntitle = StringUtils::sprintf(GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Pattern: %s")), patternshort.c_str());
GuiReferenceInitialize(patterntitle.c_str());
GuiReferenceAddColumn(2 * sizeof(duint), GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Address")));
if(findData)
GuiReferenceAddColumn(0, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Data")));
else
GuiReferenceAddColumn(0, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Disassembly")));
GuiReferenceSetRowCount(0);
GuiReferenceReloadData();
int refCount = 0;
for(duint result : results)
{
char msg[deflen] = "";
sprintf_s(msg, "%p", result);
GuiReferenceSetRowCount(refCount + 1);
GuiReferenceSetCellContent(refCount, 0, msg);
if(findData)
{
Memory<unsigned char*> printData(searchpattern.size(), "cbInstrFindAll:printData");
MemRead(result, printData(), printData.size());
for(size_t j = 0, k = 0; j < printData.size(); j++)
{
if(j)
k += sprintf_s(msg + k, sizeof(msg) - k, " ");
k += sprintf_s(msg + k, sizeof(msg) - k, "%.2X", printData()[j]);
}
}
else
{
if(!GuiGetDisassembly(result, msg))
strcpy_s(msg, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "[Error disassembling]")));
}
GuiReferenceSetCellContent(refCount, 1, msg);
refCount++;
}
GuiReferenceReloadData();
dprintf(QT_TRANSLATE_NOOP("DBG", "%d occurrences found in %ums\n"), refCount, GetTickCount() - ticks);
varset("$result", refCount, false);
return true;
}
bool cbInstrFindAllMem(int argc, char* argv[])
{
if(IsArgumentsLessThan(argc, 3))
@ -431,6 +237,7 @@ bool cbInstrFindAllMem(int argc, char* argv[])
duint find_size = -1;
bool findData = false;
REFFINDTYPE moduleFindType = CURRENT_REGION;
if(argc >= 4)
{
if(!_stricmp(argv[3], "&data&"))
@ -439,13 +246,55 @@ bool cbInstrFindAllMem(int argc, char* argv[])
findData = false;
}
if(argc >= 5)
{
if(!_stricmp(argv[4], "user"))
moduleFindType = USER_MODULES;
else if(!_stricmp(argv[4], "system"))
moduleFindType = SYSTEM_MODULES;
else if(!_stricmp(argv[4], "module"))
moduleFindType = ALL_MODULES;
}
SHARED_ACQUIRE(LockMemoryPages);
std::vector<SimplePage> searchPages;
for(auto & itr : memoryPages)
{
if(itr.second.mbi.State != MEM_COMMIT)
continue;
SimplePage page(duint(itr.second.mbi.BaseAddress), itr.second.mbi.RegionSize);
if(moduleFindType != CURRENT_REGION)
{
SHARED_ACQUIRE(LockModules);
auto info = ModInfoFromAddr(page.address);
if(info)
{
if(moduleFindType == ALL_MODULES)
{
// Looking for modules and this region is in a module
}
else if(moduleFindType == USER_MODULES && info->party == mod_user)
{
// Looking for user modules and this region is in a user module
}
else if(moduleFindType == SYSTEM_MODULES && info->party == mod_system)
{
// Looking for system modules and this region is in a system module
}
else
{
// Module type is not matching
continue;
}
}
else
{
// Region is not a module
continue;
}
}
if(page.address >= addr && (find_size == -1 || page.address + page.size <= addr + find_size))
searchPages.push_back(page);
}
@ -548,7 +397,7 @@ bool cbInstrFindAsm(int argc, char* argv[])
duint refFindType = CURRENT_REGION;
if(argc >= 5 && valfromstring(argv[4], &refFindType, true))
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != User_MODULES && refFindType != System_MODULES && refFindType != ALL_MODULES)
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != USER_MODULES && refFindType != SYSTEM_MODULES && refFindType != ALL_MODULES)
refFindType = CURRENT_REGION;
unsigned char dest[16];
@ -686,7 +535,7 @@ bool cbInstrRefFindRange(int argc, char* argv[])
duint refFindType = CURRENT_REGION;
if(argc >= 6 && valfromstring(argv[5], &refFindType, true))
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != User_MODULES && refFindType != System_MODULES && refFindType != ALL_MODULES)
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != USER_MODULES && refFindType != SYSTEM_MODULES && refFindType != ALL_MODULES)
refFindType = CURRENT_REGION;
int found = RefFind(addr, size, cbRefFind, &range, false, title, (REFFINDTYPE)refFindType, false);
@ -804,7 +653,7 @@ bool cbInstrRefStr(int argc, char* argv[])
duint refFindType = CURRENT_REGION;
if(argc >= 4 && valfromstring(argv[3], &refFindType, true))
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != User_MODULES && refFindType != System_MODULES && refFindType != ALL_MODULES)
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != USER_MODULES && refFindType != SYSTEM_MODULES && refFindType != ALL_MODULES)
refFindType = CURRENT_REGION;
TranslatedString = GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Strings"));
@ -935,7 +784,7 @@ bool cbInstrModCallFind(int argc, char* argv[])
duint refFindType = CURRENT_REGION;
if(argc >= 4 && valfromstring(argv[3], &refFindType, true))
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != User_MODULES && refFindType != System_MODULES && refFindType != ALL_MODULES)
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != USER_MODULES && refFindType != SYSTEM_MODULES && refFindType != ALL_MODULES)
refFindType = CURRENT_REGION;
duint ticks = GetTickCount();

2
src/dbg/commands/cmd-searching.h
View File

@ -5,8 +5,6 @@
bool cbInstrFind(int argc, char* argv[]);
bool cbInstrFindAll(int argc, char* argv[]);
bool cbInstrFindAllMem(int argc, char* argv[]);
bool cbInstrFindAllUserMem(int argc, char* argv[]);
bool cbInstrFindAllSystemMem(int argc, char* argv[]);
bool cbInstrFindAsm(int argc, char* argv[]);
bool cbInstrRefFind(int argc, char* argv[]);
bool cbInstrRefFindRange(int argc, char* argv[]);

4
src/dbg/reference.cpp
View File

@ -117,7 +117,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
GuiReferenceSetProgress(percent);
}, disasmText);
}
else if(type == User_MODULES) // Search in All User Modules
else if(type == USER_MODULES) // Search in All User Modules
{
bool initCallBack = true;
@ -179,7 +179,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
initCallBack = false;
}
}
else if(type == System_MODULES) // Search in All System Modules
else if(type == SYSTEM_MODULES) // Search in All System Modules
{
bool initCallBack = true;

4
src/dbg/reference.h
View File

@ -17,8 +17,8 @@ typedef enum
CURRENT_REGION,
CURRENT_MODULE,
ALL_MODULES,
User_MODULES,
System_MODULES
USER_MODULES,
SYSTEM_MODULES
} REFFINDTYPE;
// Reference callback typedef

2
src/dbg/x64dbg.cpp
View File

@ -271,8 +271,6 @@ static void registercommands()
dbgcmdnew("find", cbInstrFind, true); //find a pattern
dbgcmdnew("findall", cbInstrFindAll, true); //find all patterns
dbgcmdnew("findallmem,findmemall", cbInstrFindAllMem, true); //memory map pattern find
dbgcmdnew("findallusermem,findmemalluser", cbInstrFindAllUserMem, true); //memory map pattern find(All User memory)
dbgcmdnew("findallsysmem,findmemallsystem", cbInstrFindAllSystemMem, true); //memory map pattern find(All System memory)
dbgcmdnew("findasm,asmfind", cbInstrFindAsm, true); //find instruction
dbgcmdnew("reffind,findref,ref", cbInstrRefFind, true); //find references to a value
dbgcmdnew("reffindrange,findrefrange,refrange", cbInstrRefFindRange, true);

47
src/gui/Src/Gui/CPUDisassembly.cpp
View File

@ -1215,28 +1215,41 @@ void CPUDisassembly::findPatternSlot()
addr = DbgMemFindBaseAddr(addr, 0);
QString command;
if(sender() == mFindPatternModule)
if(sender() == mFindPatternRegion)
{
command = QString("findall %1, %2").arg(ToHexString(addr), hexEdit.mHexEdit->pattern());
}
else if(sender() == mFindPatternModule)
{
auto base = DbgFunctions()->ModBaseFromAddr(addr);
if(base)
command = QString("findallmem %1, %2, %3").arg(ToHexString(base), hexEdit.mHexEdit->pattern(), ToHexString(DbgFunctions()->ModSizeFromAddr(base)));
}
if(sender() == mFindPatternFunction)
{
duint start, end;
if(DbgFunctionGet(addr, &start, &end))
command = QString("findall %1, %2, %3").arg(ToPtrString(start)).arg(hexEdit.mHexEdit->pattern()).arg(ToPtrString(end - start));
else
return;
}
if(sender() == mFindPatternAll)
command = QString("findallmem %1, %2, %3").arg(ToPtrString(addr)).arg(hexEdit.mHexEdit->pattern()).arg("&data&");
if(sender() == mFindPatternAllUser)
command = QString("findmemalluser %1, %2, %3").arg(ToPtrString(addr)).arg(hexEdit.mHexEdit->pattern()).arg("&data&");
if(sender() == mFindPatternAllSystem)
command = QString("findmemallsystem %1, %2, %3").arg(ToPtrString(addr)).arg(hexEdit.mHexEdit->pattern()).arg("&data&");
else if(sender() == mFindPatternFunction)
{
duint start, end;
if(DbgFunctionGet(addr, &start, &end))
command = QString("findall %1, %2, %3").arg(ToPtrString(start), hexEdit.mHexEdit->pattern(), ToPtrString(end - start));
else
return;
}
else if(sender() == mFindPatternAll)
{
command = QString("findallmem 0, %1, &data&, module").arg(hexEdit.mHexEdit->pattern());
}
else if(sender() == mFindPatternAllUser)
{
command = QString("findallmem 0, %1, &data&, user").arg(hexEdit.mHexEdit->pattern());
}
else if(sender() == mFindPatternAllSystem)
{
command = QString("findallmem 0, %1, &data&, system").arg(hexEdit.mHexEdit->pattern());
}
if(!command.length())
command = QString("findall %1, %2").arg(ToHexString(addr), hexEdit.mHexEdit->pattern());
throw std::runtime_error("Implementation error in findPatternSlot()");
DbgCmdExec(command);
emit displayReferencesWidget();
@ -1260,12 +1273,14 @@ void CPUDisassembly::findGUIDSlot()
auto addrText = ToHexString(rvaToVa(getInitialSelection()));
if(refFindType == -1)
DbgCmdExec(QString("findguid %1, 0, %2").arg(addrText).arg(refFindType));
{
DbgCmdExec(QString("findguid %1, 0, %2").arg(addrText, refFindType));
}
else
{
duint start, end;
if(DbgFunctionGet(rvaToVa(getInitialSelection()), &start, &end))
DbgCmdExec(QString("findguid %1, %2, 0").arg(ToPtrString(start)).arg(ToPtrString(end - start)));
DbgCmdExec(QString("findguid %1, %2, 0").arg(ToPtrString(start), ToPtrString(end - start)));
}
emit displayReferencesWidget();
}

3
src/gui/Src/Gui/MemoryMapView.cpp
View File

@ -583,8 +583,7 @@ void MemoryMapView::findPatternSlot()
BridgeSettingSetUint("Gui", "MemoryMapEntireBlock", entireBlockEnabled);
if(entireBlockEnabled)
addr = 0;
QString addrText = ToPtrString(addr);
DbgCmdExec(QString("findmemall " + addrText + ", \"" + hexEdit.mHexEdit->pattern() + "\", &data&"));
DbgCmdExec(QString("findallmem %1, %2, &data&").arg(ToPtrString(addr)).arg(hexEdit.mHexEdit->pattern()));
emit showReferences();
}