x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 2 Activity

DBG: support for symbol displacement (#1478)

This commit is contained in:
mrexodia 2017-02-26 01:14:50 +01:00
parent 2736885c09
commit df0c75ac03
No known key found for this signature in database
GPG Key ID: FC89E0AAA0C1AAD8
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/dbg/_exports.cpp
View File

@ -141,12 +141,18 @@ static bool getLabel(duint addr, char* label, bool noFuncOffset)
PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer; PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer;
pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO); pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO);
pSymbol->MaxNameLen = MAX_LABEL_SIZE; pSymbol->MaxNameLen = MAX_LABEL_SIZE;
if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) && !displacement) if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) && (!noFuncOffset || !displacement))
{ {
pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0'; pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0';
if(!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, label, MAX_LABEL_SIZE, UNDNAME_COMPLETE)) if(!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, label, MAX_LABEL_SIZE, UNDNAME_COMPLETE))
strcpy_s(label, MAX_LABEL_SIZE, pSymbol->Name); strcpy_s(label, MAX_LABEL_SIZE, pSymbol->Name);
retval = !shouldFilterSymbol(label); retval = !shouldFilterSymbol(label);
if(retval && displacement)
{
char temp[32];
sprintf_s(temp, "+%llX", displacement);
strncat_s(label, MAX_LABEL_SIZE, temp, _TRUNCATE);
}
} }
if(!retval) //search for CALL <jmp.&user32.MessageBoxA> if(!retval) //search for CALL <jmp.&user32.MessageBoxA>
{ {
@ -157,12 +163,18 @@ static bool getLabel(duint addr, char* label, bool noFuncOffset)
duint val = 0; duint val = 0;
if(MemRead(basicinfo.memory.value, &val, sizeof(val), nullptr, true)) if(MemRead(basicinfo.memory.value, &val, sizeof(val), nullptr, true))
{ {
if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)val, &displacement, pSymbol) && !displacement) if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)val, &displacement, pSymbol) && (!noFuncOffset || !displacement))
{ {
pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0'; pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0';
if(!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, label, MAX_LABEL_SIZE, UNDNAME_COMPLETE)) if(!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, label, MAX_LABEL_SIZE, UNDNAME_COMPLETE))
sprintf_s(label, MAX_LABEL_SIZE, "JMP.&%s", pSymbol->Name); sprintf_s(label, MAX_LABEL_SIZE, "JMP.&%s", pSymbol->Name);
retval = !shouldFilterSymbol(label); retval = !shouldFilterSymbol(label);
if(retval && displacement)
{
char temp[32];
sprintf_s(temp, "+%llX", displacement);
strncat_s(label, MAX_LABEL_SIZE, temp, _TRUNCATE);
}
} }
} }
} }
@ -196,7 +208,7 @@ static bool getLabel(duint addr, char* label, bool noFuncOffset)
#else //x86 #else //x86
sprintf_s(temp, "+%X", rva); sprintf_s(temp, "+%X", rva);
#endif //_WIN64 #endif //_WIN64
strcat_s(label, MAX_LABEL_SIZE, temp); strncat_s(label, MAX_LABEL_SIZE, temp, _TRUNCATE);
return true; return true;
} }
} }