1
0
Fork 0

DBG: support for symbol displacement (#1478)

This commit is contained in:
mrexodia 2017-02-26 01:14:50 +01:00
parent 2736885c09
commit df0c75ac03
No known key found for this signature in database
GPG Key ID: FC89E0AAA0C1AAD8
1 changed files with 15 additions and 3 deletions

View File

@ -141,12 +141,18 @@ static bool getLabel(duint addr, char* label, bool noFuncOffset)
PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer;
pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO);
pSymbol->MaxNameLen = MAX_LABEL_SIZE;
if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) && !displacement)
if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) && (!noFuncOffset || !displacement))
{
pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0';
if(!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, label, MAX_LABEL_SIZE, UNDNAME_COMPLETE))
strcpy_s(label, MAX_LABEL_SIZE, pSymbol->Name);
retval = !shouldFilterSymbol(label);
if(retval && displacement)
{
char temp[32];
sprintf_s(temp, "+%llX", displacement);
strncat_s(label, MAX_LABEL_SIZE, temp, _TRUNCATE);
}
}
if(!retval) //search for CALL <jmp.&user32.MessageBoxA>
{
@ -157,12 +163,18 @@ static bool getLabel(duint addr, char* label, bool noFuncOffset)
duint val = 0;
if(MemRead(basicinfo.memory.value, &val, sizeof(val), nullptr, true))
{
if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)val, &displacement, pSymbol) && !displacement)
if(SafeSymFromAddr(fdProcessInfo->hProcess, (DWORD64)val, &displacement, pSymbol) && (!noFuncOffset || !displacement))
{
pSymbol->Name[pSymbol->MaxNameLen - 1] = '\0';
if(!bUndecorateSymbolNames || !SafeUnDecorateSymbolName(pSymbol->Name, label, MAX_LABEL_SIZE, UNDNAME_COMPLETE))
sprintf_s(label, MAX_LABEL_SIZE, "JMP.&%s", pSymbol->Name);
retval = !shouldFilterSymbol(label);
if(retval && displacement)
{
char temp[32];
sprintf_s(temp, "+%llX", displacement);
strncat_s(label, MAX_LABEL_SIZE, temp, _TRUNCATE);
}
}
}
}
@ -196,7 +208,7 @@ static bool getLabel(duint addr, char* label, bool noFuncOffset)
#else //x86
sprintf_s(temp, "+%X", rva);
#endif //_WIN64
strcat_s(label, MAX_LABEL_SIZE, temp);
strncat_s(label, MAX_LABEL_SIZE, temp, _TRUNCATE);
return true;
}
}