x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

Merge branch 'master' of https://github.com/x64dbg/x64dbg

This commit is contained in:
Mr. eXoDia 2015-10-14 11:22:59 +02:00
parent 13a19aa32d 6bb96406b3
commit e0085323f5
87 changed files with 1855 additions and 410 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
help/pop.htm Normal file
View File

@ -0,0 +1,25 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>pop</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>push<BR></STRONG>Pop a value from the stack.</P>
<P class=rvps3>
<U>arguments</U><BR>[arg1]: The destination.</P>
<P class=rvps3 >
<U>result</U><BR>This command does not set any
result&nbsp;variables.</P></body>
</html>

26
help/push.htm Normal file
View File

@ -0,0 +1,26 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>push</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>push<BR></STRONG>Push a value on the stack.</P>
<P class=rvps3>
<U>arguments</U><BR>&nbsp; arg1: The value to push on the stack.
</P>
<P class=rvps3 >
<U>result</U><BR>This command does not set any
result&nbsp;variables.</P></body>
</html>

BIN
help/x64_dbg.wcp
View File

Binary file not shown.

6
x64_dbg_bridge/bridgelist.h
View File

@ -101,15 +101,15 @@ public:
*/
static inline bool CopyData(ListInfo* listInfo, const std::vector<Type> & listData)
{
if (!listInfo)
if(!listInfo)
return false;
listInfo->count = int(listData.size());
listInfo->size = listInfo->count * sizeof(Type);
if (listInfo->count)
if(listInfo->count)
{
listInfo->data = BridgeAlloc(listInfo->size);
Type* curItem = reinterpret_cast<Type*>(listInfo->data);
for (const auto & item : listData)
for(const auto & item : listData)
{
*curItem = item;
++curItem;

23
x64_dbg_bridge/bridgemain.cpp
View File

@ -125,8 +125,9 @@ BRIDGE_IMPEXP bool BridgeSettingGet(const char* section, const char* key, char*
return false;
EnterCriticalSection(&csIni);
auto foundValue = settings.GetValue(section, key);
strcpy_s(value, MAX_SETTING_SIZE, settings.GetValue(section, key).c_str());
bool result = foundValue.length() > 0;
if(result)
strcpy_s(value, MAX_SETTING_SIZE, foundValue.c_str());
LeaveCriticalSection(&csIni);
return result;
}
@ -1205,6 +1206,26 @@ BRIDGE_IMPEXP void GuiUpdateTimeWastedCounter()
_gui_sendmessage(GUI_UPDATE_TIME_WASTED_COUNTER, nullptr, nullptr);
}
BRIDGE_IMPEXP void GuiSetGlobalNotes(const char* text)
{
_gui_sendmessage(GUI_SET_GLOBAL_NOTES, (void*)text, nullptr);
}
BRIDGE_IMPEXP void GuiGetGlobalNotes(char** text)
{
_gui_sendmessage(GUI_GET_GLOBAL_NOTES, text, nullptr);
}
BRIDGE_IMPEXP void GuiSetDebuggeeNotes(const char* text)
{
_gui_sendmessage(GUI_SET_DEBUGGEE_NOTES, (void*)text, nullptr);
}
BRIDGE_IMPEXP void GuiGetDebuggeeNotes(char** text)
{
_gui_sendmessage(GUI_GET_DEBUGGEE_NOTES, text, nullptr);
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
hInst = hinstDLL;

10
x64_dbg_bridge/bridgemain.h
View File

@ -775,7 +775,11 @@ typedef enum
GUI_SHOW_QWIDGET_TAB, // param1=QWidget*, param2=unused
GUI_CLOSE_QWIDGET_TAB, // param1=QWidget*, param2=unused
GUI_EXECUTE_ON_GUI_THREAD, // param1=GUICALLBACK, param2=unused
GUI_UPDATE_TIME_WASTED_COUNTER // param1=unused, param2=unused
GUI_UPDATE_TIME_WASTED_COUNTER, // param1=unused, param2=unused
GUI_SET_GLOBAL_NOTES, // param1=const char* text, param2=unused
GUI_GET_GLOBAL_NOTES, // param1=char** text, param2=unused
GUI_SET_DEBUGGEE_NOTES, // param1=const char* text, param2=unused
GUI_GET_DEBUGGEE_NOTES // param1=char** text, param2=unused
} GUIMSG;
//GUI Typedefs
@ -870,6 +874,10 @@ BRIDGE_IMPEXP void GuiShowQWidgetTab(void* qWidget);
BRIDGE_IMPEXP void GuiCloseQWidgetTab(void* qWidget);
BRIDGE_IMPEXP void GuiExecuteOnGuiThread(GUICALLBACK cbGuiThread);
BRIDGE_IMPEXP void GuiUpdateTimeWastedCounter();
BRIDGE_IMPEXP void GuiSetGlobalNotes(const char* text);
BRIDGE_IMPEXP void GuiGetGlobalNotes(char** text);
BRIDGE_IMPEXP void GuiSetDebuggeeNotes(const char* text);
BRIDGE_IMPEXP void GuiGetDebuggeeNotes(char** text);
#ifdef __cplusplus
}

6
x64_dbg_dbg/_dbgfunctions.cpp
View File

@ -224,9 +224,9 @@ void dbgfunctionsinit()
_dbgfunctions.GetJitAuto = _getjitauto;
_dbgfunctions.GetDefJit = dbggetdefjit;
_dbgfunctions.GetProcessList = _getprocesslist;
_dbgfunctions.GetPageRights = dbggetpagerights;
_dbgfunctions.SetPageRights = dbgsetpagerights;
_dbgfunctions.PageRightsToString = dbgpagerightstostring;
_dbgfunctions.GetPageRights = MemGetPageRights;
_dbgfunctions.SetPageRights = MemSetPageRights;
_dbgfunctions.PageRightsToString = MemPageRightsToString;
_dbgfunctions.IsProcessElevated = IsProcessElevated;
_dbgfunctions.GetCmdline = _getcmdline;
_dbgfunctions.SetCmdline = _setcmdline;

2
x64_dbg_dbg/_exports.cpp
View File

@ -965,7 +965,7 @@ extern "C" DLL_EXPORT uint _dbg_sendmessage(DBGMSG type, void* param1, void* par
{
STRING_TYPE strtype;
char string[MAX_STRING_SIZE];
if(disasmgetstringat((uint)param1, &strtype, string, string, MAX_STRING_SIZE-3))
if(disasmgetstringat((uint)param1, &strtype, string, string, MAX_STRING_SIZE - 3))
{
if(strtype == str_ascii)
sprintf((char*)param2, "\"%s\"", string);

6
x64_dbg_dbg/_global.cpp
View File

@ -50,7 +50,7 @@ void* emalloc(size_t size, const char* reason)
emalloc_count++;
/*
FILE* file = fopen(alloctrace, "a+");
fprintf(file, "DBG%.5d: alloc:"fhex":%s:"fhex"\n", emalloc_count, a, reason, size);
fprintf(file, "DBG%.5d: alloc:" fhex ":%s:" fhex "\n", emalloc_count, a, reason, size);
fclose(file);
*/
return a;
@ -76,7 +76,7 @@ void* erealloc(void* ptr, size_t size, const char* reason)
memset(a, 0, size);
/*
FILE* file = fopen(alloctrace, "a+");
fprintf(file, "DBG%.5d:realloc:"fhex":%s:"fhex"\n", emalloc_count, a, reason, size);
fprintf(file, "DBG%.5d:realloc:" fhex ":%s:" fhex "\n", emalloc_count, a, reason, size);
fclose(file);
*/
return a;
@ -92,7 +92,7 @@ void efree(void* ptr, const char* reason)
emalloc_count--;
/*
FILE* file = fopen(alloctrace, "a+");
fprintf(file, "DBG%.5d: free:"fhex":%s\n", emalloc_count, ptr, reason);
fprintf(file, "DBG%.5d: free:" fhex ":%s\n", emalloc_count, ptr, reason);
fclose(file);
*/
GlobalFree(ptr);

29
x64_dbg_dbg/_scriptapi_debug.cpp
View File

@ -39,4 +39,33 @@ SCRIPT_EXPORT void Script::Debug::StepOut()
{
DbgCmdExecDirect("StepOut");
Wait();
}
SCRIPT_EXPORT bool Script::Debug::SetBreakpoint(duint address)
{
char command[128] = "";
sprintf_s(command, "bp %p", address);
return DbgCmdExecDirect(command);
}
SCRIPT_EXPORT bool Script::Debug::DeleteBreakpoint(duint address)
{
char command[128] = "";
sprintf_s(command, "bc %p", address);
return DbgCmdExecDirect(command);
}
SCRIPT_EXPORT bool Script::Debug::SetHardwareBreakpoint(duint address, HardwareType type)
{
char command[128] = "";
const char* types[] = { "rw", "w", "x" };
sprintf_s(command, "bphws %p, %s", address, types[type]);
return DbgCmdExecDirect(command);
}
SCRIPT_EXPORT bool Script::Debug::DeleteHardwareBreakpoint(duint address)
{
char command[128] = "";
sprintf_s(command, "bphwc %p", address);
return DbgCmdExecDirect(command);
}

11
x64_dbg_dbg/_scriptapi_debug.h
View File

@ -7,6 +7,13 @@ namespace Script
{
namespace Debug
{
enum HardwareType
{
HardwareAccess,
HardwareWrite,
HardwareExecute
};
SCRIPT_EXPORT void Wait();
SCRIPT_EXPORT void Run();
SCRIPT_EXPORT void Pause();
@ -14,6 +21,10 @@ SCRIPT_EXPORT void Stop();
SCRIPT_EXPORT void StepIn();
SCRIPT_EXPORT void StepOver();
SCRIPT_EXPORT void StepOut();
SCRIPT_EXPORT bool SetBreakpoint(duint address);
SCRIPT_EXPORT bool DeleteBreakpoint(duint address);
SCRIPT_EXPORT bool SetHardwareBreakpoint(duint address, HardwareType type = HardwareExecute);
SCRIPT_EXPORT bool DeleteHardwareBreakpoint(duint address);
}; //Debug
}; //Script

116
x64_dbg_dbg/_scriptapi_flag.cpp Normal file
View File

@ -0,0 +1,116 @@
#include "_scriptapi_flag.h"
#include "value.h"
static const char* flagTable[] =
{
"ZF",
"OF",
"CF",
"PF",
"SF",
"TF",
"AF",
"DF",
"IF"
};
SCRIPT_EXPORT bool Script::Flag::Get(FlagEnum flag)
{
duint value;
return valfromstring(flagTable[flag], &value) ? !!value : false;
}
SCRIPT_EXPORT bool Script::Flag::Set(FlagEnum flag, bool value)
{
return setflag(flagTable[flag], value);
}
SCRIPT_EXPORT bool Script::Flag::GetZF()
{
return Get(ZF);
}
SCRIPT_EXPORT bool Script::Flag::SetZF(bool value)
{
return Set(ZF, value);
}
SCRIPT_EXPORT bool Script::Flag::GetOF()
{
return Get(OF);
}
SCRIPT_EXPORT bool Script::Flag::SetOF(bool value)
{
return Set(OF, value);
}
SCRIPT_EXPORT bool Script::Flag::GetCF()
{
return Get(CF);
}
SCRIPT_EXPORT bool Script::Flag::SetCF(bool value)
{
return Set(CF, value);
}
SCRIPT_EXPORT bool Script::Flag::GetPF()
{
return Get(PF);
}
SCRIPT_EXPORT bool Script::Flag::SetPF(bool value)
{
return Set(PF, value);
}
SCRIPT_EXPORT bool Script::Flag::GetSF()
{
return Get(SF);
}
SCRIPT_EXPORT bool Script::Flag::SetSF(bool value)
{
return Set(SF, value);
}
SCRIPT_EXPORT bool Script::Flag::GetTF()
{
return Get(TF);
}
SCRIPT_EXPORT bool Script::Flag::SetTF(bool value)
{
return Set(TF, value);
}
SCRIPT_EXPORT bool Script::Flag::GetAF()
{
return Get(AF);
}
SCRIPT_EXPORT bool Script::Flag::SetAF(bool value)
{
return Set(AF, value);
}
SCRIPT_EXPORT bool Script::Flag::GetDF()
{
return Get(DF);
}
SCRIPT_EXPORT bool Script::Flag::SetDF(bool value)
{
return Set(DF, value);
}
SCRIPT_EXPORT bool Script::Flag::GetIF()
{
return Get(IF);
}
SCRIPT_EXPORT bool Script::Flag::SetIF(bool value)
{
return Set(IF, value);
}

47
x64_dbg_dbg/_scriptapi_flag.h Normal file
View File

@ -0,0 +1,47 @@
#ifndef _SCRIPTAPI_FLAG_H
#define _SCRIPTAPI_FLAG_H
#include "_scriptapi.h"
namespace Script
{
namespace Flag
{
enum FlagEnum
{
ZF,
OF,
CF,
PF,
SF,
TF,
AF,
DF,
IF
};
SCRIPT_EXPORT bool Get(FlagEnum flag);
SCRIPT_EXPORT bool Set(FlagEnum flag, bool value);
SCRIPT_EXPORT bool GetZF();
SCRIPT_EXPORT bool SetZF(bool value);
SCRIPT_EXPORT bool GetOF();
SCRIPT_EXPORT bool SetOF(bool value);
SCRIPT_EXPORT bool GetCF();
SCRIPT_EXPORT bool SetCF(bool value);
SCRIPT_EXPORT bool GetPF();
SCRIPT_EXPORT bool SetPF(bool value);
SCRIPT_EXPORT bool GetSF();
SCRIPT_EXPORT bool SetSF(bool value);
SCRIPT_EXPORT bool GetTF();
SCRIPT_EXPORT bool SetTF(bool value);
SCRIPT_EXPORT bool GetAF();
SCRIPT_EXPORT bool SetAF(bool value);
SCRIPT_EXPORT bool GetDF();
SCRIPT_EXPORT bool SetDF(bool value);
SCRIPT_EXPORT bool GetIF();
SCRIPT_EXPORT bool SetIF(bool value);
};
};
#endif //_SCRIPTAPI_FLAG_H

6
x64_dbg_dbg/_scriptapi_module.cpp
View File

@ -103,11 +103,11 @@ SCRIPT_EXPORT bool Script::Module::SectionListFromAddr(duint addr, ListOf(Module
{
SHARED_ACQUIRE(LockModules);
MODINFO* modInfo = ModInfoFromAddr(addr);
if (!modInfo)
if(!modInfo)
return false;
std::vector<ModuleSectionInfo> scriptSectionList;
scriptSectionList.reserve(modInfo->sections.size());
for (const auto & section : modInfo->sections)
for(const auto & section : modInfo->sections)
{
ModuleSectionInfo scriptSection;
scriptSection.addr = section.addr;
@ -169,7 +169,7 @@ SCRIPT_EXPORT bool Script::Module::GetList(ListOf(ModuleInfo) listInfo)
ModGetList(modList);
std::vector<ModuleInfo> modScriptList;
modScriptList.reserve(modList.size());
for (const auto & mod : modList)
for(const auto & mod : modList)
{
ModuleInfo scriptMod;
scriptMod.base = mod.base;

2
x64_dbg_dbg/_scriptapi_stack.cpp
View File

@ -14,7 +14,7 @@ SCRIPT_EXPORT duint Script::Stack::Push(duint value)
{
duint csp = Register::GetCSP();
Register::SetCSP(csp - sizeof(duint));
Memory::WritePtr(csp, value);
Memory::WritePtr(csp - sizeof(duint), value);
return Memory::ReadPtr(csp);
}

14
x64_dbg_dbg/addrinfo.cpp
View File

@ -30,6 +30,16 @@ void dbsave()
FunctionCacheSave(root);
LoopCacheSave(root);
BpCacheSave(root);
//save notes
char* text = nullptr;
GuiGetDebuggeeNotes(&text);
if(text)
{
json_object_set_new(root, "notes", json_string(text));
BridgeFree(text);
}
GuiSetDebuggeeNotes("");
WString wdbpath = StringUtils::Utf8ToUtf16(dbpath);
if(json_object_size(root))
{
@ -132,6 +142,10 @@ void dbload()
LoopCacheLoad(root);
BpCacheLoad(root);
// Load notes
const char* text = json_string_value(json_object_get(root, "notes"));
GuiSetDebuggeeNotes(text);
// Free root
json_decref(root);
dprintf("%ums\n", GetTickCount() - ticks);

10
x64_dbg_dbg/capstone_wrapper.cpp
View File

@ -86,9 +86,9 @@ String Capstone::OperandText(int opindex) const
case X86_OP_IMM:
{
if(InGroup(CS_GRP_JUMP) || InGroup(CS_GRP_CALL) || IsLoop())
sprintf_s(temp, "%"fext"X", op.imm + mInstr->size);
sprintf_s(temp, "%" fext "X", op.imm + mInstr->size);
else
sprintf_s(temp, "%"fext"X", op.imm);
sprintf_s(temp, "%" fext "X", op.imm);
result = temp;
}
break;
@ -98,7 +98,7 @@ String Capstone::OperandText(int opindex) const
const auto & mem = op.mem;
if(op.mem.base == X86_REG_RIP) //rip-relative
{
sprintf_s(temp, "%"fext"X", mInstr->address + op.mem.disp + mInstr->size);
sprintf_s(temp, "%" fext "X", mInstr->address + op.mem.disp + mInstr->size);
result += temp;
}
else //normal
@ -124,10 +124,10 @@ String Capstone::OperandText(int opindex) const
if(mem.disp < 0)
{
operatorText = '-';
sprintf_s(temp, "%"fext"X", mem.disp * -1);
sprintf_s(temp, "%" fext "X", mem.disp * -1);
}
else
sprintf_s(temp, "%"fext"X", mem.disp);
sprintf_s(temp, "%" fext "X", mem.disp);
if(prependPlus)
result += operatorText;
result += temp;

56
x64_dbg_dbg/controlflowanalysis.cpp
View File

@ -3,6 +3,7 @@
#include "module.h"
#include "TitanEngine/TitanEngine.h"
#include "memory.h"
#include "function.h"
ControlFlowAnalysis::ControlFlowAnalysis(uint base, uint size, bool exceptionDirectory) : Analysis(base, size)
{
@ -73,13 +74,25 @@ void ControlFlowAnalysis::Analyse()
Functions();
dprintf("Functions in %ums!\n", GetTickCount() - ticks);
ticks = GetTickCount();
FunctionRanges();
dprintf("Function ranges in %ums!\n", GetTickCount() - ticks);
ticks = GetTickCount();
dprintf("Analysis finished!\n");
}
void ControlFlowAnalysis::SetMarkers()
{
dprintf("digraph ControlFlow {\n");
FunctionDelRange(_base, _base + _size);
auto size = _functionRanges.size();
for(size_t i = size - 1; i != -1; i--)
{
const auto & range = _functionRanges[i];
FunctionAdd(range.first, range.second, false);
}
/*dprintf("digraph ControlFlow {\n");
int i = 0;
std::map<uint, int> nodeMap;
for(const auto & it : _blocks)
@ -116,7 +129,7 @@ void ControlFlowAnalysis::SetMarkers()
i++;
}
}
dprintf("}\n");
dprintf("}\n");*/
}
void ControlFlowAnalysis::BasicBlockStarts()
@ -128,15 +141,15 @@ void ControlFlowAnalysis::BasicBlockStarts()
uint addr = _base + i;
if(_cp.Disassemble(addr, TranslateAddress(addr), MAX_DISASM_BUFFER))
{
if(bSkipFilling) //handle filling skip mode
if(bSkipFilling) //handle filling skip mode
{
if(!_cp.IsFilling()) //do nothing until the filling stopped
if(!_cp.IsFilling()) //do nothing until the filling stopped
{
bSkipFilling = false;
_blockStarts.insert(addr);
}
}
else if(_cp.InGroup(CS_GRP_RET) || _cp.GetId() == X86_INS_INT3) //RET/INT3 break control flow
else if(_cp.InGroup(CS_GRP_RET) || _cp.GetId() == X86_INS_INT3) //RET/INT3 break control flow
{
bSkipFilling = true; //skip INT3/NOP/whatever filling bytes (those are not part of the control flow)
}
@ -260,7 +273,7 @@ void ControlFlowAnalysis::Functions()
else //in function
{
uint function = findFunctionStart(block, parents);
if(!function) //this happens with loops sometimes
if(!function) //this happens with loops / unreferenced blocks sometimes
delayedBlocks.push_back(DelayedBlock(block, parents));
else
block->function = function;
@ -297,9 +310,40 @@ void ControlFlowAnalysis::Functions()
resolved++;
}
dprintf("%u/%u delayed blocks resolved (%u/%u still left, probably unreferenced functions)\n", resolved, delayedCount, delayedCount - resolved, _blocks.size());
int unreferencedCount = 0;
for(const auto & block : _blocks)
{
auto found = _functions.find(block.second.function);
if(found == _functions.end()) //unreferenced block
{
unreferencedCount++;
continue;
}
found->second.insert(block.second.start);
}
dprintf("%u/%u unreferenced blocks\n", unreferencedCount, _blocks.size());
dprintf("%u functions found!\n", _functions.size());
}
void ControlFlowAnalysis::FunctionRanges()
{
//iterate over the functions and then find the deepest block = function end
for(const auto & function : _functions)
{
uint start = function.first;
uint end = start;
for(auto blockstart : function.second)
{
BasicBlock* block = this->findBlock(blockstart);
if(!block)
DebugBreak(); //this shouldn't happen
if(block->end > end)
end = block->end;
}
_functionRanges.push_back({ start, end });
}
}
void ControlFlowAnalysis::insertBlock(BasicBlock block)
{
if(_blocks.find(block.start) != _blocks.end())

2
x64_dbg_dbg/controlflowanalysis.h
View File

@ -58,10 +58,12 @@ private:
std::map<uint, BasicBlock> _blocks; //start of block -> block
std::map<uint, UintSet> _parentMap; //start child -> parents
std::map<uint, UintSet> _functions; //function start -> function block starts
std::vector<Range> _functionRanges; //function start -> function range TODO: smarter stuff with overlapping ranges
void BasicBlockStarts();
void BasicBlocks();
void Functions();
void FunctionRanges();
void insertBlock(BasicBlock block);
BasicBlock* findBlock(uint start);
void insertParent(uint child, uint parent);

240
x64_dbg_dbg/debugger.cpp
View File

@ -77,18 +77,18 @@ static DWORD WINAPI memMapThread(void* ptr)
static DWORD WINAPI timeWastedCounterThread(void* ptr)
{
if (!BridgeSettingGetUint("Engine", "TimeWastedDebugging", &timeWastedDebugging))
if(!BridgeSettingGetUint("Engine", "TimeWastedDebugging", &timeWastedDebugging))
timeWastedDebugging = 0;
GuiUpdateTimeWastedCounter();
while (!bStopTimeWastedCounterThread)
while(!bStopTimeWastedCounterThread)
{
while (!DbgIsDebugging())
while(!DbgIsDebugging())
{
if (bStopTimeWastedCounterThread)
if(bStopTimeWastedCounterThread)
break;
Sleep(1);
}
if (bStopTimeWastedCounterThread)
if(bStopTimeWastedCounterThread)
break;
timeWastedDebugging++;
GuiUpdateTimeWastedCounter();
@ -270,16 +270,16 @@ void cbUserBreakpoint()
if(symbolicname)
{
if(*bp.name)
dprintf("%s breakpoint \"%s\" at %s ("fhex")!\n", bptype, bp.name, symbolicname, bp.addr);
dprintf("%s breakpoint \"%s\" at %s (" fhex ")!\n", bptype, bp.name, symbolicname, bp.addr);
else
dprintf("%s breakpoint at %s ("fhex")!\n", bptype, symbolicname, bp.addr);
dprintf("%s breakpoint at %s (" fhex ")!\n", bptype, symbolicname, bp.addr);
}
else
{
if(*bp.name)
dprintf("%s breakpoint \"%s\" at "fhex"!\n", bptype, bp.name, bp.addr);
dprintf("%s breakpoint \"%s\" at " fhex "!\n", bptype, bp.name, bp.addr);
else
dprintf("%s breakpoint at "fhex"!\n", bptype, bp.addr);
dprintf("%s breakpoint at " fhex "!\n", bptype, bp.addr);
}
if(bp.singleshoot)
BpDelete(bp.addr, BPNORMAL);
@ -347,16 +347,16 @@ void cbHardwareBreakpoint(void* ExceptionAddress)
if(symbolicname)
{
if(*bp.name)
dprintf("Hardware breakpoint (%s%s) \"%s\" at %s ("fhex")!\n", bpsize, bptype, bp.name, symbolicname, bp.addr);
dprintf("Hardware breakpoint (%s%s) \"%s\" at %s (" fhex ")!\n", bpsize, bptype, bp.name, symbolicname, bp.addr);
else
dprintf("Hardware breakpoint (%s%s) at %s ("fhex")!\n", bpsize, bptype, symbolicname, bp.addr);
dprintf("Hardware breakpoint (%s%s) at %s (" fhex ")!\n", bpsize, bptype, symbolicname, bp.addr);
}
else
{
if(*bp.name)
dprintf("Hardware breakpoint (%s%s) \"%s\" at "fhex"!\n", bpsize, bptype, bp.name, bp.addr);
dprintf("Hardware breakpoint (%s%s) \"%s\" at " fhex "!\n", bpsize, bptype, bp.name, bp.addr);
else
dprintf("Hardware breakpoint (%s%s) at "fhex"!\n", bpsize, bptype, bp.addr);
dprintf("Hardware breakpoint (%s%s) at " fhex "!\n", bpsize, bptype, bp.addr);
}
BpToBridge(&bp, &pluginBp);
bpInfo.breakpoint = &pluginBp;
@ -408,16 +408,16 @@ void cbMemoryBreakpoint(void* ExceptionAddress)
if(symbolicname)
{
if(*bp.name)
dprintf("Memory breakpoint%s \"%s\" at %s ("fhex", "fhex")!\n", bptype, bp.name, symbolicname, bp.addr, ExceptionAddress);
dprintf("Memory breakpoint%s \"%s\" at %s (" fhex ", " fhex ")!\n", bptype, bp.name, symbolicname, bp.addr, ExceptionAddress);
else
dprintf("Memory breakpoint%s at %s ("fhex", "fhex")!\n", bptype, symbolicname, bp.addr, ExceptionAddress);
dprintf("Memory breakpoint%s at %s (" fhex ", " fhex ")!\n", bptype, symbolicname, bp.addr, ExceptionAddress);
}
else
{
if(*bp.name)
dprintf("Memory breakpoint%s \"%s\" at "fhex" ("fhex")!\n", bptype, bp.name, bp.addr, ExceptionAddress);
dprintf("Memory breakpoint%s \"%s\" at " fhex " (" fhex ")!\n", bptype, bp.name, bp.addr, ExceptionAddress);
else
dprintf("Memory breakpoint%s at "fhex" ("fhex")!\n", bptype, bp.addr, ExceptionAddress);
dprintf("Memory breakpoint%s at " fhex " (" fhex ")!\n", bptype, bp.addr, ExceptionAddress);
}
BpToBridge(&bp, &pluginBp);
bpInfo.breakpoint = &pluginBp;
@ -521,7 +521,7 @@ bool cbSetModuleBreakpoints(const BREAKPOINT* bp)
case BPNORMAL:
{
if(!SetBPX(bp->addr, bp->titantype, (void*)cbUserBreakpoint))
dprintf("Could not set breakpoint "fhex"! (SetBPX)\n", bp->addr);
dprintf("Could not set breakpoint " fhex "! (SetBPX)\n", bp->addr);
}
break;
@ -530,7 +530,7 @@ bool cbSetModuleBreakpoints(const BREAKPOINT* bp)
uint size = 0;
MemFindBaseAddr(bp->addr, &size);
if(!SetMemoryBPXEx(bp->addr, size, bp->titantype, !bp->singleshoot, (void*)cbMemoryBreakpoint))
dprintf("Could not set memory breakpoint "fhex"! (SetMemoryBPXEx)\n", bp->addr);
dprintf("Could not set memory breakpoint " fhex "! (SetMemoryBPXEx)\n", bp->addr);
}
break;
@ -546,7 +546,7 @@ bool cbSetModuleBreakpoints(const BREAKPOINT* bp)
TITANSETDRX(titantype, drx);
BpSetTitanType(bp->addr, BPHARDWARE, titantype);
if(!SetHardwareBreakPoint(bp->addr, drx, TITANGETTYPE(bp->titantype), TITANGETSIZE(bp->titantype), (void*)cbHardwareBreakpoint))
dprintf("Could not set hardware breakpoint "fhex"! (SetHardwareBreakPoint)\n", bp->addr);
dprintf("Could not set hardware breakpoint " fhex "! (SetHardwareBreakPoint)\n", bp->addr);
}
break;
@ -564,15 +564,15 @@ static bool cbRemoveModuleBreakpoints(const BREAKPOINT* bp)
{
case BPNORMAL:
if(!DeleteBPX(bp->addr))
dprintf("Could not delete breakpoint "fhex"! (DeleteBPX)\n", bp->addr);
dprintf("Could not delete breakpoint " fhex "! (DeleteBPX)\n", bp->addr);
break;
case BPMEMORY:
if(!RemoveMemoryBPX(bp->addr, 0))
dprintf("Could not delete memory breakpoint "fhex"! (RemoveMemoryBPX)\n", bp->addr);
dprintf("Could not delete memory breakpoint " fhex "! (RemoveMemoryBPX)\n", bp->addr);
break;
case BPHARDWARE:
if(!DeleteHardwareBreakPoint(TITANGETDRX(bp->titantype)))
dprintf("Could not delete hardware breakpoint "fhex"! (DeleteHardwareBreakPoint)\n", bp->addr);
dprintf("Could not delete hardware breakpoint " fhex "! (DeleteHardwareBreakPoint)\n", bp->addr);
break;
default:
break;
@ -638,7 +638,7 @@ static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo)
char DebugFileName[deflen] = "";
if(!GetFileNameFromHandle(CreateProcessInfo->hFile, DebugFileName))
strcpy_s(DebugFileName, "??? (GetFileNameFromHandle failed!)");
dprintf("Process Started: "fhex" %s\n", base, DebugFileName);
dprintf("Process Started: " fhex " %s\n", base, DebugFileName);
//update memory map
dbggetprivateusage(fdProcessInfo->hProcess, true);
@ -713,15 +713,15 @@ static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo)
for(unsigned int i = 0; i < NumberOfCallBacks; i++)
{
uint callbackVA = TLSCallBacks()[i] - ImageBase + pDebuggedBase;
if (MemIsValidReadPtr(callbackVA))
if(MemIsValidReadPtr(callbackVA))
{
sprintf(command, "bp "fhex",\"TLS Callback %d\",ss", callbackVA, i + 1);
sprintf(command, "bp " fhex ",\"TLS Callback %d\",ss", callbackVA, i + 1);
cmddirectexec(dbggetcommandlist(), command);
}
else
invalidCount++;
}
if (invalidCount)
if(invalidCount)
dprintf("%d invalid TLS callback addresses...\n", invalidCount);
}
}
@ -729,7 +729,7 @@ static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo)
if(settingboolget("Events", "EntryBreakpoint"))
{
sprintf(command, "bp "fhex",\"entry breakpoint\",ss", (uint)CreateProcessInfo->lpStartAddress);
sprintf(command, "bp " fhex ",\"entry breakpoint\",ss", (uint)CreateProcessInfo->lpStartAddress);
cmddirectexec(dbggetcommandlist(), command);
}
}
@ -770,7 +770,7 @@ static void cbCreateThread(CREATE_THREAD_DEBUG_INFO* CreateThread)
if(settingboolget("Events", "ThreadEntry"))
{
char command[256] = "";
sprintf(command, "bp "fhex",\"Thread %X\",ss", (uint)CreateThread->lpStartAddress, dwThreadId);
sprintf(command, "bp " fhex ",\"Thread %X\",ss", (uint)CreateThread->lpStartAddress, dwThreadId);
cmddirectexec(dbggetcommandlist(), command);
}
@ -866,7 +866,7 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll)
char DLLDebugFileName[deflen] = "";
if(!GetFileNameFromHandle(LoadDll->hFile, DLLDebugFileName))
strcpy_s(DLLDebugFileName, "??? (GetFileNameFromHandle failed!)");
strcpy_s(DLLDebugFileName, "??? (GetFileNameFromHandle failed!)");
SafeSymLoadModuleEx(fdProcessInfo->hProcess, LoadDll->hFile, DLLDebugFileName, 0, (DWORD64)base, 0, 0, 0);
IMAGEHLP_MODULE64 modInfo;
@ -895,7 +895,7 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll)
if(settingboolget("Events", "EntryBreakpoint"))
{
bAlreadySetEntry = true;
sprintf(command, "bp "fhex",\"entry breakpoint\",ss", pDebuggedBase + pDebuggedEntry);
sprintf(command, "bp " fhex ",\"entry breakpoint\",ss", pDebuggedBase + pDebuggedEntry);
cmddirectexec(dbggetcommandlist(), command);
}
}
@ -918,18 +918,18 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll)
for(unsigned int i = 0; i < NumberOfCallBacks; i++)
{
uint callbackVA = TLSCallBacks()[i] - ImageBase + (uint)base;
if (MemIsValidReadPtr(callbackVA))
if(MemIsValidReadPtr(callbackVA))
{
if (bIsDebuggingThis)
sprintf(command, "bp "fhex",\"TLS Callback %d\",ss", callbackVA, i + 1);
if(bIsDebuggingThis)
sprintf(command, "bp " fhex ",\"TLS Callback %d\",ss", callbackVA, i + 1);
else
sprintf(command, "bp "fhex",\"TLS Callback %d (%s)\",ss", callbackVA, i + 1, modname);
sprintf(command, "bp " fhex ",\"TLS Callback %d (%s)\",ss", callbackVA, i + 1, modname);
cmddirectexec(dbggetcommandlist(), command);
}
else
invalidCount++;
}
if (invalidCount)
if(invalidCount)
dprintf("%s invalid TLS callback addresses...\n", invalidCount);
}
}
@ -941,12 +941,12 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll)
if(oep)
{
char command[256] = "";
sprintf(command, "bp "fhex",\"DllMain (%s)\",ss", oep + (uint)base, modname);
sprintf(command, "bp " fhex ",\"DllMain (%s)\",ss", oep + (uint)base, modname);
cmddirectexec(dbggetcommandlist(), command);
}
}
dprintf("DLL Loaded: "fhex" %s\n", base, DLLDebugFileName);
dprintf("DLL Loaded: " fhex " %s\n", base, DLLDebugFileName);
//plugin callback
PLUG_CB_LOADDLL callbackInfo;
@ -984,7 +984,7 @@ static void cbUnloadDll(UNLOAD_DLL_DEBUG_INFO* UnloadDll)
BpEnumAll(cbRemoveModuleBreakpoints, modname);
GuiUpdateBreakpointsView();
SafeSymUnloadModule64(fdProcessInfo->hProcess, (DWORD64)base);
dprintf("DLL Unloaded: "fhex" %s\n", base, modname);
dprintf("DLL Unloaded: " fhex " %s\n", base, modname);
if(bBreakOnNextDll || settingboolget("Events", "DllUnload"))
{
@ -1114,9 +1114,9 @@ static void cbException(EXCEPTION_DEBUG_INFO* ExceptionData)
if(ExceptionData->dwFirstChance) //first chance exception
{
if(exceptionName)
dprintf("First chance exception on "fhex" (%.8X, %s)!\n", addr, ExceptionCode, exceptionName);
dprintf("First chance exception on " fhex " (%.8X, %s)!\n", addr, ExceptionCode, exceptionName);
else
dprintf("First chance exception on "fhex" (%.8X)!\n", addr, ExceptionCode);
dprintf("First chance exception on " fhex " (%.8X)!\n", addr, ExceptionCode);
SetNextDbgContinueStatus(DBG_EXCEPTION_NOT_HANDLED);
if(bSkipExceptions || dbgisignoredexception(ExceptionCode))
return;
@ -1124,9 +1124,9 @@ static void cbException(EXCEPTION_DEBUG_INFO* ExceptionData)
else //lock the exception
{
if(exceptionName)
dprintf("Last chance exception on "fhex" (%.8X, %s)!\n", addr, ExceptionCode, exceptionName);
dprintf("Last chance exception on " fhex " (%.8X, %s)!\n", addr, ExceptionCode, exceptionName);
else
dprintf("Last chance exception on "fhex" (%.8X)!\n", addr, ExceptionCode);
dprintf("Last chance exception on " fhex " (%.8X)!\n", addr, ExceptionCode);
SetNextDbgContinueStatus(DBG_CONTINUE);
}
@ -1252,12 +1252,12 @@ bool cbDeleteAllBreakpoints(const BREAKPOINT* bp)
{
if(!BpDelete(bp->addr, BPNORMAL))
{
dprintf("Delete breakpoint failed (BpDelete): "fhex"\n", bp->addr);
dprintf("Delete breakpoint failed (BpDelete): " fhex "\n", bp->addr);
return false;
}
if(!bp->enabled || DeleteBPX(bp->addr))
return true;
dprintf("Delete breakpoint failed (DeleteBPX): "fhex"\n", bp->addr);
dprintf("Delete breakpoint failed (DeleteBPX): " fhex "\n", bp->addr);
return false;
}
@ -1268,12 +1268,12 @@ bool cbEnableAllBreakpoints(const BREAKPOINT* bp)
if(!BpEnable(bp->addr, BPNORMAL, true))
{
dprintf("Could not enable breakpoint "fhex" (BpEnable)\n", bp->addr);
dprintf("Could not enable breakpoint " fhex " (BpEnable)\n", bp->addr);
return false;
}
if(!SetBPX(bp->addr, bp->titantype, (void*)cbUserBreakpoint))
{
dprintf("Could not enable breakpoint "fhex" (SetBPX)\n", bp->addr);
dprintf("Could not enable breakpoint " fhex " (SetBPX)\n", bp->addr);
return false;
}
return true;
@ -1286,12 +1286,12 @@ bool cbDisableAllBreakpoints(const BREAKPOINT* bp)
if(!BpEnable(bp->addr, BPNORMAL, false))
{
dprintf("Could not disable breakpoint "fhex" (BpEnable)\n", bp->addr);
dprintf("Could not disable breakpoint " fhex " (BpEnable)\n", bp->addr);
return false;
}
if(!DeleteBPX(bp->addr))
{
dprintf("Could not disable breakpoint "fhex" (DeleteBPX)\n", bp->addr);
dprintf("Could not disable breakpoint " fhex " (DeleteBPX)\n", bp->addr);
return false;
}
return true;
@ -1304,7 +1304,7 @@ bool cbEnableAllHardwareBreakpoints(const BREAKPOINT* bp)
DWORD drx = 0;
if(!GetUnusedHardwareBreakPointRegister(&drx))
{
dprintf("Did not enable hardware breakpoint "fhex" (all slots full)\n", bp->addr);
dprintf("Did not enable hardware breakpoint " fhex " (all slots full)\n", bp->addr);
return true;
}
int titantype = bp->titantype;
@ -1312,12 +1312,12 @@ bool cbEnableAllHardwareBreakpoints(const BREAKPOINT* bp)
BpSetTitanType(bp->addr, BPHARDWARE, titantype);
if(!BpEnable(bp->addr, BPHARDWARE, true))
{
dprintf("Could not enable hardware breakpoint "fhex" (BpEnable)\n", bp->addr);
dprintf("Could not enable hardware breakpoint " fhex " (BpEnable)\n", bp->addr);
return false;
}
if(!SetHardwareBreakPoint(bp->addr, drx, TITANGETTYPE(bp->titantype), TITANGETSIZE(bp->titantype), (void*)cbHardwareBreakpoint))
{
dprintf("Could not enable hardware breakpoint "fhex" (SetHardwareBreakPoint)\n", bp->addr);
dprintf("Could not enable hardware breakpoint " fhex " (SetHardwareBreakPoint)\n", bp->addr);
return false;
}
return true;
@ -1329,12 +1329,12 @@ bool cbDisableAllHardwareBreakpoints(const BREAKPOINT* bp)
return true;
if(!BpEnable(bp->addr, BPHARDWARE, false))
{
dprintf("Could not disable hardware breakpoint "fhex" (BpEnable)\n", bp->addr);
dprintf("Could not disable hardware breakpoint " fhex " (BpEnable)\n", bp->addr);
return false;
}
if(!DeleteHardwareBreakPoint(TITANGETDRX(bp->titantype)))
{
dprintf("Could not disable hardware breakpoint "fhex" (DeleteHardwareBreakPoint)\n", bp->addr);
dprintf("Could not disable hardware breakpoint " fhex " (DeleteHardwareBreakPoint)\n", bp->addr);
return false;
}
return true;
@ -1348,12 +1348,12 @@ bool cbEnableAllMemoryBreakpoints(const BREAKPOINT* bp)
MemFindBaseAddr(bp->addr, &size);
if(!BpEnable(bp->addr, BPMEMORY, true))
{
dprintf("Could not enable memory breakpoint "fhex" (BpEnable)\n", bp->addr);
dprintf("Could not enable memory breakpoint " fhex " (BpEnable)\n", bp->addr);
return false;
}
if(!SetMemoryBPXEx(bp->addr, size, bp->titantype, !bp->singleshoot, (void*)cbMemoryBreakpoint))
{
dprintf("Could not enable memory breakpoint "fhex" (SetMemoryBPXEx)\n", bp->addr);
dprintf("Could not enable memory breakpoint " fhex " (SetMemoryBPXEx)\n", bp->addr);
return false;
}
return true;
@ -1365,12 +1365,12 @@ bool cbDisableAllMemoryBreakpoints(const BREAKPOINT* bp)
return true;
if(!BpEnable(bp->addr, BPMEMORY, false))
{
dprintf("Could not disable memory breakpoint "fhex" (BpEnable)\n", bp->addr);
dprintf("Could not disable memory breakpoint " fhex " (BpEnable)\n", bp->addr);
return false;
}
if(!RemoveMemoryBPX(bp->addr, 0))
{
dprintf("Could not disable memory breakpoint "fhex" (RemoveMemoryBPX)\n", bp->addr);
dprintf("Could not disable memory breakpoint " fhex " (RemoveMemoryBPX)\n", bp->addr);
return false;
}
return true;
@ -1392,9 +1392,9 @@ bool cbBreakpointList(const BREAKPOINT* bp)
type = "GP";
bool enabled = bp->enabled;
if(*bp->name)
dprintf("%d:%s:"fhex":\"%s\"\n", enabled, type, bp->addr, bp->name);
dprintf("%d:%s:" fhex ":\"%s\"\n", enabled, type, bp->addr, bp->name);
else
dprintf("%d:%s:"fhex"\n", enabled, type, bp->addr);
dprintf("%d:%s:" fhex "\n", enabled, type, bp->addr);
return true;
}
@ -1406,12 +1406,12 @@ bool cbDeleteAllMemoryBreakpoints(const BREAKPOINT* bp)
MemFindBaseAddr(bp->addr, &size);
if(!BpDelete(bp->addr, BPMEMORY))
{
dprintf("Delete memory breakpoint failed (BpDelete): "fhex"\n", bp->addr);
dprintf("Delete memory breakpoint failed (BpDelete): " fhex "\n", bp->addr);
return false;
}
if(!RemoveMemoryBPX(bp->addr, size))
{
dprintf("Delete memory breakpoint failed (RemoveMemoryBPX): "fhex"\n", bp->addr);
dprintf("Delete memory breakpoint failed (RemoveMemoryBPX): " fhex "\n", bp->addr);
return false;
}
return true;
@ -1423,12 +1423,12 @@ bool cbDeleteAllHardwareBreakpoints(const BREAKPOINT* bp)
return true;
if(!BpDelete(bp->addr, BPHARDWARE))
{
dprintf("Delete hardware breakpoint failed (BpDelete): "fhex"\n", bp->addr);
dprintf("Delete hardware breakpoint failed (BpDelete): " fhex "\n", bp->addr);
return false;
}
if(!DeleteHardwareBreakPoint(TITANGETDRX(bp->titantype)))
{
dprintf("Delete hardware breakpoint failed (DeleteHardwareBreakPoint): "fhex"\n", bp->addr);
dprintf("Delete hardware breakpoint failed (DeleteHardwareBreakPoint): " fhex "\n", bp->addr);
return false;
}
return true;
@ -1627,118 +1627,6 @@ static bool readwritejitkey(wchar_t* jit_key_value, DWORD* jit_key_vale_size, ch
return (lRv == ERROR_SUCCESS);
}
bool dbgpagerightstostring(DWORD protect, char* rights)
{
memset(rights, 0, RIGHTS_STRING_SIZE);
switch(protect & 0xFF)
{
case PAGE_EXECUTE:
strcpy_s(rights, RIGHTS_STRING_SIZE, "E---");
break;
case PAGE_EXECUTE_READ:
strcpy_s(rights, RIGHTS_STRING_SIZE, "ER--");
break;
case PAGE_EXECUTE_READWRITE:
strcpy_s(rights, RIGHTS_STRING_SIZE, "ERW-");
break;
case PAGE_EXECUTE_WRITECOPY:
strcpy_s(rights, RIGHTS_STRING_SIZE, "ERWC");
break;
case PAGE_NOACCESS:
strcpy_s(rights, RIGHTS_STRING_SIZE, "----");
break;
case PAGE_READONLY:
strcpy_s(rights, RIGHTS_STRING_SIZE, "-R--");
break;
case PAGE_READWRITE:
strcpy_s(rights, RIGHTS_STRING_SIZE, "-RW-");
break;
case PAGE_WRITECOPY:
strcpy_s(rights, RIGHTS_STRING_SIZE, "-RWC");
break;
}
if(protect & PAGE_GUARD)
strcat_s(rights, RIGHTS_STRING_SIZE, "G");
else
strcat_s(rights, RIGHTS_STRING_SIZE, "-");
return true;
}
static uint dbggetpageligned(uint addr)
{
#ifdef _WIN64
addr &= 0xFFFFFFFFFFFFF000;
#else // _WIN32
addr &= 0xFFFFF000;
#endif // _WIN64
return addr;
}
static bool dbgpagerightsfromstring(DWORD* protect, const char* rights_string)
{
if(strlen(rights_string) < 2)
return false;
*protect = 0;
if(rights_string[0] == 'G' || rights_string[0] == 'g')
{
*protect |= PAGE_GUARD;
rights_string++;
}
if(_strcmpi(rights_string, "Execute") == 0)
*protect |= PAGE_EXECUTE;
else if(_strcmpi(rights_string, "ExecuteRead") == 0)
*protect |= PAGE_EXECUTE_READ;
else if(_strcmpi(rights_string, "ExecuteReadWrite") == 0)
*protect |= PAGE_EXECUTE_READWRITE;
else if(_strcmpi(rights_string, "ExecuteWriteCopy") == 0)
*protect |= PAGE_EXECUTE_WRITECOPY;
else if(_strcmpi(rights_string, "NoAccess") == 0)
*protect |= PAGE_NOACCESS;
else if(_strcmpi(rights_string, "ReadOnly") == 0)
*protect |= PAGE_READONLY;
else if(_strcmpi(rights_string, "ReadWrite") == 0)
*protect |= PAGE_READWRITE;
else if(_strcmpi(rights_string, "WriteCopy") == 0)
*protect |= PAGE_WRITECOPY;
if(*protect == 0)
return false;
return true;
}
bool dbgsetpagerights(uint addr, const char* rights_string)
{
DWORD protect;
DWORD old_protect;
addr = dbggetpageligned(addr);
if(!dbgpagerightsfromstring(& protect, rights_string))
return false;
if(VirtualProtectEx(fdProcessInfo->hProcess, (void*)addr, PAGE_SIZE, protect, & old_protect) == 0)
return false;
return true;
}
bool dbggetpagerights(uint addr, char* rights)
{
addr = dbggetpageligned(addr);
MEMORY_BASIC_INFORMATION mbi;
if(VirtualQueryEx(fdProcessInfo->hProcess, (const void*)addr, &mbi, sizeof(mbi)) == 0)
return false;
return dbgpagerightstostring(mbi.Protect, rights);
}
bool dbggetjitauto(bool* auto_on, arch arch_in, arch* arch_out, readwritejitkey_error_t* rw_error_out)
{
wchar_t jit_entry[4] = L"";

3
x64_dbg_dbg/debugger.h
View File

@ -100,9 +100,6 @@ bool dbglistprocesses(std::vector<PROCESSENTRY32>* list);
bool IsProcessElevated();
bool dbgsetcmdline(const char* cmd_line, cmdline_error_t* cmd_line_error);
bool dbggetcmdline(char** cmd_line, cmdline_error_t* cmd_line_error);
bool dbggetpagerights(uint addr, char* rights);
bool dbgsetpagerights(uint addr, const char* rights_string);
bool dbgpagerightstostring(DWORD protect, char* rights);
void dbgstartscriptthread(CBPLUGINSCRIPT cbScript);
uint dbggetdebuggedbase();

86
x64_dbg_dbg/debugger_commands.cpp
View File

@ -235,25 +235,25 @@ CMDRESULT cbDebugSetBPX(int argc, char* argv[]) //bp addr [,name [,type]]
}
if(IsBPXEnabled(addr))
{
dprintf("Error setting breakpoint at "fhex"! (IsBPXEnabled)\n", addr);
dprintf("Error setting breakpoint at " fhex "! (IsBPXEnabled)\n", addr);
return STATUS_ERROR;
}
else if(!MemRead(addr, &oldbytes, sizeof(short)))
{
dprintf("Error setting breakpoint at "fhex"! (memread)\n", addr);
dprintf("Error setting breakpoint at " fhex "! (memread)\n", addr);
return STATUS_ERROR;
}
else if(!BpNew(addr, true, singleshoot, oldbytes, BPNORMAL, type, bpname))
{
dprintf("Error setting breakpoint at "fhex"! (bpnew)\n", addr);
dprintf("Error setting breakpoint at " fhex "! (bpnew)\n", addr);
return STATUS_ERROR;
}
else if(!SetBPX(addr, type, (void*)cbUserBreakpoint))
{
dprintf("Error setting breakpoint at "fhex"! (SetBPX)\n", addr);
dprintf("Error setting breakpoint at " fhex "! (SetBPX)\n", addr);
return STATUS_ERROR;
}
dprintf("Breakpoint at "fhex" set!\n", addr);
dprintf("Breakpoint at " fhex " set!\n", addr);
GuiUpdateAllViews();
return STATUS_CONTINUE;
}
@ -281,12 +281,12 @@ CMDRESULT cbDebugDeleteBPX(int argc, char* argv[])
{
if(!BpDelete(found.addr, BPNORMAL))
{
dprintf("Delete breakpoint failed (bpdel): "fhex"\n", found.addr);
dprintf("Delete breakpoint failed (bpdel): " fhex "\n", found.addr);
return STATUS_ERROR;
}
else if(found.enabled && !DeleteBPX(found.addr))
{
dprintf("Delete breakpoint failed (DeleteBPX): "fhex"\n", found.addr);
dprintf("Delete breakpoint failed (DeleteBPX): " fhex "\n", found.addr);
GuiUpdateAllViews();
return STATUS_ERROR;
}
@ -300,12 +300,12 @@ CMDRESULT cbDebugDeleteBPX(int argc, char* argv[])
}
if(!BpDelete(found.addr, BPNORMAL))
{
dprintf("Delete breakpoint failed (bpdel): "fhex"\n", found.addr);
dprintf("Delete breakpoint failed (bpdel): " fhex "\n", found.addr);
return STATUS_ERROR;
}
else if(found.enabled && !DeleteBPX(found.addr))
{
dprintf("Delete breakpoint failed (DeleteBPX): "fhex"\n", found.addr);
dprintf("Delete breakpoint failed (DeleteBPX): " fhex "\n", found.addr);
GuiUpdateAllViews();
return STATUS_ERROR;
}
@ -334,12 +334,12 @@ CMDRESULT cbDebugEnableBPX(int argc, char* argv[])
{
if(!BpEnable(found.addr, BPNORMAL, true))
{
dprintf("Could not enable breakpoint "fhex" (BpEnable)\n", found.addr);
dprintf("Could not enable breakpoint " fhex " (BpEnable)\n", found.addr);
return STATUS_ERROR;
}
if(!SetBPX(found.addr, found.titantype, (void*)cbUserBreakpoint))
{
dprintf("Could not enable breakpoint "fhex" (SetBPX)\n", found.addr);
dprintf("Could not enable breakpoint " fhex " (SetBPX)\n", found.addr);
return STATUS_ERROR;
}
GuiUpdateAllViews();
@ -359,12 +359,12 @@ CMDRESULT cbDebugEnableBPX(int argc, char* argv[])
}
if(!BpEnable(found.addr, BPNORMAL, true))
{
dprintf("Could not enable breakpoint "fhex" (BpEnable)\n", found.addr);
dprintf("Could not enable breakpoint " fhex " (BpEnable)\n", found.addr);
return STATUS_ERROR;
}
if(!SetBPX(found.addr, found.titantype, (void*)cbUserBreakpoint))
{
dprintf("Could not enable breakpoint "fhex" (SetBPX)\n", found.addr);
dprintf("Could not enable breakpoint " fhex " (SetBPX)\n", found.addr);
return STATUS_ERROR;
}
dputs("Breakpoint enabled!");
@ -392,12 +392,12 @@ CMDRESULT cbDebugDisableBPX(int argc, char* argv[])
{
if(!BpEnable(found.addr, BPNORMAL, false))
{
dprintf("Could not disable breakpoint "fhex" (BpEnable)\n", found.addr);
dprintf("Could not disable breakpoint " fhex " (BpEnable)\n", found.addr);
return STATUS_ERROR;
}
if(!DeleteBPX(found.addr))
{
dprintf("Could not disable breakpoint "fhex" (DeleteBPX)\n", found.addr);
dprintf("Could not disable breakpoint " fhex " (DeleteBPX)\n", found.addr);
return STATUS_ERROR;
}
GuiUpdateAllViews();
@ -416,12 +416,12 @@ CMDRESULT cbDebugDisableBPX(int argc, char* argv[])
}
if(!BpEnable(found.addr, BPNORMAL, false))
{
dprintf("Could not disable breakpoint "fhex" (BpEnable)\n", found.addr);
dprintf("Could not disable breakpoint " fhex " (BpEnable)\n", found.addr);
return STATUS_ERROR;
}
if(!DeleteBPX(found.addr))
{
dprintf("Could not disable breakpoint "fhex" (DeleteBPX)\n", found.addr);
dprintf("Could not disable breakpoint " fhex " (DeleteBPX)\n", found.addr);
return STATUS_ERROR;
}
dputs("Breakpoint disabled!");
@ -567,7 +567,7 @@ CMDRESULT cbDebugSetMemoryBpx(int argc, char* argv[])
dputs("Error setting memory breakpoint! (SetMemoryBPXEx)");
return STATUS_ERROR;
}
dprintf("Memory breakpoint at "fhex" set!\n", addr);
dprintf("Memory breakpoint at " fhex " set!\n", addr);
GuiUpdateAllViews();
return STATUS_CONTINUE;
}
@ -594,12 +594,12 @@ CMDRESULT cbDebugDeleteMemoryBreakpoint(int argc, char* argv[])
MemFindBaseAddr(found.addr, &size);
if(!BpDelete(found.addr, BPMEMORY))
{
dprintf("Delete memory breakpoint failed: "fhex" (BpDelete)\n", found.addr);
dprintf("Delete memory breakpoint failed: " fhex " (BpDelete)\n", found.addr);
return STATUS_ERROR;
}
if(!RemoveMemoryBPX(found.addr, size))
{
dprintf("Delete memory breakpoint failed: "fhex" (RemoveMemoryBPX)\n", found.addr);
dprintf("Delete memory breakpoint failed: " fhex " (RemoveMemoryBPX)\n", found.addr);
return STATUS_ERROR;
}
return STATUS_CONTINUE;
@ -614,12 +614,12 @@ CMDRESULT cbDebugDeleteMemoryBreakpoint(int argc, char* argv[])
MemFindBaseAddr(found.addr, &size);
if(!BpDelete(found.addr, BPMEMORY))
{
dprintf("Delete memory breakpoint failed: "fhex" (BpDelete)\n", found.addr);
dprintf("Delete memory breakpoint failed: " fhex " (BpDelete)\n", found.addr);
return STATUS_ERROR;
}
if(!RemoveMemoryBPX(found.addr, size))
{
dprintf("Delete memory breakpoint failed: "fhex" (RemoveMemoryBPX)\n", found.addr);
dprintf("Delete memory breakpoint failed: " fhex " (RemoveMemoryBPX)\n", found.addr);
return STATUS_ERROR;
}
dputs("Memory breakpoint deleted!");
@ -727,7 +727,7 @@ CMDRESULT cbDebugSetHardwareBreakpoint(int argc, char* argv[])
dputs("Error setting hardware breakpoint (TitanEngine)!");
return STATUS_ERROR;
}
dprintf("Hardware breakpoint at "fhex" set!\n", addr);
dprintf("Hardware breakpoint at " fhex " set!\n", addr);
GuiUpdateAllViews();
return STATUS_CONTINUE;
}
@ -752,12 +752,12 @@ CMDRESULT cbDebugDeleteHardwareBreakpoint(int argc, char* argv[])
{
if(!BpDelete(found.addr, BPHARDWARE))
{
dprintf("Delete hardware breakpoint failed: "fhex" (BpDelete)\n", found.addr);
dprintf("Delete hardware breakpoint failed: " fhex " (BpDelete)\n", found.addr);
return STATUS_ERROR;
}
if(!DeleteHardwareBreakPoint(TITANGETDRX(found.titantype)))
{
dprintf("Delete hardware breakpoint failed: "fhex" (DeleteHardwareBreakPoint)\n", found.addr);
dprintf("Delete hardware breakpoint failed: " fhex " (DeleteHardwareBreakPoint)\n", found.addr);
return STATUS_ERROR;
}
return STATUS_CONTINUE;
@ -770,12 +770,12 @@ CMDRESULT cbDebugDeleteHardwareBreakpoint(int argc, char* argv[])
}
if(!BpDelete(found.addr, BPHARDWARE))
{
dprintf("Delete hardware breakpoint failed: "fhex" (BpDelete)\n", found.addr);
dprintf("Delete hardware breakpoint failed: " fhex " (BpDelete)\n", found.addr);
return STATUS_ERROR;
}
if(!DeleteHardwareBreakPoint(TITANGETDRX(found.titantype)))
{
dprintf("Delete hardware breakpoint failed: "fhex" (DeleteHardwareBreakPoint)\n", found.addr);
dprintf("Delete hardware breakpoint failed: " fhex " (DeleteHardwareBreakPoint)\n", found.addr);
return STATUS_ERROR;
}
dputs("Hardware breakpoint deleted!");
@ -867,7 +867,7 @@ CMDRESULT cbDebugMemset(int argc, char* argv[])
if(!Fill((void*)addr, size & 0xFFFFFFFF, &fi))
dputs("Memset failed");
else
dprintf("Memory "fhex" (size: %.8X) set to %.2X\n", addr, size & 0xFFFFFFFF, value & 0xFF);
dprintf("Memory " fhex " (size: %.8X) set to %.2X\n", addr, size & 0xFFFFFFFF, value & 0xFF);
return STATUS_CONTINUE;
}
@ -1318,7 +1318,7 @@ CMDRESULT cbDebugEnableHardwareBreakpoint(int argc, char* argv[])
BpSetTitanType(found.addr, BPHARDWARE, found.titantype);
if(!BpEnable(found.addr, BPHARDWARE, true) || !SetHardwareBreakPoint(found.addr, drx, TITANGETTYPE(found.titantype), TITANGETSIZE(found.titantype), (void*)cbHardwareBreakpoint))
{
dprintf("Could not enable hardware breakpoint "fhex"\n", found.addr);
dprintf("Could not enable hardware breakpoint " fhex "\n", found.addr);
return STATUS_ERROR;
}
dputs("Hardware breakpoint enabled!");
@ -1355,7 +1355,7 @@ CMDRESULT cbDebugDisableHardwareBreakpoint(int argc, char* argv[])
}
if(!BpEnable(found.addr, BPHARDWARE, false) || !DeleteHardwareBreakPoint(TITANGETDRX(found.titantype)))
{
dprintf("Could not disable hardware breakpoint "fhex"\n", found.addr);
dprintf("Could not disable hardware breakpoint " fhex "\n", found.addr);
return STATUS_ERROR;
}
dputs("Hardware breakpoint disabled!");
@ -1395,7 +1395,7 @@ CMDRESULT cbDebugEnableMemoryBreakpoint(int argc, char* argv[])
MemFindBaseAddr(found.addr, &size);
if(!BpEnable(found.addr, BPMEMORY, true) || !SetMemoryBPXEx(found.addr, size, found.titantype, !found.singleshoot, (void*)cbMemoryBreakpoint))
{
dprintf("Could not enable memory breakpoint "fhex"\n", found.addr);
dprintf("Could not enable memory breakpoint " fhex "\n", found.addr);
return STATUS_ERROR;
}
dputs("Memory breakpoint enabled!");
@ -1434,7 +1434,7 @@ CMDRESULT cbDebugDisableMemoryBreakpoint(int argc, char* argv[])
MemFindBaseAddr(found.addr, &size);
if(!BpEnable(found.addr, BPMEMORY, false) || !RemoveMemoryBPX(found.addr, size))
{
dprintf("Could not disable memory breakpoint "fhex"\n", found.addr);
dprintf("Could not disable memory breakpoint " fhex "\n", found.addr);
return STATUS_ERROR;
}
dputs("Memory breakpoint disabled!");
@ -1832,13 +1832,13 @@ CMDRESULT cbDebugGetPageRights(int argc, char* argv[])
return STATUS_ERROR;
}
if(!dbggetpagerights(addr, rights))
if(!MemGetPageRights(addr, rights))
{
dprintf("Error getting rights of page: %s\n", argv[1]);
return STATUS_ERROR;
}
dprintf("Page: "fhex", Rights: %s\n", addr, rights);
dprintf("Page: " fhex ", Rights: %s\n", addr, rights);
return STATUS_CONTINUE;
}
@ -1854,13 +1854,13 @@ CMDRESULT cbDebugSetPageRights(int argc, char* argv[])
return STATUS_ERROR;
}
if(!dbgsetpagerights(addr, argv[2]))
if(!MemSetPageRights(addr, argv[2]))
{
dprintf("Error: Set rights of "fhex" with Rights: %s\n", addr, argv[2]);
dprintf("Error: Set rights of " fhex " with Rights: %s\n", addr, argv[2]);
return STATUS_ERROR;
}
if(!dbggetpagerights(addr, rights))
if(!MemGetPageRights(addr, rights))
{
dprintf("Error getting rights of page: %s\n", argv[1]);
return STATUS_ERROR;
@ -1871,7 +1871,7 @@ CMDRESULT cbDebugSetPageRights(int argc, char* argv[])
MemUpdateMap();
GuiUpdateMemoryView();
dprintf("New rights of "fhex": %s\n", addr, rights);
dprintf("New rights of " fhex ": %s\n", addr, rights);
return STATUS_CONTINUE;
}
@ -1918,21 +1918,21 @@ CMDRESULT cbDebugLoadLib(int argc, char* argv[])
// Arch specific asm code
#ifdef _WIN64
sprintf(command, "mov rcx, "fhex, (uint)DLLNameMem);
sprintf(command, "mov rcx, " fhex, (uint)DLLNameMem);
#else
sprintf(command, "push "fhex, DLLNameMem);
sprintf(command, "push " fhex, DLLNameMem);
#endif // _WIN64
assembleat((uint)ASMAddr, command, &size, error, true);
counter += size;
#ifdef _WIN64
sprintf(command, "mov rax, "fhex, LoadLibraryA);
sprintf(command, "mov rax, " fhex, LoadLibraryA);
assembleat((uint)ASMAddr + counter, command, &size, error, true);
counter += size;
sprintf(command, "call rax");
#else
sprintf(command, "call "fhex, LoadLibraryA);
sprintf(command, "call " fhex, LoadLibraryA);
#endif // _WIN64
assembleat((uint)ASMAddr + counter, command, &size, error, true);
@ -2032,7 +2032,7 @@ void showcommandlineerror(cmdline_error_t* cmdline_error)
if(!unkown)
{
if(cmdline_error->addr != 0)
dprintf(" (Address: "fhex")", cmdline_error->addr);
dprintf(" (Address: " fhex ")", cmdline_error->addr);
dputs("");
}
}

9
x64_dbg_dbg/disasm_helper.cpp
View File

@ -232,7 +232,7 @@ void disasmprint(uint addr)
disasmget(addr, &instr);
dprintf(">%d:\"%s\":\n", instr.type, instr.instruction);
for(int i = 0; i < instr.argcount; i++)
dprintf(" %d:%d:%"fext"X:%"fext"X:%"fext"X\n", i, instr.arg[i].type, instr.arg[i].constant, instr.arg[i].value, instr.arg[i].memvalue);
dprintf(" %d:%d:%" fext "X:%" fext "X:%" fext "X\n", i, instr.arg[i].type, instr.arg[i].constant, instr.arg[i].value, instr.arg[i].memvalue);
}
static bool isasciistring(const unsigned char* data, int maxlen)
@ -296,11 +296,6 @@ bool disasmgetstringat(uint addr, STRING_TYPE* type, char* ascii, char* unicode,
if(!MemRead(addr, data(), (maxlen + 1) * 2))
return false;
uint test = 0;
memcpy(&test, data(), sizeof(uint));
if(MemIsValidReadPtr(test))
return false;
// Save a few pointer casts
auto asciiData = (char*)data();
auto unicodeData = (wchar_t*)data();
@ -338,7 +333,7 @@ bool disasmgetstringat(uint addr, STRING_TYPE* type, char* ascii, char* unicode,
String escaped = StringUtils::Escape(asciiData);
// Copy data back to outgoing parameter
strncpy_s(unicode, min(int(escaped.length()) +1, maxlen), escaped.c_str(), _TRUNCATE);
strncpy_s(unicode, min(int(escaped.length()) + 1, maxlen), escaped.c_str(), _TRUNCATE);
return true;
}

1
x64_dbg_dbg/exception.cpp
View File

@ -25,6 +25,7 @@ void ExceptionCodeInit()
ExceptionNames.insert(std::make_pair(0x40010007, "DBG_RIPEXCEPTION"));
ExceptionNames.insert(std::make_pair(0x40010008, "DBG_CONTROL_BREAK"));
ExceptionNames.insert(std::make_pair(0x40010009, "DBG_COMMAND_EXCEPTION"));
ExceptionNames.insert(std::make_pair(0x4001000A, "DBG_PRINTEXCEPTIONW_C"));
ExceptionNames.insert(std::make_pair(0x406D1388, "MS_VC_EXCEPTION"));
ExceptionNames.insert(std::make_pair(0x80000001, "EXCEPTION_GUARD_PAGE"));
ExceptionNames.insert(std::make_pair(0x80000002, "EXCEPTION_DATATYPE_MISALIGNMENT"));

29
x64_dbg_dbg/filehelper.cpp Normal file
View File

@ -0,0 +1,29 @@
#include "filehelper.h"
bool FileHelper::ReadAllText(const String & fileName, String & content)
{
Handle hFile = CreateFileW(StringUtils::Utf8ToUtf16(fileName).c_str(), GENERIC_READ, FILE_SHARE_READ, nullptr, OPEN_EXISTING, 0, nullptr);
if(hFile == INVALID_HANDLE_VALUE)
return false;
unsigned int filesize = GetFileSize(hFile, 0);
if(!filesize)
{
content.clear();
return true;
}
Memory<char*> filedata(filesize + 1, "FileReader::ReadAllText:filedata");
DWORD read = 0;
if(!ReadFile(hFile, filedata(), filesize, &read, 0))
return false;
content = String(filedata());
return true;
}
bool FileHelper::WriteAllText(const String & fileName, const String & content)
{
Handle hFile = CreateFileW(StringUtils::Utf8ToUtf16(fileName).c_str(), GENERIC_WRITE, 0, nullptr, CREATE_ALWAYS, 0, nullptr);
if(hFile == INVALID_HANDLE_VALUE)
return false;
DWORD written = 0;
return !!WriteFile(hFile, content.c_str(), content.length(), &written, nullptr);
}

3
x64_dbg_dbg/filereader.h → x64_dbg_dbg/filehelper.h
View File

@ -3,10 +3,11 @@
#include "_global.h"
class FileReader
class FileHelper
{
public:
static bool ReadAllText(const String & fileName, String & content);
static bool WriteAllText(const String & fileName, const String & content);
};
#endif //_FILEREADER_H

20
x64_dbg_dbg/filereader.cpp
View File

@ -1,20 +0,0 @@
#include "filereader.h"
bool FileReader::ReadAllText(const String & fileName, String & content)
{
Handle hFile = CreateFileW(StringUtils::Utf8ToUtf16(fileName).c_str(), GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
if(hFile == INVALID_HANDLE_VALUE)
return false;
unsigned int filesize = GetFileSize(hFile, 0);
if(!filesize)
{
content.clear();
return true;
}
Memory<char*> filedata(filesize + 1, "FileReader::ReadAllText:filedata");
DWORD read = 0;
if(!ReadFile(hFile, filedata(), filesize, &read, 0))
return false;
content = String(filedata());
return true;
}

212
x64_dbg_dbg/instruction.cpp
View File

@ -25,13 +25,16 @@
#include "patternfind.h"
#include "module.h"
#include "stringformat.h"
#include "filereader.h"
#include "filehelper.h"
#include "linearanalysis.h"
#include "controlflowanalysis.h"
#include "analysis_nukem.h"
#include "exceptiondirectoryanalysis.h"
#include "_scriptapi_stack.h"
#include "threading.h"
static bool bRefinit = false;
static int maxFindResults = 5000;
CMDRESULT cbBadCmd(int argc, char* argv[])
{
@ -52,14 +55,14 @@ CMDRESULT cbBadCmd(int argc, char* argv[])
if(value > 15 && !hexonly)
{
if(!valuesignedcalc()) //signed numbers
sprintf(format_str, "%%s=%%.%d"fext"X (%%"fext"ud)\n", valsize);
sprintf(format_str, "%%s=%%.%d" fext "X (%%" fext "ud)\n", valsize);
else
sprintf(format_str, "%%s=%%.%d"fext"X (%%"fext"d)\n", valsize);
sprintf(format_str, "%%s=%%.%d" fext "X (%%" fext "d)\n", valsize);
dprintf(format_str, *argv, value, value);
}
else
{
sprintf(format_str, "%%s=%%.%d"fext"X\n", valsize);
sprintf(format_str, "%%s=%%.%d" fext "X\n", valsize);
dprintf(format_str, *argv, value);
}
}
@ -68,15 +71,15 @@ CMDRESULT cbBadCmd(int argc, char* argv[])
if(value > 15 && !hexonly)
{
if(!valuesignedcalc()) //signed numbers
sprintf(format_str, "%%s=%%.%d"fext"X (%%"fext"ud)\n", valsize);
sprintf(format_str, "%%s=%%.%d" fext "X (%%" fext "ud)\n", valsize);
else
sprintf(format_str, "%%s=%%.%d"fext"X (%%"fext"d)\n", valsize);
sprintf(format_str, "%%.%d"fext"X (%%"fext"ud)\n", valsize);
sprintf(format_str, "%%s=%%.%d" fext "X (%%" fext "d)\n", valsize);
sprintf(format_str, "%%.%d" fext "X (%%" fext "ud)\n", valsize);
dprintf(format_str, value, value);
}
else
{
sprintf(format_str, "%%.%d"fext"X\n", valsize);
sprintf(format_str, "%%.%d" fext "X\n", valsize);
dprintf(format_str, value);
}
}
@ -121,9 +124,9 @@ CMDRESULT cbInstrVar(int argc, char* argv[])
else
{
if(value > 15)
dprintf("%s=%"fext"X (%"fext"ud)\n", argv[1], value, value);
dprintf("%s=%" fext "X (%" fext "ud)\n", argv[1], value, value);
else
dprintf("%s=%"fext"X\n", argv[1], value);
dprintf("%s=%" fext "X\n", argv[1], value);
}
return STATUS_CONTINUE;
}
@ -190,7 +193,7 @@ CMDRESULT cbInstrMov(int argc, char* argv[])
//Move data to destination
if(!MemWrite(dest, data(), data.size()))
{
dprintf("failed to write to "fhex"\n", dest);
dprintf("failed to write to " fhex "\n", dest);
return STATUS_ERROR;
}
GuiUpdateAllViews(); //refresh disassembly/dump/etc
@ -264,17 +267,17 @@ CMDRESULT cbInstrVarList(int argc, char* argv[])
if(variables()[i].type == filter)
{
if(value > 15)
dprintf("%s=%"fext"X (%"fext"ud)\n", name, value, value);
dprintf("%s=%" fext "X (%" fext "ud)\n", name, value, value);
else
dprintf("%s=%"fext"X\n", name, value);
dprintf("%s=%" fext "X\n", name, value);
}
}
else
{
if(value > 15)
dprintf("%s=%"fext"X (%"fext"ud)\n", name, value, value);
dprintf("%s=%" fext "X (%" fext "ud)\n", name, value, value);
else
dprintf("%s=%"fext"X\n", name, value);
dprintf("%s=%" fext "X\n", name, value);
}
}
}
@ -438,7 +441,7 @@ CMDRESULT cbInstrAssemble(int argc, char* argv[])
}
if(!DbgMemIsValidReadPtr(addr))
{
dprintf("invalid address: "fhex"!\n", addr);
dprintf("invalid address: " fhex "!\n", addr);
return STATUS_ERROR;
}
bool fillnop = false;
@ -778,6 +781,40 @@ CMDRESULT cbInstrXor(int argc, char* argv[])
return cmddirectexec(dbggetcommandlist(), newcmd);
}
CMDRESULT cbInstrPush(int argc, char* argv[])
{
if(argc < 2)
{
dputs("not enough arguments!");
return STATUS_ERROR;
}
duint value;
if(!valfromstring(argv[1], &value))
{
dprintf("invalid argument \"%s\"!\n", argv[1]);
return STATUS_ERROR;
}
Script::Stack::Push(value);
uint csp = GetContextDataEx(hActiveThread, UE_CSP);
GuiStackDumpAt(csp, csp);
GuiUpdateRegisterView();
return STATUS_CONTINUE;
}
CMDRESULT cbInstrPop(int argc, char* argv[])
{
duint value = Script::Stack::Pop();
uint csp = GetContextDataEx(hActiveThread, UE_CSP);
GuiStackDumpAt(csp, csp);
GuiUpdateRegisterView();
if(argc > 1)
{
if(!valtostring(argv[1], value, false))
return STATUS_ERROR;
}
return STATUS_CONTINUE;
}
CMDRESULT cbInstrRefinit(int argc, char* argv[])
{
GuiReferenceInitialize("Script");
@ -902,9 +939,9 @@ CMDRESULT cbInstrRefFindRange(int argc, char* argv[])
uint ticks = GetTickCount();
char title[256] = "";
if(range.start == range.end)
sprintf_s(title, "Constant: %"fext"X", range.start);
sprintf_s(title, "Constant: %" fext "X", range.start);
else
sprintf_s(title, "Range: %"fext"X-%"fext"X", range.start, range.end);
sprintf_s(title, "Range: %" fext "X-%" fext "X", range.start, range.end);
int found = RefFind(addr, size, cbRefFind, &range, false, title);
dprintf("%u reference(s) in %ums\n", found, GetTickCount() - ticks);
varset("$result", found, false);
@ -1103,7 +1140,7 @@ CMDRESULT cbInstrFind(int argc, char* argv[])
uint base = MemFindBaseAddr(addr, &size, true);
if(!base)
{
dprintf("invalid memory address "fhex"!\n", addr);
dprintf("invalid memory address " fhex "!\n", addr);
return STATUS_ERROR;
}
Memory<unsigned char*> data(size, "cbInstrFind:data");
@ -1155,7 +1192,7 @@ CMDRESULT cbInstrFindAll(int argc, char* argv[])
uint base = MemFindBaseAddr(addr, &size, true);
if(!base)
{
dprintf("invalid memory address "fhex"!\n", addr);
dprintf("invalid memory address " fhex "!\n", addr);
return STATUS_ERROR;
}
Memory<unsigned char*> data(size, "cbInstrFindAll:data");
@ -1205,7 +1242,7 @@ CMDRESULT cbInstrFindAll(int argc, char* argv[])
dputs("failed to transform pattern!");
return STATUS_ERROR;
}
while(refCount < 5000)
while(refCount < maxFindResults)
{
uint foundoffset = patternfind(data() + start + i, find_size - i, searchpattern);
if(foundoffset == -1)
@ -1242,6 +1279,116 @@ CMDRESULT cbInstrFindAll(int argc, char* argv[])
return STATUS_CONTINUE;
}
CMDRESULT cbInstrFindMemAll(int argc, char* argv[])
{
dprintf("argc: %d\n", argc);
for(int i = 0; i < argc; i++)
{
dprintf("%d:\"%s\"\n", i, argv[i]);
}
if(argc < 3)
{
dputs("not enough arguments!");
return STATUS_ERROR;
}
uint addr = 0;
if(!valfromstring(argv[1], &addr, false))
return STATUS_ERROR;
char pattern[deflen] = "";
//remove # from the start and end of the pattern (ODBGScript support)
if(argv[2][0] == '#')
strcpy_s(pattern, argv[2] + 1);
else
strcpy_s(pattern, argv[2]);
int len = (int)strlen(pattern);
if(pattern[len - 1] == '#')
pattern[len - 1] = '\0';
std::vector<PatternByte> searchpattern;
if(!patterntransform(pattern, searchpattern))
{
dputs("failed to transform pattern!");
return STATUS_ERROR;
}
uint endAddr = -1;
bool findData = false;
if(argc >= 4)
{
if(!_stricmp(argv[3], "&data&"))
findData = true;
else if(!valfromstring(argv[3], &endAddr))
findData = false;
}
SHARED_ACQUIRE(LockMemoryPages);
std::vector<SimplePage> searchPages;
for(auto & itr : memoryPages)
{
SimplePage page(uint(itr.second.mbi.BaseAddress), itr.second.mbi.RegionSize);
if(page.address >= addr && page.address + page.size <= endAddr)
searchPages.push_back(page);
}
SHARED_RELEASE();
DWORD ticks = GetTickCount();
std::vector<uint> results;
if(!MemFindInMap(searchPages, searchpattern, results, maxFindResults))
{
dputs("MemFindInMap failed!");
return STATUS_ERROR;
}
//setup reference view
char patternshort[256] = "";
strncpy_s(patternshort, pattern, min(16, len));
if(len > 16)
strcat_s(patternshort, "...");
char patterntitle[256] = "";
sprintf_s(patterntitle, "Pattern: %s", patternshort);
GuiReferenceInitialize(patterntitle);
GuiReferenceAddColumn(2 * sizeof(uint), "Address");
if(findData)
GuiReferenceAddColumn(0, "&Data&");
else
GuiReferenceAddColumn(0, "Disassembly");
GuiReferenceReloadData();
int refCount = 0;
for(uint result : results)
{
char msg[deflen] = "";
sprintf(msg, fhex, result);
GuiReferenceSetRowCount(refCount + 1);
GuiReferenceSetCellContent(refCount, 0, msg);
if(findData)
{
Memory<unsigned char*> printData(searchpattern.size(), "cbInstrFindAll:printData");
MemRead(result, printData(), printData.size());
for(size_t j = 0, k = 0; j < printData.size(); j++)
{
if(j)
k += sprintf(msg + k, " ");
k += sprintf(msg + k, "%.2X", printData()[j]);
}
}
else
{
if(!GuiGetDisassembly(result, msg))
strcpy_s(msg, "[Error disassembling]");
}
GuiReferenceSetCellContent(refCount, 1, msg);
refCount++;
}
GuiReferenceReloadData();
dprintf("%d occurrences found in %ums\n", refCount, GetTickCount() - ticks);
varset("$result", refCount, false);
return STATUS_CONTINUE;
}
static bool cbModCallFind(Capstone* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
{
if(!disasm || !basicinfo) //initialize
@ -1634,7 +1781,7 @@ static int yaraScanCallback(int message, void* message_data, void* user_data)
else
pattern = yara_print_string(match->data, match->length);
uint addr = (uint)(base + match->base + match->offset);
//dprintf("[YARA] String \"%s\" : %s on 0x%"fext"X\n", string->identifier, pattern.c_str(), addr);
//dprintf("[YARA] String \"%s\" : %s on 0x%" fext "X\n", string->identifier, pattern.c_str(), addr);
//update references
int index = scanInfo->index;
@ -1721,7 +1868,7 @@ CMDRESULT cbInstrYara(int argc, char* argv[])
}
String rulesContent;
if(!FileReader::ReadAllText(argv[1], rulesContent))
if(!FileHelper::ReadAllText(argv[1], rulesContent))
{
dprintf("Failed to read the rules file \"%s\"\n", argv[1]);
return STATUS_ERROR;
@ -1936,7 +2083,7 @@ CMDRESULT cbInstrCfanalyse(int argc, char* argv[])
uint base = MemFindBaseAddr(sel.start, &size);
ControlFlowAnalysis anal(base, size, exceptionDirectory);
anal.Analyse();
//anal.SetMarkers();
anal.SetMarkers();
GuiUpdateAllViews();
return STATUS_CONTINUE;
}
@ -2124,4 +2271,21 @@ CMDRESULT cbInstrMeminfo(int argc, char* argv[])
dputs("memory map updated!");
}
return STATUS_CONTINUE;
}
CMDRESULT cbInstrSetMaxFindResult(int argc, char* argv[])
{
if(argc < 2)
{
dputs("Not enough arguments!");
return STATUS_ERROR;
}
uint num;
if(!valfromstring(argv[1], &num))
{
dprintf("Invalid expression: \"%s\"", argv[1]);
return STATUS_ERROR;
}
maxFindResults = num;
return STATUS_CONTINUE;
}

4
x64_dbg_dbg/instruction.h
View File

@ -40,6 +40,8 @@ CMDRESULT cbInstrShr(int argc, char* argv[]);
CMDRESULT cbInstrSub(int argc, char* argv[]);
CMDRESULT cbInstrTest(int argc, char* argv[]);
CMDRESULT cbInstrXor(int argc, char* argv[]);
CMDRESULT cbInstrPush(int argc, char* argv[]);
CMDRESULT cbInstrPop(int argc, char* argv[]);
CMDRESULT cbInstrRefinit(int argc, char* argv[]);
CMDRESULT cbInstrRefadd(int argc, char* argv[]);
@ -53,6 +55,7 @@ CMDRESULT cbInstrCopystr(int argc, char* argv[]);
CMDRESULT cbInstrFind(int argc, char* argv[]);
CMDRESULT cbInstrFindAll(int argc, char* argv[]);
CMDRESULT cbInstrFindMemAll(int argc, char* argv[]);
CMDRESULT cbInstrModCallFind(int argc, char* argv[]);
CMDRESULT cbInstrCommentList(int argc, char* argv[]);
CMDRESULT cbInstrLabelList(int argc, char* argv[]);
@ -73,5 +76,6 @@ CMDRESULT cbInstrMeminfo(int argc, char* argv[]);
CMDRESULT cbInstrCfanalyse(int argc, char* argv[]);
CMDRESULT cbInstrExanalyse(int argc, char* argv[]);
CMDRESULT cbInstrVirtualmod(int argc, char* argv[]);
CMDRESULT cbInstrSetMaxFindResult(int argc, char* argv[]);
#endif // _INSTRUCTIONS_H

161
x64_dbg_dbg/memory.cpp
View File

@ -325,6 +325,15 @@ bool MemIsCanonicalAddress(uint Address)
#endif // ndef _WIN64
}
bool MemIsCodePage(uint Address, bool Refresh)
{
MEMPAGE pageInfo;
if(!MemGetPageInfo(Address, &pageInfo, Refresh))
return false;
return (pageInfo.mbi.Protect & (PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)) != 0;
}
uint MemAllocRemote(uint Address, uint Size, DWORD Type, DWORD Protect)
{
return (uint)VirtualAllocEx(fdProcessInfo->hProcess, (LPVOID)Address, Size, Type, Protect);
@ -335,10 +344,15 @@ bool MemFreeRemote(uint Address)
return !!VirtualFreeEx(fdProcessInfo->hProcess, (LPVOID)Address, 0, MEM_RELEASE);
}
uint MemGetPageAligned(uint Address)
{
return PAGE_ALIGN(Address);
}
bool MemGetPageInfo(uint Address, MEMPAGE* PageInfo, bool Refresh)
{
// Update the memory map if needed
if (Refresh)
if(Refresh)
MemUpdateMap();
SHARED_ACQUIRE(LockMemoryPages);
@ -346,20 +360,153 @@ bool MemGetPageInfo(uint Address, MEMPAGE* PageInfo, bool Refresh)
// Search for the memory page address
auto found = memoryPages.find(std::make_pair(Address, Address));
if (found == memoryPages.end())
if(found == memoryPages.end())
return false;
// Return the data when possible
if (PageInfo)
if(PageInfo)
*PageInfo = found->second;
return true;
}
bool MemIsCodePage(uint Address, bool Refresh)
bool MemSetPageRights(uint Address, const char* Rights)
{
MEMPAGE PageInfo;
if (!MemGetPageInfo(Address, &PageInfo, Refresh))
// Align address to page base
Address = MemGetPageAligned(Address);
// String -> bit mask
DWORD protect;
if(!MemPageRightsFromString(&protect, Rights))
return false;
return (PageInfo.mbi.Protect & PAGE_EXECUTE) == PAGE_EXECUTE;
DWORD oldProtect;
if(!VirtualProtectEx(fdProcessInfo->hProcess, (void*)Address, PAGE_SIZE, protect, &oldProtect))
return false;
return true;
}
bool MemGetPageRights(uint Address, char* Rights)
{
// Align address to page base
Address = MemGetPageAligned(Address);
MEMORY_BASIC_INFORMATION mbi;
memset(&mbi, 0, sizeof(MEMORY_BASIC_INFORMATION));
if(!VirtualQueryEx(fdProcessInfo->hProcess, (void*)Address, &mbi, sizeof(mbi)))
return false;
return MemPageRightsToString(mbi.Protect, Rights);
}
bool MemPageRightsToString(DWORD Protect, char* Rights)
{
switch(Protect & 0xFF)
{
case PAGE_NOACCESS:
strcpy_s(Rights, RIGHTS_STRING_SIZE, "----");
break;
case PAGE_READONLY:
strcpy_s(Rights, RIGHTS_STRING_SIZE, "-R--");
break;
case PAGE_READWRITE:
strcpy_s(Rights, RIGHTS_STRING_SIZE, "-RW-");
break;
case PAGE_WRITECOPY:
strcpy_s(Rights, RIGHTS_STRING_SIZE, "-RWC");
break;
case PAGE_EXECUTE:
strcpy_s(Rights, RIGHTS_STRING_SIZE, "E---");
break;
case PAGE_EXECUTE_READ:
strcpy_s(Rights, RIGHTS_STRING_SIZE, "ER--");
break;
case PAGE_EXECUTE_READWRITE:
strcpy_s(Rights, RIGHTS_STRING_SIZE, "ERW-");
break;
case PAGE_EXECUTE_WRITECOPY:
strcpy_s(Rights, RIGHTS_STRING_SIZE, "ERWC");
break;
}
strcpy_s(Rights + 4, RIGHTS_STRING_SIZE - 4, ((Protect & PAGE_GUARD) == PAGE_GUARD) ? "G" : "-");
// Rights[5] = ((Protect & PAGE_NOCACHE) == PAGE_NOCACHE) ? '' : '-';
// Rights[6] = ((Protect & PAGE_WRITECOMBINE) == PAGE_GUARD) ? '' : '-';
return true;
}
bool MemPageRightsFromString(DWORD* Protect, const char* Rights)
{
if(strlen(Rights) < 2)
return false;
*Protect = 0;
// Check for the PAGE_GUARD flag
if(Rights[0] == 'G' || Rights[0] == 'g')
{
*Protect |= PAGE_GUARD;
Rights++;
}
if(_strcmpi(Rights, "Execute") == 0)
*Protect |= PAGE_EXECUTE;
else if(_strcmpi(Rights, "ExecuteRead") == 0)
*Protect |= PAGE_EXECUTE_READ;
else if(_strcmpi(Rights, "ExecuteReadWrite") == 0)
*Protect |= PAGE_EXECUTE_READWRITE;
else if(_strcmpi(Rights, "ExecuteWriteCopy") == 0)
*Protect |= PAGE_EXECUTE_WRITECOPY;
else if(_strcmpi(Rights, "NoAccess") == 0)
*Protect |= PAGE_NOACCESS;
else if(_strcmpi(Rights, "ReadOnly") == 0)
*Protect |= PAGE_READONLY;
else if(_strcmpi(Rights, "ReadWrite") == 0)
*Protect |= PAGE_READWRITE;
else if(_strcmpi(Rights, "WriteCopy") == 0)
*Protect |= PAGE_WRITECOPY;
return (*Protect != 0);
}
bool MemFindInPage(SimplePage page, uint startoffset, const std::vector<PatternByte> & pattern, std::vector<uint> & results, uint maxresults)
{
if(startoffset >= page.size || results.size() >= maxresults)
return false;
//TODO: memory read limit
Memory<unsigned char*> data(page.size);
if(!MemRead(page.address, data(), data.size()))
return false;
uint maxFind = maxresults;
uint foundCount = results.size();
uint i = 0;
uint findSize = data.size() - startoffset;
while(foundCount < maxFind)
{
uint foundoffset = patternfind(data() + startoffset + i, findSize - i, pattern);
if(foundoffset == -1)
break;
i += foundoffset + 1;
uint result = page.address + startoffset + i - 1;
results.push_back(result);
foundCount++;
}
return true;
}
bool MemFindInMap(const std::vector<SimplePage> & pages, const std::vector<PatternByte> & pattern, std::vector<uint> & results, uint maxresults)
{
for(const auto page : pages)
{
if(!MemFindInPage(page, 0, pattern, results, maxresults))
return false;
if(results.size() >= maxresults)
break;
}
return true;
}

22
x64_dbg_dbg/memory.h
View File

@ -2,10 +2,23 @@
#include "_global.h"
#include "addrinfo.h"
#include "patternfind.h"
extern std::map<Range, MEMPAGE, RangeCompare> memoryPages;
extern bool bListAllPages;
struct SimplePage
{
uint address;
uint size;
SimplePage(uint address, uint size)
{
this->address = address;
this->size = size;
}
};
void MemUpdateMap();
uint MemFindBaseAddr(uint Address, uint* Size, bool Refresh = false);
bool MemRead(uint BaseAddress, void* Buffer, uint Size, uint* NumberOfBytesRead = nullptr);
@ -13,7 +26,14 @@ bool MemWrite(uint BaseAddress, const void* Buffer, uint Size, uint* NumberOfByt
bool MemPatch(uint BaseAddress, const void* Buffer, uint Size, uint* NumberOfBytesWritten = nullptr);
bool MemIsValidReadPtr(uint Address);
bool MemIsCanonicalAddress(uint Address);
bool MemIsCodePage(uint Address, bool Refresh);
uint MemAllocRemote(uint Address, uint Size, DWORD Type = MEM_RESERVE | MEM_COMMIT, DWORD Protect = PAGE_EXECUTE_READWRITE);
bool MemFreeRemote(uint Address);
uint MemGetPageAligned(uint Address);
bool MemGetPageInfo(uint Address, MEMPAGE* PageInfo, bool Refresh = false);
bool MemIsCodePage(uint Address, bool Refresh = false);
bool MemSetPageRights(uint Address, const char* Rights);
bool MemGetPageRights(uint Address, char* Rights);
bool MemPageRightsToString(DWORD Protect, char* Rights);
bool MemPageRightsFromString(DWORD* Protect, const char* Rights);
bool MemFindInPage(SimplePage page, uint startoffset, const std::vector<PatternByte> & pattern, std::vector<uint> & results, uint maxresults);
bool MemFindInMap(const std::vector<SimplePage> & pages, const std::vector<PatternByte> & pattern, std::vector<uint> & results, uint maxresults);

2
x64_dbg_dbg/module.cpp
View File

@ -329,6 +329,6 @@ void ModGetList(std::vector<MODINFO> & list)
{
SHARED_ACQUIRE(LockModules);
list.clear();
for (const auto & mod : modinfo)
for(const auto & mod : modinfo)
list.push_back(mod.second);
}

4
x64_dbg_dbg/stackinfo.cpp
View File

@ -97,7 +97,7 @@ bool stackcommentget(uint addr, STACK_COMMENT* comment)
if(*label) //+label
sprintf(comment->comment, "%s.%s", module, label);
else //module only
sprintf(comment->comment, "%s."fhex, module, data);
sprintf(comment->comment, "%s." fhex, module, data);
return true;
}
else if(*label) //label only
@ -228,7 +228,7 @@ void stackgetcallstack(uint csp, CALLSTACK* callstack)
{
//CALLSTACKENTRY curEntry;
//memcpy(&curEntry, &callstackVector.at(i), sizeof(CALLSTACKENTRY));
//dprintf(fhex":"fhex":"fhex":%s\n", curEntry.addr, curEntry.to, curEntry.from, curEntry.comment);
//dprintf(fhex":" fhex ":" fhex ":%s\n", curEntry.addr, curEntry.to, curEntry.from, curEntry.comment);
memcpy(&callstack->entries[i], &callstackVector.at(i), sizeof(CALLSTACKENTRY));
}
}

8
x64_dbg_dbg/stringformat.cpp
View File

@ -26,19 +26,19 @@ static String printValue(FormatValueType value, ValueType::ValueType type)
break;
case ValueType::SignedDecimal:
if(validval)
sprintf_s(result, "%"fext"d", valuint);
sprintf_s(result, "%" fext "d", valuint);
break;
case ValueType::UnsignedDecimal:
if(validval)
sprintf_s(result, "%"fext"u", valuint);
sprintf_s(result, "%" fext "u", valuint);
break;
case ValueType::Hex:
if(validval)
sprintf_s(result, "%"fext"X", valuint);
sprintf_s(result, "%" fext "X", valuint);
break;
case ValueType::Pointer:
if(validval)
sprintf_s(result, "0x%"fhex, valuint);
sprintf_s(result, "0x%" fhex, valuint);
break;
case ValueType::String:
if(validval)

6
x64_dbg_dbg/symbolinfo.cpp
View File

@ -155,19 +155,19 @@ void SymDownloadAllSymbols(const char* SymbolStore)
wchar_t modulePath[MAX_PATH];
if(!GetModuleFileNameExW(fdProcessInfo->hProcess, (HMODULE)module.base, modulePath, MAX_PATH))
{
dprintf("GetModuleFileNameExW("fhex") failed!\n", module.base);
dprintf("GetModuleFileNameExW(" fhex ") failed!\n", module.base);
continue;
}
if(!SafeSymUnloadModule64(fdProcessInfo->hProcess, (DWORD64)module.base))
{
dprintf("SymUnloadModule64("fhex") failed!\n", module.base);
dprintf("SymUnloadModule64(" fhex ") failed!\n", module.base);
continue;
}
if(!SafeSymLoadModuleEx(fdProcessInfo->hProcess, 0, StringUtils::Utf16ToUtf8(modulePath).c_str(), 0, (DWORD64)module.base, 0, 0, 0))
{
dprintf("SymLoadModuleEx("fhex") failed!\n", module.base);
dprintf("SymLoadModuleEx(" fhex ") failed!\n", module.base);
continue;
}
}

8
x64_dbg_dbg/value.cpp
View File

@ -564,7 +564,7 @@ bool valflagfromstring(uint eflags, const char* string)
\param set The value of the flag.
\return true if the flag was successfully set, false otherwise.
*/
static bool setflag(const char* string, bool set)
bool setflag(const char* string, bool set)
{
uint eflags = GetContextDataEx(hActiveThread, UE_CFLAGS);
uint xorval = 0;
@ -1310,7 +1310,7 @@ bool valapifromstring(const char* name, uint* value, int* value_size, bool print
if(!GetModuleFileNameExW(fdProcessInfo->hProcess, (HMODULE)modbase, szModName, MAX_PATH))
{
if(!silent)
dprintf("could not get filename of module "fhex"\n", modbase);
dprintf("could not get filename of module " fhex "\n", modbase);
}
else
{
@ -1610,7 +1610,7 @@ bool valfromstring_noexpr(const char* string, uint* value, bool silent, bool bas
*value_size = 0;
if(isvar)
*isvar = false;
sscanf(string + 1, "%"fext"u", value);
sscanf(string + 1, "%" fext "u", value);
return true;
}
else if(ishexnumber(string)) //then hex numbers
@ -1623,7 +1623,7 @@ bool valfromstring_noexpr(const char* string, uint* value, bool silent, bool bas
int inc = 0;
if(*string == 'x')
inc = 1;
sscanf(string + inc, "%"fext"x", value);
sscanf(string + inc, "%" fext "x", value);
return true;
}
if(baseonly)

1
x64_dbg_dbg/value.h
View File

@ -20,5 +20,6 @@ unsigned short valx87controlwordfieldfromstring(uint controlword, const char* st
uint valfileoffsettova(const char* modname, uint offset);
uint valvatofileoffset(uint va);
bool setregister(const char* string, uint value);
bool setflag(const char* string, bool set);
#endif // _VALUE_H

23
x64_dbg_dbg/x64_dbg.cpp
View File

@ -19,6 +19,7 @@
#include "debugger_commands.h"
#include "capstone_wrapper.h"
#include "_scriptapi_gui.h"
#include "filehelper.h"
static MESSAGE_STACK* gMsgStack = 0;
static COMMAND* command_list = 0;
@ -26,6 +27,7 @@ static HANDLE hCommandLoopThread = 0;
static bool bStopCommandLoopThread = false;
static char alloctrace[MAX_PATH] = "";
static bool bIsStopped = true;
static String notesFile;
static CMDRESULT cbStrLen(int argc, char* argv[])
{
@ -173,6 +175,8 @@ static void registercommands()
dbgcmdnew("sub", cbInstrSub, false);
dbgcmdnew("test", cbInstrTest, false);
dbgcmdnew("xor", cbInstrXor, false);
dbgcmdnew("push", cbInstrPush, true);
dbgcmdnew("pop", cbInstrPop, true);
//script
dbgcmdnew("scriptload", cbScriptLoad, false);
@ -206,6 +210,8 @@ static void registercommands()
dbgcmdnew("analyse_nukem\1analyze_nukem\1anal_nukem", cbInstrAnalyseNukem, true); //secret analysis command #2
dbgcmdnew("exanal\1exanalyse\1exanalyze", cbInstrExanalyse, true); //exception directory analysis
dbgcmdnew("virtualmod", cbInstrVirtualmod, true); //virtual module
dbgcmdnew("findallmem\1findmemall", cbInstrFindMemAll, true); //memory map pattern find
dbgcmdnew("setmaxfindresult\1findsetmaxresult", cbInstrSetMaxFindResult, false); //set the maximum number of occurences found
}
static bool cbCommandProvider(char* cmd, int maxlen)
@ -287,7 +293,7 @@ extern "C" DLL_EXPORT const char* _dbg_dbginit()
}
else
{
if (_strnicmp(cachePath, ".\\", 2) == 0)
if(_strnicmp(cachePath, ".\\", 2) == 0)
{
strncpy_s(szSymbolCachePath, dir, _TRUNCATE);
strncat_s(szSymbolCachePath, cachePath + 1, _TRUNCATE);
@ -348,6 +354,11 @@ extern "C" DLL_EXPORT const char* _dbg_dbginit()
}
}
LocalFree(argv);
dputs("Reading notes file...");
notesFile = String(dir) + "\\notes.txt";
String text;
FileHelper::ReadAllText(notesFile, text);
GuiSetGlobalNotes(text.c_str());
dputs("Initialization successful!");
bIsStopped = false;
return nullptr;
@ -381,6 +392,16 @@ extern "C" DLL_EXPORT void _dbg_dbgexitsignal()
waitdeinitialize();
dputs("Cleaning up debugger threads...");
dbgstop();
dputs("Saving notes...");
char* text = nullptr;
GuiGetGlobalNotes(&text);
if(text)
{
FileHelper::WriteAllText(notesFile, String(text));
BridgeFree(text);
}
else
DeleteFileW(StringUtils::Utf8ToUtf16(notesFile).c_str());
dputs("Exit signal processed successfully!");
bIsStopped = true;
}

6
x64_dbg_dbg/x64_dbg_dbg.vcxproj
View File

@ -42,7 +42,7 @@
<ClCompile Include="exception.cpp" />
<ClCompile Include="exceptiondirectoryanalysis.cpp" />
<ClCompile Include="expressionparser.cpp" />
<ClCompile Include="filereader.cpp" />
<ClCompile Include="filehelper.cpp" />
<ClCompile Include="function.cpp" />
<ClCompile Include="linearanalysis.cpp" />
<ClCompile Include="FunctionPass.cpp" />
@ -76,6 +76,7 @@
<ClCompile Include="_plugins.cpp" />
<ClCompile Include="_scriptapi_assembler.cpp" />
<ClCompile Include="_scriptapi_debug.cpp" />
<ClCompile Include="_scriptapi_flag.cpp" />
<ClCompile Include="_scriptapi_gui.cpp" />
<ClCompile Include="_scriptapi_misc.cpp" />
<ClCompile Include="_scriptapi_pattern.cpp" />
@ -123,7 +124,7 @@
<ClInclude Include="exception.h" />
<ClInclude Include="exceptiondirectoryanalysis.h" />
<ClInclude Include="expressionparser.h" />
<ClInclude Include="filereader.h" />
<ClInclude Include="filehelper.h" />
<ClInclude Include="function.h" />
<ClInclude Include="linearanalysis.h" />
<ClInclude Include="FunctionPass.h" />
@ -198,6 +199,7 @@
<ClInclude Include="_plugin_types.h" />
<ClInclude Include="_scriptapi_assembler.h" />
<ClInclude Include="_scriptapi_debug.h" />
<ClInclude Include="_scriptapi_flag.h" />
<ClInclude Include="_scriptapi_gui.h" />
<ClInclude Include="_scriptapi_misc.h" />
<ClInclude Include="_scriptapi_pattern.h" />

18
x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters
View File

@ -216,9 +216,6 @@
<ClCompile Include="capstone_wrapper.cpp">
<Filter>Source Files\Utilities</Filter>
</ClCompile>
<ClCompile Include="filereader.cpp">
<Filter>Source Files\Utilities</Filter>
</ClCompile>
<ClCompile Include="expressionparser.cpp">
<Filter>Source Files\Core</Filter>
</ClCompile>
@ -279,6 +276,12 @@
<ClCompile Include="linearanalysis.cpp">
<Filter>Source Files\Analysis</Filter>
</ClCompile>
<ClCompile Include="_scriptapi_flag.cpp">
<Filter>Source Files\Interfaces/Exports\_scriptapi</Filter>
</ClCompile>
<ClCompile Include="filehelper.cpp">
<Filter>Source Files\Utilities</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="x64_dbg.h">
@ -569,9 +572,6 @@
<ClInclude Include="capstone\xcore.h">
<Filter>Header Files\Third Party\capstone</Filter>
</ClInclude>
<ClInclude Include="filereader.h">
<Filter>Header Files\Utilities</Filter>
</ClInclude>
<ClInclude Include="expressionparser.h">
<Filter>Header Files\Core</Filter>
</ClInclude>
@ -641,5 +641,11 @@
<ClInclude Include="dynamicptr.h">
<Filter>Header Files\Utilities</Filter>
</ClInclude>
<ClInclude Include="_scriptapi_flag.h">
<Filter>Header Files\Interfaces/Exports\_scriptapi</Filter>
</ClInclude>
<ClInclude Include="filehelper.h">
<Filter>Header Files\Utilities</Filter>
</ClInclude>
</ItemGroup>
</Project>

8
x64_dbg_exe/crashdump.cpp
View File

@ -94,9 +94,13 @@ LONG CALLBACK CrashDumpVectoredHandler(EXCEPTION_POINTERS* ExceptionInfo)
{
if(ExceptionInfo)
{
// Skip DBG_PRINTEXCEPTION_C
if(ExceptionInfo->ExceptionRecord->ExceptionCode == DBG_PRINTEXCEPTION_C)
// Skip DBG_PRINTEXCEPTION_C and DBG_PRINTEXCEPTIONW_C
switch(ExceptionInfo->ExceptionRecord->ExceptionCode)
{
case DBG_PRINTEXCEPTION_C:
case 0x4001000A:
return EXCEPTION_CONTINUE_SEARCH;
}
CrashDumpCreate(ExceptionInfo);
}

17
x64_dbg_gui/Project/Src/BasicView/SearchListView.cpp
View File

@ -1,5 +1,6 @@
#include "SearchListView.h"
#include "ui_SearchListView.h"
#include "FlickerThread.h"
SearchListView::SearchListView(QWidget* parent) :
QWidget(parent),
@ -49,6 +50,10 @@ SearchListView::SearchListView(QWidget* parent) :
for(int i = 0; i < ui->mainSplitter->count(); i++)
ui->mainSplitter->handle(i)->setEnabled(false);
// Setup search menu action
mSearchAction = new QAction("Search...", this);
connect(mSearchAction, SIGNAL(triggered()), this, SLOT(searchSlot()));
// Setup signals
connect(mList, SIGNAL(keyPressedSignal(QKeyEvent*)), this, SLOT(listKeyPressed(QKeyEvent*)));
connect(mList, SIGNAL(contextMenuSignal(QPoint)), this, SLOT(listContextMenu(QPoint)));
@ -172,13 +177,12 @@ void SearchListView::listContextMenu(const QPoint & pos)
{
QMenu* wMenu = new QMenu(this);
emit listContextMenuSignal(wMenu);
wMenu->addSeparator();
wMenu->addAction(mSearchAction);
QMenu wCopyMenu("&Copy", this);
mCurList->setupCopyMenu(&wCopyMenu);
if(wCopyMenu.actions().length())
{
wMenu->addSeparator();
wMenu->addMenu(&wCopyMenu);
}
wMenu->exec(mCurList->mapToGlobal(pos));
}
@ -192,3 +196,10 @@ void SearchListView::on_checkBoxRegex_toggled(bool checked)
Q_UNUSED(checked);
searchTextChanged(ui->searchBox->text());
}
void SearchListView::searchSlot()
{
FlickerThread* thread = new FlickerThread(ui->searchBox, this);
connect(thread, SIGNAL(setStyleSheet(QString)), ui->searchBox, SLOT(setStyleSheet(QString)));
thread->start();
}

3
x64_dbg_gui/Project/Src/BasicView/SearchListView.h
View File

@ -34,6 +34,7 @@ private slots:
void listKeyPressed(QKeyEvent* event);
void listContextMenu(const QPoint & pos);
void doubleClickedSlot();
void searchSlot();
void on_checkBoxRegex_toggled(bool checked);
signals:
@ -44,7 +45,7 @@ private:
Ui::SearchListView* ui;
QVBoxLayout* mListLayout;
QWidget* mListPlaceHolder;
QAction* mSearchAction;
};
#endif // SEARCHLISTVIEW_H

6
x64_dbg_gui/Project/Src/BasicView/SearchListView.ui
View File

@ -59,7 +59,11 @@
</widget>
</item>
<item>
<widget class="QLineEdit" name="searchBox"/>
<widget class="QLineEdit" name="searchBox">
<property name="placeholderText">
<string>Type here to filter results...</string>
</property>
</widget>
</item>
<item>
<widget class="QCheckBox" name="checkBoxRegex">

30
x64_dbg_gui/Project/Src/Bridge/Bridge.cpp
View File

@ -489,6 +489,36 @@ void* Bridge::processMessage(GUIMSG type, void* param1, void* param2)
case GUI_UPDATE_TIME_WASTED_COUNTER:
emit updateTimeWastedCounter();
break;
case GUI_SET_GLOBAL_NOTES:
{
QString text = QString((const char*)param1);
emit setGlobalNotes(text);
}
break;
case GUI_GET_GLOBAL_NOTES:
{
BridgeResult result;
emit getGlobalNotes(param1);
result.Wait();
}
break;
case GUI_SET_DEBUGGEE_NOTES:
{
QString text = QString((const char*)param1);
emit setDebuggeeNotes(text);
}
break;
case GUI_GET_DEBUGGEE_NOTES:
{
BridgeResult result;
emit getDebuggeeNotes(param1);
result.Wait();
}
break;
}
return nullptr;
}

4
x64_dbg_gui/Project/Src/Bridge/Bridge.h
View File

@ -110,6 +110,10 @@ signals:
void closeQWidgetTab(QWidget* qWidget);
void executeOnGuiThread(void* cbGuiThread);
void updateTimeWastedCounter();
void setGlobalNotes(const QString text);
void getGlobalNotes(void* text);
void setDebuggeeNotes(const QString text);
void getDebuggeeNotes(void* text);
private:
QMutex* mBridgeMutex;

55
x64_dbg_gui/Project/Src/Gui/AppearanceDialog.cpp
View File

@ -653,6 +653,20 @@ void AppearanceDialog::fontInit()
index = ui->fontHexEditSize->findText(QString("%1").arg(font.pointSize()));
if(index != -1)
ui->fontHexEditSize->setCurrentIndex(index);
//Log
font = fontMap->find("Log").value();
ui->fontLog->setCurrentFont(QFont(font.family()));
if(font.bold() && font.italic())
ui->fontLogStyle->setCurrentIndex(3);
else if(font.italic())
ui->fontLogStyle->setCurrentIndex(2);
else if(font.bold())
ui->fontLogStyle->setCurrentIndex(1);
else
ui->fontLogStyle->setCurrentIndex(0);
index = ui->fontLogSize->findText(QString("%1").arg(font.pointSize()));
if(index != -1)
ui->fontLogSize->setCurrentIndex(index);
//Application
ui->labelApplicationFont->setText(fontMap->find("Application").value().family());
isInit = false;
@ -904,6 +918,47 @@ void AppearanceDialog::on_fontHexEditSize_currentIndexChanged(const QString & ar
GuiUpdateAllViews();
}
void AppearanceDialog::on_fontLog_currentFontChanged(const QFont & f)
{
QString id = "Log";
QFont font = fontMap->find(id).value();
font.setFamily(f.family());
(*fontMap)[id] = font;
if(isInit)
return;
Config()->emitFontsUpdated();
GuiUpdateAllViews();
}
void AppearanceDialog::on_fontLogStyle_currentIndexChanged(int index)
{
QString id = "Log";
QFont font = fontMap->find(id).value();
font.setBold(false);
font.setItalic(false);
if(index == 1 || index == 3)
font.setBold(true);
if(index == 2 || index == 3)
font.setItalic(true);
(*fontMap)[id] = font;
if(isInit)
return;
Config()->emitFontsUpdated();
GuiUpdateAllViews();
}
void AppearanceDialog::on_fontLogSize_currentIndexChanged(const QString & arg1)
{
QString id = "Log";
QFont font = fontMap->find(id).value();
font.setPointSize(arg1.toInt());
(*fontMap)[id] = font;
if(isInit)
return;
Config()->emitFontsUpdated();
GuiUpdateAllViews();
}
void AppearanceDialog::on_buttonApplicationFont_clicked()
{
QString id = "Application";

3
x64_dbg_gui/Project/Src/Gui/AppearanceDialog.h
View File

@ -68,6 +68,9 @@ private slots:
void on_fontHexEdit_currentFontChanged(const QFont & f);
void on_fontHexEditStyle_currentIndexChanged(int index);
void on_fontHexEditSize_currentIndexChanged(const QString & arg1);
void on_fontLog_currentFontChanged(const QFont & f);
void on_fontLogStyle_currentIndexChanged(int index);
void on_fontLogSize_currentIndexChanged(const QString & arg1);
void on_buttonApplicationFont_clicked();
void on_buttonFontDefaults_clicked();
void rejectedSlot();

151
x64_dbg_gui/Project/Src/Gui/AppearanceDialog.ui
View File

@ -677,7 +677,7 @@
<property name="geometry">
<rect>
<x>10</x>
<y>190</y>
<y>220</y>
<width>501</width>
<height>25</height>
</rect>
@ -1486,6 +1486,153 @@
</item>
</layout>
</widget>
<widget class="QWidget" name="layoutWidget7_2">
<property name="geometry">
<rect>
<x>130</x>
<y>190</y>
<width>381</width>
<height>22</height>
</rect>
</property>
<layout class="QHBoxLayout" name="fontLogLayout">
<item>
<widget class="QFontComboBox" name="fontLog">
<property name="editable">
<bool>false</bool>
</property>
<property name="fontFilters">
<set>QFontComboBox::MonospacedFonts</set>
</property>
</widget>
</item>
<item>
<widget class="QComboBox" name="fontLogStyle">
<property name="sizePolicy">
<sizepolicy hsizetype="Maximum" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<item>
<property name="text">
<string>Normal</string>
</property>
</item>
<item>
<property name="text">
<string>Bold</string>
</property>
</item>
<item>
<property name="text">
<string>Italic</string>
</property>
</item>
<item>
<property name="text">
<string>Bold + Italic</string>
</property>
</item>
</widget>
</item>
<item>
<widget class="QComboBox" name="fontLogSize">
<property name="sizePolicy">
<sizepolicy hsizetype="Maximum" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="maxVisibleItems">
<number>12</number>
</property>
<property name="sizeAdjustPolicy">
<enum>QComboBox::AdjustToContentsOnFirstShow</enum>
</property>
<item>
<property name="text">
<string>6</string>
</property>
</item>
<item>
<property name="text">
<string>7</string>
</property>
</item>
<item>
<property name="text">
<string>8</string>
</property>
</item>
<item>
<property name="text">
<string>9</string>
</property>
</item>
<item>
<property name="text">
<string>10</string>
</property>
</item>
<item>
<property name="text">
<string>11</string>
</property>
</item>
<item>
<property name="text">
<string>12</string>
</property>
</item>
<item>
<property name="text">
<string>14</string>
</property>
</item>
<item>
<property name="text">
<string>16</string>
</property>
</item>
<item>
<property name="text">
<string>18</string>
</property>
</item>
<item>
<property name="text">
<string>20</string>
</property>
</item>
<item>
<property name="text">
<string>22</string>
</property>
</item>
</widget>
</item>
</layout>
</widget>
<widget class="QLabel" name="labelFontLog">
<property name="geometry">
<rect>
<x>10</x>
<y>190</y>
<width>110</width>
<height>21</height>
</rect>
</property>
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Minimum">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Log:</string>
</property>
</widget>
<zorder>layoutWidget1</zorder>
<zorder>layoutWidget2</zorder>
<zorder>layoutWidget3</zorder>
@ -1499,6 +1646,8 @@
<zorder>labelFontStack</zorder>
<zorder>labelFontRegisters</zorder>
<zorder>labelFontHexEdit</zorder>
<zorder>layoutWidget7_2</zorder>
<zorder>labelFontLog</zorder>
</widget>
</widget>
<widget class="QPushButton" name="buttonCancel">

3
x64_dbg_gui/Project/Src/Gui/AttachDialog.cpp
View File

@ -6,9 +6,8 @@ AttachDialog::AttachDialog(QWidget* parent) : QDialog(parent), ui(new Ui::Attach
{
ui->setupUi(this);
#if QT_VERSION < QT_VERSION_CHECK(5,0,0)
setWindowFlags(Qt::Dialog | Qt::WindowSystemMenuHint | Qt::WindowTitleHint | Qt::MSWindowsFixedSizeDialogHint);
setWindowFlags(Qt::Dialog | Qt::WindowSystemMenuHint | Qt::WindowTitleHint);
#endif
setFixedSize(this->size()); //fixed size
//setup actions
mAttachAction = new QAction("Attach", this);

135
x64_dbg_gui/Project/Src/Gui/AttachDialog.ui
View File

@ -17,48 +17,107 @@
<iconset resource="../../resource.qrc">
<normaloff>:/icons/images/attach.png</normaloff>:/icons/images/attach.png</iconset>
</property>
<widget class="StdTable" name="listProcesses">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>611</width>
<height>251</height>
</rect>
<layout class="QGridLayout" name="gridLayout">
<property name="leftMargin">
<number>0</number>
</property>
<property name="frameShape">
<enum>QFrame::StyledPanel</enum>
<property name="topMargin">
<number>0</number>
</property>
<property name="frameShadow">
<enum>QFrame::Sunken</enum>
<property name="rightMargin">
<number>0</number>
</property>
</widget>
<widget class="QPushButton" name="btnAttach">
<property name="geometry">
<rect>
<x>450</x>
<y>260</y>
<width>75</width>
<height>23</height>
</rect>
<property name="bottomMargin">
<number>6</number>
</property>
<property name="text">
<string>&amp;Attach</string>
</property>
</widget>
<widget class="QPushButton" name="btnCancel">
<property name="geometry">
<rect>
<x>530</x>
<y>260</y>
<width>75</width>
<height>23</height>
</rect>
</property>
<property name="text">
<string>&amp;Cancel</string>
</property>
</widget>
<item row="0" column="0">
<layout class="QVBoxLayout" name="verticalLayout">
<property name="spacing">
<number>6</number>
</property>
<property name="sizeConstraint">
<enum>QLayout::SetDefaultConstraint</enum>
</property>
<item>
<widget class="StdTable" name="listProcesses">
<property name="sizePolicy">
<sizepolicy hsizetype="MinimumExpanding" vsizetype="MinimumExpanding">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="frameShape">
<enum>QFrame::StyledPanel</enum>
</property>
<property name="frameShadow">
<enum>QFrame::Sunken</enum>
</property>
</widget>
</item>
<item>
<layout class="QHBoxLayout" name="horizontalLayout">
<property name="spacing">
<number>6</number>
</property>
<property name="sizeConstraint">
<enum>QLayout::SetDefaultConstraint</enum>
</property>
<property name="leftMargin">
<number>6</number>
</property>
<property name="topMargin">
<number>0</number>
</property>
<property name="rightMargin">
<number>6</number>
</property>
<property name="bottomMargin">
<number>0</number>
</property>
<item>
<spacer name="horizontalSpacer">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item>
<widget class="QPushButton" name="btnAttach">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>&amp;Attach</string>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="btnCancel">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>&amp;Cancel</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</item>
</layout>
</widget>
<customwidgets>
<customwidget>

21
x64_dbg_gui/Project/Src/Gui/CPUDump.cpp
View File

@ -7,6 +7,7 @@
#include "HexEditDialog.h"
#include "YaraRuleSelectionDialog.h"
#include "DataCopyDialog.h"
#include "EntropyDialog.h"
CPUDump::CPUDump(CPUDisassembly* disas, QWidget* parent) : HexDump(parent)
{
@ -158,6 +159,10 @@ void CPUDump::setupContextMenu()
#endif //_WIN64
connect(mFollowDataDump, SIGNAL(triggered()), this, SLOT(followDataDumpSlot()));
//Entropy
mEntropy = new QAction(QIcon(":/icons/images/entropy.png"), "Entropy...", this);
connect(mEntropy, SIGNAL(triggered()), this, SLOT(entropySlot()));
//Label
mSetLabelAction = new QAction("Set Label", this);
mSetLabelAction->setShortcutContext(Qt::WidgetShortcut);
@ -536,6 +541,7 @@ void CPUDump::contextMenuEvent(QContextMenuEvent* event)
wMenu->addAction(mYaraAction);
wMenu->addAction(mDataCopyAction);
wMenu->addMenu(mGotoMenu);
wMenu->addAction(mEntropy);
wMenu->addSeparator();
wMenu->addMenu(mHexMenu);
wMenu->addMenu(mTextMenu);
@ -1447,3 +1453,18 @@ void CPUDump::dataCopySlot()
DataCopyDialog dataDialog(&data, this);
dataDialog.exec();
}
void CPUDump::entropySlot()
{
int_t selStart = getSelectionStart();
int_t selSize = getSelectionEnd() - selStart + 1;
QVector<byte_t> data;
data.resize(selSize);
mMemPage->read(data.data(), selStart, selSize);
EntropyDialog entropyDialog(this);
entropyDialog.setWindowTitle(QString().sprintf("Entropy (Address: %p, Size: %p)", selStart, selSize));
entropyDialog.show();
entropyDialog.GraphMemory(data.constData(), data.size());
entropyDialog.exec();
}

2
x64_dbg_gui/Project/Src/Gui/CPUDump.h
View File

@ -86,6 +86,7 @@ public slots:
void selectionUpdatedSlot();
void yaraSlot();
void dataCopySlot();
void entropySlot();
private:
QMenu* mBreakpointMenu;
@ -175,6 +176,7 @@ private:
QAction* mUndoSelection;
QAction* mFollowData;
QAction* mFollowDataDump;
QAction* mEntropy;
QMenu* mSpecialMenu;
QMenu* mCustomMenu;

10
x64_dbg_gui/Project/Src/Gui/CPUSideBar.cpp
View File

@ -426,3 +426,13 @@ void CPUSideBar::drawStraightArrow(QPainter* painter, int x1, int y1, int x2, in
}
void* CPUSideBar::operator new(size_t size)
{
return _aligned_malloc(size, 16);
}
void CPUSideBar::operator delete(void* p)
{
_aligned_free(p);
}

3
x64_dbg_gui/Project/Src/Gui/CPUSideBar.h
View File

@ -13,6 +13,9 @@ public:
QSize sizeHint() const;
void drawStraightArrow(QPainter* painter, int x1, int y1, int x2, int y2);
static void* operator new(size_t size);
static void operator delete(void* p);
public slots:
void debugStateChangedSlot(DBGSTATE state);
void repaint();

2
x64_dbg_gui/Project/Src/Gui/CalculatorDialog.cpp
View File

@ -27,7 +27,7 @@ CalculatorDialog::~CalculatorDialog()
void CalculatorDialog::showEvent(QShowEvent* event)
{
Q_UNUSED(event);
mValidateThread->start();
mValidateThread->start(ui->txtExpression->text());
}
void CalculatorDialog::hideEvent(QHideEvent* event)

42
x64_dbg_gui/Project/Src/Gui/EntropyDialog.cpp Normal file
View File

@ -0,0 +1,42 @@
#include "EntropyDialog.h"
#include "ui_EntropyDialog.h"
EntropyDialog::EntropyDialog(QWidget* parent) :
QDialog(parent),
ui(new Ui::EntropyDialog)
{
ui->setupUi(this);
#if QT_VERSION < QT_VERSION_CHECK(5,0,0)
setWindowFlags(Qt::Dialog | Qt::WindowSystemMenuHint | Qt::WindowTitleHint | Qt::MSWindowsFixedSizeDialogHint);
#endif
setFixedSize(this->size()); //fixed size
mBlockSize = 128;
mPointCount = 300;
mInitialized = false;
}
EntropyDialog::~EntropyDialog()
{
delete ui;
}
void EntropyDialog::GraphMemory(const unsigned char* data, int dataSize, QColor color)
{
initializeGraph();
ui->entropyView->GraphMemory(data, dataSize, mBlockSize, mPointCount, color);
}
void EntropyDialog::GraphFile(const QString & fileName, QColor color)
{
initializeGraph();
ui->entropyView->GraphFile(fileName, mBlockSize, mPointCount, color);
}
void EntropyDialog::initializeGraph()
{
if(mInitialized)
return;
mInitialized = true;
ui->entropyView->InitializeGraph();
}

30
x64_dbg_gui/Project/Src/Gui/EntropyDialog.h Normal file
View File

@ -0,0 +1,30 @@
#ifndef ENTROPYDIALOG_H
#define ENTROPYDIALOG_H
#include <QDialog>
namespace Ui
{
class EntropyDialog;
}
class EntropyDialog : public QDialog
{
Q_OBJECT
public:
explicit EntropyDialog(QWidget* parent = 0);
~EntropyDialog();
void GraphMemory(const unsigned char* data, int dataSize, QColor color = Qt::darkGreen);
void GraphFile(const QString & fileName, QColor color = Qt::darkGreen);
private:
Ui::EntropyDialog* ui;
int mBlockSize;
int mPointCount;
bool mInitialized;
void initializeGraph();
};
#endif // ENTROPYDIALOG_H

37
x64_dbg_gui/Project/Src/Gui/EntropyDialog.ui Normal file
View File

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>EntropyDialog</class>
<widget class="QDialog" name="EntropyDialog">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>744</width>
<height>226</height>
</rect>
</property>
<property name="windowTitle">
<string>Entropy</string>
</property>
<property name="windowIcon">
<iconset resource="../../resource.qrc">
<normaloff>:/icons/images/entropy.png</normaloff>:/icons/images/entropy.png</iconset>
</property>
<layout class="QVBoxLayout" name="verticalLayout">
<item>
<widget class="QEntropyView" name="entropyView"/>
</item>
</layout>
</widget>
<customwidgets>
<customwidget>
<class>QEntropyView</class>
<extends>QGraphicsView</extends>
<header>QEntropyView\QEntropyView.h</header>
</customwidget>
</customwidgets>
<resources>
<include location="../../resource.qrc"/>
</resources>
<connections/>
</ui>

1
x64_dbg_gui/Project/Src/Gui/GotoDialog.cpp
View File

@ -133,6 +133,7 @@ void GotoDialog::on_buttonOk_clicked()
QString expression = ui->editExpression->text();
ui->editExpression->addLineToHistory(expression);
ui->editExpression->setText("");
expressionChanged(false, false, 0);
expressionText = expression;
}

10
x64_dbg_gui/Project/Src/Gui/LogView.cpp
View File

@ -4,23 +4,19 @@
LogView::LogView(QWidget* parent) : QTextEdit(parent)
{
QFont wFont("Monospace", 8, QFont::Normal, false);
wFont.setStyleHint(QFont::Monospace);
wFont.setFixedPitch(true);
this->setFont(wFont);
updateStyle();
this->setUndoRedoEnabled(false);
this->setReadOnly(true);
connect(Bridge::getBridge(), SIGNAL(repaintTableView()), this, SLOT(updateStyle()));
connect(Config(), SIGNAL(colorsUpdated()), this, SLOT(updateStyle()));
connect(Config(), SIGNAL(fontsUpdated()), this, SLOT(updateStyle()));
connect(Bridge::getBridge(), SIGNAL(addMsgToLog(QString)), this, SLOT(addMsgToLogSlot(QString)));
connect(Bridge::getBridge(), SIGNAL(clearLog()), this, SLOT(clearLogSlot()));
}
void LogView::updateStyle()
{
setFont(ConfigFont("Log"));
setStyleSheet(QString("QTextEdit { color: %1; background-color: %2 }").arg(ConfigColor("AbstractTableViewTextColor").name(), ConfigColor("AbstractTableViewBackgroundColor").name()));
}

17
x64_dbg_gui/Project/Src/Gui/MainWindow.cpp
View File

@ -12,7 +12,6 @@
#include "ShortcutsDialog.h"
#include "AttachDialog.h"
#include "LineEditDialog.h"
#include "TimeWastedCounter.h"
MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWindow)
{
@ -24,11 +23,6 @@ MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWi
buildInfo->setEnabled(false);
ui->menuBar->addAction(buildInfo);
//time wasted counter
QAction* timeWastedLabel = new QAction(this);
ui->menuBar->addAction(timeWastedLabel);
TimeWastedCounter* timeWastedCounter = new TimeWastedCounter(this, timeWastedLabel);
//setup bridge signals
connect(Bridge::getBridge(), SIGNAL(updateWindowTitle(QString)), this, SLOT(updateWindowTitleSlot(QString)));
connect(Bridge::getBridge(), SIGNAL(addRecentFile(QString)), this, SLOT(addRecentFile(QString)));
@ -142,12 +136,18 @@ MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWi
mSnowmanView->setWindowTitle("Snowman");
mSnowmanView->setWindowIcon(QIcon(":/icons/images/snowman.png"));
// Notes manager
mNotesManager = new NotesManager(this);
mNotesManager->setWindowTitle("Notes");
mNotesManager->setWindowIcon(QIcon(":/icons/images/notes.png"));
//Create the tab widget
mTabWidget = new MHTabWidget(NULL);
//Setup tabs
addQWidgetTab(mCpuWidget);
addQWidgetTab(mLogView);
addQWidgetTab(mNotesManager);
addQWidgetTab(mBreakpointsView);
addQWidgetTab(mMemMapView);
addQWidgetTab(mCallStackView);
@ -172,6 +172,11 @@ MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWi
mLastLogLabel = new StatusLabel();
ui->statusBar->addPermanentWidget(mLastLogLabel, 1);
//time wasted counter
QLabel* timeWastedLabel = new QLabel(this);
ui->statusBar->addPermanentWidget(timeWastedLabel);
mTimeWastedCounter = new TimeWastedCounter(this, timeWastedLabel);
mPatchDialog = new PatchDialog(this);
mCalculatorDialog = new CalculatorDialog(this);
connect(mCalculatorDialog, SIGNAL(showCpu()), this, SLOT(displayCpuWidget()));

4
x64_dbg_gui/Project/Src/Gui/MainWindow.h
View File

@ -22,6 +22,8 @@
#include "SourceViewerManager.h"
#include "SnowmanView.h"
#include "MainWindowCloseThread.h"
#include "TimeWastedCounter.h"
#include "NotesManager.h"
namespace Ui
{
@ -127,11 +129,13 @@ private:
PatchDialog* mPatchDialog;
CalculatorDialog* mCalculatorDialog;
SnowmanView* mSnowmanView;
NotesManager* mNotesManager;
StatusLabel* mStatusLabel;
StatusLabel* mLastLogLabel;
UpdateChecker* mUpdateChecker;
TimeWastedCounter* mTimeWastedCounter;
const char* mWindowMainTitle;

6
x64_dbg_gui/Project/Src/Gui/MainWindow.ui
View File

@ -174,7 +174,11 @@
<addaction name="actionReportBug"/>
<addaction name="actionAbout"/>
</widget>
<widget class="QStatusBar" name="statusBar"/>
<widget class="QStatusBar" name="statusBar">
<property name="sizeGripEnabled">
<bool>false</bool>
</property>
</widget>
<widget class="QToolBar" name="cmdBar">
<property name="windowTitle">
<string>toolBar</string>

22
x64_dbg_gui/Project/Src/Gui/MemoryMapView.cpp
View File

@ -3,6 +3,7 @@
#include "Bridge.h"
#include "PageMemoryRights.h"
#include "YaraRuleSelectionDialog.h"
#include "EntropyDialog.h"
MemoryMapView::MemoryMapView(StdTable* parent) : StdTable(parent)
{
@ -97,6 +98,10 @@ void MemoryMapView::setupContextMenu()
this->addAction(mMemoryExecuteSingleshootToggle);
connect(mMemoryExecuteSingleshootToggle, SIGNAL(triggered()), this, SLOT(memoryExecuteSingleshootToggleSlot()));
//Entropy
mEntropy = new QAction(QIcon(":/icons/images/entropy.png"), "Entropy...", this);
connect(mEntropy, SIGNAL(triggered()), this, SLOT(entropy()));
refreshShortcutsSlot();
connect(Config(), SIGNAL(shortcutsUpdated()), this, SLOT(refreshShortcutsSlot()));
}
@ -116,6 +121,7 @@ void MemoryMapView::contextMenuSlot(const QPoint & pos)
wMenu->addAction(mFollowDisassembly);
wMenu->addAction(mFollowDump);
wMenu->addAction(mYara);
wMenu->addAction(mEntropy);
wMenu->addAction(mSwitchView);
wMenu->addSeparator();
wMenu->addAction(mPageMemoryRights);
@ -400,3 +406,19 @@ void MemoryMapView::switchView()
setTableOffset(0);
stateChangedSlot(paused);
}
void MemoryMapView::entropy()
{
uint_t addr = getCellContent(getInitialSelection(), 0).toULongLong(0, 16);
uint_t size = getCellContent(getInitialSelection(), 1).toULongLong(0, 16);
unsigned char* data = new unsigned char[size];
DbgMemRead(addr, data, size);
EntropyDialog entropyDialog(this);
entropyDialog.setWindowTitle(QString().sprintf("Entropy (Address: %p, Size: %p)", addr, size));
entropyDialog.show();
entropyDialog.GraphMemory(data, size);
entropyDialog.exec();
delete[] data;
}

3
x64_dbg_gui/Project/Src/Gui/MemoryMapView.h
View File

@ -33,6 +33,7 @@ public slots:
void switchView();
void pageMemoryRights();
void refreshMap();
void entropy();
private:
QString getProtectionString(DWORD Protect);
@ -55,7 +56,7 @@ private:
QAction* mMemoryExecuteRestore;
QAction* mMemoryRemove;
QAction* mMemoryExecuteSingleshootToggle;
QAction* mEntropy;
};
#endif // MEMORYMAPVIEW_H

35
x64_dbg_gui/Project/Src/Gui/NotepadView.cpp Normal file
View File

@ -0,0 +1,35 @@
#include "NotepadView.h"
#include "Configuration.h"
#include "Bridge.h"
#include <QMessageBox>
NotepadView::NotepadView(QWidget* parent) : QPlainTextEdit(parent)
{
updateStyle();
connect(Config(), SIGNAL(colorsUpdated()), this, SLOT(updateStyle()));
connect(Config(), SIGNAL(fontsUpdated()), this, SLOT(updateStyle()));
}
void NotepadView::updateStyle()
{
setFont(ConfigFont("Log"));
setStyleSheet(QString("QPlainTextEdit { color: %1; background-color: %2 }").arg(ConfigColor("AbstractTableViewTextColor").name(), ConfigColor("AbstractTableViewBackgroundColor").name()));
}
void NotepadView::setNotes(const QString text)
{
setPlainText(text);
}
void NotepadView::getNotes(void* ptr)
{
QByteArray text = toPlainText().replace('\n', "\r\n").toUtf8();
char* result = 0;
if(text.length())
{
result = (char*)BridgeAlloc(text.length() + 1);
strcpy_s(result, text.length() + 1, text.constData());
}
*(char**)ptr = result;
Bridge::getBridge()->setResult();
}

19
x64_dbg_gui/Project/Src/Gui/NotepadView.h Normal file
View File

@ -0,0 +1,19 @@
#ifndef NOTEPADVIEW_H
#define NOTEPADVIEW_H
#include <QPlainTextEdit>
class NotepadView : public QPlainTextEdit
{
Q_OBJECT
public:
explicit NotepadView(QWidget* parent = 0);
public slots:
void updateStyle();
void setNotes(const QString text);
void getNotes(void* ptr);
};
#endif // NOTEPADVIEW_H

15
x64_dbg_gui/Project/Src/Gui/NotesManager.cpp Normal file
View File

@ -0,0 +1,15 @@
#include "NotesManager.h"
#include "Bridge.h"
NotesManager::NotesManager(QWidget* parent) : QTabWidget(parent)
{
mGlobal = new NotepadView(this);
connect(Bridge::getBridge(), SIGNAL(setGlobalNotes(QString)), mGlobal, SLOT(setNotes(QString)));
connect(Bridge::getBridge(), SIGNAL(getGlobalNotes(void*)), mGlobal, SLOT(getNotes(void*)));
addTab(mGlobal, "Global");
mDebuggee = new NotepadView(this);
connect(Bridge::getBridge(), SIGNAL(setDebuggeeNotes(QString)), mDebuggee, SLOT(setNotes(QString)));
connect(Bridge::getBridge(), SIGNAL(getDebuggeeNotes(void*)), mDebuggee, SLOT(getNotes(void*)));
addTab(mDebuggee, "Debuggee");
}

19
x64_dbg_gui/Project/Src/Gui/NotesManager.h Normal file
View File

@ -0,0 +1,19 @@
#ifndef NOTESMANAGER_H
#define NOTESMANAGER_H
#include <QWidget>
#include <QTabWidget>
#include "NotepadView.h"
class NotesManager : public QTabWidget
{
Q_OBJECT
public:
explicit NotesManager(QWidget* parent = 0);
private:
NotepadView* mGlobal;
NotepadView* mDebuggee;
};
#endif // NOTESMANAGER_H

10
x64_dbg_gui/Project/Src/Gui/RegistersView.cpp
View File

@ -1289,6 +1289,16 @@ QSize RegistersView::sizeHint() const
return QSize(32 * mCharWidth , this->viewport()->height());
}
void* RegistersView::operator new(size_t size)
{
return _aligned_malloc(size, 16);
}
void RegistersView::operator delete(void* p)
{
_aligned_free(p);
}
QString RegistersView::getRegisterLabel(REGISTER_NAME register_selected)
{
char label_text[MAX_LABEL_SIZE] = "";

3
x64_dbg_gui/Project/Src/Gui/RegistersView.h
View File

@ -94,6 +94,9 @@ public:
QSize sizeHint() const;
static void* operator new(size_t size);
static void operator delete(void* p);
public slots:
void refreshShortcutsSlot();
void updateRegistersSlot();

19
x64_dbg_gui/Project/Src/Gui/SymbolView.cpp
View File

@ -4,6 +4,7 @@
#include "Configuration.h"
#include "Bridge.h"
#include "YaraRuleSelectionDialog.h"
#include "EntropyDialog.h"
SymbolView::SymbolView(QWidget* parent) : QWidget(parent), ui(new Ui::SymbolView)
{
@ -127,6 +128,9 @@ void SymbolView::setupContextMenu()
mYaraAction = new QAction(QIcon(":/icons/images/yara.png"), "&Yara...", this);
connect(mYaraAction, SIGNAL(triggered()), this, SLOT(moduleYara()));
mEntropyAction = new QAction(QIcon(":/icons/images/entropy.png"), "Entropy...", this);
connect(mEntropyAction, SIGNAL(triggered()), this, SLOT(moduleEntropy()));
//Shortcuts
refreshShortcutsSlot();
connect(Config(), SIGNAL(shortcutsUpdated()), this, SLOT(refreshShortcutsSlot()));
@ -249,6 +253,7 @@ void SymbolView::moduleContextMenu(const QPoint & pos)
if(DbgFunctions()->ModPathFromAddr(modbase, szModPath, _countof(szModPath)))
wMenu->addAction(mCopyPathAction);
wMenu->addAction(mYaraAction);
wMenu->addAction(mEntropyAction);
QMenu wCopyMenu("&Copy", this);
mModuleList->setupCopyMenu(&wCopyMenu);
if(wCopyMenu.actions().length())
@ -359,3 +364,17 @@ void SymbolView::toggleBookmark()
}
GuiUpdateAllViews();
}
void SymbolView::moduleEntropy()
{
int_t modbase = DbgValFromString(mModuleList->getCellContent(mModuleList->getInitialSelection(), 0).toUtf8().constData());
char szModPath[MAX_PATH] = "";
if(DbgFunctions()->ModPathFromAddr(modbase, szModPath, _countof(szModPath)))
{
EntropyDialog entropyDialog(this);
entropyDialog.setWindowTitle(QString("Entropy (%1)").arg(mModuleList->getCellContent(mModuleList->getInitialSelection(), 1)));
entropyDialog.show();
entropyDialog.GraphFile(QString(szModPath));
entropyDialog.exec();
}
}

2
x64_dbg_gui/Project/Src/Gui/SymbolView.h
View File

@ -38,6 +38,7 @@ private slots:
void toggleBreakpoint();
void toggleBookmark();
void refreshShortcutsSlot();
void moduleEntropy();
signals:
void showCpu();
@ -61,6 +62,7 @@ private:
QAction* mDownloadAllSymbolsAction;
QAction* mCopyPathAction;
QAction* mYaraAction;
QAction* mEntropyAction;
static void cbSymbolEnum(SYMBOLINFO* symbol, void* user);
};

5
x64_dbg_gui/Project/Src/Gui/TimeWastedCounter.cpp
View File

@ -1,10 +1,11 @@
#include "TimeWastedCounter.h"
#include "Bridge.h"
TimeWastedCounter::TimeWastedCounter(QObject* parent, QAction* label)
TimeWastedCounter::TimeWastedCounter(QObject* parent, QLabel* label)
: QObject(parent), mLabel(label)
{
mLabel->setEnabled(false);
mLabel->setFrameStyle(QFrame::Sunken | QFrame::Panel); //sunken style
mLabel->setStyleSheet("QLabel { background-color : #c0c0c0; }");
connect(Bridge::getBridge(), SIGNAL(updateTimeWastedCounter()), this, SLOT(updateTimeWastedCounter()));
}

6
x64_dbg_gui/Project/Src/Gui/TimeWastedCounter.h
View File

@ -2,19 +2,19 @@
#define TIMEWASTEDCOUNTER_H
#include <QObject>
#include <QAction>
#include <QLabel>
class TimeWastedCounter : public QObject
{
Q_OBJECT
public:
explicit TimeWastedCounter(QObject* parent, QAction* label);
explicit TimeWastedCounter(QObject* parent, QLabel* label);
private slots:
void updateTimeWastedCounter();
private:
QAction* mLabel;
QLabel* mLabel;
};
#endif // TIMEWASTEDCOUNTER_H

66
x64_dbg_gui/Project/Src/QEntropyView/Entropy.h Normal file
View File

@ -0,0 +1,66 @@
#ifndef ENTROPY_H
#define ENTROPY_H
#include <cmath>
#include <vector>
class Entropy
{
public:
static double MeasureData(const unsigned char* data, int dataSize)
{
int occurrences[256] = {};
for(int i = 0; i < dataSize; i++)
occurrences[data[i]]++;
double entropy = 0.0;
double logBase = log(256);
for(int i = 0; i < 256; i++)
{
if(occurrences[i] == 0)
continue;
double p = (double)occurrences[i] / (double)dataSize;
entropy += p * log(p) / logBase;
}
return -entropy;
}
static double MeasureByte(const unsigned char* data, int dataSize, int index, unsigned char* block, int blockSize)
{
if(dataSize < blockSize)
return -1;
int start = index - blockSize / 2;
int end = index + blockSize / 2;
if(start < 0)
{
end += -start;
start = 0;
}
else if(end > dataSize)
{
start -= end - dataSize;
end = dataSize;
}
for(int i = start; i < end; i++)
block[i - start] = data[i];
return MeasureData(block, blockSize);
}
static void MeasurePoints(const unsigned char* data, int dataSize, int blockSize, std::vector<double> & points, int pointCount)
{
points.clear();
if(dataSize < pointCount)
return;
if(dataSize % pointCount != 0)
pointCount += dataSize % pointCount;
unsigned char* block = new unsigned char[blockSize];
int interval = dataSize / pointCount;
points.reserve(pointCount);
for(int i = 0; i < dataSize; i += interval)
points.push_back(MeasureByte(data, dataSize, i, block, blockSize));
delete[] block;
}
};
#endif // ENTROPY_H

83
x64_dbg_gui/Project/Src/QEntropyView/QEntropyView.cpp Normal file
View File

@ -0,0 +1,83 @@
#include "QEntropyView.h"
#include <QFile>
#include "Entropy.h"
QEntropyView::QEntropyView(QWidget* parent) : QGraphicsView(parent)
{
mScene = new QGraphicsScene(this);
}
void QEntropyView::InitializeGraph(int penSize)
{
//initialize scene
qreal width = this->width() - 5;
qreal height = this->height() - 5;
mRect = QRectF(25, 10, width - 35, height - 20);
mPenSize = penSize;
mScene->clear();
//draw bounding box
mScene->addRect(QRectF(1, 1, width, height), QPen(Qt::black));
//draw scale
mScene->addLine(15, mRect.top(), 15, mRect.bottom(), QPen(Qt::black, 2));
const int xBegin = 10;
const int xEnd = 20;
qreal intervalY = mRect.height() / 10;
for(int i = 0; i < 11; i++)
{
qreal y = mRect.top() + i * intervalY;
mScene->addLine(xBegin, y, xEnd, y, QPen(Qt::black, 2));
}
//set scene
setRenderHints(QPainter::Antialiasing);
setScene(mScene);
}
void QEntropyView::AddGraph(const std::vector<double> & points, QColor color)
{
int pointCount = (int)points.size();
if(!pointCount)
return;
qreal intervalX = mRect.width() / ((qreal)pointCount - 1);
qreal intervalY = mRect.height() / 1;
QPolygonF polyLine;
for(int i = 0; i < pointCount; i++)
{
qreal x = i * intervalX;
qreal y = points[i] * intervalY;
QPointF point(mRect.x() + x, mRect.bottom() - y); //y direction is inverted...
polyLine.append(point);
}
QPainterPath path;
path.addPolygon(polyLine);
mScene->addPath(path, QPen(color, mPenSize));
}
void QEntropyView::GraphFile(const QString & fileName, int blockSize, int pointCount, QColor color)
{
QFile file(fileName);
if(!file.open(QIODevice::ReadOnly))
return;
QByteArray fileData = file.readAll();
file.close();
GraphMemory((unsigned char*)fileData.constData(), fileData.size(), blockSize, pointCount, color);
}
void QEntropyView::GraphMemory(const unsigned char* data, int dataSize, int blockSize, int pointCount, QColor color)
{
std::vector<double> points;
if(dataSize < blockSize)
{
blockSize = dataSize / 2;
if(!blockSize)
blockSize = 1;
}
if(dataSize < pointCount)
pointCount = (int)dataSize;
Entropy::MeasurePoints(data, dataSize, blockSize, points, pointCount);
AddGraph(points, color);
}

23
x64_dbg_gui/Project/Src/QEntropyView/QEntropyView.h Normal file
View File

@ -0,0 +1,23 @@
#ifndef QENTROPYVIEW_H
#define QENTROPYVIEW_H
#include <QGraphicsView>
#include <QGraphicsScene>
class QEntropyView : public QGraphicsView
{
Q_OBJECT
public:
explicit QEntropyView(QWidget* parent = 0);
void InitializeGraph(int penSize = 1);
void AddGraph(const std::vector<double> & points, QColor color = Qt::black);
void GraphFile(const QString & fileName, int blockSize, int pointCount, QColor = Qt::black);
void GraphMemory(const unsigned char* data, int dataSize, int blockSize, int pointCount, QColor = Qt::black);
private:
QGraphicsScene* mScene;
QRectF mRect;
int mPenSize;
};
#endif // QENTROPYVIEW_H

1
x64_dbg_gui/Project/Src/Utils/Configuration.cpp
View File

@ -183,6 +183,7 @@ Configuration::Configuration() : QObject()
defaultFonts.insert("Registers", font);
defaultFonts.insert("HexEdit", font);
defaultFonts.insert("Application", QApplication::font());
defaultFonts.insert("Log", QFont("Courier", 8, QFont::Normal, false));
// hotkeys settings
defaultShortcuts.insert("FileOpen", Shortcut(tr("File -> Open"), "F3", true));

21
x64_dbg_gui/Project/Src/Utils/FlickerThread.cpp Normal file
View File

@ -0,0 +1,21 @@
#include "FlickerThread.h"
#include <QStyle>
#include <Windows.h>
FlickerThread::FlickerThread(QWidget* widget, QObject* parent) : QThread(parent)
{
mWidget = widget;
}
void FlickerThread::run()
{
QString oldStyle = mWidget->styleSheet();
int delay = 300;
for(int i = 0; i < 3 ; i++)
{
emit setStyleSheet("QWidget { border: 2px solid red; }");
Sleep(delay);
emit setStyleSheet(oldStyle);
Sleep(delay);
}
}

21
x64_dbg_gui/Project/Src/Utils/FlickerThread.h Normal file
View File

@ -0,0 +1,21 @@
#ifndef FLICKERTHREAD_H
#define FLICKERTHREAD_H
#include <QThread>
#include <QWidget>
class FlickerThread : public QThread
{
Q_OBJECT
public:
explicit FlickerThread(QWidget* widget, QObject* parent = 0);
signals:
void setStyleSheet(QString style);
private:
void run();
QWidget* mWidget;
};
#endif // FLICKERTHREAD_H

9
x64_dbg_gui/Project/Src/Utils/ValidateExpressionThread.cpp
View File

@ -1,17 +1,14 @@
#include "ValidateExpressionThread.h"
ValidateExpressionThread::ValidateExpressionThread(QObject* parent) : QThread(parent), mExpressionChanged(false), mStopThread(false)
{ }
{
}
void ValidateExpressionThread::start(QString initialValue)
{
mStopThread = false;
QThread::start();
if(!initialValue.isEmpty())
{
textChanged(initialValue);
}
textChanged(initialValue);
}
void ValidateExpressionThread::stop()

BIN
x64_dbg_gui/Project/images/entropy.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 659 B

BIN
x64_dbg_gui/Project/images/notes.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 709 B

2
x64_dbg_gui/Project/resource.qrc
View File

@ -62,5 +62,7 @@
<file>images/highlight.png</file>
<file>images/label.png</file>
<file>images/snowman.png</file>
<file>images/entropy.png</file>
<file>images/notes.png</file>
</qresource>
</RCC>

18
x64_dbg_gui/Project/x64_dbg.pro
View File

@ -93,7 +93,12 @@ SOURCES += \
Src/Gui/SourceView.cpp \
Src/Utils/ValidateExpressionThread.cpp \
Src/Utils/MainWindowCloseThread.cpp \
Src/Gui/TimeWastedCounter.cpp
Src/Gui/TimeWastedCounter.cpp \
Src/Utils/FlickerThread.cpp \
Src/QEntropyView/QEntropyView.cpp \
Src/Gui/EntropyDialog.cpp \
Src/Gui/NotesManager.cpp \
Src/Gui/NotepadView.cpp
HEADERS += \
@ -166,7 +171,13 @@ HEADERS += \
Src/Utils/StringUtil.h \
Src/Utils/ValidateExpressionThread.h \
Src/Utils/MainWindowCloseThread.h \
Src/Gui/TimeWastedCounter.h
Src/Gui/TimeWastedCounter.h \
Src/Utils/FlickerThread.h \
Src/QEntropyView/Entropy.h \
Src/QEntropyView/QEntropyView.h \
Src/Gui/EntropyDialog.h \
Src/Gui/NotesManager.h \
Src/Gui/NotepadView.h
INCLUDEPATH += \
@ -203,7 +214,8 @@ FORMS += \
Src/Gui/PageMemoryRights.ui \
Src/Gui/SelectFields.ui \
Src/Gui/YaraRuleSelectionDialog.ui \
Src/Gui/DataCopyDialog.ui
Src/Gui/DataCopyDialog.ui \
Src/Gui/EntropyDialog.ui
INCLUDEPATH += $$PWD/Src/Bridge
INCLUDEPATH += $$PWD/Src/ThirdPartyLibs/snowman