Press ENTER : Follow memory operand in dump/stack

2020-07-13 23:03:01 +08:00 · 2020-07-13 23:03:01 +08:00 · eaf11a2292
parent b7f8432c57
commit eaf11a2292
2 changed files with 60 additions and 2 deletions
--- a/src/dbg/disasm_helper.cpp
+++ b/src/dbg/disasm_helper.cpp
@ -152,6 +152,30 @@ static void HandleZydisOperand(Zydis & cp, int opindex, DISASM_ARG* arg, bool ge
            arg->segment = ArchValue(SEG_FS, SEG_GS);
            value += ThreadGetLocalBase(ThreadGetId(hActiveThread));
        }
+        else
+        {
+            switch(mem.segment)
+            {
+            case ZYDIS_REGISTER_CS:
+                arg->segment = SEG_CS;
+                break;
+            case ZYDIS_REGISTER_DS:
+                arg->segment = SEG_DS;
+                break;
+            case ZYDIS_REGISTER_ES:
+                arg->segment = SEG_ES;
+                break;
+            case ZYDIS_REGISTER_FS:
+                arg->segment = SEG_FS;
+                break;
+            case ZYDIS_REGISTER_GS:
+                arg->segment = SEG_GS;
+                break;
+            case ZYDIS_REGISTER_SS:
+                arg->segment = SEG_SS;
+                break;
+            }
+        }
        arg->value = value;
        if(DbgMemIsValidReadPtr(value))
        {
--- a/src/gui/Src/BasicView/Disassembly.cpp
+++ b/src/gui/Src/BasicView/Disassembly.cpp
@ -896,10 +896,44 @@ void Disassembly::keyPressEvent(QKeyEvent* event)
    else if(key == Qt::Key_Return || key == Qt::Key_Enter)
    {
        ShowDisassemblyPopup(0, 0, 0);
+        // Follow branch instruction
        duint dest = DbgGetBranchDestination(rvaToVa(getInitialSelection()));
-        if(!DbgMemIsValidReadPtr(dest))
+        if(DbgMemIsValidReadPtr(dest))
+        {
+            gotoAddress(dest);
            return;
-        gotoAddress(dest);
+        }
+        // Follow memory operand in dump
+        DISASM_INSTR instr;
+        DbgDisasmAt(rvaToVa(getInitialSelection()), &instr);
+        for(int op = 0; op < instr.argcount; op++)
+        {
+            if(instr.arg[op].type == arg_memory)
+            {
+                dest = instr.arg[op].value;
+                if(DbgMemIsValidReadPtr(dest))
+                {
+                    if(instr.arg[op].segment == SEG_SS)
+                        DbgCmdExec(QString("sdump %1").arg(ToPtrString(dest)).toUtf8().constData());
+                    else
+                        DbgCmdExec(QString("dump %1").arg(ToPtrString(dest)).toUtf8().constData());
+                    return;
+                }
+            }
+        }
+        // Follow constant in dump
+        for(int op = 0; op < instr.argcount; op++)
+        {
+            if(instr.arg[op].type == arg_normal)
+            {
+                dest = instr.arg[op].value;
+                if(DbgMemIsValidReadPtr(dest))
+                {
+                    DbgCmdExec(QString("dump %1").arg(ToPtrString(dest)).toUtf8().constData());
+                    return;
+                }
+            }
+        }
    }
    else
        AbstractTableView::keyPressEvent(event);