x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

DBG: show jmp $0 for all types of NOP jumps

This commit is contained in:
mrexodia 2016-11-18 11:31:04 +01:00
parent 76e357cd5b
commit ed20fa8bcd
No known key found for this signature in database
GPG Key ID: FC89E0AAA0C1AAD8
4 changed files with 30 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/capstone_wrapper

@ -1 +1 @@
Subproject commit 140b284bd5ff56392b29baccaade6dc4cc79e997
Subproject commit 71894d7dce4cda46732ec8febecb01a7516178a5

8
src/dbg/_exports.cpp
View File

@ -270,8 +270,8 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR
ADDRINFO newinfo;
char string_text[MAX_STRING_SIZE] = "";
memset(&instr, 0, sizeof(DISASM_INSTR));
disasmget(addr, &instr);
Capstone cp;
disasmget(cp, addr, &instr);
for(int i = 0; i < instr.argcount; i++)
{
memset(&newinfo, 0, sizeof(ADDRINFO));
@ -282,9 +282,9 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR
if(instr.arg[i].constant == instr.arg[i].value) //avoid: call <module.label> ; addr:label
{
auto constant = instr.arg[i].constant;
if(instr.arg[i].type == arg_normal && instr.arg[i].value == addr + instr.instr_size && strstr(instr.instruction, "call"))
if(instr.arg[i].type == arg_normal && instr.arg[i].value == addr + instr.instr_size && cp.InGroup(CS_GRP_CALL))
temp_string.assign("call $0");
else if(instr.arg[i].type == arg_normal && instr.arg[i].value == addr + instr.instr_size && strstr(instr.instruction, "jmp"))
else if(instr.arg[i].type == arg_normal && instr.arg[i].value == addr + instr.instr_size && cp.InGroup(CS_GRP_JUMP))
temp_string.assign("jmp $0");
else if(instr.type == instr_branch)
continue;

30
src/dbg/disasm_helper.cpp
View File

@ -199,16 +199,9 @@ static void HandleCapstoneOperand(Capstone & cp, int opindex, DISASM_ARG* arg)
}
}
void disasmget(unsigned char* buffer, duint addr, DISASM_INSTR* instr)
void disasmget(Capstone & cp, unsigned char* buffer, duint addr, DISASM_INSTR* instr)
{
if(!DbgIsDebugging())
{
if(instr)
instr->argcount = 0;
return;
}
memset(instr, 0, sizeof(DISASM_INSTR));
Capstone cp;
cp.Disassemble(addr, buffer, MAX_DISASM_BUFFER);
if(trydisasm(buffer, addr, instr, cp.Success() ? cp.Size() : 1))
return;
@ -234,6 +227,27 @@ void disasmget(unsigned char* buffer, duint addr, DISASM_INSTR* instr)
HandleCapstoneOperand(cp, i, &instr->arg[i]);
}
void disasmget(Capstone & cp, duint addr, DISASM_INSTR* instr)
{
if(!DbgIsDebugging())
{
if(instr)
instr->argcount = 0;
return;
}
unsigned char buffer[MAX_DISASM_BUFFER] = "";
if(MemRead(addr, buffer, sizeof(buffer)))
disasmget(cp, buffer, addr, instr);
else
memset(instr, 0, sizeof(DISASM_INSTR)); // Buffer overflow
}
void disasmget(unsigned char* buffer, duint addr, DISASM_INSTR* instr)
{
Capstone cp;
disasmget(cp, buffer, addr, instr);
}
void disasmget(duint addr, DISASM_INSTR* instr)
{
if(!DbgIsDebugging())

3
src/dbg/disasm_helper.h
View File

@ -2,12 +2,15 @@
#define _DISASM_HELPER_H
#include "_global.h"
#include "capstone_wrapper.h"
//functions
duint disasmback(unsigned char* data, duint base, duint size, duint ip, int n);
duint disasmnext(unsigned char* data, duint base, duint size, duint ip, int n);
const char* disasmtext(duint addr);
void disasmprint(duint addr);
void disasmget(Capstone & cp, unsigned char* buffer, duint addr, DISASM_INSTR* instr);
void disasmget(Capstone & cp, duint addr, DISASM_INSTR* instr);
void disasmget(unsigned char* buffer, duint addr, DISASM_INSTR* instr);
void disasmget(duint addr, DISASM_INSTR* instr);
bool disasmispossiblestring(duint addr);