x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

DBG: updated 'findall' (maximum dumped occurrences = 5000) + dump data when the 3rd parameter equals '&data&'

This commit is contained in:
Mr. eXoDia 2014-07-05 17:11:52 +02:00
parent 64c2acd392
commit f62c38fb97
3 changed files with 36 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
x64_dbg_dbg/instruction.cpp
View File

@ -1060,20 +1060,26 @@ CMDRESULT cbInstrFindAll(int argc, char* argv[])
dprintf("invalid memory address "fhex"!\n", addr);
return STATUS_ERROR;
}
unsigned char* data=(unsigned char*)emalloc(size, "cbInstrFind:data");
unsigned char* data=(unsigned char*)emalloc(size, "cbInstrFindAll:data");
if(!memread(fdProcessInfo->hProcess, (const void*)base, data, size, 0))
{
efree(data, "cbInstrFind:data");
efree(data, "cbInstrFindAll:data");
dputs("failed to read memory!");
return STATUS_ERROR;
}
uint start=addr-base;
uint find_size=0;
bool findData=false;
if(argc>=4)
{
if(!valfromstring(argv[3], &find_size))
if(!_stricmp(argv[3], "&data&"))
{
find_size=size-start;
if(find_size>(size-start))
findData=true;
}
else if(!valfromstring(argv[3], &find_size))
find_size=size-start;
else if(find_size>(size-start))
find_size=size-start;
}
else
@ -1081,15 +1087,19 @@ CMDRESULT cbInstrFindAll(int argc, char* argv[])
//setup reference view
GuiReferenceDeleteAllColumns();
GuiReferenceAddColumn(2*sizeof(uint), "Address");
GuiReferenceAddColumn(0, "Disassembly");
if(findData)
GuiReferenceAddColumn(0, "&Data&");
else
GuiReferenceAddColumn(0, "Disassembly");
GuiReferenceReloadData();
DWORD ticks=GetTickCount();
int refCount=0;
uint i=0;
uint result=0;
while(true)
while(refCount < 5000)
{
uint foundoffset=memfindpattern(data+start+i, find_size-i, pattern);
int patternsize=0;
uint foundoffset=memfindpattern(data+start+i, find_size-i, pattern, &patternsize);
if(foundoffset==-1)
break;
i+=foundoffset+1;
@ -1098,14 +1108,27 @@ CMDRESULT cbInstrFindAll(int argc, char* argv[])
sprintf(msg, fhex, result);
GuiReferenceSetRowCount(refCount+1);
GuiReferenceSetCellContent(refCount, 0, msg);
GuiGetDisassembly(result, msg);
if(findData)
{
unsigned char* printData=(unsigned char*)emalloc(patternsize, "cbInstrFindAll:printData");
memread(fdProcessInfo->hProcess, (const void*)result, printData, patternsize, 0);
for(int j=0,k=0; j<patternsize; j++)
{
if(j)
k+=sprintf(msg+k, " ");
k+=sprintf(msg+k, "%.2X", printData[j]);
}
efree(printData, "cbInstrFindAll:printData");
}
else
GuiGetDisassembly(result, msg);
GuiReferenceSetCellContent(refCount, 1, msg);
result++;
refCount++;
}
GuiReferenceReloadData();
dprintf("%d occurrences found in %ums\n", refCount, GetTickCount()-ticks);
efree(data, "cbInstrFind:data");
efree(data, "cbInstrFindAll:data");
varset("$result", refCount, false);
return STATUS_CONTINUE;
}

4
x64_dbg_dbg/memory.cpp
View File

@ -176,12 +176,14 @@ static bool patternmatchbyte(unsigned char byte, PATTERNBYTE* pbyte)
return (matched==2);
}
uint memfindpattern(unsigned char* data, uint size, const char* pattern)
uint memfindpattern(unsigned char* data, uint size, const char* pattern, int* patternsize)
{
std::vector<PATTERNBYTE> searchpattern;
if(!patterntransform(pattern, &searchpattern))
return -1;
int searchpatternsize=searchpattern.size();
if(patternsize)
*patternsize=searchpatternsize;
for(uint i=0,pos=0; i<size; i++) //search for the pattern
{
if(patternmatchbyte(data[i], &searchpattern.at(pos))) //check if our pattern matches the current byte

2
x64_dbg_dbg/memory.h
View File

@ -22,6 +22,6 @@ bool memwrite(HANDLE hProcess, void* lpBaseAddress, const void* lpBuffer, SIZE_T
bool memisvalidreadptr(HANDLE hProcess, uint addr);
void* memalloc(HANDLE hProcess, uint addr, DWORD size, DWORD fdProtect);
void memfree(HANDLE hProcess, uint addr);
uint memfindpattern(unsigned char* data, uint size, const char* pattern);
uint memfindpattern(unsigned char* data, uint size, const char* pattern, int* patternsize = 0);
#endif // _MEMORY_H