x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 2 Activity

Add "All User Modules","All System Modules" To RMB

This commit is contained in:
Reza Feizi 2022-06-06 08:44:04 +04:30 committed by GitHub
parent f451111a2b
commit f8d4559c7c
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 402 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
src/dbg/commands/cmd-searching.cpp
View File

@ -218,6 +218,200 @@ bool cbInstrFindAll(int argc, char* argv[])
return true;
}
bool cbInstrFindAllUserMem(int argc, char* argv[])
{
if (IsArgumentsLessThan(argc, 3))
return false;
duint addr = 0;
if (!valfromstring(argv[1], &addr, false))
return false;
std::vector<PatternByte> searchpattern;
String patternshort;
if (!handlePatternArgument(argv[2], searchpattern, &patternshort))
{
dputs(QT_TRANSLATE_NOOP("DBG", "Failed to transform pattern!"));
return false;
}
duint find_size = -1;
bool findData = false;
if (argc >= 4)
{
if (!_stricmp(argv[3], "&data&"))
findData = true;
else if (!valfromstring(argv[3], &find_size))
findData = false;
}
SHARED_ACQUIRE(LockMemoryPages);
std::vector<SimplePage> searchPages;
for (auto & itr : memoryPages)
{
if (itr.second.mbi.State != MEM_COMMIT)
continue;
int party = ModGetParty(duint(itr.second.mbi.BaseAddress));
if (party != mod_user)
continue;
SimplePage page(duint(itr.second.mbi.BaseAddress), itr.second.mbi.RegionSize);
if (page.address >= addr && (find_size == -1 || page.address + page.size <= addr + find_size))
searchPages.push_back(page);
}
SHARED_RELEASE();
DWORD ticks = GetTickCount();
std::vector<duint> results;
if (!MemFindInMap(searchPages, searchpattern, results, maxFindResults))
{
dputs(QT_TRANSLATE_NOOP("DBG", "MemFindInMap failed!"));
return false;
}
//setup reference view
String patterntitle = StringUtils::sprintf(GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Pattern: %s")), patternshort.c_str());
GuiReferenceInitialize(patterntitle.c_str());
GuiReferenceAddColumn(2 * sizeof(duint), GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Address")));
if (findData)
GuiReferenceAddColumn(0, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Data")));
else
GuiReferenceAddColumn(0, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Disassembly")));
GuiReferenceSetRowCount(0);
GuiReferenceReloadData();
int refCount = 0;
for (duint result : results)
{
char msg[deflen] = "";
sprintf_s(msg, "%p", result);
GuiReferenceSetRowCount(refCount + 1);
GuiReferenceSetCellContent(refCount, 0, msg);
if (findData)
{
Memory<unsigned char*> printData(searchpattern.size(), "cbInstrFindAll:printData");
MemRead(result, printData(), printData.size());
for (size_t j = 0, k = 0; j < printData.size(); j++)
{
if (j)
k += sprintf_s(msg + k, sizeof(msg) - k, " ");
k += sprintf_s(msg + k, sizeof(msg) - k, "%.2X", printData()[j]);
}
}
else
{
if (!GuiGetDisassembly(result, msg))
strcpy_s(msg, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "[Error disassembling]")));
}
GuiReferenceSetCellContent(refCount, 1, msg);
refCount++;
}
GuiReferenceReloadData();
dprintf(QT_TRANSLATE_NOOP("DBG", "%d occurrences found in %ums\n"), refCount, GetTickCount() - ticks);
varset("$result", refCount, false);
return true;
}
bool cbInstrFindAllSystemMem(int argc, char* argv[])
{
if (IsArgumentsLessThan(argc, 3))
return false;
duint addr = 0;
if (!valfromstring(argv[1], &addr, false))
return false;
std::vector<PatternByte> searchpattern;
String patternshort;
if (!handlePatternArgument(argv[2], searchpattern, &patternshort))
{
dputs(QT_TRANSLATE_NOOP("DBG", "Failed to transform pattern!"));
return false;
}
duint find_size = -1;
bool findData = false;
if (argc >= 4)
{
if (!_stricmp(argv[3], "&data&"))
findData = true;
else if (!valfromstring(argv[3], &find_size))
findData = false;
}
SHARED_ACQUIRE(LockMemoryPages);
std::vector<SimplePage> searchPages;
for (auto & itr : memoryPages)
{
if (itr.second.mbi.State != MEM_COMMIT)
continue;
int party = ModGetParty(duint(itr.second.mbi.BaseAddress));
if (party != mod_system)
continue;
SimplePage page(duint(itr.second.mbi.BaseAddress), itr.second.mbi.RegionSize);
if (page.address >= addr && (find_size == -1 || page.address + page.size <= addr + find_size))
searchPages.push_back(page);
}
SHARED_RELEASE();
DWORD ticks = GetTickCount();
std::vector<duint> results;
if (!MemFindInMap(searchPages, searchpattern, results, maxFindResults))
{
dputs(QT_TRANSLATE_NOOP("DBG", "MemFindInMap failed!"));
return false;
}
//setup reference view
String patterntitle = StringUtils::sprintf(GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Pattern: %s")), patternshort.c_str());
GuiReferenceInitialize(patterntitle.c_str());
GuiReferenceAddColumn(2 * sizeof(duint), GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Address")));
if (findData)
GuiReferenceAddColumn(0, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Data")));
else
GuiReferenceAddColumn(0, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Disassembly")));
GuiReferenceSetRowCount(0);
GuiReferenceReloadData();
int refCount = 0;
for (duint result : results)
{
char msg[deflen] = "";
sprintf_s(msg, "%p", result);
GuiReferenceSetRowCount(refCount + 1);
GuiReferenceSetCellContent(refCount, 0, msg);
if (findData)
{
Memory<unsigned char*> printData(searchpattern.size(), "cbInstrFindAll:printData");
MemRead(result, printData(), printData.size());
for (size_t j = 0, k = 0; j < printData.size(); j++)
{
if (j)
k += sprintf_s(msg + k, sizeof(msg) - k, " ");
k += sprintf_s(msg + k, sizeof(msg) - k, "%.2X", printData()[j]);
}
}
else
{
if (!GuiGetDisassembly(result, msg))
strcpy_s(msg, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "[Error disassembling]")));
}
GuiReferenceSetCellContent(refCount, 1, msg);
refCount++;
}
GuiReferenceReloadData();
dprintf(QT_TRANSLATE_NOOP("DBG", "%d occurrences found in %ums\n"), refCount, GetTickCount() - ticks);
varset("$result", refCount, false);
return true;
}
bool cbInstrFindAllMem(int argc, char* argv[])
{
if(IsArgumentsLessThan(argc, 3))
@ -354,7 +548,7 @@ bool cbInstrFindAsm(int argc, char* argv[])
duint refFindType = CURRENT_REGION;
if(argc >= 5 && valfromstring(argv[4], &refFindType, true))
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != ALL_MODULES)
if (refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != User_MODULES && refFindType != System_MODULES && refFindType != ALL_MODULES)
refFindType = CURRENT_REGION;
unsigned char dest[16];
@ -492,7 +686,7 @@ bool cbInstrRefFindRange(int argc, char* argv[])
duint refFindType = CURRENT_REGION;
if(argc >= 6 && valfromstring(argv[5], &refFindType, true))
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != ALL_MODULES)
if (refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != User_MODULES && refFindType != System_MODULES && refFindType != ALL_MODULES)
refFindType = CURRENT_REGION;
int found = RefFind(addr, size, cbRefFind, &range, false, title, (REFFINDTYPE)refFindType, false);
@ -610,7 +804,7 @@ bool cbInstrRefStr(int argc, char* argv[])
duint refFindType = CURRENT_REGION;
if(argc >= 4 && valfromstring(argv[3], &refFindType, true))
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != ALL_MODULES)
if (refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != User_MODULES && refFindType != System_MODULES && refFindType != ALL_MODULES)
refFindType = CURRENT_REGION;
TranslatedString = GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Strings"));
@ -741,7 +935,7 @@ bool cbInstrModCallFind(int argc, char* argv[])
duint refFindType = CURRENT_REGION;
if(argc >= 4 && valfromstring(argv[3], &refFindType, true))
if(refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != ALL_MODULES)
if (refFindType != CURRENT_REGION && refFindType != CURRENT_MODULE && refFindType != User_MODULES && refFindType != System_MODULES && refFindType != ALL_MODULES)
refFindType = CURRENT_REGION;
duint ticks = GetTickCount();

2
src/dbg/commands/cmd-searching.h
View File

@ -5,6 +5,8 @@
bool cbInstrFind(int argc, char* argv[]);
bool cbInstrFindAll(int argc, char* argv[]);
bool cbInstrFindAllMem(int argc, char* argv[]);
bool cbInstrFindAllUserMem(int argc, char* argv[]);
bool cbInstrFindAllSystemMem(int argc, char* argv[]);
bool cbInstrFindAsm(int argc, char* argv[]);
bool cbInstrRefFind(int argc, char* argv[]);
bool cbInstrRefFindRange(int argc, char* argv[]);

124
src/dbg/reference.cpp
View File

@ -117,6 +117,130 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
GuiReferenceSetProgress(percent);
}, disasmText);
}
else if (type == User_MODULES) // Search in All User Modules
{
bool initCallBack = true;
struct RefModInfo
{
duint base;
duint size;
char name[MAX_MODULE_SIZE];
};
std::vector<RefModInfo> modList;
ModEnum([&modList](const MODINFO& mod)
{
RefModInfo info;
info.base = mod.base;
info.size = mod.size;
strncpy_s(info.name, mod.name, _TRUNCATE);
strncat_s(info.name, mod.extension, _TRUNCATE);
modList.push_back(info);
});
if (!modList.size())
{
if (!Silent)
dprintf(QT_TRANSLATE_NOOP("DBG", "Couldn't get module list"));
return 0;
}
// Initialize disassembler
Zydis cp;
// Determine the full module
sprintf_s(fullName, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "User Modules (%s)")), Name);
// Allow an "initialization" notice
refInfo.refcount = 0;
refInfo.userinfo = UserData;
refInfo.name = fullName;
for (duint i = 0; i < modList.size(); i++)
{
int party = ModGetParty(duint(modList[i].base));
if (party != mod_user)
continue;
scanStart = modList[i].base;
scanSize = modList[i].size;
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, cp, initCallBack, [&i, &modList](int percent)
{
float fPercent = (float)percent / 100.f;
float fTotalPercent = ((float)i + fPercent) / (float)modList.size();
int totalPercent = (int)floor(fTotalPercent * 100.f);
GuiReferenceSetCurrentTaskProgress(percent, modList[i].name);
GuiReferenceSetProgress(totalPercent);
}, disasmText);
initCallBack = false;
}
}
else if (type == System_MODULES) // Search in All System Modules
{
bool initCallBack = true;
struct RefModInfo
{
duint base;
duint size;
char name[MAX_MODULE_SIZE];
};
std::vector<RefModInfo> modList;
ModEnum([&modList](const MODINFO& mod)
{
RefModInfo info;
info.base = mod.base;
info.size = mod.size;
strncpy_s(info.name, mod.name, _TRUNCATE);
strncat_s(info.name, mod.extension, _TRUNCATE);
modList.push_back(info);
});
if (!modList.size())
{
if (!Silent)
dprintf(QT_TRANSLATE_NOOP("DBG", "Couldn't get module list"));
return 0;
}
// Initialize disassembler
Zydis cp;
// Determine the full module
sprintf_s(fullName, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "System Modules (%s)")), Name);
// Allow an "initialization" notice
refInfo.refcount = 0;
refInfo.userinfo = UserData;
refInfo.name = fullName;
for (duint i = 0; i < modList.size(); i++)
{
int party = ModGetParty(duint(modList[i].base));
if (party != mod_system)
continue;
scanStart = modList[i].base;
scanSize = modList[i].size;
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, cp, initCallBack, [&i, &modList](int percent)
{
float fPercent = (float)percent / 100.f;
float fTotalPercent = ((float)i + fPercent) / (float)modList.size();
int totalPercent = (int)floor(fTotalPercent * 100.f);
GuiReferenceSetCurrentTaskProgress(percent, modList[i].name);
GuiReferenceSetProgress(totalPercent);
}, disasmText);
initCallBack = false;
}
}
else if(type == ALL_MODULES) // Search in all Modules
{
bool initCallBack = true;

4
src/dbg/reference.h
View File

@ -16,7 +16,9 @@ typedef enum
{
CURRENT_REGION,
CURRENT_MODULE,
ALL_MODULES
ALL_MODULES,
User_MODULES,
System_MODULES
} REFFINDTYPE;
// Reference callback typedef

2
src/dbg/x64dbg.cpp
View File

@ -271,6 +271,8 @@ static void registercommands()
dbgcmdnew("find", cbInstrFind, true); //find a pattern
dbgcmdnew("findall", cbInstrFindAll, true); //find all patterns
dbgcmdnew("findallmem,findmemall", cbInstrFindAllMem, true); //memory map pattern find
dbgcmdnew("findallusermem,findmemalluser", cbInstrFindAllUserMem, true); //memory map pattern find(All User memory)
dbgcmdnew("findallsysmem,findmemallsystem", cbInstrFindAllSystemMem, true); //memory map pattern find(All System memory)
dbgcmdnew("findasm,asmfind", cbInstrFindAsm, true); //find instruction
dbgcmdnew("reffind,findref,ref", cbInstrRefFind, true); //find references to a value
dbgcmdnew("reffindrange,findrefrange,refrange", cbInstrRefFindRange, true);

60
src/gui/Src/Gui/CPUDisassembly.cpp
View File

@ -574,6 +574,8 @@ void CPUDisassembly::setupRightClickContextMenu()
return DbgFunctionGet(rvaToVa(getInitialSelection()), &start, &end);
});
MenuBuilder* mSearchAllMenu = new MenuBuilder(this);
MenuBuilder* mSearchAllUserMenu = new MenuBuilder(this);
MenuBuilder* mSearchAllSystemMenu = new MenuBuilder(this);
// Search in Current Region menu
mFindCommandRegion = makeShortcutAction(DIcon("search_for_command.png"), tr("C&ommand"), SLOT(findCommandSlot()), "ActionFind");
@ -619,6 +621,34 @@ void CPUDisassembly::setupRightClickContextMenu()
mSearchFunctionMenu->addAction(mFindPatternFunction);
mSearchFunctionMenu->addAction(mFindGUIDFunction);
// Search in All User Modules menu
mFindCommandAllUser = makeAction(DIcon("search_for_command.png"), tr("C&ommand"), SLOT(findCommandSlot()));
mFindConstantAllUser = makeAction(DIcon("search_for_constant.png"), tr("&Constant"), SLOT(findConstantSlot()));
mFindStringsAllUser = makeAction(DIcon("search_for_string.png"), tr("&String references"), SLOT(findStringsSlot()));
mFindCallsAllUser = makeAction(DIcon("call.png"), tr("&Intermodular calls"), SLOT(findCallsSlot()));
mFindPatternAllUser = makeAction(DIcon("search_for_pattern.png"), tr("&Pattern"), SLOT(findPatternSlot()));
mFindGUIDAllUser = makeAction(DIcon("guid.png"), tr("&GUID"), SLOT(findGUIDSlot()));
mSearchAllUserMenu->addAction(mFindCommandAllUser);
mSearchAllUserMenu->addAction(mFindConstantAllUser);
mSearchAllUserMenu->addAction(mFindStringsAllUser);
mSearchAllUserMenu->addAction(mFindCallsAllUser);
mSearchAllUserMenu->addAction(mFindPatternAllUser);
mSearchAllUserMenu->addAction(mFindGUIDAllUser);
// Search in All System Modules menu
mFindCommandAllSystem = makeAction(DIcon("search_for_command.png"), tr("C&ommand"), SLOT(findCommandSlot()));
mFindConstantAllSystem = makeAction(DIcon("search_for_constant.png"), tr("&Constant"), SLOT(findConstantSlot()));
mFindStringsAllSystem = makeAction(DIcon("search_for_string.png"), tr("&String references"), SLOT(findStringsSlot()));
mFindCallsAllSystem = makeAction(DIcon("call.png"), tr("&Intermodular calls"), SLOT(findCallsSlot()));
mFindPatternAllSystem = makeAction(DIcon("search_for_pattern.png"), tr("&Pattern"), SLOT(findPatternSlot()));
mFindGUIDAllSystem = makeAction(DIcon("guid.png"), tr("&GUID"), SLOT(findGUIDSlot()));
mSearchAllSystemMenu->addAction(mFindCommandAllSystem);
mSearchAllSystemMenu->addAction(mFindConstantAllSystem);
mSearchAllSystemMenu->addAction(mFindStringsAllSystem);
mSearchAllSystemMenu->addAction(mFindCallsAllSystem);
mSearchAllSystemMenu->addAction(mFindPatternAllSystem);
mSearchAllSystemMenu->addAction(mFindGUIDAllSystem);
// Search in All Modules menu
mFindCommandAll = makeAction(DIcon("search_for_command.png"), tr("C&ommand"), SLOT(findCommandSlot()));
mFindConstantAll = makeAction(DIcon("search_for_constant.png"), tr("&Constant"), SLOT(findConstantSlot()));
@ -637,6 +667,8 @@ void CPUDisassembly::setupRightClickContextMenu()
searchMenu->addMenu(makeMenu(DIcon("search_current_module.png"), tr("Current Module")), mSearchModuleMenu);
QMenu* searchFunctionMenu = makeMenu(tr("Current Function"));
searchMenu->addMenu(searchFunctionMenu, mSearchFunctionMenu);
searchMenu->addMenu(makeMenu(DIcon("search_all_modules.png"), tr("All User Modules")), mSearchAllUserMenu);
searchMenu->addMenu(makeMenu(DIcon("search_all_modules.png"), tr("All System Modules")), mSearchAllSystemMenu);
searchMenu->addMenu(makeMenu(DIcon("search_all_modules.png"), tr("All Modules")), mSearchAllMenu);
mMenuBuilder->addMenu(makeMenu(DIcon("search-for.png"), tr("&Search for")), searchMenu);
@ -1088,6 +1120,10 @@ void CPUDisassembly::findConstantSlot()
refFindType = 1;
else if(sender() == mFindConstantAll)
refFindType = 2;
else if(sender() == mFindConstantAllUser)
refFindType = 3;
else if(sender() == mFindConstantAllSystem)
refFindType = 4;
else if(sender() == mFindConstantFunction)
refFindType = -1;
@ -1118,6 +1154,10 @@ void CPUDisassembly::findStringsSlot()
refFindType = 1;
else if(sender() == mFindStringsAll)
refFindType = 2;
else if(sender() == mFindStringsAllUser)
refFindType = 3;
else if(sender() == mFindStringsAllSystem)
refFindType = 4;
else if(sender() == mFindStringsFunction)
{
duint start, end;
@ -1141,6 +1181,10 @@ void CPUDisassembly::findCallsSlot()
refFindType = 1;
else if(sender() == mFindCallsAll)
refFindType = 2;
else if(sender() == mFindCallsAllUser)
refFindType = 3;
else if(sender() == mFindCallsAllSystem)
refFindType = 4;
else if(sender() == mFindCallsFunction)
refFindType = -1;
@ -1187,6 +1231,10 @@ void CPUDisassembly::findPatternSlot()
}
if(sender() == mFindPatternAll)
command = QString("findallmem %1, %2, %3").arg(ToPtrString(addr)).arg(hexEdit.mHexEdit->pattern()).arg("&data&");
if(sender() == mFindPatternAllUser)
command = QString("findmemalluser %1, %2, %3").arg(ToPtrString(addr)).arg(hexEdit.mHexEdit->pattern()).arg("&data&");
if(sender() == mFindPatternAllSystem)
command = QString("findmemallsystem %1, %2, %3").arg(ToPtrString(addr)).arg(hexEdit.mHexEdit->pattern()).arg("&data&");
if(!command.length())
command = QString("findall %1, %2").arg(ToHexString(addr), hexEdit.mHexEdit->pattern());
@ -1203,6 +1251,10 @@ void CPUDisassembly::findGUIDSlot()
refFindType = 1;
else if(sender() == mFindGUIDAll)
refFindType = 2;
else if(sender() == mFindGUIDAllUser)
refFindType = 3;
else if(sender() == mFindGUIDAllSystem)
refFindType = 4;
else if(sender() == mFindGUIDFunction)
refFindType = -1;
@ -1682,10 +1734,14 @@ void CPUDisassembly::findCommandSlot()
refFindType = 0;
else if(sender() == mFindCommandModule)
refFindType = 1;
else if(sender() == mFindCommandFunction)
refFindType = -1;
else if(sender() == mFindCommandAll)
refFindType = 2;
else if(sender() == mFindCommandAllUser)
refFindType = 3;
else if(sender() == mFindCommandAllSystem)
refFindType = 4;
else if(sender() == mFindCommandFunction)
refFindType = -1;
LineEditDialog mLineEdit(this);
mLineEdit.enableCheckBox(refFindType == 0);

15
src/gui/Src/Gui/CPUDisassembly.h
View File

@ -144,6 +144,20 @@ private:
QAction* mFindPatternFunction;
QAction* mFindGUIDFunction;
QAction* mFindCommandAllUser;
QAction* mFindConstantAllUser;
QAction* mFindStringsAllUser;
QAction* mFindCallsAllUser;
QAction* mFindPatternAllUser;
QAction* mFindGUIDAllUser;
QAction* mFindCommandAllSystem;
QAction* mFindConstantAllSystem;
QAction* mFindStringsAllSystem;
QAction* mFindCallsAllSystem;
QAction* mFindPatternAllSystem;
QAction* mFindGUIDAllSystem;
QAction* mFindCommandAll;
QAction* mFindConstantAll;
QAction* mFindStringsAll;
@ -151,6 +165,7 @@ private:
QAction* mFindPatternAll;
QAction* mFindGUIDAll;
// Goto dialog specific
GotoDialog* mGoto = nullptr;
GotoDialog* mGotoOffset = nullptr;