DBG: fixed the Yara command to support module names

2015-07-11 00:22:50 +02:00 · 2015-07-11 00:22:50 +02:00 · f9ea03e863
parent fa67d56ef4
commit f9ea03e863
1 changed files with 27 additions and 12 deletions
--- a/x64_dbg_dbg/instruction.cpp
+++ b/x64_dbg_dbg/instruction.cpp
@ -1679,19 +1679,34 @@ CMDRESULT cbInstrYara(int argc, char* argv[])
        return STATUS_ERROR;
    }
    uint addr = 0;
-    if(argc < 3 || !valfromstring(argv[2], &addr))
-    {
-        SELECTIONDATA sel;
-        GuiSelectionGet(GUI_DISASSEMBLY, &sel);
-        addr = sel.start;
-    }
+    SELECTIONDATA sel;
+    GuiSelectionGet(GUI_DISASSEMBLY, &sel);
+    addr = sel.start;
+
+    uint base = 0;
    uint size = 0;
-    if(argc >= 4)
-        if(!valfromstring(argv[3], &size))
-            size = 0;
-    if(!size)
-        addr = MemFindBaseAddr(addr, &size);
-    uint base = addr;
+    uint mod = ModBaseFromName(argv[2]);
+    if(mod)
+    {
+        base = mod;
+        size = ModSizeFromAddr(base);
+    }
+    else
+    {
+        if(!valfromstring(argv[2], &addr))
+        {
+            dprintf("invalid value \"%s\"!\n", argv[2]);
+            return STATUS_ERROR;
+        }
+
+        size = 0;
+        if(argc >= 4)
+            if(!valfromstring(argv[3], &size))
+                size = 0;
+        if(!size)
+            addr = MemFindBaseAddr(addr, &size);
+        base = addr;
+    }
    Memory<uint8_t*> data(size);
    if(!MemRead((void*)base, data(), size, 0))
    {