DBG: implemented findasm instruction

This commit is contained in:
Mr. eXoDia 2014-08-09 15:18:03 +02:00
parent 00ae54bdec
commit 1a0df393d6
7 changed files with 101 additions and 7 deletions

29
help/findasm_asmfind.htm Normal file
View File

@ -0,0 +1,29 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>findasm/asmfind</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>findasm[,asmfind]<BR></STRONG>Find assembled
instruction.</P>
<P class=rvps3><SPAN class=rvts11><U>arguments</U> <BR></SPAN><SPAN class=rvts9>&nbsp; arg1: Instruction to look for (make sure to use "mov
eax, ebx" to ensure you actually search for that instruction). </SPAN></P>
<P class=rvps3><SPAN class=rvts9>[arg2]:
Address&nbsp;of/inside a memory page to look in. When not specified CIP will be
used.&nbsp; </SPAN></P>
<P class=rvps3><SPAN class=rvts9>[arg3]: The
size of the data to search in. </SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>result <BR></U></SPAN><SPAN class=rvts9>The $result variable is set to the number of references
found.</SPAN> </P></body>
</html>

Binary file not shown.

View File

@ -20,7 +20,7 @@ uint disasmback(unsigned char* data, uint base, uint size, uint ip, int n)
#ifdef _WIN64
disasm.Archi = 64;
#endif
disasm.Options = NoformatNumeral;
disasm.Options = NoformatNumeral | ShowSegmentRegs;
// Check if the pointer is not null
if(data == NULL)
@ -84,7 +84,7 @@ uint disasmnext(unsigned char* data, uint base, uint size, uint ip, int n)
#ifdef _WIN64
disasm.Archi = 64;
#endif
disasm.Options = NoformatNumeral;
disasm.Options = NoformatNumeral | ShowSegmentRegs;
if(data == NULL)
return 0;
@ -118,7 +118,7 @@ const char* disasmtext(uint addr)
unsigned char buffer[16] = "";
DbgMemRead(addr, buffer, 16);
DISASM disasm;
disasm.Options = NoformatNumeral;
disasm.Options = NoformatNumeral | ShowSegmentRegs;
#ifdef _WIN64
disasm.Archi = 64;
#endif // _WIN64
@ -226,7 +226,7 @@ void disasmget(unsigned char* buffer, uint addr, DISASM_INSTR* instr)
memset(instr, 0, sizeof(DISASM_INSTR));
DISASM disasm;
memset(&disasm, 0, sizeof(DISASM));
disasm.Options = NoformatNumeral;
disasm.Options = NoformatNumeral | ShowSegmentRegs;
#ifdef _WIN64
disasm.Archi = 64;
#endif // _WIN64
@ -427,7 +427,7 @@ int disasmgetsize(uint addr, unsigned char* data)
{
DISASM disasm;
memset(&disasm, 0, sizeof(DISASM));
disasm.Options = NoformatNumeral;
disasm.Options = NoformatNumeral | ShowSegmentRegs;
#ifdef _WIN64
disasm.Archi = 64;
#endif // _WIN64

View File

@ -1382,4 +1382,67 @@ CMDRESULT cbInstrSleep(int argc, char* argv[])
ms = 100;
Sleep((DWORD)ms);
return STATUS_CONTINUE;
}
}
//reffindasm value[,page]
static bool cbFindAsm(DISASM* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
{
if(!refinfo) //initialize
{
GuiReferenceDeleteAllColumns();
GuiReferenceAddColumn(2 * sizeof(uint), "Address");
GuiReferenceAddColumn(0, "Disassembly");
GuiReferenceReloadData();
return true;
}
const char* instruction = (const char*)refinfo->userinfo;
bool found = !_stricmp(instruction, basicinfo->instruction);
if(found)
{
char addrText[20] = "";
sprintf(addrText, "%p", disasm->VirtualAddr);
GuiReferenceSetRowCount(refinfo->refcount + 1);
GuiReferenceSetCellContent(refinfo->refcount, 0, addrText);
char disassembly[GUI_MAX_DISASSEMBLY_SIZE] = "";
if(GuiGetDisassembly((duint)disasm->VirtualAddr, disassembly))
GuiReferenceSetCellContent(refinfo->refcount, 1, disassembly);
else
GuiReferenceSetCellContent(refinfo->refcount, 1, disasm->CompleteInstr);
}
return found;
}
CMDRESULT cbInstrFindAsm(int argc, char* argv[])
{
if(argc < 2)
{
dputs("not enough arguments!");
return STATUS_ERROR;
}
uint addr = 0;
if(argc < 3 or !valfromstring(argv[2], &addr))
addr = GetContextDataEx(hActiveThread, UE_CIP);
uint size = 0;
if(argc >= 4)
if(!valfromstring(argv[3], &size))
size = 0;
unsigned char dest[16];
int asmsize = 0;
char error[256] = "";
if(!assemble(addr + size / 2, dest, &asmsize, argv[1], error))
{
dprintf("failed to assemble \"%s\" (%s)!\n", argv[1], error);
return STATUS_ERROR;
}
BASIC_INSTRUCTION_INFO basicinfo;
memset(&basicinfo, 0, sizeof(BASIC_INSTRUCTION_INFO));
disasmfast(dest, addr + size / 2, &basicinfo);
uint ticks = GetTickCount();
int found = reffind(addr, size, cbFindAsm, (void*)&basicinfo.instruction[0], false);
dprintf("%u result(s) in %ums\n", found, GetTickCount() - ticks);
varset("$result", found, false);
return STATUS_CONTINUE;
}

View File

@ -60,5 +60,6 @@ CMDRESULT cbInstrBookmarkList(int argc, char* argv[]);
CMDRESULT cbInstrFunctionList(int argc, char* argv[]);
CMDRESULT cbInstrLoopList(int argc, char* argv[]);
CMDRESULT cbInstrSleep(int argc, char* argv[]);
CMDRESULT cbInstrFindAsm(int argc, char* argv[]);
#endif // _INSTRUCTIONS_H

View File

@ -26,7 +26,7 @@ bool stackcommentget(uint addr, STACK_COMMENT* comment)
uint previousInstr = readStart + prev;
DISASM disasm;
disasm.Options = NoformatNumeral;
disasm.Options = NoformatNumeral | ShowSegmentRegs;
#ifdef _WIN64
disasm.Archi = 64;
#endif // _WIN64

View File

@ -197,6 +197,7 @@ static void registercommands()
dbgcmdnew("find", cbInstrFind, true); //find a pattern
dbgcmdnew("findall", cbInstrFindAll, true); //find all patterns
dbgcmdnew("modcallfind", cbInstrModCallFind, true); //find intermodular calls
dbgcmdnew("findasm\1asmfind", cbInstrFindAsm, true); //find instruction
//undocumented
dbgcmdnew("bench", cbDebugBenchmark, true); //benchmark test (readmem etc)