DBG: implemented findasm instruction

help/findasm_asmfind.htm

@@ -0,0 +1,29 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>findasm/asmfind</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>findasm[,asmfind]<BR></STRONG>Find assembled 
+instruction.</P>
+<P class=rvps3><SPAN class=rvts11><U>arguments</U> <BR></SPAN><SPAN class=rvts9>&nbsp; arg1: Instruction to look for (make sure to use "mov 
+eax, ebx" to ensure you actually search for that instruction). </SPAN></P>
+<P class=rvps3><SPAN class=rvts9>[arg2]: 
+Address&nbsp;of/inside a memory page to look in. When not specified CIP will be 
+used.&nbsp; </SPAN></P>
+<P class=rvps3><SPAN class=rvts9>[arg3]: The 
+size of the data to search in. </SPAN></P>
+<P class=rvps3><SPAN class=rvts11><U>result <BR></U></SPAN><SPAN class=rvts9>The $result variable is set to the number of references 
+found.</SPAN> </P></body>
+</html>

x64_dbg_dbg/disasm_helper.cpp

@@ -20,7 +20,7 @@ uint disasmback(unsigned char* data, uint base, uint size, uint ip, int n)
 #ifdef _WIN64
     disasm.Archi = 64;
 #endif
-    disasm.Options = NoformatNumeral;
+    disasm.Options = NoformatNumeral | ShowSegmentRegs;
 
     // Check if the pointer is not null
     if(data == NULL)
@@ -84,7 +84,7 @@ uint disasmnext(unsigned char* data, uint base, uint size, uint ip, int n)
 #ifdef _WIN64
     disasm.Archi = 64;
 #endif
-    disasm.Options = NoformatNumeral;
+    disasm.Options = NoformatNumeral | ShowSegmentRegs;
 
     if(data == NULL)
         return 0;
@@ -118,7 +118,7 @@ const char* disasmtext(uint addr)
     unsigned char buffer[16] = "";
     DbgMemRead(addr, buffer, 16);
     DISASM disasm;
-    disasm.Options = NoformatNumeral;
+    disasm.Options = NoformatNumeral | ShowSegmentRegs;
 #ifdef _WIN64
     disasm.Archi = 64;
 #endif // _WIN64
@@ -226,7 +226,7 @@ void disasmget(unsigned char* buffer, uint addr, DISASM_INSTR* instr)
     memset(instr, 0, sizeof(DISASM_INSTR));
     DISASM disasm;
     memset(&disasm, 0, sizeof(DISASM));
-    disasm.Options = NoformatNumeral;
+    disasm.Options = NoformatNumeral | ShowSegmentRegs;
 #ifdef _WIN64
     disasm.Archi = 64;
 #endif // _WIN64
@@ -427,7 +427,7 @@ int disasmgetsize(uint addr, unsigned char* data)
 {
     DISASM disasm;
     memset(&disasm, 0, sizeof(DISASM));
-    disasm.Options = NoformatNumeral;
+    disasm.Options = NoformatNumeral | ShowSegmentRegs;
 #ifdef _WIN64
     disasm.Archi = 64;
 #endif // _WIN64

x64_dbg_dbg/instruction.cpp

@@ -1383,3 +1383,66 @@ CMDRESULT cbInstrSleep(int argc, char* argv[])
     Sleep((DWORD)ms);
     return STATUS_CONTINUE;
 }
+
+//reffindasm value[,page]
+static bool cbFindAsm(DISASM* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
+{
+    if(!refinfo) //initialize
+    {
+        GuiReferenceDeleteAllColumns();
+        GuiReferenceAddColumn(2 * sizeof(uint), "Address");
+        GuiReferenceAddColumn(0, "Disassembly");
+        GuiReferenceReloadData();
+        return true;
+    }
+    const char* instruction = (const char*)refinfo->userinfo;
+    bool found = !_stricmp(instruction, basicinfo->instruction);
+    if(found)
+    {
+        char addrText[20] = "";
+        sprintf(addrText, "%p", disasm->VirtualAddr);
+        GuiReferenceSetRowCount(refinfo->refcount + 1);
+        GuiReferenceSetCellContent(refinfo->refcount, 0, addrText);
+        char disassembly[GUI_MAX_DISASSEMBLY_SIZE] = "";
+        if(GuiGetDisassembly((duint)disasm->VirtualAddr, disassembly))
+            GuiReferenceSetCellContent(refinfo->refcount, 1, disassembly);
+        else
+            GuiReferenceSetCellContent(refinfo->refcount, 1, disasm->CompleteInstr);
+    }
+    return found;
+}
+
+CMDRESULT cbInstrFindAsm(int argc, char* argv[])
+{
+    if(argc < 2)
+    {
+        dputs("not enough arguments!");
+        return STATUS_ERROR;
+    }
+
+    uint addr = 0;
+    if(argc < 3 or !valfromstring(argv[2], &addr))
+        addr = GetContextDataEx(hActiveThread, UE_CIP);
+    uint size = 0;
+    if(argc >= 4)
+        if(!valfromstring(argv[3], &size))
+            size = 0;
+
+    unsigned char dest[16];
+    int asmsize = 0;
+    char error[256] = "";
+    if(!assemble(addr + size / 2, dest, &asmsize, argv[1], error))
+    {
+        dprintf("failed to assemble \"%s\" (%s)!\n", argv[1], error);
+        return STATUS_ERROR;
+    }
+    BASIC_INSTRUCTION_INFO basicinfo;
+    memset(&basicinfo, 0, sizeof(BASIC_INSTRUCTION_INFO));
+    disasmfast(dest, addr + size / 2, &basicinfo);
+
+    uint ticks = GetTickCount();
+    int found = reffind(addr, size, cbFindAsm, (void*)&basicinfo.instruction[0], false);
+    dprintf("%u result(s) in %ums\n", found, GetTickCount() - ticks);
+    varset("$result", found, false);
+    return STATUS_CONTINUE;
+}

x64_dbg_dbg/instruction.h

@@ -60,5 +60,6 @@ CMDRESULT cbInstrBookmarkList(int argc, char* argv[]);
 CMDRESULT cbInstrFunctionList(int argc, char* argv[]);
 CMDRESULT cbInstrLoopList(int argc, char* argv[]);
 CMDRESULT cbInstrSleep(int argc, char* argv[]);
+CMDRESULT cbInstrFindAsm(int argc, char* argv[]);
 
 #endif // _INSTRUCTIONS_H

x64_dbg_dbg/stackinfo.cpp

@@ -26,7 +26,7 @@ bool stackcommentget(uint addr, STACK_COMMENT* comment)
     uint previousInstr = readStart + prev;
 
     DISASM disasm;
-    disasm.Options = NoformatNumeral;
+    disasm.Options = NoformatNumeral | ShowSegmentRegs;
 #ifdef _WIN64
     disasm.Archi = 64;
 #endif // _WIN64

x64_dbg_dbg/x64_dbg.cpp

@@ -197,6 +197,7 @@ static void registercommands()
     dbgcmdnew("find", cbInstrFind, true); //find a pattern
     dbgcmdnew("findall", cbInstrFindAll, true); //find all patterns
     dbgcmdnew("modcallfind", cbInstrModCallFind, true); //find intermodular calls
+    dbgcmdnew("findasm\1asmfind", cbInstrFindAsm, true); //find instruction
 
     //undocumented
     dbgcmdnew("bench", cbDebugBenchmark, true); //benchmark test (readmem etc)