PROJECT: documentation

2024-11-27 14:50:24 +00:00 · 2015-04-27 01:00:42 +02:00 · 2015-04-27 01:00:42 +02:00 · d655fb94d7
commit d655fb94d7
parent edec2c8c3b
11 changed files with 197 additions and 30 deletions
--- a/help/_plugin_menuentryseticon.htm
+++ b/help/_plugin_menuentryseticon.htm
@ -0,0 +1,30 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>_plugin_menuentryseticon</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>_plugin_menuseticon</STRONG><BR>This 
+function sets an icon to a menu.<BR>
+<P><STRONG>void _plugin_menuseticon (<BR>int</STRONG> 
+pluginHandle, //plugin handle<BR><STRONG>int</STRONG> 
+hEntry, //handle of the menu entry<BR><STRONG>const ICONDATA*</STRONG> icon //icon data<BR><STRONG>);</STRONG> </P>
+<P><STRONG>Parameters</STRONG></P>
+<P><U>pluginHandle</U>: Handle of the calling plugin.</P>
+<P><U>hEntry</U>: Menu handle from a 
+previously-added child menu or from the main plugin menu.</P>
+<P><U>icon</U>: Icon data. See 
+bridgemain.h for a definition.</P>
+<P><STRONG>Return Values</STRONG> <BR>This function does not return a value.</P></body>
+</html>
--- a/help/_plugin_menuseticon.htm
+++ b/help/_plugin_menuseticon.htm
@ -0,0 +1,29 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>_plugin_menuseticon</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>_plugin_menuseticon</STRONG><BR>This function 
+sets an icon to a menu.<BR>
+<P><STRONG>void _plugin_menuseticon 
+(<BR>int</STRONG> hMenu, //handle of the menu<BR><STRONG>const ICONDATA*</STRONG>  
+    icon //icon data<BR><STRONG>);</STRONG>   
+  </P>
+<P><STRONG>Parameters</STRONG></P>
+<P><U>hMenu</U>: Menu handle from a 
+previously-added child menu or from the main plugin menu.</P>
+<P><U>icon</U>: Icon data. See bridgemain.h for a definition.</P>
+<P><STRONG>Return Values</STRONG> <BR>This function does not return a value.</P></body>
+</html>
--- a/help/analyse_analyze_anal.htm
+++ b/help/analyse_analyze_anal.htm
@ -0,0 +1,23 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>analyse/analyze/anal</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>analyse[,analyze,anal]</STRONG><BR>Do function 
+analysis.</P>
+<P><U>arguments</U><BR>This command has no arguments.</P>
+<P><U>result</U><BR>This command does not set any result 
+variables.</P></body>
+</html>
--- a/help/log.htm
+++ b/help/log.htm
@ -0,0 +1,31 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>log</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>log</STRONG><BR>Put information in the log.</P>
+<P><U>arguments</U><BR>[arg1]: Format string (see down for 
+more information). When not specified, a newline will be logged.</P>
+<P>[argN]: Data for the format string.</P>
+<P><U>format string</U><BR>A format string like "Info 1: 
+{0}, Info 2: {1}\n Info 3:{2}". In place of {n} the n-th argument after the 
+format string is inserted. You can specify how to format the inserted data by 
+prepending a format type: "{s0}" logs a string. Other types are: "d" (log as 
+signed decimal), "u" (log as unsigned decimal), "p" (log as 0x????????), "s" 
+(log the string at the address specified).<BR>You can print a "{" by escaping it 
+like "{{". Same for "{". "\n" inserts a newline.</P>
+<P><U>result</U><BR>This command does not set any result 
+variables.</P></body>
+</html>
--- a/help/modcallfind.htm
+++ b/help/modcallfind.htm
@ -13,6 +13,7 @@ html,body {
 </style>

 </head>
+


 <body>
@ -23,9 +24,6 @@ inter-modular calls in. When not specified CIP will be used.</P>
 <P class=rvps3>[arg2]: The size of the data to search 
 in.</P>
 <P class=rvps3>
-<U>
-result 
-<BR>
-</U>The $result variable is set to the number of 
+<U>result</U><BR>The $result variable is set to the number of 
 inter-modular calls found.</P></body>
 </html>
--- a/help/plugin_menuclear.htm
+++ b/help/plugin_menuclear.htm
@ -12,27 +12,28 @@ html,body {
 }
 </style>

-</head>
+</head>

-<body>
-<P><STRONG>_plugin_menuclear<BR></STRONG>This function removes all entries and child menus 
-from a menu. It will <STRONG>not </STRONG>remove the menu itself.</P>
-<P>
-<STRONG>
-bool&nbsp;
-</STRONG>
-<STRONG>
-_plugin_menuclear

-</STRONG>
-<STRONG>(
-<BR > int</STRONG>hMenu
-<STRONG ></STRONG>//menu handle&nbsp;of the menu to clear&nbsp;
-
-<BR>
-<STRONG>);</STRONG></P>
-<P><STRONG>Parameters</STRONG></P>
-<P><U>hMenu</U>: Menu handle from a 
-previously-added child menu or from the main plugin menu.</P>
+<body>
+<P><STRONG>_plugin_menuclear<BR></STRONG>This function removes all entries and child menus 
+from a menu. It will <STRONG>not </STRONG>remove the menu itself.</P>
+<P>
+<STRONG>
+bool&nbsp;
+</STRONG>
+<STRONG>
+_plugin_menuclear
+
+</STRONG>
+<STRONG>(
+<BR >int</STRONG> hMenu
+<STRONG ></STRONG>//menu handle&nbsp;of the menu to clear&nbsp;
+
+<BR>
+<STRONG>);</STRONG></P>
+<P><STRONG>Parameters</STRONG></P>
+<P><U>hMenu</U>: Menu handle from a 
+previously-added child menu or from the main plugin menu.</P>
 <P><STRONG>Return Values</STRONG> <BR>Returns true on success.</P></body>
 </html>
--- a/help/x64_dbg.wcp
+++ b/help/x64_dbg.wcp
--- a/help/yara.htm
+++ b/help/yara.htm
@ -0,0 +1,27 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>yara</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>yara<BR></STRONG>Apply Yara rules to a memory range.</P>
+<P><U>arguments</U><BR>&nbsp; arg1: Rules file to apply. 
+This should be a full path.</P>
+<P>[arg2]: Start address of the range to apply the rules to. If not specified, 
+the disassembly selection will be used.</P>
+<P>  [arg3]: Size of the range to apply the rules  to. When not specified, 
+the whole page will be used.</P>
+<P><U>result<BR></U>This command does not set any result 
+variables.</P></body>
+</html>
--- a/help/yaramod.htm
+++ b/help/yaramod.htm
@ -0,0 +1,25 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>yaramod</title>
+<meta name="GENERATOR" content="WinCHM">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+html,body { 
+	/* Default Font */
+	font-family: Courier New;
+	font-size: 11pt;
+}
+</style>
+
+</head>
+
+<body>
+<P><STRONG>yaramod<BR></STRONG>Apply Yara rules to a module.</P>
+<P><U>arguments</U><BR>&nbsp; arg1: Rules file to apply. This should be a full 
+path.</P>
+<P>&nbsp; arg2: Name of the module to apply the rules 
+to.</P>
+<P><U>result<BR></U>This command does not set any result 
+variables.</P></body>
+</html>
--- a/x64_dbg_dbg/instruction.cpp
+++ b/x64_dbg_dbg/instruction.cpp
@ -1677,7 +1677,11 @@ CMDRESULT cbInstrYara(int argc, char* argv[])
    }
    uint addr = 0;
    if(argc < 3 || !valfromstring(argv[2], &addr))
-        addr = GetContextDataEx(hActiveThread, UE_CIP);
+    {
+        SELECTIONDATA sel;
+        GuiSelectionGet(GUI_DISASSEMBLY, &sel);
+        addr = sel.start;
+    }
    uint size = 0;
    if(argc >= 4)
        if(!valfromstring(argv[3], &size))
@ -1685,7 +1689,6 @@ CMDRESULT cbInstrYara(int argc, char* argv[])
    if(!size)
        addr = MemFindBaseAddr(addr, &size);
    uint base = addr;
-    dprintf("%p[%p]\n", base, size);
    Memory<uint8_t*> data(size);
    if(!MemRead((void*)base, data(), size, 0))
    {
--- a/x64_dbg_dbg/x64_dbg.cpp
+++ b/x64_dbg_dbg/x64_dbg.cpp
@ -180,6 +180,7 @@ static void registercommands()
    dbgcmdnew("scriptload", cbScriptLoad, false);
    dbgcmdnew("msg", cbScriptMsg, false);
    dbgcmdnew("msgyn", cbScriptMsgyn, false);
+    dbgcmdnew("log", cbInstrLog, false); //log command with superawesome hax

    //data
    dbgcmdnew("reffind\1findref\1ref", cbInstrRefFind, true); //find references to a value
@ -189,6 +190,9 @@ static void registercommands()
    dbgcmdnew("modcallfind", cbInstrModCallFind, true); //find intermodular calls
    dbgcmdnew("findasm\1asmfind", cbInstrFindAsm, true); //find instruction
    dbgcmdnew("reffindrange\1findrefrange\1refrange", cbInstrRefFindRange, true);
+    dbgcmdnew("yara", cbInstrYara, true); //yara test command
+    dbgcmdnew("yaramod", cbInstrYaramod, true); //yara rule on module
+    dbgcmdnew("analyse\1analyze\1anal", cbInstrAnalyse, true); //secret analysis command

    //undocumented
    dbgcmdnew("bench", cbDebugBenchmark, true); //benchmark test (readmem etc)
@ -198,10 +202,6 @@ static void registercommands()
    dbgcmdnew("copystr\1strcpy", cbInstrCopystr, true); //write a string variable to memory
    dbgcmdnew("looplist", cbInstrLoopList, true); //list loops
    dbgcmdnew("capstone", cbInstrCapstone, true); //disassemble using capstone
-    dbgcmdnew("yara", cbInstrYara, true); //yara test command
-    dbgcmdnew("yaramod", cbInstrYaramod, true); //yara rule on module
-    dbgcmdnew("log", cbInstrLog, false); //log command with superawesome hax
-    dbgcmdnew("analyse\1analyze\1anal", cbInstrAnalyse, true); //secret analysis command
 }

 static bool cbCommandProvider(char* cmd, int maxlen)