cmd_option.asm

Cracker终结者——提供最优秀的软件保护技术

%include "util.mac"
%include "icedump.inc"
%include "wiat.inc"
%include "options.inc"


global Parse_Option
global ON_TOGGLE_EXPERT_MODE.Emode
global OD_TOGGLE_EXPERT_MODE.Emode
global EmodeSub.IncDumpNum
global OT.OLastbutone
global OT.OBranch
global OT.OAll
global OT.OTracethread
global OT.OTraceprocess
global OT.OBreaknew
global OT.OBreakr0


extern sdata
extern Parser.return
extern Parser.error
extern Parse_ScreenDump.EmodeFileName
extern Parse_ScreenDump.EmodeExtPtr
extern Parse_ScreenDump.modeMsg
extern Parse_Dump.EmodeFileName
extern Parse_Dump.EmodeExtPtr
extern Bhrama_Struc
extern rOptions


bits 32


;-------------------------------------------------------------------------------
; OPTION (Execute command for help)
;-------------------------------------------------------------------------------
segment _LTEXT
Parse_Option:				; OPTION parser for sub-sub commands
	call	[pSkipWhiteSpace]	; skip to subcommand
	jz	Option_HELP

	lodsb				; get subcommand
	and	al,0x5F			; upcase

	cmp	al,'P'
	jz	near O_PEDUMP

	cmp	al,'B'
	jz	near O_BHRAMA

	cmp	al,'N'
	jz	near O_SCREENDUMP

	cmp	al,'D'
	jz	near O_MEMDUMP

	cmp	al,'T'
	jz	near O_TRACE

Option_HELP:
	mov	ebp,[pPrintToCommandWindow]
	mov	esi, .TableHelp

.LoopDisplay:
	lodsd
	test	eax, eax
	jz	near Parser.return

	push	esi
	mov	esi, eax
	call 	ebp
	pop	esi
	jmp	.LoopDisplay


segment _LDATA
.TableHelp:	dd	.helpON
	dd	.helpONf
	dd	.helpONd
	dd	.helpONv

	dd	.helpOD
	dd	.helpODf
	dd	.helpODd
	dd	.helpODv

	dd	.helpOB
	dd	.helpOBR
	dd	.helpOBS
	dd	.helpOBH
	dd	.helpOBI

	dd	.helpOP
	dd	.helpOPV
	dd	.helpOPP
	dd	.helpOPO
	dd	.helpOPB
	dd	.helpOPR
	dd	.helpOPI
	dd	.helpOPC
	dd	.helpOPK

	dd	.helpOT
	dd	.helpOTL
	dd	.helpOTB
	dd	.helpOTA
	dd	.helpOTT
	dd	.helpOTP
	dd	.helpOTN
	dd	.helpOTR
	dd	0

.helpON:	db 'OPTION N              - toggle screendump expert mode on/off',0
.helpONf:	db 'OPTION N F <filename> - alter base filename',0
.helpONd:	db 'OPTION N D <number>   - alter current dump number',0
.helpONv:	db 'OPTION N V            - show current screendump options',0

.helpOD:	db 'OPTION D              - toggle memdump expert mode on/off',0
.helpODf:	db 'OPTION D F <filename> - alter base filename',0
.helpODd:	db 'OPTION D D <number>   - alter current dump number',0
.helpODv:	db 'OPTION D V            - show current memdump options',0
;.helpODl:	db 'OPTION D L <number>   - alter default dump length',0

.helpOB:	db 'OPTION B              - Print current state of BHRAMA options',0
.helpOBR:	db 'OPTION B rR           - Recompute PE Object size off/on',0
.helpOBS:	db 'OPTION B sS           - PE structure Reorganize off/on',0
.helpOBH:	db 'OPTION B hH           - Restore PE header off/on',0
.helpOBI:	db 'OPTION B 0..3         - Import mode [0..3]',0

.helpOP:	db 'OPTION P              - Print current state of PEDUMP options',0
.helpOPV:	db 'OPTION P vV           - Update PE Virtual Object size off/on',0
.helpOPP:	db 'OPTION P pP           - Update PE Physical Object size off/on',0
.helpOPO:	db 'OPTION P rR           - PE structure optimisation off/on',0
.helpOPB:	db 'OPTION P bB           - Rebuild PE header off/on',0
.helpOPI:	db 'OPTION P I0..3        - Import mode [0..3]',0
.helpOPR:	db 'OPTION P H0..7        - Reload PE header from disk [0..4]',0
.helpOPC:	db 'OPTION P cC           - Import caving attempt off/on',0
.helpOPK	db 'OPTION P kK		  - Compute ImageSize off/on',0

.helpOT:	db 'OPTION T              - Print current state of TRACE options',0
.helpOTL:	db 'OPTION T lL           - Print last but one address before break off/on',0
.helpOTB:	db 'OPTION T bB           - Print branch addresses off/on',0
.helpOTA:	db 'OPTION T aA           - Print all traced addresses off/on',0
.helpOTT:	db 'OPTION T pP           - Trace new threads in the same process off/on',0
.helpOTP:	db 'OPTION T cC           - Trace threads in child processes off/on',0
.helpOTN:	db 'OPTION T nN           - Break on new threads off/on',0
.helpOTR:	db 'OPTION T rR           - Break before thread enters ring-0 off/on',0


segment _LTEXT
O_TRACE:
	call	[pSkipWhiteSpace]	; skip to real params
	jz	.status

.next:
	lodsb
	cmp	al,0
	jnz	.l

.status:
	mov	esi,OT.msgLOGLASTBUTONE
	call	[pPrintToCommandWindow]

	mov	esi,OT.msgLOGBRANCH
	call	[pPrintToCommandWindow]

	mov	esi,OT.msgLOGALL
	call	[pPrintToCommandWindow]

	mov	esi,OT.msgTRACETHREAD
	call	[pPrintToCommandWindow]

	mov	esi,OT.msgTRACEPROCESS
	call	[pPrintToCommandWindow]

	mov	esi,OT.msgBREAKNEW
	call	[pPrintToCommandWindow]

	mov	esi,OT.msgBREAKR0
	call	[pPrintToCommandWindow]

	jmp	Parser.return

.l:
	cmp	al,'l'
	jnz	.L

	mov	byte [OT.OLastbutone],'D'
	jmp	short .next

.L:
	cmp	al,'L'
	jnz	.b

	mov	byte [OT.OLastbutone],'E'
	jmp	short .next

.b:
	cmp	al,'b'
	jnz	.B

	mov	byte [OT.OBranch],'D'
	jmp	short .next

.B:
	cmp	al,'B'
	jnz	.a

	mov	byte [OT.OBranch],'E'
	jmp	.next

.a:
	cmp	al,'a'
	jnz	.A

	mov	byte [OT.OAll],'D'
	jmp	.next

.A:
	cmp	al,'A'
	jnz	.p

	mov	byte [OT.OAll],'E'
	jmp	.next

.p:
	cmp	al,'p'
	jnz	.P

	mov	byte [OT.OTracethread],'D'
	jmp	.next

.P:
	cmp	al,'P'
	jnz	.c

	mov	byte [OT.OTracethread],'E'
	jmp	.next

.c:
	cmp	al,'c'
	jnz	.C

	mov	byte [OT.OTraceprocess],'D'
	jmp	.next

.C:
	cmp	al,'C'
	jnz	.n

	mov	byte [OT.OTraceprocess],'E'
	jmp	.next

.n:
	cmp	al,'n'
	jnz	.N

	mov	byte [OT.OBreaknew],'D'
	jmp	.next

.N:
	cmp	al,'N'
	jnz	.r

	mov	byte [OT.OBreaknew],'E'
	jmp	.next

.r:
	cmp	al,'r'
	jnz	.R

	mov	byte [OT.OBreakr0],'D'
	jmp	.next

.R:
	cmp	al,'R'
	jnz	near .next

	mov	byte [OT.OBreakr0],'E'
	jmp	.next


segment _LDATA
OT:
.msgLOGLASTBUTONE:	db 'Print last but one address (Enabled/Disabled): '
.OLastbutone:		db 'E',0
.msgLOGBRANCH:		db 'Print branch addresses (Enabled/Disabled): '
.OBranch:		db 'D',0
.msgLOGALL:		db 'Print all traced addresses (Enabled/Disabled): '
.OAll:			db 'D',0
.msgTRACETHREAD:	db 'Trace new threads in the process (Enabled/Disabled): '
.OTracethread:		db 'E',0
.msgTRACEPROCESS:	db 'Trace threads in child processes (Enabled/Disabled): '
.OTraceprocess:		db 'E',0
.msgBREAKNEW:		db 'Break on new threads (Enabled/Disabled): '
.OBreaknew:		db 'D',0
.msgBREAKR0:		db 'Break before thread enters ring-0 (Enabled/Disabled): '
.OBreakr0:		db 'E',0


segment _LTEXT
O_PEDUMP:
	call	[pSkipWhiteSpace]	; skip to real params
	jz	.status

.next:
	lodsb
	cmp	al,0
	jnz	.v

.status:
	mov	esi,OP.msgVSIZE
	call	[pPrintToCommandWindow]

	mov	esi,OP.msgPSIZE
	call	[pPrintToCommandWindow]

	mov	esi,OP.msgPESHRINK
	call	[pPrintToCommandWindow]

	mov	esi,OP.msgBUILD
	call	[pPrintToCommandWindow]

	mov	esi,OP.msgCAVE
	call	[pPrintToCommandWindow]

	mov	esi,OP.msgRELOAD
	call	[pPrintToCommandWindow]

	mov	esi,OP.msgCOMPUTE
	call	[pPrintToCommandWindow]

	mov	esi,OP.msgIMPORT
	call	[pPrintToCommandWindow]

	jmp	Parser.return

.v:
	cmp	al,'v'
	jnz	.V

	and	byte [rOptions+RebuildOptions.UpdateVSize], 0xFE
	mov	byte [OP.OVSizemode],'D'
	jmp	short .next

.V:
	cmp	al,'V'
	jnz	.p

	or	byte [rOptions+RebuildOptions.UpdateVSize], 1
	mov	byte [OP.OVSizemode],'E'
	jmp	.next

.p:
	cmp	al,'p'
	jnz	.P

	and	byte [rOptions+RebuildOptions.UpdatePSize], 0xFE
	mov	byte [OP.OPSizemode],'D'
	jmp	.next

.P:
	cmp	al,'P'
	jnz	.r

	or	byte [rOptions+RebuildOptions.UpdatePSize], 1
	mov	byte [OP.OPSizemode],'E'
	jmp	.next

.r:
	cmp	al,'r'
	jnz	.R

	and	byte [rOptions+RebuildOptions.ShrinkPE], 0xFE
	mov	byte [OP.OShrinkmode],'D'
	jmp	.next

.R:
	cmp	al,'R'
	jnz	.c

	or	byte [rOptions+RebuildOptions.ShrinkPE], 1
	mov	byte [OP.OShrinkmode],'E'
	jmp	.next

.c:
	cmp	al,'c'
	jnz	.C

	and	byte [rOptions+RebuildOptions.CaveImport], 0xFE
	mov	byte [OP.OCavemode],'D'
	jmp	.next

.C:
	cmp	al,'C'
	jnz	.b

	or	byte [rOptions+RebuildOptions.CaveImport], 1
	mov	byte [OP.OCavemode],'E'
	jmp	.next

.b:
	cmp	al,'b'
	jnz	.B

	and	byte [rOptions+RebuildOptions.BuildSection], 0xFE
	mov	byte [OP.OBuildmode],'D'
	jmp	.next

.B:
	cmp	al,'B'
	jnz	.k

	or	byte [rOptions+RebuildOptions.BuildSection], 1
	mov	byte [OP.OBuildmode],'E'
	jmp	.next
.k:
	cmp	al,'k'
	jnz	.K

	or	byte [rOptions+RebuildOptions.ComputeImage], 0
	mov	byte [OP.OCompute],'D'
	jmp	.next

.K:
	cmp	al,'K'
	jnz	.I