📄 plugin.h
字号:
#define JT_SWITCH 2 // Jump via switch table
typedef struct t_ahint { // User-supplied hint for analysis
ulong addr; // Hint address
ulong size; // Hint size
ulong type; // Hint type, bits from DEC_TYPEMASK
} t_ahint;
typedef struct t_stringtable { // Pointers to string resources
ulong name; // Name of block of strings
ulong language; // Language identifier
ulong addr; // Address of block in memory
ulong size; // Size of block in memory
} t_stringtable;
typedef struct t_fixup {
ulong base; // Address of fixup
ulong size; // Size of fixup (usually 2 or 4 bytes)
} t_fixup;
typedef struct t_symvar { // Symbolic variable from debug data
int next; // Index of next variable in chain or -1
ushort kind; // Kind of variable
union {
ulong type; // Type of variable
ulong regs; }; // Registers in optvar
union {
ulong addr; // Address or description of registers
long offset; }; // Offset for EBP-relative data
ulong size; // Size of variable or optvar data
int optvar; // Index of optvar chain or -1
ulong nameaddr; // NM_DEBUG address of var's name
} t_symvar;
typedef struct t_jdest { // Element of jump data
char type; // Type of jump, one of JT_xxx
ulong from; // Jump source
ulong to; // Jump destination
} t_jdest;
typedef struct t_module { // Executable module descriptor
ulong base; // Base address of module
ulong size; // Size occupied by module
ulong type; // Service information, TY_xxx
ulong codebase; // Base address of module code block
ulong codesize; // Size of module code block
ulong resbase; // Base address of resources
ulong ressize; // Size of resources
t_stringtable *stringtable; // Pointers to string resources or NULL
int nstringtable; // Actual number of used stringtable
int maxstringtable; // Actual number of allocated stringtable
ulong entry; // Address of <ModuleEntryPoint> or NULL
ulong database; // Base address of module data block
ulong idatatable; // Base address of import data table
ulong idatabase; // Base address of import data block
ulong edatatable; // Base address of export data table
ulong edatasize; // Size of export data table
ulong reloctable; // Base address of relocation table
ulong relocsize; // Size of relocation table
char name[SHORTLEN]; // Short name of the module
char path[MAX_PATH]; // Full name of the module
int nsect; // Number of sections in the module
IMAGE_SECTION_HEADER *sect; // Copy of section headers from file
ulong headersize; // Total size of headers in executable
ulong fixupbase; // Base of image in executable file
int nfixup; // Number of fixups in executable
t_fixup *fixup; // Extracted fixups or NULL
char *codedec; // Decoded code features or NULL
ulong codecrc; // Code CRC for actual decoding
char *hittrace; // Hit tracing data or NULL
char *hittracecopy; // Copy of INT3-substituted code
char *datadec; // Decoded data features or NULL
t_table namelist; // List of module names
t_symvar *symvar; // Descriptions of symbolic variables
int nsymvar; // Actual number of elements in symvar
int maxsymvar; // Maximal number of elements in symvar
char *globaltypes; // Global types from debug info
ulong mainentry; // Address of WinMain() etc. in dbg data
ulong realsfxentry; // Entry of packed code or NULL
int updatenamelist; // Request to update namelist
ulong origcodesize; // Original size of module code block
ulong sfxbase; // Base of memory block with SFX
ulong sfxsize; // Size of memory block with SFX
int issystemdll; // Whether system DLL
int processed; // 0: not processed, 1: good, -1: bad
int dbghelpsym; // 1: symbols loaded by dbghelp.dll
char version[NVERS]; // Version of executable file
t_jdest *jddata; // Recognized jumps within the module
int njddata; // Number of recognized jumps
ulong reserved[15]; // Reserved for plugin compatibility
} t_module;
extc t_module* cdecl Findmodule(ulong addr);
extc t_fixup* cdecl Findfixup(t_module *pmod,ulong addr);
extc uchar* cdecl Finddecode(ulong addr,ulong *psize);
extc ulong cdecl Findfileoffset(t_module *pmod,ulong addr);
extc int cdecl Decoderange(ulong addr,ulong size,char *s);
extc int cdecl Analysecode(t_module *pm);
////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////// DUMP /////////////////////////////////////
// Standard dump types.
#define DU_ESCAPABLE 0x20000L // Create escapable dump window
#define DU_BACKUP 0x10000L // Bit indicates that backup is displayed
#define DU_TYPE 0x0F000L // Mask for dump type
#define DU_COUNT 0x00FF0L // Mask for number of items/line
#define DU_SIZE 0x0000FL // Mask for size of single item
#define DU_UNDEF 0x00000L // Undefined dump type
#define DU_HEXTEXT 0x01000L // Hexadecimal dump with ASCII text
#define DU_TEXT 0x02000L // Character dump
#define DU_UNICODE 0x03000L // Unicode dump
#define DU_INT 0x04000L // Integer signed dump
#define DU_UINT 0x05000L // Integer unsigned dump
#define DU_IHEX 0x06000L // Integer hexadecimal dump
#define DU_FLOAT 0x07000L // Floating-point dump
#define DU_ADDR 0x08000L // Address dump
#define DU_DISASM 0x09000L // Disassembly
#define DU_HEXUNI 0x0A000L // Hexadecimal dump with UNICODE text
#define DU_ADRASC 0x0B000L // Address dump with ASCII text
#define DU_ADRUNI 0x0C000L // Address dump with UNICODE text
#define DU_SPEC 0x0D000L // Special decoding
// Standard menu types.
#define MT_BACKUP 0x0001 // Backup, Undo
#define MT_COPY 0x0002 // Copy to clipboard
#define MT_EDIT 0x0004 // Edit, Modify, Assemble
#define MT_SEARCH 0x0008 // Search, Next
#define MT_DHISTORY 0x0010 // Previous, Next in history
typedef ulong SPECFUNC(char *,ulong,ulong,ulong,t_disasm *,int);
typedef struct t_dump { // Current status of dump window
t_table table; // Treat dump window as custom table
int dimmed; // Draw in lowcolor if nonzero
ulong threadid; // Use decoding and registers if not 0
int dumptype; // Current dump type, DU_xxx+count+size
SPECFUNC *specdump; // Decoder of DU_SPEC dump types
int menutype; // Standard menues, MT_xxx
int itemwidth; // Length of displayed item, characters
int showstackframes; // Show stack frames in address dump
int showstacklocals; // Show names of locals in stack
int commentmode; // 0: comment, 1: source, 2: profile
char filename[MAX_PATH]; // Name of displayed or backup file
ulong base; // Start of memory block or file
ulong size; // Size of memory block or file
ulong addr; // Address of first displayed byte
ulong lastaddr; // Address of last displayed byte + 1
ulong sel0; // Address of first selected byte
ulong sel1; // Last selected byte (not included!)
ulong startsel; // Start of last selection
int captured; // Mouse is captured by dump
ulong reladdr; // Addresses relative to this
char relname[SHORTLEN]; // Symbol for relative zero address base
uchar *filecopy; // Copy of the file or NULL
uchar *backup; // Old backup of memory/file or NULL
int runtraceoffset; // Offset back in run trace
ulong reserved[8]; // Reserved for the future extentions
} t_dump;
////////////////////////////////////////////////////////////////////////////////
/////////////////////////////// WINDOW FUNCTIONS ///////////////////////////////
#define WM_USER_MENU (WM_USER+101) // Activate context-sensitive menu
#define WM_USER_SCR (WM_USER+102) // Redraw scroll(s)
#define WM_USER_SAVE (WM_USER+103) // Save data to disk
#define WM_USER_VABS (WM_USER+104) // Scroll contents of window by lines
#define WM_USER_VREL (WM_USER+105) // Scroll contents of window by percent
#define WM_USER_VBYTE (WM_USER+106) // Scroll contents of window by bytes
#define WM_USER_STS (WM_USER+107) // Start selection in window
#define WM_USER_CNTS (WM_USER+108) // Continue selection in window
#define WM_USER_CHGS (WM_USER+109) // Move single-line selection
#define WM_USER_BAR (WM_USER+110) // Message from bar segment as button
#define WM_USER_DBLCLK (WM_USER+111) // Doubleclick in column
#define WM_USER_SIZE (WM_USER+112) // Resize children in CPU window
#define WM_USER_FOCUS (WM_USER+113) // Set focus to child of CPU window
#define WM_USER_FILE (WM_USER+114) // Change state of file dump
#define WM_USER_HERE (WM_USER+115) // Query presence list
#define WM_USER_CHALL (WM_USER+116) // Redraw (almost) everything
#define WM_USER_CHMEM (WM_USER+117) // Range of debuggee's memory changed
#define WM_USER_CHREG (WM_USER+118) // Debuggee's register(s) changed
#define WM_USER_CHNAM (WM_USER+119) // Redraw name tables
#define WM_USER_MOUSE (WM_USER+120) // Check mouse coordinates
#define WM_USER_KEY (WM_USER+121) // Emulate WM_KEYDOWN
#define WM_USER_SYSKEY (WM_USER+122) // Emulate WM_SYSKEYDOWN
// Constants used for scrolling and selection.
#define MAXTRACK 16384 // Maximal scroll of user-drawn table
#define MOVETOP 0x7FFFFFFFL // Move selection to top of table
#define MOVEBOTTOM 0x7FFFFFFEL // Move selection to bottom of table
#define CONT_BROADCAST 0x0000 // Continue sending msg to other windows
#define STOP_BROADCAST 0x1234 // Stop sending message to other windows
// Dumpbackup() actions.
#define BKUP_CREATE 1 // Create or update backup copy
#define BKUP_VIEWDATA 2 // View original data
#define BKUP_VIEWCOPY 3 // View backup copy
#define BKUP_LOADCOPY 4 // Read backup copy from file
#define BKUP_SAVEDATA 5 // Save original data to file
#define BKUP_SAVECOPY 6 // Save backup copy to file
#define BKUP_DELETE 7 // Delete backup copy
extc int cdecl Registerotclass(char *classname,
char *iconname,WNDPROC classproc);
extc HWND cdecl Newtablewindow(t_table *pt,int nlines,int maxcolumns,
char *winclass,char *wintitle);
extc HWND cdecl Quicktablewindow(t_table *pt,int nlines,int maxcolumns,
char *winclass,char *wintitle);
extc HWND cdecl Createdumpwindow(char *name,ulong base,ulong size,
ulong addr,int type,SPECFUNC *specdump);
extc void cdecl Setdumptype(t_dump *pd,int dumptype);
extc void cdecl Dumpbackup(t_dump *pd,int action);
extc int cdecl Broadcast(UINT msg,WPARAM wp,LPARAM lp);
////////////////////////////////////////////////////////////////////////////////
////////////////////////// DATA CONVERSION FUNCTIONS ///////////////////////////
extc ulong cdecl Compress(uchar *bufin,ulong nbufin,
uchar *bufout,ulong nbufout);
extc ulong cdecl Getoriginaldatasize(char *bufin,ulong nbufin);
extc ulong cdecl Decompress(uchar *bufin,ulong nbufin,
uchar *bufout,ulong nbufout);
extc ulong cdecl Calculatecrc(uchar *copy,ulong base,ulong size,
t_module *pmod,ulong fixupoffset);
////////////////////////////////////////////////////////////////////////////////
//////////////////////////// REFERENCES AND SEARCH /////////////////////////////
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -