📄 vm.cpp
字号:
{
Animate(ANIMATE_TRIN);
nRetCode = Go(0, 0, STEP_IN, 0, 1);
OM_PROCESS_ERROR(0 == nRetCode);
ReturnToOD();
}
else
{
Animate(ANIMATE_TROVER);
nRetCode = Go(0, 0, STEP_OVER, 0, 1);
OM_PROCESS_ERROR(0 == nRetCode);
ReturnToOD();
}
}
nRetResult = 1;
Exit0:
return nRetResult;
}
inline int CVM::DoTraceInto()
{
return Tracing(0, NULL, 0);
}
inline int CVM::DoTraceOver()
{
return Tracing(0, NULL, 1);
}
int CVM::DoTraceIntoCond()
{
int nRetResult = 0;
int nRetCode;
long lCondOffset;
nRetCode = Pop(&lCondOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = CheckDataAddrValid(lCondOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Tracing(0, &m_Data[lCondOffset], 0);
OM_PROCESS_ERROR(nRetCode);
nRetResult = 1;
Exit0:
return nRetResult;
}
int CVM::DoTraceOverCond()
{
int nRetResult = 0;
int nRetCode;
long lCondOffset;
nRetCode = Pop(&lCondOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = CheckDataAddrValid(lCondOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Tracing(0, &m_Data[lCondOffset], 1);
OM_PROCESS_ERROR(nRetCode);
nRetResult = 1;
Exit0:
return nRetResult;
}
int CVM::DoAsm()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
long lDataOffset;
t_asmmodel model;
int nLen;
char szError[TEXTLEN] = { 0 };
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Pop(&lDataOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = CheckDataAddrValid(lDataOffset);
OM_PROCESS_ERROR(nRetCode);
nLen = Assemble(&m_Data[lDataOffset], lAddr, &model, 0, 0, szError);
if (nLen < 0)
{
ShowErrMsg(szError);
goto Exit0;
}
nRetCode = Writememory(model.code, lAddr, nLen, MM_DELANAL | MM_SILENT);
OM_PROCESS_ERROR(nRetCode);
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoAnalyse()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
t_module *tmod;
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
tmod = Findmodule(lAddr);
OM_PROCESS_ERROR(tmod);
nRetCode = Analysecode(tmod);
if (-1 == nRetCode) // fail!
goto Exit0;
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoComment()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
long lDataOffset;
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Pop(&lDataOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = CheckDataAddrValid(lDataOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Insertname(lAddr, NM_COMMENT, &m_Data[lDataOffset]);
if (-1 == nRetCode) // fail!
goto Exit0;
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoLogText()
{
int nRetResult = 0;
int nRetCode;
long lDataOffset;
nRetCode = Pop(&lDataOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = CheckDataAddrValid(lDataOffset);
OM_PROCESS_ERROR(nRetCode);
Addtolist(0, -1, &m_Data[lDataOffset]);
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoLogLong()
{
int nRetResult = 0;
int nRetCode;
long lValue;
char szLog[30];
nRetCode = Pop(&lValue);
OM_PROCESS_ERROR(nRetCode);
sprintf(szLog, "LOG VALUE: 0x%08lX", lValue);
Addtolist(0, -1, szLog);
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
inline void CVM::DoEOB()
{
m_lBreakpointLabel = *(long *)&m_Code[m_Cpu.eip + 1];
}
inline void CVM::DoEOBINT3()
{
m_lInt3BreakpointLabel = *(long *)&m_Code[m_Cpu.eip + 1];
}
inline void CVM::DoEOBHW()
{
m_lHWBreakpointLabel = *(long *)&m_Code[m_Cpu.eip + 1];
}
inline void CVM::DoEOBMEM()
{
m_lMemBreakpointLabel = *(long *)&m_Code[m_Cpu.eip + 1];
}
inline void CVM::DoEOE()
{
m_lExceptionLabel = *(long *)&m_Code[m_Cpu.eip + 1];
}
inline void CVM::DoCOB()
{
if (-1 != m_lOldEip)
{
m_Cpu.eip = m_lOldEip;
}
}
inline void CVM::DoCOE()
{
if (-1 != m_lOldEip)
{
m_Cpu.eip = m_lOldEip;
}
}
int CVM::DoGMI()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
long lTypeOffset;
char szType[100];
t_module *mod;
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Pop(&lTypeOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = CheckDataAddrValid(lTypeOffset);
OM_PROCESS_ERROR(nRetCode);
strcpy(szType, &m_Data[lTypeOffset]);
mod = Findmodule(lAddr);
OM_PROCESS_ERROR(mod);
if (0 == strcomp(szType, "MODULEBASE"))
SetRetVal(mod->base);
else if (0 == strcomp(szType, "MODULESIZE"))
SetRetVal(mod->size);
else if (0 == strcomp(szType, "CODEBASE"))
SetRetVal(mod->codebase);
else if (0 == strcomp(szType, "CODESIZE"))
SetRetVal(mod->origcodesize);
else if (0 == strcomp(szType, "ENTRYPOINT"))
SetRetVal(mod->entry);
else
SetRetVal(-1);
nRetResult = 1;
Exit0:
if (0 == nRetResult)
SetRetVal(-1);
return nRetResult;
}
int CVM::DoSetLbl()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
long lLblNameOffset;
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Pop(&lLblNameOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = CheckDataAddrValid(lLblNameOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Insertname(lAddr, NM_LABEL, &m_Data[lLblNameOffset]);
if (-1 == nRetCode)
goto Exit0;
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoBP()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Setbreakpointext(lAddr, TY_ACTIVE, 0, 0);
if (-1 == nRetCode) // fail!
goto Exit0;
//ReturnToOD();
RefreshOD();
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoBC()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Setbreakpointext(lAddr, TY_DISABLED, 0, 0);
if (-1 == nRetCode) // fail!
goto Exit0;
//ReturnToOD();
RefreshOD();
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoBPCND()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
long lConditionOffset;
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Pop(&lConditionOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = CheckDataAddrValid(lConditionOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Setbreakpointext(lAddr, TY_ACTIVE, 0, 0);
if (-1 == nRetCode) // fail!
goto Exit0;
nRetCode = Insertname(lAddr, NM_BREAK, &m_Data[lConditionOffset]);
if (-1 == nRetCode) // fail!
goto Exit0;
Deletenamerange(lAddr, lAddr + 1, NM_BREAKEXPL);
Deletenamerange(lAddr, lAddr + 1, NM_BREAKEXPR);
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoBPL()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
long lConditionOffset;
char szExpression[TEXTLEN];
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Pop(&lConditionOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = CheckDataAddrValid(lConditionOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Setbreakpointext(lAddr, TY_ACTIVE, 0, 0);
if (-1 == nRetCode) // fail!
goto Exit0;
szExpression[0] = COND_LOGALWAYS;
szExpression[1] = '\0';
strcat(szExpression, &m_Data[lConditionOffset]);
nRetCode = Insertname(lAddr, NM_BREAKEXPR, szExpression);
if (-1 == nRetCode) // fail!
goto Exit0;
nRetCode = Insertname(lAddr, NM_BREAKEXPL, &m_Data[lConditionOffset]);
if (-1 == nRetCode) // fail!
goto Exit0;
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoBPLCND()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
long lExplationOffset;
long lConditionOffset;
char szExpression[TEXTLEN];
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Pop(&lExplationOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = CheckDataAddrValid(lExplationOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Pop(&lConditionOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = CheckDataAddrValid(lConditionOffset);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Setbreakpointext(lAddr, TY_ACTIVE, 0, 0);
if (-1 == nRetCode) // fail!
goto Exit0;
nRetCode = Insertname(lAddr, NM_BREAK, &m_Data[lConditionOffset]);
if (-1 == nRetCode) // fail!
goto Exit0;
szExpression[0] = COND_NOBREAK | COND_LOGTRUE;
szExpression[1] = '\0';
strcat(szExpression, &m_Data[lExplationOffset]);
nRetCode = Insertname(lAddr, NM_BREAKEXPR, szExpression);
if (-1 == nRetCode) // fail!
goto Exit0;
nRetCode = Insertname(lAddr, NM_BREAKEXPL, &m_Data[lExplationOffset]);
if (-1 == nRetCode) // fail!
goto Exit0;
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoBPRM()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
long lSize;
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Pop(&lSize);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Setmembreakpoint(MEMBP_READ, lAddr, lSize);
if (-1 == nRetCode)
goto Exit0;
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoBPWM()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
long lSize;
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Pop(&lSize);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Setmembreakpoint(MEMBP_READ | MEMBP_WRITE, lAddr, lSize);
if (-1 == nRetCode)
goto Exit0;
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
inline int CVM::DoBPMC()
{
int nRetCode;
nRetCode = Setmembreakpoint(0, 0, 0);
if (0 == nRetCode) // success!
return 1;
else
return 0;
}
int CVM::DoBPHWS()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
long lMode;
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Pop(&lMode);
OM_PROCESS_ERROR(nRetCode);
if ((HB_CODE != lMode) && (HB_ACCESS != lMode) && (HB_WRITE != lMode))
goto Exit0;
nRetCode = Sethardwarebreakpoint(lAddr, 1, lMode);
if (-1 == nRetCode) // fail!
goto Exit0;
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::DoBPHWC()
{
int nRetResult = 0;
int nRetCode;
long lAddr;
nRetCode = Pop(&lAddr);
OM_PROCESS_ERROR(nRetCode);
nRetCode = Deletehardwarebreakbyaddr(lAddr);
if (0 == nRetCode) // fail!
goto Exit0;
nRetResult = 1;
Exit0:
SetRetVal(nRetResult);
return nRetResult;
}
int CVM::SetODHideStatus(
/* [in] */ unsigned char ucHide
)
{
int nRetResult = 0;
int nRetCode;
HANDLE hCurProcess;
HANDLE hCurThread;
CONTEXT context;
LDT_ENTRY sel;
DWORD tib;
DWORD peb;
context.ContextFlags = CONTEXT_FULL;
hCurThread = (HANDLE)Plugingetvalue(VAL_HMAINTHREAD);
nRetCode = GetThrea⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -