📄 dedeclassemulator.pas
字号:
sReference:=sREF_TEXT_POSSIBLE_TO+' '+GetRegVal(reg1);
break;
end;
end;
end;
end;
procedure movptr_Register(reg : TRegister; Offs : DWORD);
var i, j : Integer;
ptr : DWORD;
begin
if IsDATAOffset(Offs) then
begin
// mov register pointer to global var
ptr:=DeDeMainForm.ClassesDumper.BSS.GetData(Offs);
if IsBSSOffset(ptr) then
begin
SetRegVal(reg,'GlobalVar_'+DWORD2HEX(ptr));
AddGlobVar(DWORD2HEX(Offs),true);
SetRegVal(reg,0);
bReference:=True;
sReference:=sREF_TEXT_REF_TO+' pointer to '+GetRegVal(reg);
end;
end;
if IsBSSOffset(Offs) then
begin
// mov register pointer to class instance!!!
for i:=0 to ClsDmp.Classes.Count-1 do
for j:=0 to TClassDumper(ClsDmp.Classes[i]).FdwBSSOffset.Count-1 do
if DWORD(TClassDumper(ClsDmp.Classes[i]).FdwBSSOffset[j])=Offs
then begin
If TClassDumper(ClsDmp.Classes[i]).IsBSSDATAClass(j) then
begin
SetRegVal(reg,Copy(TClassDumper(ClsDmp.Classes[i]).FsClassName,2,Length(TClassDumper(ClsDmp.Classes[i]).FsClassName)-1));
SetRegVal(reg,DWORD(TClassDumper(ClsDmp.Classes[i]).FdwHeapPtr[j]));
end
else begin
SetRegVal(reg,'GlobalVar_'+DWORD2HEX(Offs));
AddGlobVar(DWORD2HEX(Offs));
SetRegVal(reg,0);
end;
bReference:=True;
sReference:=sREF_TEXT_POSSIBLE_TO+' '+GetRegVal(reg);
exit;
end;
SetRegVal(reg,'GlobalVar_'+DWORD2HEX(Offs));
AddGlobVar(DWORD2HEX(Offs));
SetRegVal(reg,0);
bReference:=True;
sReference:=sREF_TEXT_REF_TO+' '+GetRegVal(reg);
end;
end;
procedure movRegister_ptr(reg : TRegister; Offs : DWORD);
var prt : DWORD;
i,j : Integer;
s : String;
begin
if Offs=0 then SetRegVal(reg,0);
SetRegVal(reg,'');
if IsDATAOffset(Offs) then
begin
// mov register pointer to the class !!!
for i:=0 to ClsDmp.Classes.Count-1 do
for j:=0 to TClassDumper(ClsDmp.Classes[i]).FdwDATAPrt.Count-1 do
if DWORD(TClassDumper(ClsDmp.Classes[i]).FdwDATAPrt[j])=Offs
then begin
SetRegVal(reg,TClassDumper(ClsDmp.Classes[i]).FsClassName);
SetRegVal(reg,DWORD(TClassDumper(ClsDmp.Classes[i]).FdwBSSOffset[j]));
bReference:=True;
sReference:=sREF_TEXT_REF_TO+' '+GetRegVal(reg)+' instance';
exit;
end;
// mov register pointer to global var
prt:=DeDeMainForm.ClassesDumper.BSS.GetData(Offs);
While IsDATAOffset(prt) Do prt:=DeDeMainForm.ClassesDumper.BSS.GetData(prt);
if IsBSSOffset(prt) then
begin
SetRegVal(reg,'GlobalVar_'+DWORD2HEX(prt));
AddGlobVar(DWORD2HEX(Offs),true);
SetRegVal(reg,prt);
bReference:=True;
sReference:=sREF_TEXT_REF_TO+' pointer to '+GetRegVal(reg);
end;
end;
if IsBSSOffset(Offs) then
begin
// mov register pointer to class instance!!!
for i:=0 to ClsDmp.Classes.Count-1 do
for j:=0 to TClassDumper(ClsDmp.Classes[i]).FdwBSSOffset.Count-1 do
if DWORD(TClassDumper(ClsDmp.Classes[i]).FdwBSSOffset[j])=Offs
then begin
If TClassDumper(ClsDmp.Classes[i]).IsBSSDATAClass(j) then
begin
SetRegVal(reg,Copy(TClassDumper(ClsDmp.Classes[i]).FsClassName,2,Length(TClassDumper(ClsDmp.Classes[i]).FsClassName)-1));
SetRegVal(reg,DWORD(TClassDumper(ClsDmp.Classes[i]).FdwHeapPtr[j]));
end
else begin
SetRegVal(reg,'GlobalVar_'+DWORD2HEX(Offs));
AddGlobVar(DWORD2HEX(Offs));
SetRegVal(reg,0);
end;
bReference:=True;
sReference:=sREF_TEXT_REF_TO+' '+GetRegVal(reg);
break;
end;
end;
if IsCODEOffset(Offs) then
begin
// For Record types recognition
Inc(Offs,4);
// mov register pointer to the class !!!
for i:=0 to ClsDmp.Classes.Count-1 do
begin
// Check For Objects (Offset = Selfpointer To the Class)
if DWORD(TClassDumper(ClsDmp.Classes[i]).FdwSelfPrt)=Offs
then begin
SetRegVal(reg,TClassDumper(ClsDmp.Classes[i]).FsClassName);
SetRegVal(reg,0);
bReference:=True;
sReference:=sREF_TEXT_REF_TO+' object '+GetRegVal(reg);
break;
end;
// Normal Class
if (DWORD(TClassDumper(ClsDmp.Classes[i]).FdwVMTPtr)=Offs+DELTA_VMT-4)
// Class without selfpointer
or (DWORD(TClassDumper(ClsDmp.Classes[i]).FdwSelfPrt)=Offs+4)
then begin
SetRegVal(reg,TClassDumper(ClsDmp.Classes[i]).FsClassName);
SetRegVal(reg,0);
bReference:=True;
sReference:=sREF_TEXT_REF_TO+' class '+GetRegVal(reg);
break;
end;
end; {for}
if not bReference then
// Try to find the *next* class/object/type name
if (DeDeMainForm.ClassRefInCode(Offs,s))
then begin
SetRegVal(reg,s);
SetRegVal(reg,0);
bReference:=True;
sReference:=sREF_TEXT_REF_TO+' class '+GetRegVal(reg);
end;
end; {IsCODEOffset}
end;
procedure pushRegister(reg : TRegister);
begin
case reg of
rgEAX: dwESP.Add(Pointer(dwEAX));
rgEBX: dwESP.Add(Pointer(dwEBX));
rgECX: dwESP.Add(Pointer(dwECX));
rgEDX: dwESP.Add(Pointer(dwEDX));
rgESI: dwESP.Add(Pointer(dwESI));
rgEDI: dwESP.Add(Pointer(dwEDI));
rgEBP: dwESP.Add(Pointer(dwEBP));
rgESP: dwESP.Add(nil);
end;
end;
procedure popRegister(reg : TRegister);
procedure _Pop(var dw : DWORD);
begin
dw:=DWORD(dwESP[0]);
dwESP.Delete(0);
end;
begin
case reg of
rgEAX: _Pop(dwEAX);
rgEBX: _Pop(dwEBX);
rgECX: _Pop(dwECX);
rgEDX: _Pop(dwEDX);
rgESI: _Pop(dwESI);
rgEDI: _Pop(dwEDI);
rgEBP: _Pop(dwEBP);
rgESP: dwESP.Delete(0);
end;
end;
procedure movRegister_StackVar(reg : TRegister; val : DWORD);
var idx : Integer;
dw : DWORD;
begin
idx:=Loc_Names.IndexOf(DWORD2HEX(val));
if idx<>-1 then begin
dw:=DWORD(Loc_Vars[idx]);
movRegister_ptr(reg, dw);
// Added in case BSS has not been dumped or bBSS=False
if Loc_StrVals[idx]<>'' then SetRegVal(reg,Loc_StrVals[idx]);
end;
end;
procedure movStackVar_Register(reg : TRegister; val : DWORD);
var idx : Integer;
begin
idx:=Loc_Names.IndexOf(DWORD2HEX(val));
if idx=-1 then begin
Loc_Names.Add(DWORD2HEX(val));
Loc_StrVals.Add('');
Loc_Vars.Add(nil);
idx:=Loc_Names.Count-1;
end;
Loc_Vars[idx]:=(Pointer(GetRegValDW(reg)));
// Added in case BSS has not been dumped or bBSS=False
Loc_StrVals[idx]:=GetRegVal(reg);
end;
function dGetOffset(s : String) : DWORD;
var i : Integer;
ss : String;
b : boolean;
begin
b:=False;
ss:='';
for i:=1 to Length(s) do
begin
if s[i]=']' then b:=false;
if b then ss:=ss+s[i];
if s[i]='$' then b:=true;
end;
Result:=HEX2DWORD(ss);
end;
function dGetStackVar(s : String) : DWORD;
var i : Integer;
ss : String;
b,bb : boolean;
begin
b:=False;
bb:=False;
ss:='';
for i:=1 to Length(s) do
begin
if s[i]=']' then b:=false;
if b then ss:=ss+s[i];
if s[i]='-' then bb:=True;
if (s[i]='$') and bb then b:=true;
end;
Result:=HEX2DWORD(ss);
end;
Procedure movRegOffset(reg : TRegister; sInstr : String);
var Offs : DWORD;
s,sCN : String;
i,j : Integer;
begin
ClearRegister(reg);
offs:=Pos('$',sInstr);
sCN:=Copy(sInstr,offs-1,Length(sInstr)-Offs+2);
s:='';
For offs:=1 to Length(sCN) do
if sCN[offs] in ['0'..'9','A'..'F'] then s:=s+sCN[offs];
offs:=HEX2DWORD(s);
if IsBSSOffset(Offs) then
begin
// mov register pointer to class instance!!!
for i:=0 to ClsDmp.Classes.Count-1 do
for j:=0 to TClassDumper(ClsDmp.Classes[i]).FdwBSSOffset.Count-1 do
if DWORD(TClassDumper(ClsDmp.Classes[i]).FdwBSSOffset[j])=Offs
then begin
If TClassDumper(ClsDmp.Classes[i]).IsBSSDATAClass(j) then
begin
SetRegVal(reg,Copy(TClassDumper(ClsDmp.Classes[i]).FsClassName,2,Length(TClassDumper(ClsDmp.Classes[i]).FsClassName)-1));
SetRegVal(reg,DWORD(TClassDumper(ClsDmp.Classes[i]).FdwHeapPtr[j]));
end
else begin
SetRegVal(reg,'GlobalVar_'+DWORD2HEX(Offs));
AddGlobVar(DWORD2HEX(Offs));
SetRegVal(reg,0);
end;
bReference:=True;
sReference:=sREF_TEXT_POSSIBLE_TO+' '+GetRegVal(reg);
break;
end;
end;
end;
procedure OffsInfReference(reg : TRegister; sInstr : String);
var RefType : TRefOffsInfType;
sCN,s,sDestReg : String;
offs : DWORD;
ClsBoza : TClassDumper;
begin
// Default
RefType:=rtMOV;
// Dynamic Index
if Pos('mov bx, $',sInstr)<>0 then RefType:=rtDynCall
// Call Reference
else if Pos('call dword ptr [',sInstr)<>0 then RefType:=rtCALL
// Property Reference
else if Pos('mov',sInstr)<>0 then RefType:=rtMOV;
offs:=Pos('$',sInstr);
if offs=0 then exit;
sCN:=Copy(sInstr,offs-1,Length(sInstr)-Offs+2);
s:='';
For offs:=1 to Length(sCN) do
if sCN[offs] in ['0'..'9','A'..'F'] then s:=s+sCN[offs];
offs:=HEX2DWORD(s);
// This check should avoid from getting invalid references
// from 'add reg,imm_data' instructions
bReference:=False;
if offs>$FFFF then
begin
sDestReg:=Copy(sInstr,9,3);
ClearRegister(Str2TRegister(sDestReg));
exit;
end;
if sCN[1]='-' then offs:=not offs;
// Getting Class Name
sCN:=GetRegVal(reg);
// Adding Class Prefix if needed
if (sCN<>'') and (sCN[1]<>'T') then sCN:='T'+sCN;
if sCN='' then
if RefType<>rtDynCall then begin
sCN:='<UnknownType>';
if bDontShowUnkRefs then Exit;
end
else sCN:='TPersistent'; {Dinamic Calls are first met in TPersistent}
if ClsDmp.GetClass(sCN)<>nil then
begin
// In the case the class is in dumped classes
sReference:=TFieldData(ClsDmp.GetClass(sCN).FieldData).GetFieldName(offs);
sNewClass:=DeDeDisASM.GetControlClassEx(sCN,sReference);
// If no such field is found try to find it among the parent class fields using DOI data
if sReference=''
then if ClsDmp.GetClass(sCN).FbClassFlag=$07
//then OffsInfArchive.GetReference('TForm',offs,RefType,sReference,sNewClass)
then OffsInfArchive.GetReference(sCN,offs,RefType,sReference,sNewClass)
else OffsInfArchive.GetReference(sCN,offs,RefType,sReference,sNewClass)
// Add the reference text in the case of control references
else sReference:=sREF_TEXT_CONTROL+' '+sReference+':'+sNewClass;
end
else OffsInfArchive.GetReference(sCN,offs,RefType,sReference,sNewClass);
// There is found reference !
if sReference<>'' then
begin
bReference:=True;
if RefType=rtMOV then
begin
// When it is MOV instruction it must be emulated
sDestReg:=Copy(sInstr,9,3);
SetRegVal(Str2TRegister(sDestReg),sNewClass);
SetRegVal(Str2TRegister(sDestReg),0);
ClsBoza:=ClsDmp.GetClass(sNewClass);
if ClsBoza<>nil then
if ClsBoza.FdwBSSOffset.Count>1
then SetRegVal(Str2TRegister(sDestReg),DWORD(ClsBoza.FdwBSSOffset[1]));
end;
end
else begin
Case RefType of
rtMOV : begin
sReference:=sREF_POSSIBLE_FIELD+' '+sCN+'.OFFS_'+s;
sDestReg:=Copy(sInstr,9,3);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -