📄 plugin.pas
字号:
captured: Integer; // Info about how mouse is captured
active: Integer; // Previous mouse coordinate
prevx: Integer;
end;
p_sortheader = ^t_sortheader;
t_sortheader = packed record // Header of sorted data field
addr: ULONG; // Base address of the entry
size: ULONG; // Size address of the entry
type_ul: ULONG; // Entry type, TY_xxx
end;
SORTFUNC = function(const p1, p2: p_sortheader; sort: Integer): Integer; cdecl;
DRAWFUNC = function(s: PChar; mask: PChar; select: PInteger;
ps: p_sortheader; column: Integer): Integer; cdecl;
DESTFUNC = procedure(pe: p_sortheader); cdecl;
const
AUTOARRANGE: SORTFUNC = SORTFUNC(1); // Autoarrangeable sorted data
type
p_sorted = ^t_sorted; // Descriptor of sorted table
t_sorted = packed record // Name of table, as appears in error
name: array[0..MAX_PATH-1] of Char; // Actual number of entries
n: Integer; // Maximal number of entries
nmax: Integer; // Index of selected entry or -1
selected: Integer; // Base address of selected entry
seladdr: ULONG; // Size of single entry
itemsize: Integer; // Unique version of table
version: ULONG; // Entries, sorted by address
data: Pointer; // Function which sorts data or NULL
sortfunc: SORTFUNC; // Destructor function or NULL
destfunc: DESTFUNC; // Sorting criterium (column)
sort: Integer; // Whether indexes are sorted
sorted: Integer; // Indexes, sorted by criterium
index: PInteger; // Suppress multiple overflow errors
suppresserr: Integer;
end;
p_table = ^t_table;
t_table = packed record // Window with sorted data and bar
hw: HWND; // Handle of window or NULL
data: T_SORTED; // Sorted data
bar: T_BAR; // Description of bar
showbar: Integer; // Bar: 1-displayed, 0-hidden, -1-absent
hscroll: SmallInt; // Horiz. scroll: 1-displayed, 0-hidden
colsel: SmallInt; // Column in TABLE_COLSEL window
mode: Integer; // Combination of bits TABLE_xxx
font: Integer; // Font used by window
scheme: SmallInt; // Colour scheme used by window
hilite: SmallInt; // Syntax highlighting used by window
offset: Integer; // First displayed row
xshift: Integer; // Shift in X direction, pixels
drawfunc: DRAWFUNC; // Function which decodes table fields
end;
function Createsorteddata(sd: p_sorted; name: PChar;
itemsize: Integer; nmax: Integer;
sortfn: SORTFUNC; destfn: DESTFUNC): Integer; cdecl;
procedure Destroysorteddata(sd: p_sorted); cdecl;
function Addsorteddata(sd: p_sorted; item: Pointer): Pointer; cdecl;
procedure Deletesorteddata(sd: p_sorted; addr: ULONG); cdecl;
procedure Deletesorteddatarange(sd: p_sorted; addr0: ULONG; addr1: ULONG); cdecl;
function Deletenonconfirmedsorteddata(sd: p_sorted): Integer; cdecl;
function Findsorteddata(sd: p_sorted; addr: ULONG): Pointer; cdecl;
function Findsorteddatarange(sd: p_sorted; addr0: ULONG; addr1: ULONG): Pointer; cdecl;
function Findsorteddataindex(sd: p_sorted; addr0: ULONG; addr1: ULONG): Integer; cdecl;
function Sortsorteddata(sd: p_sorted; sort: Integer): Integer; cdecl;
function Getsortedbyselection(sd: p_sorted; index: Integer): Pointer; cdecl;
procedure Defaultbar(pb: p_bar) cdecl;
function Tablefunction(pt: p_table; hw: HWND; msg: Word;
wp: WPARAM; lp: LPARAM): Integer; cdecl;
procedure Painttable(hw: HWND; pt: p_table; getline: DRAWFUNC) cdecl;
function Gettableselectionxy(pt: p_table; column: Integer;
px: PInteger; py: PInteger): Integer; cdecl;
procedure Selectandscroll(pt: p_table; index: Integer; mode: Integer); cdecl;
////////////////////////////////////////////////////////////////////////////////
///////////////////////////////// NAME FUNCTIONS ///////////////////////////////
// Types of names used in name functions. Note that higher-priority types have
// smaller identifiers!
const
NM_NONAME = $00; // Undefined name
NM_ANYNAME = $FF; // Name of any type
// Names saved in the data file of module they appear.
NM_PLUGCMD = $30; // Plugin commands to execute at break
NM_LABEL = $31; // User-defined label
NM_EXPORT = $32; // Exported (global) name
NM_IMPORT = $33; // Imported name
NM_LIBRARY = $34; // Name from library or object file
NM_CONST = $35; // User-defined constant
NM_COMMENT = $36; // User-defined comment
NM_LIBCOMM = $37; // Comment from library or object file
NM_BREAK = $38; // Condition related with breakpoint
NM_ARG = $39; // Arguments decoded by analyzer
NM_ANALYSE = $3A; // Comment added by analyzer
NM_BREAKEXPR = $3B; // Expression related with breakpoint
NM_BREAKEXPL = $3C; // Explanation related with breakpoint
NM_ASSUME = $3D; // Assume function with known arguments
NM_STRUCT = $3E; // Code structure decoded by analyzer
NM_CASE = $3F; // Case description decoded by analyzer
// Names saved in the data file of main module.
NM_INSPECT = $40; // Several last inspect expressions
NM_WATCH = $41; // Watch expressions
NM_ASM = $42; // Several last assembled strings
NM_FINDASM = $43; // Several last find assembler strings
NM_LASTWATCH = $48; // Several last watch expressions
NM_SOURCE = $49; // Several last source search strings
NM_REFTXT = $4A; // Several last ref text search strings
NM_GOTO = $4B; // Several last expressions to follow
NM_GOTODUMP = $4C; // Several expressions to follow in Dump
NM_TRPAUSE = $4D; // Several expressions to pause trace
// Pseudonames.
NM_IMCALL = $FE; // Intermodular call
NMHISTORY = $40; // Converts NM_xxx to type of init list
function Insertname(addr: ULONG; itype: Integer; name: PChar): Integer; cdecl;
function Quickinsertname(addr: ULONG; itype: Integer; name: PChar): Integer; cdecl;
procedure Mergequicknames; cdecl;
procedure Discardquicknames; cdecl;
function Findname(addr: ULONG; itype: Integer; name: PChar): Integer; cdecl;
function Decodename(addr: ULONG; itype: Integer; name: PChar): Integer; cdecl;
function Findnextname(name: PChar): ULONG; cdecl;
function Findlabel(addr: ULONG; name: PChar): Integer; cdecl;
procedure Deletenamerange(addr0: ULONG; addr1: ULONG; itype: Integer); cdecl;
function Findlabelbyname(name: PChar; addr: PULONG;
addr0: ULONG; addr1: ULONG): Integer; cdecl;
function Findimportbyname(name: PChar; addr0: ULONG; addr1: ULONG): ULONG; cdecl;
function Demanglename(name: PChar; itype: Integer; undecorated: PChar): Integer; cdecl;
function Findsymbolicname(addr: ULONG; fname: PChar): Integer; cdecl;
////////////////////////////////////////////////////////////////////////////////
///////////////////////////// DISASSEMBLY FUNCTIONS ////////////////////////////
const
REG_EAX = 0; // Indexes of general-purpose registers
REG_ECX = 1; // in t_reg.
REG_EDX = 2;
REG_EBX = 3;
REG_ESP = 4;
REG_EBP = 5;
REG_ESI = 6;
REG_EDI = 7;
SEG_UNDEF = -1;
SEG_ES = 0; // Indexes of segment/selector registers
SEG_CS = 1; // in t_reg.
SEG_SS = 2;
SEG_DS = 3;
SEG_FS = 4;
SEG_GS = 5;
// Selected items in register window.
RS_NONE = $0000; // No selection
RS_INT = $0010; // General-purpose 32-bit registers
RS_EIP = $0020; // EIP (instruction pointer)
RS_FLG = $0030; // 1-bit decoded flags
RS_SEG = $0040; // Segment (selector) registers
RS_EFL = $0050; // 32-bit flag register
RS_TAG = $0060; // FPU register tag
RS_FPU = $0070; // 80-bit FPU registers
RS_FST = $0080; // FPU status
RS_FCO = $0090; // FPU condition bits
RS_FER = $00A0; // FPU error bits
RS_FCW = $00B0; // FPU control word
RS_FPR = $00C0; // FPU precision fields
RS_FEM = $00D0; // FPU error mask bits
RS_MMX = $00E0; // MMX registers
RS_3DN = $00F0; // 3DNow! registers
RS_SSE = $0100; // SSE registers
RS_CSR = $0110; // SSE MXCSR register
RS_CSB = $0120; // SSE MXCSR bits
RS_CPR = $0130; // SSE rounding control
RS_ERR = $0140; // Last thread error
RS_GROUP = $01F0; // Mask to extract group of registers
RS_INDEX = $000F; // Mask to extract index of register
NREGSTACK = 32; // Length of stack trace buffer
MAXCALSIZE = 8; // Max length of CALL without prefixes
INT3 = $CC; // Code of 1-byte breakpoint
NOP = $90; // Code of 1-byte NOP command
TRAPFLAG = $00000100; // Trap flag in CPU flag register
C_TYPEMASK = $F0; // Mask for command type
C_CMD = $00; // Ordinary instruction
C_PSH = $10; // PUSH instruction
C_POP = $20; // POP instruction
C_MMX = $30; // MMX instruction
C_FLT = $40; // FPU instruction
C_JMP = $50; // JUMP instruction
C_JMC = $60; // Conditional JUMP instruction
C_CAL = $70; // CALL instruction
C_RET = $80; // RET instruction
C_FLG = $90; // Changes system flags
C_RTF = $A0; // C_JMP and C_FLG simultaneously
C_REP = $B0; // Instruction with REPxx prefix
C_PRI = $C0; // Privileged instruction
C_SSE = $D0; // SSE instruction
C_NOW = $E0; // 3DNow! instruction
C_BAD = $F0; // Unrecognized command
C_RARE = $08; // Rare command, seldom used in programs
C_SIZEMASK = $07; // MMX data size or special flag
C_EXPL = $01; // (non-MMX) Specify explicit memory size
C_DANGER95 = $01; // Command is dangerous under Win95/98
C_DANGER = $03; // Command is dangerous everywhere
C_DANGERLOCK = $07; // Dangerous with LOCK prefix
DEC_TYPEMASK = $1F; // Type of memory byte
DEC_UNKNOWN = $00; // Unknown type
DEC_BYTE = $01; // Accessed as byte
DEC_WORD = $02; // Accessed as short
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -