/*==================================================================================*/
int main(void)
{
/* ============================= Init the Disasm structure (important !)*/
(void) memset (&MyDisasm, 0, sizeof(DISASM));
pSourceCode = &main;
pBuffer = malloc(0x600);
/* ============================= Let's NOP the buffer */
(void) memset (pBuffer, 0x90, 0x600);
/* ============================= Copy 100 bytes in it */
(void) memcpy (pBuffer,(void*)(int) pSourceCode, 0x600);
(void) printf("******************************************************* \n");
(void) printf("Display only BranchInstructions and ComparisonInstructions. \n");
(void) printf("******************************************************* \n");
/* ============================= Select Display Option */
MyDisasm.Options = Tabulation + MasmSyntax;
/* ============================= Disassemble code located in that buffer */
DisassembleCode (pBuffer, (char*) pBuffer + 0x600, pSourceCode);
return 0;
}
int main(int argc, char* argv[])
{
BEA_UNUSED_ARG (argc);
BEA_UNUSED_ARG (argv);
/* ============================= Init the Disasm structure (important !)*/
(void) memset (&MyDisasm, 0, sizeof(DISASM));
pSourceCode = main;
pBuffer = malloc(0x600);
/* ============================= Let's NOP the buffer */
(void) memset (pBuffer, 0x90, 0x600);
/* ============================= Copy 100 bytes in it */
(void) memcpy (pBuffer,(void*)(UIntPtr) pSourceCode, 0x600);
(void) printf("******************************************************* \n");
(void) printf("Display only Instructions modifying memory. \ndon't display stack modifications. \n");
(void) printf("******************************************************* \n");
/* ============================= Select Display Option */
MyDisasm.Options = Tabulation + MasmSyntax;
/* ============================= Disassemble code located in that buffer */
DisassembleCode (pBuffer, (char*) pBuffer + 0x600, pSourceCode);
return 0;
}
/*==================================================================================*/
int main(void)
{
FileHandle = fopen("junkcode.bin", "rb");
(void)fseek(FileHandle,0,SEEK_END);
FileSize = ftell(FileHandle);
(void)rewind(FileHandle);
pBuffer = malloc(FileSize);
(void)fread(pBuffer,1,FileSize, FileHandle);
(void)fclose(FileHandle);
/* ============================= Init the Disasm structure (important !)*/
for (i=0;i<100;i++) {
(void) memset (&MyDisasm[i], 0, sizeof(DISASM));
}
(void) printf("******************************************************* \n");
(void) printf("Looking for obfuscation in junkcode.bin - simple pattern :\nadd X, Y\nsub X, Y\n");
(void) printf("******************************************************* \n");
/* ============================= Disassemble code located in that buffer */
DisassembleCode (pBuffer, (char*) pBuffer + 0x600, 0x0);
AnalyzeCode();
return 0;
}
/*==================================================================================*/
int main(void)
{
pSourceCode = &main;
pBuffer = malloc(100);
/* ============================= Let's NOP the buffer */
(void) memset (pBuffer, 0x90, 100);
/* ============================= Copy 100 bytes in it */
(void) memcpy (pBuffer,(void*)(int) pSourceCode, 100);
/* ============================= Disassemble code located in that buffer */
DisassembleCode (pBuffer, (char*) pBuffer + 100, pSourceCode);
return 0;
}
void CChildView::OnMouseHover(UINT nFlags, CPoint point)
{
CString msg;
if (Selected.size() > 1)
{
DWORD size = 0;
for (UINT i = 0; i < Selected.size(); i++)
size += Selected[i].object->GetMemorySize();
msg.Format(_T("%i selected, %i bytes"), Selected.size(), size);
m_ToolTip.EnableWindow(FALSE);
m_ToolTip.SetWindowText(msg);
m_ToolTip.SetWindowPos(NULL, point.x + 16, point.y + 16, msg.GetLength() * FontWidth + 8, FontHeight + 6, SWP_NOZORDER);
m_ToolTip.ShowWindow(SW_SHOW);
}
else
{
BYTE data[16];
for (UINT i = 0; i < HotSpots.size(); i++)
{
if (HotSpots[i].Rect.PtInRect(point))
{
if (HotSpots[i].Type == HS_SELECT)
{
CNodeBase* pNode = (CNodeBase*)HotSpots[i].object;
if (pNode->GetType() == nt_function)
{
if (HotSpots[i].object->bOpen[HotSpots[i].Level])
continue;
DWORD_PTR addr = HotSpots[i].Address;
ReadMemory((LPVOID)addr, &addr, sizeof(DWORD_PTR));
unsigned char* code = (unsigned char*)malloc(1024);
ReadMemory((LPVOID)addr, code, 1024);
int textHeight = 0;
// CString object causes crashes here sometimes for an unknown reason (too lazy to figure out why). Using STL std::string in lieu of CString.
stdstring d = DisassembleCode(&code, (unsigned char**)((&code) + 1024), addr, &textHeight);
delete[] code;
//CString d, t;
//CNodeFunctionPtr* pObject = (CNodeFunctionPtr*)HotSpots[i].object;
//int textHeight = (pObject->Assembly.size() * 16) + 4;
//
//for (int i = 0; i < pObject->Assembly.size(); i++)
//{
// t.Format("%s\r\n", pObject->Assembly[i]);
// d.Append(t);
//}
m_ToolTip.EnableWindow(FALSE);
m_ToolTip.SetWindowText(d.c_str());
m_ToolTip.SetWindowPos(NULL, point.x + 16, point.y + 16, 400, textHeight, SWP_NOZORDER);
m_ToolTip.ShowWindow(SW_SHOW);
}
if (pNode->GetType() == nt_hex64)
{
ReadMemory((LPVOID)HotSpots[i].Address, data, sizeof(DWORD_PTR));
float* pf = (float*)data;
__int64* pi = (__int64*)data;
size_t* pd = (size_t*)data;
msg.Format(_T("Int64: %i\r\nDWORD64: %u\r\nFloat: %.3f"), *pi, *pd, *pf);
m_ToolTip.EnableWindow(FALSE);
m_ToolTip.SetWindowText(msg);
m_ToolTip.SetWindowPos(NULL, point.x + 16, point.y + 16, 200, 16 * 3 + 6, SWP_NOZORDER);
m_ToolTip.ShowWindow(SW_SHOW);
}
else if (pNode->GetType() == nt_hex32)
{
ReadMemory((LPVOID)HotSpots[i].Address, data, 4);
float* pf = (float*)data;
int* pi = (int*)data;
DWORD* pd = (DWORD*)data;
msg.Format(_T("Int32: %i\r\nDWORD: %u\r\nFloat: %.3f"), *pi, *pd, *pf);
m_ToolTip.EnableWindow(FALSE);
m_ToolTip.SetWindowText(msg);
m_ToolTip.SetWindowPos(NULL, point.x + 16, point.y + 16, 200, 16 * 3 + 6, SWP_NOZORDER);
m_ToolTip.ShowWindow(SW_SHOW);
}
else if (pNode->GetType() == nt_hex16)
{
ReadMemory((LPVOID)HotSpots[i].Address, data, 4);
__int16* pi = (__int16*)data;
WORD* pd = (WORD*)data;
msg.Format(_T("Int16: %i\r\nWORD: %u\r\n"), *pi, *pd);
m_ToolTip.EnableWindow(FALSE);
m_ToolTip.SetWindowText(msg);
m_ToolTip.SetWindowPos(NULL, point.x + 16, point.y + 16, 200, 16 * 2 + 6, SWP_NOZORDER);
m_ToolTip.ShowWindow(SW_SHOW);
}
else if (pNode->GetType() == nt_hex8)
{
ReadMemory((LPVOID)HotSpots[i].Address, data, 4);
__int8* pi = (__int8*)data;
BYTE* pd = (BYTE*)data;
msg.Format(_T("Int8: %i\r\nBYTE: %u\r\n"), *pi, *pd);
m_ToolTip.SetWindowText(msg);
m_ToolTip.SetWindowPos(NULL, point.x + 16, point.y + 16, 200, 16 * 2 + 6, SWP_NOZORDER);
m_ToolTip.ShowWindow(SW_SHOW);
}
}
}
}
}
bTracking = false;
HoverPoint = point;
CWnd::OnMouseHover(nFlags, point);
}
int main(int argc, char* argv[])
{
BEA_UNUSED_ARG (argc);
BEA_UNUSED_ARG (argv);
/* ============================= Init the Disasm structure (important !)*/
(void) memset (&MyDisasm, 0, sizeof(DISASM));
pSourceCode = main;
pBuffer = malloc(100);
/* ============================= Let's NOP the buffer */
(void) memset (pBuffer, 0x90, 100);
/* ============================= Copy 100 bytes in it */
(void) memcpy (pBuffer,(void*)(UIntPtr) pSourceCode, 100);
/* ============================= Select Display Option */
(void) printf("******************************************************* \n");
(void) printf("Display Option : No Tabulation + MasmSyntax. \n");
(void) printf("******************************************************* \n");
MyDisasm.Options = NoTabulation + MasmSyntax;
/* ============================= Disassemble code located in that buffer */
DisassembleCode (pBuffer, (char*) pBuffer + 100, pSourceCode);
/* ============================= Select another Display Option */
(void) printf("******************************************************* \n");
(void) printf("Display Option : Tabulation + MasmSyntax. \n");
(void) printf("******************************************************* \n");
MyDisasm.Options = Tabulation + MasmSyntax;
/* ============================= Disassemble code located in that buffer */
DisassembleCode (pBuffer, (char*) pBuffer + 100, pSourceCode);
/* ============================= Select another Display Option */
(void) printf("******************************************************* \n");
(void) printf("Display Option : Tabulation + NasmSyntax + PrefixedNumeral + ShowSegmentRegs. \n");
(void) printf("******************************************************* \n");
MyDisasm.Options = Tabulation + NasmSyntax + PrefixedNumeral + ShowSegmentRegs;
/* ============================= Disassemble code located in that buffer */
DisassembleCode (pBuffer, (char*) pBuffer + 100, pSourceCode);
/* ============================= Select another Display Option */
(void) printf("******************************************************* \n");
(void) printf("Display Option : Tabulation + GoAsmSyntax + SuffixedNumeral. \n");
(void) printf("******************************************************* \n");
MyDisasm.Options = Tabulation + GoAsmSyntax + SuffixedNumeral;
/* ============================= Disassemble code located in that buffer */
DisassembleCode (pBuffer, (char*) pBuffer + 100, pSourceCode);
/* ============================= Select another Display Option */
(void) printf("******************************************************* \n");
(void) printf("Display Option : Tabulation + ATSyntax + SuffixedNumeral + ShowSegmentRegs. \n");
(void) printf("******************************************************* \n");
MyDisasm.Options = Tabulation + ATSyntax + SuffixedNumeral + ShowSegmentRegs;
/* ============================= Disassemble code located in that buffer */
DisassembleCode (pBuffer, (char*) pBuffer + 100, pSourceCode);
return 0;
}
