int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Silent, const char* Name, REFFINDTYPE type)
{
char fullName[deflen];
char moduleName[MAX_MODULE_SIZE];
duint scanStart, scanSize;
REFINFO refInfo;
if(type == CURRENT_REGION) // Search in current Region
{
duint regionSize = 0;
duint regionBase = MemFindBaseAddr(Address, ®ionSize, true);
// If the memory page wasn't found, fail
if(!regionBase || !regionSize)
{
if(!Silent)
dprintf("Invalid memory page 0x%p\n", Address);
return 0;
}
// Assume the entire range is used
scanStart = regionBase;
scanSize = regionSize;
// Otherwise use custom boundaries if size was supplied
if(Size)
{
duint maxsize = Size - (Address - regionBase);
// Make sure the size fits in one page
scanStart = Address;
scanSize = min(Size, maxsize);
}
// Determine the full module name
if(ModNameFromAddr(scanStart, moduleName, true))
sprintf_s(fullName, "%s (Region %s)", Name, moduleName);
else
sprintf_s(fullName, "%s (Region %p)", Name, scanStart);
// Initialize disassembler
Capstone cp;
// Allow an "initialization" notice
refInfo.refcount = 0;
refInfo.userinfo = UserData;
refInfo.name = fullName;
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, cp, true, [](int percent)
{
GuiReferenceSetCurrentTaskProgress(percent, "Region Search");
GuiReferenceSetProgress(percent);
});
}
else if(type == CURRENT_MODULE) // Search in current Module
{
SHARED_ACQUIRE(LockModules);
auto modInfo = ModInfoFromAddr(Address);
if(!modInfo)
{
if(!Silent)
dprintf("Couldn't locate module for 0x%p\n", Address);
return 0;
}
duint modBase = modInfo->base;
duint modSize = modInfo->size;
SHARED_RELEASE();
scanStart = modBase;
scanSize = modSize;
// Determine the full module name
if(ModNameFromAddr(scanStart, moduleName, true))
sprintf_s(fullName, "%s (%s)", Name, moduleName);
else
sprintf_s(fullName, "%s (%p)", Name, scanStart);
// Initialize disassembler
Capstone cp;
// Allow an "initialization" notice
refInfo.refcount = 0;
refInfo.userinfo = UserData;
refInfo.name = fullName;
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, cp, true, [](int percent)
{
GuiReferenceSetCurrentTaskProgress(percent, "Module Search");
GuiReferenceSetProgress(percent);
});
}
else if(type == ALL_MODULES) // Search in all Modules
{
bool initCallBack = true;
std::vector<MODINFO> modList;
ModGetList(modList);
if(!modList.size())
{
if(!Silent)
dprintf("Couldn't get module list");
return 0;
}
// Initialize disassembler
Capstone cp;
// Determine the full module
sprintf_s(fullName, "All Modules (%s)", Name);
// Allow an "initialization" notice
refInfo.refcount = 0;
refInfo.userinfo = UserData;
refInfo.name = fullName;
for(duint i = 0; i < modList.size(); i++)
{
scanStart = modList[i].base;
scanSize = modList[i].size;
if(i != 0)
initCallBack = false;
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, cp, initCallBack, [&i, &modList](int percent)
{
float fPercent = (float)percent / 100.f;
float fTotalPercent = ((float)i + fPercent) / (float)modList.size();
int totalPercent = (int)floor(fTotalPercent * 100.f);
char tst[256];
strcpy_s(tst, modList[i].name);
GuiReferenceSetCurrentTaskProgress(percent, modList[i].name);
GuiReferenceSetProgress(totalPercent);
});
}
}
GuiReferenceSetProgress(100);
GuiReferenceReloadData();
return refInfo.refcount;
}
void MakeSigDialogExecute(HWND hwndDlg)
{
int dataLen = GetWindowTextLength(GetDlgItem(hwndDlg, IDC_SIGMAKE_EDIT1)) + 1;
int maskLen = GetWindowTextLength(GetDlgItem(hwndDlg, IDC_SIGMAKE_EDIT2)) + 1;
char *data = (char *)BridgeAlloc(dataLen);
char *mask = (char *)BridgeAlloc(maskLen);
GetWindowText(GetDlgItem(hwndDlg, IDC_SIGMAKE_EDIT1), data, dataLen);
GetWindowText(GetDlgItem(hwndDlg, IDC_SIGMAKE_EDIT2), mask, maskLen);
//
// Convert the string to a code descriptor
//
SIG_DESCRIPTOR *desc = nullptr;
switch (Settings::LastType)
{
case SIG_CODE: desc = DescriptorFromCode(data, mask); break;
case SIG_IDA: desc = DescriptorFromIDA(data); break;
case SIG_PEID: desc = DescriptorFromPEiD(data); break;
case SIG_CRC: desc = DescriptorFromCRC(data); break;
}
//
// Scan
//
std::vector<duint> results;
PatternScan(desc, results);
//
// Log it in the GUI
//
GuiReferenceDeleteAllColumns();
GuiReferenceAddColumn(20, "Address");
GuiReferenceAddColumn(100, "Disassembly");
GuiReferenceSetRowCount((int)results.size());
GuiReferenceSetProgress(0);
int i = 0;
for (auto& match : results)
{
DISASM_INSTR inst;
DbgDisasmAt(match, &inst);
char temp[32];
sprintf_s(temp, "%p", (PVOID)match);
GuiReferenceSetCellContent(i, 0, temp);
GuiReferenceSetCellContent(i++, 1, inst.instruction);
}
_plugin_logprintf("Found %d references(s)\n", results.size());
GuiReferenceSetProgress(100);
GuiUpdateAllViews();
//
// Cleanup
//
BridgeFree(data);
BridgeFree(mask);
BridgeFree(desc);
}
