//------------------------------------------------------------------------------
// Name: do_find()
// Desc:
//------------------------------------------------------------------------------
void DialogBinaryString::do_find() {
const QByteArray b = ui->binaryString->value();
ui->listWidget->clear();
const int sz = b.size();
if(sz != 0) {
ByteShiftArray bsa(sz);
edb::v1::memory_regions().sync();
const QList<MemRegion> regions = edb::v1::memory_regions().regions();
const edb::address_t page_size = edb::v1::debugger_core->page_size();
int i = 0;
Q_FOREACH(const MemRegion ®ion, regions) {
bsa.clear();
// a short circut for speading things up
if(ui->chkSkipNoAccess->isChecked() && !region.accessible()) {
ui->progressBar->setValue(util::percentage(++i, regions.size()));
continue;
}
const edb::address_t size_in_pages = region.size() / page_size;
try {
QVector<quint8> pages(size_in_pages * page_size);
const quint8 *const pages_end = &pages[0] + region.size();
if(edb::v1::debugger_core->read_pages(region.start, &pages[0], size_in_pages)) {
const quint8 *p = &pages[0];
QString temp;
while(p != pages_end) {
// shift in the next byte
bsa << *p;
// compare values..
if(std::memcmp(bsa.data(), b.constData(), sz) == 0) {
const edb::address_t addr = (p - &pages[0] + region.start) - sz + 1;
const edb::address_t align = 1 << (ui->cmbAlignment->currentIndex() + 1);
if(!ui->chkAlignment->isChecked() || (addr % align) == 0) {
ui->listWidget->addItem(edb::v1::format_pointer(addr));
}
}
ui->progressBar->setValue(util::percentage(i, regions.size(), p - &pages[0], region.size()));
++p;
}
}
++i;
} catch(const std::bad_alloc &) {
QMessageBox::information(
0,
tr("Memroy Allocation Error"),
tr("Unable to satisfy memory allocation request for requested region."));
}
}
//------------------------------------------------------------------------------
// Name: do_find
// Desc:
//------------------------------------------------------------------------------
void DialogBinaryString::do_find() {
const QByteArray b = ui->binaryString->value();
ui->listWidget->clear();
const int sz = b.size();
if(sz != 0) {
ByteShiftArray bsa(sz);
edb::v1::memory_regions().sync();
const QList<IRegion::pointer> regions = edb::v1::memory_regions().regions();
const edb::address_t page_size = edb::v1::debugger_core->page_size();
int i = 0;
for(const IRegion::pointer ®ion: regions) {
bsa.clear();
// a short circut for speading things up
if(ui->chkSkipNoAccess->isChecked() && !region->accessible()) {
ui->progressBar->setValue(util::percentage(++i, regions.size()));
continue;
}
const size_t page_count = region->size() / page_size;
const QVector<quint8> pages = edb::v1::read_pages(region->start(), page_count);
if(!pages.isEmpty()) {
const quint8 *p = &pages[0];
const quint8 *const pages_end = &pages[0] + region->size();
QString temp;
while(p != pages_end) {
// shift in the next byte
bsa << *p;
// compare values..
if(std::memcmp(bsa.data(), b.constData(), sz) == 0) {
const edb::address_t addr = (p - &pages[0] + region->start()) - sz + 1;
const edb::address_t align = 1 << (ui->cmbAlignment->currentIndex() + 1);
if(!ui->chkAlignment->isChecked() || (addr % align) == 0) {
auto item = new QListWidgetItem(edb::v1::format_pointer(addr));
item->setData(Qt::UserRole, addr);
ui->listWidget->addItem(item);
}
}
ui->progressBar->setValue(util::percentage(i, regions.size(), p - &pages[0], region->size()));
++p;
}
}
++i;
}
}
}
int main(int argc, char *argv[]) {
int c;
int longindex;
std::string outfilename;
bool force = false;
float alpha = 0.001;
while (EOF != (c = getopt_long(argc, argv, "a:dfho:", longopts,
&longindex)))
switch (c) {
case 'a':
alpha = std::stof(optarg);
break;
case 'd':
debuglevel = LOG_DEBUG;
break;
case 'f':
force = true;
break;
case 'h':
usage(argv[0]);
return EXIT_SUCCESS;
case 'o':
outfilename = std::string(optarg);
break;
default:
throw std::runtime_error("unknown option");
}
// get the file name
if (argc <= optind) {
throw std::runtime_error("input file name missing");
}
std::string infilename(argv[optind++]);
debug(LOG_DEBUG, DEBUG_LOG, 0, "processing image %s",
infilename.c_str());
// read the input file
FITSin infile(infilename);
ImagePtr image = infile.read();
ImagePtr outimage;
// prepare a background extractor
BackgroundExtractor extractor(alpha);
// if this is a mono image, we just use luminance for background
// extraction
switch (image->planes()) {
case 1: {
// make image accessible as an image with float pixels
ConstPixelValueAdapter<float> from(image);
// get the background
Background<float> bg = extractor(image->center(), true,
BackgroundExtractor::QUADRATIC, from);
// subtract the background
BackgroundFunctionAdapter bfa(from, bg.G());
// write the result to the output
outimage = ImagePtr(new Image<float>(bfa));
}
break;
case 3: {
// make image accessible as an RGB<float> image
ConstPixelValueAdapter<RGB<float> > from(image);
// get the background
Background<float> bg = extractor(image->center(), true,
BackgroundExtractor::QUADRATIC, from);
// subtract the background
BackgroundSubtractionAdapter bsa(from, bg);
// write the result to the output
outimage = ImagePtr(new Image<RGB<float> >(bsa));
}
break;
default:
std::string msg = stringprintf("don't know how to handle "
"background for images with %d planes",
image->planes());
debug(LOG_ERR, DEBUG_LOG, 0, "%s", msg.c_str());
throw std::runtime_error(msg);
}
// we give up here, because we don't want to write the changed file
if (0 == outfilename.size()) {
return EXIT_SUCCESS;
}
FITSout outfile(outfilename);
outfile.setPrecious(!force);
outfile.write(outimage);
// that's it
return EXIT_SUCCESS;
}
//------------------------------------------------------------------------------
// Name: do_find
// Desc:
//------------------------------------------------------------------------------
void DialogROPTool::do_find() {
const QItemSelectionModel *const selModel = ui->tableView->selectionModel();
const QModelIndexList sel = selModel->selectedRows();
if(sel.size() == 0) {
QMessageBox::critical(
this,
tr("No Region Selected"),
tr("You must select a region which is to be scanned for gadgets."));
} else {
unique_results_.clear();
if(IProcess *process = edb::v1::debugger_core->process()) {
for(const QModelIndex &selected_item: sel) {
const QModelIndex index = filter_model_->mapToSource(selected_item);
if(auto region = *reinterpret_cast<const IRegion::pointer *>(index.internalPointer())) {
edb::address_t start_address = region->start();
const edb::address_t end_address = region->end();
const edb::address_t orig_start = start_address;
ByteShiftArray bsa(32);
while(start_address < end_address) {
// read in the next byte
quint8 byte;
if(process->read_bytes(start_address, &byte, 1)) {
bsa << byte;
const quint8 *p = bsa.data();
const quint8 *const l = p + bsa.size();
edb::address_t rva = start_address - bsa.size() + 1;
QList<edb::Instruction> instruction_list;
// eat up any NOPs in front...
Q_FOREVER {
edb::Instruction inst(p, l, rva);
if(!is_nop(inst)) {
break;
}
instruction_list << inst;
p += inst.size();
rva += inst.size();
}
edb::Instruction inst1(p, l, rva);
if(inst1) {
instruction_list << inst1;
if(inst1.operation() == edb::Instruction::Operation::X86_INS_INT && inst1.operands()[0].general_type() == edb::Operand::TYPE_IMMEDIATE && (inst1.operands()[0].immediate() & 0xff) == 0x80) {
add_gadget(instruction_list);
} else if(inst1.operation() == edb::Instruction::Operation::X86_INS_SYSENTER) {
add_gadget(instruction_list);
} else if(inst1.operation() == edb::Instruction::Operation::X86_INS_SYSCALL) {
add_gadget(instruction_list);
} else if(is_ret(inst1)) {
ui->progressBar->setValue(util::percentage(start_address - orig_start, region->size()));
++start_address;
continue;
} else {
p += inst1.size();
rva += inst1.size();
// eat up any NOPs in between...
Q_FOREVER {
edb::Instruction inst(p, l, rva);
if(!is_nop(inst)) {
break;
}
instruction_list << inst;
p += inst.size();
rva += inst.size();
}
edb::Instruction inst2(p, l, rva);
if(is_ret(inst2)) {
instruction_list << inst2;
add_gadget(instruction_list);
} else if(inst2 && inst2.operation() == edb::Instruction::Operation::X86_INS_POP) {
instruction_list << inst2;
p += inst2.size();
rva += inst2.size();
edb::Instruction inst3(p, l, rva);
if(inst3 && inst3.operation() == edb::Instruction::Operation::X86_INS_JMP) {
instruction_list << inst3;
if(inst2.operand_count() == 1 && inst2.operands()[0].general_type() == edb::Operand::TYPE_REGISTER) {
if(inst3.operand_count() == 1 && inst3.operands()[0].general_type() == edb::Operand::TYPE_REGISTER) {
if(inst2.operands()[0].reg() == inst3.operands()[0].reg()) {
add_gadget(instruction_list);
}
}
}
}
}
}
// TODO(eteran): catch things like "add rsp, 8; jmp [rsp - 8]" and similar, it's rare,
// but could happen
}
}
ui->progressBar->setValue(util::percentage(start_address - orig_start, region->size()));
++start_address;
}
}
}
}
}
