void CSettingDialog::SetUserData(PRunData pRunData)
{
m_pRunData = pRunData ;
int nImageBase = 0 ;
DWORD dwOEP = 0 ;
ulong uStart = 0 ;
ulong uEnd = 0 ;
ulong uBase = 0;
ulong uSize = 0 ;
if (0 == pRunData->uStartAddress)
{
nImageBase = Plugingetvalue(VAL_MAINBASE) ;
// 取得oep地址,默认程序设的断点地址是oep的
dwOEP = GetOEP(nImageBase) ;
if (0 != dwOEP)
{
Getproclimits(dwOEP, &uStart, &uEnd) ;
m_pRunData->uStartAddress = uStart ;
m_pRunData->uEndAddress = uEnd ;
}
else
{
m_pRunData->uStartAddress = nImageBase ;
m_pRunData->uEndAddress = nImageBase + 10 ;
}
m_RecordDialog.SetUserData(pRunData) ;
}
}
/*******************************************************************************
*
* 函 数 名 : EnumerateFunctionAddress
* 功能描述 : 枚举函数地址,并下断点
* 参数列表 : pRunData -- RunData指针
* 说 明 :
* 返回结果 : 如果输入字符串为正确的十六进制字符的话,返回TRUE,否则返回FALSE
*
*******************************************************************************/
BOOL EnumerateFunctionAddress(PRunData pRunData)
{
NULLVALUE_CHECK(pRunData, EnumerateFunctionAddress) ;
ulong uStart,uEnd ,uCurrent;
char szBuffer[MAX_PATH] = {0} ;
for (uCurrent = pRunData->uStartAddress;
uCurrent < pRunData->uEndAddress; )
{
if(-1 == Getproclimits(uCurrent, &uStart, &uEnd))
{
uCurrent += 5 ;
}
else
{
// 这里再处理
sprintf_s(szBuffer, sizeof(szBuffer), _T("%x-%x\r\n"),uStart, uEnd) ;
OutputDebugString(szBuffer) ;
uCurrent = uEnd + 5;
// 判断是否是强制下断点
// 如果不是强制下断点的话
if (FALSE == pRunData->bIsForceSetBreakPoint)
{
if(FALSE == SetCallBreakPoint(pRunData, uStart, uEnd))
{
OutputDebugString(_T("EnumerateFunctionAddress SetCallBreakPoint failed!\r\n")) ;
return FALSE ;
}
}
// 强制下断点
else
{
if (FALSE == ForceSetCallBreakPoint(pRunData, uStart, FUN_SIZE))
{
OutputDebugString(_T("EnumerateFunctionAddress ForceSetCallBreakPoint failed!\r\n")) ;
return FALSE ;
}
}
}
}
return TRUE ;
}
BOOL XXX(LPVOID pItem,char *pSubString)
{
T_X86Instruction tX86Instruction;
t_dump *pX86Dasm=NULL;
ulong Address;
ulong SOffest,EOffset;
ulong i;
unsigned char InstStr[MAXCMDSIZE];
ulong InstLength;
t_disasm da;
unsigned char *pdecode=NULL;
t_dump *pDasmWnd=(t_dump*)Plugingetvalue(VAL_CPUDASM);
pX86Dasm=( t_dump *)pItem;
Address=pX86Dasm->base;
char cPattern[0x100]={0};
if (Gettext("Search for pattern ...",cPattern,0,0,Plugingetvalue(VAL_WINDOWFONT))==-1){
return FALSE;
}
while(Address=Findnextproc(Address)){
Getproclimits(Address,&SOffest,&EOffset);
for (i=SOffest; i<EOffset; ){
if (!Readcommand(i,(char*)InstStr)) break;
InstLength=Disasm(InstStr,MAXCMDSIZE,i,pdecode,&da,DISASM_CODE,0);
tX86Instruction.Addresss=i;
memcpy(tX86Instruction.Command,da.result,256);
tX86Instruction.OpCodeLength=InstLength;
if (strstr((char*)tX86Instruction.Command,cPattern) ) {
if (pSubString){
if (strstr((char*)tX86Instruction.Command,pSubString)){
DbgMsg("0x%08X %d %s ",
tX86Instruction.Addresss,
tX86Instruction.OpCodeLength,
tX86Instruction.Command);
Setbreakpoint(tX86Instruction.Addresss,TY_ACTIVE|TY_KEEPCODE,0);
}
i+=InstLength;
continue;
}
DbgMsg("0x%08X %d %s ",
tX86Instruction.Addresss,
tX86Instruction.OpCodeLength,
tX86Instruction.Command);
Setbreakpoint(tX86Instruction.Addresss,TY_ACTIVE|TY_KEEPCODE,0);
}
i+=InstLength;
}
}
return TRUE;
}
