Example #1
0
DWORD_PTR
LLDBServices::GetExpression(
    PCSTR exp)
{
    if (exp == nullptr)
    {
        return 0;
    }

    lldb::SBFrame frame = GetCurrentFrame();
    if (!frame.IsValid())
    {
        return 0;
    }

    DWORD_PTR result = 0;
    lldb::SBError error;
    std::string str;

    // To be compatible with windbg/dbgeng, we need to emulate the default
    // hex radix (because sos prints addresses and other hex values without
    // the 0x) by first prepending 0x and if that fails use the actual
    // undecorated expression.
    str.append("0x");
    str.append(exp);

    result = GetExpression(frame, error, str.c_str());
    if (error.Fail())
    {
        result = GetExpression(frame, error, exp);
    }

    return result;
}
void
CMArray1DDir::CreateNextNode()
{
	if (itsCurrentNode != NULL)
		{
		return;
		}

	JTreeNode* root = itsTree->GetRoot();
	if (itsRequestRange.first < itsDisplayRange.first)
		{
		itsDisplayRange.first--;
		const JString expr = GetExpression(itsDisplayRange.first);
		CMVarNode* node    = itsLink->CreateVarNode(root, expr, expr, "");
		assert (node != NULL);

		itsCurrentNode = node;
		root->InsertAtIndex(1, node);	// move it to the top -- inserted by ctor so it will update self
		ListenTo(itsTree);
		}
	else if (itsDisplayRange.last < itsRequestRange.last)
		{
		itsDisplayRange.last++;
		const JString expr = GetExpression(itsDisplayRange.last);
		CMVarNode* node    = itsLink->CreateVarNode(root, expr, expr, "");
		assert (node != NULL);

		itsCurrentNode = node;
		ListenTo(itsTree);
		}
	else
		{
		CreateNodesFinished();
		}
}
Example #3
0
VOID
AtomExtension(
    PCSTR lpArgumentString
    )
{
    PRTL_ATOM_TABLE *ppat;
    ATOM a;

    try {
        while (*lpArgumentString == ' ') {
            lpArgumentString++;
        }

        if (*lpArgumentString && *lpArgumentString != 0xa) {
            a = (ATOM)GetExpression((LPSTR)lpArgumentString);
        } else {
            a = 0;
        }

        ppat = (PRTL_ATOM_TABLE *)GetExpression(szBaseLocalAtomTable);
        if (ppat != NULL) {
            dprintf("\nLocal atom table ");
            DumpAtomTable(ppat, a);
        }

    } except (EXCEPTION_EXECUTE_HANDLER) {
        ;
    }
}
Example #4
0
VOID
WinDbgExtensionDllInit(
    PWINDBG_EXTENSION_APIS lpExtensionApis,
    USHORT MajorVersion,
    USHORT MinorVersion
    )
{
    ULONG_PTR offKeProcessorArchitecture;
    ULONG Result;

    ExtensionApis = *lpExtensionApis;

    SavedMajorVersion = MajorVersion;
    SavedMinorVersion = MinorVersion;

    bDebuggingChecked = (SavedMajorVersion == 0x0c);
    usProcessorArchitecture = (USHORT)-1;
    offKeProcessorArchitecture = GetExpression("KeProcessorArchitecture");
    if (offKeProcessorArchitecture != 0)
        ReadMemory(offKeProcessorArchitecture, &usProcessorArchitecture,
                sizeof(USHORT), &Result);
    if (usProcessorArchitecture >= cArchitecture) {
#ifdef IA64
        GetEProcessData = GetEProcessData_IA64;
#else
        GetEProcessData = GetEProcessData_X86;
#endif
    } else {
        GetEProcessData = aGetEProcessDataFunc[usProcessorArchitecture];
    }

    //
    // Read the user probe address from the target system.
    //
    // N.B. The user probe address is constant on MIPS, Alpha, and the PPC.
    //      On the x86, it may not be defined for the target system if it
    //      does not contain the code to support 3gb of user address space.
    //

    UserProbeAddress = GetExpression("MmUserProbeAddress");
    if ((UserProbeAddress == 0) ||
        (ReadMemory(UserProbeAddress,
                    &UserProbeAddress,
                    sizeof(UserProbeAddress),
                    &Result) == FALSE)) {
        UserProbeAddress = 0x7fff0000;
    }

    return;
}
Example #5
0
void AsmEnums()
{
	int Value=0;	//Fredrik: correct initializer in case first token is not "=" ?
		
	NeedToken("{");

	do
	{
		GetName();							// Get the new type Name	

		if (Token("="))
		{
			Value = GetExpression();
		}
		else
			Value++;

//		if (Pass == 1)
			RedefENum(Name, Value);

		//printf("- Enum %s' Value %ld\n",Name,Value);

		SkipWhiteSpace();
	}
	while(Token(","));
	
	NeedToken("}");
}
Example #6
0
vector<HANDLE_OBJECT>
ObOpenObjectDirectory(
    _In_ ULONG64 InputObject
)
/*++

Routine Description:

    Description.

Arguments:

    InputObject - 

Return Value:

    vector<HANDLE_OBJECT>.

--*/
{
    vector<HANDLE_OBJECT> Handles;
    HANDLE_OBJECT Handle = { 0 };
    ExtRemoteTyped Directory;

    ULONG64 ObjectDir = InputObject;

    if (!ObjectDir)
    {
        ReadPointer(GetExpression("nt!ObpRootDirectoryObject"), &ObjectDir);
    }

    Directory = ExtRemoteTyped("(nt!_OBJECT_DIRECTORY *)@$extin", ObjectDir);

    ObReadObject(ObjectDir, &Handle);

    for (UINT i = 0; i < 37; i += 1)
    {
        ULONG64 Entry = Directory.Field("HashBuckets").ArrayElement(i).GetPointerTo().GetPtr();
        if (!Entry) continue;

        //
        // ExtRemoteTypedList requires a POINTER to the first entry. Not the offset of the first entry.
        //
        ExtRemoteTypedList EntryList(Entry, "nt!_OBJECT_DIRECTORY_ENTRY", "ChainLink");

        for (EntryList.StartHead(); EntryList.HasNode(); EntryList.Next())
        {
            HANDLE_OBJECT Handle = {0};

            ULONG64 Object = EntryList.GetTypedNode().Field("Object").GetPtr();
            ObReadObject(Object, &Handle);

            Handles.push_back(Handle);
        }
    }

    return Handles;
}
Example #7
0
short HeaderCommands()
{	
	int v;

	SkipWhiteSpace();

//------------------------------------
//
//------------------------------------

	if (QToken("#define"))
	{
		SkipWhiteSpace();

		GetAsmName();
		strcpy(DefineNameCopy, Name);

		if (NextToken("#"))
		{
			// Just define a script
			
			RedefENum(DefineNameCopy, 1);	
			rhprint("HeaderRead: .set %s = 1\n", DefineNameCopy);

			SkipWhiteSpace();
			return 1;
		}

		// Test for strings
		
		if (QToken("\""))
		{
			GetStringName(128);
			RedefENumString(DefineNameCopy, Name);
			printf("HeaderRead: .set %s = '%s'\n", DefineNameCopy, Name);

			SkipWhiteSpace();
			return 1;
		}
		
		v = GetExpression();
		RedefENum(DefineNameCopy, v);	

		SkipWhiteSpace();
		
		rhprint("Profile: unknown define '%s'\n", DefineNameCopy);
		return 1;
	}

//------------------------------------
// Line not understood, skip line
//------------------------------------

	SkipLine();

	return 0;
}
Example #8
0
LPSTR
GetAddress(
    LPSTR   CmdBuf,
    LPDWORD Address
    )
{
    *Address = GetExpression( CmdBuf );
    return (LPSTR) pchCommand;
}
Example #9
0
PyObject * wipe_GetExpression(PyObject * self, PyObject * args)
{
	LPCSTR szExpr;

	if (!PyArg_ParseTuple(args, "s", &szExpr))
	{
		return NULL;
	}

	return Py_BuildValue("k", GetExpression(szExpr));
}
Example #10
0
HRESULT CALLBACK
max_indirection_level(PDEBUG_CLIENT4 Client, PCSTR args)
{
    int value;
    if (!args || strlen(args)==0)
        value = 0;
    else
        value = (int) GetExpression(args);

    set_max_indirection_level(value);

    return S_OK;
}
Example #11
0
HRESULT CALLBACK dumptree(PDEBUG_CLIENT pClient, PCSTR szArgs)
{
    HRESULT hRes=S_OK;

    ULONG_PTR pAddress=(ULONG_PTR) GetExpression(szArgs);
    if(!pAddress)
    {
        dprintf("Invalid head pointer address specified: %s\n", szArgs);
        return E_FAIL;
    }

    InOrderTraversal(pAddress);
    return hRes;
}
Example #12
0
HRESULT CALLBACK
unset(PDEBUG_CLIENT4 Client, PCSTR args)
{
    if (!args || strlen(args)==0)
    {
        dprintf("Please see help for this command's usage\n");
        return E_FAIL;
    }

    address_t addr = GetExpression(args);
    unset_value (addr);

    return S_OK;
}
Example #13
0
//处理常数、参数、函数、以及括号表达式
std::shared_ptr<ExpressTree> Expression::atom()
{
    //表示本节点
    std::shared_ptr<ExpressTree> node;
    //获取一个记号
    Parser::token = lexer->GetToken();
    //如果是终结符
    switch(Parser::token.type)
    {
    //最高级匹配(常数、参数、函数等)并创建一个树节点
    case TokenType::Const:
    case TokenType::T:
        node = ExpressTree::CreateNode(Parser::token);
        return node;
    case TokenType::Func:
        //先产生本节点
        node = ExpressTree::CreateNode(Parser::token);
        //如果是函数则继续匹配左括号
        match(TokenType::Lbracket);
        //产生本节点左儿子(即函数内参数子树)
        node->SetChild(Child::left,GetExpression());
        //匹配右括号
        match(TokenType::Rbracket);
        return node;
    case TokenType::Lbracket:
        //匹配左括号内表达式
        node = GetExpression();
        //匹配右括号
        match(TokenType::Rbracket);
        return node;
    default:
        std::ostringstream out;
        out << "行号:" << Parser::token.no << " 错误类型:未预期的符号";
        Parser::log.push_back(out.str());
        return nullptr;
    }
}
Example #14
0
HRESULT CALLBACK
shrobj_level(PDEBUG_CLIENT4 Client, PCSTR args)
{
    if (!enter_command(Client))
        return E_FAIL;

    unsigned int level = 0;
    if (args && strlen(args))
        level = (unsigned int) GetExpression(args);

    set_shared_objects_indirection_level(level);

    leave_command();
    return S_OK;
}
Example #15
0
TExpressionPtr ExpressionParser::ParseNotParameterizedVariableExpression(StringPtrLen str) const
{
   auto variable = m_variable_mgr.FindVariable(str);
   if (nullptr == variable)
   {
      return TExpressionPtr();
   }

   if (variable->GetParameterCount() > 0)
   {
      Error("Parameters are missing during usage of variable '", variable->GetName(), "'.");
   }

   return variable->GetExpression()->Clone();
}
Example #16
0
void GetStrings()
{
	do
	{
		if (NextToken("\""))
		{
			GetQuoteStr(NAME_MAX);						// get a bounded string
		}
		else
		{
			imm = GetExpression();					// Get the number
			WriteByte(imm);
		}
	}
	while (QToken(","));
}
Example #17
0
LONG
GetValue (PUCHAR inString, PUCHAR *outString, BOOLEAN fSigned, ULONG bitsize)
{
    ULONG   value;

    inString = SkipWhite(&inString);
    pchCommand = inString;
    value = GetExpression();
    *outString = pchCommand;

    if ((value > (ULONG)(1L << bitsize) - 1) &&
	    (!fSigned || (value < (ULONG)(-1L << (bitsize - 1)))))
	error(OVERFLOW);

    return ((LONG) value);
}
Example #18
0
VOID
DumpStaticFastMutex (
    IN PCHAR Name
    )

/*++

Routine Description:

    This function dumps the contention statistics for a fast mutex.

Arguments:

    Name - Supplies a pointer to the symbol name for the fast mutex.

Return Value:

    None.

--*/

{

    ULONG FastMutex;
    FAST_MUTEX FastMutexContents;
    ULONG Result;

    //
    // Get the address of the fast mutex, read the fast mutex contents,
    // and dump the contention data.
    //

    FastMutex = GetExpression(Name);
    if ((FastMutex != 0) && (ReadMemory((DWORD)FastMutex,
                                        &FastMutexContents,
                                        sizeof(FAST_MUTEX),
                                        &Result) != FALSE)) {

        dprintf("%08lx %10u  %s\n",
                FastMutex,
                FastMutexContents.Contention,
                &Name[0]);
    }

    return;
}
Example #19
0
bool ObjIeeeAscii::GetOffset(const char *buffer, eParseType ParseType)
{
    if (!file)
        ThrowSyntax(buffer, ParseType);
    int pos =3 ;
    char ch = buffer[2];
    int index = 0;
    if (ch != 'G')
        index = ObjUtil::FromHex(buffer, &pos);
    if (buffer[pos++] != ',')
        ThrowSyntax(buffer, ParseType);
    ObjExpression *exp = GetExpression(buffer, &pos);
    CheckTerm(buffer + pos);
    switch(ch)
    {
        case 'G':
            SetStartAddress(file, exp);
            break;
        case 'S':
        {
            ObjSection *sect = GetSection(index);
            if (!sect)
                ThrowSyntax(buffer, ParseType);
            sect->SetSize(exp);
            break;
        }
        case 'L':
        {
            ObjSection *sect = GetSection(index);
            if (!sect)
                ThrowSyntax(buffer, ParseType);
            sect->SetOffset(exp);
            break;
        }
        default:
        {
            ObjSymbol *sym = FindSymbol(ch, index);
            if (!sym)
                ThrowSyntax(buffer, ParseType);
            sym->SetOffset(exp);
            break;
        }
    }		
    return false;
}
Example #20
0
/////////////////////////////////////////////////////
// Unexposed cmd to re-initialize once targetee changed
/////////////////////////////////////////////////////
HRESULT CALLBACK
set_alignment(PDEBUG_CLIENT4 Client, PCSTR args)
{
    size_t value;
    if (!args || strlen(args)==0)
        value = 0;
    else
        value = GetExpression(args);

    if (value == 0)
        dprintf("Current alignment is "PRINT_FORMAT_SIZE"\n", g_align);
    else if (value==4 || value==8 || value==16)
        g_align = value;
    else
        dprintf("Invalid setting for alignment "PRINT_FORMAT_SIZE"\n", value);

    return S_OK;
}
Example #21
0
static ret_code EvaluateHllExpression( hll_list * hll, int *i, int ilabel, bool is_true )
/***************************************************************************************/
{
    char *lastjmp = NULL;
    expr_list opndx;
    char buffer[MAX_LINE_LEN*2];

    DebugMsg(("EvaluateHllExpression enter\n"));

    buffer[0] = NULLC;
    if ( ERROR == GetExpression( hll, i, ilabel, is_true, buffer, &lastjmp, &opndx ) )
        return( ERROR );
    if ( buffer[0] )
        WriteExprSrc( hll, buffer );
    if ( hll->condlines != NULL && *hll->condlines == '\n' ) {
        AsmError( SYNTAX_ERROR_IN_CONTROL_FLOW_DIRECTIVE );
        return( ERROR );
    }
    return( NOT_ERROR );
}
Example #22
0
VOID
WinDbgExtensionDllInit(
    PWINDBG_EXTENSION_APIS lpExtensionApis,
    USHORT MajorVersion,
    USHORT MinorVersion
    )
{
    ExtensionApis = *lpExtensionApis;

    SavedMajorVersion = MajorVersion;
    SavedMinorVersion = MinorVersion;

    //
    // Try to get a pointer to afd!AfdDebug. If we can, then we know
    // the target machine is running a checked AFD.SYS.
    //

    IsCheckedAfd = ( GetExpression( "afd!AfdDebug" ) != 0 );

    return;
}
Example #23
0
bool ParseLine(std::string line)
{
	bool success = false;
	if (line.find(";") != string::npos)
	{
		success = GetAssignment(line);
	}
	else
	{
		success = GetExpression(line);
	}
	if (success == 1)
	{
		GoodLines.push_back(line);
	}
	else
	{			
		BadLines.push_back(std::string(line) + " Error: " + std::string(error));
	}
	return success;
}
Example #24
0
bool GetAssignment(std::string line)
{
	if (line.find(";") != string::npos)
	{
		//check for characters after the ;
		std::string lineS = line.substr(line.find_first_of(";"), line.length() - line.find_first_of("="));
		for (int i = 0; i < lineS.length(); i++)
		{
			if (CheckChar(lineS[i]))
			{
				error = "charaters after semicolon!";
				return false;
			}
		}
		line = line.substr(0, line.find_first_of(";"));
		//
		lineS = line.substr(0, line.find_first_of("="));
		//check if line contains white space
		if (lineS.find(" ") != string::npos)
		{
			int indexOfWhiteSpace = lineS.find_first_of(" ");
			if (indexOfWhiteSpace == lineS.length() - 1)
				lineS = lineS.substr(0, indexOfWhiteSpace);
			else if (indexOfWhiteSpace == 0)
				lineS = lineS.substr(1);
			else 
			{
				error = "incorrent space in id";
				return false;
			}
		}
		if (!CheckID(lineS))
			return false;
		if (!GetExpression(line.substr(line.find_first_of("=") + 1, (line.length() - line.find_first_of("=") - 1))))
			return false;		
		return true;
	}
	error = "No semicolon in the assignment!";
	return false;
}
Example #25
0
/////////////////////////////////////////////////////
// Unexposed cmd to set max recursive reference depth
/////////////////////////////////////////////////////
HRESULT CALLBACK
block_size(PDEBUG_CLIENT4 Client, PCSTR args)
{
    if (!enter_command(Client))
        return E_FAIL;

    if (!args || strlen(args)==0)
    {
        dprintf("0");
        return E_FAIL;
    }
    address_t addr = GetExpression(args);

    struct heap_block heap_block;
    if (addr && get_heap_block_info(addr, &heap_block))
        dprintf(PRINT_FORMAT_SIZE, heap_block.size);
    else
        dprintf("0");

    leave_command();
    return S_OK;
}
Example #26
0
File: rcl.c Project: mingpen/OpenNT
VOID GetNum()
{
    LONG lValue;

    /* Initialize */
    wLongFlag = 0;
    nParenCount = 0;

    /* Return the number */
    lValue = GetExpression();

    /* Make sure we had matched parens */
    if (nParenCount)
        ParseError1(1013); //"Mismatched parentheses"

    /* Return as the proper token */
    if (wLongFlag)
        token.flongval = TRUE;
    token.type = NUMLIT;
    token.longval = lValue;
    token.val = (USHORT)lValue;
}
Example #27
0
bool ObjIeeeAscii::Fixup(const char *buffer, eParseType ParseType)
{
    if (!file || currentDataSection == NULL)
        ThrowSyntax(buffer, ParseType);
    int pos = 3;
    if (buffer[2] != '(')
        ThrowSyntax(buffer, ParseType);
    ObjExpression *exp = GetExpression(buffer, &pos);
    if (buffer[pos++] != ')')
        ThrowSyntax(buffer, ParseType);
    CheckTerm(buffer + pos);
    if (exp->GetOperator() != ObjExpression::eNonExpression)
        ThrowSyntax(buffer, ParseType);
    if (exp->GetRight()->GetOperator() != ObjExpression::eValue)
        ThrowSyntax(buffer, ParseType);
    int size = exp->GetRight()->GetValue();
    ObjExpression *left = exp->GetLeft();
    ObjMemory *mem = factory->MakeFixup(left, size);
    mem->SetDebugTags(currentTags);
    currentTags = new ObjMemory::DebugTagContainer;
    currentDataSection->Add(mem);
    return false;
}
Example #28
0
TExpressionPtr ExpressionParser::ParseParameterizedVariableExpression(StringPtrLen str) const
{
   BracketsContent content;
   auto name = content.Parse(str);
   if (str.Len() == name.Len())
   {
      return TExpressionPtr();
   }

   name.Trim();
   CheckQualifier(name, "Variable name");

   auto variable = m_variable_mgr.FindVariable(name);
   if (nullptr == variable)
   {
      Error("Usage of undefined variable '", name, "'.");
   }

   TExpressionPtrVector actual_params;
   actual_params.reserve(5);

   StringPtrLen param;
   while (content.GetPart(param))
   {
      auto param_expr = ParseExpression(param);
      actual_params.push_back(std::move(param_expr));
   }

   if (actual_params.size() != variable->GetParameterCount())
   {
      Error("Incorrect amount of parameters during usage of variable '", variable->GetName(), 
         "'. Expected amount - ", variable->GetParameterCount(), ", actual amount - ", actual_params.size(), ".");
   }

   return variable->GetExpression()->CloneWithSubstitution(actual_params);
}
Example #29
0
File: rcl.c Project: mingpen/OpenNT
LONG GetOperand(VOID)
{

    /* Check to see if we need to descend a level */
    if (curChar == L'(') {
        /* Bump paren count so we can match them up */
        ++nParenCount;

        /* Skip past the paren char */
        OurGetChar();
        SkipWhitespace();

        /* Return the value of the computed expression for the operand */
        return GetExpression();
    }

    /* If this isn't a number, return an error */
    if (curChar != L'-' && curChar != L'~' && !iswdigit(curChar)) {
	GetKwd(FALSE);
        ParseError2(2237, tokenbuf);
	return 0;
    }

    /* Get the number in the token structure */
    GetNumFTB();

    /* See if we need to force the result long */
    if (token.flongval)
        wLongFlag = TRUE;

    /* Skip trailing whitespace */
    SkipWhitespace();

    /* Return the value */
    return token.longval;
}
Example #30
0
void returnAddressHuntJutsu(){
	struct trackedBuf *curBuf;
	int i = 0, bufferIndex = 0;
	ULONG offset = 0, bytes = 0;	
	char findBufferExpression[25];
	ULONG64 returnAddress = 0;
	HRESULT memSearch = S_OK;

	//disassembly variables
	char returnInstruction[30];
	unsigned char opcodeBuffer[30];
	unsigned short instructionLength = 0;
	dprintf("[J] started return address hunt\n");


	for(i; i<6; i++){			//6, because we don't want to waste time on the eip register
		curBuf = trackedBufList;	
		memset(findBufferExpression, 0x00, sizeof(findBufferExpression));

		if(!(bytes = GetExpression(regs[i]))){
			dprintf("[J] skipping %s as register - it is a null pointer\n", regs[i]);
			continue;
		}

		StringCchPrintf(findBufferExpression, sizeof(findBufferExpression), "poi(%s)", regs[i]);
		bytes = GetExpression(findBufferExpression);
	
		//tests if a register points to a location in user controlled data
		while(curBuf != NULL){
			for(bufferIndex=0; bufferIndex < strlen(curBuf->bufPatt); bufferIndex++){
				if(*(PULONG)((curBuf->bufPatt)+bufferIndex) == bytes){
					memset(opcodeBuffer, 0x00, sizeof(opcodeBuffer));
					memset(returnInstruction, 0x00, sizeof(returnInstruction));

					//find the opcodes for the desired instruction

					//first, for call reg
					StringCchPrintf(returnInstruction, sizeof(returnInstruction), "call %s", regs[i]);
					if(!(instructionLength = getInstructionBytes(returnInstruction, opcodeBuffer)))
						dprintf("[J] getInstructionBytes failed for '%s'\n", returnInstruction);
					if(returnAddress = searchMemory(opcodeBuffer, instructionLength)){
						if(checkExecutability(returnAddress))
							dprintf("[J] valid return address (call %s) found at 0x%08x\n", regs[i], returnAddress);
					}
							

					//now, for jmp reg
					memset(returnInstruction, 0x00, sizeof(returnInstruction));
					StringCchPrintf(returnInstruction, sizeof(returnInstruction), "jmp %s", regs[i]);
					if(!(instructionLength = getInstructionBytes(returnInstruction, opcodeBuffer)))
						dprintf("[J] getInstructionBytes failed for '%s'\n", returnInstruction);
					if(returnAddress = searchMemory(opcodeBuffer, instructionLength)){
						if(checkExecutability(returnAddress))
							dprintf("[J] valid return address (jmp %s) found at 0x%08x\n", regs[i], returnAddress);
					}
				}
			}
			curBuf = curBuf->next;
		}

		curBuf = trackedBufList;	

		for(offset=0; offset<0x1000; offset+=4){
			memset(findBufferExpression, 0x00, sizeof(findBufferExpression));
			StringCchPrintf(findBufferExpression, sizeof(findBufferExpression), "poi(poi(%s+0x%08x))", regs[i], offset);
			if(!(bytes = GetExpression(findBufferExpression)))
				continue;								//this is basically a replacement for the
													//ddp windbg command, except more automated
			//walk through the buffer to see if any dword in there matches the current 
			//value returned by the expression 
			while(curBuf != NULL){
				for(bufferIndex=0; bufferIndex < strlen(curBuf->bufPatt); bufferIndex++){
					if(*(PULONG)((curBuf->bufPatt)+bufferIndex) == bytes){
						memset(opcodeBuffer, 0x00, sizeof(opcodeBuffer));
						memset(returnInstruction, 0x00, sizeof(returnInstruction));
						dprintf("[J] %s + 0x%08x points into offset 0x%x of buffer %s\n",
								regs[i], offset, bufferIndex, curBuf->bufName);

						
						//first, build the instruction to find the bytes for
						//for now, we will support jmp [reg+offset] and call [reg+offset]

						//first, for call [reg+offset]
						StringCchPrintf(returnInstruction, sizeof(returnInstruction), "call [%s+%x]", regs[i], offset);
						if(!(instructionLength = getInstructionBytes(returnInstruction, opcodeBuffer)))
							dprintf("[J] getInstructionBytes failed for '%s'\n", returnInstruction);
						if(returnAddress = searchMemory(opcodeBuffer, instructionLength)){
							if(checkExecutability(returnAddress))
								dprintf("[J] valid return address (call [%s+%x]) found at 0x%08x\n", regs[i], offset, returnAddress);
						}


						//now, for jmp [reg+offset]
						memset(returnInstruction, 0x00, sizeof(returnInstruction));
						StringCchPrintf(returnInstruction, sizeof(returnInstruction), "jmp [%s+%x]", regs[i], offset);
						if(!(instructionLength = getInstructionBytes(returnInstruction, opcodeBuffer)))
							dprintf("[J] getInstructionBytes failed for '%s'\n", returnInstruction);
						if(returnAddress = searchMemory(opcodeBuffer, instructionLength)){
							if(checkExecutability(returnAddress))
								dprintf("[J] valid return address (jmp [%s+%x]) found at 0x%08x\n", regs[i], offset, returnAddress);
						}
					}	
				}
			curBuf = curBuf->next;
			}
		curBuf = trackedBufList;	
		}
	}
}