void coreInit(PLUG_INITSTRUCT* initStruct)
{
// register commands
_plugin_logprintf("[sync] pluginHandle: %d\n", pluginHandle);
if (!_plugin_registercommand(pluginHandle, "!sync", cbSyncCommand, false))
_plugin_logputs("[sync] error registering the \"!sync\" command!");
if (!_plugin_registercommand(pluginHandle, "!syncoff", cbSyncoffCommand, true))
_plugin_logputs("[sync] error registering the \"!syncoff\" command!");
// initialize globals
g_Synchronized = FALSE;
g_hPollCompleteEvent = CreateEvent(NULL, true, false, NULL);
if (g_hPollCompleteEvent == NULL)
{
_plugin_logputs("[sync] Command polling feature init failed\n");
return;
}
InitializeCriticalSection(&g_CritSectPollRelease);
if (SUCCEEDED(LoadConfigurationFile())){
_plugin_logprintf("[sync] Configuration file loaded\n -> set HOST to %s:%s\n", g_DefaultHost, g_DefaultPort);
}
}
// Update state and send info to client: eip module's base address, offset, name
HRESULT
UpdateState()
{
bool bRes = FALSE;
HRESULT hRes = E_FAIL;
DWORD dwRes = 0;
ULONG64 PrevBase = g_Base;
ULONG NameSize = 0;
HANDLE hProcess;
g_Offset = GetContextData(UE_CIP);
bRes = DbgGetModuleAt((duint)g_Offset, g_NameBuffer);
if (!bRes)
{
_plugin_logprintf("[sync] UpdateState: no module at %p...\n", g_Offset);
return hRes;
}
g_Base = DbgModBaseFromName(g_NameBuffer);
if (!g_Base)
{
_plugin_logputs("[sync] UpdateState: could not get module base...");
return hRes;
}
// Check if we are in a new module
if ((g_Base != PrevBase) & g_SyncAuto)
{
hProcess = ((PROCESS_INFORMATION*)TitanGetProcessInformation())->hProcess;
dwRes = GetModuleBaseNameA(hProcess, (HMODULE)g_Base, g_NameBuffer, MAX_MODULE_SIZE);
if (dwRes==0)
{
_plugin_logputs("[sync] could not get module base name...");
return hRes;
}
#if VERBOSE >= 2
_plugin_logprintf("[sync] UpdateState: module : \"%s\"\n", g_NameBuffer);
#endif
hRes = TunnelSend("[notice]{\"type\":\"module\",\"path\":\"%s\"}\n", g_NameBuffer);
if (FAILED(hRes)){
return hRes;
}
}
hRes = TunnelSend("[sync]{\"type\":\"loc\",\"base\":%llu,\"offset\":%llu}\n", g_Base, g_Offset);
return hRes;
}
void OpenSettingsDialog()
{
//
// Open the dialog
//
g_SettingsDialog = CreateDialog(g_LocalDllHandle, MAKEINTRESOURCE(IDD_SETTINGS), GuiGetWindowHandle(), SettingsDialogProc);
if (!g_SettingsDialog)
{
_plugin_logprintf("Failed to create settings window\n");
return;
}
ShowWindow(g_SettingsDialog, SW_SHOW);
}
void OpenSigMakeDialog()
{
//
// Ensure a process is being debugged first
//
if (!DbgIsDebugging())
{
_plugin_logprintf("No process is being debugged!\n");
return;
}
//
// Open the dialog
//
g_SigMakeDialog = CreateDialog(g_LocalDllHandle, MAKEINTRESOURCE(IDD_MAKESIG), GuiGetWindowHandle(), MakeSigDialogProc);
if (!g_SigMakeDialog)
{
_plugin_logprintf("Failed to create signature view window\n");
return;
}
ShowWindow(g_SigMakeDialog, SW_SHOW);
}
ApiDB::ApiDB(void)
{
unsigned int i=0;
mValid = true;
std::ifstream helpFile;
std::string rawLine;
helpFile.open("api.dat");
if(!helpFile){
_plugin_logputs("[StaticAnalysis] api help file not found ...");
}else{
_plugin_logputs("[StaticAnalysis] load api help file ...");
while(!helpFile.eof())
{
helpFile >> rawLine;
std::vector<std::string> tokens = split(rawLine,";");
if(tokens.size() >3){
FunctionInfo_t f;
f.DLLName = tokens.at(0);
f.ReturnType = tokens.at(1);
f.Name = tokens.at(2);
for (int j = 3;j<tokens.size()-1;j+=2)
{
ArgumentInfo_t a;
a.Type = tokens.at(j);
a.Name = tokens.at(j+1);
f.Arguments.push_back(a);
}
mInfo.push_back(f);
i++;
}
}
}
_plugin_logprintf("[StaticAnalysis] loaded %i functions signatures from helpfile\n",i);
helpFile.close();
}
HRESULT sync(PSTR Args)
{
HRESULT hRes = S_OK;
// Reset global state
g_Base = NULL;
g_Offset = NULL;
if (g_Synchronized)
{
_plugin_logputs("[sync] sync update\n");
UpdateState();
goto Exit;
}
if (FAILED(hRes = TunnelCreate(g_DefaultHost, g_DefaultPort)))
{
_plugin_logputs("[sync] sync failed\n");
goto Exit;
}
_plugin_logputs("[sync] probing sync\n");
hRes = TunnelSend("[notice]{\"type\":\"new_dbg\",\"msg\":\"dbg connect - x64_dbg\",\"dialect\":\"x64_dbg\"}\n");
if (FAILED(hRes))
{
_plugin_logputs("[sync] sync aborted\n");
goto Exit;
}
_plugin_logprintf("[sync] sync is now enabled with host %s\n", g_DefaultHost);
UpdateState();
CreatePollTimer();
Exit:
return hRes;
}
bool IDADiffReader::LoadPatch(char *Value, int Line)
{
/*
Description
filename.exe
00000001: 00 01
00000003: 00 03
*/
// Description
switch (Line)
{
case 0:
// Description
_plugin_logprintf("%s\n", Value);
case 2:
// File
strcpy_s(m_Module, Value);
case 1:
// Blank line
return true;
}
// Scan for the entry
DiffFileEntry entry;
if (sscanf_s(Value, "%llx: %hhX %hhX", &entry.Offset, &entry.Old, &entry.New) <= 0)
return false;
m_Patches.push_back(entry);
return true;
}
extern "C" __declspec(dllexport) void CBINITDEBUG(CBTYPE cbType, PLUG_CB_INITDEBUG* info)
{
_plugin_logprintf("[sync] debugging of file %s started!\n", (const char*)info->szFileName);
}
void MakeSigDialogExecute(HWND hwndDlg)
{
int dataLen = GetWindowTextLength(GetDlgItem(hwndDlg, IDC_SIGMAKE_EDIT1)) + 1;
int maskLen = GetWindowTextLength(GetDlgItem(hwndDlg, IDC_SIGMAKE_EDIT2)) + 1;
char *data = (char *)BridgeAlloc(dataLen);
char *mask = (char *)BridgeAlloc(maskLen);
GetWindowText(GetDlgItem(hwndDlg, IDC_SIGMAKE_EDIT1), data, dataLen);
GetWindowText(GetDlgItem(hwndDlg, IDC_SIGMAKE_EDIT2), mask, maskLen);
//
// Convert the string to a code descriptor
//
SIG_DESCRIPTOR *desc = nullptr;
switch (Settings::LastType)
{
case SIG_CODE: desc = DescriptorFromCode(data, mask); break;
case SIG_IDA: desc = DescriptorFromIDA(data); break;
case SIG_PEID: desc = DescriptorFromPEiD(data); break;
case SIG_CRC: desc = DescriptorFromCRC(data); break;
}
//
// Scan
//
std::vector<duint> results;
PatternScan(desc, results);
//
// Log it in the GUI
//
GuiReferenceDeleteAllColumns();
GuiReferenceAddColumn(20, "Address");
GuiReferenceAddColumn(100, "Disassembly");
GuiReferenceSetRowCount((int)results.size());
GuiReferenceSetProgress(0);
int i = 0;
for (auto& match : results)
{
DISASM_INSTR inst;
DbgDisasmAt(match, &inst);
char temp[32];
sprintf_s(temp, "%p", (PVOID)match);
GuiReferenceSetCellContent(i, 0, temp);
GuiReferenceSetCellContent(i++, 1, inst.instruction);
}
_plugin_logprintf("Found %d references(s)\n", results.size());
GuiReferenceSetProgress(100);
GuiUpdateAllViews();
//
// Cleanup
//
BridgeFree(data);
BridgeFree(mask);
BridgeFree(desc);
}
