/*
* 进行预分析,识别出数据
* 如果分析出不是数据,则进行代码识别
*/
__INLINE__ PPROCEDURE __INTERNAL_FUNC__ AnalyzeData(__memory pMem, __address ImageBase, __memory pCurr, __integer iSize, PPROCEDURE pProcedureList, PPROGRAM pParents) {
PPROCEDURE pFormatBlockList = NULL, pCurrBlock = NULL;
PANALYZE_CONFIGURE pAnalyzeConfigure = &(pParents->AnalyzeConfigure);
// 如果此块的长度小于用户指定长度
if (iSize < pAnalyzeConfigure->bCodeMixSize) {
PPROCEDURE *pCurrMainPoint = &pProcedureList;
PPROCEDURE pBlock = __logic_new__(PROCEDURE, 1);
__logic_memset__(pBlock, 0, sizeof(PROCEDURE));
pBlock->bBlock = TRUE;
pBlock->pFileStartAddress = pCurr;
pBlock->addrMemoryStartAddress = ImageBase + AnalyzerRaw2Rva(pMem, (__integer)(pCurr - pMem));
pBlock->iSize = iSize;
pBlock->pNext = NULL;
while (*pCurrMainPoint) pCurrMainPoint = &((*pCurrMainPoint)->pNext);
*pCurrMainPoint = pBlock;
return pProcedureList;
}
/*
* 开始对这个块进行有效的分区
* 分区完毕后对链中的代码块进行函数帧分析
* 初次分析
*/
pFormatBlockList = FormatBlock(pMem, ImageBase, pCurr, iSize, pAnalyzeConfigure);
/*
* 遍历此链表进行分析
* 如果遇到代码块则进入并开始代码分析
*/
pCurrBlock = pFormatBlockList;
while (pCurrBlock) {
if (!(pCurrBlock->bBlock)) {//为代码块
// 进行分析
PPROCEDURE pProcedure = NULL;
// 获取函数帧
pProcedure = GetProcFrame(pMem, pCurrBlock->pFileStartAddress, pCurrBlock->iSize, pParents);
/*
* 调用Procedure2Procedure过后形成的函数链中存在两种函数,一种是函数存在在已有的
* 未知区域中,一种是在做第一次扫描时分析到的函数
*/
Procedure2Procedure(pMem, pProcedureList, pProcedure);
} else {
// 直接连接到主链
PPROCEDURE *pCurrMainPoint = &pProcedureList;
while (*pCurrMainPoint) pCurrMainPoint = &((*pCurrMainPoint)->pNext);
*pCurrMainPoint = __logic_new__(PROCEDURE, 1);
__logic_memcpy__(*pCurrMainPoint, pCurrBlock, sizeof(PROCEDURE));
(*pCurrMainPoint)->pNext = NULL;
}
pCurrBlock = pCurrBlock->pNext;
}
// 销毁分析链
ReleaseProcedureList(&pFormatBlockList);
return pProcedureList;
}
std::string FormatFileBlock(const ParserDefinition *pd)
{
Keywords kw;
FillExtraKeywords(kw);
return FormatBlock(pd, kw, pd->file_format);
}
std::string FormatFileBlock(const ParserSettings *ps)
{
Keywords kw;
FillExtraKeywords(kw);
return FormatBlock(ps, kw, ps->file_format);
}
std::string FormatFunctionBlock(const Parser *p, const ParserDefinition *pd, const char *text)
{
Keywords kw;
if(!p->external)
{
kw = p->parse(pd, text);
if(kw.size() == 0) return std::string("");
}
FillExtraKeywords(kw);
return FormatBlock(pd, kw, pd->function_format);
}
std::string FormatFunctionBlock(const Parser *p, const ParserSettings *ps, const char *text)
{
Keywords kw;
if(!p->external)
{
kw = p->strategy(ps, text);
if(kw.size() == 0) return std::string("");
}
FillExtraKeywords(kw);
return FormatBlock(ps, kw, ps->function_format);
}
