LPCTSTR get_text_disasm(ea_t ea)
{
static char disasm_buff[MAXSTR];
disasm_buff[0] = disasm_buff[MAXSTR - 1] = 0;
if (generate_disasm_line(ea, disasm_buff, (sizeof(disasm_buff) - 1)))
tag_remove(disasm_buff, disasm_buff, (sizeof(disasm_buff) - 1));
return(disasm_buff);
}
//-------------------------------------------------------------------------
// function that generates the list line
static void idaapi desc(void *obj,uint32 n,char * const *arrptr)
{
if ( n == 0 ) // generate the column headers
{
for ( int i=0; i < qnumber(header); i++ )
qstrncpy(arrptr[i], header[i], MAXSTR);
return;
}
netnode *node = (netnode *)obj;
ea_t ea = node->altval(n-1);
generate_disasm_line(ea, arrptr[1], MAXSTR, 0);
tag_remove(arrptr[1], arrptr[1], MAXSTR); // remove the color coding
qsnprintf(arrptr[0], MAXSTR, "%08a", ea);
}
int __stdcall GetAsm(__int64 addr, char* buf, int bufLen){
flags_t flags;
int sLen=0;
flags = getFlags(addr);
if(isCode(flags)) {
generate_disasm_line((ea_t)addr, buf, bufLen, GENDSM_MULTI_LINE );
sLen = tag_remove(buf, buf, bufLen);
}
return sLen;
}
void pretty_printing_ex(FILE* f, TFuncMalloc func)
{
func_t *callee_func;
qstring name_of_malloc_callee_function;
int func_name_set = 0;
for(int i = 0; i < Malloc_calls.size(); i++){
qfprintf(f,"\r\n");
callee_func = get_func(Malloc_calls[i].address);
func_name_set = 0;
if(callee_func){
func_name_set = 1;
get_short_name(&name_of_malloc_callee_function, callee_func->startEA);
//generate_disasm_line(callee_func->startEA, name_of_malloc_callee_function, sizeof(name_of_malloc_callee_function));
//tag_remove(name_of_malloc_callee_function, name_of_malloc_callee_function, sizeof(name_of_malloc_callee_function));
}
if(func_name_set)
qfprintf(f,"%s xref: at %a %s\n", func.alloc_func_name, Malloc_calls[i].address, name_of_malloc_callee_function.c_str());
else
qfprintf(f,"%s xref: at %a %s\n", func.alloc_func_name, Malloc_calls[i].address, "CISSRT_undefined_function");
if(Malloc_calls[i].type == CONSTVALUE){
qfprintf(f,"Type: CONST = %d Malloc bytes\n", Malloc_calls[i].value);
}
if(Malloc_calls[i].type == VARVALUE){
char buffer[MAXSTR];
//char instr_clean[MAXSTR];
// Store the disassembled text in buf
ua_ana0(Malloc_calls[i].address_of_last_size_object_modified);
generate_disasm_line(cmd.ea, buffer, sizeof(buffer));
tag_remove(buffer, buffer, sizeof(buffer));
if(Malloc_calls[i].address_of_last_size_object_modified != BADADDR)
qfprintf(f,"Type: VAR, last modif at %a %s\n", Malloc_calls[i].address_of_last_size_object_modified, buffer);
else
qfprintf(f,"Type: VAR, last modif lost :( \n");
//qfprintf(f,"last modif: \n", instr_clean);
}
if(Malloc_calls[i].type == VARVALUEVULN){
char buffer[MAXSTR];
//char instr_clean[MAXSTR];
// Store the disassembled text in buf
ua_ana0(Malloc_calls[i].address_of_last_size_object_modified);
generate_disasm_line(cmd.ea, buffer, sizeof(buffer));
tag_remove(buffer, buffer, sizeof(buffer));
//qfprintf(f,"get_first_operand disasm instruction: %s\n", instr_clean);
if(Malloc_calls[i].address_of_last_size_object_modified != BADADDR)
qfprintf(f,"Type: VAR, Possible Integer Overflow %a %s\n", Malloc_calls[i].address_of_last_size_object_modified, buffer);
else
qfprintf(f,"Type: VAR, last modif lost :( \n");//shouldnt be here
}
if(Malloc_calls[i].type == UNDEFINED){
char buffer[MAXSTR];
// Store the disassembled text in buf
ua_ana0(Malloc_calls[i].address_of_last_size_object_modified);
generate_disasm_line(cmd.ea, buffer, sizeof(buffer));
tag_remove(buffer, buffer, sizeof(buffer));
//qfprintf(f,"get_first_operand disasm instruction: %s\n", instr_clean);
if(Malloc_calls[i].address_of_last_size_object_modified != BADADDR)
qfprintf(f,"Type: UNDEFINED, at %a %s", Malloc_calls[i].address_of_last_size_object_modified, buffer);//shouldnt be here
else
qfprintf(f,"Type: UNDEFINED, last modif lost :(");
}
}
}
void pretty_printing_ex(FILE* f, TFuncMallocWrapper func)
{
func_t *callee_func;
qstring name_of_malloc_callee_function;
int func_name_set = 0;
for(int i = 0; i < Malloc_calls.size(); i++){
//qfprintf(f,"%s ----> %s xref: at %a \n", func.alloc_func_name, func.ancestor, Malloc_calls[i].address);
qfprintf(f,"\r\n");
callee_func = get_func(Malloc_calls[i].address);
func_name_set = 0;
if(callee_func){
func_name_set = 1;
get_short_name(&name_of_malloc_callee_function, callee_func->startEA);
//generate_disasm_line(callee_func->startEA, name_of_malloc_callee_function, sizeof(name_of_malloc_callee_function));
//tag_remove(name_of_malloc_callee_function, name_of_malloc_callee_function, sizeof(name_of_malloc_callee_function));
}
if(func_name_set)
qfprintf(f,"%s argNumber = %d ----> %s xref: at %a %s\n", func.alloc_func_name, func.push_malloc_size_count, func.ancestor, Malloc_calls[i].address, name_of_malloc_callee_function.c_str());
else
qfprintf(f,"%s argNumber = %d ----> %s xref: at %a %s\n", func.alloc_func_name, func.push_malloc_size_count, func.ancestor, Malloc_calls[i].address, "CISSRT_undefined_function");
//qfprintf(f,"%s xref: at %a %s\n", func.alloc_func_name, Malloc_calls[i].address, "CISSRT_undefined_function");
if(Malloc_calls[i].type == CONSTVALUE){
qfprintf(f,"Type: CONST = %d Malloc bytes\n", Malloc_calls[i].value);
}
else if(Malloc_calls[i].type == VARVALUE){
char buf[MAXSTR];
char instr_clean[MAXSTR];
// Store the disassembled text in buf
ua_ana0(Malloc_calls[i].address_of_last_size_object_modified);
generate_disasm_line(cmd.ea, buf, sizeof(buf)-1);
// This will appear as colour-tagged text (which will
// be mostly unreadable in IDA's
tag_remove(buf, instr_clean, sizeof(instr_clean)-1);
if(Malloc_calls[i].address_of_last_size_object_modified != BADADDR)
qfprintf(f,"Type: VAR, last modif at %a %s\n", Malloc_calls[i].address_of_last_size_object_modified, instr_clean);
else
qfprintf(f,"Type: VAR, last modif lost :(");
//qfprintf(f,"last modif: %s\n", instr_clean);
}
else if(Malloc_calls[i].type == VARVALUEVULN){
char buf[MAXSTR];
char instr_clean[MAXSTR];
// Store the disassembled text in buf
ua_ana0(Malloc_calls[i].address_of_last_size_object_modified);
generate_disasm_line(cmd.ea, buf, sizeof(buf)-1);
// This will appear as colour-tagged text (which will
// be mostly unreadable in IDA's
tag_remove(buf, instr_clean, sizeof(instr_clean)-1);
//qfprintf(f,"get_first_operand disasm instruction: %s\n", instr_clean);
if(Malloc_calls[i].address_of_last_size_object_modified != BADADDR)
qfprintf(f,"Type: VAR, Possible Integer Overflow at %a %s\n", Malloc_calls[i].address_of_last_size_object_modified, instr_clean);
else
qfprintf(f,"Type: VAR, last modif lost :(");
}
else if(Malloc_calls[i].type == UNDEFINED){
char buf[MAXSTR];
char instr_clean[MAXSTR];
// Store the disassembled text in buf
ua_ana0(Malloc_calls[i].address_of_last_size_object_modified);
generate_disasm_line(cmd.ea, buf, sizeof(buf)-1);
// This will appear as colour-tagged text (which will
// be mostly unreadable in IDA's
tag_remove(buf, instr_clean, sizeof(instr_clean)-1);
//qfprintf(f,"get_first_operand disasm instruction: %s\n", instr_clean);
//qfprintf(f,"Type:var bytes, Possible Integer Overflow at %a %s\n", Malloc_calls[i].address_of_last_size_object_modified, instr_clean);
if(Malloc_calls[i].address_of_last_size_object_modified != BADADDR)
qfprintf(f,"Type: UNDEFINED, at %a %s", Malloc_calls[i].address_of_last_size_object_modified, instr_clean);//shouldnt be here
else
qfprintf(f,"Type: UNDEFINED, last modif lost :(");
}
}
}
int dline_add(dline_t * dl, ea_t ea, char options)
{
char buf[256];
char tmp[256];
char dis[256];
char addr[30];
char * dll;
int len;
flags_t f;
buf[0] = '\0';
f = getFlags(ea);
generate_disasm_line(ea, dis, sizeof(dis));
decode_insn(ea);
init_output_buffer(buf, sizeof(buf));
// Adds block label
if (has_dummy_name(f))
{
get_nice_colored_name(ea,tmp,sizeof(tmp),GNCN_NOSEG|GNCN_NOFUNC);
out_snprintf("%s", tmp);
out_line(":\n", COLOR_DATNAME);
}
if (options)
{
qsnprintf(addr, sizeof(addr), "%a", ea);
out_snprintf("%s ", addr);
}
out_insert(get_output_ptr(), dis);
term_output_buffer();
len = strlen(buf);
if (dl->available < (len+3))
{
dll = (char *)qrealloc(dl->lines, sizeof(char*) * (dl->num+len+256));
if (!dll) return -1;
dl->available = len+256;
dl->lines = dll;
}
if (dl->num)
{
dl->lines[dl->num] = '\n';
dl->num++;
}
memcpy(&dl->lines[dl->num], buf, len);
dl->available -= len+1;
dl->num += len;
dl->lines[dl->num] = '\0';
return 0;
}
