int main() { #if __WORDSIZE==64 oassert(strtol_or_strtoll("0xAB12345678", NULL, 16)==0xAB12345678); #else oassert(strtol_or_strtoll("0x12345678", NULL, 16)==0x12345678); #endif const char* strings[]={"string1", "hello", "world", "another string"}; size_t strings_t=sizeof(strings)/sizeof(char*); printf ("%d\n", find_string_in_array_of_strings("another string", strings, strings_t, false, false)); printf ("%d\n", find_string_in_array_of_strings("world", strings, strings_t, true, false)); printf ("%d\n", find_string_in_array_of_strings("Hello", strings, strings_t, true, false)); printf ("%d\n", find_string_in_array_of_strings("world2", strings, strings_t, true, false)); printf ("%d\n", find_string_in_array_of_strings("World", strings, strings_t, false, false)); oassert (string_is_ends_with ("hello", "lo")==true); oassert (string_is_ends_with ("hello", "lo1")==false); oassert (str_common_prefix_len("asd", "das")==0); oassert (str_common_prefix_len(" & Her Lover", " Cook, the Thief, His Wife & Her Lover")==1); oassert (str_common_prefix_len("asd", "as2")==2); oassert (str_common_prefix_len("asd", "as")==2); oassert (str_common_prefix_len("asd", "asd")==3); oassert (str_common_prefix_len("asd", "abb")==1); char *buf=DSTRDUP("hello world","buf"); string_remove_part (buf, 0, 4); // "hello" string_remove_part (buf, 0, 0); // " " oassert (strcmp (buf, "world")==0); DFREE(buf); buf=DSTRDUP(" ","buf"); string_remove_part (buf, 0, 0); // " " oassert (strcmp (buf, "")==0); DFREE(buf); buf=DSTRDUP("asdfg","buf"); string_remove_part (buf, 4, 4); string_remove_part (buf, 0, 0); oassert (strcmp (buf, "sdf")==0); DFREE(buf); oassert(is_string_consists_only_of_Latin_letters("abcdef")==true); oassert(is_string_consists_only_of_Latin_letters("abcd1ef")==false); oassert(is_string_has_only_one_character_repeating("111111111", NULL)==true); oassert(is_string_has_only_one_character_repeating("1111111112", NULL)==false); char* tmp=dmalloc_and_snprintf ("%d %d", 123, 456); oassert(streq(tmp, "123 456")); DFREE(tmp); tmp=dmalloc_and_snprintf ("%" PRIx64 " %d", 0x1234567890ABCDEF, 456); oassert(streq(tmp, "1234567890abcdef 456")); DFREE(tmp); dump_unfreed_blocks(); };
void add_symbol (address a, char *name, add_symbol_params *params) { module *m=params->m; rbtree *symtbl=m->symbols; oassert(symtbl && "symbols=NULL in module"); MemoryCache *mc=params->mc; if (one_time_int3_bp_re && params->t==SYM_TYPE_PE_EXPORT && module_adr_in_executable_section (m, a)) { strbuf sb=STRBUF_INIT; strbuf_addstr (&sb, get_module_name(m)); strbuf_addc (&sb, '!'); strbuf_addstr (&sb, name); if (regexec (one_time_int3_bp_re, sb.buf, 0, NULL, 0)==0) set_onetime_INT3_BP(a, params->p, m, name, mc); strbuf_deinit (&sb); }; if (dump_seh && string_is_ends_with (name, "security_cookie")) { m->security_cookie_adr=a; m->security_cookie_adr_known=true; if (symbol_c_debug) L ("%s() got address of security_cookie (0x" PRI_REG_HEX ") for %s!%s\n", __FUNCTION__, a, get_module_name(m), name); }; bool dump_symbol=false; if (dump_all_symbols_re) { strbuf sb=STRBUF_INIT; strbuf_addstr (&sb, get_module_name(m)); strbuf_addc (&sb, '!'); strbuf_addstr (&sb, name); if (regexec (dump_all_symbols_re, sb.buf, 0, NULL, 0)==0) dump_symbol=true; strbuf_deinit (&sb); }; if (dump_symbol || (dump_all_symbols_re==NULL && dump_all_symbols)) { dump_PID_if_need(params->p); L("New symbol. Module=[%s], address=[0x" PRI_ADR_HEX "], name=[%s]\n", get_module_name(m), a, name); }; symbol *new_sym=create_symbol(params->t, name); symbol *first_sym=(symbol*)rbtree_lookup(symtbl, (void*)a); if (first_sym) new_sym->next=first_sym; // insert at beginning of list rbtree_insert(symtbl, (void*)a, (void*)new_sym); };
// returns address of next SEH frame address dump_SEH_frame (fds* s, struct process* p, struct thread* t, struct MemoryCache *mc, address a) { struct my_EXCEPTION_REGISTRATION current_SEH_frame; bool b; b=MC_ReadBuffer (mc, a, sizeof(struct my_EXCEPTION_REGISTRATION), (BYTE*)¤t_SEH_frame); if (b==false) { L ("%s() cannot read current SEH frame\n", __FUNCTION__); return REG_MAX; }; strbuf sb=STRBUF_INIT; process_get_sym (p, current_SEH_frame.handler, true /* add_module_name */, true /* add_offset */, &sb); L ("* SEH frame at 0x" PRI_ADR_HEX " prev=0x" PRI_ADR_HEX " handler=0x" PRI_ADR_HEX " (%s)\n", a, current_SEH_frame.prev, current_SEH_frame.handler, sb.buf); bool SEH3=false, SEH4=false; if (string_is_ends_with (sb.buf, "except_handler3")) SEH3=true; REG security_cookie; bool security_cookie_known=false; if (string_is_ends_with (sb.buf, "except_handler4")) { SEH4=true; struct module *m=find_module_for_address(p, current_SEH_frame.handler); if (m->security_cookie_adr_known) { b=MC_ReadREG (mc, m->security_cookie_adr, &security_cookie); if (b==false) L ("%s() can't read security_cookie at 0x" PRI_ADR_HEX " for %s\n", __FUNCTION__, m->security_cookie_adr, get_module_name (m)); else security_cookie_known=true; } else { L ("SEH4 frame is here, but address of security_cookie is not known\n"); L ("Try to place .PDB or .MAP file here with this symbol in it\n"); }; }; if (SEH3==false && SEH4==false) goto exit; struct my_VC_EXCEPTION_REGISTRATION_RECORD current_SEH3_frame; b=MC_ReadBuffer (mc, a, sizeof(struct my_VC_EXCEPTION_REGISTRATION_RECORD), (BYTE*)¤t_SEH3_frame); if (b==false) { L ("%s() cannot read current SEH3/4 frame\n", __FUNCTION__); return REG_MAX; }; int previous_trylevel=current_SEH3_frame.previous_trylevel; L ("SEH%d frame. previous trylevel=%d\n", SEH3 ? 3 : 4, previous_trylevel); address scopetable_address=current_SEH3_frame.scopetable; if (SEH4 && security_cookie_known) { scopetable_address^=security_cookie; struct my_EH4_SCOPETABLE_HEADER EH4_header; b=MC_ReadBuffer (mc, scopetable_address, sizeof(struct my_EH4_SCOPETABLE_HEADER), (BYTE*)&EH4_header); if (b==false) { L ("%s() cannot read current SEH4 frame header. scopetable_address=0x" PRI_ADR_HEX "\n", __FUNCTION__, scopetable_address); return REG_MAX; }; L ("SEH4 header:\tGSCookieOffset=0x%x GSCookieXOROffset=0x%x\n", EH4_header.GSCookieOffset, EH4_header.GSCookieXOROffset); L ("\t\tEHCookieOffset=0x%x EHCookieXOROffset=0x%x\n", EH4_header.EHCookieOffset, EH4_header.EHCookieXOROffset); unsigned adr_of_EBP=a + ((byte*)¤t_SEH3_frame.EBP - (byte*)¤t_SEH3_frame.prev); if (EH4_header.EHCookieOffset!=-2) check_SEH4_cookie (mc, adr_of_EBP, EH4_header.EHCookieOffset, EH4_header.EHCookieXOROffset, security_cookie, "EH"); if (EH4_header.GSCookieOffset!=-2) check_SEH4_cookie (mc, adr_of_EBP, EH4_header.GSCookieOffset, EH4_header.GSCookieXOROffset, security_cookie, "GS"); scopetable_address+=sizeof(struct my_EH4_SCOPETABLE_HEADER); }; if (previous_trylevel>=0 && (SEH3 || (SEH4 && security_cookie_known))) dump_scopetable(mc, p, scopetable_address, previous_trylevel+1); exit: strbuf_deinit (&sb); return current_SEH_frame.prev; };