int main()
{
#if __WORDSIZE==64
oassert(strtol_or_strtoll("0xAB12345678", NULL, 16)==0xAB12345678);
#else
oassert(strtol_or_strtoll("0x12345678", NULL, 16)==0x12345678);
#endif
const char* strings[]={"string1", "hello", "world", "another string"};
size_t strings_t=sizeof(strings)/sizeof(char*);
printf ("%d\n", find_string_in_array_of_strings("another string", strings, strings_t, false, false));
printf ("%d\n", find_string_in_array_of_strings("world", strings, strings_t, true, false));
printf ("%d\n", find_string_in_array_of_strings("Hello", strings, strings_t, true, false));
printf ("%d\n", find_string_in_array_of_strings("world2", strings, strings_t, true, false));
printf ("%d\n", find_string_in_array_of_strings("World", strings, strings_t, false, false));
oassert (string_is_ends_with ("hello", "lo")==true);
oassert (string_is_ends_with ("hello", "lo1")==false);
oassert (str_common_prefix_len("asd", "das")==0);
oassert (str_common_prefix_len(" & Her Lover", " Cook, the Thief, His Wife & Her Lover")==1);
oassert (str_common_prefix_len("asd", "as2")==2);
oassert (str_common_prefix_len("asd", "as")==2);
oassert (str_common_prefix_len("asd", "asd")==3);
oassert (str_common_prefix_len("asd", "abb")==1);
char *buf=DSTRDUP("hello world","buf");
string_remove_part (buf, 0, 4); // "hello"
string_remove_part (buf, 0, 0); // " "
oassert (strcmp (buf, "world")==0);
DFREE(buf);
buf=DSTRDUP(" ","buf");
string_remove_part (buf, 0, 0); // " "
oassert (strcmp (buf, "")==0);
DFREE(buf);
buf=DSTRDUP("asdfg","buf");
string_remove_part (buf, 4, 4);
string_remove_part (buf, 0, 0);
oassert (strcmp (buf, "sdf")==0);
DFREE(buf);
oassert(is_string_consists_only_of_Latin_letters("abcdef")==true);
oassert(is_string_consists_only_of_Latin_letters("abcd1ef")==false);
oassert(is_string_has_only_one_character_repeating("111111111", NULL)==true);
oassert(is_string_has_only_one_character_repeating("1111111112", NULL)==false);
char* tmp=dmalloc_and_snprintf ("%d %d", 123, 456);
oassert(streq(tmp, "123 456"));
DFREE(tmp);
tmp=dmalloc_and_snprintf ("%" PRIx64 " %d", 0x1234567890ABCDEF, 456);
oassert(streq(tmp, "1234567890abcdef 456"));
DFREE(tmp);
dump_unfreed_blocks();
};
void add_symbol (address a, char *name, add_symbol_params *params)
{
module *m=params->m;
rbtree *symtbl=m->symbols;
oassert(symtbl && "symbols=NULL in module");
MemoryCache *mc=params->mc;
if (one_time_int3_bp_re && params->t==SYM_TYPE_PE_EXPORT && module_adr_in_executable_section (m, a))
{
strbuf sb=STRBUF_INIT;
strbuf_addstr (&sb, get_module_name(m));
strbuf_addc (&sb, '!');
strbuf_addstr (&sb, name);
if (regexec (one_time_int3_bp_re, sb.buf, 0, NULL, 0)==0)
set_onetime_INT3_BP(a, params->p, m, name, mc);
strbuf_deinit (&sb);
};
if (dump_seh && string_is_ends_with (name, "security_cookie"))
{
m->security_cookie_adr=a;
m->security_cookie_adr_known=true;
if (symbol_c_debug)
L ("%s() got address of security_cookie (0x" PRI_REG_HEX ") for %s!%s\n", __FUNCTION__, a, get_module_name(m), name);
};
bool dump_symbol=false;
if (dump_all_symbols_re)
{
strbuf sb=STRBUF_INIT;
strbuf_addstr (&sb, get_module_name(m));
strbuf_addc (&sb, '!');
strbuf_addstr (&sb, name);
if (regexec (dump_all_symbols_re, sb.buf, 0, NULL, 0)==0)
dump_symbol=true;
strbuf_deinit (&sb);
};
if (dump_symbol || (dump_all_symbols_re==NULL && dump_all_symbols))
{
dump_PID_if_need(params->p);
L("New symbol. Module=[%s], address=[0x" PRI_ADR_HEX "], name=[%s]\n", get_module_name(m), a, name);
};
symbol *new_sym=create_symbol(params->t, name);
symbol *first_sym=(symbol*)rbtree_lookup(symtbl, (void*)a);
if (first_sym)
new_sym->next=first_sym; // insert at beginning of list
rbtree_insert(symtbl, (void*)a, (void*)new_sym);
};
// returns address of next SEH frame
address dump_SEH_frame (fds* s, struct process* p, struct thread* t, struct MemoryCache *mc, address a)
{
struct my_EXCEPTION_REGISTRATION current_SEH_frame;
bool b;
b=MC_ReadBuffer (mc, a,
sizeof(struct my_EXCEPTION_REGISTRATION), (BYTE*)¤t_SEH_frame);
if (b==false)
{
L ("%s() cannot read current SEH frame\n", __FUNCTION__);
return REG_MAX;
};
strbuf sb=STRBUF_INIT;
process_get_sym (p, current_SEH_frame.handler, true /* add_module_name */, true /* add_offset */, &sb);
L ("* SEH frame at 0x" PRI_ADR_HEX " prev=0x" PRI_ADR_HEX " handler=0x" PRI_ADR_HEX " (%s)\n",
a, current_SEH_frame.prev, current_SEH_frame.handler, sb.buf);
bool SEH3=false, SEH4=false;
if (string_is_ends_with (sb.buf, "except_handler3"))
SEH3=true;
REG security_cookie;
bool security_cookie_known=false;
if (string_is_ends_with (sb.buf, "except_handler4"))
{
SEH4=true;
struct module *m=find_module_for_address(p, current_SEH_frame.handler);
if (m->security_cookie_adr_known)
{
b=MC_ReadREG (mc, m->security_cookie_adr, &security_cookie);
if (b==false)
L ("%s() can't read security_cookie at 0x" PRI_ADR_HEX " for %s\n",
__FUNCTION__, m->security_cookie_adr, get_module_name (m));
else
security_cookie_known=true;
}
else
{
L ("SEH4 frame is here, but address of security_cookie is not known\n");
L ("Try to place .PDB or .MAP file here with this symbol in it\n");
};
};
if (SEH3==false && SEH4==false)
goto exit;
struct my_VC_EXCEPTION_REGISTRATION_RECORD current_SEH3_frame;
b=MC_ReadBuffer (mc, a,
sizeof(struct my_VC_EXCEPTION_REGISTRATION_RECORD), (BYTE*)¤t_SEH3_frame);
if (b==false)
{
L ("%s() cannot read current SEH3/4 frame\n", __FUNCTION__);
return REG_MAX;
};
int previous_trylevel=current_SEH3_frame.previous_trylevel;
L ("SEH%d frame. previous trylevel=%d\n", SEH3 ? 3 : 4, previous_trylevel);
address scopetable_address=current_SEH3_frame.scopetable;
if (SEH4 && security_cookie_known)
{
scopetable_address^=security_cookie;
struct my_EH4_SCOPETABLE_HEADER EH4_header;
b=MC_ReadBuffer (mc, scopetable_address,
sizeof(struct my_EH4_SCOPETABLE_HEADER), (BYTE*)&EH4_header);
if (b==false)
{
L ("%s() cannot read current SEH4 frame header. scopetable_address=0x" PRI_ADR_HEX "\n",
__FUNCTION__, scopetable_address);
return REG_MAX;
};
L ("SEH4 header:\tGSCookieOffset=0x%x GSCookieXOROffset=0x%x\n", EH4_header.GSCookieOffset, EH4_header.GSCookieXOROffset);
L ("\t\tEHCookieOffset=0x%x EHCookieXOROffset=0x%x\n", EH4_header.EHCookieOffset, EH4_header.EHCookieXOROffset);
unsigned adr_of_EBP=a + ((byte*)¤t_SEH3_frame.EBP - (byte*)¤t_SEH3_frame.prev);
if (EH4_header.EHCookieOffset!=-2)
check_SEH4_cookie (mc, adr_of_EBP, EH4_header.EHCookieOffset, EH4_header.EHCookieXOROffset, security_cookie, "EH");
if (EH4_header.GSCookieOffset!=-2)
check_SEH4_cookie (mc, adr_of_EBP, EH4_header.GSCookieOffset, EH4_header.GSCookieXOROffset, security_cookie, "GS");
scopetable_address+=sizeof(struct my_EH4_SCOPETABLE_HEADER);
};
if (previous_trylevel>=0 && (SEH3 || (SEH4 && security_cookie_known)))
dump_scopetable(mc, p, scopetable_address, previous_trylevel+1);
exit:
strbuf_deinit (&sb);
return current_SEH_frame.prev;
};
