/*******************************************************************************
*
* 函 数 名 : GetFunctionEnd
* 功能描述 : 取得函数的结束地址
* 参数列表 : uAddr -- 起始地址
* 说 明 : 并对没有对uAddr值做检查,如果他处于一个指令中间的话...
* 返回结果 : 成功返回函数结尾地址,否则返回0
*
*******************************************************************************/
ulong GetFunctionEnd(ulong uAddr)
{
char szSrcDec[1024] = {0};
char szLine[1024] = {0};
t_disasm disasm = {0};
ulong uIndex = uAddr ;
ulong uSize = 0 ;
ulong uInstructSize = 0 ;
ulong uFunctionEnd = uAddr + MAXFUNSIZE ;
for (; uIndex < uFunctionEnd; uIndex += uInstructSize)
{
uSize = Readcommand(uIndex, szLine) ;
// 再判断是不是call
// 反汇编二进制指令
uInstructSize = Disasm((uchar *)szLine, uSize, uIndex, (uchar *)szSrcDec, &disasm, DISASM_ALL, 0);
if (StrStrI(disasm.result, "ret"))
{
return uIndex + uInstructSize ;
}
}
return 0 ;
}
//*******************************************************************************
//
// 函 数 名 : SetCallBreakPoint
// 功能描述 : 在地址范围内下断点
// 参数列表 : pRunData -- RunData指针
// uFunctionStart -- 函数起始地址
// uFunctionEnd -- 函数结束地址
// 说 明 : 并没有对函数的正确性做检查
// 返回结果 : 成功返回TRUE,失败返回FALSE
//
//******************************************************************************
BOOL SetCallBreakPoint(PRunData pRunData,
ulong uFunctionStart,
ulong uFunctionEnd)
{
char szSrcDec[1024] = {0};
char szLine[1024] = {0};
char szName[TEXTLEN] = {0} ;
t_disasm disasm = {0};
ulong uIndex = uFunctionStart ;
ulong uSize = 0 ;
ulong uInstructSize = 0 ;
InitTreeHead(pRunData) ;
// 保留函数起始地址
pRunData->pCurrentNode->dwFuncStart = uFunctionStart ;
// 保留函数结束地址
pRunData->pCurrentNode->dwFuncEnd = uFunctionEnd ;
for (; uIndex < uFunctionEnd; uIndex += uInstructSize)
{
uSize = Readcommand(uIndex, szLine) ;
// 再判断是不是call
// 反汇编二进制指令
uInstructSize = Disasm((uchar *)szLine, uSize, uIndex, (uchar *)szSrcDec, &disasm, DISASM_ALL, 0);
if (StrStrI(disasm.result, "CALL")
|| StrStrI(disasm.result, "ret"))
{
// 是call直接下断点,方便日后api记录
if(0 == Setbreakpointext(uIndex,TY_ACTIVE,0,0))
{
// 先判断断点是否存在,不存在的话丢进链表中去
if(FALSE == ListExist(&pRunData->BreakPointList, uIndex))
{
pRunData->BreakPointList.push_back(uIndex) ;
}
}
}
}
// 判断当前设的断点是不是在显示屏幕中,是的话刷新
ulong uBase = 0 ;
Getdisassemblerrange(&uBase, &uSize) ;
if (uFunctionStart >= uBase && uFunctionStart <= (uBase + uSize))
{
Redrawdisassembler() ;
}
return TRUE ;
}
BOOL XXX(LPVOID pItem,char *pSubString)
{
T_X86Instruction tX86Instruction;
t_dump *pX86Dasm=NULL;
ulong Address;
ulong SOffest,EOffset;
ulong i;
unsigned char InstStr[MAXCMDSIZE];
ulong InstLength;
t_disasm da;
unsigned char *pdecode=NULL;
t_dump *pDasmWnd=(t_dump*)Plugingetvalue(VAL_CPUDASM);
pX86Dasm=( t_dump *)pItem;
Address=pX86Dasm->base;
char cPattern[0x100]={0};
if (Gettext("Search for pattern ...",cPattern,0,0,Plugingetvalue(VAL_WINDOWFONT))==-1){
return FALSE;
}
while(Address=Findnextproc(Address)){
Getproclimits(Address,&SOffest,&EOffset);
for (i=SOffest; i<EOffset; ){
if (!Readcommand(i,(char*)InstStr)) break;
InstLength=Disasm(InstStr,MAXCMDSIZE,i,pdecode,&da,DISASM_CODE,0);
tX86Instruction.Addresss=i;
memcpy(tX86Instruction.Command,da.result,256);
tX86Instruction.OpCodeLength=InstLength;
if (strstr((char*)tX86Instruction.Command,cPattern) ) {
if (pSubString){
if (strstr((char*)tX86Instruction.Command,pSubString)){
DbgMsg("0x%08X %d %s ",
tX86Instruction.Addresss,
tX86Instruction.OpCodeLength,
tX86Instruction.Command);
Setbreakpoint(tX86Instruction.Addresss,TY_ACTIVE|TY_KEEPCODE,0);
}
i+=InstLength;
continue;
}
DbgMsg("0x%08X %d %s ",
tX86Instruction.Addresss,
tX86Instruction.OpCodeLength,
tX86Instruction.Command);
Setbreakpoint(tX86Instruction.Addresss,TY_ACTIVE|TY_KEEPCODE,0);
}
i+=InstLength;
}
}
return TRUE;
}
