本文整理汇总了C++中Analysis::disasm方法的典型用法代码示例。如果您正苦于以下问题:C++ Analysis::disasm方法的具体用法?C++ Analysis::disasm怎么用?C++ Analysis::disasm使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Analysis的用法示例。
在下文中一共展示了Analysis::disasm方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: analysistest
void analysistest()
{
Analysis a;
CodeBufferInfo o;
CPEFile file;
file.LoadPEFile("mfc.exe");
if (!file.IsPEFile())
{
return ;
}
o.buf = file.VaToPtr(0x4014a0);
for (int i = 0; i < 0x21; ++i)
{
printf("i = %d,%x\r\n",i,((char*)o.buf)[i]);
}
o.addr = 0x4014a0;
o.size = 0x3a;
a.disasm(&o);
}示例2: buildvmtest
void buildvmtest(BuildCodeInfo & build_info)
{
VirtualMachineManage vm;
CodeBufferInfo info;
CPEFile file;
char * build_exec_name = build_info.get_filename();
bool b = file.LoadPEFile(build_exec_name);
if (!b)
{
printf("file is not find\r\n");
return;
}
if (!file.IsPEFile())
{
printf("executable file type error\n");
return;
}
CPESection section;
CPEReloc reloc;
section = file;
reloc = file;
reloc.DeleteReloc();
reloc.GetBaseReloc();
for (int i = 0;i<section.GetSectionCount();i++)
{
//section.GetRelocations(i);
}
//printf ("一共有%d个区段\r\n");
/*for (int i = 0;i < section.GetSectionCount();i++)
{
DWORD size;
BYTE * data = section.GetSectionData(i,&size);
printf("第%d个区段,大小%d\n",i,size);
for (int x = 0;x<size;x++)
{
printf("%x ",data[x]);
if ((x+1)%16==0)
{
printf("\n");
}
}
}*/
get_wprotect_sdk_address(section,build_info,"WProtect Begin","WProtect End");
unsigned long section_size;
VMAddressTable table( section.GetNewSectionBase(),0x512,false);
bool t_sign = table.get_sign();
table.set_sign(true);
long virtualmachine_address = table.assign_address(0x1024);
table.set_sign(t_sign);
VirtualMachine *pvm = vm.add_virtual_machine(virtualmachine_address,false);
table.copy(virtualmachine_address,pvm->vm_info.buf,pvm->vm_info.size);
for (BuildCodeInfo::iterator iter = build_info.begin(); iter != build_info.end(); iter++)
{
long build_exec_addr = iter->build_exec_addr;
long build_exec_size = iter->build_exec_size;
info.buf = file.VaToPtr(build_exec_addr);
info.addr = build_exec_addr;
info.size = 0x40194f - 0x4014a0;
info.size = build_exec_size;
if (info.size < 5)
{
printf("Protect Size less than 5 Byte\n");
return;
}
//#define VM_DEBUG_BUILD
#ifdef VM_DEBUG_BUILD
Analysis analysis;
std::vector<CodePiece> code_list;
analysis.disasm(&info,code_list);
bool next = true;
for (std::vector<CodePiece>::iterator iter = code_list.begin();
iter != code_list.end();iter++)
{
bool begin = true;
//info.addr = 0;
//info.buf = 0;
if (iter->get_is_jcc())
info.size = iter->get_piece().back().insn_offset - iter->get_piece().front().insn_offset;
else
info.size = iter->get_piece().back().pc - iter->get_piece().front().insn_offset;
info.addr = iter->get_piece().front().insn_offset;
info.buf = section.VaToPtr(info.addr);
if (info.size < 5 )
{
printf("编译的地址不能小于5Byte,这段指令编译失败\n");
//return;
continue;
}
void * ptr_old_code = info.buf;
size_t old_code_size = info.size;
//.........这里部分代码省略.........
示例3: buildvmtest_elf
void buildvmtest_elf(BuildCodeInfo & build_info)
{
VirtualMachineManage vm;
CodeBufferInfo info;
CELFFile file;
char * build_exec_name = build_info.get_filename();
bool b = file.LoadELFFile(build_exec_name);
if (!b)
{
printf("file is not find\r\n");
return;
}
get_wprotect_sdk_address_elf(file,build_info,"WProtect Begin","WProtect End");
unsigned long section_size;
VMAddressTable table( file.GetNewSegmentSectionBase(),0x512,false);
bool t_sign = table.get_sign();
table.set_sign(true);
long virtualmachine_address = table.assign_address(0x1024);
table.set_sign(t_sign);
VirtualMachine *pvm = vm.add_virtual_machine(virtualmachine_address,false);
table.copy(virtualmachine_address,pvm->vm_info.buf,pvm->vm_info.size);
for (BuildCodeInfo::iterator iter = build_info.begin(); iter != build_info.end(); iter++)
{
long build_exec_addr = iter->build_exec_addr;
long build_exec_size = iter->build_exec_size;
info.buf = file.VaToPtr(build_exec_addr);
info.addr = build_exec_addr;
info.size = 0x40194f - 0x4014a0;
info.size = build_exec_size;
if (info.size < 5)
{
printf("Protect Size less than 5 Byte\n");
return;
}
//#define VM_DEBUG_BUILD
#ifdef VM_DEBUG_BUILD
Analysis analysis;
std::vector<CodePiece> code_list;
analysis.disasm(&info,code_list);
bool next = true;
for (std::vector<CodePiece>::iterator iter = code_list.begin();
iter != code_list.end();iter++)
{
bool begin = true;
//info.addr = 0;
//info.buf = 0;
if (iter->get_is_jcc())
info.size = iter->get_piece().back().insn_offset - iter->get_piece().front().insn_offset;
else
info.size = iter->get_piece().back().pc - iter->get_piece().front().insn_offset;
info.addr = iter->get_piece().front().insn_offset;
info.buf = section.VaToPtr(info.addr);
if (info.size < 5 )
{
printf("编译的地址不能小于5Byte,这段指令编译失败\n");
//return;
continue;
}
void * ptr_old_code = info.buf;
size_t old_code_size = info.size;
long old_addr = info.addr;
BuildVMByteCode build(&vm,&info,&table);
memset(ptr_old_code,0x90,old_code_size);
add_jmp_addr(file,old_addr,info.addr);
}
#else
void * ptr_old_code = info.buf;
size_t old_code_size = info.size;
Analysis analysis;
std::vector<long> addr_table;
std::vector<long*> addr_entry_point;
analysis.analysis_address_table(&info,addr_table,file.GetSectionMinAddress(),file.GetSectionMaxAddress());
get_table_addr_elf(file,addr_table,addr_entry_point);
BuildVMByteCode build(&vm,&info,&table,addr_entry_point);
memset(ptr_old_code,0,old_code_size);
add_jmp_addr_elf(file,build_exec_addr,info.addr);
#endif
}
FILE *pfile;
// VirtualMachine *pvm = vm.rand_virtual_machine();
//t_sign = table.get_sign();
//table.set_sign(true);
// long virtualmachine_address = table.assign_address(pvm->vm_info.size);
//table.set_sign(t_sign);
//.........这里部分代码省略.........
示例4: BuildPCode
/*
pCodeBufferInfo BuildVMCode::BuildPCode(
VirtualMachineManage *vmmanage,
pCodeBufferInfo pinfo,
VMAddressTable * address_table
)
{
Analysis analysis;
std::vector<CodePiece> code_piece_list;
analysis.disasm(pinfo,code_piece_list);
VirtualMachine *vm = vmmanage->rand_virtual_machine();
vector <VMCodeBufferManage*>vcodebufs;
long first_pcode_addr = alloc_address(vm,address_table,&analysis,&vcodebufs);
SeniorVMHandle *sfirst = &vcodebufs[ 0 ]->get_generator( );
//sfirst->upset_register_array(sfirst->pcode->register_store_in);
//sfirst->start();
long key = vcodebufs[ 0 ]->code.get_original_key( );
VTable t_v;
memset(&t_v,0,sizeof(t_v));
bool t_sign = address_table->get_sign();
address_table->set_sign(true);
//printf("1111%d\n",address_table->get_size());
//__asm__ ("int3");
long head_address = address_table->assign_address(0x70);
address_table->set_sign(t_sign);
#ifdef DEBUG
printf("vm入口地址:%x\r\n",head_address);
#endif
ppcode_block_info info = vm->create_function_head(head_address,first_pcode_addr,sfirst->pcode,pinfo->addr + pinfo->size,123456,key); //pcode位置有问题
address_table->copy(head_address,info->buf,info->size);
for (int i = 0; i < analysis.block_count; ++i)
{
ud_t ud;
pAssemblerTree nowtree = analysis.get_tree(i);
SeniorVMHandle *senior = &(vcodebufs)[i]->get_generator();
vcodebufs[ i ]->code.set_key( nowtree->key ); //设置key
senior->save_vm_context();
bool b_j = false;
for (std::vector<ud_t>::iterator iter = nowtree->asmpiece.begin();
iter != nowtree->asmpiece.end(); ++iter)
{
ud = *iter;
if (nowtree->LeftChild)
ud.vm_jcc_addr1 = nowtree->LeftChild->reloc_address;
switch ( ud.mnemonic)
{
case UD_Ijnz:
b_j = true;
ud.vm_jcc_addr2 = nowtree->RightChild->reloc_address;//nowtree->jcc_addr;
asm_to_vm( &vcodebufs[ i ]->get_generator( ),&ud );
break;
case UD_Ijz:
b_j = true;
ud.vm_jcc_addr2 = nowtree->jcc_addr;
asm_to_vm( &vcodebufs[ i ]->get_generator( ),&ud );
break;
default:
asm_to_vm( &vcodebufs[ i ]->get_generator( ),&ud );
}
}
printf("当前key:%x\r\n",nowtree->key);
if (i+1 < analysis.block_count )
{
senior->recover_vm_context();
if (!b_j)
senior->push(nowtree->LeftChild->reloc_address);
else
senior->push(T_JCC_REGISTER);
//senior->set_key(vcodebufs[i]->code.get_original_key());
senior->set_key(nowtree->key); //handle设置key
}
//senior->recover_vm_context();
}
address_table->copy();
for (vector <VMCodeBufferManage*>::iterator iter = vcodebufs.begin(); iter != vcodebufs.end(); ++iter)
{
delete *iter;
}
pinfo->addr = head_address;
return pinfo;
}*/
pCodeBufferInfo BuildVMCode::BuildPCode(
VirtualMachineManage *vmmanage,
pCodeBufferInfo pinfo,
VMAddressTable * address_table
)
{
Analysis analysis;
analysis.disasm(pinfo);
VirtualMachine *vm = vmmanage->rand_virtual_machine();
//.........这里部分代码省略.........