private void ParseIntermedList()
{
foreach (ImportsIntermedList intermed in _intermedList)
{
foreach (var functionNameAndValue in intermed.ImportedFunctions)
{
string functionName = functionNameAndValue.Key;
var record = new DumpBinImportsRecord()
{
ProviderBinaryFilename = intermed.ImportFromFilename,
FunctionName = functionName
};
Records.Add(record);
if (!CalleeMapper.ContainsKey(functionName))
{
CalleeMapper.Add(functionName, functionName);
}
}
}
}
/// <summary>
/// Two-phase parsing is necessary because the list of function names
/// are needed as the candidate set in the string matching of the
/// disassembled code.
/// </summary>
private void ParseFunctionNames()
{
int nextLineIndex = 0;
foreach (string s in OutputLines)
{
int currLineIndex = (nextLineIndex++);
if (currLineIndex < _firstLineAfterHeader)
{
continue;
}
if (s.EndsWith(":"))
{
string funcName = s.Substring(0, s.Length - 1);
_funcLineIndex.Add(currLineIndex);
if (!CalleeMapper.ContainsKey(funcName))
{
CalleeMapper.Add(funcName, funcName);
}
}
}
}
private void ParseFunctionCalls()
{
char[] spaceChars = new char[] { ' ', '\t' };
char[] splitChars = new char[] { ' ', ',', '[', '+', ']', '-' };
int currFuncLineIndex = -1;
string currFuncName = null;
int nextLineIndex = 0;
ulong rva = ulong.MaxValue;
foreach (string s in OutputLines)
{
int currLineIndex = (nextLineIndex++);
if (currLineIndex < _firstLineAfterHeader)
{
continue;
}
if (_funcLineIndex.Contains(currLineIndex))
{
currFuncLineIndex = currLineIndex;
currFuncName = s.Substring(0, s.Length - 1);
continue;
}
if (currFuncLineIndex < 0 || string.IsNullOrEmpty(currFuncName))
{
continue;
}
string[] parts = s.Split(spaceChars, StringSplitOptions.RemoveEmptyEntries);
foreach (string part in parts)
{
if (IsRVA(part))
{
rva = ulong.Parse(part.TrimEnd(':'), System.Globalization.NumberStyles.AllowHexSpecifier);
}
else if (IsDisasmByte(part))
{
// do nothing
}
else
{
string[] codeParts = part.Split(splitChars, StringSplitOptions.RemoveEmptyEntries);
foreach (string codePart in codeParts)
{
if (IsDecimalChar(codePart[0]))
{
continue;
}
if (CalleeMapper.TryGetValue(codePart, out string callee))
{
var record = new DumpBinCallRecord()
{
Caller = currFuncName,
Callee = callee,
RVA = rva
};
CallRecords.Add(record);
}
}
}
}
}
}
