public void UpdateCapstone(Capstone capstone)
{
List <Day> days = dayRepository.GetDaysByCapstoneId(capstone.CapstoneId);
int totB = 0;
int totW = 0;
int totS = 0;
int totF = 0;
days.ForEach(d => {
dayRepository.UpdateDay(d);
totB += d.TotalMinutesBusy;
totW += d.TotalMinutesWorked;
totS += d.TotalMinutesSleep;
totF += d.TotalMinutesFun;
});
capstone.TotalMinutesBusy = totB;
capstone.TotalMinutesFun = totF;
capstone.TotalMinutesSleep = totS;
capstone.TotalMinutesWorked = totW;
int weeksHours = (days.Count / capstone.DaysPerWeek) * capstone.HoursPerWeek;
capstone.OnTrack = (capstone.TotalMinutesWorked >= weeksHours) ? true : false;
_context.Update(capstone);
_context.SaveChanges();
}
static void Main(string[] args)
{
Console.WriteLine(Capstone.Version());
//00FBD440 55 push ebp
//00FBD441 8b ec mov ebp, esp
//00FBD443 6a ff push -1
//00FBD445 68 9b 2c fc 00 push 0xfc2c9b
//00FBD44A 64 a1 00 00 00 00 mov eax, dword ptr fs:[0]
//00FBD450 50 push eax
//00FBD451 81 ec b0 02 00 00 sub esp, 0x2b0
//00FBD457 53 push ebx
//00FBD458 56 push esi
//00FBD459 57 push edi
//00FBD45A 8d bd 44 fd ff ff lea edi, [ebp - 0x2bc]
//00FBD460 b9 ac 00 00 00 mov ecx, 0xac
//00FBD465 b8 cc cc cc cc mov eax, 0xcccccccc
//00FBD46A f3 ab rep stosd dword ptr es:[edi], eax
byte[] data = new byte[]
{
0x55, 0x8B, 0xEC, 0x6A, 0xFF, 0x68, 0x9B, 0x2C, 0xFC, 0x00, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00,
0x50, 0x81, 0xEC, 0xB0, 0x02, 0x00, 0x00, 0x53, 0x56, 0x57, 0x8D, 0xBD, 0x44, 0xFD, 0xFF, 0xFF,
0xB9, 0xAC, 0x00, 0x00, 0x00, 0xB8, 0xCC, 0xCC, 0xCC, 0xCC, 0xF3, 0xAB
};
try
{
Capstone.DisassembleAll(data, 0x00FBD440, OnDisassembleInstruction);
}
catch (CapstoneError error)
{
Console.WriteLine(string.Format("Error: {0}", error.Message));
}
}
/// <summary>
/// TODO: import intra/block stuff from EhTrace Agasm.cpp
/// * Then we can do local: blah stuff etc... maybe do a little graph mode with MSAGL
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void btnDiss_Click(object sender, RoutedEventArgs e)
{
MemNavViewModel vm = DataContext as MemNavViewModel;
if (vm != null && vm.SelectedProc != null)
{
IHighlightingDefinition instructionSyntax = null;
using (Stream s = typeof(MemNavWin).Assembly.GetManifestResourceStream("inVteroUI.InstructionSyntax.xshd"))
{
if (s != null)
{
using (XmlReader reader = new XmlTextReader(s))
instructionSyntax = ICSharpCode.AvalonEdit.Highlighting.Xshd.HighlightingLoader.Load(reader, HighlightingManager.Instance);
}
}
avaEdit.SyntaxHighlighting = instructionSyntax;
ulong DisAddr = 0;
ulong.TryParse(tbAddress.Text, NumberStyles.AllowHexSpecifier, System.Globalization.CultureInfo.InvariantCulture, out DisAddr);
if (DisAddr != 0)
{
var asmBytes = vm.SelectedProc.GetVirtualByte((long)DisAddr);
var asmCodes = Capstone.Dissassemble(asmBytes, asmBytes.Length, DisAddr, true);
StringBuilder sb = new StringBuilder();
foreach (var code in asmCodes)
{
sb.AppendLine($"0x{code.insn.address:X} \t {code.insn.mnemonic} \t {code.insn.operands}");
}
avaEdit.Text = sb.ToString();
}
}
}
public Capstone GetCapstoneById(int id)
{
Capstone capstone = _context.Capstones.SingleOrDefault(c => c.CapstoneId == id);
UpdateCapstone(capstone);
return(capstone);
}
public void CapEquality()
{
Stone stone1 = new Capstone(Colour.White);
Stone stone2 = new Capstone(Colour.White);
Stone stone3 = new Capstone(Colour.Black);
Stone stone4 = new Capstone(Colour.Black);
Assert.AreEqual(stone1, stone2);
Assert.AreEqual(stone3, stone4);
Assert.AreNotEqual(stone2, stone3);
}
public void RemoveCapstone(int id)
{
Capstone capstone = GetCapstoneById(id);
List <Day> days = dayRepository.GetDaysByCapstoneId(id);
foreach (Day day in days)
{
dayRepository.RemoveDay(day.DayId);
}
_context.Capstones.Remove(capstone);
_context.SaveChanges();
}
public ActionResult CreateCapstone([Required, FromBody] Capstone capstone, [Required] int UserId)
{
if (capstone == null)
{
return(BadRequest("Capstone is null"));
}
if (CapstoneExists(UserId) && capstone.UserId == UserId)
{
return(BadRequest("Capstone by this name already exists for this user"));
}
capstoneRepository.CreateCapstone(capstone);
_capstoneContext.SaveChanges();
return(Ok(new { Capstone = capstone }));
}
public ActionResult GetCapstonesByUserId([Required] int UserId)
{
List <Capstone> capstones = capstoneRepository.GetCapstonesByUserId(UserId);
if (capstones.Count == 0)
{
return(BadRequest("No Capstones for this user"));
}
Capstone capstone = capstones[0];
capstoneRepository.UpdateCapstone(capstone);
List <Day> days;
days = dayRepository.GetDaysByCapstoneId(capstone.CapstoneId);
return(Ok(new { status = 200, capstone /*, days*/ }));
}
public int insertCategory(Capstone.DTO.CategoryDTO category)
{
return 1;
}
public int updatePublisher(Capstone.DTO.PublisherDTO publisher)
{
return 1;
}
private void DumpDisassembly(uint DisAddress)
{
// No threads
if (DebugThreads.Count == 0)
{
return;
}
// Read preceeding bytes for more context
// TODO: This MUST align with a previous instruction or our disassembler will fail
uint OffsetAddr = DisAddress; // -16
byte[] data = DebugThreads[0].OwningProcess.ReadMemoryBlock(new IntPtr(OffsetAddr), 64);
// Dump requested after crashing - and read memory handles this silently
if (data == null)
{
return;
}
txDisassembly.BeginUpdate();
txDisassembly.Clear();
// TODO: Needs refactoring
var ModuleInfo = new SymbolInfoHelper(DebuggerInst, OffsetAddr);
// TODO: "call dword ptr [0x00XXXXXX]" instructions should be resolved
using (Capstone cs = Capstone.CreateEngine())
{
cs.DisassembleIt(data, OffsetAddr, delegate(CapstoneInstruction Instruction)
{
string Cursor = (Instruction.Address == DisAddress) ? "> " : " ";
txDisassembly.Add(Cursor);
ModuleInfo.GenerateLink(txDisassembly, (uint)Instruction.Address);
txDisassembly.Add(" ");
ExtractSymbols
(
Instruction.Disassembly,
// Regular instruction text
delegate(string RegData)
{
txDisassembly.Add(RegData);
},
// Raw address
delegate(uint address)
{
var Info = new SymbolInfoHelper(DebuggerInst, address);
Info.GenerateLink(txDisassembly, address);
},
// Indirect address
delegate(uint address)
{
// stub
});
txDisassembly.AddLine("");
});
}
txDisassembly.EndUpdate();
txDisassembly.Select(0, 0);
}
public int updateAuthor(Capstone.DTO.Author author)
{
return 1;
}
public int insertPublisher(Capstone.DTO.PublisherDTO publisher)
{
return 1;
}
public int updateCatalogue(Capstone.DTO.CatalogueDTO catalogue)
{
return 1;
}
public int updateAuthor(Capstone.DTO.AuthorDTO author)
{
AuthorDAO dao = new AuthorDAO();
return dao.updateAuthor(author);
}
/// <summary>
/// Process specialized
///
/// This is a cheat function to basically force deferred execution to occur.
///
/// All of this sort of late bound meta-data from the system needs to be carefully written to not be too expensive.
/// (e.g. use the .OffsetPos rather than too heavy on dynamic resolution)
///
/// Ensure we have symbols & kernel meta data parsed into our type info
///
/// Also We need vtero.WalkProcList to have been called which isolates vadroot
///
/// </summary>
public void MergeVAMetaData(bool DoStackCheck = false)
{
// setup kernel in optimized scan
ScanAndLoadModules();
// Load as much as possible from full user space scan for PE / load debug data
ScanAndLoadModules("", false, false);
var codeRanges = new ConcurrentDictionary <long, long>();
/// All page table entries
/// including kernel
var execPages = PT.FillPageQueue(false, true);
foreach (var pte in execPages)
{
codeRanges.TryAdd(pte.VA.Address, pte.VA.Address + (pte.PTE.LargePage ? MagicNumbers.LARG_PAGE_SIZE : MagicNumbers.PAGE_SIZE));
}
// Walk Vad and inject into 'sections'
// scan VAD data to additionally bind
ListVad(VadRootPtr);
// Dig all threads
if (DoStackCheck)
{
LoadThreads();
var checkPtrs = new ConcurrentBag <long>();
// instead of using memsections we should use apge table info
// then push in memsection after this round
Parallel.Invoke(() =>
{
// each stack
foreach (var userRange in UserThreadStacks)
{
// every value
foreach (var pointer in userRange.Item2)
{
if (pointer > -4096 && pointer < 4096)
{
continue;
}
// see if in range of code
foreach (var codeRange in codeRanges)
{
// if so we need to double check that the code ptr is a good one
if (pointer >= codeRange.Key && pointer < codeRange.Value)
{
checkPtrs.Add(pointer);
}
}
}
}
}, () =>
{
// each stack
foreach (var kernelRange in ThreadStacks)
{
// every value
foreach (var pointer in kernelRange.Item2)
{
if (pointer > -4096 && pointer < 4096)
{
continue;
}
// see if in range of code
foreach (var codeRange in codeRanges)
{
// if so we need to double check that the code ptr is a good one
if (pointer >= codeRange.Key && pointer < codeRange.Value)
{
checkPtrs.Add(pointer);
}
}
}
}
});
// validate checkPtrs pointers here
// TODO: group pointers so we can minimize page reads
foreach (var ptr in checkPtrs)
{
var idx = ptr & 0xfff;
if (idx < 10)
{
continue;
}
// every pointer needs to be a function start
// or a properly call/ret pair
var ptrTo = VGetBlock(ptr);
//BYTE* bp = (BYTE*)RefFramePtr;
var IsCCBefore = ptrTo[idx - 1];
var IsCallE8 = ptrTo[idx - 5];
var IsCallE8_second = ptrTo[idx - 3];
var IsCall9A = ptrTo[idx - 5];
var IsCall9A_second = ptrTo[idx - 7];
bool FoundFFCode = false;
// scan from RoPCheck
for (int i = 2; i < 10; i++)
{
var a = ptrTo[idx - i];
var b = ptrTo[idx - i + 1];
if (i < 8)
{
if ((a == 0xff) && (b & 0x38) == 0x10)
{
FoundFFCode = true;
break;
}
}
if ((a == 0xff) && (b & 0x38) == 0x18)
{
FoundFFCode = true;
break;
}
}
if (!FoundFFCode && IsCCBefore != 0xcc && IsCallE8 != 0xe8 && IsCallE8_second != 0xe8 && IsCall9A != 0x9a && IsCall9A_second != 0x9a)
{
WriteColor(ConsoleColor.Cyan, $"Stack pointer is wild {ptr:x}");
var cs = Capstone.Dissassemble(ptrTo, ptrTo.Length, (ulong)(ptr & -4096));
for (int i = 0; i < cs.Length; i++)
{
if (cs[i].insn.address == (ulong)ptr)
{
WriteColor(ConsoleColor.Yellow, $"{cs[i - 1].insn.address:x} {cs[i - 1].insn.bytes[0]:x} {cs[i - 1].insn.mnemonic} {cs[i - 1].insn.operands}");
WriteColor(ConsoleColor.Yellow, $"{cs[i].insn.address:x} {cs[i].insn.bytes[0]:x} {cs[i].insn.mnemonic} {cs[i].insn.operands}");
}
}
}
}
}
// find section's with no "Module"
foreach (var sec in Sections.Values)
{
if (sec.Module == null)
{
var test = GetVirtualByte(sec.VadAddr);
var ext = Extract.IsBlockaPE(test);
sec.Module = ext;
}
}
}
public ActionResult PutCapstone([Required] int UserId, [Required] int capstoneId, [FromBody, Required] Capstone capstone)
{
if (capstoneId != capstone.CapstoneId)
{
return(BadRequest());
}
_capstoneContext.Entry(capstone).State = EntityState.Modified;
try
{
_capstoneContext.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!capstoneRepository.CapstoneExists(capstoneId))
{
return(NotFound());
}
else
{
throw;
}
}
return(Ok());
}
public int updateCopy(Capstone.DTO.CopyDTO copy)
{
CopyDAO dao = new CopyDAO();
return dao.updateCopy(copy);
}
public void CreateCapstone(Capstone capstone)
{
_context.Capstones.Add(capstone);
}
public int insertCopy(Capstone.DTO.CopyDTO copy)
{
CopyDAO dao = new CopyDAO();
return dao.insertCopy(copy);
}
public int deleteCopy(Capstone.DTO.CopyDTO copy)
{
CopyDAO dao = new CopyDAO();
return dao.deleteCopy(copy);
}
public int deleteAuthor(Capstone.DTO.Author author)
{
return 1;
}
public int updateCategory(Capstone.DTO.CategoryDTO category)
{
return 1;
}
public int insertAuthorOfBook(Capstone.DTO.AuthorOfBookDTO authorOfBook)
{
return 1;
}
public int insertCatalogue(Capstone.DTO.CatalogueDTO catalogue)
{
return 1;
}
public int updateAuthorOfBook(Capstone.DTO.AuthorOfBookDTO authorOfBook)
{
return 1;
}
public int insertCopy(Capstone.DTO.CopyDTO copy)
{
return 1;
}
public int deletePublisher(Capstone.DTO.PublisherDTO publisher)
{
return 1;
}
public static void Main()
{
platform[] platforms = {
new platform(
Capstone.CS_ARCH_X86,
Capstone.CS_MODE_16,
new byte[] { (byte)0x8d, (byte)0x4c, (byte)0x32, (byte)0x08, (byte)0x01, (byte)0xd8, (byte)0x81, (byte)0xc6, (byte)0x34, (byte)0x12, 0x00, 0x00 },
"X86 16bit (Intel syntax)"
),
new platform(
Capstone.CS_ARCH_X86,
Capstone.CS_MODE_32 + Capstone.CS_MODE_SYNTAX_ATT,
new byte[] { (byte)0x8d, 0x4c, 0x32, 0x08, 0x01, (byte)0xd8, (byte)0x81, (byte)0xc6, 0x34, 0x12, 0x00, 0x00 },
"X86 32bit (ATT syntax)"
),
new platform(
Capstone.CS_ARCH_X86,
Capstone.CS_MODE_32,
new byte[] { (byte)0x8d, 0x4c, 0x32, 0x08, 0x01, (byte)0xd8, (byte)0x81, (byte)0xc6, 0x34, 0x12, 0x00, 0x00 },
"X86 32bit (Intel syntax)"
),
new platform(
Capstone.CS_ARCH_X86,
Capstone.CS_MODE_64,
new byte[] { 0x55, 0x48, (byte)0x8b, 0x05, (byte)0xb8, 0x13, 0x00, 0x00 },
"X86 64 (Intel syntax)"
),
new platform(
Capstone.CS_ARCH_ARM,
Capstone.CS_MODE_ARM,
new byte[] { (byte)0xED, (byte)0xFF, (byte)0xFF, (byte)0xEB, 0x04, (byte)0xe0, 0x2d, (byte)0xe5, 0x00, 0x00, 0x00, 0x00, (byte)0xe0, (byte)0x83, 0x22, (byte)0xe5, (byte)0xf1, 0x02, 0x03, 0x0e, 0x00, 0x00, (byte)0xa0, (byte)0xe3, 0x02, 0x30, (byte)0xc1, (byte)0xe7, 0x00, 0x00, 0x53, (byte)0xe3 },
"ARM"
),
new platform(
Capstone.CS_ARCH_ARM,
Capstone.CS_MODE_THUMB,
new byte[] { 0x4f, (byte)0xf0, 0x00, 0x01, (byte)0xbd, (byte)0xe8, 0x00, (byte)0x88, (byte)0xd1, (byte)0xe8, 0x00, (byte)0xf0 },
"THUMB-2"
),
new platform(
Capstone.CS_ARCH_ARM,
Capstone.CS_MODE_ARM,
new byte[] { 0x10, (byte)0xf1, 0x10, (byte)0xe7, 0x11, (byte)0xf2, 0x31, (byte)0xe7, (byte)0xdc, (byte)0xa1, 0x2e, (byte)0xf3, (byte)0xe8, 0x4e, 0x62, (byte)0xf3 },
"ARM: Cortex-A15 + NEON"
),
new platform(
Capstone.CS_ARCH_ARM,
Capstone.CS_MODE_THUMB,
new byte[] { 0x70, 0x47, (byte)0xeb, 0x46, (byte)0x83, (byte)0xb0, (byte)0xc9, 0x68 },
"THUMB"
),
new platform(
Capstone.CS_ARCH_MIPS,
Capstone.CS_MODE_32 + Capstone.CS_MODE_BIG_ENDIAN,
new byte[] { 0x0C, 0x10, 0x00, (byte)0x97, 0x00, 0x00, 0x00, 0x00, 0x24, 0x02, 0x00, 0x0c, (byte)0x8f, (byte)0xa2, 0x00, 0x00, 0x34, 0x21, 0x34, 0x56 },
"MIPS-32 (Big-endian)"
),
new platform(
Capstone.CS_ARCH_MIPS,
Capstone.CS_MODE_64+ Capstone.CS_MODE_LITTLE_ENDIAN,
new byte[] { 0x56, 0x34, 0x21, 0x34, (byte)0xc2, 0x17, 0x01, 0x00 },
"MIPS-64-EL (Little-endian)"
),
new platform(
Capstone.CS_ARCH_ARM64,
Capstone.CS_MODE_ARM,
new byte [] { 0x21, 0x7c, 0x02, (byte)0x9b, 0x21, 0x7c, 0x00, 0x53, 0x00, 0x40, 0x21, 0x4b, (byte)0xe1, 0x0b, 0x40, (byte)0xb9 },
"ARM-64"
),
};
for (int j = 0; j < platforms.Length; j++) {
System.Console.WriteLine("************");
System.Console.WriteLine("Platform: {0}", platforms[j].comment);
System.Console.WriteLine();
Capstone cs = new Capstone(platforms[j].arch, platforms[j].mode);
cs_insn[] insns = cs.disasm(platforms[j].code, 0x1000, 0);
for(int i = 0; i < insns.Length; i++) {
System.Console.WriteLine("0x{0:X}\t{1}\t{2}", insns[i].address, insns[i].mnemonic, insns[i].operands);
}
}
}
public int insertAuthor(Capstone.DTO.Author author)
{
return 1;
}
