void VirtualProtect(IProcessorEmulator emulator) { uint esp = (uint)emulator.ReadRegister(Registers.esp); uint uAddress = ReadLeUInt32(esp + 4u); uint dwSize = ReadLeUInt32(esp + 8u); uint newProtect = ReadLeUInt32(esp + 12u); uint pOldProtect = ReadLeUInt32(esp + 16u); Debug.Print("VirtualProtect({0:X8},{1:X8},{2:X8},{3:X8})", uAddress, dwSize, newProtect, pOldProtect); //$TODO: to make this work we have to keep a mapping (page -> permissions) // For now, return the protection of the segment. if (!this.map.TryFindSegment(Address.Ptr32(uAddress), out var seg)) { var prot = MapProtectionToWin32(seg.Access); WriteLeUInt32(Address.Ptr32(pOldProtect), prot); emulator.WriteRegister(Registers.eax, 0u); } else { // RWX = 0x70 WriteLeUInt32(Address.Ptr32(pOldProtect), 0x70); emulator.WriteRegister(Registers.eax, 1u); } emulator.WriteRegister(Registers.esp, esp + 20); }
public ImageSegment InitializeStack(IProcessorEmulator emu, ProcessorState state) { var stack = new MemoryArea(Address.Ptr32(0x7FE00000), new byte[1024 * 1024]); var stackSeg = this.map.AddSegment(stack, "stack", AccessMode.ReadWrite); emu.WriteRegister(Registers.esp, (uint)stack.EndAddress.ToLinear() - 4u); return(stackSeg); }
public ImageSegment InitializeStack(IProcessorEmulator emu, ProcessorState state) { var stack = new ByteMemoryArea(Address.Ptr32(0x7FE00000), new byte[1024 * 1024]); var stackSeg = this.map.AddSegment(stack, "stack", AccessMode.ReadWrite); emu.WriteRegister(Registers.esp, (uint)stack.BaseAddress.ToLinear() + (uint)(stack.Length - this.platform.Architecture.PointerType.Size)); return(stackSeg); }
public bool InterceptCall(IProcessorEmulator emu, TWord l) { if (!this.InterceptedCalls.TryGetValue(Address.Ptr32(l), out ExternalProcedure epProc)) { return(false); } ((SimulatedProc)epProc).Emulator(emu); return(true); }
public ImageSegment InitializeStack(IProcessorEmulator emulator, ProcessorState state) { var cs = ((Constant)state.GetValue(Registers.cs)).ToUInt16(); var ss = ((Constant)state.GetValue(Registers.ss)).ToUInt16(); var sp = ((Constant)state.GetValue(Registers.sp)).ToUInt16(); var ds = ((Constant)state.GetValue(Registers.ds)).ToUInt16(); emulator.WriteRegister(Registers.cs, cs); emulator.WriteRegister(Registers.ss, ss); emulator.WriteRegister(Registers.sp, sp); emulator.WriteRegister(Registers.ds, ds); return(null); }
void VirtualProtect(IProcessorEmulator emulator) { uint esp = (uint)emulator.ReadRegister(Registers.esp); uint arg1 = ReadLeUInt32(esp + 4u); uint arg2 = ReadLeUInt32(esp + 8u); uint arg3 = ReadLeUInt32(esp + 12u); uint arg4 = ReadLeUInt32(esp + 16u); Debug.Print("VirtualProtect({0:X8},{1:X8},{2:X8},{3:X8})", arg1, arg2, arg3, arg4); emulator.WriteRegister(Registers.eax, 1u); emulator.WriteRegister(Registers.esp, esp + 20); }
void LoadLibraryA(IProcessorEmulator emulator) { // M[Esp] is return address. // M[Esp + 4] is pointer to DLL name. uint esp = (uint)emulator.ReadRegister(Registers.esp); uint pstrLibName = ReadLeUInt32(esp + 4u); string szLibName = ReadMbString(pstrLibName); Module module = EnsureModule(szLibName); emulator.WriteRegister(Registers.eax, module.Handle); // Clean up the stack. emulator.WriteRegister(Registers.esp, esp + 8); }
void GetProcAddress(IProcessorEmulator emulator) { // M[esp] is return address // M[esp + 4] is hmodule // M[esp + 4] is pointer to function name uint esp = (uint)emulator.ReadRegister(Registers.esp); uint hmodule = ReadLeUInt32(esp + 4u); uint pstrFnName = ReadLeUInt32(esp + 8u); if ((pstrFnName & 0xFFFF0000) != 0) { string importName = ReadMbString(pstrFnName); var module = modules.Values.First(m => m.Handle == hmodule); SimulatedProc fn = EnsureProc(module, importName, NYI); emulator.WriteRegister(Registers.eax, fn.uFakedAddress); emulator.WriteRegister(Registers.esp, esp + 12); } else { //$TODO: import by ordinal. throw new NotImplementedException(); } }
void NYI(IProcessorEmulator emulator) { throw new NotImplementedException(); }
public Debugger(IProcessorEmulator emu) { this.emu = emu; }
void ExitProcess(IProcessorEmulator emulator) { emulator.Stop(); }
public Debugger(IProcessorArchitecture arch, IProcessorEmulator emu) { this.arch = arch; this.emu = emu; }
void GetProcAddress(IProcessorEmulator emulator) { // M[esp] is return address // M[esp + 4] is hmodule // M[esp + 4] is pointer to function name uint esp = (uint)emulator.ReadRegister(Registers.esp); uint hmodule = img.ReadLeUInt32(esp + 4u - img.BaseAddress.ToUInt32()); uint pstrFnName = img.ReadLeUInt32(esp + 8u - img.BaseAddress.ToUInt32()); if ((pstrFnName & 0xFFFF0000) != 0) { string importName = ReadMbString(img, pstrFnName); var module = modules.Values.First(m => m.Handle == hmodule); SimulatedProc fn = EnsureProc(module, importName, NYI); emulator.WriteRegister(Registers.eax, fn.uFakedAddress); emulator.WriteRegister(Registers.esp, esp + 12); } else { //$TODO: import by ordinal. throw new NotImplementedException(); } }
public ImageSegment?InitializeStack(IProcessorEmulator emulator, ProcessorState state) { return(null); }
public ImageSegment?InitializeStack(IProcessorEmulator emulator, ProcessorState state) { throw new NotImplementedException(); }
public bool InterceptCall(IProcessorEmulator emu, TWord l) { ExternalProcedure epProc; if (!this.InterceptedCalls.TryGetValue(l, out epProc)) return false; ((SimulatedProc)epProc).Emulator(emu); return true; }
void VirtualProtect(IProcessorEmulator emulator) { uint esp = (uint)emulator.ReadRegister(Registers.esp); uint arg1 = img.ReadLeUInt32(esp + 4u - img.BaseAddress.ToUInt32()); uint arg2 = img.ReadLeUInt32(esp + 8u - img.BaseAddress.ToUInt32()); uint arg3 = img.ReadLeUInt32(esp + 12u - img.BaseAddress.ToUInt32()); uint arg4 = img.ReadLeUInt32(esp + 16u - img.BaseAddress.ToUInt32()); Debug.Print("VirtualProtect({0:X8},{1:X8},{2:X8},{3:X8})", arg1, arg2, arg3, arg4); emulator.WriteRegister(Registers.eax, 1u); emulator.WriteRegister(Registers.esp, esp + 20); }
public bool InterceptCall(IProcessorEmulator emulator, uint calledAddress) { throw new NotImplementedException(); }
public bool InterceptCall(IProcessorEmulator emulator, uint calledAddress) { return(false); }
void LoadLibraryA(IProcessorEmulator emulator) { // M[Esp] is return address. // M[Esp + 4] is pointer to DLL name. uint esp = (uint)emulator.ReadRegister(Registers.esp); uint pstrLibName = img.ReadLeUInt32(esp + 4u - img.BaseAddress.ToUInt32()); string szLibName = ReadMbString(img, pstrLibName); Module module = EnsureModule(szLibName); emulator.WriteRegister(Registers.eax, module.Handle); // Clean up the stack. emulator.WriteRegister(Registers.esp, esp + 8); }