public formFilter(oFunctionList functionList, oTabManager tabManager, oTabFunctionList tab, FILTER_TYPE filterType, oVisPlayBar playBar)
{
InitializeComponent();
this.tabManager = tabManager;
this.tab = tab;
this.functionGrid.CellValueNeeded += new System.Windows.Forms.DataGridViewCellValueEventHandler(this.functionGrid_CellValueNeeded);
this.functionList = functionList;
this.functionListOutput = functionList.Clone();
updatePredictedOutput();
timerRefreshOutput.Enabled = false;
this.playBar = playBar;
// Make changes to the interface as determined by the filterType
this.filterType = filterType;
switch(filterType)
{
case FILTER_TYPE.FUNCTION_LIST_FILTERED:
// Do nothing special
break;
case FILTER_TYPE.FUNCTION_LIST_FULL:
// We cannot replace this list
this.buttonApplyReplace.Visible = false;
break;
case FILTER_TYPE.GENERAL:
// We do not want to change any tabs, just provide functionListOutput as the result
buttonApplyReplace.Visible = false;
buttonApplyNew.Text = "Apply";
// We cannot clip data to selection
this.radioTimeRangeClip.Enabled = false;
break;
}
}
private void InitializeComponents(oFunctionList recordedData)
{
this.callSenderControl = new callSender(recordedData);
this.workingPage.Controls.Add(callSenderControl);
this.callSenderControl.Location = new System.Drawing.Point(0, 0);
this.callSenderControl.Dock = DockStyle.Fill;
}
private void InitializeComponents(oFunctionList recordedData)
{
this.callSenderControl = new callSender(recordedData);
this.workingPage.Controls.Add(callSenderControl);
this.callSenderControl.Location = new System.Drawing.Point(0, 0);
this.callSenderControl.Dock = DockStyle.Fill;
}
public callSender(oFunctionList recordedData)
{
this.recordedData = recordedData;
InitializeComponent();
if( recordedData != null )
{
// Set the call list count
this.dataGridCalls.RowCount = recordedData.getCallCount();
// Make sure only 1 function is in the function list.
if( recordedData.getCount() == 1 )
{
// Set this function address
this.address = recordedData.functions[0].address;
// Set this function
this.function = recordedData.functions[0];
// Initialize the arguments data grid view control
this.dataGridArguments.Rows.Add(new string[] { "ecx", "0x0" });
this.dataGridArguments.Rows.Add(new string[] { "edx", "0x0" });
this.dataGridArguments.Rows.Add(new string[] { "eax", "0x0" });
for (int i = 0; i < recordedData.functions[0].getNumParams(); i++)
{
// Add this argument
this.dataGridArguments.Rows.Add(new string[] {"ebp+0x" + (8+i*4).ToString("X"), "0x0"});
}
// Load the initial arguments from the most recent function call
if (recordedData.getCallCount() > 0)
{
// Set the register inputs
this.dataGridArguments.Rows[0].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].ecx.ToString("X");
this.dataGridArguments.Rows[1].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].edx.ToString("X");
this.dataGridArguments.Rows[2].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].eax.ToString("X");
// Set the stack inputs
for (int i = 0; i < recordedData.functions[0].getNumParams(); i++)
{
// Set this argument
this.dataGridArguments.Rows[i+3].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].arguments[i].ToString("X");
}
}
}
}
// Initialize the code text
textCallAssembly.Text = generateCode();
}
/// <summary>
/// Shallow clones this object.
/// </summary>
/// <returns></returns>
public oFunctionList Clone()
{
oFunctionList result = (oFunctionList)MemberwiseClone();
if (result.dataVis != null)
{
result.dataVis = result.dataVis.Clone();
}
if (result.functions != null)
{
result.functions = new List <oFunction>(result.functions);
}
return(result);
}
public void TryToApplySignature(DataGridViewSelectedRowCollection selectedRows, oFunctionList functionList)
{
DialogResult showDialog = ShowDialog();
if (showDialog == DialogResult.OK)
{
foreach (ListViewItem item in listSignatures.Items)
{
if (item.Checked)
{
EntpackSignature(item.SubItems[1].Text);
if (!BuildIndex()) return;
foreach (DataGridViewRow selectedRow in selectedRows)
{
oFunction function = functionList.getFunction(selectedRow.Index);
string functionName = GetFunctionName(function.getSignature());
if (functionName != string.Empty)
function.name = functionName;
}
}
}
}
}
public oTabCallSender(oTabManager parent, ToolStrip toolStrip, Panel panelMain, ToolStrip mainToolStrip, string tabTitle, oFunctionList recordedData)
: base(parent, toolStrip, panelMain, mainToolStrip, tabTitle)
{
// Initialize the controls we need
InitializeComponents(recordedData);
}
private void updatePredictedOutput()
{
// Parse the input parameters
int minCallCount = getCallCountMin();
int maxCallCount = getCallCountMax();
// Validate input arguments again
if (minCallCount < 0 | maxCallCount < 0 && maxCallCount >= minCallCount )
return;
// Load the time range selection radial menu
int timeSelection = (radioTimeRangeAll.Checked ? 1 : 0) + (radioTimeRangeClip.Checked ? 2 : 0);
// Load the arg filter type selection radial menu
int argFilterSelection = (radioArgAny.Checked ? 1 : 0) + (radioArg1Byte.Checked ? 2 : 0) +
(radioArg2Byte.Checked ? 3 : 0) + (radioArg4Byte.Checked ? 4 : 0) +
(radioArgFloat.Checked ? 5 : 0);
// Load the arg string selection radial menu
int argStringSelection = (radioStringAny.Checked ? 1 : 0) + (radioStringYes.Checked ? 2 : 0) +
(radioStringMatch.Checked ? 3 : 0);
// Load the arg binary selection radial menu
int argBinarySelection = (radioBinaryAny.Checked ? 1 : 0) + (radioBinaryPartial.Checked ? 2 : 0) +
(radioBinaryStart.Checked ? 3 : 0);
// Load the argument count filter
int argMinCount;
int argMaxCount;
if (!getArgRange(out argMinCount, out argMaxCount))
return;
// Validate the input of the arg filter selection
RANGE_PARSE args = null;
switch(argFilterSelection)
{
case 2:
args = new RANGE_PARSE_1BYTE(text1Byte);
break;
case 3:
args = new RANGE_PARSE_2BYTE(text2Byte);
break;
case 4:
args = new RANGE_PARSE_4BYTE(text4Byte);
break;
case 5:
args = new RANGE_PARSE_FLOAT(textFloat);
break;
}
if (args != null && !args.valid)
return;
// Create a copy of the original function list
functionListOutput = functionList.Clone();
// Perform the data clipping if required
if( timeSelection == 2 )
{
// Clip the data to the selected region
// Firstly replace the function list output with the selected time series output
functionListOutput = playBar.getSelectedFunctionList().Clone();
// Now clip it to the selected range
functionListOutput.clipCalls_timeRange(playBar.selectStart, playBar.selectEnd);
}
// Filter the data based on the source and destination if required
if( checkAddressFunction.Checked )
{
// Filter based on the function address
RANGE_PARSE_4BYTE range = new RANGE_PARSE_4BYTE(textAddressRangeFunction);
if( range.valid )
functionListOutput.clipCalls_addressDest(range);
}
if( checkAddressSource.Checked )
{
// Filter based on the call source address
RANGE_PARSE_4BYTE range = new RANGE_PARSE_4BYTE(textAddressRangeSource);
if (range.valid)
functionListOutput.clipCalls_addressSource(range);
}
// Perform the argument count filtering
functionListOutput.clipCalls_argumentCount(argMinCount,argMaxCount);
// Perform the argument searching
if( args != null )
functionListOutput.clipCalls_argument(args);
// Filter based on the string arguments
switch(argStringSelection)
{
case 1:
// Any call
break;
case 2:
// Only calls with strings
functionListOutput.clipCalls_hasStringArgument();
break;
case 3:
// Calls with string match
functionListOutput.clipCalls_hasStringArgumentMatch(textStringMatch.Text, checkStringCaseSensitive.Checked);
break;
}
// Filter based on the binary dereference arguments
// Validate the data
byte[] binaryData;
if (!readByteHexString(textBinaryMatch.Text, out binaryData))
{
// Invalid hex string
textBinaryMatch.BackColor = Color.MediumVioletRed;
}
else
{
// Valid hex string
textBinaryMatch.BackColor = Color.White;
}
switch (argBinarySelection)
{
case 1:
// Any call
break;
case 2:
// Only calls with a partial binary match
functionListOutput.clipCalls_hasBinaryArgumentMatch(binaryData, false);
break;
case 3:
// Only calls with a starts-with binary match
functionListOutput.clipCalls_hasBinaryArgumentMatch(binaryData, true);
break;
}
// Perform the call type filtering
if( radioTypeInter.Checked || radioTypeIntra.Checked )
functionListOutput.clipCalls_type((radioTypeInter.Checked ? 1 : 2));
// Perform the call count filtering and clip the resulting functions
functionListOutput.clipFunctions_CallCount(minCallCount, maxCallCount);
// Update the displays
functionGrid.Rows.Clear();
functionGrid.RowCount = functionListOutput.getCount();
functionGrid.Invalidate();
this.Update();
labelCallsBefore.Text = string.Concat(functionList.getCallCount().ToString(), " calls before filtering.");
labelCallsAfter.Text = string.Concat(functionListOutput.getCallCount().ToString(), " calls after filtering.");
labelFunctionsBefore.Text = string.Concat(functionList.getCount().ToString(), " functions before filtering.");
labelFunctionsAfter.Text = string.Concat(functionListOutput.getCount().ToString(), " functions after filtering.");
}
public oTabCallSender(oTabManager parent, ToolStrip toolStrip, Panel panelMain, ToolStrip mainToolStrip, string tabTitle, oFunctionList recordedData)
: base(parent, toolStrip, panelMain, mainToolStrip, tabTitle)
{
// Initialize the controls we need
InitializeComponents(recordedData);
}