public CodeText Parse(string text)
{
var matches = REGEX_HEX.Matches(text).Cast <Match>().ToArray();
var codeRows = new List <CodeRow>();
for (int i = 0; i < matches.Length; i += 8)
{
var num = Math.Min(matches.Length - i, 8);
var _matches = matches.Skip(i).Take(num).ToArray();
var bytes = new CodeByte[num];
for (int m = 0; m < num; m++)
{
if (_matches[m].Groups[1].Value.Contains("?"))
{
bytes[m] = new CodeByte(0)
{
Wildcard = true
}
}
;
else
{
bytes[m] = new CodeByte(byte.Parse(_matches[m].Groups[1].Value.Trim(), System.Globalization.NumberStyles.HexNumber));
}
}
var asm = string.Join(" ", bytes.Select(x => x.Wildcard ? "??" : x.Value.ToString("X2")).ToArray());
codeRows.Add(new CodeRow(bytes, asm));
}
return(new CodeText(codeRows.ToArray(), text));
}
private CodeByte Disamexe(string fileexe)
{
progressBar1.Maximum = 100;
CodeByte codeByte = new CodeByte();
int exampleCodeBitness;
var peHeader = new PeNet.PeFile(fileexe);
if (peHeader.Is64Bit)
{
exampleCodeBitness = 64;
}
else
{
exampleCodeBitness = 32;
}
FileStream input = new FileStream(fileexe, FileMode.Open, FileAccess.Read);
BinaryReader reader = new BinaryReader(input);
reader.ReadBytes((int)peHeader.ImageSectionHeaders[0].PointerToRawData);
byte[] buffer = reader.ReadBytes((int)peHeader.ImageSectionHeaders[0].SizeOfRawData);
input.Close();
ulong exampleCodeRIP = peHeader.ImageNtHeaders.OptionalHeader.ImageBase + peHeader.ImageSectionHeaders[0].VirtualAddress;
var codeBytes = buffer;
var codeReader = new ByteArrayCodeReader(codeBytes);
var decoder = Iced.Intel.Decoder.Create(exampleCodeBitness, codeReader);
decoder.IP = exampleCodeRIP;
ulong endRip = decoder.IP + (uint)codeBytes.Length;
var instructions = new InstructionList();
while (decoder.IP < endRip)
{
decoder.Decode(out instructions.AllocUninitializedElement());
if (decoder.IP % PROGRESS_MODULO == 0)
{
progressBar1.Value = (int)(decoder.IP * 100 / endRip);
}
}
codeByte.instructions = instructions;
codeByte.hexcode = buffer;
codeByte.CodeRIP = exampleCodeRIP;
return(codeByte);
}
private async Task ExeDiff(CodeByte codebyteOriginal, CodeByte codebytePatched)
{
done = false;
int nbdiff = 0;
int curline = 0;
bool equal = true;
int nb_inst_O = 0;
int nb_inst_P = 0;
try
{
var instructionsOriginal = codebyteOriginal.instructions;
var instructionsPatched = codebytePatched.instructions;
var formatter = new MasmFormatter();
formatter.Options.DigitSeparator = "";
formatter.Options.FirstOperandCharIndex = 10;
var outputO = new StringOutput();
var outputP = new StringOutput();
progressBar1.Maximum = instructionsOriginal.Count();
richTextBoxOriginal.BackColor = Color.MintCream;
richTextBoxOriginal.ForeColor = Color.DarkGreen;
richTextBoxPatched.BackColor = Color.MintCream;
richTextBoxPatched.ForeColor = Color.DarkGreen;
await Task.Run(() => { // Async CODE Start
while (nb_inst_O < instructionsOriginal.Count() && nb_inst_P < instructionsPatched.Count())
{
var instrO = instructionsOriginal[nb_inst_O];
var instrP = instructionsPatched[nb_inst_P];
while ((instrO.ToString() != instrP.ToString()) || (instrO.IP != instrP.IP))
{
if (equal)
{
AffRich(instructionsOriginal[nb_inst_O - 1], richTextBoxOriginal, outputO, codebyteOriginal.hexcode, codebyteOriginal.CodeRIP);
AffRich(instructionsPatched[nb_inst_P - 1], richTextBoxPatched, outputP, codebytePatched.hexcode, codebytePatched.CodeRIP);
curline++;
equal = false;
RedProgess(((float)nb_inst_O / (float)instructionsOriginal.Count() * 100));
}
AffRich(instructionsOriginal[nb_inst_O], richTextBoxOriginal, outputO, codebyteOriginal.hexcode, codebyteOriginal.CodeRIP);
AffRich(instructionsPatched[nb_inst_P], richTextBoxPatched, outputP, codebytePatched.hexcode, codebytePatched.CodeRIP);
ModifColor(richTextBoxOriginal, curline);
ModifColor(richTextBoxPatched, curline);
curline++;
nb_inst_O++;
nb_inst_P++;
instrO = instructionsOriginal[nb_inst_O];
instrP = instructionsPatched[nb_inst_P];
while (instrO.IP < instrP.IP)
{
AffRich(instructionsOriginal[nb_inst_O], richTextBoxOriginal, outputO, codebyteOriginal.hexcode, codebyteOriginal.CodeRIP);
richTextBoxPatched.AppendText(Environment.NewLine);
ModifColor(richTextBoxOriginal, curline);
curline++;
nb_inst_O++;
instrO = instructionsOriginal[nb_inst_O];
}
while (instrO.IP > instrP.IP)
{
AffRich(instructionsPatched[nb_inst_P], richTextBoxPatched, outputP, codebytePatched.hexcode, codebytePatched.CodeRIP);
richTextBoxOriginal.AppendText(Environment.NewLine);
ModifColor(richTextBoxPatched, curline);
curline++;
nb_inst_P++;
instrP = instructionsPatched[nb_inst_P];
}
nbdiff++;
}
if (!equal)
{
AffRich(instructionsOriginal[nb_inst_O], richTextBoxOriginal, outputO, codebyteOriginal.hexcode, codebyteOriginal.CodeRIP);
AffRich(instructionsPatched[nb_inst_P], richTextBoxPatched, outputP, codebytePatched.hexcode, codebytePatched.CodeRIP);
curline++;
richTextBoxOriginal.AppendText("----------------------------------------------------" + Environment.NewLine);
richTextBoxPatched.AppendText("----------------------------------------------------" + Environment.NewLine);
curline++;
equal = true;
}
nb_inst_O++;
nb_inst_P++;
if (nb_inst_O % PROGRESS_MODULO == 0)
{
progressBar1.Value = nb_inst_O;
}
}
progressBar1.Value = 0;
done = true;
}); // Async CODE End
}
catch (Exception exept)
{
MessageBoxException(exept, "Patch Code");
}
}
public PatternElement(CodeByte codeByte)
{
InitializeComponent();
CodeByte = codeByte;
CodeByte.WildcardChanged += WildcardChangedEvent;
}
