Esempio n. 1
0
        public callSender(oFunctionList recordedData)
        {
            this.recordedData = recordedData;

            InitializeComponent();

            if (recordedData != null)
            {
                // Set the call list count
                this.dataGridCalls.RowCount = recordedData.getCallCount();

                // Make sure only 1 function is in the function list.
                if (recordedData.getCount() == 1)
                {
                    // Set this function address
                    this.address = recordedData.functions[0].address;

                    // Set this function
                    this.function = recordedData.functions[0];

                    // Initialize the arguments data grid view control
                    this.dataGridArguments.Rows.Add(new string[] { "ecx", "0x0" });
                    this.dataGridArguments.Rows.Add(new string[] { "edx", "0x0" });
                    this.dataGridArguments.Rows.Add(new string[] { "eax", "0x0" });
                    for (int i = 0; i < recordedData.functions[0].getNumParams(); i++)
                    {
                        // Add this argument
                        this.dataGridArguments.Rows.Add(new string[] { "ebp+0x" + (8 + i * 4).ToString("X"), "0x0" });
                    }

                    // Load the initial arguments from the most recent function call
                    if (recordedData.getCallCount() > 0)
                    {
                        // Set the register inputs
                        this.dataGridArguments.Rows[0].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].ecx.ToString("X");
                        this.dataGridArguments.Rows[1].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].edx.ToString("X");
                        this.dataGridArguments.Rows[2].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].eax.ToString("X");

                        // Set the stack inputs
                        for (int i = 0; i < recordedData.functions[0].getNumParams(); i++)
                        {
                            // Set this argument
                            this.dataGridArguments.Rows[i + 3].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].arguments[i].ToString("X");
                        }
                    }
                }
            }


            // Initialize the code text
            textCallAssembly.Text = generateCode();
        }
Esempio n. 2
0
        private void updatePredictedOutput()
        {
            // Parse the input parameters
            int minCallCount = getCallCountMin();
            int maxCallCount = getCallCountMax();

            // Validate input arguments again
            if (minCallCount < 0 | maxCallCount < 0 && maxCallCount >= minCallCount)
            {
                return;
            }

            // Load the time range selection radial menu
            int timeSelection = (radioTimeRangeAll.Checked ? 1 : 0) + (radioTimeRangeClip.Checked ? 2 : 0);

            // Load the arg filter type selection radial menu
            int argFilterSelection = (radioArgAny.Checked ? 1 : 0) + (radioArg1Byte.Checked ? 2 : 0) +
                                     (radioArg2Byte.Checked ? 3 : 0) + (radioArg4Byte.Checked ? 4 : 0) +
                                     (radioArgFloat.Checked ? 5 : 0);

            // Load the arg string selection radial menu
            int argStringSelection = (radioStringAny.Checked ? 1 : 0) + (radioStringYes.Checked ? 2 : 0) +
                                     (radioStringMatch.Checked ? 3 : 0);

            // Load the arg binary selection radial menu
            int argBinarySelection = (radioBinaryAny.Checked ? 1 : 0) + (radioBinaryPartial.Checked ? 2 : 0) +
                                     (radioBinaryStart.Checked ? 3 : 0);

            // Load the argument count filter
            int argMinCount;
            int argMaxCount;

            if (!getArgRange(out argMinCount, out argMaxCount))
            {
                return;
            }

            // Validate the input of the arg filter selection
            RANGE_PARSE args = null;

            switch (argFilterSelection)
            {
            case 2:
                args = new RANGE_PARSE_1BYTE(text1Byte);
                break;

            case 3:
                args = new RANGE_PARSE_2BYTE(text2Byte);
                break;

            case 4:
                args = new RANGE_PARSE_4BYTE(text4Byte);
                break;

            case 5:
                args = new RANGE_PARSE_FLOAT(textFloat);
                break;
            }
            if (args != null && !args.valid)
            {
                return;
            }

            // Create a copy of the original function list
            functionListOutput = functionList.Clone();

            // Perform the data clipping if required
            if (timeSelection == 2)
            {
                // Clip the data to the selected region

                // Firstly replace the function list output with the selected time series output
                functionListOutput = playBar.getSelectedFunctionList().Clone();

                // Now clip it to the selected range
                functionListOutput.clipCalls_timeRange(playBar.selectStart, playBar.selectEnd);
            }

            // Filter the data based on the source and destination if required
            if (checkAddressFunction.Checked)
            {
                // Filter based on the function address
                RANGE_PARSE_4BYTE range = new RANGE_PARSE_4BYTE(textAddressRangeFunction);
                if (range.valid)
                {
                    functionListOutput.clipCalls_addressDest(range);
                }
            }
            if (checkAddressSource.Checked)
            {
                // Filter based on the call source address
                RANGE_PARSE_4BYTE range = new RANGE_PARSE_4BYTE(textAddressRangeSource);
                if (range.valid)
                {
                    functionListOutput.clipCalls_addressSource(range);
                }
            }

            // Perform the argument count filtering
            functionListOutput.clipCalls_argumentCount(argMinCount, argMaxCount);

            // Perform the argument searching
            if (args != null)
            {
                functionListOutput.clipCalls_argument(args);
            }

            // Filter based on the string arguments
            switch (argStringSelection)
            {
            case 1:
                // Any call
                break;

            case 2:
                // Only calls with strings
                functionListOutput.clipCalls_hasStringArgument();
                break;

            case 3:
                // Calls with string match
                functionListOutput.clipCalls_hasStringArgumentMatch(textStringMatch.Text, checkStringCaseSensitive.Checked);
                break;
            }

            // Filter based on the binary dereference arguments

            // Validate the data
            byte[] binaryData;
            if (!readByteHexString(textBinaryMatch.Text, out binaryData))
            {
                // Invalid hex string
                textBinaryMatch.BackColor = Color.MediumVioletRed;
            }
            else
            {
                // Valid hex string
                textBinaryMatch.BackColor = Color.White;
            }

            switch (argBinarySelection)
            {
            case 1:
                // Any call
                break;

            case 2:
                // Only calls with a partial binary match
                functionListOutput.clipCalls_hasBinaryArgumentMatch(binaryData, false);
                break;

            case 3:
                // Only calls with a starts-with binary match
                functionListOutput.clipCalls_hasBinaryArgumentMatch(binaryData, true);
                break;
            }


            // Perform the call type filtering
            if (radioTypeInter.Checked || radioTypeIntra.Checked)
            {
                functionListOutput.clipCalls_type((radioTypeInter.Checked ? 1 : 2));
            }



            // Perform the call count filtering and clip the resulting functions
            functionListOutput.clipFunctions_CallCount(minCallCount, maxCallCount);

            // Update the displays
            functionGrid.Rows.Clear();
            functionGrid.RowCount = functionListOutput.getCount();
            functionGrid.Invalidate();
            this.Update();
            labelCallsBefore.Text = string.Concat(functionList.getCallCount().ToString(), " calls before filtering.");
            labelCallsAfter.Text  = string.Concat(functionListOutput.getCallCount().ToString(), " calls after filtering.");

            labelFunctionsBefore.Text = string.Concat(functionList.getCount().ToString(), " functions before filtering.");
            labelFunctionsAfter.Text  = string.Concat(functionListOutput.getCount().ToString(), " functions after filtering.");
        }