/// <summary> /// TODO: import intra/block stuff from EhTrace Agasm.cpp /// * Then we can do local: blah stuff etc... maybe do a little graph mode with MSAGL /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void btnDiss_Click(object sender, RoutedEventArgs e) { MemNavViewModel vm = DataContext as MemNavViewModel; if (vm != null && vm.SelectedProc != null) { IHighlightingDefinition instructionSyntax = null; using (Stream s = typeof(MemNavWin).Assembly.GetManifestResourceStream("inVteroUI.InstructionSyntax.xshd")) { if (s != null) { using (XmlReader reader = new XmlTextReader(s)) instructionSyntax = ICSharpCode.AvalonEdit.Highlighting.Xshd.HighlightingLoader.Load(reader, HighlightingManager.Instance); } } avaEdit.SyntaxHighlighting = instructionSyntax; ulong DisAddr = 0; ulong.TryParse(tbAddress.Text, NumberStyles.AllowHexSpecifier, System.Globalization.CultureInfo.InvariantCulture, out DisAddr); if (DisAddr != 0) { var asmBytes = vm.SelectedProc.GetVirtualByte((long)DisAddr); var asmCodes = Capstone.Dissassemble(asmBytes, asmBytes.Length, DisAddr, true); StringBuilder sb = new StringBuilder(); foreach (var code in asmCodes) { sb.AppendLine($"0x{code.insn.address:X} \t {code.insn.mnemonic} \t {code.insn.operands}"); } avaEdit.Text = sb.ToString(); } } }
private void btnAss_Click(object sender, RoutedEventArgs e) { ulong.TryParse(tbAddress.Text, NumberStyles.AllowHexSpecifier, System.Globalization.CultureInfo.InvariantCulture, out DisAddr); var PatchAddr = (long)DisAddr; MemNavViewModel vm = DataContext as MemNavViewModel; if (vm != null && vm.SelectedProc != null) { var p = vm.SelectedProc; var hw = p.MemAccess.VirtualToPhysical(p.CR3Value, PatchAddr); var file_block_offset = p.MemAccess.OffsetToMemIndex(hw.NextTable_PFN); var FileAddr = file_block_offset + (PatchAddr & 0xfff); var writer = new FileStream(vm.vtero.MemFile, FileMode.Open, FileAccess.Write, FileShare.ReadWrite); writer.Seek(FileAddr, SeekOrigin.Begin); writer.Write(CurrAss, 0, CurrAss.Length); writer.Close(); MessageBox.Show($"Write back to address {DisAddr:x} assembly code done."); } }
private void tbSymMatch_PreviewKeyUp(object sender, KeyEventArgs e) { MemNavViewModel vm = DataContext as MemNavViewModel; var ms = lvBlocks.SelectedItem as MemSection; if (vm != null && vm.SelectedProc != null && ms != null) { lvSymbols.ItemsSource = vm.SelectedProc.MatchSymbols(tbSymMatch.Text, ms.Name); } }
private void lvSymbols_MouseLeftButtonUp(object sender, MouseButtonEventArgs e) { MemNavViewModel vm = DataContext as MemNavViewModel; if (vm != null && vm.SelectedProc != null) { var ms = lvSymbols.SelectedItem as Tuple <string, ulong, ulong>; if (ms != null) { tbAddress.Text = ms.Item2.ToString("x"); } } }
private void lvBlocks_Selected(object sender, RoutedEventArgs e) { MemNavViewModel vm = DataContext as MemNavViewModel; if (vm != null && vm.SelectedProc != null && lvBlocks.SelectedItem != null) { var ms = lvBlocks.SelectedItem as MemSection; if (ms != null) { tbAddress.Text = ms.Address.ToString("x"); } } }
public Loader(Vtero vtero) { Thread t = new Thread(new ThreadStart(() => { var dc = new MemNavViewModel(vtero); var w = new MemNavWin(); w.DataContext = dc; w.Show(); Dispatcher.Run(); })); t.SetApartmentState(ApartmentState.STA); t.IsBackground = true; t.Start(); }