public void RaiseAddFuncEvent(object sender, TFunc Func)
{
if (OnAddFunc != null)
{
OnAddFunc(sender, Func);
}
}
public void RaiseFuncChanged(object sender, TFunc Func)
{
if (OnFuncChanged != null)
{
OnFuncChanged(sender, Func);
}
}
public int RenameFunction(TFunc f, string NName)
{
if (f != null)
{
f.FName = NName; RaiseFuncChanged(this, f); return(1);
}
return(0);
}
public void LoadFile(string FName)
{
byte[] sf_prefixes = new byte[mediana.MAX_INSTRUCTION_LEN];
mediana.INSTRUCTION instr1 = new mediana.INSTRUCTION();
mediana.DISASM_INOUT_PARAMS param = new mediana.DISASM_INOUT_PARAMS();
RaiseLogEvent(this, "Loading " + FName);
assembly = Win32Assembly.LoadFile(FName);
MeDisasm = new mediana(assembly);
int i = 0;
foreach (Section sect in assembly.NTHeader.Sections)
{
RaiseLogEvent(this, i.ToString() + ". Creating a new segment " + sect.RVA.ToString("X8") + " - " + (sect.RVA + sect.VirtualSize).ToString("X8") + "... ... OK");
i++;
}
TFunc fnc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + assembly.NTHeader.OptionalHeader.Entrypoint.Rva, 0, 0, "main");
param.arch = mediana.ARCH_ALL;
param.sf_prefixes = sf_prefixes;
param.mode = mediana.DISMODE.DISASSEMBLE_MODE_32;
param.options = (byte)(mediana.DISASM_OPTION_APPLY_REL | mediana.DISASM_OPTION_OPTIMIZE_DISP);
param.bas = assembly.NTHeader.OptionalHeader.ImageBase;
MeDisasm.medi_disassemble(RVA2FO(fnc.Addr), ref instr1, ref param);
Console.WriteLine(instr1.mnemonic);
//MeDisasm.medi_dump(instr, buff, OUT_BUFF_SIZE, DUMP_OPTION_IMM_UHEX | DUMP_OPTION_DISP_HEX);
FullProcList.AddFunc(fnc);
foreach (ExportMethod func in assembly.LibraryExports)
{
TFunc tmpfunc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + func.RVA, 2, func.Ordinal, func.Name);
FullProcList.AddFunc(tmpfunc);
}
foreach (LibraryReference lib in assembly.LibraryImports)
{
foreach (ImportMethod func in lib.ImportMethods)
{
TFunc tmpfunc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + func.RVA, 3, func.Ordinal, func.Name, lib.LibraryName);
FullProcList.AddFunc(tmpfunc);
}
}
bw.WorkerSupportsCancellation = true;
bw.WorkerReportsProgress = false;
bw.DoWork += bw_DoWork;
bw.RunWorkerCompleted += bw_RunWorkerCompleted;
bw.RunWorkerAsync();
}