备份Microcode处理代码

fjqisba · Aug 30, 2022 · 1e9eb5b · 1e9eb5b
1 parent 9a246ad
commit 1e9eb5b
Show file tree

Hide file tree

Showing 11 changed files with 537 additions and 9 deletions.
diff --git a/E-Decompiler/E-Decompiler.vcxproj b/E-Decompiler/E-Decompiler.vcxproj
@@ -145,6 +145,7 @@
     <ClCompile Include="Module\EAppControlXref.cpp" />
     <ClCompile Include="Module\CTreeFixer.cpp" />
     <ClCompile Include="Module\ECSigMaker.cpp" />
+    <ClCompile Include="Module\MicroCodeFixer.cpp" />
     <ClCompile Include="Module\ShowEventList.cpp" />
     <ClCompile Include="Module\ShowImports.cpp" />
     <ClCompile Include="SectionManager.cpp" />
@@ -189,6 +190,7 @@
     <ClInclude Include="Module\EAppControlXref.h" />
     <ClInclude Include="Module\CTreeFixer.h" />
     <ClInclude Include="Module\ECSigMaker.h" />
+    <ClInclude Include="Module\MicroCodeFixer.h" />
     <ClInclude Include="Module\ShowEventList.h" />
     <ClInclude Include="Module\ShowImports.h" />
     <ClInclude Include="PropertyDelegate.h" />

diff --git a/E-Decompiler/E-Decompiler.vcxproj.filters b/E-Decompiler/E-Decompiler.vcxproj.filters
@@ -156,6 +156,9 @@
     <ClCompile Include="Module\ShowImports.cpp">
       <Filter>Module</Filter>
     </ClCompile>
+    <ClCompile Include="Module\MicroCodeFixer.cpp">
+      <Filter>Module</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="SectionManager.h">
@@ -294,6 +297,9 @@
     <ClInclude Include="Module\ShowImports.h">
       <Filter>Module</Filter>
     </ClInclude>
+    <ClInclude Include="Module\MicroCodeFixer.h">
+      <Filter>Module</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="E-Decompiler.rc" />

diff --git a/E-Decompiler/EDecompiler.cpp b/E-Decompiler/EDecompiler.cpp
@@ -71,11 +71,13 @@ EDecompiler::~EDecompiler()
 		gMenu_ShowImportsInfo->DestroyMenu();
 		gMenu_ShowImportsInfo = nullptr;
 	}
+
+	cTreeFixer.UnInstall();
+	UnInstallMicroCodeFixer();
 	term_hexrays_plugin();
 	unhook_from_notification_point(HT_UI, PluginUI_Callback,this);
 }
 
-
 bool idaapi EDecompiler::run(size_t)
 {
 	show_wait_box(getUTF8String("等待IDA初始化分析完毕").c_str());
@@ -107,6 +109,9 @@ bool EDecompiler::InitDecompilerEngine()
 	if (eSymbol.tmpImportsApiList.size() > 0) {
 		gMenu_ShowGUIInfo = IDAMenu::CreateMenu(getUTF8String("易语言/用户导入表").c_str(), ShowImports, &eSymbol);
 	}
+
+	cTreeFixer.Install();
+	InstallMicroCodeFixer(eSymbol);
 	return true;
 }
 

diff --git a/E-Decompiler/EDecompiler.h b/E-Decompiler/EDecompiler.h
@@ -6,6 +6,7 @@
 #include "./Module/CTreeFixer.h"
 #include "./Module/ECSigMaker.h"
 #include "./Module/EAppControlXref.h"
+#include "./Module/MicroCodeFixer.h"
 
 enum EArchitectureType
 {

diff --git a/E-Decompiler/ESymbol.cpp b/E-Decompiler/ESymbol.cpp
@@ -250,6 +250,9 @@ bool ESymbol::scanBasicFunction()
 		if (!pFunc) {
 			continue;
 		}
+		if (pFunc->start_ea >= userCodeEndAddr) {
+			continue;
+		}
 		if (eSymbolFuncTypeMap[pFunc->start_ea] != 0x0) {
 			continue;
 		}
@@ -264,6 +267,8 @@ bool ESymbol::scanBasicFunction()
 		}
 		else if (funcName == "连续省略参数") {
 			IDAWrapper::apply_cdecl(pFunc->start_ea, "void __usercall pushDefaultParam(int argCount@<ebx>);");
+			eSymbolFuncTypeMap[pFunc->start_ea] = eFunc_PushDefaultArg;
+			handlePushDefaultArgFunc(pFunc->start_ea);
 		}
 		else if (funcName == "文本比较") {
 			IDAWrapper::apply_cdecl(pFunc->start_ea, "int __cdecl strcmp(char* _Str1,char* _Str2);");
@@ -272,6 +277,13 @@ bool ESymbol::scanBasicFunction()
 	return true;
 }
 
+bool ESymbol::handlePushDefaultArgFunc(unsigned int funcAddr)
+{
+	std::vector<unsigned int> xrefList = IDAWrapper::getAllCodeXrefAddr(funcAddr);
+
+	return true;
+}
+
 bool ESymbol::loadKrnlInterface(unsigned int lpKrnlEntry)
 {
 	qstring jmpOtherHelpHex;
@@ -336,6 +348,8 @@ bool ESymbol::loadKrnlInterface(unsigned int lpKrnlEntry)
 	eSymbolFuncTypeMap[krnlJmp.Jmp_MWriteProperty] = eFunc_KrnlWriteProperty;
 	eSymbolFuncTypeMap[krnlJmp.Jmp_MCallKrnlLibCmd] = eFunc_KrnlLibFunc;
 	eSymbolFuncTypeMap[krnlJmp.Jmp_MCallDllCmd] = eFunc_KrnlDllCmd;
+	eSymbolFuncTypeMap[krnlJmp.Jmp_MReportError] = eFunc_KrnlReportError;
+	eSymbolFuncTypeMap[krnlJmp.Jmp_MFree] = eFunc_KrnlFreeMem;
 
 	IDAWrapper::apply_cdecl(krnlJmp.Jmp_MCallDllCmd, "krnlRet __usercall CallDllCmd@<eax:edx>(unsigned int index@<eax>,...);");
 	IDAWrapper::apply_cdecl(krnlJmp.Jmp_MCallLibCmd, "krnlRet __usercall CallLibCmd@<eax:edx>(unsigned int libFunc@<ebx>, int argCount, ...);");
@@ -548,8 +562,10 @@ bool ESymbol::loadUserImports(unsigned int dwApiCount, unsigned int lpModuleName
 		if (iIndex != -1) {
 			eImportsApi.libName = eImportsApi.libName.substr(0, iIndex);
 		}
-		eImportsApi.libName = eImportsApi.libName + "." + eImportsApi.apiName;
-		tmpImportsApiList.push_back(LocalCpToUtf8(eImportsApi.libName.c_str()));
+		if (!eImportsApi.libName.empty()) {
+			eImportsApi.apiName = eImportsApi.libName + "." + eImportsApi.apiName;
+		}
+		tmpImportsApiList.push_back(LocalCpToUtf8(eImportsApi.apiName.c_str()));
 		pszLibnameAddr += 4;
 		pszApinameAddr += 4;
 	}

diff --git a/E-Decompiler/ESymbol.h b/E-Decompiler/ESymbol.h
@@ -191,8 +191,14 @@ enum eSymbolFuncType
 	eFunc_KrnlWriteProperty,
 	//调用DLL命令
 	eFunc_KrnlDllCmd,
+	//错误回调
+	eFunc_KrnlReportError,
+	//释放内存
+	eFunc_KrnlFreeMem,
 	//文本相加
 	eFunc_Strcat,
+	//连续省略参数,
+	eFunc_PushDefaultArg,
 };
 
 struct EAppControl;
@@ -240,6 +246,8 @@ class ESymbol
 	bool scanELibFunction(unsigned int lpLibStartAddr, unsigned int dwLibCount);
 	//扫描并识别易语言基础命令
 	bool scanBasicFunction();
+	//处理连续省略参数函数
+	bool handlePushDefaultArgFunc(unsigned int funcAddr);
 	//加载易语言核心函数
 	bool loadKrnlInterface(unsigned int lpKrnlEntry);
 	//加载界面资源信息