From 8639627cadb960942c1b73faaceb412bca5f8e45 Mon Sep 17 00:00:00 2001 From: fjqisba Date: Wed, 31 Aug 2022 21:02:33 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=BF=9E=E7=BB=AD=E7=9C=81?= =?UTF-8?q?=E7=95=A5=E5=8F=82=E6=95=B0=E5=87=BD=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- E-Decompiler/EDecompiler.cpp | 1 + E-Decompiler/ESymbol.cpp | 27 ++-- E-Decompiler/ESymbol.h | 5 +- E-Decompiler/Module/CTreeFixer.cpp | 194 ++--------------------------- E-Decompiler/Utils/IDAWrapper.cpp | 9 ++ E-Decompiler/Utils/IDAWrapper.h | 2 + README.md | 3 +- 7 files changed, 43 insertions(+), 198 deletions(-) diff --git a/E-Decompiler/EDecompiler.cpp b/E-Decompiler/EDecompiler.cpp index e600b80..158772d 100644 --- a/E-Decompiler/EDecompiler.cpp +++ b/E-Decompiler/EDecompiler.cpp @@ -7,6 +7,7 @@ #include "ECSigParser.h" #include "ImportsParser.h" #include +#include #include "./Module/ShowEventList.h" #include "./Module/ShowImports.h" diff --git a/E-Decompiler/ESymbol.cpp b/E-Decompiler/ESymbol.cpp index 33a6a9c..d9490b3 100644 --- a/E-Decompiler/ESymbol.cpp +++ b/E-Decompiler/ESymbol.cpp @@ -268,7 +268,7 @@ bool ESymbol::scanBasicFunction() else if (funcName == "����ʡ�Բ���") { IDAWrapper::apply_cdecl(pFunc->start_ea, "void __usercall pushDefaultParam(int argCount@);"); eSymbolFuncTypeMap[pFunc->start_ea] = eFunc_PushDefaultArg; - handlePushDefaultArgFunc(pFunc->start_ea); + handleFuncPushDefaultArg(pFunc->start_ea); } else if (funcName == "�ı��Ƚ�") { IDAWrapper::apply_cdecl(pFunc->start_ea, "int __cdecl strcmp(char* _Str1,char* _Str2);"); @@ -277,13 +277,6 @@ bool ESymbol::scanBasicFunction() return true; } -bool ESymbol::handlePushDefaultArgFunc(unsigned int funcAddr) -{ - std::vector xrefList = IDAWrapper::getAllCodeXrefAddr(funcAddr); - - return true; -} - bool ESymbol::loadKrnlInterface(unsigned int lpKrnlEntry) { qstring jmpOtherHelpHex; @@ -573,6 +566,24 @@ bool ESymbol::loadUserImports(unsigned int dwApiCount, unsigned int lpModuleName return true; } +bool ESymbol::handleFuncPushDefaultArg(unsigned int callAddr) +{ + std::vector xRefList = IDAWrapper::getAllCodeXrefAddr(callAddr); + for (unsigned int n = 0; n < xRefList.size(); ++n) { + insn_t tmpIns; + if (decode_prev_insn(&tmpIns, xRefList[n]) == BADADDR) { + continue; + } + //mov ebx,xxx + if (tmpIns.itype != NN_mov || tmpIns.ops[0].reg != 0x3) { + continue; + } + unsigned int argCount = tmpIns.ops[1].value; + IDAWrapper::add_user_stkpnt(xRefList[n] + 5, -(argCount * 4)); + } + return true; +} + bool ESymbol::scanEClassTable() { //���������δ���0x1000000 diff --git a/E-Decompiler/ESymbol.h b/E-Decompiler/ESymbol.h index 612521d..af6954a 100644 --- a/E-Decompiler/ESymbol.h +++ b/E-Decompiler/ESymbol.h @@ -246,15 +246,14 @@ class ESymbol bool scanELibFunction(unsigned int lpLibStartAddr, unsigned int dwLibCount); //ɨ�貢ʶ�������Ի������� bool scanBasicFunction(); - //��������ʡ�Բ������� - bool handlePushDefaultArgFunc(unsigned int funcAddr); //���������Ժ��ĺ��� bool loadKrnlInterface(unsigned int lpKrnlEntry); //���ؽ�����Դ��Ϣ bool loadGUIResource(unsigned int lpGUIStart, unsigned int infoSize); //�����û������ bool loadUserImports(unsigned int dwApiCount, unsigned int lpModuleName, unsigned int lpApiName); - + //��������ʡ�Բ��� + bool handleFuncPushDefaultArg(unsigned int callAddr); //ɨ������������� bool scanEClassTable(); //�����ؼ��������� diff --git a/E-Decompiler/Module/CTreeFixer.cpp b/E-Decompiler/Module/CTreeFixer.cpp index 7a77774..b6bbc56 100644 --- a/E-Decompiler/Module/CTreeFixer.cpp +++ b/E-Decompiler/Module/CTreeFixer.cpp @@ -5,6 +5,7 @@ #include "../EAppControl/EAppControl.h" #include "../Utils/Strings.h" #include +#include //�ţ��ֽ׶�Ŀ�����ô���ɶ���������ֱ�ӵ�Դ�룬���û��Ҫ�ڴ���ת��ϸ�ڽ��й����Ż� @@ -181,181 +182,15 @@ void copyBlock(mblock_t* dst,mblock_t* src) } } -// Insert new empty block with attributes copied from src -mblock_t* copyBlockEmpty(mblock_t* src, int insertBefore) { - - mblock_t* dst = src->mba->insert_block(insertBefore); - - // Copy struct members - dst->flags = src->flags; - dst->start = src->start; - dst->end = src->end; - dst->type = src->type; - - // Copy lists - dst->dead_at_start = src->dead_at_start; - dst->mustbuse = src->mustbuse; - dst->maybuse = src->maybuse; - dst->mustbdef = src->mustbdef; - dst->maybdef = src->maybdef; - dst->dnu = src->dnu; - - // Copy sval_t - //dst->maxbsp = src->maxbsp; - //dst->minbstkref = src->minbstkref; - //dst->minbargref = src->minbargref; - - dst->mark_lists_dirty(); - return dst; - -} - - - -void debug_testInert(mblock_t* nextBlk) -{ - auto addr = nextBlk->head->ea - 0x1; - minsn_t* tmpIns = new minsn_t(addr); - tmpIns->opcode = m_stx; - tmpIns->l.make_reg(0x30, 4); - tmpIns->r.make_reg(0x54, 2); - tmpIns->d.make_reg(0x50, 4); - nextBlk->insert_into_block(tmpIns, 0); - - tmpIns = new minsn_t(addr); - tmpIns->opcode = m_mov; - tmpIns->l.make_reg(0x64, 2); - tmpIns->d.make_reg(0x54, 2); - nextBlk->insert_into_block(tmpIns, 0); - - tmpIns = new minsn_t(addr); - tmpIns->opcode = m_mov; - tmpIns->l.make_reg(0x18, 4); - tmpIns->d.make_reg(0x50, 4); - nextBlk->insert_into_block(tmpIns, 0); - - tmpIns = new minsn_t(addr); - tmpIns->opcode = m_mov; - tmpIns->l.make_reg(0x38, 4); - tmpIns->d.make_reg(0x30, 4); - nextBlk->insert_into_block(tmpIns, 0); - - tmpIns = new minsn_t(addr); - tmpIns->opcode = m_mov; - tmpIns->l.make_number(0x0, 4); - tmpIns->d.make_reg(0x38, 4); - nextBlk->insert_into_block(tmpIns, 0); -} - -void debug_checkIns(mblock_t* blk) -{ - minsn_t* nextIns = blk->head; - while (nextIns != NULL) { - if (nextIns->ea == 0x0401035) { - blk->remove_from_block(nextIns); - } - nextIns = nextIns->next; - } - debug_testInert(blk); -} - -void debug_updateIns(mblock_t* blk,minsn_t* updateIns) -{ - for (unsigned int n = 0; n < 15; ++n) { - minsn_t* tmpIns = new minsn_t(updateIns->ea + 0x1); - tmpIns->opcode = m_push; - tmpIns->l.make_number(0, 4); - blk->insert_into_block(tmpIns, updateIns); - } -} - -void checkBlock(mba_t* mba, mblock_t* blk) -{ - auto nextIns = blk->head; - while (nextIns != nullptr) { - if (nextIns->ea == 0x00401016) { - const char* aaa = nextIns->dstr(); - debug_updateIns(blk,nextIns); - break; - } - nextIns = nextIns->next; - } - - //�ٱ���һ�� - nextIns = blk->head; - while (nextIns != nullptr) { - if (nextIns->ea == 0x00401016) { - minsn_t* insToRemove = nextIns; - nextIns = nextIns->next; - blk->remove_from_block(insToRemove); - continue; - } - nextIns = nextIns->next; - } - - - return; - if (!blk->tail) { - return; - } - if (blk->tail->opcode != m_call) { - return; - } - - - - - mblock_t* nextBlk = blk->nextb; - //nextBlk->head->l.make_number(0x12345678, 4); - - for (unsigned int n = 0; n < 6; ++n) { - debug_testInert(nextBlk); - continue; - minsn_t* tmpIns = new minsn_t(nextBlk->head->ea); - tmpIns->opcode = m_sub; - tmpIns->l.make_reg(0x18, 4); - tmpIns->r.make_number(4, 4); - tmpIns->d.make_reg(0x18, 4); - nextBlk->insert_into_block(tmpIns, 0); - } - - mba->copy_block(blk,nextBlk->serial); - //minsn_t* coreCallIns = blk->tail->prev; - //minsn_t* lastIns = blk->tail->prev; - //while (lastIns != NULL) { - // minsn_t* copyIns = new minsn_t(*lastIns); - // nextBlk->insert_into_block(copyIns, 0); - // lastIns = lastIns->prev; - //} - mba->remove_block(blk); - //nextBlk->build_lists(true); - //nextBlk->maxbsp = nextBlk->maxbsp + 24; - - //nextBlk->optimize_block(); - //copyBlockEmpty(nextBlk,nextBlk->serial); - //mba->remove_block(nextBlk); - //�����³�����block - /*mblock_t* newBlock = mba->insert_block(nextBlk->serial); - copyBlock(newBlock, nextBlk);*/ - - //newBlock->mark_lists_dirty(); - return; -} void tryFixMicroCode(mba_t* mba, ESymbol& symbolTable) { - mblock_t* startBlock = mba->get_mblock(0); - while (startBlock != NULL) { - checkBlock(mba,startBlock); - startBlock = startBlock->nextb; - } + //mblock_t* startBlock = mba->get_mblock(0); + //while (startBlock != NULL) { + // checkBlock(mba,startBlock); + // startBlock = startBlock->nextb; + //} - mba->tmpstk_size = 0x30; - //mba->fullsize = 0x140; - //mba->stacksize = 0x3c; - //mba->inargoff = 0x40; - //mba->minargref = 0x40; - //mba->spd_adjust = 0x0; //for (unsigned int n = 0; n < finder.pushArgList.size(); ++n) { // minsn_t* callIns = finder.pushArgList[n]; // mblock_t* blk = finder.pushBlockList[n]; @@ -373,6 +208,7 @@ void tryFixMicroCode(mba_t* mba, ESymbol& symbolTable) //} } + ssize_t idaapi CTreeFixCallback(void* ud, hexrays_event_t e, va_list va) { ESymbol* symbol = (ESymbol*)ud; @@ -391,24 +227,11 @@ ssize_t idaapi CTreeFixCallback(void* ud, hexrays_event_t e, va_list va) case hxe_microcode: { mba_t* mba = va_arg(va, mba_t*); - //tryFixMicroCode(mba,*symbol); + //tryFixMicroCode(mba, *symbol); return 0; } break; - case hxe_func_printed: - { - cfunc_t* cfunc = va_arg(va, cfunc_t*); - //strvec_t& svList = cfunc->sv; - //for (unsigned int n = 0; n < svList.size(); ++n) { - // if (svList[n].line.find("ReadProperty") != -1) { - // - // } - //} - //int a = 0; } - break; - } - return 0; } @@ -420,7 +243,6 @@ CTreeFixer::CTreeFixer(ESymbol& symbol):eSymbol(symbol) CTreeFixer::~CTreeFixer() { - mba_t* mba; } diff --git a/E-Decompiler/Utils/IDAWrapper.cpp b/E-Decompiler/Utils/IDAWrapper.cpp index f57ba41..eb820f0 100644 --- a/E-Decompiler/Utils/IDAWrapper.cpp +++ b/E-Decompiler/Utils/IDAWrapper.cpp @@ -5,6 +5,7 @@ #include #include #include +#include void IDAWrapper::show_wait_box(const char* msg) { @@ -77,6 +78,9 @@ void IDAWrapper::msg(const char* format, ...) bool IDAWrapper::apply_cdecl(unsigned int ea, const char* decl, int flags /*= 0*/) { til_t* idati = (til_t*)get_idati(); + if (!idati) { + return false; + } return ::apply_cdecl(idati, ea, decl, flags); } @@ -91,3 +95,8 @@ std::vector IDAWrapper::getAllCodeXrefAddr(unsigned int addr) } return retXrefList; } + +bool IDAWrapper::add_user_stkpnt(unsigned int ea, int delta) +{ + return ::add_user_stkpnt(ea,delta); +} diff --git a/E-Decompiler/Utils/IDAWrapper.h b/E-Decompiler/Utils/IDAWrapper.h index 94776d8..1cc7d60 100644 --- a/E-Decompiler/Utils/IDAWrapper.h +++ b/E-Decompiler/Utils/IDAWrapper.h @@ -21,4 +21,6 @@ namespace IDAWrapper{ //��ȡ���뽻�����õ�ַ std::vector getAllCodeXrefAddr(unsigned int addr); + + bool add_user_stkpnt(unsigned int ea, int delta); } \ No newline at end of file diff --git a/README.md b/README.md index 2112ca8..b749a29 100644 --- a/README.md +++ b/README.md @@ -49,8 +49,9 @@ 反编译核心部分 - [x] 控件的交叉引用,控件事件的展示。 -- [ ] 易语言基础特征函数的优化。 +- [ ] 易语言基础特征函数的优化、易语言数组操作。 - [x] DLL命令调用函数的优化。 +- [ ] 错误回调函数的优化。 本项目完全是由个人利用业余时间开发,不定时更新。