View previous topic :: View next topic |
Author |
Message |
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Sat Jul 17, 2010 2:54 pm Post subject: Add a symbol/alias from table-view? |
|
|
Is there any quick and easy way to assign a symbol to an address from the table-view? If not, that'd be really useful! Maybe a check-box next to the description field that says, "register description as symbol" or something. It would be really nice to be able to use familiar names in the pointer scanner/memory viewer/dissector/etc instead of having to shuffle around 8-digit hex numbers!
I've not dived into the plugin API yet, tbh... is this something that could be added via a plugin?
Thanks in advance,
adude
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Sat Jul 17, 2010 4:25 pm Post subject: |
|
|
No, currently not implemented, and for ce 6 i've only come as far as allowing (descriptionname) to be handled as the value of the description. (how would I let the symbol interpreter know it's a addresslist address it should pick? [ is already taken, and ( stands for value )
and yes, it should be possible with the plugin system:
Register a context popup plugin for the addresslist (type ptAddressList) , and when that is triggerd call
exportstruct.AutoAssemble(addressofscript);
where script contains
Code: |
label(SelectedRecord.description)
registersymbol(SelectedRecord.description)
SelectedRecord.InterpretedAddress: //SelectedRecord.address could work as well
SelectedRecord.description:
|
read the help or ask if you're unsure
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Mon Jul 19, 2010 4:19 am Post subject: |
|
|
Just a question, yesterday I saw you ask how to make it a c++ plugin and was having trouble with GetVersion and C++ which stupidly linked the export to windows' api instead of the dll's
But before I could reply that I don't have that much experience with c++ and it's finicky name-molestation stuff it was already gone
So, did you fix it or gave up ? (If fix, let me know so I can make a c++ example plugin for next ce as well)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Mon Jul 19, 2010 9:23 am Post subject: |
|
|
Dark Byte wrote: | Just a question, yesterday I saw you ask how to make it a c++ plugin and was having trouble with GetVersion and C++ which stupidly linked the export to windows' api instead of the dll's
But before I could reply that I don't have that much experience with c++ and it's finicky name-molestation stuff it was already gone
So, did you fix it or gave up ? (If fix, let me know so I can make a c++ example plugin for next ce as well) |
A .DEF file to set the exports will remove the name-mangling.
_________________
- Retired. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Mon Jul 19, 2010 9:31 am Post subject: |
|
|
a def alone isn't enough
For some stupid reason when compiling in c++ mode instead of c mode the exported routine GetVersion then is a jump to the windows api GetVersion
normal c mode works fine
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Mon Jul 19, 2010 12:28 pm Post subject: |
|
|
I apologize for using the word stupid. It was my inexperience and frustration speaking.
A .def file alias will indeed work properly. With Wiccan's method, however, you've gotta' build the .def file as a custom build step between compiling and linking because the decorations can change depending on build environment. You can ask the compiler to generate a .map file that shows you the decorated function name - this is also useful to ensure that you're exporting your own GetVersion instead of shimming the kernel32 version.
I, personally, ended up using unmangled names and then exported them with a .def file alias, i.e.:
Code: | LIBRARY symbolize
EXPORTS
myGetVersion @4
GetVersion = myGetVersion @1
InitializePlugin @2
DisablePlugin @3
|
This should be relatively portable.
I had similar issues when trying to build a plugin with MASM - the compiler wouldn't let me override GetVersion at all. The same .def file did the trick in this case, too.
The only other way to get it to work in C++ that we could come up with (I had some help from a BRILLIANT fellow on IRC) was to overload the GetVersion kernel32 call with a naked decspec function and abuse the stack frame to grab the undeclared functional arguments. This actually works in release mode, but in debug mode the run-time checks detect that the stack frame is not being preserved and halt operation.
Sorry again for being so critical. Although it would be a lot easier if the function names were unique to CE or were imported by ordinal or something else, I can understand the need to be backward compatible. Live and learn.
Cheers,
adude
|
|
Back to top |
|
|
|