Example #1
0
    def format_text(self, block, options):
        old_lines = []
        old_tokens = []
        self.text.lines = []
        self.text.tokens = []

        line = []
        tokens = []
        x = 0
        instr = self.disasm

        if "address" in options:
            string = "%.8x   " % self.addr
            line += [[string, QColor(0, 0, 128)]]
            x += len(string)

        if instr.operation == None:
            line += [["??", Qt.black]]
            self.text.lines += [line]
            self.text.tokens += [tokens]
            return (old_lines != self.text.lines) or (old_tokens !=
                                                      self.text.tokens)

        result = ""
        operation = ""
        if instr.flags & X86.FLAG_LOCK:
            operation += "lock "
        if instr.flags & X86.FLAG_ANY_REP:
            operation += "rep"
            if instr.flags & X86.FLAG_REPNE:
                operation += "ne"
            elif instr.flags & X86.FLAG_REPE:
                operation += "e"
            operation += " "
        operation += instr.operation
        if len(operation) < 7:
            operation += " " * (7 - len(operation))
        result += operation + " "

        for j in range(0, len(instr.operands)):
            if j != 0:
                result += ", "
            if instr.operands[j].operand == "imm":
                value = instr.operands[j].immediate & (
                    (1 << (instr.operands[j].size * 8)) - 1)
                numfmt = "0x%%.%dx" % (instr.operands[j].size * 2)
                string = numfmt % value
                if (instr.operands[j].size == self.addr_size) and (
                        block.analysis.functions.has_key(value)):
                    # Pointer to existing function
                    func = block.analysis.functions[value]
                    string = func.name
                    if func.plt:
                        color = QColor(192, 0, 192)
                    else:
                        color = QColor(0, 0, 192)
                    if len(result) > 0:
                        line += [[result, Qt.black]]
                        x += len(result)
                        result = ""
                    line += [[string, color]]
                    tokens += [[x, len(string), "ptr", value, string]]
                    x += len(string)
                elif (instr.operands[j].size == self.addr_size) and (
                        value >= block.exe.start()
                ) and (value < block.exe.end()) and (not self.isLocalJump()):
                    # Pointer within module
                    if len(result) > 0:
                        line += [[result, Qt.black]]
                        x += len(result)
                        result = ""
                    if value in block.exe.symbols_by_addr:
                        string = block.exe.symbols_by_addr[value]
                    line += [[string, QColor(0, 0, 192)]]
                    tokens += [[x, len(string), "ptr", value, string]]
                    x += len(string)
                else:
                    result += string
            elif instr.operands[j].operand == "mem":
                plus = False
                result += X86.get_size_string(instr.operands[j].size)
                if (instr.segment != None) or (instr.operands[j].segment
                                               == "es"):
                    result += instr.operands[j].segment + ":"
                result += '['
                if instr.operands[j].components[0] != None:
                    tokens += [[
                        x + len(result),
                        len(instr.operands[j].components[0]), "reg",
                        instr.operands[j].components[0]
                    ]]
                    result += instr.operands[j].components[0]
                    plus = True
                if instr.operands[j].components[1] != None:
                    if plus:
                        tokens += [[
                            x + len(result) + 1,
                            len(instr.operands[j].components[1]), "reg",
                            instr.operands[j].components[1]
                        ]]
                    else:
                        tokens += [[
                            x + len(result),
                            len(instr.operands[j].components[1]), "reg",
                            instr.operands[j].components[1]
                        ]]
                    result += X86.get_operand_string(
                        instr.operands[j].components[1],
                        instr.operands[j].scale, plus)
                    plus = True
                if (instr.operands[j].immediate != 0) or (
                    (instr.operands[j].components[0] == None) and
                    (instr.operands[j].components[1] == None)):
                    if plus and (instr.operands[j].immediate >=
                                 -0x80) and (instr.operands[j].immediate < 0):
                        result += '-'
                        result += "0x%.2x" % (-instr.operands[j].immediate)
                    elif plus and (instr.operands[j].immediate > 0) and (
                            instr.operands[j].immediate <= 0x7f):
                        result += '+'
                        result += "0x%.2x" % instr.operands[j].immediate
                    elif plus and (instr.operands[j].immediate >= -0x8000
                                   ) and (instr.operands[j].immediate < 0):
                        result += '-'
                        result += "0x%.8x" % (-instr.operands[j].immediate)
                    elif instr.flags & X86.FLAG_64BIT_ADDRESS:
                        if plus:
                            result += '+'
                        value = instr.operands[j].immediate
                        string = "0x%.16x" % instr.operands[j].immediate
                        if hasattr(block.exe,
                                   "plt") and block.exe.plt.has_key(value):
                            # Pointer to PLT entry
                            self.plt = block.exe.plt[value]
                            if len(result) > 0:
                                line += [[result, Qt.black]]
                                x += len(result)
                                result = ""
                            string = self.plt + "@PLT"
                            line += [[string, QColor(0, 0, 192)]]
                            tokens += [[x, len(string), "ptr", value, string]]
                            x += len(string)
                        elif (value >=
                              block.exe.start()) and (value < block.exe.end()):
                            # Pointer within module
                            if len(result) > 0:
                                line += [[result, Qt.black]]
                                x += len(result)
                                result = ""
                            if value in block.exe.symbols_by_addr:
                                string = block.exe.symbols_by_addr[value]
                            line += [[string, QColor(0, 0, 192)]]
                            tokens += [[x, len(string), "ptr", value, string]]
                            x += len(string)
                        else:
                            result += string
                    else:
                        if plus:
                            result += '+'
                        value = instr.operands[j].immediate & 0xffffffff
                        string = "0x%.8x" % value
                        if (self.addr_size == 4) and hasattr(
                                block.exe,
                                "plt") and block.exe.plt.has_key(value):
                            # Pointer to PLT entry
                            self.plt = block.exe.plt[value]
                            if len(result) > 0:
                                line += [[result, Qt.black]]
                                x += len(result)
                                result = ""
                            string = block.exe.decorate_plt_name(self.plt)
                            line += [[string, QColor(0, 0, 192)]]
                            tokens += [[x, len(string), "ptr", value, string]]
                            x += len(string)
                        elif (self.addr_size
                              == 4) and (value >= block.exe.start()) and (
                                  value < block.exe.end()):
                            # Pointer within module
                            if len(result) > 0:
                                line += [[result, Qt.black]]
                                x += len(result)
                                result = ""
                            if value in block.exe.symbols_by_addr:
                                string = block.exe.symbols_by_addr[value]
                            line += [[string, QColor(0, 0, 192)]]
                            tokens += [[x, len(string), "ptr", value, string]]
                            x += len(string)
                        else:
                            result += string
                result += ']'
            else:
                tokens += [[
                    x + len(result),
                    len(instr.operands[j].operand), "reg",
                    instr.operands[j].operand
                ]]
                result += instr.operands[j].operand

        if len(result) > 0:
            line += [[result, Qt.black]]
        self.text.lines += [line]
        self.text.tokens += [tokens]

        return (old_lines != self.text.lines) or (old_tokens !=
                                                  self.text.tokens)
    def format_text(self, block, options):
        old_lines = []
        old_tokens = []
        self.text.lines = []
        self.text.tokens = []

        line = []
        tokens = []
        x = 0
        instr = self.disasm

        if "address" in options:
            string = "%.8x   " % self.addr
            line += [[string, QColor(0, 0, 128)]]
            x += len(string)

        if instr.operation == None:
            line += [["??", Qt.black]]
            self.text.lines += [line]
            self.text.tokens += [tokens]
            return (old_lines != self.text.lines) or (old_tokens != self.text.tokens)

        result = ""
        operation = ""
        if instr.flags & X86.FLAG_LOCK:
            operation += "lock "
        if instr.flags & X86.FLAG_ANY_REP:
            operation += "rep"
            if instr.flags & X86.FLAG_REPNE:
                operation += "ne"
            elif instr.flags & X86.FLAG_REPE:
                operation += "e"
            operation += " "
        operation += instr.operation
        if len(operation) < 7:
            operation += " " * (7 - len(operation))
        result += operation + " "

        for j in range(0, len(instr.operands)):
            if j != 0:
                result += ", "
            if instr.operands[j].operand == "imm":
                value = instr.operands[j].immediate & ((1 << (instr.operands[j].size * 8)) - 1)
                numfmt = "0x%%.%dx" % (instr.operands[j].size * 2)
                string = numfmt % value
                if (instr.operands[j].size == self.addr_size) and (value in block.analysis.functions):
                    # Pointer to existing function
                    func = block.analysis.functions[value]
                    string = func.name
                    if func.plt:
                        color = QColor(192, 0, 192)
                    else:
                        color = QColor(0, 0, 192)
                    if len(result) > 0:
                        line += [[result, Qt.black]]
                        x += len(result)
                        result = ""
                    line += [[string, color]]
                    tokens += [[x, len(string), "ptr", value, string]]
                    x += len(string)
                elif (instr.operands[j].size == self.addr_size) and (value >= block.exe.start()) and (value < block.exe.end()) and (not self.isLocalJump()):
                    # Pointer within module
                    if len(result) > 0:
                        line += [[result, Qt.black]]
                        x += len(result)
                        result = ""
                    if value in block.exe.symbols_by_addr:
                        string = block.exe.symbols_by_addr[value]
                    line += [[string, QColor(0, 0, 192)]]
                    tokens += [[x, len(string), "ptr", value, string]]
                    x += len(string)
                else:
                    result += string
            elif instr.operands[j].operand == "mem":
                plus = False
                result += X86.get_size_string(instr.operands[j].size)
                if (instr.segment != None) or (instr.operands[j].segment == "es"):
                    result += instr.operands[j].segment + ":"
                result += '['
                if instr.operands[j].components[0] != None:
                    tokens += [[x + len(result), len(instr.operands[j].components[0]), "reg", instr.operands[j].components[0]]]
                    result += instr.operands[j].components[0]
                    plus = True
                if instr.operands[j].components[1] != None:
                    if plus:
                        tokens += [[x + len(result) + 1, len(instr.operands[j].components[1]), "reg", instr.operands[j].components[1]]]
                    else:
                        tokens += [[x + len(result), len(instr.operands[j].components[1]), "reg", instr.operands[j].components[1]]]
                    result += X86.get_operand_string(instr.operands[j].components[1],
                        instr.operands[j].scale, plus)
                    plus = True
                if (instr.operands[j].immediate != 0) or ((instr.operands[j].components[0] == None) and (instr.operands[j].components[1] == None)):
                    if plus and (instr.operands[j].immediate >= -0x80) and (instr.operands[j].immediate < 0):
                        result += '-'
                        result += "0x%.2x" % (-instr.operands[j].immediate)
                    elif plus and (instr.operands[j].immediate > 0) and (instr.operands[j].immediate <= 0x7f):
                        result += '+'
                        result += "0x%.2x" % instr.operands[j].immediate
                    elif plus and (instr.operands[j].immediate >= -0x8000) and (instr.operands[j].immediate < 0):
                        result += '-'
                        result += "0x%.8x" % (-instr.operands[j].immediate)
                    elif instr.flags & X86.FLAG_64BIT_ADDRESS:
                        if plus:
                            result += '+'
                        value = instr.operands[j].immediate
                        string = "0x%.16x" % instr.operands[j].immediate
                        if hasattr(block.exe, "plt") and value in block.exe.plt:
                            # Pointer to PLT entry
                            self.plt = block.exe.plt[value]
                            if len(result) > 0:
                                line += [[result, Qt.black]]
                                x += len(result)
                                result = ""
                            string = self.plt + "@PLT"
                            line += [[string, QColor(0, 0, 192)]]
                            tokens += [[x, len(string), "ptr", value, string]]
                            x += len(string)
                        elif (value >= block.exe.start()) and (value < block.exe.end()):
                            # Pointer within module
                            if len(result) > 0:
                                line += [[result, Qt.black]]
                                x += len(result)
                                result = ""
                            if value in block.exe.symbols_by_addr:
                                string = block.exe.symbols_by_addr[value]
                            line += [[string, QColor(0, 0, 192)]]
                            tokens += [[x, len(string), "ptr", value, string]]
                            x += len(string)
                        else:
                            result += string
                    else:
                        if plus:
                            result += '+'
                        value = instr.operands[j].immediate & 0xffffffff
                        string = "0x%.8x" % value
                        if (self.addr_size == 4) and hasattr(block.exe, "plt") and value in block.exe.plt:
                            # Pointer to PLT entry
                            self.plt = block.exe.plt[value]
                            if len(result) > 0:
                                line += [[result, Qt.black]]
                                x += len(result)
                                result = ""
                            string = block.exe.decorate_plt_name(self.plt)
                            line += [[string, QColor(0, 0, 192)]]
                            tokens += [[x, len(string), "ptr", value, string]]
                            x += len(string)
                        elif (self.addr_size == 4) and (value >= block.exe.start()) and (value < block.exe.end()):
                            # Pointer within module
                            if len(result) > 0:
                                line += [[result, Qt.black]]
                                x += len(result)
                                result = ""
                            if value in block.exe.symbols_by_addr:
                                string = block.exe.symbols_by_addr[value]
                            line += [[string, QColor(0, 0, 192)]]
                            tokens += [[x, len(string), "ptr", value, string]]
                            x += len(string)
                        else:
                            result += string
                result += ']'
            else:
                tokens += [[x + len(result), len(instr.operands[j].operand), "reg", instr.operands[j].operand]]
                result += instr.operands[j].operand

        if len(result) > 0:
            line += [[result, Qt.black]]
        self.text.lines += [line]
        self.text.tokens += [tokens]

        return (old_lines != self.text.lines) or (old_tokens != self.text.tokens)