def VirtualFree(self, uc, esp, log, address, size, free_type):
log and print(f"VirtualFree: chunk to free: 0x{address:02x}, size 0x{size:02x}, type 0x{free_type:02x}")
new_chunks = []
success = False
for start, end in sorted(self.sample.allocated_chunks):
if start <= address <= end:
if free_type & 0x8000 and size == 0: # MEM_RELEASE, clear whole allocated range
if address in self.alloc_sizes:
size = self.alloc_sizes[address]
end_addr = address + size
uc.mem_unmap(address, size)
new_chunks += remove_range((start, end), (address, end_addr))
success = True
else:
log and print(f"\t0x{address} is not an alloc base address!")
new_chunks += [(start, end)]
elif free_type & 0x4000 and size > 0: # MEM_DECOMMIT, free requested size
end_addr = address + align(size)
uc.mem_unmap(address, align(size))
new_chunks += remove_range((start, end), (address, end_addr))
success = True
else:
log and print("\tIncorrect size + type combination!")
new_chunks += [(start, end)]
else:
new_chunks += [(start, end)]
self.sample.allocated_chunks = list(merge(new_chunks))
log and self.print_allocs()
if success:
return 1
log and print("\tAddress range not allocated!")
return 0
def do_del(self, args):
"""Removes breakpoints. Usage is the same as 'b', but the selected breakpoints and breakpoint ranges are being
deleted this time."""
code_targets = []
mem_targets = []
if not args:
self.engine.breakpoints.clear()
self.engine.mem_breakpoints.clear()
self.engine.apicall_handler.pending_breakpoints.clear()
for arg in args.split(" "):
if not arg:
continue
if arg == "stack":
mem_targets += [
(self.engine.STACK_ADDR,
self.engine.STACK_ADDR + self.engine.STACK_SIZE)
]
elif "m" == arg[0]:
try:
parts = list(map(lambda p: int(p, 0), arg[1:].split("-")))
if len(parts) == 1:
lower = upper = parts[0]
else:
lower = min(parts)
upper = max(parts)
mem_targets += [(lower, upper)]
except ValueError:
print(f"Error parsing address or range {arg}")
elif "$" == arg[0]:
arg = arg[1:]
if arg in self.engine.apicall_handler.hooks.values():
for addr, func_name in self.engine.apicall_handler.hooks.items(
):
if arg == func_name:
code_targets += [addr]
break
elif arg in self.engine.apicall_handler.pending_breakpoints:
self.engine.apicall_handler.pending_breakpoints.remove(arg)
else:
print(
f"Unknown method {arg}, not imported or used in pending breakpoint"
)
else:
try:
code_targets += [int(arg, 0)]
except ValueError:
print(f"Error parsing address {arg}")
with self.engine.data_lock:
for t in code_targets:
try:
self.engine.breakpoints.remove(t)
except KeyError:
pass
new_mem_breakpoints = []
for b_lower, b_upper in self.engine.mem_breakpoints:
for t_lower, t_upper in mem_targets:
new_mem_breakpoints += remove_range((b_lower, b_upper),
(t_lower, t_upper))
self.engine.mem_breakpoints = list(merge(new_mem_breakpoints))
self.print_breakpoints()