def format_text(self, block, options): old_lines = [] old_tokens = [] self.text.lines = [] self.text.tokens = [] line = [] tokens = [] x = 0 instr = self.disasm if "address" in options: string = "%.8x " % self.addr line += [[string, QColor(0, 0, 128)]] x += len(string) if instr.operation == None: line += [["??", Qt.black]] self.text.lines += [line] self.text.tokens += [tokens] return (old_lines != self.text.lines) or (old_tokens != self.text.tokens) result = "" operation = "" if instr.flags & X86.FLAG_LOCK: operation += "lock " if instr.flags & X86.FLAG_ANY_REP: operation += "rep" if instr.flags & X86.FLAG_REPNE: operation += "ne" elif instr.flags & X86.FLAG_REPE: operation += "e" operation += " " operation += instr.operation if len(operation) < 7: operation += " " * (7 - len(operation)) result += operation + " " for j in range(0, len(instr.operands)): if j != 0: result += ", " if instr.operands[j].operand == "imm": value = instr.operands[j].immediate & ( (1 << (instr.operands[j].size * 8)) - 1) numfmt = "0x%%.%dx" % (instr.operands[j].size * 2) string = numfmt % value if (instr.operands[j].size == self.addr_size) and ( block.analysis.functions.has_key(value)): # Pointer to existing function func = block.analysis.functions[value] string = func.name if func.plt: color = QColor(192, 0, 192) else: color = QColor(0, 0, 192) if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" line += [[string, color]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) elif (instr.operands[j].size == self.addr_size) and ( value >= block.exe.start() ) and (value < block.exe.end()) and (not self.isLocalJump()): # Pointer within module if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" if value in block.exe.symbols_by_addr: string = block.exe.symbols_by_addr[value] line += [[string, QColor(0, 0, 192)]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) else: result += string elif instr.operands[j].operand == "mem": plus = False result += X86.get_size_string(instr.operands[j].size) if (instr.segment != None) or (instr.operands[j].segment == "es"): result += instr.operands[j].segment + ":" result += '[' if instr.operands[j].components[0] != None: tokens += [[ x + len(result), len(instr.operands[j].components[0]), "reg", instr.operands[j].components[0] ]] result += instr.operands[j].components[0] plus = True if instr.operands[j].components[1] != None: if plus: tokens += [[ x + len(result) + 1, len(instr.operands[j].components[1]), "reg", instr.operands[j].components[1] ]] else: tokens += [[ x + len(result), len(instr.operands[j].components[1]), "reg", instr.operands[j].components[1] ]] result += X86.get_operand_string( instr.operands[j].components[1], instr.operands[j].scale, plus) plus = True if (instr.operands[j].immediate != 0) or ( (instr.operands[j].components[0] == None) and (instr.operands[j].components[1] == None)): if plus and (instr.operands[j].immediate >= -0x80) and (instr.operands[j].immediate < 0): result += '-' result += "0x%.2x" % (-instr.operands[j].immediate) elif plus and (instr.operands[j].immediate > 0) and ( instr.operands[j].immediate <= 0x7f): result += '+' result += "0x%.2x" % instr.operands[j].immediate elif plus and (instr.operands[j].immediate >= -0x8000 ) and (instr.operands[j].immediate < 0): result += '-' result += "0x%.8x" % (-instr.operands[j].immediate) elif instr.flags & X86.FLAG_64BIT_ADDRESS: if plus: result += '+' value = instr.operands[j].immediate string = "0x%.16x" % instr.operands[j].immediate if hasattr(block.exe, "plt") and block.exe.plt.has_key(value): # Pointer to PLT entry self.plt = block.exe.plt[value] if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" string = self.plt + "@PLT" line += [[string, QColor(0, 0, 192)]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) elif (value >= block.exe.start()) and (value < block.exe.end()): # Pointer within module if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" if value in block.exe.symbols_by_addr: string = block.exe.symbols_by_addr[value] line += [[string, QColor(0, 0, 192)]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) else: result += string else: if plus: result += '+' value = instr.operands[j].immediate & 0xffffffff string = "0x%.8x" % value if (self.addr_size == 4) and hasattr( block.exe, "plt") and block.exe.plt.has_key(value): # Pointer to PLT entry self.plt = block.exe.plt[value] if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" string = block.exe.decorate_plt_name(self.plt) line += [[string, QColor(0, 0, 192)]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) elif (self.addr_size == 4) and (value >= block.exe.start()) and ( value < block.exe.end()): # Pointer within module if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" if value in block.exe.symbols_by_addr: string = block.exe.symbols_by_addr[value] line += [[string, QColor(0, 0, 192)]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) else: result += string result += ']' else: tokens += [[ x + len(result), len(instr.operands[j].operand), "reg", instr.operands[j].operand ]] result += instr.operands[j].operand if len(result) > 0: line += [[result, Qt.black]] self.text.lines += [line] self.text.tokens += [tokens] return (old_lines != self.text.lines) or (old_tokens != self.text.tokens)
def format_text(self, block, options): old_lines = [] old_tokens = [] self.text.lines = [] self.text.tokens = [] line = [] tokens = [] x = 0 instr = self.disasm if "address" in options: string = "%.8x " % self.addr line += [[string, QColor(0, 0, 128)]] x += len(string) if instr.operation == None: line += [["??", Qt.black]] self.text.lines += [line] self.text.tokens += [tokens] return (old_lines != self.text.lines) or (old_tokens != self.text.tokens) result = "" operation = "" if instr.flags & X86.FLAG_LOCK: operation += "lock " if instr.flags & X86.FLAG_ANY_REP: operation += "rep" if instr.flags & X86.FLAG_REPNE: operation += "ne" elif instr.flags & X86.FLAG_REPE: operation += "e" operation += " " operation += instr.operation if len(operation) < 7: operation += " " * (7 - len(operation)) result += operation + " " for j in range(0, len(instr.operands)): if j != 0: result += ", " if instr.operands[j].operand == "imm": value = instr.operands[j].immediate & ((1 << (instr.operands[j].size * 8)) - 1) numfmt = "0x%%.%dx" % (instr.operands[j].size * 2) string = numfmt % value if (instr.operands[j].size == self.addr_size) and (value in block.analysis.functions): # Pointer to existing function func = block.analysis.functions[value] string = func.name if func.plt: color = QColor(192, 0, 192) else: color = QColor(0, 0, 192) if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" line += [[string, color]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) elif (instr.operands[j].size == self.addr_size) and (value >= block.exe.start()) and (value < block.exe.end()) and (not self.isLocalJump()): # Pointer within module if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" if value in block.exe.symbols_by_addr: string = block.exe.symbols_by_addr[value] line += [[string, QColor(0, 0, 192)]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) else: result += string elif instr.operands[j].operand == "mem": plus = False result += X86.get_size_string(instr.operands[j].size) if (instr.segment != None) or (instr.operands[j].segment == "es"): result += instr.operands[j].segment + ":" result += '[' if instr.operands[j].components[0] != None: tokens += [[x + len(result), len(instr.operands[j].components[0]), "reg", instr.operands[j].components[0]]] result += instr.operands[j].components[0] plus = True if instr.operands[j].components[1] != None: if plus: tokens += [[x + len(result) + 1, len(instr.operands[j].components[1]), "reg", instr.operands[j].components[1]]] else: tokens += [[x + len(result), len(instr.operands[j].components[1]), "reg", instr.operands[j].components[1]]] result += X86.get_operand_string(instr.operands[j].components[1], instr.operands[j].scale, plus) plus = True if (instr.operands[j].immediate != 0) or ((instr.operands[j].components[0] == None) and (instr.operands[j].components[1] == None)): if plus and (instr.operands[j].immediate >= -0x80) and (instr.operands[j].immediate < 0): result += '-' result += "0x%.2x" % (-instr.operands[j].immediate) elif plus and (instr.operands[j].immediate > 0) and (instr.operands[j].immediate <= 0x7f): result += '+' result += "0x%.2x" % instr.operands[j].immediate elif plus and (instr.operands[j].immediate >= -0x8000) and (instr.operands[j].immediate < 0): result += '-' result += "0x%.8x" % (-instr.operands[j].immediate) elif instr.flags & X86.FLAG_64BIT_ADDRESS: if plus: result += '+' value = instr.operands[j].immediate string = "0x%.16x" % instr.operands[j].immediate if hasattr(block.exe, "plt") and value in block.exe.plt: # Pointer to PLT entry self.plt = block.exe.plt[value] if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" string = self.plt + "@PLT" line += [[string, QColor(0, 0, 192)]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) elif (value >= block.exe.start()) and (value < block.exe.end()): # Pointer within module if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" if value in block.exe.symbols_by_addr: string = block.exe.symbols_by_addr[value] line += [[string, QColor(0, 0, 192)]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) else: result += string else: if plus: result += '+' value = instr.operands[j].immediate & 0xffffffff string = "0x%.8x" % value if (self.addr_size == 4) and hasattr(block.exe, "plt") and value in block.exe.plt: # Pointer to PLT entry self.plt = block.exe.plt[value] if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" string = block.exe.decorate_plt_name(self.plt) line += [[string, QColor(0, 0, 192)]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) elif (self.addr_size == 4) and (value >= block.exe.start()) and (value < block.exe.end()): # Pointer within module if len(result) > 0: line += [[result, Qt.black]] x += len(result) result = "" if value in block.exe.symbols_by_addr: string = block.exe.symbols_by_addr[value] line += [[string, QColor(0, 0, 192)]] tokens += [[x, len(string), "ptr", value, string]] x += len(string) else: result += string result += ']' else: tokens += [[x + len(result), len(instr.operands[j].operand), "reg", instr.operands[j].operand]] result += instr.operands[j].operand if len(result) > 0: line += [[result, Qt.black]] self.text.lines += [line] self.text.tokens += [tokens] return (old_lines != self.text.lines) or (old_tokens != self.text.tokens)