示例#1
0
    def render(self, mcanv, va):
        trace = mcanv.mem
        if va != trace.getStackCounter():
            return DerefRenderer.render(self, mcanv, va)

        pc = trace.getProgramCounter()
        sym, is_thunk = trace.getSymByAddrThunkAware(pc)
        if sym is None:
            return DerefRenderer.render(self, mcanv, va)

        # TODO: this code also exists in win32stealth and in hookbreakpoint
        # we should put this somewhere common
        platform = trace.getMeta('Platform')
        arch = trace.getMeta('Architecture')
        impapi = viv_impapi.getImportApi(platform, arch)
        cc_name = impapi.getImpApiCallConv(sym)
        emu = vtrace.getEmu(trace)
        cc = emu.getCallingConvention(cc_name)
        args_def = impapi.getImpApiArgs(sym)
        if args_def is None:
            # sym did not exist in impapi :(
            logger.warning('sym but no impapi match: {}'.format(sym))
            return DerefRenderer.render(self, mcanv, va)

        argc = len(args_def)

        curop = trace.parseOpcode(trace.getProgramCounter())

        # use the calling convention to retrieve the args
        args = None
        if curop.isCall() or is_thunk:
            args = cc.getPreCallArgs(trace, argc)
        else:
            args = cc.getCallArgs(trace, argc)

        # since we are 'normalizing' the calls by visualizing all calling
        # conventions in a stdcall fashion, some args (like the ones in
        # registers don't have a stack va.
        mcanv.addText('%s :\n' % sym)
        fmt = '  arg%%d (%%s) 0x%%0%dx %%s\n' % (trace.getPointerSize() * 2, )
        for index, arg in enumerate(args):
            argtype = args_def[index][0]
            argva = arg
            if trace.isValidPointer(arg):
                argva = trace.readMemoryFormat(arg, 'P')[0]
            smc = e_canvas.StringMemoryCanvas(trace)
            e_canvas_rend.AutoBytesRenderer(maxrend=64).render(smc, argva)
            desc = str(smc)
            mcanv.addText(fmt % (index, argtype, arg, desc))
        mcanv.addText('-' * 5)
        mcanv.addText('\n')

        return DerefRenderer.render(self, mcanv, va)
示例#2
0
    def __init__(self, trace=None, parent=None):
        VQTraceNotifier.__init__(self, trace)
        vq_tree.VQTreeView.__init__(self, parent=parent)

        self.descrend = e_mem_rend.AutoBytesRenderer()

        self.setAlternatingRowColors(True)
        # snapped in by someone else.  use a signal instead.
        self.regnames = None
        # used to determine what registers have changed.
        self.lastregs = {}
        self.regvals = {}

        self.setStyleSheet(vq_colors.getDefaultColors())

        model = RegisterListModel(parent=self)
        self.setModel(model)
示例#3
0
 def renderMetadata(self, mcanv, va):
     trace = mcanv.mem
     p = trace.readMemoryFormat(va, 'P')[0]
     e_canvas_rend.AutoBytesRenderer().render(mcanv, p)