Some Fixes

Fixes to the code pushed by @Herz3h
ThunderCls · Jun 16, 2017 · 34dbd98 · 34dbd98
1 parent 2f09732
commit 34dbd98
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 10 deletions.
diff --git a/xAnalyzer/plugin.cpp b/xAnalyzer/plugin.cpp
@@ -122,7 +122,7 @@ PLUG_EXPORT void CBMENUENTRY(CBTYPE cbType, PLUG_CB_MENUENTRY* info)
  			mbp.lpszText = "[" PLUGIN_NAME " " PLUGIN_VERSION_STR"]\n"
  							"Extended analysis for static code \n\n"
  							"http://github.com/ThunderCls/xAnalyzer\n"
- 							"Coded By : ThunderCls - 2016\n"
+ 							"Coded By : ThunderCls - 2017\n"
  							"Based on: APIInfo Plugin by mrfearless";
  			mbp.dwStyle = MB_USERICON | MB_OK;
  			mbp.lpszIcon = MAKEINTRESOURCE(IDI_ICON1);
@@ -242,8 +242,8 @@ void pluginSetup()
 	int clearprevmnu = _plugin_menuadd(hMenu, "Clear Previous Data");
 	_plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_CMTS, "User Comments");
 	_plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_LBLS, "User Labels");
-	_plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_ACMTS, "AutoComments");	
-	_plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_ALBLS, "AutoLabels");
+	_plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_ACMTS, "Auto Comments");	
+	_plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_ALBLS, "Auto Labels");
 	_plugin_menuaddseparator(hMenu);
 	_plugin_menuaddentry(hMenu, MENU_ABOUT, "&About...");
 

diff --git a/xAnalyzer/plugin.h b/xAnalyzer/plugin.h
@@ -5,7 +5,7 @@
 //plugin data
 #define PLUGIN_NAME "xAnalyzer"
 #define PLUGIN_VERSION 2
-#define PLUGIN_VERSION_STR "2.4.2"
+#define PLUGIN_VERSION_STR "2.4.3"
 
 enum
 {

diff --git a/xAnalyzer/xanalyzer.cpp b/xAnalyzer/xanalyzer.cpp
@@ -87,7 +87,10 @@ void OnBreakpoint(PLUG_CB_BREAKPOINT* bpInfo)
 	Module::ModuleInfo mi;
 
 	Module::InfoFromAddr(bpInfo->breakpoint->addr, &mi);
-	if (mi.entry == bpInfo->breakpoint->addr) // if we hit the EP
+	// if we hit the EP with a dbg one-shot EP BP
+	if (bpInfo->breakpoint->type == bp_normal &&
+		mi.entry == bpInfo->breakpoint->addr &&		
+		strcmp(bpInfo->breakpoint->name, "entry breakpoint") == 0)
 	{
 		if (conf.auto_analysis)
 		{
@@ -1134,12 +1137,15 @@ bool IsNumericParam(string paramType)
 // ------------------------------------------------------------------------------------
 bool IsMovStack(const BASIC_INSTRUCTION_INFO *bii, duint CurrentAddress)
 {
-	auto isMovInstruction = strstr(bii->instruction, "mov") != nullptr;
+	char instr[MAX_MNEMONIC_SIZE * 4];
+
+	strcpy_s(instr, bii->instruction); // keep original instruction string unchanged
+	auto isMovInstruction = strstr(instr, "mov") != nullptr;
 
 	if (isMovInstruction && !IsProlog(bii, CurrentAddress) && !IsEpilog(bii)) // Is a mov instruction excluding prolog and epilog
 	{
 		char *next_token = NULL;
-		auto movDestination = strtok_s((char*)bii->instruction, ",", &next_token); // Get the left part of ,
+		auto movDestination = strtok_s(instr, ",", &next_token); // Get the left part of ,
 		auto isMovDestinationEsp = strstr(movDestination, "esp") != nullptr;
 		auto isMovDestinationEbp = strstr(movDestination, "ebp") != nullptr;
 
@@ -2027,7 +2033,24 @@ char *GetInstructionSource(char *instruction)
 
 	return ret; // return trimmed instruction source
 #else
-	return instruction += 5; // for push {constant}
+	// for push {constant}
+	if (strncmp(instruction, "push ", 5) == 0)
+		return instruction += 5; 
+	// for mov esp/ebp, {constant}
+	else if (strncmp(instruction, "mov", 3) == 0)
+	{
+		char *ret = strstr(instruction, ",");
+		if (ret)
+		{
+			ret++; // avoid comma
+			if (ret[0] == ' ') // avoid blank space
+				ret++;
+		}
+
+		return ret;
+	}
+
+	return NULL;
 #endif
 }
 
@@ -2224,8 +2247,8 @@ void LoadConfig()
 	conf.extended_analysis = iniReader.ReadBoolean("settings", "analysis_extended", false);
 	conf.clear_usercomments = iniReader.ReadBoolean("settings", "clear_usercomments", false);
 	conf.clear_userlabels = iniReader.ReadBoolean("settings", "clear_userlabels", false);
-	conf.clear_autocomments = iniReader.ReadBoolean("settings", "clear_autocomments", false);
-	conf.clear_autolabels = iniReader.ReadBoolean("settings", "clear_autolabels", false);
+	conf.clear_autocomments = iniReader.ReadBoolean("settings", "clear_autocomments", true);
+	conf.clear_autolabels = iniReader.ReadBoolean("settings", "clear_autolabels", true);
 }
 
 // ------------------------------------------------------------------------------------