diff --git a/xAnalyzer/plugin.cpp b/xAnalyzer/plugin.cpp index c4eeabf..1f7cc0c 100644 --- a/xAnalyzer/plugin.cpp +++ b/xAnalyzer/plugin.cpp @@ -122,7 +122,7 @@ PLUG_EXPORT void CBMENUENTRY(CBTYPE cbType, PLUG_CB_MENUENTRY* info) mbp.lpszText = "[" PLUGIN_NAME " " PLUGIN_VERSION_STR"]\n" "Extended analysis for static code \n\n" "http://github.com/ThunderCls/xAnalyzer\n" - "Coded By : ThunderCls - 2016\n" + "Coded By : ThunderCls - 2017\n" "Based on: APIInfo Plugin by mrfearless"; mbp.dwStyle = MB_USERICON | MB_OK; mbp.lpszIcon = MAKEINTRESOURCE(IDI_ICON1); @@ -242,8 +242,8 @@ void pluginSetup() int clearprevmnu = _plugin_menuadd(hMenu, "Clear Previous Data"); _plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_CMTS, "User Comments"); _plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_LBLS, "User Labels"); - _plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_ACMTS, "AutoComments"); - _plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_ALBLS, "AutoLabels"); + _plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_ACMTS, "Auto Comments"); + _plugin_menuaddentry(clearprevmnu, MENU_ANALYZE_CLEAR_ALBLS, "Auto Labels"); _plugin_menuaddseparator(hMenu); _plugin_menuaddentry(hMenu, MENU_ABOUT, "&About..."); diff --git a/xAnalyzer/plugin.h b/xAnalyzer/plugin.h index a35bccc..ba812e4 100644 --- a/xAnalyzer/plugin.h +++ b/xAnalyzer/plugin.h @@ -5,7 +5,7 @@ //plugin data #define PLUGIN_NAME "xAnalyzer" #define PLUGIN_VERSION 2 -#define PLUGIN_VERSION_STR "2.4.2" +#define PLUGIN_VERSION_STR "2.4.3" enum { diff --git a/xAnalyzer/xanalyzer.cpp b/xAnalyzer/xanalyzer.cpp index f087a6c..fd3d21a 100644 --- a/xAnalyzer/xanalyzer.cpp +++ b/xAnalyzer/xanalyzer.cpp @@ -87,7 +87,10 @@ void OnBreakpoint(PLUG_CB_BREAKPOINT* bpInfo) Module::ModuleInfo mi; Module::InfoFromAddr(bpInfo->breakpoint->addr, &mi); - if (mi.entry == bpInfo->breakpoint->addr) // if we hit the EP + // if we hit the EP with a dbg one-shot EP BP + if (bpInfo->breakpoint->type == bp_normal && + mi.entry == bpInfo->breakpoint->addr && + strcmp(bpInfo->breakpoint->name, "entry breakpoint") == 0) { if (conf.auto_analysis) { @@ -1134,12 +1137,15 @@ bool IsNumericParam(string paramType) // ------------------------------------------------------------------------------------ bool IsMovStack(const BASIC_INSTRUCTION_INFO *bii, duint CurrentAddress) { - auto isMovInstruction = strstr(bii->instruction, "mov") != nullptr; + char instr[MAX_MNEMONIC_SIZE * 4]; + + strcpy_s(instr, bii->instruction); // keep original instruction string unchanged + auto isMovInstruction = strstr(instr, "mov") != nullptr; if (isMovInstruction && !IsProlog(bii, CurrentAddress) && !IsEpilog(bii)) // Is a mov instruction excluding prolog and epilog { char *next_token = NULL; - auto movDestination = strtok_s((char*)bii->instruction, ",", &next_token); // Get the left part of , + auto movDestination = strtok_s(instr, ",", &next_token); // Get the left part of , auto isMovDestinationEsp = strstr(movDestination, "esp") != nullptr; auto isMovDestinationEbp = strstr(movDestination, "ebp") != nullptr; @@ -2027,7 +2033,24 @@ char *GetInstructionSource(char *instruction) return ret; // return trimmed instruction source #else - return instruction += 5; // for push {constant} + // for push {constant} + if (strncmp(instruction, "push ", 5) == 0) + return instruction += 5; + // for mov esp/ebp, {constant} + else if (strncmp(instruction, "mov", 3) == 0) + { + char *ret = strstr(instruction, ","); + if (ret) + { + ret++; // avoid comma + if (ret[0] == ' ') // avoid blank space + ret++; + } + + return ret; + } + + return NULL; #endif } @@ -2224,8 +2247,8 @@ void LoadConfig() conf.extended_analysis = iniReader.ReadBoolean("settings", "analysis_extended", false); conf.clear_usercomments = iniReader.ReadBoolean("settings", "clear_usercomments", false); conf.clear_userlabels = iniReader.ReadBoolean("settings", "clear_userlabels", false); - conf.clear_autocomments = iniReader.ReadBoolean("settings", "clear_autocomments", false); - conf.clear_autolabels = iniReader.ReadBoolean("settings", "clear_autolabels", false); + conf.clear_autocomments = iniReader.ReadBoolean("settings", "clear_autocomments", true); + conf.clear_autolabels = iniReader.ReadBoolean("settings", "clear_autolabels", true); } // ------------------------------------------------------------------------------------