bof fix

- Fixed wrong calculation when adding comments larger than 512 chars which caused a BoF ( closes #53 )
- Added two new entries to the ntdll.api definition file

apis_def/ntdll.api

@@ -2606,6 +2606,22 @@ ParamCount=3
 ParamCount=4
 Header=ntdll.h.api;
 @=NtQuerySystemInformation
+[RtlGetNativeSystemInformation]
+1=[SYSTEM_INFORMATION_CLASS] SystemInformationClass
+2=PVOID SystemInformation
+3=ULONG Length
+4=PULONG ResultLength
+ParamCount=4
+Header=ntdll.h.api;
+@=RtlGetNativeSystemInformation
+[NtWow64GetNativeSystemInformation]
+1=[SYSTEM_INFORMATION_CLASS] SystemInformationClass
+2=PVOID SystemInformation
+3=ULONG Length
+4=PULONG ResultLength
+ParamCount=4
+Header=ntdll.h.api;
+@=NtWow64GetNativeSystemInformation
 [NtSetSystemInformation]
 1=[SYSTEM_INFORMATION_CLASS] SystemInformationClass
 2=PVOID SystemInformation

xAnalyzer/plugin.cpp

@@ -126,7 +126,7 @@ PLUG_EXPORT void CBMENUENTRY(CBTYPE cbType, PLUG_CB_MENUENTRY* info)
  			mbp.lpszText = "[" PLUGIN_NAME " " PLUGIN_VERSION_STR"]\n"
  							"Extended analysis for static code \n\n"
  							"http://github.com/ThunderCls/xAnalyzer\n"
- 							"Coded By : ThunderCls - 2020\n"
+ 							"Coded By : ThunderCls - 2021\n"
  							"Based on: APIInfo Plugin by mrfearless";
  			mbp.dwStyle = MB_USERICON | MB_OK;
  			mbp.lpszIcon = MAKEINTRESOURCE(IDI_ICON1);

xAnalyzer/plugin.h

@@ -5,7 +5,7 @@
 //plugin data
 #define PLUGIN_NAME "xAnalyzer"
 #define PLUGIN_VERSION 2
-#define PLUGIN_VERSION_STR "2.5.5"
+#define PLUGIN_VERSION_STR "2.5.6"
 
 enum
 {

xAnalyzer/pluginmain.cpp

@@ -3,7 +3,7 @@
 
 // Variables
 const char *szprojectnameInfo = "\n" PLUGIN_NAME " " PLUGIN_VERSION_STR
-								" Plugin by ThunderCls 2019\n"
+								" Plugin by ThunderCls 2021\n"
 								"Extended analysis for static code\n"
 								"-> For latest release, issues, etc....\n"
 								"-> For help type command \"xanal help\"\n"

xAnalyzer/xanalyzer.cpp

@@ -324,6 +324,9 @@ void AnalyzeBytesRange(duint dwEntry, duint dwExit)
 		inst.Address = CurrentAddress; // save address of instruction
 
 		DbgDisasmFastAt(CurrentAddress, &bii);
+		DISASM_INSTR instruction = { 0 };
+		DbgDisasmAt(CurrentAddress, &instruction);
+
 		prolog = IsProlog(&bii, CurrentAddress); // function prolog flag
 		epilog = IsEpilog(&bii); // function epilog flag
 		if (bii.call && bii.branch)
@@ -1713,15 +1716,18 @@ bool IsHeaderConstant(const char *CommentString, char *szComment, char *inst_sou
 										break;
 									}
 
-									size_t chars_left = MAX_COMMENT_SIZE - (strlen(szConstantComment) + constant.length() + 5);
+									//size_t chars_left = MAX_COMMENT_SIZE - (strlen(szConstantComment) + constant.length() + 5);
 									// check length to avoid BoF
-									if (chars_left >= safety_chars) // 5 chars left for safety
+									if ((strlen(szConstantComment) + constant.length() + 5) < MAX_COMMENT_SIZE) // 5 chars left for safety
 									{
 										if (orOperator)
 											strcat_s(szConstantComment, MAX_COMMENT_SIZE, " | ");
 
 										strcat_s(szConstantComment, MAX_COMMENT_SIZE, constant.c_str());
 									}
+									else
+										break;
+
 									orOperator = true;
 								}
 							}
@@ -1746,14 +1752,10 @@ bool IsHeaderConstant(const char *CommentString, char *szComment, char *inst_sou
 		}
 
 		// check length to avoid BoF
-		size_t chars_left = MAX_COMMENT_SIZE - (strlen(szComment) + safety_chars);
-		if (chars_left >= (int)strlen(szConstantComment)) // 5 chars left for safety
+		if ((strlen(szConstantComment) + strlen(szComment) + 5) < MAX_COMMENT_SIZE) // 5 chars left for safety
 			strcat_s(szComment, MAX_COMMENT_SIZE, szConstantComment);
 		else
-		{
-			strcpy_s(&szConstantComment[chars_left], MAX_COMMENT_SIZE, "...\0");
-			strcat_s(szComment, MAX_COMMENT_SIZE, szConstantComment);
-		}
+			strcat_s(szComment, MAX_COMMENT_SIZE, "...");
 	}
 
 	return result;