├── .gitignore
├── AdvancedScript.sln
├── AdvancedScript
├── AdvSconfig.txt
├── AdvancedScript.cpp
├── AdvancedScript.h
├── AdvancedScript.vcxproj
├── AdvancedScript.vcxproj.filters
├── AdvancedScript.vcxproj.user
├── AssemblyInfo.cpp
├── AutocompleteMenu.dll
├── AutocompleteMenu.pdb
├── GoToByBase.cpp
├── GoToByBase.h
├── GoToByBase.resx
├── HelpAdvancedScript.txt
├── HelperFunctions.cpp
├── HelperFunctions.h
├── KgkV.gif
├── LogTemplate.cpp
├── LogTemplate.h
├── LogTemplate.resx
├── LogWindow.cpp
├── LogWindow.h
├── LogWindow.resx
├── MainForm.cpp
├── MainForm.h
├── MainForm.resx
├── Parser.cpp
├── Parser.h
├── PluginBasic.cpp
├── PluginBasic.h
├── ReadMe.txt
├── RegexSearch.cpp
├── RegexSearch.h
├── RegexSearch.resx
├── Register_UnRegister_Commands.cpp
├── Register_UnRegister_Commands.h
├── ScriptArgumentWindow.h
├── ScriptFun.cpp
├── ScriptFun.h
├── adsLib.cpp
├── adsLib.h
├── app.ico
├── app.rc
├── pluginsdk
│ ├── DeviceNameResolver
│ │ ├── DeviceNameResolver.h
│ │ ├── DeviceNameResolver_x64.a
│ │ ├── DeviceNameResolver_x64.lib
│ │ ├── DeviceNameResolver_x86.a
│ │ └── DeviceNameResolver_x86.lib
│ ├── TitanEngine
│ │ ├── TitanEngine.h
│ │ ├── TitanEngine_x64.a
│ │ ├── TitanEngine_x64.lib
│ │ ├── TitanEngine_x86.a
│ │ └── TitanEngine_x86.lib
│ ├── XEDParse
│ │ ├── XEDParse.h
│ │ ├── XEDParse_x64.a
│ │ ├── XEDParse_x64.lib
│ │ ├── XEDParse_x86.a
│ │ └── XEDParse_x86.lib
│ ├── _dbgfunctions.h
│ ├── _plugin_types.h
│ ├── _plugins.h
│ ├── _scriptapi.h
│ ├── _scriptapi_argument.h
│ ├── _scriptapi_assembler.h
│ ├── _scriptapi_bookmark.h
│ ├── _scriptapi_comment.h
│ ├── _scriptapi_debug.h
│ ├── _scriptapi_flag.h
│ ├── _scriptapi_function.h
│ ├── _scriptapi_gui.h
│ ├── _scriptapi_label.h
│ ├── _scriptapi_memory.h
│ ├── _scriptapi_misc.h
│ ├── _scriptapi_module.h
│ ├── _scriptapi_pattern.h
│ ├── _scriptapi_register.h
│ ├── _scriptapi_stack.h
│ ├── _scriptapi_symbol.h
│ ├── bridgegraph.h
│ ├── bridgelist.h
│ ├── bridgemain.h
│ ├── dbghelp
│ │ ├── dbghelp.h
│ │ ├── dbghelp_x64.a
│ │ ├── dbghelp_x64.lib
│ │ ├── dbghelp_x86.a
│ │ └── dbghelp_x86.lib
│ ├── jansson
│ │ ├── jansson.h
│ │ ├── jansson_config.h
│ │ ├── jansson_x64.a
│ │ ├── jansson_x64.lib
│ │ ├── jansson_x64dbg.h
│ │ ├── jansson_x86.a
│ │ └── jansson_x86.lib
│ ├── lz4
│ │ ├── lz4.h
│ │ ├── lz4_x64.a
│ │ ├── lz4_x64.lib
│ │ ├── lz4_x86.a
│ │ ├── lz4_x86.lib
│ │ ├── lz4file.h
│ │ └── lz4hc.h
│ ├── x32bridge.lib
│ ├── x32dbg.lib
│ ├── x64bridge.lib
│ ├── x64dbg.lib
│ └── yara
│ │ ├── yara.h
│ │ ├── yara
│ │ ├── ahocorasick.h
│ │ ├── arena.h
│ │ ├── atoms.h
│ │ ├── compiler.h
│ │ ├── dotnet.h
│ │ ├── elf.h
│ │ ├── endian.h
│ │ ├── error.h
│ │ ├── exec.h
│ │ ├── exefiles.h
│ │ ├── filemap.h
│ │ ├── globals.h
│ │ ├── hash.h
│ │ ├── hex_lexer.h
│ │ ├── integers.h
│ │ ├── lexer.h
│ │ ├── libyara.h
│ │ ├── limits.h
│ │ ├── mem.h
│ │ ├── modules.h
│ │ ├── object.h
│ │ ├── parser.h
│ │ ├── pe.h
│ │ ├── pe_utils.h
│ │ ├── proc.h
│ │ ├── re.h
│ │ ├── re_lexer.h
│ │ ├── rules.h
│ │ ├── scan.h
│ │ ├── sizedstr.h
│ │ ├── stream.h
│ │ ├── strutils.h
│ │ ├── threading.h
│ │ ├── types.h
│ │ └── utils.h
│ │ ├── yara_x64.lib
│ │ └── yara_x86.lib
├── resource.h
└── snowman.ini
└── README.md
/.gitignore:
--------------------------------------------------------------------------------
1 | .vs/
2 | ipch/
3 | Debug/
4 | Release/
5 | x64/
6 |
7 | *.suo
8 | *.sdf
9 | *.opensdf
10 | *.VC.db
11 | *.VC.opendb
--------------------------------------------------------------------------------
/AdvancedScript.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 14
4 | VisualStudioVersion = 14.0.24720.0
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AdvancedScript", "AdvancedScript\AdvancedScript.vcxproj", "{C4210388-272A-498E-B5A6-01BE110FD8F6}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {C4210388-272A-498E-B5A6-01BE110FD8F6}.Debug|x64.ActiveCfg = Debug|x64
17 | {C4210388-272A-498E-B5A6-01BE110FD8F6}.Debug|x64.Build.0 = Debug|x64
18 | {C4210388-272A-498E-B5A6-01BE110FD8F6}.Debug|x86.ActiveCfg = Debug|Win32
19 | {C4210388-272A-498E-B5A6-01BE110FD8F6}.Debug|x86.Build.0 = Debug|Win32
20 | {C4210388-272A-498E-B5A6-01BE110FD8F6}.Release|x64.ActiveCfg = Release|x64
21 | {C4210388-272A-498E-B5A6-01BE110FD8F6}.Release|x64.Build.0 = Release|x64
22 | {C4210388-272A-498E-B5A6-01BE110FD8F6}.Release|x86.ActiveCfg = Release|Win32
23 | {C4210388-272A-498E-B5A6-01BE110FD8F6}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | EndGlobal
29 |
--------------------------------------------------------------------------------
/AdvancedScript/AdvSconfig.txt:
--------------------------------------------------------------------------------
1 | Varx ; variable type(int-str-array),variable name add [] for array, value optional(str,array);Teal;
2 | Var ; define x64dbg variable type is just int;Teal;
3 | Getx ; $varname, value;Teal;
4 | Setx ; $variable name;Teal;
5 | Movx ; P1, P2(will analyzed);Teal;
6 | addx ; P1, P2(will analyzed);Teal;
7 | subx ; P1, P2(will analyzed);Teal;
8 | mulx ; P1, P2(will analyzed);Teal;
9 | divx ; P1, P2(will analyzed);Teal;
10 | andx ; P1, P2(will analyzed);Teal;
11 | orx ; P1, P2(will analyzed);Teal;
12 | xorx ; P1, P2(will analyzed);Teal;
13 | shlx ; P1, P2(will analyzed);Teal;
14 | pushx ; P1(will analyzed);Teal;
15 | popx ; P1(will analyzed);Teal;
16 | cmpx ; P1, P2(will analyzed);Teal;
17 | if ; mainStr > < = != ? string , type (int, str/strb,stre,strc ) , line number if true , line number if false;Teal;
18 | goto ; line number /lable line;Teal;
19 | findx ; ;Teal;
20 | findallx ; ;Teal;
21 | findallmemx ; address, byte pattern to search, array variable to handle result ,size of the data to search in;Teal;
22 | VarxClear; clear all variable's;Teal;
23 | memdump ; address , size of data;Teal;
24 | writeStr ; address , text to write , replace old string;Teal;
25 | ReadStr ; variable , duint address;Teal;
26 | ReadMem ;Read n byte under address;Teal;
27 | BPxx ; Address , Name of the breakpoint(optional) ,Breakpoint type (optional);Teal;
28 | bpcx ; Address //Delete a breakpoint;Teal;
29 | bpex ; Address //Enable a breakpoint;Teal;
30 | bpdx ; Address //Disable a breakpoint;Teal;
31 | bphx ; Address ,Hardware breakpoint type ,Hardware breakpoint size //Set a hardware breakpoint;Teal;
32 | bphcx ; Address/name //Delete a hardware breakpoint;Teal;
33 | bphex ; Address/name //Enable a previously disabled hardware breakpoint;Teal;
34 | bphdx ; Address/name //Disable a hardware breakpoint;Teal;
35 | bpmx ; Address, restore the memory breakpoint once ,Breakpoint type;Teal;
36 | asmx ; Address ,Instruction text, filled with NOPs;Teal;
37 | GetAPIName ; varname , addrress;Teal;
38 | ResizeArray ; array,added amount (+ or -);Teal;
39 | GetArraySize ; varArrName, varname;Teal;
40 | Write2File ; path,over_append(false/true),data (Can be array );Teal;
41 | ReadFile ;Read text file and Append Data to array variable just;Teal;
42 | inputbox ; variable, message, title;Teal;
43 | commentsetx ; address,String comment;Teal;
44 | GetdesCallJmp ; variable, address of call;Teal;
45 | run; ;Teal;
46 | erun;passing all first-chance exceptions to the debuggee.;Teal;
47 | pause; ;Teal;
48 | StepInto; ;Teal;
49 | StepOver; ;Teal;
50 | StepOut; ;Teal;
51 | ads.exebase ; get exe base;Lime;
52 | ads.modulebase(); (Modulename or address) get the base of module by name or address ( any address from the section);Lime;
53 | ads.SectionSize(); (address) get Section base by address ( any address from the section);Lime;
54 | ads.exefolderpath ; get exe folder path;Lime;
55 | ads.exename ; get exe name;Lime;
56 | ads.SectionBegin(); (address) get begin of the section by address ( any address from the section);Lime;
57 | ads.SectionEnd(); (address) get End of the section by address ( any address from the section);Lime;
58 | ads.GetAPIName(); (address) get API name from address;Lime;
59 | ads.GetArraySize(); ($arrayName) get the array size;Lime;
60 | ads.ReadStr(); (address) get string at address;Lime;
61 | ads.GetdesCallJmp(); (address of Call) get the destination of call or Jmp :Like ;Lime;
62 | int,;Dont forget to set value ;Fuchsia;
63 | str,;value is optional ;Fuchsia;
64 | array,;VarName[Array Size] ;Fuchsia;
--------------------------------------------------------------------------------
/AdvancedScript/AdvancedScript.cpp:
--------------------------------------------------------------------------------
1 | // This is the main DLL file.
2 |
3 | #include "AdvancedScript.h"
4 |
5 |
--------------------------------------------------------------------------------
/AdvancedScript/AdvancedScript.h:
--------------------------------------------------------------------------------
1 | // AdvancedScript.h
2 |
3 | #pragma once
4 |
5 | using namespace System;
6 |
7 | namespace AdvancedScript {
8 |
9 | public ref class Class1
10 | {
11 | // TODO: Add your methods for this class here.
12 | };
13 | }
14 |
--------------------------------------------------------------------------------
/AdvancedScript/AdvancedScript.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | E:\Code\x64dbg\x64\x64dbg.exe
5 | WindowsLocalDebugger
6 |
7 |
8 | E:\Code\x64dbg\x32\x32dbg.exe
9 | WindowsLocalDebugger
10 |
11 |
12 | E:\Code\x64dbg\x64\x64dbg.exe
13 | WindowsLocalDebugger
14 |
15 |
16 | E:\Code\x64dbg\x32\x32dbg.exe
17 | WindowsLocalDebugger
18 |
19 |
--------------------------------------------------------------------------------
/AdvancedScript/AssemblyInfo.cpp:
--------------------------------------------------------------------------------
1 |
2 | using namespace System;
3 | using namespace System::Reflection;
4 | using namespace System::Runtime::CompilerServices;
5 | using namespace System::Runtime::InteropServices;
6 | using namespace System::Security::Permissions;
7 |
8 | //
9 | // General Information about an assembly is controlled through the following
10 | // set of attributes. Change these attribute values to modify the information
11 | // associated with an assembly.
12 | //
13 | [assembly:AssemblyTitleAttribute(L"AdvancedScript")];
14 | [assembly:AssemblyDescriptionAttribute(L"")];
15 | [assembly:AssemblyConfigurationAttribute(L"")];
16 | [assembly:AssemblyCompanyAttribute(L"Microsoft")];
17 | [assembly:AssemblyProductAttribute(L"AdvancedScript")];
18 | [assembly:AssemblyCopyrightAttribute(L"AhmadMansoor /exetools - Copyright (c) Microsoft 2018")];
19 | [assembly:AssemblyTrademarkAttribute(L"")];
20 | [assembly:AssemblyCultureAttribute(L"")];
21 |
22 | //
23 | // Version information for an assembly consists of the following four values:
24 | //
25 | // Major Version
26 | // Minor Version
27 | // Build Number
28 | // Revision
29 | //
30 | // You can specify all the value or you can default the Revision and Build Numbers
31 | // by using the '*' as shown below:
32 |
33 | [assembly:AssemblyVersionAttribute("1.0.*")];
34 |
35 | [assembly:ComVisible(false)];
36 |
37 | [assembly:CLSCompliantAttribute(true)];
--------------------------------------------------------------------------------
/AdvancedScript/AutocompleteMenu.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/AutocompleteMenu.dll
--------------------------------------------------------------------------------
/AdvancedScript/AutocompleteMenu.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/AutocompleteMenu.pdb
--------------------------------------------------------------------------------
/AdvancedScript/GoToByBase.cpp:
--------------------------------------------------------------------------------
1 | #include "GoToByBase.h"
2 |
3 |
--------------------------------------------------------------------------------
/AdvancedScript/GoToByBase.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
--------------------------------------------------------------------------------
/AdvancedScript/HelperFunctions.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "PluginBasic.h"
3 |
4 | using namespace System;
5 | using namespace Microsoft::VisualBasic;
6 | using namespace Runtime::InteropServices;
7 | using namespace System::Collections;
8 |
9 | ///////////////////////////////////////////////////////////////////Helper Functions
10 | String^ reMoveSpaces(String^ input_);
11 | String^ CharArr2Str(char input_[]);
12 | String^ duint2Hex(duint input_);
13 | String^ charPTR2String(char* input);
14 | String^ ClearSlash_etc(String^ input);
15 | String^ GetAPIName_LableWay(duint Addr_);
16 | duint Str2duint(String^ input_);
17 | int Str2int(String^ input);
18 | duint Hex2duint(String^ input_);
19 | String^ str2Asci(String^ input);
20 | String^ ReplaceAtIndex(String^ OriginalString, String^ oldValue, String^ newValue);
21 | String^ AddZero2Addr(String^ input);
22 | String^ ConstChar2String(const char* input);
23 |
24 | bool IsAllSpaces(String^ input_);
25 |
26 | template
27 | String^ int2Str(T input_) {
28 | //if (Information::IsNumeric(input_)) {
29 | return Conversion::Str(input_);
30 | //}
31 | //return "NULL/ ";
32 | }
33 |
34 | const char* Str2ConstChar(System::String^ string_);
35 | char* Str2CharPTR(System::String^ string_);
36 | bool Str2bool(String^ input_);
37 | int CheckHexIsValid(String^ input_, String^% intValue);
38 | char* StringFormatInline_(String^ format);
39 | String^ StringFormatInline_Str(String^ format);
40 |
41 | enum VarType
42 | {
43 | int_,
44 | str,
45 | array_,
46 | hex,
47 | };
48 |
49 | VarType GetVarType(String^ vartype);
50 | Generic::List^ GetClipBoard();
51 | void SetClipBoard(String^ input);
52 |
53 | String^ str2Hex(String^ input, VarType inputType_,bool addx0);
54 |
55 | System::Void GetArg(String^ input, Generic::List^% arguments, bool brackets=false);
56 |
57 | ///////////////////////////////////////////////////////////////////Helper Functions
58 | //ref class MyException : public System::Exception {};
59 |
60 | static char* ads_version = "4.3";
61 |
62 |
63 |
--------------------------------------------------------------------------------
/AdvancedScript/KgkV.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/KgkV.gif
--------------------------------------------------------------------------------
/AdvancedScript/LogTemplate.cpp:
--------------------------------------------------------------------------------
1 | #include "LogTemplate.h"
2 |
3 |
--------------------------------------------------------------------------------
/AdvancedScript/LogWindow.cpp:
--------------------------------------------------------------------------------
1 | #include "LogWindow.h"
2 |
3 |
--------------------------------------------------------------------------------
/AdvancedScript/LogWindow.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | namespace AdvancedScript {
4 |
5 | using namespace System;
6 | using namespace System::ComponentModel;
7 | using namespace System::Collections;
8 | using namespace System::Windows::Forms;
9 | using namespace System::Data;
10 | using namespace System::Drawing;
11 |
12 |
13 |
14 |
15 | ///
16 | /// Summary for LogWindow
17 | ///
18 | public ref class LogWindow : public System::Windows::Forms::Form
19 | {
20 |
21 | public:
22 | ////////////////////////////
23 | // we add this line to anable to call RTB1 from out side
24 | //https://social.msdn.microsoft.com/Forums/en-US/dcc8228d-6937-450d-b4e2-e833fb1f388b/access-a-forms-public-functions-from-a-global-function-in-a-different-file?forum=Vsexpressvc
25 | // here we define Initialized form so we can can access it directly
26 | static LogWindow^ LogWindow_ = gcnew LogWindow();
27 | //////////////////////////// we add some more line down to access the RichTextBox from out side of the Thread
28 | public:
29 | LogWindow(void)
30 | {
31 | InitializeComponent();
32 | //
33 | //TODO: Add the constructor code here
34 | //
35 | //TheInstance = this;
36 | }
37 |
38 | protected:
39 | ///
40 | /// Clean up any resources being used.
41 | ///
42 | ~LogWindow()
43 | {
44 | if (components)
45 | {
46 | delete components;
47 | }
48 | }
49 | public: System::Windows::Forms::RichTextBox^ RTB1;
50 | public: System::Windows::Forms::SaveFileDialog^ saveFileDialog1;
51 | private: System::Windows::Forms::ContextMenuStrip^ CMS1;
52 | public:
53 | private: System::Windows::Forms::ToolStripMenuItem^ clearToolStripMenuItem;
54 | public:
55 | protected:
56 |
57 | protected:
58 |
59 | private: System::ComponentModel::IContainer^ components;
60 | public:
61 | protected:
62 |
63 | protected:
64 |
65 |
66 | protected:
67 |
68 | protected:
69 |
70 | protected:
71 |
72 | private:
73 | ///
74 | /// Required designer variable.
75 | ///
76 |
77 |
78 | #pragma region Windows Form Designer generated code
79 | ///
80 | /// Required method for Designer support - do not modify
81 | /// the contents of this method with the code editor.
82 | ///
83 | void InitializeComponent(void)
84 | {
85 | this->components = (gcnew System::ComponentModel::Container());
86 | this->RTB1 = (gcnew System::Windows::Forms::RichTextBox());
87 | this->saveFileDialog1 = (gcnew System::Windows::Forms::SaveFileDialog());
88 | this->CMS1 = (gcnew System::Windows::Forms::ContextMenuStrip(this->components));
89 | this->clearToolStripMenuItem = (gcnew System::Windows::Forms::ToolStripMenuItem());
90 | this->CMS1->SuspendLayout();
91 | this->SuspendLayout();
92 | //
93 | // RTB1
94 | //
95 | this->RTB1->ContextMenuStrip = this->CMS1;
96 | this->RTB1->Dock = System::Windows::Forms::DockStyle::Fill;
97 | this->RTB1->Font = (gcnew System::Drawing::Font(L"Microsoft Sans Serif", 14.25F, System::Drawing::FontStyle::Bold, System::Drawing::GraphicsUnit::Point,
98 | static_cast(0)));
99 | this->RTB1->Location = System::Drawing::Point(0, 0);
100 | this->RTB1->Name = L"RTB1";
101 | this->RTB1->ReadOnly = true;
102 | this->RTB1->Size = System::Drawing::Size(678, 404);
103 | this->RTB1->TabIndex = 0;
104 | this->RTB1->Text = L"";
105 | //
106 | // CMS1
107 | //
108 | this->CMS1->Items->AddRange(gcnew cli::array< System::Windows::Forms::ToolStripItem^ >(1) { this->clearToolStripMenuItem });
109 | this->CMS1->Name = L"CMS1";
110 | this->CMS1->Size = System::Drawing::Size(153, 48);
111 | //
112 | // clearToolStripMenuItem
113 | //
114 | this->clearToolStripMenuItem->Name = L"clearToolStripMenuItem";
115 | this->clearToolStripMenuItem->Size = System::Drawing::Size(152, 22);
116 | this->clearToolStripMenuItem->Text = L"Clear";
117 | this->clearToolStripMenuItem->Click += gcnew System::EventHandler(this, &LogWindow::clearToolStripMenuItem_Click);
118 | //
119 | // LogWindow
120 | //
121 | this->AutoScaleDimensions = System::Drawing::SizeF(6, 13);
122 | this->AutoScaleMode = System::Windows::Forms::AutoScaleMode::Font;
123 | this->ClientSize = System::Drawing::Size(678, 404);
124 | this->Controls->Add(this->RTB1);
125 | this->Name = L"LogWindow";
126 | this->Text = L"LogWindow";
127 | this->FormClosed += gcnew System::Windows::Forms::FormClosedEventHandler(this, &LogWindow::LogWindow_FormClosed);
128 | this->Load += gcnew System::EventHandler(this, &LogWindow::LogWindow_Load);
129 | this->CMS1->ResumeLayout(false);
130 | this->ResumeLayout(false);
131 |
132 | }
133 | #pragma endregion
134 | public:
135 | static bool FormLoaded = false; // we difine it to check if the form is loaded or not so they are no clashing to show the form
136 | private: System::Void LogWindow_Load(System::Object^ sender, System::EventArgs^ e) {
137 | FormLoaded = true;
138 | AdvancedScript::LogWindow::LogWindow_->RTB1->Text = Log_Str;
139 | }
140 | private: System::Void LogWindow_FormClosed(System::Object^ sender, System::Windows::Forms::FormClosedEventArgs^ e) {
141 | FormLoaded = false;
142 | }
143 | //////////////////////////////////
144 | //we add some more line down to access the RichTextBox from out side of the Thread
145 | public:
146 | static String^ Log_Str = ""; /// this will hold all Log messages
147 | delegate void SetTextCallback(String^ text); // delegate Function to Invoke RichTextBox for the first time
148 | public:
149 | static void RTBAppendText(String^ text) {
150 | if (AdvancedScript::LogWindow::LogWindow_->RTB1->InvokeRequired)
151 | {
152 | SetTextCallback^ d = gcnew SetTextCallback(RTBAppendText);
153 | AdvancedScript::LogWindow::LogWindow_->Invoke(d, gcnew array{text});
154 | }
155 | else
156 | {
157 | AdvancedScript::LogWindow::LogWindow_->RTB1->AppendText(Environment::NewLine);
158 | AdvancedScript::LogWindow::LogWindow_->RTB1->AppendText(text);
159 | }
160 | }
161 | //////////////////////////////////
162 |
163 |
164 |
165 | private: System::Void clearToolStripMenuItem_Click(System::Object^ sender, System::EventArgs^ e) {
166 | Log_Str = "";
167 | AdvancedScript::LogWindow::LogWindow_->RTB1->Text = "";
168 | }
169 | };
170 | }
171 |
--------------------------------------------------------------------------------
/AdvancedScript/LogWindow.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
121 | 153, 17
122 |
123 |
124 | 17, 17
125 |
126 |
--------------------------------------------------------------------------------
/AdvancedScript/MainForm.cpp:
--------------------------------------------------------------------------------
1 | //#include "MainForm.h"
2 |
--------------------------------------------------------------------------------
/AdvancedScript/Parser.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "HelperFunctions.h"
3 |
4 | int GetRegisterIndex(String^ input_);
5 | String^ readVarName(String^ input, int arrayIndex, String^% VarString2Replace);
6 | String^ tokens(String^ input, String^% VarString);
7 | String^ BackWard(String^ input, int tokenindex, String^% VarString);
8 | String^ ForWard(String^ input, int tokenindex, String^% VarString);
9 | String^ findScriptSystemVarValue(String^ input);
10 | String^ findVarValue(String^ input, VarType retAsVartype, String^% VarString);
11 | bool CheckexcutedCmd(String^ cmd_);
12 | String^ findHexValue(String^ input, String^% oldvalue_);
13 | String^ resolveString(String^ input, int% commaCount);
14 | String^ argumentValue(String^ argument, String^% OldValue_);
15 | String^ GetArgValueByType(String^ argument, VarType type_, bool Add0x=false);
16 |
17 | String^ replace_ads(String^ input_);
18 | //String^ Get_adsValue(String^ input, int% EndB);
19 | String^ StrAnalyze(String^ input, VarType type_,bool Add0x=false);
20 | String^ returnSpaces(int SpaceNum);
21 | String^ replaceValueBetweenBrackets(String^ input_);
22 |
23 | //enum ads_Enum
24 | //{
25 | // exebase,
26 | // modulebase,
27 | // SectionSize,
28 | // exefolderpath,
29 | // exename,
30 | // SectionBegin,
31 | // SectionEnd,
32 | //};
33 |
34 | //script test
35 |
36 | //Logx memdump(76FA0000, 50)
37 |
38 | //varx int, x, 0x45fa
39 | //varx str, z, 0xaa
40 | //setx x, $z + 0x33 - 25
41 | //varx array, y, 0x10
42 | //setx x, $x + $y[0]
43 |
44 |
45 | //varx str, search, "4533C94533C033"
46 | //varx str, base, { rdx }
47 | //findallmemx $base, $search
48 | //mov rdi, ref.addr(0)
49 | //
50 | //findallmem 0x10000, "4533C94533C033"
51 | //mov rdi, ref.addr(0)
52 |
53 |
54 | //varx int, x, 90
55 | //varx int, x1, 5
56 | //getvarx x
57 | //getvarx x1
58 | //varx array, y, 1
59 | //setvarx y, 110, 100
60 | //getvarx y, 10 + $x + $x1 + 5
61 |
62 |
63 |
64 |
65 | //varx int, x, 3
66 | //varx int, x1, 5
67 | //getvarx x
68 | //getvarx x1
69 | //varx array, y, 1
70 | //setvarx y, 3, 9
71 | //setvarx y, 10, 100
72 | //getvarx y, $x * 1
73 | //getvarx y, 1 + $x + $x1 + 1
74 |
75 |
76 |
77 |
78 |
79 | //varx int, x, 3
80 | //getvarx x
81 | //varx array, y, 1
82 | //setvarx y, 3, 5
83 | //getvarx y, $x * 1
--------------------------------------------------------------------------------
/AdvancedScript/PluginBasic.cpp:
--------------------------------------------------------------------------------
1 | #include "pluginBasic.h"
2 | #include "Register_UnRegister_Commands.h"
3 | #include "HelperFunctions.h"
4 | #include "LogTemplate.h"
5 | #include "LogWindow.h"
6 |
7 | #define plugin_name "AdvancedScript"
8 | #define plugin_version 1
9 |
10 | int pluginHandle;
11 | HWND hwndDlg;
12 | int hMenu;
13 | int hMenuDisasm;
14 | int hMenuDump;
15 | int hMenuStack;
16 | extern bool LogOff_;
17 | extern bool LogTraceOn;
18 | extern const char* TraceFile_;
19 | extern const char* TemplateData_;
20 | extern bool log2LogWindowAtBP;
21 | extern bool cx;
22 |
23 | PROCESS_INFORMATION* fdProcessInfo_x;
24 |
25 |
26 | PLUG_EXPORT void CBBREAKPOINT(CBTYPE cbType, PLUG_CB_BREAKPOINT* info)
27 | {
28 | ///////////////////////// check for Log at BP >>cbLogxJustAtBP
29 | if (LogOff_) { /// we will Enable Log on BP just so we make EnableLog
30 | GuiEnableLog();
31 | }
32 | if (log2LogWindowAtBP) {
33 | AdvancedScript::LogWindow::LogWindow_->Log_Str = AdvancedScript::LogWindow::Log_Str + Environment::NewLine + charPTR2String(StringFormatInline_(CharArr2Str(info->breakpoint->logText)));
34 | if (AdvancedScript::LogWindow::LogWindow_->FormLoaded) {
35 | AdvancedScript::LogWindow::LogWindow_->RTBAppendText(charPTR2String(StringFormatInline_((CharArr2Str(info->breakpoint->logText)))));
36 | }
37 | }
38 | /////////////////////////
39 |
40 | }
41 |
42 | PLUG_EXPORT void CBPAUSEDEBUG(CBTYPE cbType, PLUG_CB_PAUSEDEBUG* info)
43 | {
44 | //ScriptWindowArg::ScriptargumentClass::Scriptargument_->ispaused = true;
45 | IspausedClass::IspausedClass_->ispaused = true;
46 | }
47 |
48 | PLUG_EXPORT void CBSTOPDEBUG(CBTYPE cbType, PLUG_CB_STOPDEBUG* info)
49 | {
50 | //dprintf("hit breakpoint on address %p\n", info->breakpoint->addr);
51 | if (LogOff_) { /// we will disEnable Log because it's not BP
52 | GuiDisableLog();
53 | }
54 |
55 | }
56 |
57 | PLUG_EXPORT void CBRESUMEDEBUG(CBTYPE cbType, PLUG_CB_RESUMEDEBUG* info)
58 | {
59 | if (LogOff_) { /// we will disEnable Log because it's not BP
60 | GuiDisableLog();
61 | }
62 | IspausedClass::IspausedClass_->ispaused = false;
63 | }
64 |
65 | PLUG_EXPORT void CBSTEPPED(CBTYPE cbType, PLUG_CB_STEPPED* info)
66 | {
67 | //duint x=Script::Register::Get(Script::Register::RIP);
68 | if (LogOff_) { /// we will Enable Log on BP just so we make DisableLog
69 | GuiDisableLog();
70 | }
71 | ////////////////////
72 | //here we will check if Tracer is Enable so we'll log to the file
73 | if (LogTraceOn) {
74 | String^ templateRet = StringFormatInline_Str(CharArr2Str((char*)TemplateData_)) + Environment::NewLine;
75 | if (!IO::File::Exists(charPTR2String((char*)TraceFile_))) {
76 | IO::FileStream^ x = IO::File::Create(charPTR2String((char*)TraceFile_));
77 | x->Close();
78 | }
79 | IO::File::AppendAllText(charPTR2String((char*)TraceFile_), templateRet);
80 | }
81 | }
82 |
83 |
84 | PLUG_EXPORT void CBCREATEPROCESS(CBTYPE cbType, PLUG_CB_CREATEPROCESS* info)
85 | {
86 | //here I could't recive the PLUG_CB_CREATEPROCESS I don't know why but could recive part of the strcture
87 | //fdProcessInfo_x = new (PROCESS_INFORMATION);
88 | //fdProcessInfo_x = info->fdProcessInfo;
89 | //LoadTemplateFiles();
90 | if (LogOff_) { /// we will Enable Log on BP just so we make DisableLog
91 | GuiDisableLog();
92 | }
93 |
94 | }
95 |
96 | //Initialize your plugin data here.
97 | PLUG_EXPORT bool pluginit(PLUG_INITSTRUCT* initStruct)
98 | {
99 | initStruct->sdkVersion = plugin_version;
100 | initStruct->sdkVersion = PLUG_SDKVERSION;
101 | strcpy_s(initStruct->pluginName, plugin_name);
102 | pluginHandle = initStruct->pluginHandle;
103 | RegisterCommands(initStruct);
104 |
105 | return true; //Return false to cancel loading the plugin.
106 | }
107 |
108 | //Deinitialize your plugin data here.
109 | PLUG_EXPORT void plugstop()
110 | {
111 | }
112 |
113 |
114 | //Do GUI/Menu related things here.
115 | PLUG_EXPORT void plugsetup(PLUG_SETUPSTRUCT* setupStruct)
116 | {
117 | hwndDlg = setupStruct->hwndDlg;
118 | hMenu = setupStruct->hMenu;
119 | hMenuDisasm = setupStruct->hMenuDisasm;
120 | hMenuDump = setupStruct->hMenuDump;
121 | hMenuStack = setupStruct->hMenuStack;
122 |
123 | }
124 |
125 |
--------------------------------------------------------------------------------
/AdvancedScript/PluginBasic.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | //plugin data
4 | #include "pluginsdk/bridgemain.h"
5 | #include "pluginsdk/_plugins.h"
6 | #include "pluginsdk/_scriptapi_argument.h"
7 | #include "pluginsdk/_scriptapi_assembler.h"
8 | #include "pluginsdk/_scriptapi_bookmark.h"
9 | #include "pluginsdk/_scriptapi_comment.h"
10 | #include "pluginsdk/_scriptapi_debug.h"
11 | #include "pluginsdk/_scriptapi_flag.h"
12 | #include "pluginsdk/_scriptapi_function.h"
13 | #include "pluginsdk/_scriptapi_gui.h"
14 | #include "pluginsdk/_scriptapi_label.h"
15 | #include "pluginsdk/_scriptapi_memory.h"
16 | #include "pluginsdk/_scriptapi_misc.h"
17 | #include "pluginsdk/_scriptapi_module.h"
18 | #include "pluginsdk/_scriptapi_pattern.h"
19 | #include "pluginsdk/_scriptapi_register.h"
20 | #include "pluginsdk/_scriptapi_stack.h"
21 | #include "pluginsdk/_scriptapi_symbol.h"
22 | //#include "pluginsdk/capstone/capstone.h"
23 | #include "pluginsdk/DeviceNameResolver/DeviceNameResolver.h"
24 | #include "pluginsdk/jansson/jansson.h"
25 | #include "pluginsdk/lz4/lz4file.h"
26 | #include "pluginsdk/TitanEngine/TitanEngine.h"
27 | #include "pluginsdk/XEDParse/XEDParse.h"
28 | #include "pluginsdk/yara/yara.h"
29 |
30 | #ifdef _WIN64
31 | #pragma comment(lib, "pluginsdk/x64dbg.lib")
32 | #pragma comment(lib, "pluginsdk/x64bridge.lib")
33 | //#pragma comment(lib, "pluginsdk/capstone/capstone_x64.lib")
34 | #pragma comment(lib, "pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib")
35 | #pragma comment(lib, "pluginsdk/jansson/jansson_x64.lib")
36 | #pragma comment(lib, "pluginsdk/lz4/lz4_x64.lib")
37 | #pragma comment(lib, "pluginsdk/TitanEngine/TitanEngine_x64.lib")
38 | #pragma comment(lib, "pluginsdk/XEDParse/XEDParse_x64.lib")
39 | #pragma comment(lib, "pluginsdk/yara/yara_x64.lib")
40 | #else
41 | #pragma comment(lib, "pluginsdk/x32dbg.lib")
42 | #pragma comment(lib, "pluginsdk/x32bridge.lib")
43 | //#pragma comment(lib, "pluginsdk/capstone/capstone_x86.lib")
44 | #pragma comment(lib, "pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib")
45 | #pragma comment(lib, "pluginsdk/jansson/jansson_x86.lib")
46 | #pragma comment(lib, "pluginsdk/lz4/lz4_x86.lib")
47 | #pragma comment(lib, "pluginsdk/TitanEngine/TitanEngine_x86.lib")
48 | #pragma comment(lib, "pluginsdk/XEDParse/XEDParse_x86.lib")
49 | #pragma comment(lib, "pluginsdk/yara/yara_x86.lib")
50 | #endif //_WIN64
51 |
52 | #define Cmd(x) DbgCmdExecDirect(x)
53 | #define Eval(x) DbgValFromString(x)
54 | #define dprintf(x, ...) _plugin_logprintf("[" PLUGIN_NAME "] " x, __VA_ARGS__)
55 | #define dputs(x) _plugin_logprintf("[" PLUGIN_NAME "] %s\n", x)
56 | #define PLUG_EXPORT extern "C" __declspec(dllexport)
57 |
58 |
59 |
--------------------------------------------------------------------------------
/AdvancedScript/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | DYNAMIC LINK LIBRARY : AdvancedScript Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this AdvancedScript DLL for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your AdvancedScript application.
9 |
10 | AdvancedScript.vcxproj
11 | This is the main project file for VC++ projects generated using an Application Wizard.
12 | It contains information about the version of Visual C++ that generated the file, and
13 | information about the platforms, configurations, and project features selected with the
14 | Application Wizard.
15 |
16 | AdvancedScript.vcxproj.filters
17 | This is the filters file for VC++ projects generated using an Application Wizard.
18 | It contains information about the association between the files in your project
19 | and the filters. This association is used in the IDE to show grouping of files with
20 | similar extensions under a specific node (for e.g. ".cpp" files are associated with the
21 | "Source Files" filter).
22 |
23 | AdvancedScript.cpp
24 | This is the main DLL source file.
25 |
26 | AdvancedScript.h
27 | This file contains a class declaration.
28 |
29 | AssemblyInfo.cpp
30 | Contains custom attributes for modifying assembly metadata.
31 |
32 | /////////////////////////////////////////////////////////////////////////////
33 | Other notes:
34 |
35 | AppWizard uses "TODO:" to indicate parts of the source code you
36 | should add to or customize.
37 |
38 | /////////////////////////////////////////////////////////////////////////////
39 |
--------------------------------------------------------------------------------
/AdvancedScript/RegexSearch.cpp:
--------------------------------------------------------------------------------
1 | #include "RegexSearch.h"
2 |
3 |
--------------------------------------------------------------------------------
/AdvancedScript/RegexSearch.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
121 | True
122 |
123 |
124 | True
125 |
126 |
127 | 17, 17
128 |
129 |
--------------------------------------------------------------------------------
/AdvancedScript/Register_UnRegister_Commands.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "PluginBasic.h"
3 |
4 | extern int pluginHandle;
5 | void RegisterCommands(PLUG_INITSTRUCT* initStruct);
6 | static bool cbMainForm(int argc, char* argv[]);
7 | static bool cbRegExSearchForm(int argc, char* argv[]);
8 | static bool cbGoToByBaseForm(int argc, char* argv[]);
9 | static bool cbLogxJustAtBP(int argc, char* argv[]);
10 | static bool test(int argc, char* argv[]);
11 | static bool LogxTemplateManager(int argc, char* argv[]);
12 | static bool logx(int argc, char* argv[]);
13 | static bool logx_window(int argc, char* argv[]);
14 | static bool logxTrace(int argc, char* argv[]);
15 | static void StrComp_BP();
16 | static bool VarxClear(int argc, char* argv[]);
17 | static bool StrCompx(int argc, char* argv[]);
18 | //Script Functions
19 | static bool Varx(int argc, char* argv[]);
20 | static bool GetVarx(int argc, char* argv[]);
21 | static bool SetVarx(int argc, char* argv[]);
22 | static bool Movx(int argc, char* argv[]);
23 | static bool addx(int argc, char* argv[]);
24 | static bool subx(int argc, char* argv[]);
25 | static bool mulx(int argc, char* argv[]);
26 | static bool divx(int argc, char* argv[]);
27 | static bool andx(int argc, char* argv[]);
28 | static bool orx(int argc, char* argv[]);
29 | static bool xorx(int argc, char* argv[]);
30 | static bool shlx(int argc, char* argv[]);
31 | static bool pushx(int argc, char* argv[]);
32 | static bool popx(int argc, char* argv[]);
33 | static bool cmpx(int argc, char* argv[]);
34 |
35 | ///
36 | static bool findx(int argc, char* argv[]);
37 | static bool findallx(int argc, char* argv[]);
38 | static bool findallmemx(int argc, char* argv[]);
39 |
40 | static bool memdump(int argc, char* argv[]);
41 | static bool WriteStr(int argc, char* argv[]);
42 | static bool ReadStr(int argc, char* argv[]);
43 | static bool ReadMem(int argc, char* argv[]);
44 | static bool Write2Mem(int argc, char* argv[]);
45 | static bool ReadFile(int argc, char* argv[]);
46 | static bool Write2File(int argc, char* argv[]);
47 | // BP
48 | static bool BPxx(int argc, char* argv[]);
49 | static bool bpcx(int argc, char* argv[]);
50 | static bool bpex(int argc, char* argv[]);
51 | static bool bpdx(int argc, char* argv[]);
52 | static bool bphx(int argc, char* argv[]);
53 | static bool bphcx(int argc, char* argv[]);
54 | static bool bphex(int argc, char* argv[]);
55 | static bool bphdx(int argc, char* argv[]);
56 | static bool bpmx(int argc, char* argv[]);
57 |
58 | // new commands
59 | static bool asmx(int argc, char* argv[]);
60 | static bool ResizeArray(int argc, char* argv[]);
61 | static bool GetArraySize(int argc, char* argv[]);
62 | static bool InputBox(int argc, char* argv[]);
63 | static bool commentset(int argc, char* argv[]);
64 | static bool GetdesCallJmp(int argc, char* argv[]);
65 | static bool GetAPIName(int argc, char* argv[]);
66 |
67 |
68 | ///////////////////////
69 | System::Void LoadTemplateFiles_();
70 |
71 | static bool SetxByString(char* cmd);
72 |
73 | ref class ispausedClass
74 | {
75 | public:
76 | bool ispaused = false;
77 | };
78 | ref class IspausedClass
79 | {
80 | public:
81 | static ispausedClass^ IspausedClass_ = gcnew ispausedClass;
82 | };
83 |
84 |
85 |
86 |
87 |
88 |
89 |
--------------------------------------------------------------------------------
/AdvancedScript/ScriptFun.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "HelperFunctions.h"
4 | #include "LogWindow.h"
5 | #include "Parser.h"
6 |
7 | ref class VarPara_temp
8 | {
9 | public:
10 | VarPara_temp(String^ vartype_, String^ varname_, String^ varvalue_, int i) {
11 | if (varvalue_ == nullptr) {
12 | varvalue_ = "NULL";
13 | }
14 |
15 | if (i !=-1){
16 | if (vartype_ == "array") {
17 | vartype = vartype_;
18 | varname = varname_;
19 | varvalue = varvalue_;
20 | }
21 | else {
22 | vartype = vartype_;
23 | varname = varname_;
24 | varvalue = varvalue_;
25 | }
26 | }
27 | else {
28 | vartype = "";
29 | varname = "";
30 | varvalue = "";
31 | }
32 |
33 | /*if ((vartype_ == "str") || (vartype_ == "int")) {
34 | vartype = vartype_;
35 | varname = varname_;
36 | varvalue = gcnew array(1);
37 | if (vartype_ == "str")
38 | varvalue[i] = varvalue_;
39 | if (vartype_ == "int" && varvalue_ == "") {
40 | varvalue[i] = "0";
41 | }
42 | else { varvalue[i] = varvalue_; }
43 |
44 | }
45 | if (vartype_ == "array") {
46 | vartype = vartype_;
47 | varname = varname_;
48 | varvalue = gcnew array(500);
49 | varvalue[0] = varvalue_;
50 | }
51 | if ((vartype_ != "str") && (vartype_ != "int") && (vartype_ != "array")) {
52 | vartype = "";
53 | varname = "";
54 | varvalue = gcnew array(1);
55 | varvalue[0] = varvalue_;
56 | }*/
57 | }
58 |
59 | public:
60 | String^ vartype;
61 | String^ varname;
62 | String^ varvalue;
63 | };
64 |
65 |
66 | public ref class VarPara
67 | {
68 | public:
69 | VarPara(String^ vartype_, String^ varname_, String^ varvalue_, int arrayLength_) {
70 | if ((vartype_ == "str") || (vartype_ == "int")) {
71 | vartype = vartype_;
72 | varname = varname_;
73 | varvalue = gcnew array(1);
74 | if (vartype_ == "str")
75 | varvalue[0] = varvalue_;
76 | if (vartype_ == "int" && varvalue_ == "") {
77 | varvalue[0] = "0";
78 | }
79 | else { varvalue[0] = varvalue_; }
80 |
81 | }
82 | if (vartype_ == "array") {
83 | vartype = vartype_;
84 | varname = varname_;
85 | //varvalue = gcnew array(0x500);
86 | arrayLength = arrayLength_;
87 | varvalue = gcnew array(arrayLength_);
88 | varvalue[0] = varvalue_;
89 | }
90 | if ((vartype_ != "str") && (vartype_ != "int") && (vartype_ != "array")) {
91 | vartype = "";
92 | varname = "";
93 | varvalue = gcnew array(1);
94 | varvalue[0] = varvalue_;
95 | }
96 | }
97 | public :
98 | void ResizeArr(int i) {
99 | Array::Resize(varvalue, arrayLength + i);
100 | arrayLength = arrayLength + i;
101 | }
102 |
103 | public:
104 | String^ vartype;
105 | String^ varname;
106 | array ^ varvalue;
107 | int arrayLength;
108 | };
109 |
110 | public ref class ScriptFunList {
111 | public:
112 | static Generic::List^ VarList = gcnew Generic::List;
113 |
114 | };
115 |
116 | public ref class LableLine
117 | {
118 | public:
119 | LableLine(int LableLineNumber_, String^ Lable_) {
120 | LableLineNumber = LableLineNumber_;
121 | Lable = Lable_;
122 | }
123 |
124 | private:
125 | public:
126 | int LableLineNumber;
127 | String^ Lable;
128 |
129 |
130 | };
131 |
132 | public ref class LableLineClass {
133 | public:
134 | static Generic::List^ LableLines = gcnew Generic::List;
135 | };
136 |
137 |
138 | static LableLine^ GetLineByLable(String^ input) {
139 | for each (LableLine^ var in LableLineClass::LableLines)
140 | {
141 | if (var->Lable->Trim() == input->Trim()) {
142 | return var;
143 | }
144 | }
145 | return gcnew LableLine(0, "");
146 | }
147 |
148 |
149 | void VarListClear();
150 | bool Varexist(String^ varname, String^% vartype_, int% index, int% arrayLength);
151 | /////
152 | bool Varx_(String^ vartype, String^ varname, String^ varvalue = "");
153 | bool GetVarx_(String^ varname, int Arrayindex_=0);
154 | bool SetVarx_(String^ varname, int index_, String^ value_);
155 | String^ Movx_(String^ p1, String^ p2);
156 | String^ addx_(String^ p1, String^ p2);
157 | String^ subx_(String^ p1, String^ p2);
158 | String^ mulx_(String^ p1, String^ p2);
159 | String^ divx_(String^ p1, String^ p2);
160 | String^ andx_(String^ p1, String^ p2);
161 | String^ orx_(String^ p1, String^ p2);
162 | String^ xorx_(String^ p1, String^ p2);
163 | String^ shlx_(String^ p1, String^ p2);
164 | String^ pushx_(String^ p1);
165 | String^ popx_(String^ p1);
166 | String^ cmpx_(String^ p1, String^ p2);
167 |
168 | ////
169 | String^ findx_(String^ base_, String^ Searchvalue_, String^ Size_="");
170 | String^ findallx_(String^ base_, String^ Searchvalue_, String^ Size_="");
171 | String^ findallmemx_(String^ base_, String^ Searchvalue_, String^ Size_="");
172 | bool dumpmem(String^ addr, String^ size, String^ para = "");
173 | bool WriteStr_(duint address, String^ text, bool replace);
174 | String^ condtion_(String^ input, String^ typo);
175 | bool ResizeArray_(String^ varname, int AddSub);
176 | bool GetArraySize_(String^ varArrName, String^ varname);
177 | bool Write2File_(String^ filepath, bool append_, String^ data_);
178 | bool ReadStr_(String^ varname, String^ value_);
179 | bool InputBox_(String^ varname, int index_, String^ message_, String^ title);
180 |
181 | bool ifCond(String^ input, String^% lineNumber,int currentLine);
182 | bool gotox_(String^ input, String^% lineNumber);
183 | bool GetdesCallJmp_(String^ varname, String^ command_, int Arrayindex_=0);
184 | //String^ BPxx_(String^ addr, String^ BPname = "", String^ BPType = "");
--------------------------------------------------------------------------------
/AdvancedScript/adsLib.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "HelperFunctions.h"
3 |
4 | String^ Get_adsValue(String^ input, int% EndB);
5 |
6 | enum ads_Enum
7 | {
8 | exebase,
9 | modulebase,
10 | SectionSize,
11 | exefolderpath,
12 | exename,
13 | SectionBegin,
14 | SectionEnd,
15 | GetAPIName_,
16 | GetArraySize__,
17 | ReadStr__,
18 | GetdesCallJmp__,
19 | isInArray_,
20 | isAddrBelongSection,
21 | };
--------------------------------------------------------------------------------
/AdvancedScript/app.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/app.ico
--------------------------------------------------------------------------------
/AdvancedScript/app.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/app.rc
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/DeviceNameResolver/DeviceNameResolver.h:
--------------------------------------------------------------------------------
1 | #ifndef _DEVICENAMERESOLVER_H
2 | #define _DEVICENAMERESOLVER_H
3 |
4 | #include
5 |
6 | #ifdef __cplusplus
7 | extern "C"
8 | {
9 | #endif
10 |
11 | __declspec(dllexport) bool DevicePathToPathW(const wchar_t* szDevicePath, wchar_t* szPath, size_t nSizeInChars);
12 | __declspec(dllexport) bool DevicePathToPathA(const char* szDevicePath, char* szPath, size_t nSizeInChars);
13 | __declspec(dllexport) bool DevicePathFromFileHandleW(HANDLE hFile, wchar_t* szDevicePath, size_t nSizeInChars);
14 | __declspec(dllexport) bool DevicePathFromFileHandleA(HANDLE hFile, char* szDevicePath, size_t nSizeInChars);
15 | __declspec(dllexport) bool PathFromFileHandleW(HANDLE hFile, wchar_t* szPath, size_t nSizeInChars);
16 | __declspec(dllexport) bool PathFromFileHandleA(HANDLE hFile, char* szPath, size_t nSizeInChars);
17 |
18 | #ifdef __cplusplus
19 | }
20 | #endif
21 |
22 | #endif // _DEVICENAMERESOLVER_H
23 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/TitanEngine/TitanEngine_x64.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/TitanEngine/TitanEngine_x64.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/TitanEngine/TitanEngine_x64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/TitanEngine/TitanEngine_x64.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/TitanEngine/TitanEngine_x86.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/TitanEngine/TitanEngine_x86.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/TitanEngine/TitanEngine_x86.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/TitanEngine/TitanEngine_x86.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/XEDParse/XEDParse.h:
--------------------------------------------------------------------------------
1 | #ifndef _XEDPARSE_H
2 | #define _XEDPARSE_H
3 |
4 | #include
5 |
6 | //XEDParse defines
7 | #ifdef XEDPARSE_BUILD
8 | #define XEDPARSE_EXPORT __declspec(dllexport)
9 | #else
10 | #define XEDPARSE_EXPORT __declspec(dllimport)
11 | #endif //XEDPARSE_BUILD
12 |
13 | #define XEDPARSE_CALL //calling convention
14 |
15 | #define XEDPARSE_MAXBUFSIZE 256
16 | #define XEDPARSE_MAXASMSIZE 16
17 |
18 | //typedefs
19 | typedef bool (XEDPARSE_CALL* CBXEDPARSE_UNKNOWN)(const char* text, ULONGLONG* value);
20 |
21 | //XEDParse enums
22 | enum XEDPARSE_STATUS
23 | {
24 | XEDPARSE_ERROR = 0,
25 | XEDPARSE_OK = 1
26 | };
27 |
28 | //XEDParse structs
29 | #pragma pack(push,8)
30 | struct XEDPARSE
31 | {
32 | bool x64; // use 64-bit instructions
33 | ULONGLONG cip; //instruction pointer (for relative addressing)
34 | unsigned int dest_size; //destination size (returned by XEDParse)
35 | CBXEDPARSE_UNKNOWN cbUnknown; //unknown operand callback
36 | unsigned char dest[XEDPARSE_MAXASMSIZE]; //destination buffer
37 | char instr[XEDPARSE_MAXBUFSIZE]; //instruction text
38 | char error[XEDPARSE_MAXBUFSIZE]; //error text (in case of an error)
39 | };
40 | #pragma pack(pop)
41 |
42 | #ifdef __cplusplus
43 | extern "C"
44 | {
45 | #endif
46 |
47 | XEDPARSE_EXPORT XEDPARSE_STATUS XEDPARSE_CALL XEDParseAssemble(XEDPARSE* XEDParse);
48 |
49 | #ifdef __cplusplus
50 | }
51 | #endif
52 |
53 | #endif // _XEDPARSE_H
54 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/XEDParse/XEDParse_x64.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/XEDParse/XEDParse_x64.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/XEDParse/XEDParse_x64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/XEDParse/XEDParse_x64.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/XEDParse/XEDParse_x86.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/XEDParse/XEDParse_x86.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/XEDParse/XEDParse_x86.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/XEDParse/XEDParse_x86.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_plugin_types.h:
--------------------------------------------------------------------------------
1 | #ifndef _PLUGIN_DATA_H
2 | #define _PLUGIN_DATA_H
3 |
4 | #ifdef BUILD_DBG
5 |
6 | #include "_global.h"
7 | #include "jansson/jansson.h"
8 | #pragma warning(push)
9 | #pragma warning(disable:4091)
10 | #include
11 | #pragma warning(pop)
12 |
13 | #else
14 |
15 | #ifdef __GNUC__
16 | #include "dbghelp/dbghelp.h"
17 | #else
18 | #pragma warning(push)
19 | #pragma warning(disable:4091)
20 | #include
21 | #pragma warning(pop)
22 | #endif // __GNUC__
23 |
24 | #ifndef deflen
25 | #define deflen 1024
26 | #endif // deflen
27 |
28 | #include "bridgemain.h"
29 | #include "_dbgfunctions.h"
30 | #include "jansson/jansson.h"
31 |
32 | #endif // BUILD_DBG
33 |
34 | #endif // _PLUGIN_DATA_H
35 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPT_API_H
2 | #define _SCRIPT_API_H
3 |
4 | #include "_plugins.h"
5 |
6 | #define SCRIPT_EXPORT PLUG_IMPEXP
7 |
8 | #endif //_SCRIPT_API_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_argument.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_ARGUMENT_H
2 | #define _SCRIPTAPI_ARGUMENT_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Argument
9 | {
10 | struct ArgumentInfo
11 | {
12 | char mod[MAX_MODULE_SIZE];
13 | duint rvaStart;
14 | duint rvaEnd;
15 | bool manual;
16 | duint instructioncount;
17 | };
18 |
19 | SCRIPT_EXPORT bool Add(duint start, duint end, bool manual, duint instructionCount = 0);
20 | SCRIPT_EXPORT bool Add(const ArgumentInfo* info);
21 | SCRIPT_EXPORT bool Get(duint addr, duint* start = nullptr, duint* end = nullptr, duint* instructionCount = nullptr);
22 | SCRIPT_EXPORT bool GetInfo(duint addr, ArgumentInfo* info);
23 | SCRIPT_EXPORT bool Overlaps(duint start, duint end);
24 | SCRIPT_EXPORT bool Delete(duint address);
25 | SCRIPT_EXPORT void DeleteRange(duint start, duint end, bool deleteManual = false);
26 | SCRIPT_EXPORT void Clear();
27 | SCRIPT_EXPORT bool GetList(ListOf(ArgumentInfo) list); //caller has the responsibility to free the list
28 | }; //Argument
29 | }; //Script
30 |
31 | #endif //_SCRIPTAPI_ARGUMENT_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_assembler.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_ASSEMBLER_H
2 | #define _SCRIPTAPI_ASSEMBLER_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Assembler
9 | {
10 | SCRIPT_EXPORT bool Assemble(duint addr, unsigned char* dest, int* size, const char* instruction); //dest[16]
11 | SCRIPT_EXPORT bool AssembleEx(duint addr, unsigned char* dest, int* size, const char* instruction, char* error); //dest[16], error[MAX_ERROR_SIZE]
12 | SCRIPT_EXPORT bool AssembleMem(duint addr, const char* instruction);
13 | SCRIPT_EXPORT bool AssembleMemEx(duint addr, const char* instruction, int* size, char* error, bool fillnop); //error[MAX_ERROR_SIZE]
14 | }; //Assembler
15 | }; //Script
16 |
17 | #endif //_SCRIPTAPI_ASSEMBLER_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_bookmark.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_BOOKMARK_H
2 | #define _SCRIPTAPI_BOOKMARK_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Bookmark
9 | {
10 | struct BookmarkInfo
11 | {
12 | char mod[MAX_MODULE_SIZE];
13 | duint rva;
14 | bool manual;
15 | };
16 |
17 | SCRIPT_EXPORT bool Set(duint addr, bool manual = false);
18 | SCRIPT_EXPORT bool Set(const BookmarkInfo* info);
19 | SCRIPT_EXPORT bool Get(duint addr);
20 | SCRIPT_EXPORT bool GetInfo(duint addr, BookmarkInfo* info);
21 | SCRIPT_EXPORT bool Delete(duint addr);
22 | SCRIPT_EXPORT void DeleteRange(duint start, duint end);
23 | SCRIPT_EXPORT void Clear();
24 | SCRIPT_EXPORT bool GetList(ListOf(BookmarkInfo) list); //caller has the responsibility to free the list
25 | }; //Bookmark
26 | }; //Script
27 |
28 | #endif //_SCRIPTAPI_BOOKMARK_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_comment.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_COMMENT_H
2 | #define _SCRIPTAPI_COMMENT_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Comment
9 | {
10 | struct CommentInfo
11 | {
12 | char mod[MAX_MODULE_SIZE];
13 | duint rva;
14 | char text[MAX_LABEL_SIZE];
15 | bool manual;
16 | };
17 |
18 | SCRIPT_EXPORT bool Set(duint addr, const char* text, bool manual = false);
19 | SCRIPT_EXPORT bool Set(const CommentInfo* info);
20 | SCRIPT_EXPORT bool Get(duint addr, char* text); //text[MAX_COMMENT_SIZE]
21 | SCRIPT_EXPORT bool GetInfo(duint addr, CommentInfo* info);
22 | SCRIPT_EXPORT bool Delete(duint addr);
23 | SCRIPT_EXPORT void DeleteRange(duint start, duint end);
24 | SCRIPT_EXPORT void Clear();
25 | SCRIPT_EXPORT bool GetList(ListOf(CommentInfo) list); //caller has the responsibility to free the list
26 | }; //Comment
27 | }; //Script
28 |
29 | #endif //_SCRIPTAPI_COMMENT_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_debug.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_DEBUG_H
2 | #define _SCRIPTAPI_DEBUG_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Debug
9 | {
10 | enum HardwareType
11 | {
12 | HardwareAccess,
13 | HardwareWrite,
14 | HardwareExecute
15 | };
16 |
17 | SCRIPT_EXPORT void Wait();
18 | SCRIPT_EXPORT void Run();
19 | SCRIPT_EXPORT void Pause();
20 | SCRIPT_EXPORT void Stop();
21 | SCRIPT_EXPORT void StepIn();
22 | SCRIPT_EXPORT void StepOver();
23 | SCRIPT_EXPORT void StepOut();
24 | SCRIPT_EXPORT bool SetBreakpoint(duint address);
25 | SCRIPT_EXPORT bool DeleteBreakpoint(duint address);
26 | SCRIPT_EXPORT bool DisableBreakpoint(duint address);
27 | SCRIPT_EXPORT bool SetHardwareBreakpoint(duint address, HardwareType type = HardwareExecute);
28 | SCRIPT_EXPORT bool DeleteHardwareBreakpoint(duint address);
29 | }; //Debug
30 | }; //Script
31 |
32 | #endif //_SCRIPTAPI_DEBUG_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_flag.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_FLAG_H
2 | #define _SCRIPTAPI_FLAG_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Flag
9 | {
10 | enum FlagEnum
11 | {
12 | ZF,
13 | OF,
14 | CF,
15 | PF,
16 | SF,
17 | TF,
18 | AF,
19 | DF,
20 | IF
21 | };
22 |
23 | SCRIPT_EXPORT bool Get(FlagEnum flag);
24 | SCRIPT_EXPORT bool Set(FlagEnum flag, bool value);
25 |
26 | SCRIPT_EXPORT bool GetZF();
27 | SCRIPT_EXPORT bool SetZF(bool value);
28 | SCRIPT_EXPORT bool GetOF();
29 | SCRIPT_EXPORT bool SetOF(bool value);
30 | SCRIPT_EXPORT bool GetCF();
31 | SCRIPT_EXPORT bool SetCF(bool value);
32 | SCRIPT_EXPORT bool GetPF();
33 | SCRIPT_EXPORT bool SetPF(bool value);
34 | SCRIPT_EXPORT bool GetSF();
35 | SCRIPT_EXPORT bool SetSF(bool value);
36 | SCRIPT_EXPORT bool GetTF();
37 | SCRIPT_EXPORT bool SetTF(bool value);
38 | SCRIPT_EXPORT bool GetAF();
39 | SCRIPT_EXPORT bool SetAF(bool value);
40 | SCRIPT_EXPORT bool GetDF();
41 | SCRIPT_EXPORT bool SetDF(bool value);
42 | SCRIPT_EXPORT bool GetIF();
43 | SCRIPT_EXPORT bool SetIF(bool value);
44 | };
45 | };
46 |
47 | #endif //_SCRIPTAPI_FLAG_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_function.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_FUNCTION_H
2 | #define _SCRIPTAPI_FUNCTION_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Function
9 | {
10 | struct FunctionInfo
11 | {
12 | char mod[MAX_MODULE_SIZE];
13 | duint rvaStart;
14 | duint rvaEnd;
15 | bool manual;
16 | duint instructioncount;
17 | };
18 |
19 | SCRIPT_EXPORT bool Add(duint start, duint end, bool manual, duint instructionCount = 0);
20 | SCRIPT_EXPORT bool Add(const FunctionInfo* info);
21 | SCRIPT_EXPORT bool Get(duint addr, duint* start = nullptr, duint* end = nullptr, duint* instructionCount = nullptr);
22 | SCRIPT_EXPORT bool GetInfo(duint addr, FunctionInfo* info);
23 | SCRIPT_EXPORT bool Overlaps(duint start, duint end);
24 | SCRIPT_EXPORT bool Delete(duint address);
25 | SCRIPT_EXPORT void DeleteRange(duint start, duint end, bool deleteManual);
26 | SCRIPT_EXPORT void DeleteRange(duint start, duint end);
27 | SCRIPT_EXPORT void Clear();
28 | SCRIPT_EXPORT bool GetList(ListOf(FunctionInfo) list); //caller has the responsibility to free the list
29 | }; //Function
30 | }; //Script
31 |
32 | #endif //_SCRIPTAPI_FUNCTION_H
33 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_gui.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_GUI_H
2 | #define _SCRIPTAPI_GUI_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Gui
9 | {
10 | namespace Disassembly
11 | {
12 | SCRIPT_EXPORT bool SelectionGet(duint* start, duint* end);
13 | SCRIPT_EXPORT bool SelectionSet(duint start, duint end);
14 | SCRIPT_EXPORT duint SelectionGetStart();
15 | SCRIPT_EXPORT duint SelectionGetEnd();
16 | }; //Disassembly
17 |
18 | namespace Dump
19 | {
20 | SCRIPT_EXPORT bool SelectionGet(duint* start, duint* end);
21 | SCRIPT_EXPORT bool SelectionSet(duint start, duint end);
22 | SCRIPT_EXPORT duint SelectionGetStart();
23 | SCRIPT_EXPORT duint SelectionGetEnd();
24 | }; //Dump
25 |
26 | namespace Stack
27 | {
28 | SCRIPT_EXPORT bool SelectionGet(duint* start, duint* end);
29 | SCRIPT_EXPORT bool SelectionSet(duint start, duint end);
30 | SCRIPT_EXPORT duint SelectionGetStart();
31 | SCRIPT_EXPORT duint SelectionGetEnd();
32 | }; //Stack
33 |
34 | namespace Graph
35 | {
36 | SCRIPT_EXPORT duint SelectionGetStart();
37 | }; //Graph
38 |
39 | namespace MemMap
40 | {
41 | SCRIPT_EXPORT duint SelectionGetStart();
42 | }; //MemoryMap
43 |
44 | namespace SymMod
45 | {
46 | SCRIPT_EXPORT duint SelectionGetStart();
47 | }; //SymMod
48 | }; //Gui
49 |
50 | namespace Gui
51 | {
52 | enum Window
53 | {
54 | DisassemblyWindow,
55 | DumpWindow,
56 | StackWindow,
57 | GraphWindow,
58 | MemMapWindow,
59 | SymModWindow
60 | };
61 |
62 | SCRIPT_EXPORT bool SelectionGet(Window window, duint* start, duint* end);
63 | SCRIPT_EXPORT bool SelectionSet(Window window, duint start, duint end);
64 | SCRIPT_EXPORT duint SelectionGetStart(Window window);
65 | SCRIPT_EXPORT duint SelectionGetEnd(Window window);
66 | SCRIPT_EXPORT void Message(const char* message);
67 | SCRIPT_EXPORT bool MessageYesNo(const char* message);
68 | SCRIPT_EXPORT bool InputLine(const char* title, char* text); //text[GUI_MAX_LINE_SIZE]
69 | SCRIPT_EXPORT bool InputValue(const char* title, duint* value);
70 | SCRIPT_EXPORT void Refresh();
71 | SCRIPT_EXPORT void AddQWidgetTab(void* qWidget);
72 | SCRIPT_EXPORT void ShowQWidgetTab(void* qWidget);
73 | SCRIPT_EXPORT void CloseQWidgetTab(void* qWidget);
74 |
75 | }; //Gui
76 | }; //Script
77 |
78 | #endif //_SCRIPTAPI_GUI_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_label.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_LABEL_H
2 | #define _SCRIPTAPI_LABEL_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Label
9 | {
10 | struct LabelInfo
11 | {
12 | char mod[MAX_MODULE_SIZE];
13 | duint rva;
14 | char text[MAX_LABEL_SIZE];
15 | bool manual;
16 | };
17 |
18 | SCRIPT_EXPORT bool Set(duint addr, const char* text, bool manual = false);
19 | SCRIPT_EXPORT bool Set(const LabelInfo* info);
20 | SCRIPT_EXPORT bool FromString(const char* label, duint* addr);
21 | SCRIPT_EXPORT bool Get(duint addr, char* text); //text[MAX_LABEL_SIZE]
22 | SCRIPT_EXPORT bool GetInfo(duint addr, LabelInfo* info);
23 | SCRIPT_EXPORT bool Delete(duint addr);
24 | SCRIPT_EXPORT void DeleteRange(duint start, duint end);
25 | SCRIPT_EXPORT void Clear();
26 | SCRIPT_EXPORT bool GetList(ListOf(LabelInfo) list); //caller has the responsibility to free the list
27 | }; //Label
28 | }; //Script
29 |
30 | #endif //_SCRIPTAPI_LABEL_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_memory.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_MEMORY_H
2 | #define _SCRIPTAPI_MEMORY_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Memory
9 | {
10 | SCRIPT_EXPORT bool Read(duint addr, void* data, duint size, duint* sizeRead);
11 | SCRIPT_EXPORT bool Write(duint addr, const void* data, duint size, duint* sizeWritten);
12 | SCRIPT_EXPORT bool IsValidPtr(duint addr);
13 | SCRIPT_EXPORT duint RemoteAlloc(duint addr, duint size);
14 | SCRIPT_EXPORT bool RemoteFree(duint addr);
15 | SCRIPT_EXPORT unsigned int GetProtect(duint addr, bool reserved = false, bool cache = true);
16 | SCRIPT_EXPORT duint GetBase(duint addr, bool reserved = false, bool cache = true);
17 | SCRIPT_EXPORT duint GetSize(duint addr, bool reserved = false, bool cache = true);
18 |
19 | SCRIPT_EXPORT unsigned char ReadByte(duint addr);
20 | SCRIPT_EXPORT bool WriteByte(duint addr, unsigned char data);
21 | SCRIPT_EXPORT unsigned short ReadWord(duint addr);
22 | SCRIPT_EXPORT bool WriteWord(duint addr, unsigned short data);
23 | SCRIPT_EXPORT unsigned int ReadDword(duint addr);
24 | SCRIPT_EXPORT bool WriteDword(duint addr, unsigned int data);
25 | SCRIPT_EXPORT unsigned long long ReadQword(duint addr);
26 | SCRIPT_EXPORT bool WriteQword(duint addr, unsigned long long data);
27 | SCRIPT_EXPORT duint ReadPtr(duint addr);
28 | SCRIPT_EXPORT bool WritePtr(duint addr, duint data);
29 | }; //Memory
30 | }; //Script
31 |
32 | #endif //_SCRIPTAPI_MEMORY_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_misc.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_MISC_H
2 | #define _SCRIPTAPI_MISC_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Misc
9 | {
10 | ///
11 | /// Evaluates an expression and returns the result. Analagous to using the Command field in x64dbg.
12 | ///
13 | /// Expressions can consist of memory locations, registers, flags, API names, labels, symbols, variables etc.
14 | ///
15 | /// Example: bool success = ParseExpression("[esp+8]", &val)
16 | ///
17 | /// The expression to evaluate.
18 | /// The result of the expression.
19 | /// True on success, False on failure.
20 | SCRIPT_EXPORT bool ParseExpression(const char* expression, duint* value);
21 |
22 | ///
23 | /// Returns the address of a function in the debuggee's memory space.
24 | ///
25 | /// Example: duint addr = RemoteGetProcAddress("kernel32.dll", "GetProcAddress")
26 | ///
27 | /// The name of the module.
28 | /// The name of the function.
29 | /// The address of the function in the debuggee.
30 | SCRIPT_EXPORT duint RemoteGetProcAddress(const char* module, const char* api);
31 |
32 | ///
33 | /// Returns the address for a label created in the disassembly window.
34 | ///
35 | /// Example: duint addr = ResolveLabel("sneaky_crypto")
36 | ///
37 | /// The name of the label to resolve.
38 | /// The memory address for the label.
39 | SCRIPT_EXPORT duint ResolveLabel(const char* label);
40 |
41 | ///
42 | /// Allocates the requested number of bytes from x64dbg's default process heap.
43 | ///
44 | /// Note: this allocation is in the debugger, not the debuggee.
45 | ///
46 | /// Memory allocated using this function should be Free'd after use.
47 | ///
48 | /// Example: void* addr = Alloc(0x100000)
49 | ///
50 | /// Number of bytes to allocate.
51 | /// A pointer to the newly allocated memory.
52 | SCRIPT_EXPORT void* Alloc(duint size);
53 |
54 | ///
55 | /// Frees memory previously allocated by Alloc.
56 | ///
57 | /// Example: Free(addr)
58 | ///
59 | /// Pointer returned by Alloc.
60 | /// Nothing.
61 | SCRIPT_EXPORT void Free(void* ptr);
62 | }; //Misc
63 | }; //Script
64 |
65 | #endif //_SCRIPTAPI_MISC_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_module.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_MODULE_H
2 | #define _SCRIPTAPI_MODULE_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Module
9 | {
10 | struct ModuleInfo
11 | {
12 | duint base;
13 | duint size;
14 | duint entry;
15 | int sectionCount;
16 | char name[MAX_MODULE_SIZE];
17 | char path[MAX_PATH];
18 | };
19 |
20 | struct ModuleSectionInfo
21 | {
22 | duint addr;
23 | duint size;
24 | char name[MAX_SECTION_SIZE * 5];
25 | };
26 |
27 | SCRIPT_EXPORT bool InfoFromAddr(duint addr, ModuleInfo* info);
28 | SCRIPT_EXPORT bool InfoFromName(const char* name, ModuleInfo* info);
29 | SCRIPT_EXPORT duint BaseFromAddr(duint addr);
30 | SCRIPT_EXPORT duint BaseFromName(const char* name);
31 | SCRIPT_EXPORT duint SizeFromAddr(duint addr);
32 | SCRIPT_EXPORT duint SizeFromName(const char* name);
33 | SCRIPT_EXPORT bool NameFromAddr(duint addr, char* name); //name[MAX_MODULE_SIZE]
34 | SCRIPT_EXPORT bool PathFromAddr(duint addr, char* path); //path[MAX_PATH]
35 | SCRIPT_EXPORT bool PathFromName(const char* name, char* path); //path[MAX_PATH]
36 | SCRIPT_EXPORT duint EntryFromAddr(duint addr);
37 | SCRIPT_EXPORT duint EntryFromName(const char* name);
38 | SCRIPT_EXPORT int SectionCountFromAddr(duint addr);
39 | SCRIPT_EXPORT int SectionCountFromName(const char* name);
40 | SCRIPT_EXPORT bool SectionFromAddr(duint addr, int number, ModuleSectionInfo* section);
41 | SCRIPT_EXPORT bool SectionFromName(const char* name, int number, ModuleSectionInfo* section);
42 | SCRIPT_EXPORT bool SectionListFromAddr(duint addr, ListOf(ModuleSectionInfo) list);
43 | SCRIPT_EXPORT bool SectionListFromName(const char* name, ListOf(ModuleSectionInfo) list);
44 | SCRIPT_EXPORT bool GetMainModuleInfo(ModuleInfo* info);
45 | SCRIPT_EXPORT duint GetMainModuleBase();
46 | SCRIPT_EXPORT duint GetMainModuleSize();
47 | SCRIPT_EXPORT duint GetMainModuleEntry();
48 | SCRIPT_EXPORT int GetMainModuleSectionCount();
49 | SCRIPT_EXPORT bool GetMainModuleName(char* name); //name[MAX_MODULE_SIZE]
50 | SCRIPT_EXPORT bool GetMainModulePath(char* path); //path[MAX_PATH]
51 | SCRIPT_EXPORT bool GetMainModuleSectionList(ListOf(ModuleSectionInfo) list); //caller has the responsibility to free the list
52 | SCRIPT_EXPORT bool GetList(ListOf(ModuleInfo) list); //caller has the responsibility to free the list
53 | }; //Module
54 | }; //Script
55 |
56 | #endif //_SCRIPTAPI_MODULE_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_pattern.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_PATTERN_H
2 | #define _SCRIPTAPI_PATTERN_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Pattern
9 | {
10 | SCRIPT_EXPORT duint Find(unsigned char* data, duint datasize, const char* pattern);
11 | SCRIPT_EXPORT duint FindMem(duint start, duint size, const char* pattern);
12 | SCRIPT_EXPORT void Write(unsigned char* data, duint datasize, const char* pattern);
13 | SCRIPT_EXPORT void WriteMem(duint start, duint size, const char* pattern);
14 | SCRIPT_EXPORT bool SearchAndReplace(unsigned char* data, duint datasize, const char* searchpattern, const char* replacepattern);
15 | SCRIPT_EXPORT bool SearchAndReplaceMem(duint start, duint size, const char* searchpattern, const char* replacepattern);
16 | };
17 | };
18 |
19 | #endif //_SCRIPTAPI_FIND_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_stack.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_STACK_H
2 | #define _SCRIPTAPI_STACK_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Stack
9 | {
10 | SCRIPT_EXPORT duint Pop();
11 | SCRIPT_EXPORT duint Push(duint value); //returns the previous top, equal to Peek(1)
12 | SCRIPT_EXPORT duint Peek(int offset = 0); //offset is in multiples of Register::Size(), for easy x32/x64 portability
13 | }; //Stack
14 | }; //Script
15 |
16 | #endif //_SCRIPTAPI_STACK_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/_scriptapi_symbol.h:
--------------------------------------------------------------------------------
1 | #ifndef _SCRIPTAPI_SYMBOL_H
2 | #define _SCRIPTAPI_SYMBOL_H
3 |
4 | #include "_scriptapi.h"
5 |
6 | namespace Script
7 | {
8 | namespace Symbol
9 | {
10 | enum SymbolType
11 | {
12 | Function, //user-defined function
13 | Import, //IAT entry
14 | Export //export
15 | };
16 |
17 | struct SymbolInfo
18 | {
19 | char mod[MAX_MODULE_SIZE];
20 | duint rva;
21 | char name[MAX_LABEL_SIZE];
22 | bool manual;
23 | SymbolType type;
24 | };
25 |
26 | SCRIPT_EXPORT bool GetList(ListOf(SymbolInfo) list); //caller has the responsibility to free the list
27 | }; //Symbol
28 | }; //Script
29 |
30 | #endif //_SCRIPTAPI_SYMBOL_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/bridgegraph.h:
--------------------------------------------------------------------------------
1 | #ifndef _GRAPH_H
2 | #define _GRAPH_H
3 |
4 | typedef struct
5 | {
6 | duint addr; //virtual address of the instruction
7 | unsigned char data[15]; //instruction bytes
8 | } BridgeCFInstruction;
9 |
10 | typedef struct
11 | {
12 | duint parentGraph; //function of which this node is a part
13 | duint start; //start of the block
14 | duint end; //end of the block (inclusive)
15 | duint brtrue; //destination if condition is true
16 | duint brfalse; //destination if condition is false
17 | duint icount; //number of instructions in node
18 | bool terminal; //node is a RET
19 | bool split; //node is a split (brtrue points to the next node)
20 | bool indirectcall; //node contains indirect calls (call reg, call [reg+X])
21 | void* userdata; //user data
22 | ListInfo exits; //exits (including brtrue and brfalse, duint)
23 | ListInfo instrs; //block instructions
24 | } BridgeCFNodeList;
25 |
26 | typedef struct
27 | {
28 | duint entryPoint; //graph entry point
29 | void* userdata; //user data
30 | ListInfo nodes; //graph nodes (BridgeCFNodeList)
31 | } BridgeCFGraphList;
32 |
33 | #ifdef __cplusplus
34 | #if _MSC_VER >= 1700 && !defined(NO_CPP11)
35 |
36 | #include
37 | #include
38 | #include
39 | #include
40 |
41 | struct BridgeCFNode
42 | {
43 | duint parentGraph; //function of which this node is a part
44 | duint start; //start of the block
45 | duint end; //end of the block (inclusive)
46 | duint brtrue; //destination if condition is true
47 | duint brfalse; //destination if condition is false
48 | duint icount; //number of instructions in node
49 | bool terminal; //node is a RET
50 | bool split; //node is a split (brtrue points to the next node)
51 | bool indirectcall; //node contains indirect calls (call reg, call [reg+X])
52 | void* userdata; //user data
53 | std::vector exits; //exits (including brtrue and brfalse)
54 | std::vector instrs; //block instructions
55 |
56 | static void Free(const BridgeCFNodeList* nodeList)
57 | {
58 | if(!BridgeList::Free(&nodeList->exits))
59 | __debugbreak();
60 | if(!BridgeList::Free(&nodeList->instrs))
61 | __debugbreak();
62 | }
63 |
64 | explicit BridgeCFNode(const BridgeCFNodeList* nodeList, bool freedata)
65 | {
66 | if(!nodeList)
67 | __debugbreak();
68 | parentGraph = nodeList->parentGraph;
69 | start = nodeList->start;
70 | end = nodeList->end;
71 | brtrue = nodeList->brtrue;
72 | brfalse = nodeList->brfalse;
73 | icount = nodeList->icount;
74 | terminal = nodeList->terminal;
75 | indirectcall = nodeList->indirectcall;
76 | split = nodeList->split;
77 | userdata = nodeList->userdata;
78 | if(!BridgeList::ToVector(&nodeList->exits, exits, freedata))
79 | __debugbreak();
80 | if(!BridgeList::ToVector(&nodeList->instrs, instrs, freedata))
81 | __debugbreak();
82 | }
83 |
84 | explicit BridgeCFNode(duint parentGraph, duint start, duint end)
85 | : parentGraph(parentGraph),
86 | start(start),
87 | end(end),
88 | brtrue(0),
89 | brfalse(0),
90 | icount(0),
91 | terminal(false),
92 | indirectcall(false),
93 | split(false),
94 | userdata(nullptr)
95 | {
96 | }
97 |
98 | explicit BridgeCFNode()
99 | : parentGraph(0),
100 | start(0),
101 | end(0),
102 | brtrue(0),
103 | brfalse(0),
104 | icount(0),
105 | terminal(false),
106 | split(false),
107 | userdata(nullptr)
108 | {
109 | }
110 |
111 | BridgeCFNodeList ToNodeList() const
112 | {
113 | BridgeCFNodeList out;
114 | out.parentGraph = parentGraph;
115 | out.start = start;
116 | out.end = end;
117 | out.brtrue = brtrue;
118 | out.brfalse = brfalse;
119 | out.icount = icount;
120 | out.terminal = terminal;
121 | out.indirectcall = indirectcall;
122 | out.split = split;
123 | out.userdata = userdata;
124 | BridgeList::CopyData(&out.exits, exits);
125 | BridgeList::CopyData(&out.instrs, instrs);
126 | return std::move(out);
127 | }
128 | };
129 |
130 | struct BridgeCFGraph
131 | {
132 | duint entryPoint; //graph entry point
133 | void* userdata; //user data
134 | std::unordered_map nodes; //CFNode.start -> CFNode
135 | std::unordered_map> parents; //CFNode.start -> parents
136 |
137 | static void Free(const BridgeCFGraphList* graphList)
138 | {
139 | if(!graphList || graphList->nodes.size != graphList->nodes.count * sizeof(BridgeCFNodeList))
140 | __debugbreak();
141 | auto data = (BridgeCFNodeList*)graphList->nodes.data;
142 | for(int i = 0; i < graphList->nodes.count; i++)
143 | BridgeCFNode::Free(&data[i]);
144 | BridgeFree(data);
145 | }
146 |
147 | explicit BridgeCFGraph(const BridgeCFGraphList* graphList, bool freedata)
148 | {
149 | if(!graphList || graphList->nodes.size != graphList->nodes.count * sizeof(BridgeCFNodeList))
150 | __debugbreak();
151 | entryPoint = graphList->entryPoint;
152 | userdata = graphList->userdata;
153 | auto data = (BridgeCFNodeList*)graphList->nodes.data;
154 | for(int i = 0; i < graphList->nodes.count; i++)
155 | AddNode(BridgeCFNode(&data[i], freedata));
156 | if(freedata && data)
157 | BridgeFree(data);
158 | }
159 |
160 | explicit BridgeCFGraph(duint entryPoint)
161 | : entryPoint(entryPoint),
162 | userdata(nullptr)
163 | {
164 | }
165 |
166 | void AddNode(const BridgeCFNode & node)
167 | {
168 | nodes[node.start] = node;
169 | AddParent(node.start, node.brtrue);
170 | AddParent(node.start, node.brfalse);
171 | }
172 |
173 | void AddParent(duint child, duint parent)
174 | {
175 | if(!child || !parent)
176 | return;
177 | auto found = parents.find(child);
178 | if(found == parents.end())
179 | {
180 | parents[child] = std::unordered_set();
181 | parents[child].insert(parent);
182 | }
183 | else
184 | found->second.insert(parent);
185 | }
186 |
187 | BridgeCFGraphList ToGraphList() const
188 | {
189 | BridgeCFGraphList out;
190 | out.entryPoint = entryPoint;
191 | out.userdata = userdata;
192 | std::vector nodeList;
193 | nodeList.reserve(nodes.size());
194 | for(const auto & nodeIt : nodes)
195 | nodeList.push_back(nodeIt.second.ToNodeList());
196 | BridgeList::CopyData(&out.nodes, nodeList);
197 | return std::move(out);
198 | }
199 | };
200 |
201 | #endif //_MSC_VER
202 | #endif //__cplusplus
203 |
204 | #endif //_GRAPH_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/bridgelist.h:
--------------------------------------------------------------------------------
1 | #ifndef _LIST_H
2 | #define _LIST_H
3 |
4 | typedef struct
5 | {
6 | int count; //Number of element in the list.
7 | size_t size; //Size of list in bytes (used for type checking).
8 | void* data; //Pointer to the list contents. Must be deleted by the caller using BridgeFree (or BridgeList::Free).
9 | } ListInfo;
10 |
11 | #define ListOf(Type) ListInfo*
12 |
13 | #ifdef __cplusplus
14 |
15 | #include
16 |
17 | /**
18 | \brief A list object. This object is NOT thread safe.
19 | \tparam Type BridgeList contents type.
20 | */
21 | template
22 | class BridgeList
23 | {
24 | public:
25 | /**
26 | \brief BridgeList constructor.
27 | \param _freeData (Optional) the free function.
28 | */
29 | explicit BridgeList()
30 | {
31 | memset(&_listInfo, 0, sizeof(_listInfo));
32 | }
33 |
34 | /**
35 | \brief BridgeList destructor.
36 | */
37 | ~BridgeList()
38 | {
39 | Cleanup();
40 | }
41 |
42 | /**
43 | \brief Gets the list data.
44 | \return Returns ListInfo->data. Can be null if the list was never initialized. Will be destroyed once this object goes out of scope!
45 | */
46 | Type* Data() const
47 | {
48 | return reinterpret_cast(_listInfo.data);
49 | }
50 |
51 | /**
52 | \brief Gets the number of elements in the list. This will crash the program if the data is not consistent with the specified template argument.
53 | \return The number of elements in the list.
54 | */
55 | int Count() const
56 | {
57 | if(_listInfo.size != _listInfo.count * sizeof(Type)) //make sure the user is using the correct type.
58 | __debugbreak();
59 | return _listInfo.count;
60 | }
61 |
62 | /**
63 | \brief Cleans up the list, freeing the list data when it is not null.
64 | */
65 | void Cleanup()
66 | {
67 | if(_listInfo.data)
68 | {
69 | BridgeFree(_listInfo.data);
70 | _listInfo.data = nullptr;
71 | }
72 | }
73 |
74 | /**
75 | \brief Reference operator (cleans up the previous list)
76 | \return Pointer to the ListInfo.
77 | */
78 | ListInfo* operator&()
79 | {
80 | Cleanup();
81 | return &_listInfo;
82 | }
83 |
84 | /**
85 | \brief Array indexer operator. This will crash if you try to access out-of-bounds.
86 | \param index Zero-based index of the item you want to get.
87 | \return Reference to a value at that index.
88 | */
89 | Type & operator[](size_t index) const
90 | {
91 | if(index >= size_t(Count())) //make sure the out-of-bounds access is caught as soon as possible.
92 | __debugbreak();
93 | return Data()[index];
94 | }
95 |
96 | /**
97 | \brief Copies data to a ListInfo structure..
98 | \param [out] listInfo If non-null, information describing the list.
99 | \param listData Data to copy in the ListInfo structure.
100 | \return true if it succeeds, false if it fails.
101 | */
102 | static bool CopyData(ListInfo* listInfo, const std::vector & listData)
103 | {
104 | if(!listInfo)
105 | return false;
106 | listInfo->count = int(listData.size());
107 | listInfo->size = listInfo->count * sizeof(Type);
108 | if(listInfo->count)
109 | {
110 | listInfo->data = BridgeAlloc(listInfo->size);
111 | Type* curItem = reinterpret_cast(listInfo->data);
112 | for(const auto & item : listData)
113 | {
114 | *curItem = item;
115 | ++curItem;
116 | }
117 | }
118 | else
119 | listInfo->data = nullptr;
120 | return true;
121 | }
122 |
123 | static bool Free(const ListInfo* listInfo)
124 | {
125 | if(!listInfo || listInfo->size != listInfo->count * sizeof(Type) || (listInfo->count && !listInfo->data))
126 | return false;
127 | BridgeFree(listInfo->data);
128 | return true;
129 | }
130 |
131 | static bool ToVector(const ListInfo* listInfo, std::vector & listData, bool freedata = true)
132 | {
133 | if(!listInfo || listInfo->size != listInfo->count * sizeof(Type) || (listInfo->count && !listInfo->data))
134 | return false;
135 | listData.resize(listInfo->count);
136 | for(int i = 0; i < listInfo->count; i++)
137 | listData[i] = ((Type*)listInfo->data)[i];
138 | if(freedata && listInfo->data)
139 | BridgeFree(listInfo->data);
140 | return true;
141 | }
142 |
143 | private:
144 | ListInfo _listInfo;
145 | };
146 |
147 | #endif //__cplusplus
148 |
149 | #endif //_LIST_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/dbghelp/dbghelp_x64.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/dbghelp/dbghelp_x64.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/dbghelp/dbghelp_x64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/dbghelp/dbghelp_x64.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/dbghelp/dbghelp_x86.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/dbghelp/dbghelp_x86.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/dbghelp/dbghelp_x86.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/dbghelp/dbghelp_x86.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/jansson/jansson_config.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2010-2016 Petri Lehtinen
3 | *
4 | * Jansson is free software; you can redistribute it and/or modify
5 | * it under the terms of the MIT license. See LICENSE for details.
6 | *
7 | *
8 | * This file specifies a part of the site-specific configuration for
9 | * Jansson, namely those things that affect the public API in
10 | * jansson.h.
11 | *
12 | * The CMake system will generate the jansson_config.h file and
13 | * copy it to the build and install directories.
14 | */
15 |
16 | #ifndef JANSSON_CONFIG_H
17 | #define JANSSON_CONFIG_H
18 |
19 | /* Define this so that we can disable scattered automake configuration in source files */
20 | #ifndef JANSSON_USING_CMAKE
21 | #define JANSSON_USING_CMAKE
22 | #endif
23 |
24 | /* Note: when using cmake, JSON_INTEGER_IS_LONG_LONG is not defined nor used,
25 | * as we will also check for __int64 etc types.
26 | * (the definition was used in the automake system) */
27 |
28 | /* Bring in the cmake-detected defines */
29 | #define HAVE_STDINT_H 1
30 | /* #undef HAVE_INTTYPES_H */
31 | /* #undef HAVE_SYS_TYPES_H */
32 |
33 | /* Include our standard type header for the integer typedef */
34 |
35 | #if defined(HAVE_STDINT_H)
36 | # include
37 | #elif defined(HAVE_INTTYPES_H)
38 | # include
39 | #elif defined(HAVE_SYS_TYPES_H)
40 | # include
41 | #endif
42 |
43 |
44 | /* If your compiler supports the inline keyword in C, JSON_INLINE is
45 | defined to `inline', otherwise empty. In C++, the inline is always
46 | supported. */
47 | #ifdef __cplusplus
48 | #define JSON_INLINE inline
49 | #else
50 | #define JSON_INLINE __inline
51 | #endif
52 |
53 |
54 | #define json_int_t long long
55 | #define json_strtoint strtoll
56 | #define JSON_INTEGER_FORMAT "I64d"
57 |
58 |
59 | /* If locale.h and localeconv() are available, define to 1, otherwise to 0. */
60 | #define JSON_HAVE_LOCALECONV 1
61 |
62 |
63 | /* Maximum recursion depth for parsing JSON input.
64 | This limits the depth of e.g. array-within-array constructions. */
65 | #define JSON_PARSER_MAX_DEPTH 2048
66 |
67 |
68 | #endif
69 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/jansson/jansson_x64.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/jansson/jansson_x64.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/jansson/jansson_x64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/jansson/jansson_x64.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/jansson/jansson_x64dbg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "jansson.h"
4 |
5 | typedef json_t* JSON;
6 |
7 | static JSON_INLINE
8 | json_t* json_hex(unsigned json_int_t value)
9 | {
10 | char hexvalue[20];
11 | sprintf_s(hexvalue, "0x%llX", value);
12 | return json_string(hexvalue);
13 | }
14 |
15 | static JSON_INLINE
16 | unsigned json_int_t json_hex_value(const json_t* hex)
17 | {
18 | unsigned json_int_t ret = 0;
19 | const char* hexvalue;
20 | hexvalue = json_string_value(hex);
21 | if(!hexvalue)
22 | return 0;
23 | sscanf_s(hexvalue, "0x%llX", &ret);
24 | return ret;
25 | }
26 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/jansson/jansson_x86.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/jansson/jansson_x86.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/jansson/jansson_x86.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/jansson/jansson_x86.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/lz4/lz4_x64.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/lz4/lz4_x64.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/lz4/lz4_x64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/lz4/lz4_x64.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/lz4/lz4_x86.a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/lz4/lz4_x86.a
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/lz4/lz4_x86.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/lz4/lz4_x86.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/lz4/lz4file.h:
--------------------------------------------------------------------------------
1 | #ifndef _LZ4FILE_H
2 | #define _LZ4FILE_H
3 |
4 | typedef enum _LZ4_STATUS
5 | {
6 | LZ4_SUCCESS,
7 | LZ4_FAILED_OPEN_INPUT,
8 | LZ4_FAILED_OPEN_OUTPUT,
9 | LZ4_NOT_ENOUGH_MEMORY,
10 | LZ4_INVALID_ARCHIVE,
11 | LZ4_CORRUPTED_ARCHIVE
12 | } LZ4_STATUS;
13 |
14 | #if defined (__cplusplus)
15 | extern "C"
16 | {
17 | #endif
18 |
19 | __declspec(dllimport) LZ4_STATUS LZ4_compress_file(const char* input_filename, const char* output_filename);
20 | __declspec(dllimport) LZ4_STATUS LZ4_compress_fileW(const wchar_t* input_filename, const wchar_t* output_filename);
21 | __declspec(dllimport) LZ4_STATUS LZ4_decompress_file(const char* input_filename, const char* output_filename);
22 | __declspec(dllimport) LZ4_STATUS LZ4_decompress_fileW(const wchar_t* input_filename, const wchar_t* output_filename);
23 |
24 | #if defined (__cplusplus)
25 | }
26 | #endif
27 |
28 | #endif //_LZ4FILE_H
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/x32bridge.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/x32bridge.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/x32dbg.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/x32dbg.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/x64bridge.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/x64bridge.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/x64dbg.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/x64dbg.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007-2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_YARA_H
31 | #define YR_YARA_H
32 |
33 | #include "yara/utils.h"
34 | #include "yara/filemap.h"
35 | #include "yara/compiler.h"
36 | #include "yara/modules.h"
37 | #include "yara/object.h"
38 | #include "yara/libyara.h"
39 | #include "yara/error.h"
40 | #include "yara/stream.h"
41 | #include "yara/hash.h"
42 |
43 | #endif
44 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/ahocorasick.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef _AHOCORASICK_H
31 | #define _AHOCORASICK_H
32 |
33 | #include "limits.h"
34 | #include "atoms.h"
35 | #include "types.h"
36 |
37 |
38 | #define YR_AC_ROOT_STATE 0
39 | #define YR_AC_NEXT_STATE(t) (t >> 32)
40 | #define YR_AC_INVALID_TRANSITION(t, c) (((t) & 0xFFFF) != c)
41 |
42 | #define YR_AC_MAKE_TRANSITION(state, code, flags) \
43 | ((uint64_t)((((uint64_t) state) << 32) | ((flags) << 16) | (code)))
44 |
45 | #define YR_AC_USED_FLAG 0x1
46 |
47 | #define YR_AC_USED_TRANSITION_SLOT(x) ((x) & (YR_AC_USED_FLAG << 16))
48 | #define YR_AC_UNUSED_TRANSITION_SLOT(x) (!YR_AC_USED_TRANSITION_SLOT(x))
49 |
50 |
51 | typedef struct _YR_AC_TABLES
52 | {
53 | YR_AC_TRANSITION* transitions;
54 | YR_AC_MATCH_TABLE_ENTRY* matches;
55 |
56 | } YR_AC_TABLES;
57 |
58 |
59 | int yr_ac_automaton_create(
60 | YR_AC_AUTOMATON** automaton);
61 |
62 |
63 | int yr_ac_automaton_destroy(
64 | YR_AC_AUTOMATON* automaton);
65 |
66 |
67 | int yr_ac_add_string(
68 | YR_AC_AUTOMATON* automaton,
69 | YR_STRING* string,
70 | YR_ATOM_LIST_ITEM* atom,
71 | YR_ARENA* matches_arena);
72 |
73 |
74 | int yr_ac_compile(
75 | YR_AC_AUTOMATON* automaton,
76 | YR_ARENA* arena,
77 | YR_AC_TABLES* tables);
78 |
79 |
80 | void yr_ac_print_automaton(
81 | YR_AC_AUTOMATON* automaton);
82 |
83 |
84 | #endif
85 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/arena.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_ARENA_H
31 | #define YR_ARENA_H
32 |
33 | #include
34 |
35 | #include "integers.h"
36 | #include "stream.h"
37 |
38 | #define ARENA_FLAGS_FIXED_SIZE 1
39 | #define ARENA_FLAGS_COALESCED 2
40 | #define ARENA_FILE_VERSION ((13 << 16) | MAX_THREADS)
41 |
42 | #define EOL ((size_t) -1)
43 |
44 |
45 | typedef struct _YR_RELOC
46 | {
47 | uint32_t offset;
48 | struct _YR_RELOC* next;
49 |
50 | } YR_RELOC;
51 |
52 |
53 | typedef struct _YR_ARENA_PAGE
54 | {
55 |
56 | uint8_t* new_address;
57 | uint8_t* address;
58 |
59 | size_t size;
60 | size_t used;
61 |
62 | YR_RELOC* reloc_list_head;
63 | YR_RELOC* reloc_list_tail;
64 |
65 | struct _YR_ARENA_PAGE* next;
66 | struct _YR_ARENA_PAGE* prev;
67 |
68 | } YR_ARENA_PAGE;
69 |
70 |
71 | typedef struct _YR_ARENA
72 | {
73 | int flags;
74 |
75 | YR_ARENA_PAGE* page_list_head;
76 | YR_ARENA_PAGE* current_page;
77 |
78 | } YR_ARENA;
79 |
80 |
81 | int yr_arena_create(
82 | size_t initial_size,
83 | int flags,
84 | YR_ARENA** arena);
85 |
86 |
87 | void yr_arena_destroy(
88 | YR_ARENA* arena);
89 |
90 |
91 | void* yr_arena_base_address(
92 | YR_ARENA* arena);
93 |
94 |
95 | void* yr_arena_next_address(
96 | YR_ARENA* arena,
97 | void* address,
98 | size_t offset);
99 |
100 |
101 | int yr_arena_coalesce(
102 | YR_ARENA* arena);
103 |
104 |
105 | int yr_arena_reserve_memory(
106 | YR_ARENA* arena,
107 | size_t size);
108 |
109 |
110 | int yr_arena_allocate_memory(
111 | YR_ARENA* arena,
112 | size_t size,
113 | void** allocated_memory);
114 |
115 |
116 | int yr_arena_allocate_struct(
117 | YR_ARENA* arena,
118 | size_t size,
119 | void** allocated_memory,
120 | ...);
121 |
122 |
123 | int yr_arena_make_relocatable(
124 | YR_ARENA* arena,
125 | void* base,
126 | ...);
127 |
128 |
129 | int yr_arena_write_data(
130 | YR_ARENA* arena,
131 | void* data,
132 | size_t size,
133 | void** written_data);
134 |
135 |
136 | int yr_arena_write_string(
137 | YR_ARENA* arena,
138 | const char* string,
139 | char** written_string);
140 |
141 |
142 | int yr_arena_append(
143 | YR_ARENA* target_arena,
144 | YR_ARENA* source_arena);
145 |
146 |
147 | int yr_arena_load_stream(
148 | YR_STREAM* stream,
149 | YR_ARENA** arena);
150 |
151 |
152 | int yr_arena_save_stream(
153 | YR_ARENA* arena,
154 | YR_STREAM* stream);
155 |
156 |
157 | int yr_arena_duplicate(
158 | YR_ARENA* arena,
159 | YR_ARENA** duplicated);
160 |
161 |
162 | void yr_arena_print(
163 | YR_ARENA* arena);
164 |
165 | #endif
166 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/atoms.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_ATOMS_H
31 | #define YR_ATOMS_H
32 |
33 | #include "limits.h"
34 | #include "re.h"
35 |
36 | #define ATOM_TREE_LEAF 1
37 | #define ATOM_TREE_AND 2
38 | #define ATOM_TREE_OR 3
39 |
40 |
41 | typedef struct _ATOM_TREE_NODE
42 | {
43 | uint8_t type;
44 | uint8_t atom_length;
45 | uint8_t atom[MAX_ATOM_LENGTH];
46 |
47 | uint8_t* forward_code;
48 | uint8_t* backward_code;
49 |
50 | RE_NODE* recent_nodes[MAX_ATOM_LENGTH];
51 |
52 | struct _ATOM_TREE_NODE* children_head;
53 | struct _ATOM_TREE_NODE* children_tail;
54 | struct _ATOM_TREE_NODE* next_sibling;
55 |
56 | } ATOM_TREE_NODE;
57 |
58 |
59 | typedef struct _ATOM_TREE
60 | {
61 | ATOM_TREE_NODE* current_leaf;
62 | ATOM_TREE_NODE* root_node;
63 |
64 | } ATOM_TREE;
65 |
66 |
67 | typedef struct _YR_ATOM_LIST_ITEM
68 | {
69 | uint8_t atom_length;
70 | uint8_t atom[MAX_ATOM_LENGTH];
71 |
72 | uint16_t backtrack;
73 |
74 | uint8_t* forward_code;
75 | uint8_t* backward_code;
76 |
77 | struct _YR_ATOM_LIST_ITEM* next;
78 |
79 | } YR_ATOM_LIST_ITEM;
80 |
81 |
82 | int yr_atoms_extract_from_re(
83 | RE_AST* re_ast,
84 | int flags,
85 | YR_ATOM_LIST_ITEM** atoms);
86 |
87 |
88 | int yr_atoms_extract_from_string(
89 | uint8_t* string,
90 | int string_length,
91 | int flags,
92 | YR_ATOM_LIST_ITEM** atoms);
93 |
94 |
95 | int yr_atoms_min_quality(
96 | YR_ATOM_LIST_ITEM* atom_list);
97 |
98 |
99 | void yr_atoms_list_destroy(
100 | YR_ATOM_LIST_ITEM* list_head);
101 |
102 | #endif
103 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/compiler.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_COMPILER_H
31 | #define YR_COMPILER_H
32 |
33 | #include
34 | #include
35 |
36 | #include "ahocorasick.h"
37 | #include "arena.h"
38 | #include "hash.h"
39 | #include "utils.h"
40 | #include "filemap.h"
41 |
42 |
43 | #define YARA_ERROR_LEVEL_ERROR 0
44 | #define YARA_ERROR_LEVEL_WARNING 1
45 |
46 |
47 | typedef void (*YR_COMPILER_CALLBACK_FUNC)(
48 | int error_level,
49 | const char* file_name,
50 | int line_number,
51 | const char* message,
52 | void* user_data);
53 |
54 |
55 | typedef struct _YR_FIXUP
56 | {
57 | void* address;
58 | struct _YR_FIXUP* next;
59 |
60 | } YR_FIXUP;
61 |
62 |
63 | typedef struct _YR_COMPILER
64 | {
65 | int errors;
66 | int current_line;
67 | int last_error;
68 | int last_error_line;
69 | int last_result;
70 |
71 | jmp_buf error_recovery;
72 |
73 | YR_ARENA* sz_arena;
74 | YR_ARENA* rules_arena;
75 | YR_ARENA* strings_arena;
76 | YR_ARENA* code_arena;
77 | YR_ARENA* re_code_arena;
78 | YR_ARENA* compiled_rules_arena;
79 | YR_ARENA* externals_arena;
80 | YR_ARENA* namespaces_arena;
81 | YR_ARENA* metas_arena;
82 | YR_ARENA* matches_arena;
83 | YR_ARENA* automaton_arena;
84 |
85 | YR_AC_AUTOMATON* automaton;
86 | YR_HASH_TABLE* rules_table;
87 | YR_HASH_TABLE* objects_table;
88 | YR_HASH_TABLE* strings_table;
89 | YR_NAMESPACE* current_namespace;
90 | YR_RULE* current_rule;
91 |
92 | YR_FIXUP* fixup_stack_head;
93 |
94 | int namespaces_count;
95 |
96 | uint8_t* loop_address[MAX_LOOP_NESTING];
97 | char* loop_identifier[MAX_LOOP_NESTING];
98 | int loop_depth;
99 | int loop_for_of_mem_offset;
100 |
101 | int allow_includes;
102 |
103 | char* file_name_stack[MAX_INCLUDE_DEPTH];
104 | int file_name_stack_ptr;
105 |
106 | FILE* file_stack[MAX_INCLUDE_DEPTH];
107 | int file_stack_ptr;
108 |
109 | char last_error_extra_info[MAX_COMPILER_ERROR_EXTRA_INFO];
110 |
111 | char lex_buf[LEX_BUF_SIZE];
112 | char* lex_buf_ptr;
113 | unsigned short lex_buf_len;
114 |
115 | char include_base_dir[MAX_PATH];
116 | void* user_data;
117 |
118 | YR_COMPILER_CALLBACK_FUNC callback;
119 |
120 | } YR_COMPILER;
121 |
122 |
123 | #define yr_compiler_set_error_extra_info(compiler, info) \
124 | strlcpy( \
125 | compiler->last_error_extra_info, \
126 | info, \
127 | sizeof(compiler->last_error_extra_info)); \
128 |
129 |
130 | #define yr_compiler_set_error_extra_info_fmt(compiler, fmt, ...) \
131 | snprintf( \
132 | compiler->last_error_extra_info, \
133 | sizeof(compiler->last_error_extra_info), \
134 | fmt, __VA_ARGS__);
135 |
136 |
137 | int _yr_compiler_push_file(
138 | YR_COMPILER* compiler,
139 | FILE* fh);
140 |
141 |
142 | FILE* _yr_compiler_pop_file(
143 | YR_COMPILER* compiler);
144 |
145 |
146 | int _yr_compiler_push_file_name(
147 | YR_COMPILER* compiler,
148 | const char* file_name);
149 |
150 |
151 | void _yr_compiler_pop_file_name(
152 | YR_COMPILER* compiler);
153 |
154 |
155 | YR_API int yr_compiler_create(
156 | YR_COMPILER** compiler);
157 |
158 |
159 | YR_API void yr_compiler_destroy(
160 | YR_COMPILER* compiler);
161 |
162 |
163 | YR_API void yr_compiler_set_callback(
164 | YR_COMPILER* compiler,
165 | YR_COMPILER_CALLBACK_FUNC callback,
166 | void* user_data);
167 |
168 |
169 | YR_API int yr_compiler_add_file(
170 | YR_COMPILER* compiler,
171 | FILE* rules_file,
172 | const char* namespace_,
173 | const char* file_name);
174 |
175 |
176 | YR_API int yr_compiler_add_fd(
177 | YR_COMPILER* compiler,
178 | YR_FILE_DESCRIPTOR rules_fd,
179 | const char* namespace_,
180 | const char* file_name);
181 |
182 |
183 | YR_API int yr_compiler_add_string(
184 | YR_COMPILER* compiler,
185 | const char* rules_string,
186 | const char* namespace_);
187 |
188 |
189 | YR_API char* yr_compiler_get_error_message(
190 | YR_COMPILER* compiler,
191 | char* buffer,
192 | int buffer_size);
193 |
194 |
195 | YR_API char* yr_compiler_get_current_file_name(
196 | YR_COMPILER* context);
197 |
198 |
199 | YR_API int yr_compiler_define_integer_variable(
200 | YR_COMPILER* compiler,
201 | const char* identifier,
202 | int64_t value);
203 |
204 |
205 | YR_API int yr_compiler_define_boolean_variable(
206 | YR_COMPILER* compiler,
207 | const char* identifier,
208 | int value);
209 |
210 |
211 | YR_API int yr_compiler_define_float_variable(
212 | YR_COMPILER* compiler,
213 | const char* identifier,
214 | double value);
215 |
216 |
217 | YR_API int yr_compiler_define_string_variable(
218 | YR_COMPILER* compiler,
219 | const char* identifier,
220 | const char* value);
221 |
222 |
223 | YR_API int yr_compiler_get_rules(
224 | YR_COMPILER* compiler,
225 | YR_RULES** rules);
226 |
227 |
228 | #endif
229 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/endian.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2016. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_ENDIAN_H
31 | #define YR_ENDIAN_H
32 |
33 | #include
34 |
35 |
36 | #if defined(__has_builtin)
37 | # if __has_builtin(__builtin_bswap16)
38 | # define yr_bswap16(x) __builtin_bswap16(x)
39 | # endif
40 | #endif
41 |
42 | #if !defined(yr_bswap16) && defined(_MSC_VER)
43 | # define yr_bswap16(x) _byteswap_ushort(x)
44 | #endif
45 |
46 | #if !defined(yr_bswap16)
47 | uint16_t _yr_bswap16(uint16_t x);
48 | # define yr_bswap16(x) _yr_bswap16(x)
49 | #endif
50 |
51 |
52 | #if defined(__has_builtin)
53 | # if __has_builtin(__builtin_bswap32)
54 | # define yr_bswap32(x) __builtin_bswap32(x)
55 | # endif
56 | #endif
57 |
58 | #if !defined(yr_bswap32) && defined(_MSC_VER)
59 | # define yr_bswap32(x) _byteswap_ulong(x)
60 | #endif
61 |
62 | #if !defined(yr_bswap32)
63 | uint32_t _yr_bswap32(uint32_t x);
64 | #define yr_bswap32(x) _yr_bswap32(x)
65 | #endif
66 |
67 |
68 | #if defined(__has_builtin)
69 | # if __has_builtin(__builtin_bswap64)
70 | # define yr_bswap64(x) __builtin_bswap64(x)
71 | # endif
72 | #endif
73 |
74 | #if !defined(yr_bswap64) && defined(_MSC_VER)
75 | # define yr_bswap64(x) _byteswap_uint64(x)
76 | #endif
77 |
78 | #if !defined(yr_bswap64)
79 | uint64_t _yr_bswap64(uint64_t x);
80 | #define yr_bswap64(x) _yr_bswap64(x)
81 | #endif
82 |
83 |
84 | #if defined(WORDS_BIGENDIAN)
85 | #define yr_le16toh(x) yr_bswap16(x)
86 | #define yr_le32toh(x) yr_bswap32(x)
87 | #define yr_le64toh(x) yr_bswap64(x)
88 | #define yr_be16toh(x) (x)
89 | #define yr_be32toh(x) (x)
90 | #define yr_be64toh(x) (x)
91 | #else
92 | #define yr_le16toh(x) (x)
93 | #define yr_le32toh(x) (x)
94 | #define yr_le64toh(x) (x)
95 | #define yr_be16toh(x) yr_bswap16(x)
96 | #define yr_be32toh(x) yr_bswap32(x)
97 | #define yr_be64toh(x) yr_bswap64(x)
98 | #endif
99 |
100 | #endif
101 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/error.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_ERROR_H
31 | #define YR_ERROR_H
32 |
33 | #include
34 |
35 | #if defined(_WIN32) || defined(__CYGWIN__)
36 | #include
37 | #endif
38 |
39 | #ifndef ERROR_SUCCESS
40 | #define ERROR_SUCCESS 0
41 | #endif
42 |
43 | // ERROR_INSUFICIENT_MEMORY is misspelled but it's kept for backward
44 | // compatibility, as some other programs can be using it in this form.
45 | #define ERROR_INSUFICIENT_MEMORY 1
46 |
47 | #define ERROR_INSUFFICIENT_MEMORY 1
48 | #define ERROR_COULD_NOT_ATTACH_TO_PROCESS 2
49 | #define ERROR_COULD_NOT_OPEN_FILE 3
50 | #define ERROR_COULD_NOT_MAP_FILE 4
51 | #define ERROR_INVALID_FILE 6
52 | #define ERROR_CORRUPT_FILE 7
53 | #define ERROR_UNSUPPORTED_FILE_VERSION 8
54 | #define ERROR_INVALID_REGULAR_EXPRESSION 9
55 | #define ERROR_INVALID_HEX_STRING 10
56 | #define ERROR_SYNTAX_ERROR 11
57 | #define ERROR_LOOP_NESTING_LIMIT_EXCEEDED 12
58 | #define ERROR_DUPLICATED_LOOP_IDENTIFIER 13
59 | #define ERROR_DUPLICATED_IDENTIFIER 14
60 | #define ERROR_DUPLICATED_TAG_IDENTIFIER 15
61 | #define ERROR_DUPLICATED_META_IDENTIFIER 16
62 | #define ERROR_DUPLICATED_STRING_IDENTIFIER 17
63 | #define ERROR_UNREFERENCED_STRING 18
64 | #define ERROR_UNDEFINED_STRING 19
65 | #define ERROR_UNDEFINED_IDENTIFIER 20
66 | #define ERROR_MISPLACED_ANONYMOUS_STRING 21
67 | #define ERROR_INCLUDES_CIRCULAR_REFERENCE 22
68 | #define ERROR_INCLUDE_DEPTH_EXCEEDED 23
69 | #define ERROR_WRONG_TYPE 24
70 | #define ERROR_EXEC_STACK_OVERFLOW 25
71 | #define ERROR_SCAN_TIMEOUT 26
72 | #define ERROR_TOO_MANY_SCAN_THREADS 27
73 | #define ERROR_CALLBACK_ERROR 28
74 | #define ERROR_INVALID_ARGUMENT 29
75 | #define ERROR_TOO_MANY_MATCHES 30
76 | #define ERROR_INTERNAL_FATAL_ERROR 31
77 | #define ERROR_NESTED_FOR_OF_LOOP 32
78 | #define ERROR_INVALID_FIELD_NAME 33
79 | #define ERROR_UNKNOWN_MODULE 34
80 | #define ERROR_NOT_A_STRUCTURE 35
81 | #define ERROR_NOT_INDEXABLE 36
82 | #define ERROR_NOT_A_FUNCTION 37
83 | #define ERROR_INVALID_FORMAT 38
84 | #define ERROR_TOO_MANY_ARGUMENTS 39
85 | #define ERROR_WRONG_ARGUMENTS 40
86 | #define ERROR_WRONG_RETURN_TYPE 41
87 | #define ERROR_DUPLICATED_STRUCTURE_MEMBER 42
88 | #define ERROR_EMPTY_STRING 43
89 | #define ERROR_DIVISION_BY_ZERO 44
90 | #define ERROR_REGULAR_EXPRESSION_TOO_LARGE 45
91 | #define ERROR_TOO_MANY_RE_FIBERS 46
92 | #define ERROR_COULD_NOT_READ_PROCESS_MEMORY 47
93 | #define ERROR_INVALID_EXTERNAL_VARIABLE_TYPE 48
94 | #define ERROR_REGULAR_EXPRESSION_TOO_COMPLEX 49
95 | #define ERROR_INVALID_MODULE_NAME 50
96 |
97 |
98 | #define FAIL_ON_ERROR(x) { \
99 | int result = (x); \
100 | if (result != ERROR_SUCCESS) \
101 | return result; \
102 | }
103 |
104 | #define FAIL_ON_ERROR_WITH_CLEANUP(x, cleanup) { \
105 | int result = (x); \
106 | if (result != ERROR_SUCCESS) { \
107 | cleanup; \
108 | return result; \
109 | } \
110 | }
111 |
112 | #define FAIL_ON_COMPILER_ERROR(x) { \
113 | compiler->last_result = (x); \
114 | if (compiler->last_result != ERROR_SUCCESS) \
115 | return compiler->last_result; \
116 | }
117 |
118 |
119 | #ifdef NDEBUG
120 | #define assertf(expr, msg, ...) ((void)0)
121 | #else
122 | #define assertf(expr, msg, ...) \
123 | if(!(expr)) { \
124 | fprintf(stderr, "%s:%d: " msg "\n", __FILE__, __LINE__, ##__VA_ARGS__); \
125 | abort(); \
126 | }
127 | #endif
128 |
129 | #endif
130 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/exec.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013-2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_EXEC_H
31 | #define YR_EXEC_H
32 |
33 | #include "hash.h"
34 | #include "scan.h"
35 | #include "types.h"
36 | #include "rules.h"
37 |
38 |
39 | #define UNDEFINED 0xFFFABADAFABADAFFLL
40 | #define IS_UNDEFINED(x) ((size_t)(x) == (size_t) UNDEFINED)
41 |
42 | #define OP_ERROR 0
43 | #define OP_HALT 255
44 | #define OP_NOP 254
45 |
46 | #define OP_AND 1
47 | #define OP_OR 2
48 | #define OP_NOT 3
49 | #define OP_BITWISE_NOT 4
50 | #define OP_BITWISE_AND 5
51 | #define OP_BITWISE_OR 6
52 | #define OP_BITWISE_XOR 7
53 | #define OP_SHL 8
54 | #define OP_SHR 9
55 | #define OP_MOD 10
56 | #define OP_INT_TO_DBL 11
57 | #define OP_STR_TO_BOOL 12
58 | #define OP_PUSH 13
59 | #define OP_POP 14
60 | #define OP_CALL 15
61 | #define OP_OBJ_LOAD 16
62 | #define OP_OBJ_VALUE 17
63 | #define OP_OBJ_FIELD 18
64 | #define OP_INDEX_ARRAY 19
65 | #define OP_COUNT 20
66 | #define OP_LENGTH 21
67 | #define OP_FOUND 22
68 | #define OP_FOUND_AT 23
69 | #define OP_FOUND_IN 24
70 | #define OP_OFFSET 25
71 | #define OP_OF 26
72 | #define OP_PUSH_RULE 27
73 | #define OP_INIT_RULE 28
74 | #define OP_MATCH_RULE 29
75 | #define OP_INCR_M 30
76 | #define OP_CLEAR_M 31
77 | #define OP_ADD_M 32
78 | #define OP_POP_M 33
79 | #define OP_PUSH_M 34
80 | #define OP_SWAPUNDEF 35
81 | #define OP_JNUNDEF 36
82 | #define OP_JLE 37
83 | #define OP_FILESIZE 38
84 | #define OP_ENTRYPOINT 39
85 | #define OP_CONTAINS 40
86 | #define OP_MATCHES 41
87 | #define OP_IMPORT 42
88 | #define OP_LOOKUP_DICT 43
89 | #define OP_JFALSE 44
90 | #define OP_JTRUE 45
91 |
92 |
93 | #define _OP_EQ 0
94 | #define _OP_NEQ 1
95 | #define _OP_LT 2
96 | #define _OP_GT 3
97 | #define _OP_LE 4
98 | #define _OP_GE 5
99 | #define _OP_ADD 6
100 | #define _OP_SUB 7
101 | #define _OP_MUL 8
102 | #define _OP_DIV 9
103 | #define _OP_MINUS 10
104 |
105 |
106 | #define OP_INT_BEGIN 100
107 | #define OP_INT_EQ (OP_INT_BEGIN + _OP_EQ)
108 | #define OP_INT_NEQ (OP_INT_BEGIN + _OP_NEQ)
109 | #define OP_INT_LT (OP_INT_BEGIN + _OP_LT)
110 | #define OP_INT_GT (OP_INT_BEGIN + _OP_GT)
111 | #define OP_INT_LE (OP_INT_BEGIN + _OP_LE)
112 | #define OP_INT_GE (OP_INT_BEGIN + _OP_GE)
113 | #define OP_INT_ADD (OP_INT_BEGIN + _OP_ADD)
114 | #define OP_INT_SUB (OP_INT_BEGIN + _OP_SUB)
115 | #define OP_INT_MUL (OP_INT_BEGIN + _OP_MUL)
116 | #define OP_INT_DIV (OP_INT_BEGIN + _OP_DIV)
117 | #define OP_INT_MINUS (OP_INT_BEGIN + _OP_MINUS)
118 | #define OP_INT_END OP_INT_MINUS
119 |
120 | #define OP_DBL_BEGIN 120
121 | #define OP_DBL_EQ (OP_DBL_BEGIN + _OP_EQ)
122 | #define OP_DBL_NEQ (OP_DBL_BEGIN + _OP_NEQ)
123 | #define OP_DBL_LT (OP_DBL_BEGIN + _OP_LT)
124 | #define OP_DBL_GT (OP_DBL_BEGIN + _OP_GT)
125 | #define OP_DBL_LE (OP_DBL_BEGIN + _OP_LE)
126 | #define OP_DBL_GE (OP_DBL_BEGIN + _OP_GE)
127 | #define OP_DBL_ADD (OP_DBL_BEGIN + _OP_ADD)
128 | #define OP_DBL_SUB (OP_DBL_BEGIN + _OP_SUB)
129 | #define OP_DBL_MUL (OP_DBL_BEGIN + _OP_MUL)
130 | #define OP_DBL_DIV (OP_DBL_BEGIN + _OP_DIV)
131 | #define OP_DBL_MINUS (OP_DBL_BEGIN + _OP_MINUS)
132 | #define OP_DBL_END OP_DBL_MINUS
133 |
134 | #define OP_STR_BEGIN 140
135 | #define OP_STR_EQ (OP_STR_BEGIN + _OP_EQ)
136 | #define OP_STR_NEQ (OP_STR_BEGIN + _OP_NEQ)
137 | #define OP_STR_LT (OP_STR_BEGIN + _OP_LT)
138 | #define OP_STR_GT (OP_STR_BEGIN + _OP_GT)
139 | #define OP_STR_LE (OP_STR_BEGIN + _OP_LE)
140 | #define OP_STR_GE (OP_STR_BEGIN + _OP_GE)
141 | #define OP_STR_END OP_STR_GE
142 |
143 | #define IS_INT_OP(x) ((x) >= OP_INT_BEGIN && (x) <= OP_INT_END)
144 | #define IS_DBL_OP(x) ((x) >= OP_DBL_BEGIN && (x) <= OP_DBL_END)
145 | #define IS_STR_OP(x) ((x) >= OP_STR_BEGIN && (x) <= OP_STR_END)
146 |
147 | #define OP_READ_INT 240
148 | #define OP_INT8 (OP_READ_INT + 0)
149 | #define OP_INT16 (OP_READ_INT + 1)
150 | #define OP_INT32 (OP_READ_INT + 2)
151 | #define OP_UINT8 (OP_READ_INT + 3)
152 | #define OP_UINT16 (OP_READ_INT + 4)
153 | #define OP_UINT32 (OP_READ_INT + 5)
154 | #define OP_INT8BE (OP_READ_INT + 6)
155 | #define OP_INT16BE (OP_READ_INT + 7)
156 | #define OP_INT32BE (OP_READ_INT + 8)
157 | #define OP_UINT8BE (OP_READ_INT + 9)
158 | #define OP_UINT16BE (OP_READ_INT + 10)
159 | #define OP_UINT32BE (OP_READ_INT + 11)
160 |
161 |
162 | #define OPERATION(operator, op1, op2) \
163 | (IS_UNDEFINED(op1) || IS_UNDEFINED(op2)) ? (UNDEFINED) : (op1 operator op2)
164 |
165 |
166 | #define COMPARISON(operator, op1, op2) \
167 | (IS_UNDEFINED(op1) || IS_UNDEFINED(op2)) ? (0) : (op1 operator op2)
168 |
169 |
170 | int yr_execute_code(
171 | YR_RULES* rules,
172 | YR_SCAN_CONTEXT* context,
173 | int timeout,
174 | time_t start_time);
175 |
176 | #endif
177 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/exefiles.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_EXEFILES_H
31 | #define YR_EXEFILES_H
32 |
33 | uint64_t yr_get_entry_point_offset(
34 | uint8_t* buffer,
35 | size_t buffer_length);
36 |
37 |
38 | uint64_t yr_get_entry_point_address(
39 | uint8_t* buffer,
40 | size_t buffer_length,
41 | size_t base_address);
42 |
43 | #endif
44 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/filemap.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_FILEMAP_H
31 | #define YR_FILEMAP_H
32 |
33 | #ifdef _MSC_VER
34 | #define off_t int64_t
35 | #else
36 | #include
37 | #endif
38 |
39 | #if defined(_WIN32) || defined(__CYGWIN__)
40 | #include
41 | #define YR_FILE_DESCRIPTOR HANDLE
42 | #else
43 | #define YR_FILE_DESCRIPTOR int
44 | #endif
45 |
46 | #include
47 |
48 | #include "integers.h"
49 | #include "utils.h"
50 |
51 |
52 | typedef struct _YR_MAPPED_FILE
53 | {
54 | YR_FILE_DESCRIPTOR file;
55 | size_t size;
56 | uint8_t* data;
57 | #if defined(_WIN32) || defined(__CYGWIN__)
58 | HANDLE mapping;
59 | #endif
60 |
61 | } YR_MAPPED_FILE;
62 |
63 |
64 | YR_API int yr_filemap_map(
65 | const char* file_path,
66 | YR_MAPPED_FILE* pmapped_file);
67 |
68 |
69 | YR_API int yr_filemap_map_fd(
70 | YR_FILE_DESCRIPTOR file,
71 | off_t offset,
72 | size_t size,
73 | YR_MAPPED_FILE* pmapped_file);
74 |
75 |
76 | YR_API int yr_filemap_map_ex(
77 | const char* file_path,
78 | off_t offset,
79 | size_t size,
80 | YR_MAPPED_FILE* pmapped_file);
81 |
82 |
83 | YR_API void yr_filemap_unmap(
84 | YR_MAPPED_FILE* pmapped_file);
85 |
86 |
87 | YR_API void yr_filemap_unmap_fd(
88 | YR_MAPPED_FILE* pmapped_file);
89 |
90 | #endif
91 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/globals.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_GLOBALS_H
31 | #define YR_GLOBALS_H
32 |
33 | #include "threading.h"
34 |
35 | extern char yr_lowercase[256];
36 | extern char yr_altercase[256];
37 |
38 | extern YR_THREAD_STORAGE_KEY yr_tidx_key;
39 | extern YR_THREAD_STORAGE_KEY yr_recovery_state_key;
40 |
41 | #endif
42 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/hash.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_HASH_H
31 | #define YR_HASH_H
32 |
33 | #include
34 |
35 | #include "utils.h"
36 |
37 | typedef struct _YR_HASH_TABLE_ENTRY
38 | {
39 | void* key;
40 | size_t key_length;
41 | char* ns;
42 | void* value;
43 |
44 | struct _YR_HASH_TABLE_ENTRY* next;
45 |
46 | } YR_HASH_TABLE_ENTRY;
47 |
48 |
49 | typedef struct _YR_HASH_TABLE
50 | {
51 | int size;
52 |
53 | YR_HASH_TABLE_ENTRY* buckets[1];
54 |
55 | } YR_HASH_TABLE;
56 |
57 |
58 | typedef int (*YR_HASH_TABLE_FREE_VALUE_FUNC)(void* value);
59 |
60 |
61 | YR_API int yr_hash_table_create(
62 | int size,
63 | YR_HASH_TABLE** table);
64 |
65 |
66 | YR_API void yr_hash_table_clean(
67 | YR_HASH_TABLE* table,
68 | YR_HASH_TABLE_FREE_VALUE_FUNC free_value);
69 |
70 |
71 | YR_API void yr_hash_table_destroy(
72 | YR_HASH_TABLE* table,
73 | YR_HASH_TABLE_FREE_VALUE_FUNC free_value);
74 |
75 |
76 | YR_API void* yr_hash_table_lookup(
77 | YR_HASH_TABLE* table,
78 | const char* key,
79 | const char* ns);
80 |
81 |
82 | YR_API int yr_hash_table_add(
83 | YR_HASH_TABLE* table,
84 | const char* key,
85 | const char* ns,
86 | void* value);
87 |
88 |
89 | YR_API void* yr_hash_table_lookup_raw_key(
90 | YR_HASH_TABLE* table,
91 | const void* key,
92 | size_t key_length,
93 | const char* ns);
94 |
95 |
96 | YR_API int yr_hash_table_add_raw_key(
97 | YR_HASH_TABLE* table,
98 | const void* key,
99 | size_t key_length,
100 | const char* ns,
101 | void* value);
102 |
103 | #endif
104 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/hex_lexer.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com].
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #include "re.h"
31 |
32 | #undef yyparse
33 | #undef yylex
34 | #undef yyerror
35 | #undef yyfatal
36 | #undef yychar
37 | #undef yydebug
38 | #undef yynerrs
39 | #undef yyget_extra
40 | #undef yyget_lineno
41 |
42 | #undef YY_FATAL_ERROR
43 | #undef YY_DECL
44 | #undef LEX_ENV
45 |
46 | #define yyparse hex_yyparse
47 | #define yylex hex_yylex
48 | #define yyerror hex_yyerror
49 | #define yyfatal hex_yyfatal
50 | #define yychar hex_yychar
51 | #define yydebug hex_yydebug
52 | #define yynerrs hex_yynerrs
53 | #define yyget_extra hex_yyget_extra
54 | #define yyget_lineno hex_yyget_lineno
55 |
56 |
57 | #ifndef YY_TYPEDEF_YY_SCANNER_T
58 | #define YY_TYPEDEF_YY_SCANNER_T
59 | typedef void* yyscan_t;
60 | #endif
61 |
62 | #define YY_EXTRA_TYPE RE_AST*
63 | #define YY_USE_CONST
64 |
65 |
66 | typedef struct _HEX_LEX_ENVIRONMENT
67 | {
68 | int token_count;
69 | int inside_or;
70 | int last_error_code;
71 | char last_error_message[256];
72 |
73 | } HEX_LEX_ENVIRONMENT;
74 |
75 |
76 | #define YY_FATAL_ERROR(msg) hex_yyfatal(yyscanner, msg)
77 |
78 | #define LEX_ENV ((HEX_LEX_ENVIRONMENT*) lex_env)
79 |
80 | #include
81 |
82 | #define YY_DECL int hex_yylex \
83 | (YYSTYPE * yylval_param , yyscan_t yyscanner, HEX_LEX_ENVIRONMENT* lex_env)
84 |
85 |
86 | YY_EXTRA_TYPE yyget_extra(
87 | yyscan_t yyscanner);
88 |
89 | int yylex(
90 | YYSTYPE* yylval_param,
91 | yyscan_t yyscanner,
92 | HEX_LEX_ENVIRONMENT* lex_env);
93 |
94 | int yyparse(
95 | void* yyscanner,
96 | HEX_LEX_ENVIRONMENT* lex_env);
97 |
98 | void yyerror(
99 | yyscan_t yyscanner,
100 | HEX_LEX_ENVIRONMENT* lex_env,
101 | const char* error_message);
102 |
103 | void yyfatal(
104 | yyscan_t yyscanner,
105 | const char* error_message);
106 |
107 | int yr_parse_hex_string(
108 | const char* hex_string,
109 | RE_AST** re_ast,
110 | RE_ERROR* error);
111 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/integers.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_INTEGERS_H
31 | #define YR_INTEGERS_H
32 |
33 | /* Integer type definitions
34 | */
35 | #if ( defined( _MSC_VER ) && ( _MSC_VER < 1600 ) ) || ( defined( __BORLANDC__ ) && ( __BORLANDC__ <= 0x0560 ) )
36 |
37 | #ifdef __cplusplus
38 | extern "C" {
39 | #endif
40 |
41 | /* Microsoft Visual Studio C++ before Visual Studio 2010 or earlier versions of the Borland C++ Builder
42 | * do not support the (u)int#_t type definitions but have __int# definitions instead
43 | */
44 | typedef __int8 int8_t;
45 | typedef unsigned __int8 uint8_t;
46 | typedef __int16 int16_t;
47 | typedef unsigned __int16 uint16_t;
48 | typedef __int32 int32_t;
49 | typedef unsigned __int32 uint32_t;
50 | typedef __int64 int64_t;
51 | typedef unsigned __int64 uint64_t;
52 |
53 | #ifdef __cplusplus
54 | }
55 | #endif
56 |
57 | #else
58 |
59 | /* Other "compilers" and later versions of Microsoft Visual Studio C++ and
60 | * Borland C/C++ define the types in
61 | */
62 | #include
63 |
64 | #endif
65 |
66 | #endif
67 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/lexer.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com].
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #include "compiler.h"
31 |
32 |
33 | #undef yyparse
34 | #undef yylex
35 | #undef yyerror
36 | #undef yyfatal
37 | #undef yychar
38 | #undef yydebug
39 | #undef yynerrs
40 | #undef yyget_extra
41 | #undef yyget_lineno
42 |
43 | #undef YY_DECL
44 | #undef YY_FATAL_ERROR
45 | #undef YY_EXTRA_TYPE
46 |
47 | #define yyparse yara_yyparse
48 | #define yylex yara_yylex
49 | #define yyerror yara_yyerror
50 | #define yyfatal yara_yyfatal
51 | #define yywarning yara_yywarning
52 | #define yychar yara_yychar
53 | #define yydebug yara_yydebug
54 | #define yynerrs yara_yynerrs
55 | #define yyget_extra yara_yyget_extra
56 | #define yyget_lineno yara_yyget_lineno
57 |
58 |
59 | #ifndef YY_TYPEDEF_YY_SCANNER_T
60 | #define YY_TYPEDEF_YY_SCANNER_T
61 | typedef void* yyscan_t;
62 | #endif
63 |
64 | #ifndef YY_TYPEDEF_EXPRESSION_T
65 | #define YY_TYPEDEF_EXPRESSION_T
66 |
67 |
68 | // Expression type constants are powers of two because they are used as flags.
69 | // For example:
70 | // CHECK_TYPE(whatever, EXPRESSION_TYPE_INTEGER | EXPRESSION_TYPE_FLOAT)
71 | // The expression above is used to ensure that the type of "whatever" is either
72 | // integer or float.
73 |
74 | #define EXPRESSION_TYPE_BOOLEAN 1
75 | #define EXPRESSION_TYPE_INTEGER 2
76 | #define EXPRESSION_TYPE_STRING 4
77 | #define EXPRESSION_TYPE_REGEXP 8
78 | #define EXPRESSION_TYPE_OBJECT 16
79 | #define EXPRESSION_TYPE_FLOAT 32
80 |
81 | typedef struct _EXPRESSION
82 | {
83 | int type;
84 |
85 | union
86 | {
87 | int64_t integer;
88 | YR_OBJECT* object;
89 | SIZED_STRING* sized_string;
90 | } value;
91 |
92 | const char* identifier;
93 |
94 | } EXPRESSION;
95 |
96 | union YYSTYPE;
97 |
98 | #endif
99 |
100 |
101 | #define YY_DECL int yylex( \
102 | union YYSTYPE* yylval_param, yyscan_t yyscanner, YR_COMPILER* compiler)
103 |
104 |
105 | #define YY_FATAL_ERROR(msg) yara_yyfatal(yyscanner, msg)
106 |
107 |
108 | #define YY_EXTRA_TYPE YR_COMPILER*
109 | #define YY_USE_CONST
110 |
111 |
112 | int yyget_lineno(yyscan_t yyscanner);
113 |
114 | int yylex(
115 | union YYSTYPE* yylval_param,
116 | yyscan_t yyscanner,
117 | YR_COMPILER* compiler);
118 |
119 | int yyparse(
120 | void* yyscanner,
121 | YR_COMPILER* compiler);
122 |
123 | void yyerror(
124 | yyscan_t yyscanner,
125 | YR_COMPILER* compiler,
126 | const char* error_message);
127 |
128 | void yywarning(
129 | yyscan_t yyscanner,
130 | const char* message_fmt,
131 | ...);
132 |
133 | void yyfatal(
134 | yyscan_t yyscanner,
135 | const char* error_message);
136 |
137 | YY_EXTRA_TYPE yyget_extra(
138 | yyscan_t yyscanner);
139 |
140 | int yr_lex_parse_rules_string(
141 | const char* rules_string,
142 | YR_COMPILER* compiler);
143 |
144 | int yr_lex_parse_rules_file(
145 | FILE* rules_file,
146 | YR_COMPILER* compiler);
147 |
148 | int yr_lex_parse_rules_fd(
149 | YR_FILE_DESCRIPTOR rules_fd,
150 | YR_COMPILER* compiler);
151 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/libyara.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_LIBYARA_H
31 | #define YR_LIBYARA_H
32 |
33 | #include "utils.h"
34 |
35 | #define YR_MAJOR_VERSION 3
36 | #define YR_MINOR_VERSION 6
37 | #define YR_MICRO_VERSION 0
38 |
39 | #define version_str(s) _version_str(s)
40 | #define _version_str(s) #s
41 |
42 | // Version as a string
43 | #define YR_VERSION version_str(YR_MAJOR_VERSION) \
44 | "." version_str(YR_MINOR_VERSION) \
45 | "." version_str(YR_MICRO_VERSION)
46 |
47 | // Version as a single 4-byte hex number, e.g. 0x030401 == 3.4.1.
48 | #define YR_VERSION_HEX ((YR_MAJOR_VERSION << 16) | \
49 | (YR_MINOR_VERSION << 8) | \
50 | (YR_MICRO_VERSION << 0))
51 |
52 |
53 | // Enumerated type listing configuration options
54 | typedef enum _YR_CONFIG_NAME
55 | {
56 | YR_CONFIG_STACK_SIZE,
57 | YR_CONFIG_MAX
58 |
59 | } YR_CONFIG_NAME;
60 |
61 |
62 | #define DEFAULT_STACK_SIZE 16384
63 |
64 |
65 | YR_API int yr_initialize(void);
66 |
67 |
68 | YR_API int yr_finalize(void);
69 |
70 |
71 | YR_API void yr_finalize_thread(void);
72 |
73 |
74 | YR_API int yr_get_tidx(void);
75 |
76 |
77 | YR_API void yr_set_tidx(int);
78 |
79 |
80 | YR_API int yr_set_configuration(YR_CONFIG_NAME, void*);
81 |
82 |
83 | YR_API int yr_get_configuration(YR_CONFIG_NAME, void*);
84 |
85 | #endif
86 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/limits.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_LIMITS_H
31 | #define YR_LIMITS_H
32 |
33 | #if defined(_WIN32) || defined(__CYGWIN__)
34 | #include
35 | #endif
36 |
37 | #include "utils.h"
38 |
39 | // MAX_THREADS is the number of threads that can use a YR_RULES
40 | // object simultaneously.
41 |
42 | #ifndef MAX_THREADS
43 | #define MAX_THREADS 32
44 | #endif
45 |
46 |
47 | #ifndef MAX_PATH
48 | #define MAX_PATH 1024
49 | #endif
50 |
51 | #define MAX_COMPILER_ERROR_EXTRA_INFO 256
52 | #define MAX_ATOM_LENGTH 4
53 | #define MAX_LOOP_NESTING 4
54 | #define MAX_ARENA_PAGES 32
55 | #define MAX_INCLUDE_DEPTH 16
56 | #define MAX_STRING_MATCHES 1000000
57 | #define MAX_FUNCTION_ARGS 128
58 | #define MAX_FAST_RE_STACK 300
59 | #define MAX_OVERLOADED_FUNCTIONS 10
60 | #define MAX_HEX_STRING_TOKENS 10000
61 | #define MAX_MATCH_DATA 4096
62 |
63 | #define LOOP_LOCAL_VARS 4
64 | #define STRING_CHAINING_THRESHOLD 200
65 | #define LEX_BUF_SIZE 8192
66 |
67 |
68 | #endif
69 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/mem.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_MEM_H
31 | #define YR_MEM_H
32 |
33 | #include
34 |
35 | #ifdef DMALLOC
36 |
37 | #define yr_malloc malloc
38 | #define yr_calloc calloc
39 | #define yr_realloc realloc
40 | #define yr_free free
41 | #define yr_strdup strdup
42 | #define yr_strndup strndup
43 |
44 | #include
45 |
46 | #else
47 |
48 | void* yr_calloc(
49 | size_t count,
50 | size_t size);
51 |
52 | void* yr_malloc(
53 | size_t size);
54 |
55 | void* yr_realloc(
56 | void* ptr,
57 | size_t size);
58 |
59 | void yr_free(
60 | void* ptr);
61 |
62 | char* yr_strdup(
63 | const char* str);
64 |
65 | char* yr_strndup(
66 | const char* str, size_t n);
67 |
68 | #endif
69 |
70 | int yr_heap_alloc(void);
71 |
72 | int yr_heap_free(void);
73 |
74 | #endif
75 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/object.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_OBJECT_H
31 | #define YR_OBJECT_H
32 |
33 | #ifdef _MSC_VER
34 |
35 | #include
36 | #ifndef isnan
37 | #define isnan _isnan
38 | #endif
39 |
40 | #ifndef INFINITY
41 | #define INFINITY (DBL_MAX + DBL_MAX)
42 | #endif
43 |
44 | #ifndef NAN
45 | #define NAN (INFINITY-INFINITY)
46 | #endif
47 |
48 | #endif
49 |
50 | #include "types.h"
51 |
52 |
53 | #define OBJECT_CREATE 1
54 |
55 | #define OBJECT_TYPE_INTEGER 1
56 | #define OBJECT_TYPE_STRING 2
57 | #define OBJECT_TYPE_STRUCTURE 3
58 | #define OBJECT_TYPE_ARRAY 4
59 | #define OBJECT_TYPE_FUNCTION 5
60 | #define OBJECT_TYPE_DICTIONARY 6
61 | #define OBJECT_TYPE_FLOAT 7
62 |
63 |
64 | int yr_object_create(
65 | int8_t type,
66 | const char* identifier,
67 | YR_OBJECT* parent,
68 | YR_OBJECT** object);
69 |
70 |
71 | int yr_object_function_create(
72 | const char* identifier,
73 | const char* arguments_fmt,
74 | const char* return_fmt,
75 | YR_MODULE_FUNC func,
76 | YR_OBJECT* parent,
77 | YR_OBJECT** function);
78 |
79 |
80 | int yr_object_from_external_variable(
81 | YR_EXTERNAL_VARIABLE* external,
82 | YR_OBJECT** object);
83 |
84 |
85 | void yr_object_destroy(
86 | YR_OBJECT* object);
87 |
88 |
89 | int yr_object_copy(
90 | YR_OBJECT* object,
91 | YR_OBJECT** object_copy);
92 |
93 |
94 | YR_OBJECT* yr_object_lookup_field(
95 | YR_OBJECT* object,
96 | const char* field_name);
97 |
98 |
99 | YR_OBJECT* yr_object_lookup(
100 | YR_OBJECT* root,
101 | int flags,
102 | const char* pattern,
103 | ...);
104 |
105 |
106 | int yr_object_has_undefined_value(
107 | YR_OBJECT* object,
108 | const char* field,
109 | ...);
110 |
111 | int64_t yr_object_get_integer(
112 | YR_OBJECT* object,
113 | const char* field,
114 | ...);
115 |
116 |
117 | SIZED_STRING* yr_object_get_string(
118 | YR_OBJECT* object,
119 | const char* field,
120 | ...);
121 |
122 |
123 | int yr_object_set_integer(
124 | int64_t value,
125 | YR_OBJECT* object,
126 | const char* field,
127 | ...);
128 |
129 |
130 | int yr_object_set_float(
131 | double value,
132 | YR_OBJECT* object,
133 | const char* field,
134 | ...);
135 |
136 |
137 | int yr_object_set_string(
138 | const char* value,
139 | size_t len,
140 | YR_OBJECT* object,
141 | const char* field,
142 | ...);
143 |
144 |
145 | YR_OBJECT* yr_object_array_get_item(
146 | YR_OBJECT* object,
147 | int flags,
148 | int index);
149 |
150 |
151 | int yr_object_array_set_item(
152 | YR_OBJECT* object,
153 | YR_OBJECT* item,
154 | int index);
155 |
156 |
157 | YR_OBJECT* yr_object_dict_get_item(
158 | YR_OBJECT* object,
159 | int flags,
160 | const char* key);
161 |
162 |
163 | int yr_object_dict_set_item(
164 | YR_OBJECT* object,
165 | YR_OBJECT* item,
166 | const char* key);
167 |
168 |
169 | int yr_object_structure_set_member(
170 | YR_OBJECT* object,
171 | YR_OBJECT* member);
172 |
173 |
174 | YR_OBJECT* yr_object_get_root(
175 | YR_OBJECT* object);
176 |
177 |
178 | YR_API void yr_object_print_data(
179 | YR_OBJECT* object,
180 | int indent,
181 | int print_identifier);
182 |
183 |
184 | #endif
185 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/parser.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_PARSER_H
31 | #define YR_PARSER_H
32 |
33 |
34 | #include "lexer.h"
35 |
36 |
37 | int yr_parser_emit(
38 | yyscan_t yyscanner,
39 | uint8_t instruction,
40 | uint8_t** instruction_address);
41 |
42 |
43 | int yr_parser_emit_with_arg(
44 | yyscan_t yyscanner,
45 | uint8_t instruction,
46 | int64_t argument,
47 | uint8_t** instruction_address,
48 | int64_t** argument_address);
49 |
50 |
51 | int yr_parser_emit_with_arg_double(
52 | yyscan_t yyscanner,
53 | uint8_t instruction,
54 | double argument,
55 | uint8_t** instruction_address,
56 | double** argument_address);
57 |
58 |
59 | int yr_parser_emit_with_arg_reloc(
60 | yyscan_t yyscanner,
61 | uint8_t instruction,
62 | void* argument,
63 | uint8_t** instruction_address,
64 | void** argument_address);
65 |
66 |
67 | int yr_parser_check_types(
68 | YR_COMPILER* compiler,
69 | YR_OBJECT_FUNCTION* function,
70 | const char* actual_args_fmt);
71 |
72 |
73 | YR_STRING* yr_parser_lookup_string(
74 | yyscan_t yyscanner,
75 | const char* identifier);
76 |
77 |
78 | int yr_parser_lookup_loop_variable(
79 | yyscan_t yyscanner,
80 | const char* identifier);
81 |
82 |
83 | YR_RULE* yr_parser_reduce_rule_declaration_phase_1(
84 | yyscan_t yyscanner,
85 | int32_t flags,
86 | const char* identifier);
87 |
88 |
89 | int yr_parser_reduce_rule_declaration_phase_2(
90 | yyscan_t yyscanner,
91 | YR_RULE* rule);
92 |
93 |
94 | YR_STRING* yr_parser_reduce_string_declaration(
95 | yyscan_t yyscanner,
96 | int32_t flags,
97 | const char* identifier,
98 | SIZED_STRING* str);
99 |
100 |
101 | YR_META* yr_parser_reduce_meta_declaration(
102 | yyscan_t yyscanner,
103 | int32_t type,
104 | const char* identifier,
105 | const char* string,
106 | int64_t integer);
107 |
108 |
109 | int yr_parser_reduce_string_identifier(
110 | yyscan_t yyscanner,
111 | const char* identifier,
112 | uint8_t instruction,
113 | uint64_t at_offset);
114 |
115 |
116 | int yr_parser_emit_pushes_for_strings(
117 | yyscan_t yyscanner,
118 | const char* identifier);
119 |
120 |
121 | int yr_parser_reduce_external(
122 | yyscan_t yyscanner,
123 | const char* identifier,
124 | uint8_t instruction);
125 |
126 |
127 | int yr_parser_reduce_import(
128 | yyscan_t yyscanner,
129 | SIZED_STRING* module_name);
130 |
131 |
132 | int yr_parser_reduce_operation(
133 | yyscan_t yyscanner,
134 | const char* operation,
135 | EXPRESSION left_operand,
136 | EXPRESSION right_operand);
137 |
138 | #endif
139 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/pe_utils.h:
--------------------------------------------------------------------------------
1 | #ifndef YR_PE_UTILS_H
2 | #define YR_PE_UTILS_H
3 |
4 | #include
5 |
6 | #define MAX_PE_SECTIONS 96
7 |
8 |
9 | #define IS_64BITS_PE(pe) \
10 | (yr_le16toh(pe->header64->OptionalHeader.Magic) == IMAGE_NT_OPTIONAL_HDR64_MAGIC)
11 |
12 |
13 | #define OptionalHeader(pe,field) \
14 | (IS_64BITS_PE(pe) ? \
15 | pe->header64->OptionalHeader.field : \
16 | pe->header->OptionalHeader.field)
17 |
18 |
19 | //
20 | // Imports are stored in a linked list. Each node (IMPORTED_DLL) contains the
21 | // name of the DLL and a pointer to another linked list of
22 | // IMPORT_EXPORT_FUNCTION structures containing the details of imported
23 | // functions.
24 | //
25 |
26 | typedef struct _IMPORTED_DLL
27 | {
28 | char* name;
29 |
30 | struct _IMPORT_EXPORT_FUNCTION* functions;
31 | struct _IMPORTED_DLL* next;
32 |
33 | } IMPORTED_DLL, *PIMPORTED_DLL;
34 |
35 |
36 | //
37 | // This is used to track imported and exported functions. The "has_ordinal"
38 | // field is only used in the case of imports as those are optional. Every export
39 | // has an ordinal so we don't need the field there, but in the interest of
40 | // keeping duplicate code to a minimum we use this function for both imports and
41 | // exports.
42 | //
43 |
44 | typedef struct _IMPORT_EXPORT_FUNCTION
45 | {
46 | char* name;
47 | uint8_t has_ordinal;
48 | uint16_t ordinal;
49 |
50 | struct _IMPORT_EXPORT_FUNCTION* next;
51 |
52 | } IMPORT_EXPORT_FUNCTION, *PIMPORT_EXPORT_FUNCTION;
53 |
54 |
55 | typedef struct _PE
56 | {
57 | uint8_t* data;
58 | size_t data_size;
59 |
60 | union
61 | {
62 | PIMAGE_NT_HEADERS32 header;
63 | PIMAGE_NT_HEADERS64 header64;
64 | };
65 |
66 | YR_OBJECT* object;
67 | IMPORTED_DLL* imported_dlls;
68 | IMPORT_EXPORT_FUNCTION* exported_functions;
69 |
70 | uint32_t resources;
71 |
72 | } PE;
73 |
74 |
75 | #define fits_in_pe(pe, pointer, size) \
76 | ((size_t) size <= pe->data_size && \
77 | (uint8_t*) (pointer) >= pe->data && \
78 | (uint8_t*) (pointer) <= pe->data + pe->data_size - size)
79 |
80 | #define struct_fits_in_pe(pe, pointer, struct_type) \
81 | fits_in_pe(pe, pointer, sizeof(struct_type))
82 |
83 |
84 | PIMAGE_NT_HEADERS32 pe_get_header(
85 | uint8_t* data,
86 | size_t data_size);
87 |
88 |
89 | PIMAGE_DATA_DIRECTORY pe_get_directory_entry(
90 | PE* pe,
91 | int entry);
92 |
93 |
94 | PIMAGE_DATA_DIRECTORY pe_get_directory_entry(
95 | PE* pe,
96 | int entry);
97 |
98 |
99 | int64_t pe_rva_to_offset(
100 | PE* pe,
101 | uint64_t rva);
102 |
103 |
104 | char* ord_lookup(
105 | char* dll,
106 | uint16_t ord);
107 |
108 |
109 | #if HAVE_LIBCRYPTO
110 | #include
111 | time_t ASN1_get_time_t(ASN1_TIME* time);
112 | #endif
113 |
114 | #endif
115 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/proc.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_PROC_H
31 | #define YR_PROC_H
32 |
33 | #include "types.h"
34 |
35 | int yr_process_open_iterator(
36 | int pid,
37 | YR_MEMORY_BLOCK_ITERATOR* iterator);
38 |
39 | int yr_process_close_iterator(
40 | YR_MEMORY_BLOCK_ITERATOR* iterator);
41 |
42 | #endif
43 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/re.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_RE_H
31 | #define YR_RE_H
32 |
33 | #include
34 |
35 | #include "arena.h"
36 | #include "sizedstr.h"
37 |
38 | #define RE_NODE_LITERAL 1
39 | #define RE_NODE_MASKED_LITERAL 2
40 | #define RE_NODE_ANY 3
41 | #define RE_NODE_CONCAT 4
42 | #define RE_NODE_ALT 5
43 | #define RE_NODE_RANGE 6
44 | #define RE_NODE_STAR 7
45 | #define RE_NODE_PLUS 8
46 | #define RE_NODE_CLASS 9
47 | #define RE_NODE_WORD_CHAR 10
48 | #define RE_NODE_NON_WORD_CHAR 11
49 | #define RE_NODE_SPACE 12
50 | #define RE_NODE_NON_SPACE 13
51 | #define RE_NODE_DIGIT 14
52 | #define RE_NODE_NON_DIGIT 15
53 | #define RE_NODE_EMPTY 16
54 | #define RE_NODE_ANCHOR_START 17
55 | #define RE_NODE_ANCHOR_END 18
56 | #define RE_NODE_WORD_BOUNDARY 19
57 | #define RE_NODE_NON_WORD_BOUNDARY 20
58 | #define RE_NODE_RANGE_ANY 21
59 |
60 |
61 | #define RE_OPCODE_ANY 0xA0
62 | #define RE_OPCODE_ANY_EXCEPT_NEW_LINE 0xA1
63 | #define RE_OPCODE_LITERAL 0xA2
64 | #define RE_OPCODE_MASKED_LITERAL 0xA4
65 | #define RE_OPCODE_CLASS 0xA5
66 | #define RE_OPCODE_WORD_CHAR 0xA7
67 | #define RE_OPCODE_NON_WORD_CHAR 0xA8
68 | #define RE_OPCODE_SPACE 0xA9
69 | #define RE_OPCODE_NON_SPACE 0xAA
70 | #define RE_OPCODE_DIGIT 0xAB
71 | #define RE_OPCODE_NON_DIGIT 0xAC
72 | #define RE_OPCODE_MATCH 0xAD
73 |
74 | #define RE_OPCODE_MATCH_AT_END 0xB0
75 | #define RE_OPCODE_MATCH_AT_START 0xB1
76 | #define RE_OPCODE_WORD_BOUNDARY 0xB2
77 | #define RE_OPCODE_NON_WORD_BOUNDARY 0xB3
78 | #define RE_OPCODE_REPEAT_ANY_GREEDY 0xB4
79 | #define RE_OPCODE_REPEAT_ANY_UNGREEDY 0xB5
80 |
81 | #define RE_OPCODE_SPLIT_A 0xC0
82 | #define RE_OPCODE_SPLIT_B 0xC1
83 | #define RE_OPCODE_JUMP 0xC2
84 | #define RE_OPCODE_REPEAT_START_GREEDY 0xC3
85 | #define RE_OPCODE_REPEAT_END_GREEDY 0xC4
86 | #define RE_OPCODE_REPEAT_START_UNGREEDY 0xC5
87 | #define RE_OPCODE_REPEAT_END_UNGREEDY 0xC6
88 |
89 |
90 | #define RE_FLAGS_FAST_REGEXP 0x02
91 | #define RE_FLAGS_BACKWARDS 0x04
92 | #define RE_FLAGS_EXHAUSTIVE 0x08
93 | #define RE_FLAGS_WIDE 0x10
94 | #define RE_FLAGS_NO_CASE 0x20
95 | #define RE_FLAGS_SCAN 0x40
96 | #define RE_FLAGS_DOT_ALL 0x80
97 | #define RE_FLAGS_GREEDY 0x400
98 | #define RE_FLAGS_UNGREEDY 0x800
99 |
100 |
101 | typedef struct RE RE;
102 | typedef struct RE_AST RE_AST;
103 | typedef struct RE_NODE RE_NODE;
104 | typedef struct RE_ERROR RE_ERROR;
105 |
106 | typedef uint8_t RE_SPLIT_ID_TYPE;
107 |
108 |
109 | struct RE_NODE
110 | {
111 | int type;
112 |
113 | union
114 | {
115 | int value;
116 | int count;
117 | int start;
118 | };
119 |
120 | union
121 | {
122 | int mask;
123 | int end;
124 | };
125 |
126 | int greedy;
127 |
128 | uint8_t* class_vector;
129 |
130 | RE_NODE* left;
131 | RE_NODE* right;
132 |
133 | uint8_t* forward_code;
134 | uint8_t* backward_code;
135 | };
136 |
137 |
138 | struct RE_AST
139 | {
140 | uint32_t flags;
141 | RE_NODE* root_node;
142 | };
143 |
144 |
145 | // Disable warning due to zero length array in Microsoft's compiler
146 |
147 | #ifdef _MSC_VER
148 | #pragma warning(push)
149 | #pragma warning(disable:4200)
150 | #endif
151 |
152 | struct RE
153 | {
154 | uint32_t flags;
155 | uint8_t code[0];
156 | };
157 |
158 | #ifdef _MSC_VER
159 | #pragma warning(pop)
160 | #endif
161 |
162 |
163 | struct RE_ERROR
164 | {
165 | char message[512];
166 | };
167 |
168 |
169 | typedef int RE_MATCH_CALLBACK_FUNC(
170 | uint8_t* match,
171 | int match_length,
172 | int flags,
173 | void* args);
174 |
175 |
176 | int yr_re_ast_create(
177 | RE_AST** re_ast);
178 |
179 | void yr_re_ast_destroy(
180 | RE_AST* re_ast);
181 |
182 | void yr_re_ast_print(
183 | RE_AST* re_ast);
184 |
185 | SIZED_STRING* yr_re_ast_extract_literal(
186 | RE_AST* re_ast);
187 |
188 |
189 | int yr_re_ast_contains_dot_star(
190 | RE_AST* re_ast);
191 |
192 |
193 | int yr_re_ast_split_at_chaining_point(
194 | RE_AST* re_ast,
195 | RE_AST** result_re_ast,
196 | RE_AST** remainder_re_ast,
197 | int32_t* min_gap,
198 | int32_t* max_gap);
199 |
200 |
201 | int yr_re_ast_emit_code(
202 | RE_AST* re_ast,
203 | YR_ARENA* arena,
204 | int backwards_code);
205 |
206 |
207 | RE_NODE* yr_re_node_create(
208 | int type,
209 | RE_NODE* left,
210 | RE_NODE* right);
211 |
212 |
213 | void yr_re_node_destroy(
214 | RE_NODE* node);
215 |
216 |
217 | int yr_re_exec(
218 | uint8_t* re_code,
219 | uint8_t* input,
220 | size_t input_forwards_size,
221 | size_t input_backwards_size,
222 | int flags,
223 | RE_MATCH_CALLBACK_FUNC callback,
224 | void* callback_args,
225 | int* matches);
226 |
227 |
228 | int yr_re_fast_exec(
229 | uint8_t* code,
230 | uint8_t* input_data,
231 | size_t input_forwards_size,
232 | size_t input_backwards_size,
233 | int flags,
234 | RE_MATCH_CALLBACK_FUNC callback,
235 | void* callback_args,
236 | int* matches);
237 |
238 |
239 | int yr_re_parse(
240 | const char* re_string,
241 | RE_AST** re_ast,
242 | RE_ERROR* error);
243 |
244 |
245 | int yr_re_parse_hex(
246 | const char* hex_string,
247 | RE_AST** re_ast,
248 | RE_ERROR* error);
249 |
250 |
251 | int yr_re_compile(
252 | const char* re_string,
253 | int flags,
254 | YR_ARENA* code_arena,
255 | RE** re,
256 | RE_ERROR* error);
257 |
258 |
259 | int yr_re_match(
260 | RE* re,
261 | const char* target);
262 |
263 |
264 | int yr_re_initialize(void);
265 |
266 |
267 | int yr_re_finalize(void);
268 |
269 |
270 | int yr_re_finalize_thread(void);
271 |
272 | #endif
273 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/re_lexer.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #undef yyparse
31 | #undef yylex
32 | #undef yyerror
33 | #undef yyfatal
34 | #undef yychar
35 | #undef yydebug
36 | #undef yynerrs
37 | #undef yyget_extra
38 | #undef yyget_lineno
39 |
40 | #undef YY_FATAL_ERROR
41 | #undef YY_DECL
42 | #undef LEX_ENV
43 |
44 |
45 | #define yyparse re_yyparse
46 | #define yylex re_yylex
47 | #define yyerror re_yyerror
48 | #define yyfatal re_yyfatal
49 | #define yychar re_yychar
50 | #define yydebug re_yydebug
51 | #define yynerrs re_yynerrs
52 | #define yyget_extra re_yyget_extra
53 | #define yyget_lineno re_yyget_lineno
54 |
55 |
56 | #ifndef YY_TYPEDEF_YY_SCANNER_T
57 | #define YY_TYPEDEF_YY_SCANNER_T
58 | typedef void* yyscan_t;
59 | #endif
60 |
61 | #define YY_EXTRA_TYPE RE_AST*
62 | #define YY_USE_CONST
63 |
64 |
65 | typedef struct _RE_LEX_ENVIRONMENT
66 | {
67 | int negated_class;
68 | uint8_t class_vector[32];
69 | int last_error_code;
70 | char last_error_message[256];
71 |
72 | } RE_LEX_ENVIRONMENT;
73 |
74 |
75 | #define LEX_ENV ((RE_LEX_ENVIRONMENT*) lex_env)
76 |
77 | #define YY_FATAL_ERROR(msg) re_yyfatal(yyscanner, msg)
78 |
79 | #include
80 |
81 | #define YY_DECL int re_yylex \
82 | (YYSTYPE * yylval_param , yyscan_t yyscanner, RE_LEX_ENVIRONMENT* lex_env)
83 |
84 |
85 | YY_EXTRA_TYPE yyget_extra(
86 | yyscan_t yyscanner);
87 |
88 | int yylex(
89 | YYSTYPE* yylval_param,
90 | yyscan_t yyscanner,
91 | RE_LEX_ENVIRONMENT* lex_env);
92 |
93 | int yyparse(
94 | void* yyscanner,
95 | RE_LEX_ENVIRONMENT* lex_env);
96 |
97 | void yyerror(
98 | yyscan_t yyscanner,
99 | RE_LEX_ENVIRONMENT* lex_env,
100 | const char* error_message);
101 |
102 | void yyfatal(
103 | yyscan_t yyscanner,
104 | const char* error_message);
105 |
106 | int yr_parse_re_string(
107 | const char* re_string,
108 | RE_AST** re_ast,
109 | RE_ERROR* error);
110 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/rules.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_RULES_H
31 | #define YR_RULES_H
32 |
33 | #include "types.h"
34 | #include "utils.h"
35 | #include "filemap.h"
36 |
37 |
38 | #define CALLBACK_MSG_RULE_MATCHING 1
39 | #define CALLBACK_MSG_RULE_NOT_MATCHING 2
40 | #define CALLBACK_MSG_SCAN_FINISHED 3
41 | #define CALLBACK_MSG_IMPORT_MODULE 4
42 | #define CALLBACK_MSG_MODULE_IMPORTED 5
43 |
44 | #define CALLBACK_CONTINUE 0
45 | #define CALLBACK_ABORT 1
46 | #define CALLBACK_ERROR 2
47 |
48 |
49 | #define yr_rule_tags_foreach(rule, tag_name) \
50 | for (tag_name = rule->tags; \
51 | tag_name != NULL && *tag_name != '\0'; \
52 | tag_name += strlen(tag_name) + 1)
53 |
54 |
55 | #define yr_rule_metas_foreach(rule, meta) \
56 | for (meta = rule->metas; !META_IS_NULL(meta); meta++)
57 |
58 |
59 | #define yr_rule_strings_foreach(rule, string) \
60 | for (string = rule->strings; !STRING_IS_NULL(string); string++)
61 |
62 |
63 | #define yr_string_matches_foreach(string, match) \
64 | for (match = STRING_MATCHES(string).head; match != NULL; match = match->next)
65 |
66 |
67 | #define yr_rules_foreach(rules, rule) \
68 | for (rule = rules->rules_list_head; !RULE_IS_NULL(rule); rule++)
69 |
70 |
71 |
72 | YR_API int yr_rules_scan_mem(
73 | YR_RULES* rules,
74 | uint8_t* buffer,
75 | size_t buffer_size,
76 | int flags,
77 | YR_CALLBACK_FUNC callback,
78 | void* user_data,
79 | int timeout);
80 |
81 |
82 | YR_API int yr_rules_scan_file(
83 | YR_RULES* rules,
84 | const char* filename,
85 | int flags,
86 | YR_CALLBACK_FUNC callback,
87 | void* user_data,
88 | int timeout);
89 |
90 |
91 | YR_API int yr_rules_scan_fd(
92 | YR_RULES* rules,
93 | YR_FILE_DESCRIPTOR fd,
94 | int flags,
95 | YR_CALLBACK_FUNC callback,
96 | void* user_data,
97 | int timeout);
98 |
99 |
100 | YR_API int yr_rules_scan_proc(
101 | YR_RULES* rules,
102 | int pid,
103 | int flags,
104 | YR_CALLBACK_FUNC callback,
105 | void* user_data,
106 | int timeout);
107 |
108 | YR_API int yr_rules_save(
109 | YR_RULES* rules,
110 | const char* filename);
111 |
112 |
113 | YR_API int yr_rules_save_stream(
114 | YR_RULES* rules,
115 | YR_STREAM* stream);
116 |
117 |
118 | YR_API int yr_rules_load(
119 | const char* filename,
120 | YR_RULES** rules);
121 |
122 |
123 | YR_API int yr_rules_load_stream(
124 | YR_STREAM* stream,
125 | YR_RULES** rules);
126 |
127 |
128 | YR_API int yr_rules_destroy(
129 | YR_RULES* rules);
130 |
131 |
132 | YR_API int yr_rules_define_integer_variable(
133 | YR_RULES* rules,
134 | const char* identifier,
135 | int64_t value);
136 |
137 |
138 | YR_API int yr_rules_define_boolean_variable(
139 | YR_RULES* rules,
140 | const char* identifier,
141 | int value);
142 |
143 |
144 | YR_API int yr_rules_define_float_variable(
145 | YR_RULES* rules,
146 | const char* identifier,
147 | double value);
148 |
149 |
150 | YR_API int yr_rules_define_string_variable(
151 | YR_RULES* rules,
152 | const char* identifier,
153 | const char* value);
154 |
155 |
156 | YR_API void yr_rules_print_profiling_info(
157 | YR_RULES* rules);
158 |
159 | #endif
160 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/scan.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_SCAN_H
31 | #define YR_SCAN_H
32 |
33 | #include "types.h"
34 |
35 | // Bitmasks for flags.
36 | #define SCAN_FLAGS_FAST_MODE 1
37 | #define SCAN_FLAGS_PROCESS_MEMORY 2
38 | #define SCAN_FLAGS_NO_TRYCATCH 4
39 |
40 |
41 | int yr_scan_verify_match(
42 | YR_SCAN_CONTEXT* context,
43 | YR_AC_MATCH* ac_match,
44 | uint8_t* data,
45 | size_t data_size,
46 | size_t data_base,
47 | size_t offset);
48 |
49 | #endif
50 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/sizedstr.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef _SIZEDSTR_H
31 | #define _SIZEDSTR_H
32 |
33 | #include
34 |
35 | #include "integers.h"
36 |
37 | //
38 | // This struct is used to support strings containing null chars. The length of
39 | // the string is stored along the string data. However the string data is also
40 | // terminated with a null char.
41 | //
42 |
43 | #define SIZED_STRING_FLAGS_NO_CASE 1
44 | #define SIZED_STRING_FLAGS_DOT_ALL 2
45 |
46 | #pragma pack(push)
47 | #pragma pack(8)
48 |
49 |
50 | typedef struct _SIZED_STRING
51 | {
52 | uint32_t length;
53 | uint32_t flags;
54 |
55 | char c_string[1];
56 |
57 | } SIZED_STRING;
58 |
59 | #pragma pack(pop)
60 |
61 |
62 | int sized_string_cmp(
63 | SIZED_STRING* s1,
64 | SIZED_STRING* s2);
65 |
66 |
67 | SIZED_STRING* sized_string_dup(
68 | SIZED_STRING* s);
69 |
70 | #endif
71 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/stream.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2015. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_STREAM_H
31 | #define YR_STREAM_H
32 |
33 | #include
34 |
35 | typedef size_t (*YR_STREAM_READ_FUNC)(
36 | void* ptr,
37 | size_t size,
38 | size_t count,
39 | void* user_data);
40 |
41 |
42 | typedef size_t (*YR_STREAM_WRITE_FUNC)(
43 | const void* ptr,
44 | size_t size,
45 | size_t count,
46 | void* user_data);
47 |
48 |
49 | typedef struct _YR_STREAM
50 | {
51 | void* user_data;
52 |
53 | YR_STREAM_READ_FUNC read;
54 | YR_STREAM_WRITE_FUNC write;
55 |
56 | } YR_STREAM;
57 |
58 |
59 | size_t yr_stream_read(
60 | void* ptr,
61 | size_t size,
62 | size_t count,
63 | YR_STREAM* stream);
64 |
65 |
66 | size_t yr_stream_write(
67 | const void* ptr,
68 | size_t size,
69 | size_t count,
70 | YR_STREAM* stream);
71 |
72 | #endif
73 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/strutils.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_STRUTILS_H
31 | #define YR_STRUTILS_H
32 |
33 | #include
34 | #include
35 |
36 | #include "integers.h"
37 |
38 | // Cygwin already has these functions.
39 | #if defined(_WIN32) && !defined(__CYGWIN__)
40 | #if defined(_MSC_VER) && _MSC_VER < 1900
41 | #define snprintf _snprintf
42 | #endif
43 | #define strcasecmp _stricmp
44 | #define strncasecmp _strnicmp
45 | #endif
46 |
47 |
48 | uint64_t xtoi(
49 | const char* hexstr);
50 |
51 |
52 | #if !HAVE_STRLCPY && !defined(strlcpy)
53 | size_t strlcpy(
54 | char* dst,
55 | const char* src,
56 | size_t size);
57 | #endif
58 |
59 |
60 | #if !HAVE_STRLCAT && !defined(strlcat)
61 | size_t strlcat(
62 | char* dst,
63 | const char* src,
64 | size_t size);
65 | #endif
66 |
67 |
68 | #if !HAVE_MEMMEM && !defined(memmem)
69 | void* memmem(
70 | const void* haystack,
71 | size_t haystack_size,
72 | const void* needle,
73 | size_t needle_size);
74 | #endif
75 |
76 |
77 | int strnlen_w(
78 | const char* w_str);
79 |
80 |
81 | int strcmp_w(
82 | const char* w_str,
83 | const char* str);
84 |
85 |
86 | size_t strlcpy_w(
87 | char* dst,
88 | const char* w_src,
89 | size_t n);
90 |
91 | #endif
92 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/threading.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2016. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_MUTEX_H
31 | #define YR_MUTEX_H
32 |
33 |
34 |
35 | #if defined(_WIN32) || defined(__CYGWIN__)
36 |
37 | #include
38 |
39 | typedef DWORD YR_THREAD_ID;
40 | typedef DWORD YR_THREAD_STORAGE_KEY;
41 | typedef HANDLE YR_MUTEX;
42 |
43 | #else
44 |
45 | #include
46 |
47 | typedef pthread_t YR_THREAD_ID;
48 | typedef pthread_key_t YR_THREAD_STORAGE_KEY;
49 | typedef pthread_mutex_t YR_MUTEX;
50 |
51 | #endif
52 |
53 | YR_THREAD_ID yr_current_thread_id(void);
54 |
55 | int yr_mutex_create(YR_MUTEX*);
56 | int yr_mutex_destroy(YR_MUTEX*);
57 | int yr_mutex_lock(YR_MUTEX*);
58 | int yr_mutex_unlock(YR_MUTEX*);
59 |
60 | int yr_thread_storage_create(YR_THREAD_STORAGE_KEY*);
61 | int yr_thread_storage_destroy(YR_THREAD_STORAGE_KEY*);
62 | int yr_thread_storage_set_value(YR_THREAD_STORAGE_KEY*, void*);
63 | void* yr_thread_storage_get_value(YR_THREAD_STORAGE_KEY*);
64 |
65 | #endif
66 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara/utils.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 |
31 | #ifndef YR_UTILS_H
32 | #define YR_UTILS_H
33 |
34 | #include
35 |
36 | #ifndef TRUE
37 | #define TRUE 1
38 | #endif
39 |
40 | #ifndef FALSE
41 | #define FALSE 0
42 | #endif
43 |
44 | #ifndef NULL
45 | #define NULL 0
46 | #endif
47 |
48 | #ifdef __cplusplus
49 | #define EXTERNC extern "C"
50 | #else
51 | #define EXTERNC
52 | #endif
53 |
54 | #if defined(__GNUC__)
55 | #define YR_API EXTERNC __attribute__((visibility("default")))
56 | #elif defined(_MSC_VER)
57 | #define YR_API EXTERNC __declspec(dllexport)
58 | #else
59 | #define YR_API EXTERNC
60 | #endif
61 |
62 | #if defined(__GNUC__)
63 | #define YR_ALIGN(n) __attribute__((aligned(n)))
64 | #elif defined(_MSC_VER)
65 | #define YR_ALIGN(n) __declspec(align(n))
66 | #else
67 | #define YR_ALIGN(n)
68 | #endif
69 |
70 | #define yr_min(x, y) ((x < y) ? (x) : (y))
71 | #define yr_max(x, y) ((x > y) ? (x) : (y))
72 |
73 | #define yr_swap(x, y, T) do { T temp = x; x = y; y = temp; } while (0)
74 |
75 | #ifdef NDEBUG
76 |
77 | #define assertf(expr, msg, ...) ((void)0)
78 |
79 | #else
80 |
81 | #include
82 |
83 | #define assertf(expr, msg, ...) \
84 | if(!(expr)) { \
85 | fprintf(stderr, "%s:%d: " msg "\n", __FILE__, __LINE__, ##__VA_ARGS__); \
86 | abort(); \
87 | }
88 |
89 | #endif
90 |
91 | // Set, unset, and test bits in an array of unsigned characters by integer
92 | // index. The underlying array must be of type char or unsigned char to
93 | // ensure compatibility with the CHAR_BIT constant used in these definitions.
94 |
95 | #define YR_BITARRAY_SET(uchar_array_base, bitnum) \
96 | (((uchar_array_base)[(bitnum)/CHAR_BIT]) = \
97 | ((uchar_array_base)[(bitnum)/CHAR_BIT] | (1 << ((bitnum) % CHAR_BIT))))
98 |
99 | #define YR_BITARRAY_UNSET(uchar_array_base, bitnum) \
100 | (((uchar_array_base)[(bitnum)/CHAR_BIT]) = \
101 | ((uchar_array_base)[(bitnum)/CHAR_BIT] & (~(1 << ((bitnum) % CHAR_BIT)))))
102 |
103 | #define YR_BITARRAY_TEST(uchar_array_base, bitnum) \
104 | (((uchar_array_base)[(bitnum)/CHAR_BIT] & (1 << ((bitnum) % CHAR_BIT))) != 0)
105 |
106 | #define YR_BITARRAY_NCHARS(bitnum) \
107 | (((bitnum)+(CHAR_BIT-1))/CHAR_BIT)
108 |
109 | #endif
110 |
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara_x64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/yara/yara_x64.lib
--------------------------------------------------------------------------------
/AdvancedScript/pluginsdk/yara/yara_x86.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ahmadmansoor/AdvancedScript/777d302f20c7f58d01b4c4945552c73f734c5674/AdvancedScript/pluginsdk/yara/yara_x86.lib
--------------------------------------------------------------------------------
/AdvancedScript/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by app.rc
4 |
--------------------------------------------------------------------------------
/AdvancedScript/snowman.ini:
--------------------------------------------------------------------------------
1 | [General]
2 | windowState=@ByteArray(\0\0\0\xff\0\0\0\0\xfd\0\0\0\x3\0\0\0\0\0\0\0\0\0\0\0\0\xfc\x2\0\0\0\x1\xfb\0\0\0 \0I\0n\0s\0t\0r\0u\0\x63\0t\0i\0o\0n\0s\0V\0i\0\x65\0w\x1\0\0\0\0\xff\xff\xff\xff\0\0\0]\0\xff\xff\xff\0\0\0\x1\0\0\0\0\0\0\0\0\xfc\x2\0\0\0\x3\xfb\0\0\0\x18\0S\0\x65\0\x63\0t\0i\0o\0n\0s\0V\0i\0\x65\0w\0\0\0\0\0\xff\xff\xff\xff\0\0\0]\0\xff\xff\xff\xfb\0\0\0\x16\0S\0y\0m\0\x62\0o\0l\0s\0V\0i\0\x65\0w\0\0\0\0\0\xff\xff\xff\xff\0\0\0]\0\xff\xff\xff\xfb\0\0\0\x1a\0I\0n\0s\0p\0\x65\0\x63\0t\0o\0r\0V\0i\0\x65\0w\0\0\0\0\0\xff\xff\xff\xff\0\0\0]\0\xff\xff\xff\0\0\0\x3\0\0\0\0\0\0\0\0\xfc\x1\0\0\0\x1\xfb\0\0\0\xe\0L\0o\0g\0V\0i\0\x65\0w\0\0\0\0\0\xff\xff\xff\xff\0\0\0P\0\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\x4\0\0\0\x4\0\0\0\b\0\0\0\b\xfc\0\0\0\0)
3 | decompileAutomatically=true
4 | InstructionsView.font=@Variant(\0\0\0@\0\0\0\x10\0\x43\0o\0n\0s\0o\0l\0\x61\0s@ \0\0\0\0\0\0\xff\xff\xff\xff\x5\x1\0\x32\x10)
5 | CxxView.font=@Variant(\0\0\0@\0\0\0\x10\0\x43\0o\0n\0s\0o\0l\0\x61\0s@\"\0\0\0\0\0\0\xff\xff\xff\xff\x5\x1\0\x32\x10)
6 | SectionsView.font=@Variant(\0\0\0@\0\0\0\x10\0\x43\0o\0n\0s\0o\0l\0\x61\0s@ \0\0\0\0\0\0\xff\xff\xff\xff\x5\x1\0\x32\x10)
7 | SymbolsView.font=@Variant(\0\0\0@\0\0\0\x10\0\x43\0o\0n\0s\0o\0l\0\x61\0s@ \0\0\0\0\0\0\xff\xff\xff\xff\x5\x1\0\x32\x10)
8 | LogView.font=@Variant(\0\0\0@\0\0\0\x10\0\x43\0o\0n\0s\0o\0l\0\x61\0s@ \0\0\0\0\0\0\xff\xff\xff\xff\x5\x1\0\x32\x10)
9 |
--------------------------------------------------------------------------------