├── .gitattributes ├── .gitignore ├── LICENSE ├── MUltimate Assembler.sln ├── MUltimate Assembler.vcxproj ├── MUltimate Assembler.vcxproj.filters ├── README.md ├── assembler_dlg.c ├── assembler_dlg.h ├── assembler_dlg_tabs.c ├── assembler_dlg_tabs.h ├── functions.c ├── functions.h ├── main_common.c ├── main_common.h ├── main_odbg_v1.c ├── main_odbg_v2.c ├── main_x64dbg.c ├── minicrt ├── minicrt.lib └── minicrt64.lib ├── ollydbglib ├── immdbg.lib ├── ollydbg.lib └── ollydbg2.lib ├── options_def.h ├── options_dlg.c ├── options_dlg.h ├── plugin.h ├── plugin_immdbg.h ├── plugin_odbg_v1.c ├── plugin_odbg_v1.h ├── plugin_odbg_v2.c ├── plugin_odbg_v2.h ├── plugin_ollydbg.h ├── plugin_ollydbg2.h ├── plugin_x64dbg.c ├── plugin_x64dbg.h ├── pointer_redirection.c ├── pointer_redirection.h ├── raedit.h ├── raeditlib ├── RAEdit.Rc ├── RAEdit.lib ├── RAEditC64.lib ├── Res │ ├── Bookmark.bmp │ ├── Button.bmp │ ├── Collapse.bmp │ ├── Expand.bmp │ ├── Linenumber.bmp │ ├── Lock.bmp │ ├── RAEditRes.rc │ ├── Select.cur │ └── SplitH.cur └── masm32.lib ├── read_asm.c ├── read_asm.h ├── resource.h ├── rsrc.rc ├── rsrc_files ├── icon.ico └── icon_x64dbg.png ├── screenshot.png ├── stdafx.c ├── stdafx.h ├── tabctrl_ex.c ├── tabctrl_ex.h ├── write_asm.c ├── write_asm.h └── x64dbg_pluginsdk ├── DeviceNameResolver ├── DeviceNameResolver.h ├── DeviceNameResolver_x64.a ├── DeviceNameResolver_x64.lib ├── DeviceNameResolver_x86.a └── DeviceNameResolver_x86.lib ├── TitanEngine ├── TitanEngine.h ├── TitanEngine_x64.a ├── TitanEngine_x64.lib ├── TitanEngine_x86.a └── TitanEngine_x86.lib ├── XEDParse ├── XEDParse.h ├── XEDParse_x64.a ├── XEDParse_x64.lib ├── XEDParse_x86.a └── XEDParse_x86.lib ├── _dbgfunctions.h ├── _plugin_types.h ├── _plugins.h ├── _scriptapi.h ├── _scriptapi_argument.h ├── _scriptapi_assembler.h ├── _scriptapi_bookmark.h ├── _scriptapi_comment.h ├── _scriptapi_debug.h ├── _scriptapi_flag.h ├── _scriptapi_function.h ├── _scriptapi_gui.h ├── _scriptapi_label.h ├── _scriptapi_memory.h ├── _scriptapi_misc.h ├── _scriptapi_module.h ├── _scriptapi_pattern.h ├── _scriptapi_register.h ├── _scriptapi_stack.h ├── _scriptapi_symbol.h ├── bridgegraph.h ├── bridgelist.h ├── bridgemain.h ├── capstone ├── arm.h ├── arm64.h ├── capstone.h ├── capstone_x64.lib ├── capstone_x86.lib ├── m68k.h ├── mips.h ├── platform.h ├── ppc.h ├── sparc.h ├── systemz.h ├── x86.h └── xcore.h ├── dbghelp ├── dbghelp.h ├── dbghelp_x64.a ├── dbghelp_x64.lib ├── dbghelp_x86.a └── dbghelp_x86.lib ├── jansson ├── jansson.h ├── jansson_config.h ├── jansson_x64.a ├── jansson_x64.lib ├── jansson_x64dbg.h ├── jansson_x86.a └── jansson_x86.lib ├── lz4 ├── lz4.h ├── lz4_x64.a ├── lz4_x64.lib ├── lz4_x86.a ├── lz4_x86.lib ├── lz4file.h └── lz4hc.h ├── x32bridge.lib ├── x32dbg.lib ├── x64bridge.lib ├── x64dbg.lib └── yara ├── yara.h ├── yara ├── ahocorasick.h ├── arena.h ├── atoms.h ├── compiler.h ├── elf.h ├── error.h ├── exec.h ├── exefiles.h ├── filemap.h ├── globals.h ├── hash.h ├── hex_lexer.h ├── integers.h ├── lexer.h ├── libyara.h ├── limits.h ├── mem.h ├── modules.h ├── object.h ├── parser.h ├── pe.h ├── proc.h ├── re.h ├── re_lexer.h ├── rules.h ├── scan.h ├── sizedstr.h ├── stream.h ├── strutils.h ├── threading.h ├── types.h └── utils.h ├── yara_x64.lib └── yara_x86.lib /.gitattributes: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Set default behavior to automatically normalize line endings. 3 | ############################################################################### 4 | * text=auto 5 | 6 | ############################################################################### 7 | # Set default behavior for command prompt diff. 8 | # 9 | # This is need for earlier builds of msysgit that does not have it on by 10 | # default for csharp files. 11 | # Note: This is only used by command line 12 | ############################################################################### 13 | #*.cs diff=csharp 14 | 15 | ############################################################################### 16 | # Set the merge driver for project and solution files 17 | # 18 | # Merging from the command prompt will add diff markers to the files if there 19 | # are conflicts (Merging from VS is not affected by the settings below, in VS 20 | # the diff markers are never inserted). Diff markers may cause the following 21 | # file extensions to fail to load in VS. An alternative would be to treat 22 | # these files as binary and thus will always conflict and require user 23 | # intervention with every merge. To do so, just uncomment the entries below 24 | ############################################################################### 25 | #*.sln merge=binary 26 | #*.csproj merge=binary 27 | #*.vbproj merge=binary 28 | #*.vcxproj merge=binary 29 | #*.vcproj merge=binary 30 | #*.dbproj merge=binary 31 | #*.fsproj merge=binary 32 | #*.lsproj merge=binary 33 | #*.wixproj merge=binary 34 | #*.modelproj merge=binary 35 | #*.sqlproj merge=binary 36 | #*.wwaproj merge=binary 37 | 38 | ############################################################################### 39 | # behavior for image files 40 | # 41 | # image files are treated as binary by default. 42 | ############################################################################### 43 | #*.jpg binary 44 | #*.png binary 45 | #*.gif binary 46 | 47 | ############################################################################### 48 | # diff behavior for common document formats 49 | # 50 | # Convert binary document formats to text before diffing them. This feature 51 | # is only available from the command line. Turn it on by uncommenting the 52 | # entries below. 53 | ############################################################################### 54 | #*.doc diff=astextplain 55 | #*.DOC diff=astextplain 56 | #*.docx diff=astextplain 57 | #*.DOCX diff=astextplain 58 | #*.dot diff=astextplain 59 | #*.DOT diff=astextplain 60 | #*.pdf diff=astextplain 61 | #*.PDF diff=astextplain 62 | #*.rtf diff=astextplain 63 | #*.RTF diff=astextplain 64 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | 4 | # User-specific files 5 | *.suo 6 | *.user 7 | *.userosscache 8 | *.sln.docstates 9 | 10 | # User-specific files (MonoDevelop/Xamarin Studio) 11 | *.userprefs 12 | 13 | # Build results 14 | [Dd]ebug/ 15 | [Dd]ebugPublic/ 16 | [Rr]elease/ 17 | [Rr]eleases/ 18 | [Xx]64/ 19 | [Xx]86/ 20 | [Bb]uild/ 21 | bld/ 22 | [Bb]in/ 23 | [Oo]bj/ 24 | 25 | # Visual Studio 2015 cache/options directory 26 | .vs/ 27 | # Uncomment if you have tasks that create the project's static files in wwwroot 28 | #wwwroot/ 29 | 30 | # MSTest test Results 31 | [Tt]est[Rr]esult*/ 32 | [Bb]uild[Ll]og.* 33 | 34 | # NUNIT 35 | *.VisualState.xml 36 | TestResult.xml 37 | 38 | # Build Results of an ATL Project 39 | [Dd]ebugPS/ 40 | [Rr]eleasePS/ 41 | dlldata.c 42 | 43 | # DNX 44 | project.lock.json 45 | artifacts/ 46 | 47 | *_i.c 48 | *_p.c 49 | *_i.h 50 | *.ilk 51 | *.meta 52 | *.obj 53 | *.pch 54 | *.pdb 55 | *.pgc 56 | *.pgd 57 | *.rsp 58 | *.sbr 59 | *.tlb 60 | *.tli 61 | *.tlh 62 | *.tmp 63 | *.tmp_proj 64 | *.log 65 | *.vspscc 66 | *.vssscc 67 | .builds 68 | *.pidb 69 | *.svclog 70 | *.scc 71 | 72 | # Chutzpah Test files 73 | _Chutzpah* 74 | 75 | # Visual C++ cache files 76 | ipch/ 77 | *.aps 78 | *.ncb 79 | *.opendb 80 | *.opensdf 81 | *.sdf 82 | *.cachefile 83 | *.VC.db 84 | 85 | # Visual Studio profiler 86 | *.psess 87 | *.vsp 88 | *.vspx 89 | *.sap 90 | 91 | # TFS 2012 Local Workspace 92 | $tf/ 93 | 94 | # Guidance Automation Toolkit 95 | *.gpState 96 | 97 | # ReSharper is a .NET coding add-in 98 | _ReSharper*/ 99 | *.[Rr]e[Ss]harper 100 | *.DotSettings.user 101 | 102 | # JustCode is a .NET coding add-in 103 | .JustCode 104 | 105 | # TeamCity is a build add-in 106 | _TeamCity* 107 | 108 | # DotCover is a Code Coverage Tool 109 | *.dotCover 110 | 111 | # NCrunch 112 | _NCrunch_* 113 | .*crunch*.local.xml 114 | nCrunchTemp_* 115 | 116 | # MightyMoose 117 | *.mm.* 118 | AutoTest.Net/ 119 | 120 | # Web workbench (sass) 121 | .sass-cache/ 122 | 123 | # Installshield output folder 124 | [Ee]xpress/ 125 | 126 | # DocProject is a documentation generator add-in 127 | DocProject/buildhelp/ 128 | DocProject/Help/*.HxT 129 | DocProject/Help/*.HxC 130 | DocProject/Help/*.hhc 131 | DocProject/Help/*.hhk 132 | DocProject/Help/*.hhp 133 | DocProject/Help/Html2 134 | DocProject/Help/html 135 | 136 | # Click-Once directory 137 | publish/ 138 | 139 | # Publish Web Output 140 | *.[Pp]ublish.xml 141 | *.azurePubxml 142 | 143 | # TODO: Un-comment the next line if you do not want to checkin 144 | # your web deploy settings because they may include unencrypted 145 | # passwords 146 | #*.pubxml 147 | *.publishproj 148 | 149 | # NuGet Packages 150 | *.nupkg 151 | # The packages folder can be ignored because of Package Restore 152 | **/packages/* 153 | # except build/, which is used as an MSBuild target. 154 | !**/packages/build/ 155 | # Uncomment if necessary however generally it will be regenerated when needed 156 | #!**/packages/repositories.config 157 | # NuGet v3's project.json files produces more ignoreable files 158 | *.nuget.props 159 | *.nuget.targets 160 | 161 | # Microsoft Azure Build Output 162 | csx/ 163 | *.build.csdef 164 | 165 | # Microsoft Azure Emulator 166 | ecf/ 167 | rcf/ 168 | 169 | # Windows Store app package directory 170 | AppPackages/ 171 | BundleArtifacts/ 172 | 173 | # Visual Studio cache files 174 | # files ending in .cache can be ignored 175 | *.[Cc]ache 176 | # but keep track of directories ending in .cache 177 | !*.[Cc]ache/ 178 | 179 | # Others 180 | ClientBin/ 181 | [Ss]tyle[Cc]op.* 182 | ~$* 183 | *~ 184 | *.dbmdl 185 | *.dbproj.schemaview 186 | *.pfx 187 | *.publishsettings 188 | node_modules/ 189 | orleans.codegen.cs 190 | 191 | # RIA/Silverlight projects 192 | Generated_Code/ 193 | 194 | # Backup & report files from converting an old project file 195 | # to a newer Visual Studio version. Backup files are not needed, 196 | # because we have git ;-) 197 | _UpgradeReport_Files/ 198 | Backup*/ 199 | UpgradeLog*.XML 200 | UpgradeLog*.htm 201 | 202 | # SQL Server files 203 | *.mdf 204 | *.ldf 205 | 206 | # Business Intelligence projects 207 | *.rdl.data 208 | *.bim.layout 209 | *.bim_*.settings 210 | 211 | # Microsoft Fakes 212 | FakesAssemblies/ 213 | 214 | # GhostDoc plugin setting file 215 | *.GhostDoc.xml 216 | 217 | # Node.js Tools for Visual Studio 218 | .ntvs_analysis.dat 219 | 220 | # Visual Studio 6 build log 221 | *.plg 222 | 223 | # Visual Studio 6 workspace options file 224 | *.opt 225 | 226 | # Visual Studio LightSwitch build output 227 | **/*.HTMLClient/GeneratedArtifacts 228 | **/*.DesktopClient/GeneratedArtifacts 229 | **/*.DesktopClient/ModelManifest.xml 230 | **/*.Server/GeneratedArtifacts 231 | **/*.Server/ModelManifest.xml 232 | _Pvt_Extensions 233 | 234 | # LightSwitch generated files 235 | GeneratedArtifacts/ 236 | ModelManifest.xml 237 | 238 | # Paket dependency manager 239 | .paket/paket.exe 240 | 241 | # FAKE - F# Make 242 | .fake/ 243 | 244 | ## Custom rules. 245 | # PVS-Studio 246 | *.i 247 | *.i-* 248 | *.PVS-Studio.cfg 249 | -------------------------------------------------------------------------------- /MUltimate Assembler.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.12.35527.113 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MUltimate Assembler", "MUltimate Assembler.vcxproj", "{1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug_x64dbg|Win32 = Debug_x64dbg|Win32 11 | Debug_x64dbg|x64 = Debug_x64dbg|x64 12 | Release_immdbg|Win32 = Release_immdbg|Win32 13 | Release_immdbg|x64 = Release_immdbg|x64 14 | Release_odbg_v2|Win32 = Release_odbg_v2|Win32 15 | Release_odbg_v2|x64 = Release_odbg_v2|x64 16 | Release_odbg|Win32 = Release_odbg|Win32 17 | Release_odbg|x64 = Release_odbg|x64 18 | Release_x64dbg|Win32 = Release_x64dbg|Win32 19 | Release_x64dbg|x64 = Release_x64dbg|x64 20 | EndGlobalSection 21 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 22 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Debug_x64dbg|Win32.ActiveCfg = Debug_x64dbg|Win32 23 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Debug_x64dbg|Win32.Build.0 = Debug_x64dbg|Win32 24 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Debug_x64dbg|x64.ActiveCfg = Debug_x64dbg|x64 25 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Debug_x64dbg|x64.Build.0 = Debug_x64dbg|x64 26 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_immdbg|Win32.ActiveCfg = Release_immdbg|Win32 27 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_immdbg|Win32.Build.0 = Release_immdbg|Win32 28 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_immdbg|x64.ActiveCfg = Release_immdbg|x64 29 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_immdbg|x64.Build.0 = Release_immdbg|x64 30 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_odbg_v2|Win32.ActiveCfg = Release_odbg_v2|Win32 31 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_odbg_v2|Win32.Build.0 = Release_odbg_v2|Win32 32 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_odbg_v2|x64.ActiveCfg = Release_odbg_v2|x64 33 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_odbg_v2|x64.Build.0 = Release_odbg_v2|x64 34 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_odbg|Win32.ActiveCfg = Release_odbg|Win32 35 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_odbg|Win32.Build.0 = Release_odbg|Win32 36 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_odbg|x64.ActiveCfg = Release_odbg|x64 37 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_odbg|x64.Build.0 = Release_odbg|x64 38 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_x64dbg|Win32.ActiveCfg = Release_x64dbg|Win32 39 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_x64dbg|Win32.Build.0 = Release_x64dbg|Win32 40 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_x64dbg|x64.ActiveCfg = Release_x64dbg|x64 41 | {1356A7DE-2F61-48DB-91CE-7C27DBC3D9A9}.Release_x64dbg|x64.Build.0 = Release_x64dbg|x64 42 | EndGlobalSection 43 | GlobalSection(SolutionProperties) = preSolution 44 | HideSolutionNode = FALSE 45 | EndGlobalSection 46 | EndGlobal 47 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Multiline Ultimate Assembler 2 | 3 | Multiline Ultimate Assembler is a multiline (and ultimate) assembler (and 4 | disassembler) plugin for [x64dbg](https://x64dbg.com/) and 5 | [OllyDbg](http://www.ollydbg.de/). It's a perfect tool for modifying and 6 | extending a compiled executable functionality, writing code caves, etc. 7 | 8 | [🏠 Homepage](https://ramensoftware.com/multimate-assembler) 9 | 10 | ![Screenshot](screenshot.png) 11 | -------------------------------------------------------------------------------- /assembler_dlg_tabs.h: -------------------------------------------------------------------------------- 1 | #ifndef _ASSEMBLER_DLG_TABS_H_ 2 | #define _ASSEMBLER_DLG_TABS_H_ 3 | 4 | #include "plugin.h" 5 | #include "raedit.h" 6 | #include "tabctrl_ex.h" 7 | #include "resource.h" 8 | 9 | #ifndef GET_X_LPARAM 10 | #define GET_X_LPARAM(lParam) ((int)(short)LOWORD(lParam)) 11 | #endif 12 | #ifndef GET_Y_LPARAM 13 | #define GET_Y_LPARAM(lParam) ((int)(short)HIWORD(lParam)) 14 | #endif 15 | 16 | typedef struct _tcitem_extra { 17 | int first_visible_line; 18 | CHARRANGE char_range; 19 | } TCITEM_EXTRA; 20 | 21 | typedef struct _tcitem_custom { 22 | TCITEMHEADER header; 23 | TCITEM_EXTRA extra; 24 | } TCITEM_CUSTOM; 25 | 26 | void InitTabs(HWND hTabCtrlWnd, HWND hAsmEditWnd, HINSTANCE hInst, HWND hErrorWnd, UINT uErrorMsg); 27 | int InitLoadTabs(HWND hTabCtrlWnd); 28 | void SyncTabs(HWND hTabCtrlWnd, HWND hAsmEditWnd); 29 | void NewTab(HWND hTabCtrlWnd, HWND hAsmEditWnd, TCHAR *pTabLabel); 30 | void PrevTab(HWND hTabCtrlWnd, HWND hAsmEditWnd); 31 | void NextTab(HWND hTabCtrlWnd, HWND hAsmEditWnd); 32 | BOOL GetTabName(HWND hTabCtrlWnd, TCHAR *pText, int nTextBuffer); 33 | void CloseTab(HWND hTabCtrlWnd, HWND hAsmEditWnd); 34 | BOOL CloseTabOnPoint(HWND hTabCtrlWnd, HWND hAsmEditWnd, POINT *ppt); 35 | void CloseTabByIndex(HWND hTabCtrlWnd, HWND hAsmEditWnd, int nTabIndex); 36 | void CloseAllTabs(HWND hTabCtrlWnd, HWND hAsmEditWnd); 37 | BOOL OnContextMenu(HWND hTabCtrlWnd, HWND hAsmEditWnd, LPARAM lParam, POINT *ppt); 38 | void OnTabChanging(HWND hTabCtrlWnd, HWND hAsmEditWnd); 39 | void OnTabChanged(HWND hTabCtrlWnd, HWND hAsmEditWnd); 40 | void OnTabFileUpdated(HWND hTabCtrlWnd, HWND hAsmEditWnd); 41 | void TabRenameStart(HWND hTabCtrlWnd); 42 | BOOL TabRenameEnd(HWND hTabCtrlWnd, TCHAR *pNewName); 43 | BOOL OnTabDrag(HWND hTabCtrlWnd, int nDragFromId, int nDropToId); 44 | BOOL LoadFileOfTab(HWND hTabCtrlWnd, HWND hAsmEditWnd); 45 | BOOL SaveFileOfTab(HWND hTabCtrlWnd, HWND hAsmEditWnd); 46 | BOOL LoadFileFromLibrary(HWND hTabCtrlWnd, HWND hAsmEditWnd, HWND hWnd, HINSTANCE hInst); 47 | BOOL SaveFileToLibrary(HWND hTabCtrlWnd, HWND hAsmEditWnd, HWND hWnd, HINSTANCE hInst); 48 | 49 | // General tab functions 50 | static void MakeTabLabelValid(TCHAR *pLabel); 51 | static void GetTabFileName(HWND hTabCtrlWnd, int nTabIndex, TCHAR *pFileName); 52 | static int FindTabByLabel(HWND hTabCtrlWnd, TCHAR *pLabel); 53 | static void MoveTab(HWND hTabCtrlWnd, int nFromIndex, int nToIndex); 54 | static DWORD CALLBACK StreamInProc(DWORD_PTR dwCookie, LPBYTE lpbBuff, LONG cb, LONG *pcb); 55 | static DWORD CALLBACK StreamOutProc(DWORD_PTR dwCookie, LPBYTE lpbBuff, LONG cb, LONG *pcb); 56 | 57 | // Config functions 58 | static UINT ReadIntFromPrivateIni(TCHAR *pKeyName, UINT nDefault); 59 | static BOOL WriteIntToPrivateIni(TCHAR *pKeyName, UINT nValue); 60 | static DWORD ReadStringFromPrivateIni(TCHAR *pKeyName, TCHAR *pDefault, TCHAR *pReturnedString, DWORD dwStringSize); 61 | static BOOL WriteStringToPrivateIni(TCHAR *pKeyName, TCHAR *pValue); 62 | static BOOL GetConfigLastWriteTime(FILETIME *pftLastWriteTime); 63 | 64 | // General 65 | static BOOL MakeSureDirectoryExists(TCHAR *pPathName); 66 | static DWORD PathRelativeToModuleDir(HMODULE hModule, TCHAR *pRelativePath, TCHAR *pResult, BOOL bPathAddBackslash); 67 | static BOOL GetFileLastWriteTime(TCHAR *pFilePath, FILETIME *pftLastWriteTime); 68 | 69 | #endif // _ASSEMBLER_DLG_TABS_H_ 70 | -------------------------------------------------------------------------------- /functions.c: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "functions.h" 3 | 4 | void **FindImportPtr(HMODULE hFindInModule, char *pModuleName, char *pImportName) 5 | { 6 | IMAGE_DOS_HEADER *pDosHeader; 7 | IMAGE_NT_HEADERS *pNtHeader; 8 | ULONG_PTR ImageBase; 9 | IMAGE_IMPORT_DESCRIPTOR *pImportDescriptor; 10 | ULONG_PTR *pOriginalFirstThunk; 11 | ULONG_PTR *pFirstThunk; 12 | ULONG_PTR ImageImportByName; 13 | 14 | // Init 15 | pDosHeader = (IMAGE_DOS_HEADER *)hFindInModule; 16 | pNtHeader = (IMAGE_NT_HEADERS *)((char *)pDosHeader + pDosHeader->e_lfanew); 17 | 18 | if(!pNtHeader->OptionalHeader.DataDirectory[1].VirtualAddress) 19 | return NULL; 20 | 21 | ImageBase = (ULONG_PTR)hFindInModule; 22 | pImportDescriptor = (IMAGE_IMPORT_DESCRIPTOR *)(ImageBase + pNtHeader->OptionalHeader.DataDirectory[1].VirtualAddress); 23 | 24 | // Search! 25 | while(pImportDescriptor->OriginalFirstThunk) 26 | { 27 | if(lstrcmpiA((char *)(ImageBase + pImportDescriptor->Name), pModuleName) == 0) 28 | { 29 | pOriginalFirstThunk = (ULONG_PTR *)(ImageBase + pImportDescriptor->OriginalFirstThunk); 30 | ImageImportByName = *pOriginalFirstThunk; 31 | 32 | pFirstThunk = (ULONG_PTR *)(ImageBase + pImportDescriptor->FirstThunk); 33 | 34 | while(ImageImportByName) 35 | { 36 | if(!(ImageImportByName & IMAGE_ORDINAL_FLAG)) 37 | { 38 | if((ULONG_PTR)pImportName & ~0xFFFF) 39 | { 40 | ImageImportByName += sizeof(WORD); 41 | 42 | if(lstrcmpA((char *)(ImageBase + ImageImportByName), pImportName) == 0) 43 | return (void **)pFirstThunk; 44 | } 45 | } 46 | else 47 | { 48 | if(((ULONG_PTR)pImportName & ~0xFFFF) == 0) 49 | if((ImageImportByName & 0xFFFF) == (ULONG_PTR)pImportName) 50 | return (void **)pFirstThunk; 51 | } 52 | 53 | pOriginalFirstThunk++; 54 | ImageImportByName = *pOriginalFirstThunk; 55 | 56 | pFirstThunk++; 57 | } 58 | } 59 | 60 | pImportDescriptor++; 61 | } 62 | 63 | return NULL; 64 | } 65 | -------------------------------------------------------------------------------- /functions.h: -------------------------------------------------------------------------------- 1 | #ifndef _FUNCTIONS_H_ 2 | #define _FUNCTIONS_H_ 3 | 4 | void **FindImportPtr(HMODULE hFindInModule, char *pModuleName, char *pImportName); 5 | 6 | #endif // _FUNCTIONS_H_ 7 | -------------------------------------------------------------------------------- /main_common.c: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "main_common.h" 3 | #include "plugin.h" 4 | #include "raedit.h" 5 | #include "assembler_dlg.h" 6 | #include "resource.h" 7 | 8 | HINSTANCE hDllInst; 9 | OPTIONS options; 10 | 11 | BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) 12 | { 13 | switch(fdwReason) 14 | { 15 | case DLL_PROCESS_ATTACH: 16 | DisableThreadLibraryCalls(hinstDLL); 17 | hDllInst = hinstDLL; 18 | break; 19 | 20 | case DLL_PROCESS_DETACH: 21 | break; 22 | } 23 | 24 | return TRUE; 25 | } 26 | 27 | TCHAR *PluginInit(HINSTANCE hInst) 28 | { 29 | INITCOMMONCONTROLSEX icex; 30 | TCHAR *pError; 31 | 32 | // Ensure that the common control DLL is loaded. 33 | icex.dwSize = sizeof(INITCOMMONCONTROLSEX); 34 | icex.dwICC = ICC_TAB_CLASSES; 35 | InitCommonControlsEx(&icex); 36 | 37 | // For drag'n'drop support 38 | if(FAILED(OleInitialize(NULL))) 39 | return _T("OleInitialize() failed"); 40 | 41 | // Install RAEdit control 42 | InstallRAEdit(hInst, FALSE); 43 | 44 | // Init stuff 45 | pError = AssemblerInit(); 46 | if(pError) 47 | { 48 | UnInstallRAEdit(); 49 | return pError; 50 | } 51 | 52 | // Load options 53 | MyGetintfromini(hInst, _T("disasm_rva"), &options.disasm_rva, 0, 0, 1); 54 | MyGetintfromini(hInst, _T("disasm_rva_reloconly"), &options.disasm_rva_reloconly, 0, 0, 1); 55 | MyGetintfromini(hInst, _T("disasm_label"), &options.disasm_label, 0, 0, 1); 56 | MyGetintfromini(hInst, _T("disasm_extjmp"), &options.disasm_extjmp, 0, 0, 1); 57 | MyGetintfromini(hInst, _T("disasm_hex"), &options.disasm_hex, 0, 4, 0); 58 | MyGetintfromini(hInst, _T("disasm_labelgen"), &options.disasm_labelgen, 0, 2, 0); 59 | MyGetintfromini(hInst, _T("asm_comments"), &options.asm_comments, 0, 0, 1); 60 | MyGetintfromini(hInst, _T("asm_labels"), &options.asm_labels, 0, 0, 1); 61 | MyGetintfromini(hInst, _T("edit_savepos"), &options.edit_savepos, 0, 0, 1); 62 | MyGetintfromini(hInst, _T("edit_tabwidth"), &options.edit_tabwidth, 0, 2, 1); 63 | 64 | return NULL; 65 | } 66 | 67 | void PluginExit() 68 | { 69 | AssemblerExit(); 70 | UnInstallRAEdit(); 71 | OleUninitialize(); 72 | } 73 | 74 | BOOL OpenHelp(HWND hWnd, HINSTANCE hInst) 75 | { 76 | TCHAR szFilePath[MAX_PATH]; 77 | DWORD dwPathLen; 78 | 79 | dwPathLen = GetModuleFileName(hInst, szFilePath, MAX_PATH); 80 | if(dwPathLen == 0) 81 | return FALSE; 82 | 83 | do 84 | { 85 | dwPathLen--; 86 | 87 | if(dwPathLen == 0) 88 | return FALSE; 89 | } 90 | while(szFilePath[dwPathLen] != _T('\\')); 91 | 92 | dwPathLen++; 93 | szFilePath[dwPathLen] = _T('\0'); 94 | 95 | dwPathLen += sizeof("multiasm.chm") - 1; 96 | if(dwPathLen > MAX_PATH - 1) 97 | return FALSE; 98 | 99 | lstrcat(szFilePath, _T("multiasm.chm")); 100 | 101 | return !((int)(UINT_PTR)ShellExecute(hWnd, NULL, szFilePath, NULL, NULL, SW_SHOWNORMAL) <= 32); 102 | } 103 | 104 | #if !(defined(TARGET_ODBG) || defined(TARGET_IMMDBG) || defined(TARGET_ODBG2)) 105 | void OpenUrl(HWND hWnd, PCWSTR url) { 106 | if((INT_PTR)ShellExecuteW(hWnd, L"open", url, NULL, NULL, SW_SHOWNORMAL) <= 32) { 107 | MessageBox(hWnd, _T("Failed to open link"), NULL, MB_ICONHAND); 108 | } 109 | } 110 | 111 | HRESULT CALLBACK AboutMessageBoxCallback(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam, LONG_PTR lpRefData) { 112 | switch(msg) { 113 | case TDN_HYPERLINK_CLICKED: 114 | OpenUrl(hwnd, (PCWSTR)lParam); 115 | break; 116 | } 117 | 118 | return S_OK; 119 | } 120 | #endif // !(defined(TARGET_ODBG) || defined(TARGET_IMMDBG) || defined(TARGET_ODBG2)) 121 | 122 | int AboutMessageBox(HWND hWnd, HINSTANCE hInst) 123 | { 124 | // OllyDbg doesn't use visual styles, so TaskDialogIndirect isn't available. 125 | #if defined(TARGET_ODBG) || defined(TARGET_IMMDBG) || defined(TARGET_ODBG2) 126 | PCWSTR content = 127 | DEF_PLUGINNAME _T(" v") DEF_VERSION _T("\n") 128 | _T("By m417z (Ramen Software)\n") 129 | _T("\n") 130 | _T("Source code:\n") 131 | _T("https://github.com/m417z/Multiline-Ultimate-Assembler"); 132 | 133 | MSGBOXPARAMS mbpMsgBoxParams; 134 | 135 | ZeroMemory(&mbpMsgBoxParams, sizeof(MSGBOXPARAMS)); 136 | 137 | mbpMsgBoxParams.cbSize = sizeof(MSGBOXPARAMS); 138 | mbpMsgBoxParams.hwndOwner = hWnd; 139 | mbpMsgBoxParams.hInstance = hInst; 140 | mbpMsgBoxParams.lpszText = content; 141 | mbpMsgBoxParams.lpszCaption = _T("About"); 142 | mbpMsgBoxParams.dwStyle = MB_USERICON; 143 | mbpMsgBoxParams.lpszIcon = MAKEINTRESOURCE(IDI_MAIN); 144 | 145 | return MessageBoxIndirect(&mbpMsgBoxParams); 146 | #else 147 | PCWSTR content = 148 | DEF_PLUGINNAME L" v" DEF_VERSION L"\n" 149 | L"By m417z (Ramen Software)\n" 150 | L"\n" 151 | L"Source code:\n" 152 | L"https://github.com/m417z/Multiline-Ultimate-Assembler"; 153 | 154 | TASKDIALOGCONFIG taskDialogConfig; 155 | 156 | ZeroMemory(&taskDialogConfig, sizeof(TASKDIALOGCONFIG)); 157 | 158 | taskDialogConfig.cbSize = sizeof(taskDialogConfig); 159 | taskDialogConfig.hwndParent = hWnd; 160 | taskDialogConfig.hInstance = hInst; 161 | taskDialogConfig.dwFlags = TDF_ENABLE_HYPERLINKS | TDF_ALLOW_DIALOG_CANCELLATION; 162 | taskDialogConfig.pszWindowTitle = L"About"; 163 | taskDialogConfig.pszMainIcon = MAKEINTRESOURCEW(IDI_MAIN); 164 | taskDialogConfig.pszContent = content; 165 | taskDialogConfig.pfCallback = AboutMessageBoxCallback; 166 | 167 | return TaskDialogIndirect(&taskDialogConfig, NULL, NULL, NULL); 168 | #endif 169 | } 170 | -------------------------------------------------------------------------------- /main_common.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | TCHAR *PluginInit(HINSTANCE hInst); 4 | void PluginExit(); 5 | BOOL OpenHelp(HWND hWnd, HINSTANCE hInst); 6 | int AboutMessageBox(HWND hWnd, HINSTANCE hInst); 7 | -------------------------------------------------------------------------------- /main_x64dbg.c: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "main_common.h" 3 | #include "plugin.h" 4 | #include "assembler_dlg.h" 5 | #include "options_dlg.h" 6 | 7 | extern HINSTANCE hDllInst; 8 | 9 | static int pluginHandle; 10 | static int hMenu; 11 | static int hMenuDisasm; 12 | 13 | #ifndef DLL_EXPORT 14 | #define DLL_EXPORT __declspec(dllexport) 15 | #endif // DLL_EXPORT 16 | 17 | #define MENU_MAIN 0 18 | #define MENU_DISASM 1 19 | #define MENU_OPTIONS 2 20 | #define MENU_HELP 3 21 | #define MENU_ABOUT 4 22 | 23 | #define MENU_CPU_DISASM 5 24 | 25 | static int GetPluginVersion(); 26 | static void DisassembleSelection(); 27 | static bool CmdShow(int argc, char** argv); 28 | static bool CmdDisasmSelection(int argc, char** argv); 29 | static bool CmdClose(int argc, char** argv); 30 | 31 | DLL_EXPORT void plugsetup(PLUG_SETUPSTRUCT *setupStruct) 32 | { 33 | hwollymain = setupStruct->hwndDlg; 34 | hMenu = setupStruct->hMenu; 35 | hMenuDisasm = setupStruct->hMenuDisasm; 36 | 37 | HRSRC hResource = FindResource(hDllInst, MAKEINTRESOURCE(IDB_X64DBG_ICON), "PNG"); 38 | if(hResource) 39 | { 40 | HGLOBAL hMemory = LoadResource(hDllInst, hResource); 41 | if(hMemory) 42 | { 43 | DWORD dwSize = SizeofResource(hDllInst, hResource); 44 | LPVOID lpAddress = LockResource(hMemory); 45 | if(lpAddress) 46 | { 47 | ICONDATA IconData; 48 | IconData.data = lpAddress; 49 | IconData.size = dwSize; 50 | 51 | _plugin_menuseticon(hMenu, &IconData); 52 | _plugin_menuseticon(hMenuDisasm, &IconData); 53 | } 54 | } 55 | } 56 | 57 | _plugin_menuaddentry(hMenu, MENU_MAIN, "&Multiline Ultimate Assembler\tCtrl+M"); 58 | _plugin_menuaddseparator(hMenu); 59 | _plugin_menuaddentry(hMenu, MENU_OPTIONS, "&Options"); 60 | _plugin_menuaddseparator(hMenu); 61 | _plugin_menuaddentry(hMenu, MENU_HELP, "&Help"); 62 | _plugin_menuaddentry(hMenu, MENU_ABOUT, "&About"); 63 | 64 | _plugin_menuaddentry(hMenuDisasm, MENU_CPU_DISASM, "&Disassemble selection\tCtrl+Shift+M"); 65 | } 66 | 67 | DLL_EXPORT bool pluginit(PLUG_INITSTRUCT* initStruct) 68 | { 69 | initStruct->pluginVersion = GetPluginVersion(); 70 | initStruct->sdkVersion = PLUG_SDKVERSION; 71 | lstrcpy(initStruct->pluginName, DEF_PLUGINNAME); 72 | pluginHandle = initStruct->pluginHandle; 73 | 74 | char *pError = PluginInit(hDllInst); 75 | if(pError) 76 | { 77 | MessageBox(hwollymain, pError, "Multiline Ultimate Assembler error", MB_ICONHAND); 78 | return false; 79 | } 80 | 81 | _plugin_logputs("Multiline Ultimate Assembler v" DEF_VERSION); 82 | _plugin_logputs(" " DEF_COPYRIGHT); 83 | 84 | _plugin_registercommand(pluginHandle, "multiasm_show", CmdShow, false); 85 | _plugin_registercommand(pluginHandle, "multiasm_disasm_selection", CmdDisasmSelection, true); 86 | _plugin_registercommand(pluginHandle, "multiasm_close", CmdClose, false); 87 | 88 | return true; 89 | } 90 | 91 | static int GetPluginVersion() 92 | { 93 | char *p = DEF_VERSION; 94 | int nVersion = 0; 95 | 96 | while(*p != '\0') 97 | { 98 | char c = *p; 99 | if(c >= '0' && c <= '9') 100 | { 101 | nVersion *= 10; 102 | nVersion += c - '0'; 103 | } 104 | 105 | p++; 106 | } 107 | 108 | return nVersion; 109 | } 110 | 111 | DLL_EXPORT bool plugstop() 112 | { 113 | _plugin_menuclear(hMenu); 114 | _plugin_menuclear(hMenuDisasm); 115 | 116 | _plugin_unregistercommand(pluginHandle, "multiasm_show"); 117 | _plugin_unregistercommand(pluginHandle, "multiasm_disasm_selection"); 118 | _plugin_unregistercommand(pluginHandle, "multiasm_close"); 119 | 120 | AssemblerCloseDlg(); 121 | PluginExit(); 122 | return true; 123 | } 124 | 125 | DLL_EXPORT CDECL void CBWINEVENT(CBTYPE cbType, PLUG_CB_WINEVENT *info) 126 | { 127 | MSG *pMsg = info->message; 128 | 129 | if(!info->result && AssemblerPreTranslateMessage(pMsg)) 130 | { 131 | info->retval = true; 132 | return; 133 | } 134 | 135 | if(info->result && 136 | pMsg->message == WM_KEYUP && 137 | pMsg->wParam == 'M') 138 | { 139 | bool ctrlDown = GetKeyState(VK_CONTROL) < 0; 140 | bool altDown = GetKeyState(VK_MENU) < 0; 141 | bool shiftDown = GetKeyState(VK_SHIFT) < 0; 142 | 143 | if(!altDown && ctrlDown) 144 | { 145 | if(shiftDown) 146 | { 147 | if(DbgIsDebugging()) 148 | DisassembleSelection(); 149 | } 150 | else 151 | { 152 | AssemblerShowDlg(); 153 | } 154 | 155 | *info->result = 0; 156 | info->retval = true; 157 | return; 158 | } 159 | } 160 | } 161 | 162 | DLL_EXPORT CDECL void CBMENUENTRY(CBTYPE cbType, void *callbackInfo) 163 | { 164 | PLUG_CB_MENUENTRY *info = (PLUG_CB_MENUENTRY *)callbackInfo; 165 | 166 | switch(info->hEntry) 167 | { 168 | case MENU_MAIN: 169 | // Menu item, main plugin functionality 170 | AssemblerShowDlg(); 171 | break; 172 | 173 | case MENU_DISASM: 174 | case MENU_CPU_DISASM: 175 | if(DbgIsDebugging()) 176 | DisassembleSelection(); 177 | else 178 | MessageBox(hwollymain, "No process is loaded", NULL, MB_ICONASTERISK); 179 | break; 180 | 181 | case MENU_OPTIONS: 182 | // Menu item "Options" 183 | if(ShowOptionsDlg()) 184 | AssemblerOptionsChanged(); 185 | break; 186 | 187 | case MENU_HELP: 188 | // Menu item "Help" 189 | if(!OpenHelp(hwollymain, hDllInst)) 190 | MessageBox(hwollymain, "Failed to open the \"multiasm.chm\" help file", NULL, MB_ICONHAND); 191 | break; 192 | 193 | case MENU_ABOUT: 194 | // Menu item "About", displays plugin info. 195 | AboutMessageBox(hwollymain, hDllInst); 196 | break; 197 | } 198 | } 199 | 200 | static void DisassembleSelection() 201 | { 202 | SELECTIONDATA selection; 203 | 204 | if(GuiSelectionGet(GUI_DISASSEMBLY, &selection)) 205 | AssemblerLoadCode(selection.start, selection.end - selection.start + 1); 206 | } 207 | 208 | static bool CmdShow(int argc, char** argv) 209 | { 210 | if(argc > 1) 211 | { 212 | _plugin_logputs("Command does not accept arguments"); 213 | return false; 214 | } 215 | 216 | GuiExecuteOnGuiThread(AssemblerShowDlg); 217 | return true; 218 | } 219 | 220 | static bool CmdDisasmSelection(int argc, char** argv) 221 | { 222 | if(argc > 1) 223 | { 224 | _plugin_logputs("Command does not accept arguments"); 225 | return false; 226 | } 227 | 228 | GuiExecuteOnGuiThread(DisassembleSelection); 229 | return true; 230 | } 231 | 232 | static bool CmdClose(int argc, char** argv) 233 | { 234 | if(argc > 1) 235 | { 236 | _plugin_logputs("Command does not accept arguments"); 237 | return false; 238 | } 239 | 240 | GuiExecuteOnGuiThread(AssemblerCloseDlg); 241 | return true; 242 | } 243 | -------------------------------------------------------------------------------- /minicrt/minicrt.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/minicrt/minicrt.lib -------------------------------------------------------------------------------- /minicrt/minicrt64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/minicrt/minicrt64.lib -------------------------------------------------------------------------------- /ollydbglib/immdbg.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/ollydbglib/immdbg.lib -------------------------------------------------------------------------------- /ollydbglib/ollydbg.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/ollydbglib/ollydbg.lib -------------------------------------------------------------------------------- /ollydbglib/ollydbg2.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/ollydbglib/ollydbg2.lib -------------------------------------------------------------------------------- /options_def.h: -------------------------------------------------------------------------------- 1 | #ifndef _OPTIONS_DEF_H_ 2 | #define _OPTIONS_DEF_H_ 3 | 4 | typedef struct { 5 | int disasm_rva; 6 | int disasm_rva_reloconly; 7 | int disasm_label; 8 | int disasm_extjmp; 9 | int disasm_hex; 10 | int disasm_labelgen; 11 | int asm_comments; 12 | int asm_labels; 13 | int edit_savepos; 14 | int edit_tabwidth; 15 | } OPTIONS; 16 | 17 | #endif // _OPTIONS_DEF_H_ 18 | -------------------------------------------------------------------------------- /options_dlg.c: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "options_dlg.h" 3 | 4 | extern HINSTANCE hDllInst; 5 | extern OPTIONS options; 6 | 7 | LRESULT ShowOptionsDlg() 8 | { 9 | return DialogBox(hDllInst, MAKEINTRESOURCE(IDD_OPTIONS), hwollymain, (DLGPROC)DlgOptionsProc); 10 | } 11 | 12 | static LRESULT CALLBACK DlgOptionsProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) 13 | { 14 | switch(uMsg) 15 | { 16 | case WM_INITDIALOG: 17 | SendDlgItemMessage(hWnd, IDC_DISASM_HEX, CB_ADDSTRING, 0, (LPARAM)_T("(disassembler default)")); 18 | SendDlgItemMessage(hWnd, IDC_DISASM_HEX, CB_ADDSTRING, 0, (LPARAM)_T("FFFE")); 19 | SendDlgItemMessage(hWnd, IDC_DISASM_HEX, CB_ADDSTRING, 0, (LPARAM)_T("0FFFE")); 20 | SendDlgItemMessage(hWnd, IDC_DISASM_HEX, CB_ADDSTRING, 0, (LPARAM)_T("0FFFEh")); 21 | SendDlgItemMessage(hWnd, IDC_DISASM_HEX, CB_ADDSTRING, 0, (LPARAM)_T("0xFFFE")); 22 | 23 | SendDlgItemMessage(hWnd, IDC_DISASM_LABELGEN, CB_ADDSTRING, 0, (LPARAM)_T("L[counter]")); 24 | SendDlgItemMessage(hWnd, IDC_DISASM_LABELGEN, CB_ADDSTRING, 0, (LPARAM)_T("L_[address]")); 25 | SendDlgItemMessage(hWnd, IDC_DISASM_LABELGEN, CB_ADDSTRING, 0, (LPARAM)_T("L_[tab_name]_[counter]")); 26 | 27 | SendDlgItemMessage(hWnd, IDC_EDIT_TABWIDTH, CB_ADDSTRING, 0, (LPARAM)_T("2")); 28 | SendDlgItemMessage(hWnd, IDC_EDIT_TABWIDTH, CB_ADDSTRING, 0, (LPARAM)_T("4")); 29 | SendDlgItemMessage(hWnd, IDC_EDIT_TABWIDTH, CB_ADDSTRING, 0, (LPARAM)_T("8")); 30 | 31 | OptionsToDlg(hWnd); 32 | break; 33 | 34 | case WM_LBUTTONDOWN: 35 | SendMessage(hWnd, WM_NCLBUTTONDOWN, HTCAPTION, 0); 36 | break; 37 | 38 | case WM_COMMAND: 39 | switch(LOWORD(wParam)) 40 | { 41 | case IDC_DISASM_RVA: 42 | EnableWindow(GetDlgItem(hWnd, IDC_DISASM_RVA_RELOCONLY), IsDlgButtonChecked(hWnd, IDC_DISASM_RVA)); 43 | break; 44 | 45 | case IDC_DISASM_LABEL: 46 | EnableWindow(GetDlgItem(hWnd, IDC_DISASM_EXTJMP), IsDlgButtonChecked(hWnd, IDC_DISASM_LABEL)); 47 | break; 48 | 49 | case IDOK: 50 | OptionsFromDlg(hWnd); 51 | OptionsToIni(hDllInst); 52 | EndDialog(hWnd, 1); 53 | break; 54 | 55 | case IDCANCEL: 56 | EndDialog(hWnd, 0); 57 | break; 58 | } 59 | break; 60 | } 61 | 62 | return FALSE; 63 | } 64 | 65 | static void OptionsToDlg(HWND hWnd) 66 | { 67 | if(options.disasm_rva) 68 | CheckDlgButton(hWnd, IDC_DISASM_RVA, BST_CHECKED); 69 | else 70 | EnableWindow(GetDlgItem(hWnd, IDC_DISASM_RVA_RELOCONLY), FALSE); 71 | 72 | if(options.disasm_rva_reloconly) 73 | CheckDlgButton(hWnd, IDC_DISASM_RVA_RELOCONLY, BST_CHECKED); 74 | 75 | if(options.disasm_label) 76 | CheckDlgButton(hWnd, IDC_DISASM_LABEL, BST_CHECKED); 77 | else 78 | EnableWindow(GetDlgItem(hWnd, IDC_DISASM_EXTJMP), FALSE); 79 | 80 | if(options.disasm_extjmp) 81 | CheckDlgButton(hWnd, IDC_DISASM_EXTJMP, BST_CHECKED); 82 | 83 | SendDlgItemMessage(hWnd, IDC_DISASM_HEX, CB_SETCURSEL, options.disasm_hex, 0); 84 | 85 | SendDlgItemMessage(hWnd, IDC_DISASM_LABELGEN, CB_SETCURSEL, options.disasm_labelgen, 0); 86 | 87 | if(options.asm_comments) 88 | CheckDlgButton(hWnd, IDC_ASM_COMMENTS, BST_CHECKED); 89 | 90 | if(options.asm_labels) 91 | CheckDlgButton(hWnd, IDC_ASM_LABELS, BST_CHECKED); 92 | 93 | if(options.edit_savepos) 94 | CheckDlgButton(hWnd, IDC_EDIT_SAVEPOS, BST_CHECKED); 95 | 96 | SendDlgItemMessage(hWnd, IDC_EDIT_TABWIDTH, CB_SETCURSEL, options.edit_tabwidth, 0); 97 | } 98 | 99 | static void OptionsFromDlg(HWND hWnd) 100 | { 101 | options.disasm_rva = IsDlgButtonChecked(hWnd, IDC_DISASM_RVA) == BST_CHECKED; 102 | options.disasm_rva_reloconly = IsDlgButtonChecked(hWnd, IDC_DISASM_RVA_RELOCONLY) == BST_CHECKED; 103 | options.disasm_label = IsDlgButtonChecked(hWnd, IDC_DISASM_LABEL) == BST_CHECKED; 104 | options.disasm_extjmp = IsDlgButtonChecked(hWnd, IDC_DISASM_EXTJMP) == BST_CHECKED; 105 | options.disasm_hex = (int)SendDlgItemMessage(hWnd, IDC_DISASM_HEX, CB_GETCURSEL, 0, 0); 106 | options.disasm_labelgen = (int)SendDlgItemMessage(hWnd, IDC_DISASM_LABELGEN, CB_GETCURSEL, 0, 0); 107 | options.asm_comments = IsDlgButtonChecked(hWnd, IDC_ASM_COMMENTS) == BST_CHECKED; 108 | options.asm_labels = IsDlgButtonChecked(hWnd, IDC_ASM_LABELS) == BST_CHECKED; 109 | options.edit_savepos = IsDlgButtonChecked(hWnd, IDC_EDIT_SAVEPOS) == BST_CHECKED; 110 | options.edit_tabwidth = (int)SendDlgItemMessage(hWnd, IDC_EDIT_TABWIDTH, CB_GETCURSEL, 0, 0); 111 | } 112 | 113 | static void OptionsToIni(HINSTANCE hInst) 114 | { 115 | MyWriteinttoini(hInst, _T("disasm_rva"), options.disasm_rva); 116 | MyWriteinttoini(hInst, _T("disasm_rva_reloconly"), options.disasm_rva_reloconly); 117 | MyWriteinttoini(hInst, _T("disasm_label"), options.disasm_label); 118 | MyWriteinttoini(hInst, _T("disasm_extjmp"), options.disasm_extjmp); 119 | MyWriteinttoini(hInst, _T("disasm_hex"), options.disasm_hex); 120 | MyWriteinttoini(hInst, _T("disasm_labelgen"), options.disasm_labelgen); 121 | MyWriteinttoini(hInst, _T("asm_comments"), options.asm_comments); 122 | MyWriteinttoini(hInst, _T("asm_labels"), options.asm_labels); 123 | MyWriteinttoini(hInst, _T("edit_savepos"), options.edit_savepos); 124 | MyWriteinttoini(hInst, _T("edit_tabwidth"), options.edit_tabwidth); 125 | } 126 | -------------------------------------------------------------------------------- /options_dlg.h: -------------------------------------------------------------------------------- 1 | #ifndef _OPTIONS_DLG_H_ 2 | #define _OPTIONS_DLG_H_ 3 | 4 | #include "options_def.h" 5 | #include "plugin.h" 6 | #include "resource.h" 7 | 8 | LRESULT ShowOptionsDlg(); 9 | static LRESULT CALLBACK DlgOptionsProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam); 10 | static void OptionsToDlg(HWND hWnd); 11 | static void OptionsFromDlg(HWND hWnd); 12 | static void OptionsToIni(HINSTANCE hInst); 13 | 14 | #endif // _OPTIONS_DLG_H_ 15 | -------------------------------------------------------------------------------- /plugin.h: -------------------------------------------------------------------------------- 1 | #ifndef _PLUGIN_H_ 2 | #define _PLUGIN_H_ 3 | 4 | #if defined(TARGET_ODBG) || defined(TARGET_IMMDBG) 5 | #include "plugin_odbg_v1.h" 6 | #elif defined(TARGET_ODBG2) 7 | #include "plugin_odbg_v2.h" 8 | #elif defined(TARGET_X64DBG) 9 | #include "plugin_x64dbg.h" 10 | #else 11 | #error Unknown target 12 | #endif 13 | 14 | #define DEF_PLUGINNAME _T("Multiline Ultimate Assembler") 15 | #define DEF_VERSION _T("2.3.7") 16 | #define DEF_COPYRIGHT _T("Copyright (C) Ramen Software") 17 | 18 | #define DECODE_UNKNOWN 0 19 | #define DECODE_COMMAND 1 20 | #define DECODE_DATA 2 21 | #define DECODE_ASCII 3 22 | #define DECODE_UNICODE 4 23 | 24 | // Config functions 25 | BOOL MyGetintfromini(HINSTANCE dllinst, TCHAR *key, int *p_val, int min, int max, int def); 26 | BOOL MyWriteinttoini(HINSTANCE dllinst, TCHAR *key, int val); 27 | int MyGetstringfromini(HINSTANCE dllinst, TCHAR *key, TCHAR *s, int length); 28 | BOOL MyWritestringtoini(HINSTANCE dllinst, TCHAR *key, TCHAR *s); 29 | 30 | // Assembler functions 31 | DWORD SimpleDisasm(BYTE *cmd, SIZE_T cmdsize, DWORD_PTR ip, BYTE *dec, BOOL bSizeOnly, 32 | TCHAR *pszResult, DWORD_PTR *jmpconst, DWORD_PTR *adrconst, DWORD_PTR *immconst); 33 | int AssembleShortest(TCHAR *lpCommand, DWORD_PTR dwAddress, BYTE *bBuffer, TCHAR *lpError); 34 | int AssembleWithGivenSize(TCHAR *lpCommand, DWORD_PTR dwAddress, int nReqSize, BYTE *bBuffer, TCHAR *lpError); 35 | 36 | // Memory functions 37 | BOOL SimpleReadMemory(void *buf, DWORD_PTR addr, SIZE_T size); 38 | BOOL SimpleWriteMemory(void *buf, DWORD_PTR addr, SIZE_T size); 39 | 40 | // Symbolic functions 41 | int GetLabel(DWORD_PTR addr, TCHAR *name); 42 | int GetComment(DWORD_PTR addr, TCHAR *name); 43 | BOOL QuickInsertLabel(DWORD_PTR addr, TCHAR *s); 44 | BOOL QuickInsertComment(DWORD_PTR addr, TCHAR *s); 45 | void MergeQuickData(void); 46 | void DeleteRangeLabels(DWORD_PTR addr0, DWORD_PTR addr1); 47 | void DeleteRangeComments(DWORD_PTR addr0, DWORD_PTR addr1); 48 | 49 | // Module functions 50 | PLUGIN_MODULE FindModuleByName(TCHAR *lpModule); 51 | PLUGIN_MODULE FindModuleByAddr(DWORD_PTR dwAddress); 52 | DWORD_PTR GetModuleBase(PLUGIN_MODULE module); 53 | SIZE_T GetModuleSize(PLUGIN_MODULE module); 54 | BOOL GetModuleName(PLUGIN_MODULE module, TCHAR *pszModuleName); 55 | BOOL IsModuleWithRelocations(PLUGIN_MODULE module); 56 | 57 | // Memory functions 58 | PLUGIN_MEMORY FindMemory(DWORD_PTR dwAddress); 59 | DWORD_PTR GetMemoryBase(PLUGIN_MEMORY mem); 60 | SIZE_T GetMemorySize(PLUGIN_MEMORY mem); 61 | void EnsureMemoryBackup(PLUGIN_MEMORY mem); 62 | 63 | // Analysis functions 64 | BYTE *FindDecode(DWORD_PTR addr, SIZE_T *psize); 65 | int DecodeGetType(BYTE decode); 66 | 67 | // Misc. 68 | BOOL IsProcessLoaded(); 69 | void SuspendAllThreads(); 70 | void ResumeAllThreads(); 71 | DWORD_PTR GetCpuBaseAddr(); 72 | void InvalidateGui(); 73 | 74 | #endif // _PLUGIN_H_ 75 | -------------------------------------------------------------------------------- /plugin_odbg_v1.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #if defined(TARGET_ODBG) 4 | #include "plugin_ollydbg.h" 5 | #elif defined(TARGET_IMMDBG) 6 | #include "plugin_immdbg.h" 7 | #else 8 | #error Unknown target 9 | #endif 10 | 11 | extern HWND hwollymain; 12 | 13 | #define COMMAND_MAX_LEN TEXTLEN 14 | #define MODULE_MAX_LEN (SHORTLEN+1) 15 | #define LABEL_MAX_LEN TEXTLEN 16 | #define COMMENT_MAX_LEN TEXTLEN 17 | 18 | #ifndef JT_CALL 19 | #define JT_CALL 3 // Local (intramodular) call 20 | #endif // JT_CALL 21 | 22 | // v1 -> v2 helper 23 | typedef t_jdest t_jmp; 24 | 25 | typedef t_module *PLUGIN_MODULE; 26 | typedef t_memory *PLUGIN_MEMORY; 27 | -------------------------------------------------------------------------------- /plugin_odbg_v2.c: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "plugin.h" 3 | 4 | // Config functions 5 | 6 | BOOL MyGetintfromini(HINSTANCE dllinst, TCHAR *key, int *p_val, int min, int max, int def) 7 | { 8 | int val; 9 | 10 | if(!Getfromini(NULL, DEF_PLUGINNAME, key, L"%i", &val)) 11 | { 12 | *p_val = def; 13 | 14 | return FALSE; 15 | } 16 | 17 | if(min && max && (val < min || val > max)) 18 | *p_val = def; 19 | else 20 | *p_val = val; 21 | 22 | return TRUE; 23 | } 24 | 25 | BOOL MyWriteinttoini(HINSTANCE dllinst, TCHAR *key, int val) 26 | { 27 | return Writetoini(NULL, DEF_PLUGINNAME, key, L"%i", val) != 0; 28 | } 29 | 30 | int MyGetstringfromini(HINSTANCE dllinst, TCHAR *key, TCHAR *s, int length) 31 | { 32 | return Stringfromini(DEF_PLUGINNAME, key, s, length); 33 | } 34 | 35 | BOOL MyWritestringtoini(HINSTANCE dllinst, TCHAR *key, TCHAR *s) 36 | { 37 | return Writetoini(NULL, DEF_PLUGINNAME, key, L"%s", s) != 0; 38 | } 39 | 40 | // Assembler functions 41 | 42 | DWORD SimpleDisasm(BYTE *cmd, SIZE_T cmdsize, DWORD_PTR ip, BYTE *dec, BOOL bSizeOnly, 43 | TCHAR *pszResult, DWORD_PTR *jmpconst, DWORD_PTR *adrconst, DWORD_PTR *immconst) 44 | { 45 | t_disasm disasm; 46 | DWORD dwCommandSize = Disasm(cmd, cmdsize, ip, dec, &disasm, bSizeOnly ? 0 : DA_TEXT, NULL, NULL); 47 | if(disasm.errors != DAE_NOERR) 48 | return 0; 49 | 50 | if(!bSizeOnly) 51 | { 52 | lstrcpy(pszResult, disasm.result); // pszResult should have at least COMMAND_MAX_LEN chars 53 | 54 | *jmpconst = disasm.jmpaddr; 55 | 56 | if(disasm.memfixup != -1) 57 | *adrconst = *(DWORD_PTR *)(cmd + disasm.memfixup); 58 | else 59 | *adrconst = 0; 60 | 61 | if(disasm.immfixup != -1) 62 | *immconst = *(DWORD_PTR *)(cmd + disasm.immfixup); 63 | else 64 | *immconst = 0; 65 | } 66 | 67 | return dwCommandSize; 68 | } 69 | 70 | int AssembleShortest(TCHAR *lpCommand, DWORD_PTR dwAddress, BYTE *bBuffer, TCHAR *lpError) 71 | { 72 | return Assemble(lpCommand, dwAddress, bBuffer, MAXCMDSIZE, 0, lpError); 73 | } 74 | 75 | int AssembleWithGivenSize(TCHAR *lpCommand, DWORD_PTR dwAddress, int nReqSize, BYTE *bBuffer, TCHAR *lpError) 76 | { 77 | t_asmmod models[32]; 78 | int nModelsCount; 79 | int nModelIndex; 80 | int i; 81 | 82 | if(lpError) 83 | *lpError = L'\0'; 84 | 85 | nModelsCount = Assembleallforms(lpCommand, dwAddress, models, 32, 0, lpError); 86 | if(nModelsCount == 0) 87 | return 0; 88 | 89 | nModelIndex = -1; 90 | 91 | for(i=0; ibase; 179 | } 180 | 181 | SIZE_T GetModuleSize(PLUGIN_MODULE module) 182 | { 183 | return module->size; 184 | } 185 | 186 | BOOL GetModuleName(PLUGIN_MODULE module, TCHAR *pszModuleName) 187 | { 188 | lstrcpy(pszModuleName, module->modname); // Must be at least MODULE_MAX_LEN characters long 189 | return TRUE; 190 | } 191 | 192 | BOOL IsModuleWithRelocations(PLUGIN_MODULE module) 193 | { 194 | return module->relocbase != 0; 195 | } 196 | 197 | // Memory functions 198 | 199 | PLUGIN_MEMORY FindMemory(DWORD_PTR dwAddress) 200 | { 201 | return Findmemory(dwAddress); 202 | } 203 | 204 | DWORD_PTR GetMemoryBase(PLUGIN_MEMORY mem) 205 | { 206 | return mem->base; 207 | } 208 | 209 | SIZE_T GetMemorySize(PLUGIN_MEMORY mem) 210 | { 211 | return mem->size; 212 | } 213 | 214 | void EnsureMemoryBackup(PLUGIN_MEMORY mem) 215 | { 216 | Ensurememorybackup(mem, 0); 217 | } 218 | 219 | // Analysis functions 220 | 221 | BYTE *FindDecode(DWORD_PTR addr, SIZE_T *psize) 222 | { 223 | return Finddecode(addr, psize); 224 | } 225 | 226 | int DecodeGetType(BYTE decode) 227 | { 228 | switch(decode & DEC_TYPEMASK) 229 | { 230 | // Unknown 231 | case DEC_UNKNOWN: 232 | default: 233 | return DECODE_UNKNOWN; 234 | 235 | // Supported data 236 | case DEC_FILLDATA: 237 | case DEC_INT: 238 | case DEC_SWITCH: 239 | case DEC_DATA: 240 | case DEC_DB: 241 | case DEC_DUMP: 242 | case DEC_FLOAT: 243 | case DEC_GUID: 244 | case DEC_FILLING: 245 | return DECODE_DATA; 246 | 247 | // Command 248 | case DEC_COMMAND: 249 | case DEC_JMPDEST: 250 | case DEC_CALLDEST: 251 | return DECODE_COMMAND; 252 | 253 | // Ascii 254 | case DEC_ASCII: 255 | case DEC_ASCCNT: 256 | return DECODE_ASCII; 257 | 258 | // Unicode 259 | case DEC_UNICODE: 260 | case DEC_UNICNT: 261 | return DECODE_UNICODE; 262 | } 263 | } 264 | 265 | // Misc. 266 | 267 | BOOL IsProcessLoaded() 268 | { 269 | return run.status != STAT_IDLE; 270 | } 271 | 272 | void SuspendAllThreads() 273 | { 274 | Suspendallthreads(); 275 | } 276 | 277 | void ResumeAllThreads() 278 | { 279 | Resumeallthreads(); 280 | } 281 | 282 | DWORD_PTR GetCpuBaseAddr() 283 | { 284 | t_dump *td = Getcpudisasmdump(); 285 | if(!td) 286 | return 0; 287 | 288 | return td->base; 289 | } 290 | 291 | void InvalidateGui() 292 | { 293 | // Not needed 294 | } 295 | -------------------------------------------------------------------------------- /plugin_odbg_v2.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "plugin_ollydbg2.h" 4 | 5 | #define COMMAND_MAX_LEN TEXTLEN 6 | #define MODULE_MAX_LEN SHORTNAME 7 | #define LABEL_MAX_LEN TEXTLEN 8 | #define COMMENT_MAX_LEN TEXTLEN 9 | 10 | typedef t_module *PLUGIN_MODULE; 11 | typedef t_memory *PLUGIN_MEMORY; 12 | -------------------------------------------------------------------------------- /plugin_x64dbg.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "x64dbg_pluginsdk/_plugins.h" 4 | 5 | extern HWND hwollymain; 6 | 7 | #define COMMAND_MAX_LEN (MAX_MNEMONIC_SIZE*4) 8 | #define MODULE_MAX_LEN MAX_MODULE_SIZE 9 | #define LABEL_MAX_LEN MAX_LABEL_SIZE 10 | #define COMMENT_MAX_LEN MAX_COMMENT_SIZE 11 | 12 | #define MAXCMDSIZE 16 13 | 14 | typedef void *PLUGIN_MODULE; 15 | typedef void *PLUGIN_MEMORY; 16 | -------------------------------------------------------------------------------- /pointer_redirection.c: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "pointer_redirection.h" 3 | 4 | static void PatchPtr(void **ppAddress, void *pPtr) 5 | { 6 | DWORD dwOldProtect, dwOtherProtect; 7 | 8 | VirtualProtect(ppAddress, sizeof(void *), PAGE_EXECUTE_READWRITE, &dwOldProtect); 9 | *ppAddress = pPtr; 10 | VirtualProtect(ppAddress, sizeof(void *), dwOldProtect, &dwOtherProtect); 11 | } 12 | 13 | void PointerRedirectionAdd(void **pp, void *pNew, POINTER_REDIRECTION *ppr) 14 | { 15 | PatchPtr(&ppr->pOriginalAddress, *pp); 16 | PatchPtr(&ppr->pRedirectionAddress, pNew); 17 | 18 | PatchPtr(pp, &ppr->bAsmCommand); 19 | } 20 | 21 | void PointerRedirectionRemove(void **pp, POINTER_REDIRECTION *ppr) 22 | { 23 | POINTER_REDIRECTION *pprTemp; 24 | 25 | if(*pp != ppr->bAsmCommand) 26 | { 27 | pprTemp = (POINTER_REDIRECTION *)((BYTE *)*pp - offsetof(POINTER_REDIRECTION, bAsmCommand)); 28 | while(pprTemp->pOriginalAddress != ppr->bAsmCommand) 29 | pprTemp = (POINTER_REDIRECTION *)((BYTE *)pprTemp->pOriginalAddress - offsetof(POINTER_REDIRECTION, bAsmCommand)); 30 | 31 | PatchPtr(&pprTemp->pOriginalAddress, ppr->pOriginalAddress); 32 | } 33 | else 34 | PatchPtr(pp, ppr->pOriginalAddress); 35 | } 36 | 37 | void *PointerRedirectionGetOriginalPtr(void **pp) 38 | { 39 | void *p = *pp; 40 | 41 | for(;;) 42 | { 43 | const BYTE *pCompare = POINTER_REDIRECTION_ASM_COMMAND POINTER_REDIRECTION_SIGNATURE; 44 | int nCompareLen = sizeof(POINTER_REDIRECTION_ASM_COMMAND POINTER_REDIRECTION_SIGNATURE) - 1; 45 | BYTE *pByte = p; 46 | 47 | for(int i = 0; i < nCompareLen; i++) 48 | { 49 | if(pByte[i] != pCompare[i]) 50 | return p; 51 | } 52 | 53 | POINTER_REDIRECTION *pprTemp = (POINTER_REDIRECTION *)(pByte - offsetof(POINTER_REDIRECTION, bAsmCommand)); 54 | p = pprTemp->pOriginalAddress; 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /pointer_redirection.h: -------------------------------------------------------------------------------- 1 | #ifndef _POINTER_REDIRECTION_H_ 2 | #define _POINTER_REDIRECTION_H_ 3 | 4 | #ifdef _WIN64 5 | #define POINTER_REDIRECTION_ASM_COMMAND "\xFF\x25\xF2\xFF\xFF\xFF" 6 | #else 7 | #define POINTER_REDIRECTION_ASM_COMMAND "\xE8\x00\x00\x00\x00\x58\xFF\x60\xF7" 8 | #endif 9 | 10 | #define POINTER_REDIRECTION_SIGNATURE "ptr_redr" 11 | 12 | typedef struct { 13 | void *pOriginalAddress; 14 | void *pRedirectionAddress; 15 | BYTE bAsmCommand[sizeof(POINTER_REDIRECTION_ASM_COMMAND) - 1]; 16 | BYTE bSignature[sizeof(POINTER_REDIRECTION_SIGNATURE) - 1]; 17 | } POINTER_REDIRECTION; 18 | 19 | #define POINTER_REDIRECTION_VAR(var) \ 20 | __pragma(code_seg(push, stack1, ".text")) \ 21 | __declspec(allocate(".text")) var = \ 22 | { DebugBreak, DebugBreak, POINTER_REDIRECTION_ASM_COMMAND, POINTER_REDIRECTION_SIGNATURE }; \ 23 | __pragma(code_seg(pop, stack1)) 24 | 25 | void PointerRedirectionAdd(void **pp, void *pNew, POINTER_REDIRECTION *ppr); 26 | void PointerRedirectionRemove(void **pp, POINTER_REDIRECTION *ppr); 27 | void *PointerRedirectionGetOriginalPtr(void **pp); 28 | 29 | #endif // _POINTER_REDIRECTION_H_ 30 | -------------------------------------------------------------------------------- /raeditlib/RAEdit.Rc: -------------------------------------------------------------------------------- 1 | #include "Res/RAEditRes.rc" 2 | -------------------------------------------------------------------------------- /raeditlib/RAEdit.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/raeditlib/RAEdit.lib -------------------------------------------------------------------------------- /raeditlib/RAEditC64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/raeditlib/RAEditC64.lib -------------------------------------------------------------------------------- /raeditlib/Res/Bookmark.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/raeditlib/Res/Bookmark.bmp -------------------------------------------------------------------------------- /raeditlib/Res/Button.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/raeditlib/Res/Button.bmp -------------------------------------------------------------------------------- /raeditlib/Res/Collapse.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/raeditlib/Res/Collapse.bmp -------------------------------------------------------------------------------- /raeditlib/Res/Expand.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/raeditlib/Res/Expand.bmp -------------------------------------------------------------------------------- /raeditlib/Res/Linenumber.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/raeditlib/Res/Linenumber.bmp -------------------------------------------------------------------------------- /raeditlib/Res/Lock.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/raeditlib/Res/Lock.bmp -------------------------------------------------------------------------------- /raeditlib/Res/RAEditRes.rc: -------------------------------------------------------------------------------- 1 | #define IDB_RAEDITBUTTON 100 2 | #define IDC_HSPLITTCUR 101 3 | #define IDB_BOOKMARK 102 4 | #define IDC_SELECTCUR 103 5 | #define IDB_LINENUMBER 104 6 | #define IDB_EXPAND 105 7 | #define IDB_COLLAPSE 106 8 | #define IDB_LOCK 107 9 | 10 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_NEU) 11 | LANGUAGE 0x00, 0x00 // LANG_NEUTRAL, SUBLANG_NEUTRAL 12 | #pragma code_page(1251) 13 | IDB_RAEDITBUTTON BITMAP DISCARDABLE "Res/Button.bmp" 14 | IDC_HSPLITTCUR CURSOR DISCARDABLE "Res/SplitH.cur" 15 | IDB_BOOKMARK BITMAP DISCARDABLE "Res/Bookmark.bmp" 16 | IDC_SELECTCUR CURSOR DISCARDABLE "Res/Select.cur" 17 | IDB_LINENUMBER BITMAP DISCARDABLE "Res/Linenumber.bmp" 18 | IDB_EXPAND BITMAP DISCARDABLE "Res/Expand.bmp" 19 | IDB_COLLAPSE BITMAP DISCARDABLE "Res/Collapse.bmp" 20 | IDB_LOCK BITMAP DISCARDABLE "Res/Lock.bmp" 21 | #endif // Neutral resources 22 | -------------------------------------------------------------------------------- /raeditlib/Res/Select.cur: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/raeditlib/Res/Select.cur -------------------------------------------------------------------------------- /raeditlib/Res/SplitH.cur: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/raeditlib/Res/SplitH.cur -------------------------------------------------------------------------------- /raeditlib/masm32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/raeditlib/masm32.lib -------------------------------------------------------------------------------- /read_asm.h: -------------------------------------------------------------------------------- 1 | #ifndef _READ_ASM_H_ 2 | #define _READ_ASM_H_ 3 | 4 | #include "options_def.h" 5 | #include "plugin.h" 6 | 7 | // linked list of commands 8 | 9 | typedef struct _disasm_cmd_node { 10 | struct _disasm_cmd_node *next; 11 | DWORD_PTR dwAddress; 12 | TCHAR *lpCommand; 13 | DWORD_PTR dwConst[3]; 14 | TCHAR *lpComment; 15 | TCHAR *lpLabel; 16 | } DISASM_CMD_NODE; 17 | 18 | typedef struct _disasm_cmd_head { 19 | DISASM_CMD_NODE *next; 20 | DISASM_CMD_NODE *last; 21 | } DISASM_CMD_HEAD; 22 | 23 | // functions 24 | 25 | TCHAR *ReadAsm(DWORD_PTR dwAddress, SIZE_T nSize, TCHAR *pLabelPrefix, TCHAR *lpError); 26 | 27 | // 1 28 | static BOOL ProcessCode(DWORD_PTR dwAddress, SIZE_T nSize, BYTE *pCode, DISASM_CMD_HEAD *p_dasm_head, TCHAR *lpError); 29 | static DWORD ProcessCommand(BYTE *pCode, SIZE_T nSize, DWORD_PTR dwAddress, BYTE *bDecode, DISASM_CMD_HEAD *p_dasm_head, TCHAR *lpError); 30 | static DWORD ProcessData(BYTE *pCode, SIZE_T nSize, DWORD_PTR dwAddress, 31 | BYTE *bDecode, int nCommandType, DISASM_CMD_HEAD *p_dasm_head, TCHAR *lpError); 32 | static BOOL ValidateUnicode(BYTE *p, DWORD dwSize, DWORD *pdwTextSize, BOOL *pbReadAsBinary); 33 | static BOOL ValidateAscii(BYTE *p, DWORD dwSize, DWORD *pdwTextSize, BOOL *pbReadAsBinary); 34 | static void ConvertUnicodeToText(BYTE *p, DWORD dwSize, BOOL bAsBinary, TCHAR *pText); 35 | static void ConvertAsciiToText(BYTE *p, DWORD dwSize, BOOL bAsBinary, TCHAR *pText); 36 | 37 | // 2 38 | static void MarkLabels(DWORD_PTR dwAddress, SIZE_T nSize, BYTE *pCode, DISASM_CMD_HEAD *p_dasm_head); 39 | static BOOL ProcessExternalCode(DWORD_PTR dwAddress, SIZE_T nSize, PLUGIN_MODULE module, 40 | BYTE *pCode, DISASM_CMD_HEAD *p_dasm_head, TCHAR *lpError); 41 | static BOOL AddExternalCode(DWORD_PTR dwAddress, DWORD_PTR dwCodeBase, SIZE_T nCodeSize, 42 | DISASM_CMD_HEAD *p_dasm_head, BOOL *pbAdded, TCHAR *lpError); 43 | static BOOL CreateAndSetLabels(DWORD_PTR dwAddress, SIZE_T nSize, 44 | BYTE *pCode, DISASM_CMD_HEAD *p_dasm_head, TCHAR *pLabelPrefix, TCHAR *lpError); 45 | static BOOL IsValidLabel(TCHAR *lpLabel, DISASM_CMD_HEAD *p_dasm_head, DISASM_CMD_NODE *dasm_cmd_target); 46 | static BOOL SetRVAAddresses(DWORD_PTR dwAddress, SIZE_T nSize, PLUGIN_MODULE module, DISASM_CMD_HEAD *p_dasm_head, TCHAR *lpError); 47 | 48 | // 3 49 | static TCHAR *MakeText(DWORD_PTR dwAddress, PLUGIN_MODULE module, DISASM_CMD_HEAD *p_dasm_head, TCHAR *lpError); 50 | static SIZE_T CopyCommand(TCHAR *pBuffer, TCHAR *pCommand, int hex_option); 51 | 52 | // Helper functions 53 | static int MakeRVAText(TCHAR szText[1 + MODULE_MAX_LEN + 2 + 1], PLUGIN_MODULE module); 54 | static BOOL ReplaceAddressWithText(TCHAR **ppCommand, DWORD_PTR dwAddress, TCHAR *lpText, TCHAR *lpError); 55 | static TCHAR *SkipCommandName(TCHAR *p); 56 | static SIZE_T DWORDPtrToString(TCHAR szString[2 + sizeof(DWORD_PTR) * 2 + 1], DWORD_PTR dw, BOOL bAddress, int hex_option); 57 | 58 | // Cleanup 59 | static void FreeDisasmCmdList(DISASM_CMD_HEAD *p_dasm_head); 60 | 61 | #endif // _READ_ASM_H_ 62 | -------------------------------------------------------------------------------- /resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by rsrc.rc 4 | // 5 | #define IDI_MAIN 108 6 | #define IDD_MAIN 109 7 | #define IDR_MAINACCELERATOR 110 8 | #define IDR_RIGHTCLICK 111 9 | #define IDD_OPTIONS 112 10 | #define IDB_X64DBG_ICON 113 11 | #define IDC_TABS 1001 12 | #define IDC_ASSEMBLER 1002 13 | #define IDC_CLOSE 1003 14 | #define IDC_DISASM_RVA 1004 15 | #define IDC_DISASM_RVA_RELOCONLY 1005 16 | #define IDC_DISASM_LABEL 1006 17 | #define IDC_DISASM_EXTJMP 1007 18 | #define IDC_DISASM_HEX 1008 19 | #define IDC_DISASM_LABELGEN 1009 20 | #define IDC_ASM_COMMENTS 1010 21 | #define IDC_ASM_LABELS 1011 22 | #define IDC_EDIT_SAVEPOS 1012 23 | #define IDC_EDIT_TABWIDTH 1013 24 | #define ID_RCM_UNDO 40001 25 | #define ID_RCM_REDO 40002 26 | #define ID_RCM_CUT 40003 27 | #define ID_RCM_COPY 40004 28 | #define ID_RCM_PASTE 40005 29 | #define ID_RCM_DELETE 40006 30 | #define ID_RCM_SELECTALL 40007 31 | #define ID_TABMENU_NEWTAB 40008 32 | #define ID_TABMENU_RENAME 40009 33 | #define ID_TABMENU_CLOSE 40010 34 | #define ID_TABMENU_LOADFROMFILE 40011 35 | #define ID_TABMENU_SAVETOFILE 40012 36 | #define ID_TABSTRIPMENU_CLOSEALLTABS 40013 37 | #define ID_ACCEL_PREVTAB 40014 38 | #define ID_ACCEL_NEXTTAB 40015 39 | #define ID_ACCEL_FINDWND 40016 40 | #define ID_ACCEL_REPLACEWND 40017 41 | #define ID_ACCEL_FINDNEXT 40018 42 | #define ID_ACCEL_FINDPREV 40019 43 | #define ID_ACCEL_FOCUS_OLLYDBG 40020 44 | #define ID_ACCEL_BLOCK_MODE 40021 45 | 46 | // Next default values for new objects 47 | // 48 | #ifdef APSTUDIO_INVOKED 49 | #ifndef APSTUDIO_READONLY_SYMBOLS 50 | #define _APS_NEXT_RESOURCE_VALUE 114 51 | #define _APS_NEXT_COMMAND_VALUE 40022 52 | #define _APS_NEXT_CONTROL_VALUE 1014 53 | #define _APS_NEXT_SYMED_VALUE 101 54 | #endif 55 | #endif 56 | -------------------------------------------------------------------------------- /rsrc_files/icon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/rsrc_files/icon.ico -------------------------------------------------------------------------------- /rsrc_files/icon_x64dbg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/rsrc_files/icon_x64dbg.png -------------------------------------------------------------------------------- /screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/screenshot.png -------------------------------------------------------------------------------- /stdafx.c: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | -------------------------------------------------------------------------------- /stdafx.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | -------------------------------------------------------------------------------- /tabctrl_ex.h: -------------------------------------------------------------------------------- 1 | #ifndef _TABCTRL_EX_H_ 2 | #define _TABCTRL_EX_H_ 3 | 4 | // Config 5 | #include "assembler_dlg.h" 6 | 7 | #define TABCTRL_EX_EXTRABYTES sizeof(TCITEM_EXTRA) 8 | #define TABCTRL_EX_TEXTMAXBUFF MAX_PATH 9 | 10 | // Flags 11 | #define TCF_EX_REORDER 0x01 12 | #define TCF_EX_LABLEEDIT 0x02 13 | #define TCF_EX_REDUCEFLICKER 0x04 14 | #define TCF_EX_MBUTTONNOFOCUS 0x08 15 | 16 | // Messages 17 | #define TCM_EX_EDITLABEL WM_APP 18 | #define TabCtrl_Ex_EditLabel(hwnd, nTextLimit) \ 19 | (HWND)SNDMSG((hwnd), TCM_EX_EDITLABEL, (WPARAM)(int)(nTextLimit), 0L) 20 | 21 | #define TCM_EX_GETEDITCONTROL (WM_APP+1) 22 | #define TabCtrl_Ex_GetEditControl(hwnd) \ 23 | (HWND)SNDMSG((hwnd), TCM_EX_GETEDITCONTROL, 0L, 0L) 24 | 25 | #define TCM_EX_ENDEDITLABELNOW (WM_APP+2) 26 | #define TabCtrl_Ex_EndEditLabelNow(hwnd, fCancel) \ 27 | (BOOL)SNDMSG((hwnd), TCM_EX_ENDEDITLABELNOW, (WPARAM)(BOOL)(fCancel), 0L) 28 | 29 | // Notifications 30 | #define TCN_EX_DRAGDROP 0 // wParam: (int)nDragFromId, lParam: (int)nDropToId 31 | #define TCN_EX_BEGINLABELEDIT 1 // wParam/lParam: 0, Return: TRUE to cancel, FALSE to proceed 32 | #define TCN_EX_ENDLABELEDIT 2 // wParam: 0, lParam: (TCHAR *)pszEditedText, Return: TRUE to proceed, FALSE to cancel 33 | #define TCN_EX_DBLCLK 3 // wParam/lParam: see WM_LBUTTONDBLCLK 34 | #define TCN_EX_MCLICK 4 // wParam/lParam: see WM_MBUTTONUP 35 | #define TCN_EX_CONTEXTMENU 5 // wParam/lParam: see WM_CONTEXTMENU 36 | 37 | // Structures 38 | typedef struct tagTABCTRL_EX_PROP { 39 | DWORD dwFlags; 40 | UINT uUserNotifyMsg; 41 | WNDPROC pOldTabCtrlProc; 42 | DWORD dwStyle; 43 | 44 | // Reordering 45 | BOOL bDragging; 46 | int nDragFromId; 47 | HWND hScrollUpDownWnd; 48 | DWORD dwLastScrollTime; 49 | } TABCTRL_EX_PROP, *LPTABCTRL_EX_PROP; 50 | 51 | typedef struct tagUNMTABCTRLEX { 52 | NMHDR hdr; 53 | WPARAM wParam; 54 | LPARAM lParam; 55 | } UNMTABCTRLEX, *LPUNMTABCTRLEX; 56 | 57 | // In case these aren't defined yet 58 | #ifndef GET_X_LPARAM 59 | #define GET_X_LPARAM(lParam) ((int)(short)LOWORD(lParam)) 60 | #endif 61 | #ifndef GET_Y_LPARAM 62 | #define GET_Y_LPARAM(lParam) ((int)(short)HIWORD(lParam)) 63 | #endif 64 | 65 | // Functions 66 | BOOL TabCtrlExInit(HWND hTabCtrlWnd, DWORD dwFlags, UINT uUserNotifyMsg); 67 | BOOL TabCtrlExExit(HWND hTabCtrlWnd); 68 | DWORD TabCtrlExGetFlags(HWND hTabCtrlWnd); 69 | BOOL TabCtrlExSetFlags(HWND hTabCtrlWnd, DWORD dwFlags); 70 | static LRESULT CALLBACK TabCtrlSubclassProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam); 71 | static LRESULT SendUserNotifyMessage(HWND hTabCtrlWnd, UINT uUserNotifyMsg, UINT uCode, WPARAM wParam, LPARAM lParam); 72 | static int TabMoveToX(HWND hTabCtrlWnd, int nTabIndex, long x); 73 | static BOOL TabStripScroll(HWND hTabCtrlWnd, HWND hUpDownCtrlWnd, DWORD *pdwLastScrollTime, BOOL bScrollRight); 74 | static LRESULT CALLBACK EditCtrlSubclassProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam); 75 | static LRESULT CALLBACK EditLabelMouseProc(int nCode, WPARAM wParam, LPARAM lParam); 76 | static HWND TabEditLabel(HWND hTabCtrlWnd, int nTextLimit); 77 | static void TabApplyEditLabel(HWND hTabCtrlWnd, TCHAR *pEditedText); 78 | static void TabEndEditLabel(HWND hTabCtrlWnd, HWND hEditCtrlWnd); 79 | 80 | #endif // _TABCTRL_EX_H_ 81 | -------------------------------------------------------------------------------- /write_asm.h: -------------------------------------------------------------------------------- 1 | #ifndef _WRITE_ASM_H_ 2 | #define _WRITE_ASM_H_ 3 | 4 | #include "options_def.h" 5 | #include "plugin.h" 6 | 7 | // linked list of labels 8 | 9 | typedef struct _label_node { 10 | struct _label_node *next; 11 | DWORD_PTR dwAddress; 12 | TCHAR *lpLabel; 13 | } LABEL_NODE; 14 | 15 | typedef struct _label_head { 16 | LABEL_NODE *next; 17 | LABEL_NODE *last; 18 | } LABEL_HEAD; 19 | 20 | // linked list of commands 21 | 22 | typedef struct _cmd_node { 23 | struct _cmd_node *next; 24 | BYTE *bCode; 25 | SIZE_T nCodeSize; 26 | TCHAR *lpCommand; 27 | TCHAR *lpComment; 28 | TCHAR *lpResolvedCommandWithLabels; 29 | } CMD_NODE; 30 | 31 | typedef struct _cmd_head { 32 | CMD_NODE *next; 33 | CMD_NODE *last; 34 | } CMD_HEAD; 35 | 36 | // linked list of anonymous labels 37 | 38 | typedef struct _anon_label_node { 39 | struct _anon_label_node *next; 40 | DWORD_PTR dwAddress; 41 | } ANON_LABEL_NODE; 42 | 43 | typedef struct _anon_label_head { 44 | ANON_LABEL_NODE *next; 45 | ANON_LABEL_NODE *last; 46 | } ANON_LABEL_HEAD; 47 | 48 | // linked list of blocks of commands 49 | 50 | typedef struct _cmd_block_node { 51 | struct _cmd_block_node *next; 52 | DWORD_PTR dwAddress; 53 | SIZE_T nSize; 54 | CMD_HEAD cmd_head; 55 | ANON_LABEL_HEAD anon_label_head; 56 | } CMD_BLOCK_NODE; 57 | 58 | typedef struct _cmd_block_head { 59 | CMD_BLOCK_NODE *next; 60 | CMD_BLOCK_NODE *last; 61 | } CMD_BLOCK_HEAD; 62 | 63 | // special commands 64 | 65 | #define SPECIAL_CMD_ALIGN 1 66 | #define SPECIAL_CMD_PAD 2 67 | 68 | // functions 69 | 70 | LONG_PTR WriteAsm(TCHAR *lpText, TCHAR *lpError); 71 | 72 | // 1 73 | static TCHAR *TextToData(LABEL_HEAD *p_label_head, CMD_BLOCK_HEAD *p_cmd_block_head, TCHAR *lpText, TCHAR *lpError); 74 | static LONG_PTR AddressToData(CMD_BLOCK_HEAD *p_cmd_block_head, CMD_BLOCK_NODE **p_cmd_block_node, 75 | DWORD_PTR *pdwAddress, DWORD_PTR *pdwEndAddress, DWORD_PTR *pdwBaseAddress, TCHAR *lpText, TCHAR *lpError); 76 | static LONG_PTR LabelToData(LABEL_HEAD *p_label_head, CMD_BLOCK_NODE *cmd_block_node, DWORD_PTR *pdwAddress, TCHAR *lpText, TCHAR *lpError); 77 | static LONG_PTR SpecialCommandToData(CMD_BLOCK_NODE *cmd_block_node, DWORD_PTR *pdwAddress, DWORD_PTR dwEndAddress, TCHAR *lpText, TCHAR *lpError); 78 | static LONG_PTR CommandToData(CMD_BLOCK_NODE *cmd_block_node, DWORD_PTR *pdwAddress, DWORD_PTR dwBaseAddress, TCHAR *lpText, TCHAR *lpError); 79 | 80 | static BOOL IsInComment(TCHAR *pchCommentChar, TCHAR *lpText, TCHAR *lpError); 81 | static LONG_PTR ParseAddress(TCHAR *lpText, DWORD_PTR *pdwAddress, DWORD_PTR *pdwEndAddress, DWORD_PTR *pdwBaseAddress, TCHAR *lpError); 82 | static BOOL NewCmdBlock(CMD_BLOCK_HEAD *p_cmd_block_head, DWORD_PTR dwAddress, TCHAR *lpError); 83 | static LONG_PTR ParseAnonLabel(TCHAR *lpText, DWORD_PTR dwAddress, ANON_LABEL_HEAD *p_anon_label_head, TCHAR *lpError); 84 | static LONG_PTR ParseLabel(TCHAR *lpText, DWORD_PTR dwAddress, LABEL_HEAD *p_label_head, DWORD_PTR *pdwPaddingSize, TCHAR *lpError); 85 | static LONG_PTR ParseAsciiString(TCHAR *lpText, CMD_HEAD *p_cmd_head, SIZE_T *pnSizeInBytes, TCHAR *lpError); 86 | static LONG_PTR ParseUnicodeString(TCHAR *lpText, CMD_HEAD *p_cmd_head, SIZE_T *pnSizeInBytes, TCHAR *lpError); 87 | static LONG_PTR ParseCommand(TCHAR *lpText, DWORD_PTR dwAddress, DWORD_PTR dwBaseAddress, CMD_HEAD *p_cmd_head, SIZE_T *pnSizeInBytes, TCHAR *lpError); 88 | static LONG_PTR ResolveCommand(TCHAR *lpCommand, DWORD_PTR dwBaseAddress, TCHAR **ppNewCommand, TCHAR **ppComment, TCHAR *lpError); 89 | static LONG_PTR ReplaceLabelsWithFooAddress(TCHAR *lpCommand, DWORD_PTR dwCommandAddress, UINT nDeltaSize, TCHAR **ppNewCommand, TCHAR *lpError); 90 | static LONG_PTR ParseSpecialCommand(TCHAR *lpText, UINT *pnSpecialCmd, TCHAR *lpError); 91 | static LONG_PTR ParseAlignSpecialCommand(TCHAR *lpText, LONG_PTR nArgsOffset, DWORD_PTR dwAddress, DWORD_PTR *pdwPaddingSize, TCHAR *lpError); 92 | static LONG_PTR ParsePadSpecialCommand(TCHAR *lpText, LONG_PTR nArgsOffset, BYTE *pbPaddingByteValue, TCHAR *lpError); 93 | static BOOL GetAlignPaddingSize(DWORD_PTR dwAddress, DWORD_PTR dwAlignValue, DWORD_PTR *pdwPaddingSize, TCHAR *lpError); 94 | static BOOL InsertBytes(TCHAR *lpText, SIZE_T nBytesCount, BYTE bByteValue, CMD_HEAD *p_cmd_head, TCHAR *lpError); 95 | 96 | static LONG_PTR ParseRVAAddress(TCHAR *lpText, DWORD_PTR *pdwAddress, DWORD_PTR dwParentBaseAddress, DWORD_PTR *pdwBaseAddress, TCHAR *lpError); 97 | static LONG_PTR ParseDWORDPtr(TCHAR *lpText, DWORD_PTR *pdw, TCHAR *lpError); 98 | 99 | // 2 100 | static TCHAR *ReplaceLabelsInCommands(LABEL_HEAD *p_label_head, CMD_BLOCK_HEAD *p_cmd_block_head, TCHAR *lpError); 101 | static LONG_PTR ReplaceLabelsFromList(TCHAR *lpCommand, DWORD_PTR dwPrevAnonAddr, DWORD_PTR dwNextAnonAddr, 102 | LABEL_HEAD *p_label_head, TCHAR **ppNewCommand, TCHAR *lpError); 103 | 104 | // 3 105 | static TCHAR *PatchCommands(CMD_BLOCK_HEAD *p_cmd_block_head, TCHAR *lpError); 106 | static TCHAR *SetComments(CMD_BLOCK_HEAD *p_cmd_block_head, TCHAR *lpError); 107 | static TCHAR *SetLabels(LABEL_HEAD *p_label_head, CMD_BLOCK_HEAD *p_cmd_block_head, TCHAR *lpError); 108 | 109 | // Helper functions 110 | static BOOL ReplaceTextsWithAddresses(TCHAR *lpCommand, TCHAR **ppNewCommand, 111 | int text_count, LONG_PTR text_start[4], LONG_PTR text_end[4], DWORD_PTR dwAddress[4], TCHAR *lpError); 112 | static LONG_PTR ReplacedTextCorrectErrorSpot(TCHAR *lpCommand, TCHAR *lpReplacedCommand, LONG_PTR result); 113 | static TCHAR *NullTerminateLine(TCHAR *p); 114 | static TCHAR *SkipSpaces(TCHAR *p); 115 | static TCHAR *SkipDWORD(TCHAR *p); 116 | static TCHAR *SkipLabel(TCHAR *p); 117 | static TCHAR *SkipRVAAddress(TCHAR *p); 118 | static BOOL IsDWORDPtrPowerOfTwo(DWORD_PTR dw); 119 | 120 | // Cleanup function 121 | static void FreeLabelList(LABEL_HEAD *p_label_head); 122 | static void FreeCmdBlockList(CMD_BLOCK_HEAD *p_cmd_block_head); 123 | static void FreeCmdList(CMD_HEAD *p_cmd_head); 124 | static void FreeAnonLabelList(ANON_LABEL_HEAD *p_anon_label_head); 125 | 126 | #endif // _WRITE_ASM_H_ 127 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/DeviceNameResolver/DeviceNameResolver.h: -------------------------------------------------------------------------------- 1 | #ifndef _DEVICENAMERESOLVER_H 2 | #define _DEVICENAMERESOLVER_H 3 | 4 | #include 5 | 6 | #ifdef __cplusplus 7 | extern "C" 8 | { 9 | #endif 10 | 11 | __declspec(dllexport) bool DevicePathToPathW(const wchar_t* szDevicePath, wchar_t* szPath, size_t nSizeInChars); 12 | __declspec(dllexport) bool DevicePathToPathA(const char* szDevicePath, char* szPath, size_t nSizeInChars); 13 | __declspec(dllexport) bool DevicePathFromFileHandleW(HANDLE hFile, wchar_t* szDevicePath, size_t nSizeInChars); 14 | __declspec(dllexport) bool DevicePathFromFileHandleA(HANDLE hFile, char* szDevicePath, size_t nSizeInChars); 15 | __declspec(dllexport) bool PathFromFileHandleW(HANDLE hFile, wchar_t* szPath, size_t nSizeInChars); 16 | __declspec(dllexport) bool PathFromFileHandleA(HANDLE hFile, char* szPath, size_t nSizeInChars); 17 | 18 | #ifdef __cplusplus 19 | } 20 | #endif 21 | 22 | #endif // _DEVICENAMERESOLVER_H 23 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/TitanEngine/TitanEngine_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/TitanEngine/TitanEngine_x64.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/TitanEngine/TitanEngine_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/TitanEngine/TitanEngine_x64.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/TitanEngine/TitanEngine_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/TitanEngine/TitanEngine_x86.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/TitanEngine/TitanEngine_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/TitanEngine/TitanEngine_x86.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/XEDParse/XEDParse.h: -------------------------------------------------------------------------------- 1 | #ifndef _XEDPARSE_H 2 | #define _XEDPARSE_H 3 | 4 | #include 5 | 6 | //XEDParse defines 7 | #ifdef XEDPARSE_BUILD 8 | #define XEDPARSE_EXPORT __declspec(dllexport) 9 | #else 10 | #define XEDPARSE_EXPORT __declspec(dllimport) 11 | #endif //XEDPARSE_BUILD 12 | 13 | #define XEDPARSE_CALL //calling convention 14 | 15 | #define XEDPARSE_MAXBUFSIZE 256 16 | #define XEDPARSE_MAXASMSIZE 16 17 | 18 | //typedefs 19 | typedef bool (XEDPARSE_CALL* CBXEDPARSE_UNKNOWN)(const char* text, ULONGLONG* value); 20 | 21 | //XEDParse enums 22 | enum XEDPARSE_STATUS 23 | { 24 | XEDPARSE_ERROR = 0, 25 | XEDPARSE_OK = 1 26 | }; 27 | 28 | //XEDParse structs 29 | #pragma pack(push,8) 30 | struct XEDPARSE 31 | { 32 | bool x64; // use 64-bit instructions 33 | ULONGLONG cip; //instruction pointer (for relative addressing) 34 | unsigned int dest_size; //destination size (returned by XEDParse) 35 | CBXEDPARSE_UNKNOWN cbUnknown; //unknown operand callback 36 | unsigned char dest[XEDPARSE_MAXASMSIZE]; //destination buffer 37 | char instr[XEDPARSE_MAXBUFSIZE]; //instruction text 38 | char error[XEDPARSE_MAXBUFSIZE]; //error text (in case of an error) 39 | }; 40 | #pragma pack(pop) 41 | 42 | #ifdef __cplusplus 43 | extern "C" 44 | { 45 | #endif 46 | 47 | XEDPARSE_EXPORT XEDPARSE_STATUS XEDPARSE_CALL XEDParseAssemble(XEDPARSE* XEDParse); 48 | 49 | #ifdef __cplusplus 50 | } 51 | #endif 52 | 53 | #endif // _XEDPARSE_H 54 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/XEDParse/XEDParse_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/XEDParse/XEDParse_x64.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/XEDParse/XEDParse_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/XEDParse/XEDParse_x64.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/XEDParse/XEDParse_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/XEDParse/XEDParse_x86.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/XEDParse/XEDParse_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/XEDParse/XEDParse_x86.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_plugin_types.h: -------------------------------------------------------------------------------- 1 | #ifndef _PLUGIN_DATA_H 2 | #define _PLUGIN_DATA_H 3 | 4 | #ifdef BUILD_DBG 5 | 6 | #include "_global.h" 7 | 8 | #else 9 | 10 | #ifdef __GNUC__ 11 | #include "dbghelp/dbghelp.h" 12 | #else 13 | #include 14 | #endif // __GNUC__ 15 | 16 | #ifndef deflen 17 | #define deflen 1024 18 | #endif // deflen 19 | 20 | #include "bridgemain.h" 21 | #include "_dbgfunctions.h" 22 | #include "jansson/jansson.h" 23 | 24 | #endif // BUILD_DBG 25 | 26 | #endif // _PLUGIN_DATA_H 27 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPT_API_H 2 | #define _SCRIPT_API_H 3 | 4 | #include "_plugins.h" 5 | 6 | #define SCRIPT_EXPORT PLUG_IMPEXP 7 | 8 | #endif //_SCRIPT_API_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_argument.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_ARGUMENT_H 2 | #define _SCRIPTAPI_ARGUMENT_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Argument 9 | { 10 | struct ArgumentInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rvaStart; 14 | duint rvaEnd; 15 | bool manual; 16 | duint instructioncount; 17 | }; 18 | 19 | SCRIPT_EXPORT bool Add(duint start, duint end, bool manual, duint instructionCount = 0); 20 | SCRIPT_EXPORT bool Add(const ArgumentInfo* info); 21 | SCRIPT_EXPORT bool Get(duint addr, duint* start = nullptr, duint* end = nullptr, duint* instructionCount = nullptr); 22 | SCRIPT_EXPORT bool GetInfo(duint addr, ArgumentInfo* info); 23 | SCRIPT_EXPORT bool Overlaps(duint start, duint end); 24 | SCRIPT_EXPORT bool Delete(duint address); 25 | SCRIPT_EXPORT void DeleteRange(duint start, duint end, bool deleteManual = false); 26 | SCRIPT_EXPORT void Clear(); 27 | SCRIPT_EXPORT bool GetList(ListOf(ArgumentInfo) list); //caller has the responsibility to free the list 28 | }; //Argument 29 | }; //Script 30 | 31 | #endif //_SCRIPTAPI_ARGUMENT_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_assembler.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_ASSEMBLER_H 2 | #define _SCRIPTAPI_ASSEMBLER_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Assembler 9 | { 10 | SCRIPT_EXPORT bool Assemble(duint addr, unsigned char* dest, int* size, const char* instruction); //dest[16] 11 | SCRIPT_EXPORT bool AssembleEx(duint addr, unsigned char* dest, int* size, const char* instruction, char* error); //dest[16], error[MAX_ERROR_SIZE] 12 | SCRIPT_EXPORT bool AssembleMem(duint addr, const char* instruction); 13 | SCRIPT_EXPORT bool AssembleMemEx(duint addr, const char* instruction, int* size, char* error, bool fillnop); //error[MAX_ERROR_SIZE] 14 | }; //Assembler 15 | }; //Script 16 | 17 | #endif //_SCRIPTAPI_ASSEMBLER_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_bookmark.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_BOOKMARK_H 2 | #define _SCRIPTAPI_BOOKMARK_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Bookmark 9 | { 10 | struct BookmarkInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rva; 14 | bool manual; 15 | }; 16 | 17 | SCRIPT_EXPORT bool Set(duint addr, bool manual = false); 18 | SCRIPT_EXPORT bool Set(const BookmarkInfo* info); 19 | SCRIPT_EXPORT bool Get(duint addr); 20 | SCRIPT_EXPORT bool GetInfo(duint addr, BookmarkInfo* info); 21 | SCRIPT_EXPORT bool Delete(duint addr); 22 | SCRIPT_EXPORT void DeleteRange(duint start, duint end); 23 | SCRIPT_EXPORT void Clear(); 24 | SCRIPT_EXPORT bool GetList(ListOf(BookmarkInfo) list); //caller has the responsibility to free the list 25 | }; //Bookmark 26 | }; //Script 27 | 28 | #endif //_SCRIPTAPI_BOOKMARK_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_comment.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_COMMENT_H 2 | #define _SCRIPTAPI_COMMENT_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Comment 9 | { 10 | struct CommentInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rva; 14 | char text[MAX_LABEL_SIZE]; 15 | bool manual; 16 | }; 17 | 18 | SCRIPT_EXPORT bool Set(duint addr, const char* text, bool manual = false); 19 | SCRIPT_EXPORT bool Set(const CommentInfo* info); 20 | SCRIPT_EXPORT bool Get(duint addr, char* text); //text[MAX_COMMENT_SIZE] 21 | SCRIPT_EXPORT bool GetInfo(duint addr, CommentInfo* info); 22 | SCRIPT_EXPORT bool Delete(duint addr); 23 | SCRIPT_EXPORT void DeleteRange(duint start, duint end); 24 | SCRIPT_EXPORT void Clear(); 25 | SCRIPT_EXPORT bool GetList(ListOf(CommentInfo) list); //caller has the responsibility to free the list 26 | }; //Comment 27 | }; //Script 28 | 29 | #endif //_SCRIPTAPI_COMMENT_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_debug.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_DEBUG_H 2 | #define _SCRIPTAPI_DEBUG_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Debug 9 | { 10 | enum HardwareType 11 | { 12 | HardwareAccess, 13 | HardwareWrite, 14 | HardwareExecute 15 | }; 16 | 17 | SCRIPT_EXPORT void Wait(); 18 | SCRIPT_EXPORT void Run(); 19 | SCRIPT_EXPORT void Pause(); 20 | SCRIPT_EXPORT void Stop(); 21 | SCRIPT_EXPORT void StepIn(); 22 | SCRIPT_EXPORT void StepOver(); 23 | SCRIPT_EXPORT void StepOut(); 24 | SCRIPT_EXPORT bool SetBreakpoint(duint address); 25 | SCRIPT_EXPORT bool DeleteBreakpoint(duint address); 26 | SCRIPT_EXPORT bool DisableBreakpoint(duint address); 27 | SCRIPT_EXPORT bool SetHardwareBreakpoint(duint address, HardwareType type = HardwareExecute); 28 | SCRIPT_EXPORT bool DeleteHardwareBreakpoint(duint address); 29 | }; //Debug 30 | }; //Script 31 | 32 | #endif //_SCRIPTAPI_DEBUG_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_flag.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_FLAG_H 2 | #define _SCRIPTAPI_FLAG_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Flag 9 | { 10 | enum FlagEnum 11 | { 12 | ZF, 13 | OF, 14 | CF, 15 | PF, 16 | SF, 17 | TF, 18 | AF, 19 | DF, 20 | IF 21 | }; 22 | 23 | SCRIPT_EXPORT bool Get(FlagEnum flag); 24 | SCRIPT_EXPORT bool Set(FlagEnum flag, bool value); 25 | 26 | SCRIPT_EXPORT bool GetZF(); 27 | SCRIPT_EXPORT bool SetZF(bool value); 28 | SCRIPT_EXPORT bool GetOF(); 29 | SCRIPT_EXPORT bool SetOF(bool value); 30 | SCRIPT_EXPORT bool GetCF(); 31 | SCRIPT_EXPORT bool SetCF(bool value); 32 | SCRIPT_EXPORT bool GetPF(); 33 | SCRIPT_EXPORT bool SetPF(bool value); 34 | SCRIPT_EXPORT bool GetSF(); 35 | SCRIPT_EXPORT bool SetSF(bool value); 36 | SCRIPT_EXPORT bool GetTF(); 37 | SCRIPT_EXPORT bool SetTF(bool value); 38 | SCRIPT_EXPORT bool GetAF(); 39 | SCRIPT_EXPORT bool SetAF(bool value); 40 | SCRIPT_EXPORT bool GetDF(); 41 | SCRIPT_EXPORT bool SetDF(bool value); 42 | SCRIPT_EXPORT bool GetIF(); 43 | SCRIPT_EXPORT bool SetIF(bool value); 44 | }; 45 | }; 46 | 47 | #endif //_SCRIPTAPI_FLAG_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_function.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_FUNCTION_H 2 | #define _SCRIPTAPI_FUNCTION_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Function 9 | { 10 | struct FunctionInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rvaStart; 14 | duint rvaEnd; 15 | bool manual; 16 | duint instructioncount; 17 | }; 18 | 19 | SCRIPT_EXPORT bool Add(duint start, duint end, bool manual, duint instructionCount = 0); 20 | SCRIPT_EXPORT bool Add(const FunctionInfo* info); 21 | SCRIPT_EXPORT bool Get(duint addr, duint* start = nullptr, duint* end = nullptr, duint* instructionCount = nullptr); 22 | SCRIPT_EXPORT bool GetInfo(duint addr, FunctionInfo* info); 23 | SCRIPT_EXPORT bool Overlaps(duint start, duint end); 24 | SCRIPT_EXPORT bool Delete(duint address); 25 | SCRIPT_EXPORT void DeleteRange(duint start, duint end, bool deleteManual = false); 26 | SCRIPT_EXPORT void Clear(); 27 | SCRIPT_EXPORT bool GetList(ListOf(FunctionInfo) list); //caller has the responsibility to free the list 28 | }; //Function 29 | }; //Script 30 | 31 | #endif //_SCRIPTAPI_FUNCTION_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_gui.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_GUI_H 2 | #define _SCRIPTAPI_GUI_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Gui 9 | { 10 | namespace Disassembly 11 | { 12 | SCRIPT_EXPORT bool SelectionGet(duint* start, duint* end); 13 | SCRIPT_EXPORT bool SelectionSet(duint start, duint end); 14 | SCRIPT_EXPORT duint SelectionGetStart(); 15 | SCRIPT_EXPORT duint SelectionGetEnd(); 16 | }; //Disassembly 17 | 18 | namespace Dump 19 | { 20 | SCRIPT_EXPORT bool SelectionGet(duint* start, duint* end); 21 | SCRIPT_EXPORT bool SelectionSet(duint start, duint end); 22 | SCRIPT_EXPORT duint SelectionGetStart(); 23 | SCRIPT_EXPORT duint SelectionGetEnd(); 24 | }; //Dump 25 | 26 | namespace Stack 27 | { 28 | SCRIPT_EXPORT bool SelectionGet(duint* start, duint* end); 29 | SCRIPT_EXPORT bool SelectionSet(duint start, duint end); 30 | SCRIPT_EXPORT duint SelectionGetStart(); 31 | SCRIPT_EXPORT duint SelectionGetEnd(); 32 | }; //Stack 33 | 34 | namespace Graph 35 | { 36 | SCRIPT_EXPORT duint SelectionGetStart(); 37 | }; //Graph 38 | 39 | namespace MemMap 40 | { 41 | SCRIPT_EXPORT duint SelectionGetStart(); 42 | }; //MemoryMap 43 | 44 | namespace SymMod 45 | { 46 | SCRIPT_EXPORT duint SelectionGetStart(); 47 | }; //SymMod 48 | }; //Gui 49 | 50 | namespace Gui 51 | { 52 | enum Window 53 | { 54 | DisassemblyWindow, 55 | DumpWindow, 56 | StackWindow, 57 | GraphWindow, 58 | MemMapWindow, 59 | SymModWindow 60 | }; 61 | 62 | SCRIPT_EXPORT bool SelectionGet(Window window, duint* start, duint* end); 63 | SCRIPT_EXPORT bool SelectionSet(Window window, duint start, duint end); 64 | SCRIPT_EXPORT duint SelectionGetStart(Window window); 65 | SCRIPT_EXPORT duint SelectionGetEnd(Window window); 66 | SCRIPT_EXPORT void Message(const char* message); 67 | SCRIPT_EXPORT bool MessageYesNo(const char* message); 68 | SCRIPT_EXPORT bool InputLine(const char* title, char* text); //text[GUI_MAX_LINE_SIZE] 69 | SCRIPT_EXPORT bool InputValue(const char* title, duint* value); 70 | SCRIPT_EXPORT void Refresh(); 71 | SCRIPT_EXPORT void AddQWidgetTab(void* qWidget); 72 | SCRIPT_EXPORT void ShowQWidgetTab(void* qWidget); 73 | SCRIPT_EXPORT void CloseQWidgetTab(void* qWidget); 74 | 75 | }; //Gui 76 | }; //Script 77 | 78 | #endif //_SCRIPTAPI_GUI_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_label.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_LABEL_H 2 | #define _SCRIPTAPI_LABEL_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Label 9 | { 10 | struct LabelInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rva; 14 | char text[MAX_LABEL_SIZE]; 15 | bool manual; 16 | }; 17 | 18 | SCRIPT_EXPORT bool Set(duint addr, const char* text, bool manual = false); 19 | SCRIPT_EXPORT bool Set(const LabelInfo* info); 20 | SCRIPT_EXPORT bool FromString(const char* label, duint* addr); 21 | SCRIPT_EXPORT bool Get(duint addr, char* text); //text[MAX_LABEL_SIZE] 22 | SCRIPT_EXPORT bool GetInfo(duint addr, LabelInfo* info); 23 | SCRIPT_EXPORT bool Delete(duint addr); 24 | SCRIPT_EXPORT void DeleteRange(duint start, duint end); 25 | SCRIPT_EXPORT void Clear(); 26 | SCRIPT_EXPORT bool GetList(ListOf(LabelInfo) list); //caller has the responsibility to free the list 27 | }; //Label 28 | }; //Script 29 | 30 | #endif //_SCRIPTAPI_LABEL_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_memory.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_MEMORY_H 2 | #define _SCRIPTAPI_MEMORY_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Memory 9 | { 10 | SCRIPT_EXPORT bool Read(duint addr, void* data, duint size, duint* sizeRead); 11 | SCRIPT_EXPORT bool Write(duint addr, const void* data, duint size, duint* sizeWritten); 12 | SCRIPT_EXPORT bool IsValidPtr(duint addr); 13 | SCRIPT_EXPORT duint RemoteAlloc(duint addr, duint size); 14 | SCRIPT_EXPORT bool RemoteFree(duint addr); 15 | 16 | SCRIPT_EXPORT unsigned char ReadByte(duint addr); 17 | SCRIPT_EXPORT bool WriteByte(duint addr, unsigned char data); 18 | SCRIPT_EXPORT unsigned short ReadWord(duint addr); 19 | SCRIPT_EXPORT bool WriteWord(duint addr, unsigned short data); 20 | SCRIPT_EXPORT unsigned int ReadDword(duint addr); 21 | SCRIPT_EXPORT bool WriteDword(duint addr, unsigned int data); 22 | SCRIPT_EXPORT unsigned long long ReadQword(duint addr); 23 | SCRIPT_EXPORT bool WriteQword(duint addr, unsigned long long data); 24 | SCRIPT_EXPORT duint ReadPtr(duint addr); 25 | SCRIPT_EXPORT bool WritePtr(duint addr, duint data); 26 | }; //Memory 27 | }; //Script 28 | 29 | #endif //_SCRIPTAPI_MEMORY_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_misc.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_MISC_H 2 | #define _SCRIPTAPI_MISC_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Misc 9 | { 10 | SCRIPT_EXPORT bool ParseExpression(const char* expression, duint* value); 11 | SCRIPT_EXPORT duint RemoteGetProcAddress(const char* module, const char* api); 12 | SCRIPT_EXPORT duint ResolveLabel(const char* label); 13 | SCRIPT_EXPORT void* Alloc(duint size); 14 | SCRIPT_EXPORT void Free(void* ptr); 15 | }; //Misc 16 | }; //Script 17 | 18 | #endif //_SCRIPTAPI_MISC_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_module.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_MODULE_H 2 | #define _SCRIPTAPI_MODULE_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Module 9 | { 10 | struct ModuleInfo 11 | { 12 | duint base; 13 | duint size; 14 | duint entry; 15 | int sectionCount; 16 | char name[MAX_MODULE_SIZE]; 17 | char path[MAX_PATH]; 18 | }; 19 | 20 | struct ModuleSectionInfo 21 | { 22 | duint addr; 23 | duint size; 24 | char name[MAX_SECTION_SIZE * 5]; 25 | }; 26 | 27 | SCRIPT_EXPORT bool InfoFromAddr(duint addr, ModuleInfo* info); 28 | SCRIPT_EXPORT bool InfoFromName(const char* name, ModuleInfo* info); 29 | SCRIPT_EXPORT duint BaseFromAddr(duint addr); 30 | SCRIPT_EXPORT duint BaseFromName(const char* name); 31 | SCRIPT_EXPORT duint SizeFromAddr(duint addr); 32 | SCRIPT_EXPORT duint SizeFromName(const char* name); 33 | SCRIPT_EXPORT bool NameFromAddr(duint addr, char* name); //name[MAX_MODULE_SIZE] 34 | SCRIPT_EXPORT bool PathFromAddr(duint addr, char* path); //path[MAX_PATH] 35 | SCRIPT_EXPORT bool PathFromName(const char* name, char* path); //path[MAX_PATH] 36 | SCRIPT_EXPORT duint EntryFromAddr(duint addr); 37 | SCRIPT_EXPORT duint EntryFromName(const char* name); 38 | SCRIPT_EXPORT int SectionCountFromAddr(duint addr); 39 | SCRIPT_EXPORT int SectionCountFromName(const char* name); 40 | SCRIPT_EXPORT bool SectionFromAddr(duint addr, int number, ModuleSectionInfo* section); 41 | SCRIPT_EXPORT bool SectionFromName(const char* name, int number, ModuleSectionInfo* section); 42 | SCRIPT_EXPORT bool SectionListFromAddr(duint addr, ListOf(ModuleSectionInfo) list); 43 | SCRIPT_EXPORT bool SectionListFromName(const char* name, ListOf(ModuleSectionInfo) list); 44 | SCRIPT_EXPORT bool GetMainModuleInfo(ModuleInfo* info); 45 | SCRIPT_EXPORT duint GetMainModuleBase(); 46 | SCRIPT_EXPORT duint GetMainModuleSize(); 47 | SCRIPT_EXPORT duint GetMainModuleEntry(); 48 | SCRIPT_EXPORT int GetMainModuleSectionCount(); 49 | SCRIPT_EXPORT bool GetMainModuleName(char* name); //name[MAX_MODULE_SIZE] 50 | SCRIPT_EXPORT bool GetMainModulePath(char* path); //path[MAX_PATH] 51 | SCRIPT_EXPORT bool GetMainModuleSectionList(ListOf(ModuleSectionInfo) list); //caller has the responsibility to free the list 52 | SCRIPT_EXPORT bool GetList(ListOf(ModuleInfo) list); //caller has the responsibility to free the list 53 | }; //Module 54 | }; //Script 55 | 56 | #endif //_SCRIPTAPI_MODULE_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_pattern.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_PATTERN_H 2 | #define _SCRIPTAPI_PATTERN_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Pattern 9 | { 10 | SCRIPT_EXPORT duint Find(unsigned char* data, duint datasize, const char* pattern); 11 | SCRIPT_EXPORT duint FindMem(duint start, duint size, const char* pattern); 12 | SCRIPT_EXPORT void Write(unsigned char* data, duint datasize, const char* pattern); 13 | SCRIPT_EXPORT void WriteMem(duint start, duint size, const char* pattern); 14 | SCRIPT_EXPORT bool SearchAndReplace(unsigned char* data, duint datasize, const char* searchpattern, const char* replacepattern); 15 | SCRIPT_EXPORT bool SearchAndReplaceMem(duint start, duint size, const char* searchpattern, const char* replacepattern); 16 | }; 17 | }; 18 | 19 | #endif //_SCRIPTAPI_FIND_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_stack.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_STACK_H 2 | #define _SCRIPTAPI_STACK_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Stack 9 | { 10 | SCRIPT_EXPORT duint Pop(); 11 | SCRIPT_EXPORT duint Push(duint value); //returns the previous top, equal to Peek(1) 12 | SCRIPT_EXPORT duint Peek(int offset = 0); //offset is in multiples of Register::Size(), for easy x32/x64 portability 13 | }; //Stack 14 | }; //Script 15 | 16 | #endif //_SCRIPTAPI_STACK_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/_scriptapi_symbol.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_SYMBOL_H 2 | #define _SCRIPTAPI_SYMBOL_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Symbol 9 | { 10 | enum SymbolType 11 | { 12 | Function, 13 | Import, 14 | Export 15 | }; 16 | 17 | struct SymbolInfo 18 | { 19 | char mod[MAX_MODULE_SIZE]; 20 | duint rva; 21 | char name[MAX_LABEL_SIZE]; 22 | bool manual; 23 | SymbolType type; 24 | }; 25 | 26 | SCRIPT_EXPORT bool GetList(ListOf(SymbolInfo) list); //caller has the responsibility to free the list 27 | }; //Symbol 28 | }; //Script 29 | 30 | #endif //_SCRIPTAPI_SYMBOL_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/bridgegraph.h: -------------------------------------------------------------------------------- 1 | #ifndef _GRAPH_H 2 | #define _GRAPH_H 3 | 4 | typedef struct 5 | { 6 | duint parentGraph; //function of which this node is a part 7 | duint start; //start of the block 8 | duint end; //end of the block (inclusive) 9 | duint brtrue; //destination if condition is true 10 | duint brfalse; //destination if condition is false 11 | duint icount; //number of instructions in node 12 | bool terminal; //node is a RET 13 | bool split; //node is a split (brtrue points to the next node) 14 | void* userdata; //user data 15 | ListInfo exits; //exits (including brtrue and brfalse, duint) 16 | ListInfo data; //block data 17 | } BridgeCFNodeList; 18 | 19 | typedef struct 20 | { 21 | duint entryPoint; //graph entry point 22 | void* userdata; //user data 23 | ListInfo nodes; //graph nodes (BridgeCFNodeList) 24 | } BridgeCFGraphList; 25 | 26 | #ifdef __cplusplus 27 | #if _MSC_VER >= 1700 && !defined(NO_CPP11) 28 | 29 | #include 30 | #include 31 | #include 32 | #include 33 | 34 | struct BridgeCFNode 35 | { 36 | duint parentGraph; //function of which this node is a part 37 | duint start; //start of the block 38 | duint end; //end of the block (inclusive) 39 | duint brtrue; //destination if condition is true 40 | duint brfalse; //destination if condition is false 41 | duint icount; //number of instructions in node 42 | bool terminal; //node is a RET 43 | bool split; //node is a split (brtrue points to the next node) 44 | void* userdata; //user data 45 | std::vector exits; //exits (including brtrue and brfalse) 46 | std::vector data; //block data 47 | 48 | explicit BridgeCFNode(BridgeCFNodeList* nodeList, bool freedata = true) 49 | { 50 | if(!nodeList) 51 | __debugbreak(); 52 | parentGraph = nodeList->parentGraph; 53 | start = nodeList->start; 54 | end = nodeList->end; 55 | brtrue = nodeList->brtrue; 56 | brfalse = nodeList->brfalse; 57 | icount = nodeList->icount; 58 | terminal = nodeList->terminal; 59 | split = nodeList->split; 60 | userdata = nodeList->userdata; 61 | if(!BridgeList::ToVector(&nodeList->exits, exits, freedata)) 62 | __debugbreak(); 63 | if(!BridgeList::ToVector(&nodeList->data, data, freedata)) 64 | __debugbreak(); 65 | } 66 | 67 | explicit BridgeCFNode(duint parentGraph, duint start, duint end) 68 | : parentGraph(parentGraph), 69 | start(start), 70 | end(end), 71 | brtrue(0), 72 | brfalse(0), 73 | icount(0), 74 | terminal(false), 75 | split(false), 76 | userdata(nullptr) 77 | { 78 | } 79 | 80 | explicit BridgeCFNode() 81 | : BridgeCFNode(0, 0, 0) 82 | { 83 | } 84 | 85 | BridgeCFNodeList ToNodeList() const 86 | { 87 | BridgeCFNodeList out; 88 | out.parentGraph = parentGraph; 89 | out.start = start; 90 | out.end = end; 91 | out.brtrue = brtrue; 92 | out.brfalse = brfalse; 93 | out.icount = icount; 94 | out.terminal = terminal; 95 | out.split = split; 96 | out.userdata = userdata; 97 | BridgeList::CopyData(&out.exits, exits); 98 | BridgeList::CopyData(&out.data, data); 99 | return std::move(out); 100 | } 101 | }; 102 | 103 | struct BridgeCFGraph 104 | { 105 | duint entryPoint; //graph entry point 106 | void* userdata; //user data 107 | std::unordered_map nodes; //CFNode.start -> CFNode 108 | std::unordered_map> parents; //CFNode.start -> parents 109 | 110 | explicit BridgeCFGraph(BridgeCFGraphList* graphList, bool freedata = true) 111 | { 112 | if(!graphList || graphList->nodes.size != graphList->nodes.count * sizeof(BridgeCFNodeList)) 113 | __debugbreak(); 114 | entryPoint = graphList->entryPoint; 115 | userdata = graphList->userdata; 116 | auto data = (BridgeCFNodeList*)graphList->nodes.data; 117 | for(int i = 0; i < graphList->nodes.count; i++) 118 | AddNode(BridgeCFNode(&data[i], freedata)); 119 | if(freedata && data) 120 | BridgeFree(data); 121 | } 122 | 123 | explicit BridgeCFGraph(duint entryPoint) 124 | : entryPoint(entryPoint), 125 | userdata(nullptr) 126 | { 127 | } 128 | 129 | void AddNode(const BridgeCFNode & node) 130 | { 131 | nodes[node.start] = node; 132 | AddParent(node.start, node.brtrue); 133 | AddParent(node.start, node.brfalse); 134 | } 135 | 136 | void AddParent(duint child, duint parent) 137 | { 138 | if(!child || !parent) 139 | return; 140 | auto found = parents.find(child); 141 | if(found == parents.end()) 142 | parents[child] = std::unordered_set(std::initializer_list { parent }); 143 | else 144 | found->second.insert(parent); 145 | } 146 | 147 | BridgeCFGraphList ToGraphList() const 148 | { 149 | BridgeCFGraphList out; 150 | out.entryPoint = entryPoint; 151 | out.userdata = userdata; 152 | std::vector nodeList; 153 | nodeList.reserve(nodes.size()); 154 | for(const auto & nodeIt : nodes) 155 | nodeList.push_back(nodeIt.second.ToNodeList()); 156 | BridgeList::CopyData(&out.nodes, nodeList); 157 | return std::move(out); 158 | } 159 | }; 160 | 161 | #endif //_MSC_VER 162 | #endif //__cplusplus 163 | 164 | #endif //_GRAPH_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/bridgelist.h: -------------------------------------------------------------------------------- 1 | #ifndef _LIST_H 2 | #define _LIST_H 3 | 4 | typedef struct 5 | { 6 | int count; //Number of element in the list. 7 | size_t size; //Size of list in bytes (used for type checking). 8 | void* data; //Pointer to the list contents. Must be deleted by the caller using BridgeFree (or BridgeList::Free). 9 | } ListInfo; 10 | 11 | #define ListOf(Type) ListInfo* 12 | 13 | #ifdef __cplusplus 14 | 15 | #include 16 | 17 | /** 18 | \brief A list object. This object is NOT thread safe. 19 | \tparam Type BridgeList contents type. 20 | */ 21 | template 22 | class BridgeList 23 | { 24 | public: 25 | /** 26 | \brief BridgeList constructor. 27 | \param _freeData (Optional) the free function. 28 | */ 29 | explicit BridgeList() 30 | { 31 | memset(&_listInfo, 0, sizeof(_listInfo)); 32 | } 33 | 34 | /** 35 | \brief BridgeList destructor. 36 | */ 37 | ~BridgeList() 38 | { 39 | Cleanup(); 40 | } 41 | 42 | /** 43 | \brief Gets the list data. 44 | \return Returns ListInfo->data. Can be null if the list was never initialized. Will be destroyed once this object goes out of scope! 45 | */ 46 | Type* Data() const 47 | { 48 | return reinterpret_cast(_listInfo.data); 49 | } 50 | 51 | /** 52 | \brief Gets the number of elements in the list. This will crash the program if the data is not consistent with the specified template argument. 53 | \return The number of elements in the list. 54 | */ 55 | int Count() const 56 | { 57 | if(_listInfo.size != _listInfo.count * sizeof(Type)) //make sure the user is using the correct type. 58 | __debugbreak(); 59 | return _listInfo.count; 60 | } 61 | 62 | /** 63 | \brief Cleans up the list, freeing the list data when it is not null. 64 | */ 65 | void Cleanup() 66 | { 67 | if(_listInfo.data) 68 | { 69 | BridgeFree(_listInfo.data); 70 | _listInfo.data = nullptr; 71 | } 72 | } 73 | 74 | /** 75 | \brief Reference operator (cleans up the previous list) 76 | \return Pointer to the ListInfo. 77 | */ 78 | ListInfo* operator&() 79 | { 80 | Cleanup(); 81 | return &_listInfo; 82 | } 83 | 84 | /** 85 | \brief Array indexer operator. This will crash if you try to access out-of-bounds. 86 | \param index Zero-based index of the item you want to get. 87 | \return Reference to a value at that index. 88 | */ 89 | Type & operator[](size_t index) const 90 | { 91 | if(index >= size_t(Count())) //make sure the out-of-bounds access is caught as soon as possible. 92 | __debugbreak(); 93 | return Data()[index]; 94 | } 95 | 96 | /** 97 | \brief Copies data to a ListInfo structure.. 98 | \param [out] listInfo If non-null, information describing the list. 99 | \param listData Data to copy in the ListInfo structure. 100 | \return true if it succeeds, false if it fails. 101 | */ 102 | static bool CopyData(ListInfo* listInfo, const std::vector & listData) 103 | { 104 | if(!listInfo) 105 | return false; 106 | listInfo->count = int(listData.size()); 107 | listInfo->size = listInfo->count * sizeof(Type); 108 | if(listInfo->count) 109 | { 110 | listInfo->data = BridgeAlloc(listInfo->size); 111 | Type* curItem = reinterpret_cast(listInfo->data); 112 | for(const auto & item : listData) 113 | { 114 | *curItem = item; 115 | ++curItem; 116 | } 117 | } 118 | else 119 | listInfo->data = nullptr; 120 | return true; 121 | } 122 | 123 | static bool ToVector(const ListInfo* listInfo, std::vector & listData, bool freedata = true) 124 | { 125 | if(!listInfo || listInfo->size != listInfo->count * sizeof(Type) || (listInfo->count && !listInfo->data)) 126 | return false; 127 | listData.resize(listInfo->count); 128 | for(int i = 0; i < listInfo->count; i++) 129 | listData[i] = ((Type*)listInfo->data)[i]; 130 | if(freedata && listInfo->data) 131 | BridgeFree(listInfo->data); 132 | return true; 133 | } 134 | 135 | private: 136 | ListInfo _listInfo; 137 | }; 138 | 139 | #endif //__cplusplus 140 | 141 | #endif //_LIST_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/capstone/capstone_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/capstone/capstone_x64.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/capstone/capstone_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/capstone/capstone_x86.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/capstone/platform.h: -------------------------------------------------------------------------------- 1 | /* Capstone Disassembly Engine */ 2 | /* By Axel Souchet & Nguyen Anh Quynh, 2014 */ 3 | 4 | #ifndef CAPSTONE_PLATFORM_H 5 | #define CAPSTONE_PLATFORM_H 6 | 7 | 8 | // handle C99 issue (for pre-2013 VisualStudio) 9 | #if !defined(__CYGWIN__) && !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64)) 10 | // MSVC 11 | 12 | // stdbool.h 13 | #if (_MSC_VER < 1800) || defined(_KERNEL_MODE) 14 | // this system does not have stdbool.h 15 | #ifndef __cplusplus 16 | typedef unsigned char bool; 17 | #define false 0 18 | #define true 1 19 | #endif // __cplusplus 20 | 21 | #else 22 | // VisualStudio 2013+ -> C99 is supported 23 | #include 24 | #endif // (_MSC_VER < 1800) || defined(_KERNEL_MODE) 25 | 26 | #else 27 | // not MSVC -> C99 is supported 28 | #include 29 | #endif // !defined(__CYGWIN__) && !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64)) 30 | 31 | 32 | // handle inttypes.h / stdint.h compatibility 33 | #if defined(_WIN32_WCE) && (_WIN32_WCE < 0x800) 34 | #include "windowsce/stdint.h" 35 | #endif // defined(_WIN32_WCE) && (_WIN32_WCE < 0x800) 36 | 37 | #if defined(CAPSTONE_HAS_OSXKERNEL) || (defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE))) 38 | // this system does not have inttypes.h 39 | 40 | #if defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE)) 41 | // this system does not have stdint.h 42 | typedef signed char int8_t; 43 | typedef signed short int16_t; 44 | typedef signed int int32_t; 45 | typedef unsigned char uint8_t; 46 | typedef unsigned short uint16_t; 47 | typedef unsigned int uint32_t; 48 | typedef signed long long int64_t; 49 | typedef unsigned long long uint64_t; 50 | 51 | #define INT8_MIN (-127i8 - 1) 52 | #define INT16_MIN (-32767i16 - 1) 53 | #define INT32_MIN (-2147483647i32 - 1) 54 | #define INT64_MIN (-9223372036854775807i64 - 1) 55 | #define INT8_MAX 127i8 56 | #define INT16_MAX 32767i16 57 | #define INT32_MAX 2147483647i32 58 | #define INT64_MAX 9223372036854775807i64 59 | #define UINT8_MAX 0xffui8 60 | #define UINT16_MAX 0xffffui16 61 | #define UINT32_MAX 0xffffffffui32 62 | #define UINT64_MAX 0xffffffffffffffffui64 63 | #endif // defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE)) 64 | 65 | #define __PRI_8_LENGTH_MODIFIER__ "hh" 66 | #define __PRI_64_LENGTH_MODIFIER__ "ll" 67 | 68 | #define PRId8 __PRI_8_LENGTH_MODIFIER__ "d" 69 | #define PRIi8 __PRI_8_LENGTH_MODIFIER__ "i" 70 | #define PRIo8 __PRI_8_LENGTH_MODIFIER__ "o" 71 | #define PRIu8 __PRI_8_LENGTH_MODIFIER__ "u" 72 | #define PRIx8 __PRI_8_LENGTH_MODIFIER__ "x" 73 | #define PRIX8 __PRI_8_LENGTH_MODIFIER__ "X" 74 | 75 | #define PRId16 "hd" 76 | #define PRIi16 "hi" 77 | #define PRIo16 "ho" 78 | #define PRIu16 "hu" 79 | #define PRIx16 "hx" 80 | #define PRIX16 "hX" 81 | 82 | #if defined(_MSC_VER) && _MSC_VER <= 1700 83 | #define PRId32 "ld" 84 | #define PRIi32 "li" 85 | #define PRIo32 "lo" 86 | #define PRIu32 "lu" 87 | #define PRIx32 "lx" 88 | #define PRIX32 "lX" 89 | #else // OSX 90 | #define PRId32 "d" 91 | #define PRIi32 "i" 92 | #define PRIo32 "o" 93 | #define PRIu32 "u" 94 | #define PRIx32 "x" 95 | #define PRIX32 "X" 96 | #endif // defined(_MSC_VER) && _MSC_VER <= 1700 97 | 98 | #define PRId64 __PRI_64_LENGTH_MODIFIER__ "d" 99 | #define PRIi64 __PRI_64_LENGTH_MODIFIER__ "i" 100 | #define PRIo64 __PRI_64_LENGTH_MODIFIER__ "o" 101 | #define PRIu64 __PRI_64_LENGTH_MODIFIER__ "u" 102 | #define PRIx64 __PRI_64_LENGTH_MODIFIER__ "x" 103 | #define PRIX64 __PRI_64_LENGTH_MODIFIER__ "X" 104 | 105 | #else 106 | // this system has inttypes.h by default 107 | #include 108 | #endif // defined(CAPSTONE_HAS_OSXKERNEL) || (defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE))) 109 | 110 | #endif 111 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/capstone/xcore.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_XCORE_H 2 | #define CAPSTONE_XCORE_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014-2015 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include "platform.h" 12 | 13 | #ifdef _MSC_VER 14 | #pragma warning(disable:4201) 15 | #endif 16 | 17 | //> Operand type for instruction's operands 18 | typedef enum xcore_op_type 19 | { 20 | XCORE_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 21 | XCORE_OP_REG, // = CS_OP_REG (Register operand). 22 | XCORE_OP_IMM, // = CS_OP_IMM (Immediate operand). 23 | XCORE_OP_MEM, // = CS_OP_MEM (Memory operand). 24 | } xcore_op_type; 25 | 26 | //> XCore registers 27 | typedef enum xcore_reg 28 | { 29 | XCORE_REG_INVALID = 0, 30 | 31 | XCORE_REG_CP, 32 | XCORE_REG_DP, 33 | XCORE_REG_LR, 34 | XCORE_REG_SP, 35 | XCORE_REG_R0, 36 | XCORE_REG_R1, 37 | XCORE_REG_R2, 38 | XCORE_REG_R3, 39 | XCORE_REG_R4, 40 | XCORE_REG_R5, 41 | XCORE_REG_R6, 42 | XCORE_REG_R7, 43 | XCORE_REG_R8, 44 | XCORE_REG_R9, 45 | XCORE_REG_R10, 46 | XCORE_REG_R11, 47 | 48 | //> pseudo registers 49 | XCORE_REG_PC, // pc 50 | 51 | // internal thread registers 52 | // see The-XMOS-XS1-Architecture(X7879A).pdf 53 | XCORE_REG_SCP, // save pc 54 | XCORE_REG_SSR, // save status 55 | XCORE_REG_ET, // exception type 56 | XCORE_REG_ED, // exception data 57 | XCORE_REG_SED, // save exception data 58 | XCORE_REG_KEP, // kernel entry pointer 59 | XCORE_REG_KSP, // kernel stack pointer 60 | XCORE_REG_ID, // thread ID 61 | 62 | XCORE_REG_ENDING, // <-- mark the end of the list of registers 63 | } xcore_reg; 64 | 65 | // Instruction's operand referring to memory 66 | // This is associated with XCORE_OP_MEM operand type above 67 | typedef struct xcore_op_mem 68 | { 69 | uint8_t base; // base register, can be safely interpreted as 70 | // a value of type `xcore_reg`, but it is only 71 | // one byte wide 72 | uint8_t index; // index register, same conditions apply here 73 | int32_t disp; // displacement/offset value 74 | int direct; // +1: forward, -1: backward 75 | } xcore_op_mem; 76 | 77 | // Instruction operand 78 | typedef struct cs_xcore_op 79 | { 80 | xcore_op_type type; // operand type 81 | union 82 | { 83 | xcore_reg reg; // register value for REG operand 84 | int32_t imm; // immediate value for IMM operand 85 | xcore_op_mem mem; // base/disp value for MEM operand 86 | }; 87 | } cs_xcore_op; 88 | 89 | // Instruction structure 90 | typedef struct cs_xcore 91 | { 92 | // Number of operands of this instruction, 93 | // or 0 when instruction has no operand. 94 | uint8_t op_count; 95 | cs_xcore_op operands[8]; // operands for this instruction. 96 | } cs_xcore; 97 | 98 | //> XCore instruction 99 | typedef enum xcore_insn 100 | { 101 | XCORE_INS_INVALID = 0, 102 | 103 | XCORE_INS_ADD, 104 | XCORE_INS_ANDNOT, 105 | XCORE_INS_AND, 106 | XCORE_INS_ASHR, 107 | XCORE_INS_BAU, 108 | XCORE_INS_BITREV, 109 | XCORE_INS_BLA, 110 | XCORE_INS_BLAT, 111 | XCORE_INS_BL, 112 | XCORE_INS_BF, 113 | XCORE_INS_BT, 114 | XCORE_INS_BU, 115 | XCORE_INS_BRU, 116 | XCORE_INS_BYTEREV, 117 | XCORE_INS_CHKCT, 118 | XCORE_INS_CLRE, 119 | XCORE_INS_CLRPT, 120 | XCORE_INS_CLRSR, 121 | XCORE_INS_CLZ, 122 | XCORE_INS_CRC8, 123 | XCORE_INS_CRC32, 124 | XCORE_INS_DCALL, 125 | XCORE_INS_DENTSP, 126 | XCORE_INS_DGETREG, 127 | XCORE_INS_DIVS, 128 | XCORE_INS_DIVU, 129 | XCORE_INS_DRESTSP, 130 | XCORE_INS_DRET, 131 | XCORE_INS_ECALLF, 132 | XCORE_INS_ECALLT, 133 | XCORE_INS_EDU, 134 | XCORE_INS_EEF, 135 | XCORE_INS_EET, 136 | XCORE_INS_EEU, 137 | XCORE_INS_ENDIN, 138 | XCORE_INS_ENTSP, 139 | XCORE_INS_EQ, 140 | XCORE_INS_EXTDP, 141 | XCORE_INS_EXTSP, 142 | XCORE_INS_FREER, 143 | XCORE_INS_FREET, 144 | XCORE_INS_GETD, 145 | XCORE_INS_GET, 146 | XCORE_INS_GETN, 147 | XCORE_INS_GETR, 148 | XCORE_INS_GETSR, 149 | XCORE_INS_GETST, 150 | XCORE_INS_GETTS, 151 | XCORE_INS_INCT, 152 | XCORE_INS_INIT, 153 | XCORE_INS_INPW, 154 | XCORE_INS_INSHR, 155 | XCORE_INS_INT, 156 | XCORE_INS_IN, 157 | XCORE_INS_KCALL, 158 | XCORE_INS_KENTSP, 159 | XCORE_INS_KRESTSP, 160 | XCORE_INS_KRET, 161 | XCORE_INS_LADD, 162 | XCORE_INS_LD16S, 163 | XCORE_INS_LD8U, 164 | XCORE_INS_LDA16, 165 | XCORE_INS_LDAP, 166 | XCORE_INS_LDAW, 167 | XCORE_INS_LDC, 168 | XCORE_INS_LDW, 169 | XCORE_INS_LDIVU, 170 | XCORE_INS_LMUL, 171 | XCORE_INS_LSS, 172 | XCORE_INS_LSUB, 173 | XCORE_INS_LSU, 174 | XCORE_INS_MACCS, 175 | XCORE_INS_MACCU, 176 | XCORE_INS_MJOIN, 177 | XCORE_INS_MKMSK, 178 | XCORE_INS_MSYNC, 179 | XCORE_INS_MUL, 180 | XCORE_INS_NEG, 181 | XCORE_INS_NOT, 182 | XCORE_INS_OR, 183 | XCORE_INS_OUTCT, 184 | XCORE_INS_OUTPW, 185 | XCORE_INS_OUTSHR, 186 | XCORE_INS_OUTT, 187 | XCORE_INS_OUT, 188 | XCORE_INS_PEEK, 189 | XCORE_INS_REMS, 190 | XCORE_INS_REMU, 191 | XCORE_INS_RETSP, 192 | XCORE_INS_SETCLK, 193 | XCORE_INS_SET, 194 | XCORE_INS_SETC, 195 | XCORE_INS_SETD, 196 | XCORE_INS_SETEV, 197 | XCORE_INS_SETN, 198 | XCORE_INS_SETPSC, 199 | XCORE_INS_SETPT, 200 | XCORE_INS_SETRDY, 201 | XCORE_INS_SETSR, 202 | XCORE_INS_SETTW, 203 | XCORE_INS_SETV, 204 | XCORE_INS_SEXT, 205 | XCORE_INS_SHL, 206 | XCORE_INS_SHR, 207 | XCORE_INS_SSYNC, 208 | XCORE_INS_ST16, 209 | XCORE_INS_ST8, 210 | XCORE_INS_STW, 211 | XCORE_INS_SUB, 212 | XCORE_INS_SYNCR, 213 | XCORE_INS_TESTCT, 214 | XCORE_INS_TESTLCL, 215 | XCORE_INS_TESTWCT, 216 | XCORE_INS_TSETMR, 217 | XCORE_INS_START, 218 | XCORE_INS_WAITEF, 219 | XCORE_INS_WAITET, 220 | XCORE_INS_WAITEU, 221 | XCORE_INS_XOR, 222 | XCORE_INS_ZEXT, 223 | 224 | XCORE_INS_ENDING, // <-- mark the end of the list of instructions 225 | } xcore_insn; 226 | 227 | //> Group of XCore instructions 228 | typedef enum xcore_insn_group 229 | { 230 | XCORE_GRP_INVALID = 0, // = CS_GRP_INVALID 231 | 232 | //> Generic groups 233 | // all jump instructions (conditional+direct+indirect jumps) 234 | XCORE_GRP_JUMP, // = CS_GRP_JUMP 235 | 236 | XCORE_GRP_ENDING, // <-- mark the end of the list of groups 237 | } xcore_insn_group; 238 | 239 | #ifdef __cplusplus 240 | } 241 | #endif 242 | 243 | #endif 244 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/dbghelp/dbghelp_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/dbghelp/dbghelp_x64.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/dbghelp/dbghelp_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/dbghelp/dbghelp_x64.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/dbghelp/dbghelp_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/dbghelp/dbghelp_x86.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/dbghelp/dbghelp_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/dbghelp/dbghelp_x86.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/jansson/jansson_config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2014 Petri Lehtinen 3 | * 4 | * Jansson is free software; you can redistribute it and/or modify 5 | * it under the terms of the MIT license. See LICENSE for details. 6 | * 7 | * 8 | * This file specifies a part of the site-specific configuration for 9 | * Jansson, namely those things that affect the public API in 10 | * jansson.h. 11 | * 12 | * The CMake system will generate the jansson_config.h file and 13 | * copy it to the build and install directories. 14 | */ 15 | 16 | #ifndef JANSSON_CONFIG_H 17 | #define JANSSON_CONFIG_H 18 | 19 | /* Define this so that we can disable scattered automake configuration in source files */ 20 | #ifndef JANSSON_USING_CMAKE 21 | #define JANSSON_USING_CMAKE 22 | #endif 23 | 24 | /* Note: when using cmake, JSON_INTEGER_IS_LONG_LONG is not defined nor used, 25 | * as we will also check for __int64 etc types. 26 | * (the definition was used in the automake system) */ 27 | 28 | /* Bring in the cmake-detected defines */ 29 | #define HAVE_STDINT_H 1 30 | /* #undef HAVE_INTTYPES_H */ 31 | /* #undef HAVE_SYS_TYPES_H */ 32 | 33 | /* Include our standard type header for the integer typedef */ 34 | 35 | #if defined(HAVE_STDINT_H) 36 | # include 37 | #elif defined(HAVE_INTTYPES_H) 38 | # include 39 | #elif defined(HAVE_SYS_TYPES_H) 40 | # include 41 | #endif 42 | 43 | 44 | /* If your compiler supports the inline keyword in C, JSON_INLINE is 45 | defined to `inline', otherwise empty. In C++, the inline is always 46 | supported. */ 47 | #ifdef __cplusplus 48 | #define JSON_INLINE inline 49 | #else 50 | #define JSON_INLINE __inline 51 | #endif 52 | 53 | 54 | #define json_int_t long long 55 | #define json_strtoint _strtoi64 56 | #define JSON_INTEGER_FORMAT "I64d" 57 | 58 | 59 | /* If locale.h and localeconv() are available, define to 1, otherwise to 0. */ 60 | #define JSON_HAVE_LOCALECONV 1 61 | 62 | 63 | 64 | #endif 65 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/jansson/jansson_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/jansson/jansson_x64.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/jansson/jansson_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/jansson/jansson_x64.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/jansson/jansson_x64dbg.h: -------------------------------------------------------------------------------- 1 | typedef json_t* JSON; 2 | 3 | static JSON_INLINE 4 | json_t* json_hex(unsigned json_int_t value) 5 | { 6 | char hexvalue[20]; 7 | #ifdef _WIN64 8 | sprintf(hexvalue, "0x%llX", value); 9 | #else //x64 10 | sprintf(hexvalue, "0x%X", value); 11 | #endif //_WIN64 12 | return json_string(hexvalue); 13 | } 14 | 15 | static JSON_INLINE 16 | unsigned json_int_t json_hex_value(const json_t* hex) 17 | { 18 | unsigned json_int_t ret = 0; 19 | const char* hexvalue; 20 | hexvalue = json_string_value(hex); 21 | if(!hexvalue) 22 | return 0; 23 | #ifdef _WIN64 24 | sscanf(hexvalue, "0x%llX", &ret); 25 | #else //x64 26 | sscanf(hexvalue, "0x%X", &ret); 27 | #endif //_WIN64 28 | return ret; 29 | } -------------------------------------------------------------------------------- /x64dbg_pluginsdk/jansson/jansson_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/jansson/jansson_x86.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/jansson/jansson_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/jansson/jansson_x86.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/lz4/lz4_x64.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/lz4/lz4_x64.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/lz4/lz4_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/lz4/lz4_x64.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/lz4/lz4_x86.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/lz4/lz4_x86.a -------------------------------------------------------------------------------- /x64dbg_pluginsdk/lz4/lz4_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/lz4/lz4_x86.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/lz4/lz4file.h: -------------------------------------------------------------------------------- 1 | #ifndef _LZ4FILE_H 2 | #define _LZ4FILE_H 3 | 4 | typedef enum _LZ4_STATUS 5 | { 6 | LZ4_SUCCESS, 7 | LZ4_FAILED_OPEN_INPUT, 8 | LZ4_FAILED_OPEN_OUTPUT, 9 | LZ4_NOT_ENOUGH_MEMORY, 10 | LZ4_INVALID_ARCHIVE, 11 | LZ4_CORRUPTED_ARCHIVE 12 | } LZ4_STATUS; 13 | 14 | #if defined (__cplusplus) 15 | extern "C" 16 | { 17 | #endif 18 | 19 | __declspec(dllimport) LZ4_STATUS LZ4_compress_file(const char* input_filename, const char* output_filename); 20 | __declspec(dllimport) LZ4_STATUS LZ4_compress_fileW(const wchar_t* input_filename, const wchar_t* output_filename); 21 | __declspec(dllimport) LZ4_STATUS LZ4_decompress_file(const char* input_filename, const char* output_filename); 22 | __declspec(dllimport) LZ4_STATUS LZ4_decompress_fileW(const wchar_t* input_filename, const wchar_t* output_filename); 23 | 24 | #if defined (__cplusplus) 25 | } 26 | #endif 27 | 28 | #endif //_LZ4FILE_H -------------------------------------------------------------------------------- /x64dbg_pluginsdk/x32bridge.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/x32bridge.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/x32dbg.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/x32dbg.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/x64bridge.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/x64bridge.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/x64dbg.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/x64dbg.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_YARA_H 31 | #define YR_YARA_H 32 | 33 | #include "yara/utils.h" 34 | #include "yara/filemap.h" 35 | #include "yara/compiler.h" 36 | #include "yara/modules.h" 37 | #include "yara/object.h" 38 | #include "yara/libyara.h" 39 | #include "yara/error.h" 40 | #include "yara/stream.h" 41 | #include "yara/hash.h" 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/ahocorasick.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef _AHOCORASICK_H 31 | #define _AHOCORASICK_H 32 | 33 | #include "limits.h" 34 | #include "atoms.h" 35 | #include "types.h" 36 | 37 | 38 | #define YR_AC_ROOT_STATE 0 39 | #define YR_AC_NEXT_STATE(t) (t >> 32) 40 | #define YR_AC_INVALID_TRANSITION(t, c) (((t) & 0xFFFF) != c) 41 | 42 | #define YR_AC_MAKE_TRANSITION(state, code, flags) \ 43 | ((uint64_t)((((uint64_t) state) << 32) | ((flags) << 16) | (code))) 44 | 45 | #define YR_AC_USED_FLAG 0x1 46 | 47 | #define YR_AC_USED_TRANSITION_SLOT(x) ((x) & (YR_AC_USED_FLAG << 16)) 48 | #define YR_AC_UNUSED_TRANSITION_SLOT(x) (!YR_AC_USED_TRANSITION_SLOT(x)) 49 | 50 | 51 | typedef struct _YR_AC_TABLES 52 | { 53 | YR_AC_TRANSITION* transitions; 54 | YR_AC_MATCH_TABLE_ENTRY* matches; 55 | 56 | } YR_AC_TABLES; 57 | 58 | 59 | int yr_ac_automaton_create( 60 | YR_AC_AUTOMATON** automaton); 61 | 62 | 63 | int yr_ac_automaton_destroy( 64 | YR_AC_AUTOMATON* automaton); 65 | 66 | 67 | int yr_ac_add_string( 68 | YR_AC_AUTOMATON* automaton, 69 | YR_STRING* string, 70 | YR_ATOM_LIST_ITEM* atom, 71 | YR_ARENA* matches_arena); 72 | 73 | 74 | int yr_ac_compile( 75 | YR_AC_AUTOMATON* automaton, 76 | YR_ARENA* arena, 77 | YR_AC_TABLES* tables); 78 | 79 | 80 | void yr_ac_print_automaton( 81 | YR_AC_AUTOMATON* automaton); 82 | 83 | 84 | #endif 85 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/arena.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_ARENA_H 31 | #define YR_ARENA_H 32 | 33 | #include 34 | 35 | #include "integers.h" 36 | #include "stream.h" 37 | 38 | #define ARENA_FLAGS_FIXED_SIZE 1 39 | #define ARENA_FLAGS_COALESCED 2 40 | #define ARENA_FILE_VERSION 11 41 | 42 | #define EOL ((size_t) -1) 43 | 44 | 45 | typedef struct _YR_RELOC 46 | { 47 | uint32_t offset; 48 | struct _YR_RELOC* next; 49 | 50 | } YR_RELOC; 51 | 52 | 53 | typedef struct _YR_ARENA_PAGE 54 | { 55 | 56 | uint8_t* new_address; 57 | uint8_t* address; 58 | 59 | size_t size; 60 | size_t used; 61 | 62 | YR_RELOC* reloc_list_head; 63 | YR_RELOC* reloc_list_tail; 64 | 65 | struct _YR_ARENA_PAGE* next; 66 | struct _YR_ARENA_PAGE* prev; 67 | 68 | } YR_ARENA_PAGE; 69 | 70 | 71 | typedef struct _YR_ARENA 72 | { 73 | int flags; 74 | 75 | YR_ARENA_PAGE* page_list_head; 76 | YR_ARENA_PAGE* current_page; 77 | 78 | } YR_ARENA; 79 | 80 | 81 | int yr_arena_create( 82 | size_t initial_size, 83 | int flags, 84 | YR_ARENA** arena); 85 | 86 | 87 | void yr_arena_destroy( 88 | YR_ARENA* arena); 89 | 90 | 91 | void* yr_arena_base_address( 92 | YR_ARENA* arena); 93 | 94 | 95 | void* yr_arena_next_address( 96 | YR_ARENA* arena, 97 | void* address, 98 | size_t offset); 99 | 100 | 101 | int yr_arena_coalesce( 102 | YR_ARENA* arena); 103 | 104 | 105 | int yr_arena_reserve_memory( 106 | YR_ARENA* arena, 107 | size_t size); 108 | 109 | 110 | int yr_arena_allocate_memory( 111 | YR_ARENA* arena, 112 | size_t size, 113 | void** allocated_memory); 114 | 115 | 116 | int yr_arena_allocate_struct( 117 | YR_ARENA* arena, 118 | size_t size, 119 | void** allocated_memory, 120 | ...); 121 | 122 | 123 | int yr_arena_make_relocatable( 124 | YR_ARENA* arena, 125 | void* base, 126 | ...); 127 | 128 | 129 | int yr_arena_write_data( 130 | YR_ARENA* arena, 131 | void* data, 132 | size_t size, 133 | void** written_data); 134 | 135 | 136 | int yr_arena_write_string( 137 | YR_ARENA* arena, 138 | const char* string, 139 | char** written_string); 140 | 141 | 142 | int yr_arena_append( 143 | YR_ARENA* target_arena, 144 | YR_ARENA* source_arena); 145 | 146 | 147 | int yr_arena_load_stream( 148 | YR_STREAM* stream, 149 | YR_ARENA** arena); 150 | 151 | 152 | int yr_arena_save_stream( 153 | YR_ARENA* arena, 154 | YR_STREAM* stream); 155 | 156 | 157 | int yr_arena_duplicate( 158 | YR_ARENA* arena, 159 | YR_ARENA** duplicated); 160 | 161 | 162 | void yr_arena_print( 163 | YR_ARENA* arena); 164 | 165 | #endif 166 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/atoms.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_ATOMS_H 31 | #define YR_ATOMS_H 32 | 33 | #include "limits.h" 34 | #include "re.h" 35 | 36 | #define ATOM_TREE_LEAF 1 37 | #define ATOM_TREE_AND 2 38 | #define ATOM_TREE_OR 3 39 | 40 | 41 | typedef struct _ATOM_TREE_NODE 42 | { 43 | uint8_t type; 44 | uint8_t atom_length; 45 | uint8_t atom[MAX_ATOM_LENGTH]; 46 | 47 | uint8_t* forward_code; 48 | uint8_t* backward_code; 49 | 50 | RE_NODE* recent_nodes[MAX_ATOM_LENGTH]; 51 | 52 | struct _ATOM_TREE_NODE* children_head; 53 | struct _ATOM_TREE_NODE* children_tail; 54 | struct _ATOM_TREE_NODE* next_sibling; 55 | 56 | } ATOM_TREE_NODE; 57 | 58 | 59 | typedef struct _ATOM_TREE 60 | { 61 | ATOM_TREE_NODE* current_leaf; 62 | ATOM_TREE_NODE* root_node; 63 | 64 | } ATOM_TREE; 65 | 66 | 67 | typedef struct _YR_ATOM_LIST_ITEM 68 | { 69 | uint8_t atom_length; 70 | uint8_t atom[MAX_ATOM_LENGTH]; 71 | 72 | uint16_t backtrack; 73 | 74 | uint8_t* forward_code; 75 | uint8_t* backward_code; 76 | 77 | struct _YR_ATOM_LIST_ITEM* next; 78 | 79 | } YR_ATOM_LIST_ITEM; 80 | 81 | 82 | int yr_atoms_extract_from_re( 83 | RE* re, 84 | int flags, 85 | YR_ATOM_LIST_ITEM** atoms); 86 | 87 | 88 | int yr_atoms_extract_from_string( 89 | uint8_t* string, 90 | int string_length, 91 | int flags, 92 | YR_ATOM_LIST_ITEM** atoms); 93 | 94 | 95 | int yr_atoms_min_quality( 96 | YR_ATOM_LIST_ITEM* atom_list); 97 | 98 | 99 | void yr_atoms_list_destroy( 100 | YR_ATOM_LIST_ITEM* list_head); 101 | 102 | #endif 103 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/compiler.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_COMPILER_H 31 | #define YR_COMPILER_H 32 | 33 | #include 34 | #include 35 | 36 | #include "ahocorasick.h" 37 | #include "arena.h" 38 | #include "hash.h" 39 | #include "utils.h" 40 | 41 | 42 | #define YARA_ERROR_LEVEL_ERROR 0 43 | #define YARA_ERROR_LEVEL_WARNING 1 44 | 45 | 46 | typedef void (*YR_COMPILER_CALLBACK_FUNC)( 47 | int error_level, 48 | const char* file_name, 49 | int line_number, 50 | const char* message, 51 | void* user_data); 52 | 53 | 54 | typedef struct _YR_FIXUP 55 | { 56 | int64_t* address; 57 | struct _YR_FIXUP* next; 58 | 59 | } YR_FIXUP; 60 | 61 | 62 | typedef struct _YR_COMPILER 63 | { 64 | int errors; 65 | int error_line; 66 | int last_error; 67 | int last_error_line; 68 | int last_result; 69 | 70 | jmp_buf error_recovery; 71 | 72 | YR_ARENA* sz_arena; 73 | YR_ARENA* rules_arena; 74 | YR_ARENA* strings_arena; 75 | YR_ARENA* code_arena; 76 | YR_ARENA* re_code_arena; 77 | YR_ARENA* compiled_rules_arena; 78 | YR_ARENA* externals_arena; 79 | YR_ARENA* namespaces_arena; 80 | YR_ARENA* metas_arena; 81 | YR_ARENA* matches_arena; 82 | YR_ARENA* automaton_arena; 83 | 84 | YR_AC_AUTOMATON* automaton; 85 | YR_HASH_TABLE* rules_table; 86 | YR_HASH_TABLE* objects_table; 87 | YR_HASH_TABLE* strings_table; 88 | YR_NAMESPACE* current_namespace; 89 | YR_RULE* current_rule; 90 | 91 | YR_FIXUP* fixup_stack_head; 92 | 93 | int namespaces_count; 94 | 95 | uint8_t* loop_address[MAX_LOOP_NESTING]; 96 | char* loop_identifier[MAX_LOOP_NESTING]; 97 | int loop_depth; 98 | int loop_for_of_mem_offset; 99 | 100 | int allow_includes; 101 | 102 | char* file_name_stack[MAX_INCLUDE_DEPTH]; 103 | int file_name_stack_ptr; 104 | 105 | FILE* file_stack[MAX_INCLUDE_DEPTH]; 106 | int file_stack_ptr; 107 | 108 | char last_error_extra_info[MAX_COMPILER_ERROR_EXTRA_INFO]; 109 | 110 | char lex_buf[LEX_BUF_SIZE]; 111 | char* lex_buf_ptr; 112 | unsigned short lex_buf_len; 113 | 114 | char include_base_dir[MAX_PATH]; 115 | void* user_data; 116 | 117 | YR_COMPILER_CALLBACK_FUNC callback; 118 | 119 | } YR_COMPILER; 120 | 121 | 122 | #define yr_compiler_set_error_extra_info(compiler, info) \ 123 | strlcpy( \ 124 | compiler->last_error_extra_info, \ 125 | info, \ 126 | sizeof(compiler->last_error_extra_info)); \ 127 | 128 | 129 | #define yr_compiler_set_error_extra_info_fmt(compiler, fmt, ...) \ 130 | snprintf( \ 131 | compiler->last_error_extra_info, \ 132 | sizeof(compiler->last_error_extra_info), \ 133 | fmt, __VA_ARGS__); 134 | 135 | 136 | int _yr_compiler_push_file( 137 | YR_COMPILER* compiler, 138 | FILE* fh); 139 | 140 | 141 | FILE* _yr_compiler_pop_file( 142 | YR_COMPILER* compiler); 143 | 144 | 145 | int _yr_compiler_push_file_name( 146 | YR_COMPILER* compiler, 147 | const char* file_name); 148 | 149 | 150 | void _yr_compiler_pop_file_name( 151 | YR_COMPILER* compiler); 152 | 153 | 154 | YR_API int yr_compiler_create( 155 | YR_COMPILER** compiler); 156 | 157 | 158 | YR_API void yr_compiler_destroy( 159 | YR_COMPILER* compiler); 160 | 161 | 162 | YR_API void yr_compiler_set_callback( 163 | YR_COMPILER* compiler, 164 | YR_COMPILER_CALLBACK_FUNC callback, 165 | void* user_data); 166 | 167 | 168 | YR_API int yr_compiler_add_file( 169 | YR_COMPILER* compiler, 170 | FILE* rules_file, 171 | const char* namespace_, 172 | const char* file_name); 173 | 174 | 175 | YR_API int yr_compiler_add_string( 176 | YR_COMPILER* compiler, 177 | const char* rules_string, 178 | const char* namespace_); 179 | 180 | 181 | YR_API char* yr_compiler_get_error_message( 182 | YR_COMPILER* compiler, 183 | char* buffer, 184 | int buffer_size); 185 | 186 | 187 | YR_API char* yr_compiler_get_current_file_name( 188 | YR_COMPILER* context); 189 | 190 | 191 | YR_API int yr_compiler_define_integer_variable( 192 | YR_COMPILER* compiler, 193 | const char* identifier, 194 | int64_t value); 195 | 196 | 197 | YR_API int yr_compiler_define_boolean_variable( 198 | YR_COMPILER* compiler, 199 | const char* identifier, 200 | int value); 201 | 202 | 203 | YR_API int yr_compiler_define_float_variable( 204 | YR_COMPILER* compiler, 205 | const char* identifier, 206 | double value); 207 | 208 | 209 | YR_API int yr_compiler_define_string_variable( 210 | YR_COMPILER* compiler, 211 | const char* identifier, 212 | const char* value); 213 | 214 | 215 | YR_API int yr_compiler_get_rules( 216 | YR_COMPILER* compiler, 217 | YR_RULES** rules); 218 | 219 | 220 | #endif 221 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/error.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_ERROR_H 31 | #define YR_ERROR_H 32 | 33 | #include 34 | 35 | #if defined(_WIN32) || defined(__CYGWIN__) 36 | #include 37 | #endif 38 | 39 | #ifndef ERROR_SUCCESS 40 | #define ERROR_SUCCESS 0 41 | #endif 42 | 43 | #define ERROR_INSUFICIENT_MEMORY 1 44 | #define ERROR_COULD_NOT_ATTACH_TO_PROCESS 2 45 | #define ERROR_COULD_NOT_OPEN_FILE 3 46 | #define ERROR_COULD_NOT_MAP_FILE 4 47 | #define ERROR_INVALID_FILE 6 48 | #define ERROR_CORRUPT_FILE 7 49 | #define ERROR_UNSUPPORTED_FILE_VERSION 8 50 | #define ERROR_INVALID_REGULAR_EXPRESSION 9 51 | #define ERROR_INVALID_HEX_STRING 10 52 | #define ERROR_SYNTAX_ERROR 11 53 | #define ERROR_LOOP_NESTING_LIMIT_EXCEEDED 12 54 | #define ERROR_DUPLICATED_LOOP_IDENTIFIER 13 55 | #define ERROR_DUPLICATED_IDENTIFIER 14 56 | #define ERROR_DUPLICATED_TAG_IDENTIFIER 15 57 | #define ERROR_DUPLICATED_META_IDENTIFIER 16 58 | #define ERROR_DUPLICATED_STRING_IDENTIFIER 17 59 | #define ERROR_UNREFERENCED_STRING 18 60 | #define ERROR_UNDEFINED_STRING 19 61 | #define ERROR_UNDEFINED_IDENTIFIER 20 62 | #define ERROR_MISPLACED_ANONYMOUS_STRING 21 63 | #define ERROR_INCLUDES_CIRCULAR_REFERENCE 22 64 | #define ERROR_INCLUDE_DEPTH_EXCEEDED 23 65 | #define ERROR_WRONG_TYPE 24 66 | #define ERROR_EXEC_STACK_OVERFLOW 25 67 | #define ERROR_SCAN_TIMEOUT 26 68 | #define ERROR_TOO_MANY_SCAN_THREADS 27 69 | #define ERROR_CALLBACK_ERROR 28 70 | #define ERROR_INVALID_ARGUMENT 29 71 | #define ERROR_TOO_MANY_MATCHES 30 72 | #define ERROR_INTERNAL_FATAL_ERROR 31 73 | #define ERROR_NESTED_FOR_OF_LOOP 32 74 | #define ERROR_INVALID_FIELD_NAME 33 75 | #define ERROR_UNKNOWN_MODULE 34 76 | #define ERROR_NOT_A_STRUCTURE 35 77 | #define ERROR_NOT_INDEXABLE 36 78 | #define ERROR_NOT_A_FUNCTION 37 79 | #define ERROR_INVALID_FORMAT 38 80 | #define ERROR_TOO_MANY_ARGUMENTS 39 81 | #define ERROR_WRONG_ARGUMENTS 40 82 | #define ERROR_WRONG_RETURN_TYPE 41 83 | #define ERROR_DUPLICATED_STRUCTURE_MEMBER 42 84 | #define ERROR_EMPTY_STRING 43 85 | #define ERROR_DIVISION_BY_ZERO 44 86 | #define ERROR_REGULAR_EXPRESSION_TOO_LARGE 45 87 | #define ERROR_TOO_MANY_RE_FIBERS 46 88 | #define ERROR_COULD_NOT_READ_PROCESS_MEMORY 47 89 | #define ERROR_INVALID_EXTERNAL_VARIABLE_TYPE 48 90 | 91 | 92 | #define FAIL_ON_ERROR(x) { \ 93 | int result = (x); \ 94 | if (result != ERROR_SUCCESS) \ 95 | return result; \ 96 | } 97 | 98 | #define FAIL_ON_ERROR_WITH_CLEANUP(x, cleanup) { \ 99 | int result = (x); \ 100 | if (result != ERROR_SUCCESS) { \ 101 | cleanup; \ 102 | return result; \ 103 | } \ 104 | } 105 | 106 | #define FAIL_ON_COMPILER_ERROR(x) { \ 107 | compiler->last_result = (x); \ 108 | if (compiler->last_result != ERROR_SUCCESS) \ 109 | return compiler->last_result; \ 110 | } 111 | 112 | 113 | #ifdef NDEBUG 114 | #define assertf(expr, msg, ...) ((void)0) 115 | #else 116 | #define assertf(expr, msg, ...) \ 117 | if(!(expr)) { \ 118 | fprintf(stderr, "%s:%d: " msg "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ 119 | abort(); \ 120 | } 121 | #endif 122 | 123 | #endif 124 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/exec.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013-2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_EXEC_H 31 | #define YR_EXEC_H 32 | 33 | #include "hash.h" 34 | #include "scan.h" 35 | #include "types.h" 36 | #include "rules.h" 37 | 38 | 39 | #define UNDEFINED 0xFFFABADAFABADAFFLL 40 | #define IS_UNDEFINED(x) ((size_t)(x) == (size_t) UNDEFINED) 41 | 42 | #define OP_ERROR 0 43 | #define OP_HALT 255 44 | 45 | #define OP_AND 1 46 | #define OP_OR 2 47 | #define OP_NOT 3 48 | #define OP_BITWISE_NOT 4 49 | #define OP_BITWISE_AND 5 50 | #define OP_BITWISE_OR 6 51 | #define OP_BITWISE_XOR 7 52 | #define OP_SHL 8 53 | #define OP_SHR 9 54 | #define OP_MOD 10 55 | #define OP_INT_TO_DBL 11 56 | #define OP_STR_TO_BOOL 12 57 | #define OP_PUSH 13 58 | #define OP_POP 14 59 | #define OP_CALL 15 60 | #define OP_OBJ_LOAD 16 61 | #define OP_OBJ_VALUE 17 62 | #define OP_OBJ_FIELD 18 63 | #define OP_INDEX_ARRAY 19 64 | #define OP_COUNT 20 65 | #define OP_LENGTH 21 66 | #define OP_FOUND 22 67 | #define OP_FOUND_AT 23 68 | #define OP_FOUND_IN 24 69 | #define OP_OFFSET 25 70 | #define OP_OF 26 71 | #define OP_PUSH_RULE 27 72 | #define OP_INIT_RULE 28 73 | #define OP_MATCH_RULE 29 74 | #define OP_INCR_M 30 75 | #define OP_CLEAR_M 31 76 | #define OP_ADD_M 32 77 | #define OP_POP_M 33 78 | #define OP_PUSH_M 34 79 | #define OP_SWAPUNDEF 35 80 | #define OP_JNUNDEF 36 81 | #define OP_JLE 37 82 | #define OP_FILESIZE 38 83 | #define OP_ENTRYPOINT 39 84 | #define OP_CONTAINS 40 85 | #define OP_MATCHES 41 86 | #define OP_IMPORT 42 87 | #define OP_LOOKUP_DICT 43 88 | #define OP_JFALSE 44 89 | #define OP_JTRUE 45 90 | 91 | 92 | #define _OP_EQ 0 93 | #define _OP_NEQ 1 94 | #define _OP_LT 2 95 | #define _OP_GT 3 96 | #define _OP_LE 4 97 | #define _OP_GE 5 98 | #define _OP_ADD 6 99 | #define _OP_SUB 7 100 | #define _OP_MUL 8 101 | #define _OP_DIV 9 102 | #define _OP_MINUS 10 103 | 104 | 105 | #define OP_INT_BEGIN 100 106 | #define OP_INT_EQ (OP_INT_BEGIN + _OP_EQ) 107 | #define OP_INT_NEQ (OP_INT_BEGIN + _OP_NEQ) 108 | #define OP_INT_LT (OP_INT_BEGIN + _OP_LT) 109 | #define OP_INT_GT (OP_INT_BEGIN + _OP_GT) 110 | #define OP_INT_LE (OP_INT_BEGIN + _OP_LE) 111 | #define OP_INT_GE (OP_INT_BEGIN + _OP_GE) 112 | #define OP_INT_ADD (OP_INT_BEGIN + _OP_ADD) 113 | #define OP_INT_SUB (OP_INT_BEGIN + _OP_SUB) 114 | #define OP_INT_MUL (OP_INT_BEGIN + _OP_MUL) 115 | #define OP_INT_DIV (OP_INT_BEGIN + _OP_DIV) 116 | #define OP_INT_MINUS (OP_INT_BEGIN + _OP_MINUS) 117 | #define OP_INT_END OP_INT_MINUS 118 | 119 | #define OP_DBL_BEGIN 120 120 | #define OP_DBL_EQ (OP_DBL_BEGIN + _OP_EQ) 121 | #define OP_DBL_NEQ (OP_DBL_BEGIN + _OP_NEQ) 122 | #define OP_DBL_LT (OP_DBL_BEGIN + _OP_LT) 123 | #define OP_DBL_GT (OP_DBL_BEGIN + _OP_GT) 124 | #define OP_DBL_LE (OP_DBL_BEGIN + _OP_LE) 125 | #define OP_DBL_GE (OP_DBL_BEGIN + _OP_GE) 126 | #define OP_DBL_ADD (OP_DBL_BEGIN + _OP_ADD) 127 | #define OP_DBL_SUB (OP_DBL_BEGIN + _OP_SUB) 128 | #define OP_DBL_MUL (OP_DBL_BEGIN + _OP_MUL) 129 | #define OP_DBL_DIV (OP_DBL_BEGIN + _OP_DIV) 130 | #define OP_DBL_MINUS (OP_DBL_BEGIN + _OP_MINUS) 131 | #define OP_DBL_END OP_DBL_MINUS 132 | 133 | #define OP_STR_BEGIN 140 134 | #define OP_STR_EQ (OP_STR_BEGIN + _OP_EQ) 135 | #define OP_STR_NEQ (OP_STR_BEGIN + _OP_NEQ) 136 | #define OP_STR_LT (OP_STR_BEGIN + _OP_LT) 137 | #define OP_STR_GT (OP_STR_BEGIN + _OP_GT) 138 | #define OP_STR_LE (OP_STR_BEGIN + _OP_LE) 139 | #define OP_STR_GE (OP_STR_BEGIN + _OP_GE) 140 | #define OP_STR_END OP_STR_GE 141 | 142 | #define IS_INT_OP(x) ((x) >= OP_INT_BEGIN && (x) <= OP_INT_END) 143 | #define IS_DBL_OP(x) ((x) >= OP_DBL_BEGIN && (x) <= OP_DBL_END) 144 | #define IS_STR_OP(x) ((x) >= OP_STR_BEGIN && (x) <= OP_STR_END) 145 | 146 | #define OP_READ_INT 240 147 | #define OP_INT8 (OP_READ_INT + 0) 148 | #define OP_INT16 (OP_READ_INT + 1) 149 | #define OP_INT32 (OP_READ_INT + 2) 150 | #define OP_UINT8 (OP_READ_INT + 3) 151 | #define OP_UINT16 (OP_READ_INT + 4) 152 | #define OP_UINT32 (OP_READ_INT + 5) 153 | #define OP_INT8BE (OP_READ_INT + 6) 154 | #define OP_INT16BE (OP_READ_INT + 7) 155 | #define OP_INT32BE (OP_READ_INT + 8) 156 | #define OP_UINT8BE (OP_READ_INT + 9) 157 | #define OP_UINT16BE (OP_READ_INT + 10) 158 | #define OP_UINT32BE (OP_READ_INT + 11) 159 | 160 | 161 | #define OPERATION(operator, op1, op2) \ 162 | (IS_UNDEFINED(op1) || IS_UNDEFINED(op2)) ? (UNDEFINED) : (op1 operator op2) 163 | 164 | 165 | #define COMPARISON(operator, op1, op2) \ 166 | (IS_UNDEFINED(op1) || IS_UNDEFINED(op2)) ? (0) : (op1 operator op2) 167 | 168 | 169 | int yr_execute_code( 170 | YR_RULES* rules, 171 | YR_SCAN_CONTEXT* context, 172 | int timeout, 173 | time_t start_time); 174 | 175 | #endif 176 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/exefiles.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_EXEFILES_H 31 | #define YR_EXEFILES_H 32 | 33 | uint64_t yr_get_entry_point_offset( 34 | uint8_t* buffer, 35 | size_t buffer_length); 36 | 37 | 38 | uint64_t yr_get_entry_point_address( 39 | uint8_t* buffer, 40 | size_t buffer_length, 41 | size_t base_address); 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/filemap.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_FILEMAP_H 31 | #define YR_FILEMAP_H 32 | 33 | #ifdef _MSC_VER 34 | #define off_t int64_t 35 | #else 36 | #include 37 | #endif 38 | 39 | #if defined(_WIN32) || defined(__CYGWIN__) 40 | #include 41 | #define YR_FILE_DESCRIPTOR HANDLE 42 | #else 43 | #define YR_FILE_DESCRIPTOR int 44 | #endif 45 | 46 | #include 47 | 48 | #include "integers.h" 49 | #include "utils.h" 50 | 51 | 52 | typedef struct _YR_MAPPED_FILE 53 | { 54 | YR_FILE_DESCRIPTOR file; 55 | size_t size; 56 | uint8_t* data; 57 | #if defined(_WIN32) || defined(__CYGWIN__) 58 | HANDLE mapping; 59 | #endif 60 | 61 | } YR_MAPPED_FILE; 62 | 63 | 64 | YR_API int yr_filemap_map( 65 | const char* file_path, 66 | YR_MAPPED_FILE* pmapped_file); 67 | 68 | 69 | YR_API int yr_filemap_map_fd( 70 | YR_FILE_DESCRIPTOR file, 71 | off_t offset, 72 | size_t size, 73 | YR_MAPPED_FILE* pmapped_file); 74 | 75 | 76 | YR_API int yr_filemap_map_ex( 77 | const char* file_path, 78 | off_t offset, 79 | size_t size, 80 | YR_MAPPED_FILE* pmapped_file); 81 | 82 | 83 | YR_API void yr_filemap_unmap( 84 | YR_MAPPED_FILE* pmapped_file); 85 | 86 | 87 | YR_API void yr_filemap_unmap_fd( 88 | YR_MAPPED_FILE* pmapped_file); 89 | 90 | #endif 91 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/globals.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_GLOBALS_H 31 | #define YR_GLOBALS_H 32 | 33 | extern char lowercase[256]; 34 | extern char altercase[256]; 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/hash.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_HASH_H 31 | #define YR_HASH_H 32 | 33 | #include 34 | 35 | #include "utils.h" 36 | 37 | typedef struct _YR_HASH_TABLE_ENTRY 38 | { 39 | void* key; 40 | size_t key_length; 41 | char* ns; 42 | void* value; 43 | 44 | struct _YR_HASH_TABLE_ENTRY* next; 45 | 46 | } YR_HASH_TABLE_ENTRY; 47 | 48 | 49 | typedef struct _YR_HASH_TABLE 50 | { 51 | int size; 52 | 53 | YR_HASH_TABLE_ENTRY* buckets[1]; 54 | 55 | } YR_HASH_TABLE; 56 | 57 | 58 | typedef int (*YR_HASH_TABLE_FREE_VALUE_FUNC)(void* value); 59 | 60 | 61 | YR_API int yr_hash_table_create( 62 | int size, 63 | YR_HASH_TABLE** table); 64 | 65 | 66 | YR_API void yr_hash_table_clean( 67 | YR_HASH_TABLE* table, 68 | YR_HASH_TABLE_FREE_VALUE_FUNC free_value); 69 | 70 | 71 | YR_API void yr_hash_table_destroy( 72 | YR_HASH_TABLE* table, 73 | YR_HASH_TABLE_FREE_VALUE_FUNC free_value); 74 | 75 | 76 | YR_API void* yr_hash_table_lookup( 77 | YR_HASH_TABLE* table, 78 | const char* key, 79 | const char* ns); 80 | 81 | 82 | YR_API int yr_hash_table_add( 83 | YR_HASH_TABLE* table, 84 | const char* key, 85 | const char* ns, 86 | void* value); 87 | 88 | 89 | YR_API void* yr_hash_table_lookup_raw_key( 90 | YR_HASH_TABLE* table, 91 | const void* key, 92 | size_t key_length, 93 | const char* ns); 94 | 95 | 96 | YR_API int yr_hash_table_add_raw_key( 97 | YR_HASH_TABLE* table, 98 | const void* key, 99 | size_t key_length, 100 | const char* ns, 101 | void* value); 102 | 103 | #endif 104 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/hex_lexer.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com]. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include "re.h" 31 | 32 | #undef yyparse 33 | #undef yylex 34 | #undef yyerror 35 | #undef yyfatal 36 | #undef yychar 37 | #undef yydebug 38 | #undef yynerrs 39 | #undef yyget_extra 40 | #undef yyget_lineno 41 | 42 | #undef YY_FATAL_ERROR 43 | #undef YY_DECL 44 | #undef LEX_ENV 45 | 46 | #define yyparse hex_yyparse 47 | #define yylex hex_yylex 48 | #define yyerror hex_yyerror 49 | #define yyfatal hex_yyfatal 50 | #define yychar hex_yychar 51 | #define yydebug hex_yydebug 52 | #define yynerrs hex_yynerrs 53 | #define yyget_extra hex_yyget_extra 54 | #define yyget_lineno hex_yyget_lineno 55 | 56 | 57 | #ifndef YY_TYPEDEF_YY_SCANNER_T 58 | #define YY_TYPEDEF_YY_SCANNER_T 59 | typedef void* yyscan_t; 60 | #endif 61 | 62 | #define YY_EXTRA_TYPE RE* 63 | #define YY_USE_CONST 64 | 65 | 66 | typedef struct _HEX_LEX_ENVIRONMENT 67 | { 68 | int token_count; 69 | int inside_or; 70 | int last_error_code; 71 | char last_error_message[256]; 72 | 73 | } HEX_LEX_ENVIRONMENT; 74 | 75 | 76 | #define YY_FATAL_ERROR(msg) hex_yyfatal(yyscanner, msg) 77 | 78 | #define LEX_ENV ((HEX_LEX_ENVIRONMENT*) lex_env) 79 | 80 | #include 81 | 82 | #define YY_DECL int hex_yylex \ 83 | (YYSTYPE * yylval_param , yyscan_t yyscanner, HEX_LEX_ENVIRONMENT* lex_env) 84 | 85 | 86 | YY_EXTRA_TYPE yyget_extra( 87 | yyscan_t yyscanner); 88 | 89 | int yylex( 90 | YYSTYPE* yylval_param, 91 | yyscan_t yyscanner, 92 | HEX_LEX_ENVIRONMENT* lex_env); 93 | 94 | int yyparse( 95 | void* yyscanner, 96 | HEX_LEX_ENVIRONMENT* lex_env); 97 | 98 | void yyerror( 99 | yyscan_t yyscanner, 100 | HEX_LEX_ENVIRONMENT* lex_env, 101 | const char* error_message); 102 | 103 | void yyfatal( 104 | yyscan_t yyscanner, 105 | const char* error_message); 106 | 107 | int yr_parse_hex_string( 108 | const char* hex_string, 109 | int flags, 110 | RE** re, 111 | RE_ERROR* error); 112 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/integers.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_INTEGERS_H 31 | #define YR_INTEGERS_H 32 | 33 | /* Integer type definitions 34 | */ 35 | #if ( defined( _MSC_VER ) && ( _MSC_VER < 1600 ) ) || ( defined( __BORLANDC__ ) && ( __BORLANDC__ <= 0x0560 ) ) 36 | 37 | #ifdef __cplusplus 38 | extern "C" { 39 | #endif 40 | 41 | /* Microsoft Visual Studio C++ before Visual Studio 2010 or earlier versions of the Borland C++ Builder 42 | * do not support the (u)int#_t type definitions but have __int# defintions instead 43 | */ 44 | typedef __int8 int8_t; 45 | typedef unsigned __int8 uint8_t; 46 | typedef __int16 int16_t; 47 | typedef unsigned __int16 uint16_t; 48 | typedef __int32 int32_t; 49 | typedef unsigned __int32 uint32_t; 50 | typedef __int64 int64_t; 51 | typedef unsigned __int64 uint64_t; 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | #else 58 | 59 | /* Other "compilers" and later versions of Microsoft Visual Studio C++ and 60 | * Borland C/C++ define the types in 61 | */ 62 | #include 63 | 64 | #endif 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/lexer.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com]. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include "compiler.h" 31 | 32 | 33 | #undef yyparse 34 | #undef yylex 35 | #undef yyerror 36 | #undef yyfatal 37 | #undef yychar 38 | #undef yydebug 39 | #undef yynerrs 40 | #undef yyget_extra 41 | #undef yyget_lineno 42 | 43 | #undef YY_DECL 44 | #undef YY_FATAL_ERROR 45 | #undef YY_EXTRA_TYPE 46 | 47 | #define yyparse yara_yyparse 48 | #define yylex yara_yylex 49 | #define yyerror yara_yyerror 50 | #define yyfatal yara_yyfatal 51 | #define yywarning yara_yywarning 52 | #define yychar yara_yychar 53 | #define yydebug yara_yydebug 54 | #define yynerrs yara_yynerrs 55 | #define yyget_extra yara_yyget_extra 56 | #define yyget_lineno yara_yyget_lineno 57 | 58 | 59 | #ifndef YY_TYPEDEF_YY_SCANNER_T 60 | #define YY_TYPEDEF_YY_SCANNER_T 61 | typedef void* yyscan_t; 62 | #endif 63 | 64 | #ifndef YY_TYPEDEF_EXPRESSION_T 65 | #define YY_TYPEDEF_EXPRESSION_T 66 | 67 | 68 | // Expression type constants are powers of two because they are used as flags. 69 | // For example: 70 | // CHECK_TYPE(whatever, EXPRESSION_TYPE_INTEGER | EXPRESSION_TYPE_FLOAT) 71 | // The expression above is used to ensure that the type of "whatever" is either 72 | // integer or float. 73 | 74 | #define EXPRESSION_TYPE_BOOLEAN 1 75 | #define EXPRESSION_TYPE_INTEGER 2 76 | #define EXPRESSION_TYPE_STRING 4 77 | #define EXPRESSION_TYPE_REGEXP 8 78 | #define EXPRESSION_TYPE_OBJECT 16 79 | #define EXPRESSION_TYPE_FLOAT 32 80 | 81 | typedef struct _EXPRESSION 82 | { 83 | int type; 84 | 85 | union 86 | { 87 | int64_t integer; 88 | YR_OBJECT* object; 89 | SIZED_STRING* sized_string; 90 | } value; 91 | 92 | const char* identifier; 93 | 94 | } EXPRESSION; 95 | 96 | union YYSTYPE; 97 | 98 | #endif 99 | 100 | 101 | #define YY_DECL int yylex( \ 102 | union YYSTYPE* yylval_param, yyscan_t yyscanner, YR_COMPILER* compiler) 103 | 104 | 105 | #define YY_FATAL_ERROR(msg) yara_yyfatal(yyscanner, msg) 106 | 107 | 108 | #define YY_EXTRA_TYPE YR_COMPILER* 109 | #define YY_USE_CONST 110 | 111 | 112 | int yyget_lineno(yyscan_t yyscanner); 113 | 114 | int yylex( 115 | union YYSTYPE* yylval_param, 116 | yyscan_t yyscanner, 117 | YR_COMPILER* compiler); 118 | 119 | int yyparse( 120 | void* yyscanner, 121 | YR_COMPILER* compiler); 122 | 123 | void yyerror( 124 | yyscan_t yyscanner, 125 | YR_COMPILER* compiler, 126 | const char* error_message); 127 | 128 | void yywarning( 129 | yyscan_t yyscanner, 130 | const char* message_fmt, 131 | ...); 132 | 133 | void yyfatal( 134 | yyscan_t yyscanner, 135 | const char* error_message); 136 | 137 | YY_EXTRA_TYPE yyget_extra( 138 | yyscan_t yyscanner); 139 | 140 | int yr_lex_parse_rules_string( 141 | const char* rules_string, 142 | YR_COMPILER* compiler); 143 | 144 | int yr_lex_parse_rules_file( 145 | FILE* rules_file, 146 | YR_COMPILER* compiler); 147 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/libyara.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_LIBYARA_H 31 | #define YR_LIBYARA_H 32 | 33 | #include "utils.h" 34 | 35 | #define YR_MAJOR_VERSION 3 36 | #define YR_MINOR_VERSION 5 37 | #define YR_MICRO_VERSION 0 38 | 39 | // Version as a string 40 | #define YR_VERSION "3.5.0" 41 | 42 | 43 | // Version as a single 4-byte hex number, e.g. 0x030401 == 3.4.1. 44 | #define YR_VERSION_HEX ((YR_MAJOR_VERSION << 16) | \ 45 | (YR_MINOR_VERSION << 8) | \ 46 | (YR_MICRO_VERSION << 0)) 47 | 48 | 49 | // Enumerated type listing configuration options 50 | typedef enum _YR_CONFIG_NAME 51 | { 52 | YR_CONFIG_STACK_SIZE, 53 | YR_CONFIG_MAX 54 | 55 | } YR_CONFIG_NAME; 56 | 57 | 58 | #define DEFAULT_STACK_SIZE 16384 59 | 60 | 61 | YR_API int yr_initialize(void); 62 | 63 | 64 | YR_API int yr_finalize(void); 65 | 66 | 67 | YR_API void yr_finalize_thread(void); 68 | 69 | 70 | YR_API int yr_get_tidx(void); 71 | 72 | 73 | YR_API void yr_set_tidx(int); 74 | 75 | 76 | YR_API int yr_set_configuration(YR_CONFIG_NAME, void*); 77 | 78 | 79 | YR_API int yr_get_configuration(YR_CONFIG_NAME, void*); 80 | 81 | #endif 82 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/limits.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_LIMITS_H 31 | #define YR_LIMITS_H 32 | 33 | #if defined(_WIN32) || defined(__CYGWIN__) 34 | #include 35 | #endif 36 | 37 | 38 | // MAX_THREADS is the number of threads that can use a YR_RULES 39 | // object simultaneosly. This value is limited by the number of 40 | // bits in tidx_mask. 41 | 42 | #define MAX_THREADS 32 43 | 44 | 45 | #ifndef MAX_PATH 46 | #define MAX_PATH 1024 47 | #endif 48 | 49 | #define MAX_COMPILER_ERROR_EXTRA_INFO 256 50 | #define MAX_ATOM_LENGTH 4 51 | #define MAX_LOOP_NESTING 4 52 | #define MAX_ARENA_PAGES 32 53 | #define MAX_INCLUDE_DEPTH 16 54 | #define MAX_STRING_MATCHES 1000000 55 | #define MAX_FUNCTION_ARGS 128 56 | #define MAX_FAST_HEX_RE_STACK 300 57 | #define MAX_OVERLOADED_FUNCTIONS 10 58 | #define MAX_HEX_STRING_TOKENS 10000 59 | #define MAX_MATCH_DATA 4096 60 | 61 | #define LOOP_LOCAL_VARS 4 62 | #define STRING_CHAINING_THRESHOLD 200 63 | #define LEX_BUF_SIZE 8192 64 | 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/mem.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_MEM_H 31 | #define YR_MEM_H 32 | 33 | #include 34 | 35 | #include "config.h" 36 | 37 | #ifdef DMALLOC 38 | 39 | #define yr_malloc malloc 40 | #define yr_calloc calloc 41 | #define yr_realloc realloc 42 | #define yr_free free 43 | #define yr_strdup strdup 44 | #define yr_strndup strndup 45 | 46 | #include 47 | 48 | #else 49 | 50 | void* yr_calloc( 51 | size_t count, 52 | size_t size); 53 | 54 | void* yr_malloc( 55 | size_t size); 56 | 57 | void* yr_realloc( 58 | void* ptr, 59 | size_t size); 60 | 61 | void yr_free( 62 | void* ptr); 63 | 64 | char* yr_strdup( 65 | const char* str); 66 | 67 | char* yr_strndup( 68 | const char* str, size_t n); 69 | 70 | #endif 71 | 72 | int yr_heap_alloc(void); 73 | 74 | int yr_heap_free(void); 75 | 76 | #endif 77 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/object.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_OBJECT_H 31 | #define YR_OBJECT_H 32 | 33 | #ifdef _MSC_VER 34 | 35 | #include 36 | #define isnan _isnan 37 | 38 | #ifndef INFINITY 39 | #define INFINITY (DBL_MAX + DBL_MAX) 40 | #endif 41 | 42 | #ifndef NAN 43 | #define NAN (INFINITY-INFINITY) 44 | #endif 45 | 46 | #endif 47 | 48 | #include "types.h" 49 | 50 | 51 | #define OBJECT_CREATE 1 52 | 53 | #define OBJECT_TYPE_INTEGER 1 54 | #define OBJECT_TYPE_STRING 2 55 | #define OBJECT_TYPE_STRUCTURE 3 56 | #define OBJECT_TYPE_ARRAY 4 57 | #define OBJECT_TYPE_FUNCTION 5 58 | #define OBJECT_TYPE_REGEXP 6 59 | #define OBJECT_TYPE_DICTIONARY 7 60 | #define OBJECT_TYPE_FLOAT 8 61 | 62 | 63 | int yr_object_create( 64 | int8_t type, 65 | const char* identifier, 66 | YR_OBJECT* parent, 67 | YR_OBJECT** object); 68 | 69 | 70 | int yr_object_function_create( 71 | const char* identifier, 72 | const char* arguments_fmt, 73 | const char* return_fmt, 74 | YR_MODULE_FUNC func, 75 | YR_OBJECT* parent, 76 | YR_OBJECT** function); 77 | 78 | 79 | int yr_object_from_external_variable( 80 | YR_EXTERNAL_VARIABLE* external, 81 | YR_OBJECT** object); 82 | 83 | 84 | void yr_object_destroy( 85 | YR_OBJECT* object); 86 | 87 | 88 | YR_OBJECT* yr_object_lookup_field( 89 | YR_OBJECT* object, 90 | const char* field_name); 91 | 92 | 93 | YR_OBJECT* yr_object_lookup( 94 | YR_OBJECT* root, 95 | int flags, 96 | const char* pattern, 97 | ...); 98 | 99 | 100 | int yr_object_has_undefined_value( 101 | YR_OBJECT* object, 102 | const char* field, 103 | ...); 104 | 105 | int64_t yr_object_get_integer( 106 | YR_OBJECT* object, 107 | const char* field, 108 | ...); 109 | 110 | 111 | SIZED_STRING* yr_object_get_string( 112 | YR_OBJECT* object, 113 | const char* field, 114 | ...); 115 | 116 | 117 | int yr_object_set_integer( 118 | int64_t value, 119 | YR_OBJECT* object, 120 | const char* field, 121 | ...); 122 | 123 | 124 | int yr_object_set_float( 125 | double value, 126 | YR_OBJECT* object, 127 | const char* field, 128 | ...); 129 | 130 | 131 | int yr_object_set_string( 132 | const char* value, 133 | size_t len, 134 | YR_OBJECT* object, 135 | const char* field, 136 | ...); 137 | 138 | 139 | YR_OBJECT* yr_object_array_get_item( 140 | YR_OBJECT* object, 141 | int flags, 142 | int index); 143 | 144 | 145 | int yr_object_array_set_item( 146 | YR_OBJECT* object, 147 | YR_OBJECT* item, 148 | int index); 149 | 150 | 151 | YR_OBJECT* yr_object_dict_get_item( 152 | YR_OBJECT* object, 153 | int flags, 154 | const char* key); 155 | 156 | 157 | int yr_object_dict_set_item( 158 | YR_OBJECT* object, 159 | YR_OBJECT* item, 160 | const char* key); 161 | 162 | 163 | int yr_object_structure_set_member( 164 | YR_OBJECT* object, 165 | YR_OBJECT* member); 166 | 167 | 168 | YR_OBJECT* yr_object_get_root( 169 | YR_OBJECT* object); 170 | 171 | 172 | YR_API void yr_object_print_data( 173 | YR_OBJECT* object, 174 | int indent, 175 | int print_identifier); 176 | 177 | 178 | #endif 179 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/parser.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_PARSER_H 31 | #define YR_PARSER_H 32 | 33 | 34 | #include "lexer.h" 35 | 36 | 37 | int yr_parser_emit( 38 | yyscan_t yyscanner, 39 | uint8_t instruction, 40 | uint8_t** instruction_address); 41 | 42 | 43 | int yr_parser_emit_with_arg( 44 | yyscan_t yyscanner, 45 | uint8_t instruction, 46 | int64_t argument, 47 | uint8_t** instruction_address, 48 | int64_t** argument_address); 49 | 50 | 51 | int yr_parser_emit_with_arg_double( 52 | yyscan_t yyscanner, 53 | uint8_t instruction, 54 | double argument, 55 | uint8_t** instruction_address, 56 | double** argument_address); 57 | 58 | 59 | int yr_parser_emit_with_arg_reloc( 60 | yyscan_t yyscanner, 61 | uint8_t instruction, 62 | int64_t argument, 63 | uint8_t** instruction_address, 64 | int64_t** argument_address); 65 | 66 | 67 | int yr_parser_check_types( 68 | YR_COMPILER* compiler, 69 | YR_OBJECT_FUNCTION* function, 70 | const char* actual_args_fmt); 71 | 72 | 73 | YR_STRING* yr_parser_lookup_string( 74 | yyscan_t yyscanner, 75 | const char* identifier); 76 | 77 | 78 | int yr_parser_lookup_loop_variable( 79 | yyscan_t yyscanner, 80 | const char* identifier); 81 | 82 | 83 | YR_RULE* yr_parser_reduce_rule_declaration_phase_1( 84 | yyscan_t yyscanner, 85 | int32_t flags, 86 | const char* identifier); 87 | 88 | 89 | int yr_parser_reduce_rule_declaration_phase_2( 90 | yyscan_t yyscanner, 91 | YR_RULE* rule); 92 | 93 | 94 | YR_STRING* yr_parser_reduce_string_declaration( 95 | yyscan_t yyscanner, 96 | int32_t flags, 97 | const char* identifier, 98 | SIZED_STRING* str); 99 | 100 | 101 | YR_META* yr_parser_reduce_meta_declaration( 102 | yyscan_t yyscanner, 103 | int32_t type, 104 | const char* identifier, 105 | const char* string, 106 | int64_t integer); 107 | 108 | 109 | int yr_parser_reduce_string_identifier( 110 | yyscan_t yyscanner, 111 | const char* identifier, 112 | uint8_t instruction, 113 | uint64_t at_offset); 114 | 115 | 116 | int yr_parser_emit_pushes_for_strings( 117 | yyscan_t yyscanner, 118 | const char* identifier); 119 | 120 | 121 | int yr_parser_reduce_external( 122 | yyscan_t yyscanner, 123 | const char* identifier, 124 | uint8_t intruction); 125 | 126 | 127 | int yr_parser_reduce_import( 128 | yyscan_t yyscanner, 129 | SIZED_STRING* module_name); 130 | 131 | 132 | int yr_parser_reduce_operation( 133 | yyscan_t yyscanner, 134 | const char* operation, 135 | EXPRESSION left_operand, 136 | EXPRESSION right_operand); 137 | 138 | #endif 139 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/proc.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_PROC_H 31 | #define YR_PROC_H 32 | 33 | #include "types.h" 34 | 35 | int yr_process_open_iterator( 36 | int pid, 37 | YR_MEMORY_BLOCK_ITERATOR* iterator); 38 | 39 | int yr_process_close_iterator( 40 | YR_MEMORY_BLOCK_ITERATOR* iterator); 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/re_lexer.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #undef yyparse 31 | #undef yylex 32 | #undef yyerror 33 | #undef yyfatal 34 | #undef yychar 35 | #undef yydebug 36 | #undef yynerrs 37 | #undef yyget_extra 38 | #undef yyget_lineno 39 | 40 | #undef YY_FATAL_ERROR 41 | #undef YY_DECL 42 | #undef LEX_ENV 43 | 44 | 45 | #define yyparse re_yyparse 46 | #define yylex re_yylex 47 | #define yyerror re_yyerror 48 | #define yyfatal re_yyfatal 49 | #define yychar re_yychar 50 | #define yydebug re_yydebug 51 | #define yynerrs re_yynerrs 52 | #define yyget_extra re_yyget_extra 53 | #define yyget_lineno re_yyget_lineno 54 | 55 | 56 | #ifndef YY_TYPEDEF_YY_SCANNER_T 57 | #define YY_TYPEDEF_YY_SCANNER_T 58 | typedef void* yyscan_t; 59 | #endif 60 | 61 | #define YY_EXTRA_TYPE RE* 62 | #define YY_USE_CONST 63 | 64 | 65 | typedef struct _RE_LEX_ENVIRONMENT 66 | { 67 | int negated_class; 68 | uint8_t class_vector[32]; 69 | int last_error_code; 70 | char last_error_message[256]; 71 | 72 | } RE_LEX_ENVIRONMENT; 73 | 74 | 75 | #define LEX_ENV ((RE_LEX_ENVIRONMENT*) lex_env) 76 | 77 | #define YY_FATAL_ERROR(msg) re_yyfatal(yyscanner, msg) 78 | 79 | #include 80 | 81 | #define YY_DECL int re_yylex \ 82 | (YYSTYPE * yylval_param , yyscan_t yyscanner, RE_LEX_ENVIRONMENT* lex_env) 83 | 84 | 85 | YY_EXTRA_TYPE yyget_extra( 86 | yyscan_t yyscanner); 87 | 88 | int yylex( 89 | YYSTYPE* yylval_param, 90 | yyscan_t yyscanner, 91 | RE_LEX_ENVIRONMENT* lex_env); 92 | 93 | int yyparse( 94 | void* yyscanner, 95 | RE_LEX_ENVIRONMENT* lex_env); 96 | 97 | void yyerror( 98 | yyscan_t yyscanner, 99 | RE_LEX_ENVIRONMENT* lex_env, 100 | const char* error_message); 101 | 102 | void yyfatal( 103 | yyscan_t yyscanner, 104 | const char* error_message); 105 | 106 | int yr_parse_re_string( 107 | const char* re_string, 108 | int flags, 109 | RE** re, 110 | RE_ERROR* error); 111 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/rules.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_RULES_H 31 | #define YR_RULES_H 32 | 33 | #include "types.h" 34 | #include "utils.h" 35 | #include "filemap.h" 36 | 37 | 38 | #define CALLBACK_MSG_RULE_MATCHING 1 39 | #define CALLBACK_MSG_RULE_NOT_MATCHING 2 40 | #define CALLBACK_MSG_SCAN_FINISHED 3 41 | #define CALLBACK_MSG_IMPORT_MODULE 4 42 | #define CALLBACK_MSG_MODULE_IMPORTED 5 43 | 44 | #define CALLBACK_CONTINUE 0 45 | #define CALLBACK_ABORT 1 46 | #define CALLBACK_ERROR 2 47 | 48 | 49 | #define yr_rule_tags_foreach(rule, tag_name) \ 50 | for (tag_name = rule->tags; \ 51 | tag_name != NULL && *tag_name != '\0'; \ 52 | tag_name += strlen(tag_name) + 1) 53 | 54 | 55 | #define yr_rule_metas_foreach(rule, meta) \ 56 | for (meta = rule->metas; !META_IS_NULL(meta); meta++) 57 | 58 | 59 | #define yr_rule_strings_foreach(rule, string) \ 60 | for (string = rule->strings; !STRING_IS_NULL(string); string++) 61 | 62 | 63 | #define yr_string_matches_foreach(string, match) \ 64 | for (match = STRING_MATCHES(string).head; match != NULL; match = match->next) 65 | 66 | 67 | #define yr_rules_foreach(rules, rule) \ 68 | for (rule = rules->rules_list_head; !RULE_IS_NULL(rule); rule++) 69 | 70 | 71 | 72 | YR_API int yr_rules_scan_mem( 73 | YR_RULES* rules, 74 | uint8_t* buffer, 75 | size_t buffer_size, 76 | int flags, 77 | YR_CALLBACK_FUNC callback, 78 | void* user_data, 79 | int timeout); 80 | 81 | 82 | YR_API int yr_rules_scan_file( 83 | YR_RULES* rules, 84 | const char* filename, 85 | int flags, 86 | YR_CALLBACK_FUNC callback, 87 | void* user_data, 88 | int timeout); 89 | 90 | 91 | YR_API int yr_rules_scan_fd( 92 | YR_RULES* rules, 93 | YR_FILE_DESCRIPTOR fd, 94 | int flags, 95 | YR_CALLBACK_FUNC callback, 96 | void* user_data, 97 | int timeout); 98 | 99 | 100 | YR_API int yr_rules_scan_proc( 101 | YR_RULES* rules, 102 | int pid, 103 | int flags, 104 | YR_CALLBACK_FUNC callback, 105 | void* user_data, 106 | int timeout); 107 | 108 | YR_API int yr_rules_save( 109 | YR_RULES* rules, 110 | const char* filename); 111 | 112 | 113 | YR_API int yr_rules_save_stream( 114 | YR_RULES* rules, 115 | YR_STREAM* stream); 116 | 117 | 118 | YR_API int yr_rules_load( 119 | const char* filename, 120 | YR_RULES** rules); 121 | 122 | 123 | YR_API int yr_rules_load_stream( 124 | YR_STREAM* stream, 125 | YR_RULES** rules); 126 | 127 | 128 | YR_API int yr_rules_destroy( 129 | YR_RULES* rules); 130 | 131 | 132 | YR_API int yr_rules_define_integer_variable( 133 | YR_RULES* rules, 134 | const char* identifier, 135 | int64_t value); 136 | 137 | 138 | YR_API int yr_rules_define_boolean_variable( 139 | YR_RULES* rules, 140 | const char* identifier, 141 | int value); 142 | 143 | 144 | YR_API int yr_rules_define_float_variable( 145 | YR_RULES* rules, 146 | const char* identifier, 147 | double value); 148 | 149 | 150 | YR_API int yr_rules_define_string_variable( 151 | YR_RULES* rules, 152 | const char* identifier, 153 | const char* value); 154 | 155 | 156 | YR_API void yr_rules_print_profiling_info( 157 | YR_RULES* rules); 158 | 159 | #endif 160 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/scan.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_SCAN_H 31 | #define YR_SCAN_H 32 | 33 | #include "types.h" 34 | 35 | // Bitmasks for flags. 36 | #define SCAN_FLAGS_FAST_MODE 1 37 | #define SCAN_FLAGS_PROCESS_MEMORY 2 38 | 39 | 40 | int yr_scan_verify_match( 41 | YR_SCAN_CONTEXT* context, 42 | YR_AC_MATCH* ac_match, 43 | uint8_t* data, 44 | size_t data_size, 45 | size_t data_base, 46 | size_t offset); 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/sizedstr.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef _SIZEDSTR_H 31 | #define _SIZEDSTR_H 32 | 33 | #include 34 | 35 | #include "integers.h" 36 | 37 | // 38 | // This struct is used to support strings containing null chars. The length of 39 | // the string is stored along the string data. However the string data is also 40 | // terminated with a null char. 41 | // 42 | 43 | #define SIZED_STRING_FLAGS_NO_CASE 1 44 | #define SIZED_STRING_FLAGS_DOT_ALL 2 45 | 46 | #pragma pack(push) 47 | #pragma pack(8) 48 | 49 | 50 | typedef struct _SIZED_STRING 51 | { 52 | uint32_t length; 53 | uint32_t flags; 54 | 55 | char c_string[1]; 56 | 57 | } SIZED_STRING; 58 | 59 | #pragma pack(pop) 60 | 61 | 62 | int sized_string_cmp( 63 | SIZED_STRING* s1, 64 | SIZED_STRING* s2); 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/stream.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2015. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_STREAM_H 31 | #define YR_STREAM_H 32 | 33 | #include 34 | 35 | typedef size_t (*YR_STREAM_READ_FUNC)( 36 | void* ptr, 37 | size_t size, 38 | size_t count, 39 | void* user_data); 40 | 41 | 42 | typedef size_t (*YR_STREAM_WRITE_FUNC)( 43 | const void* ptr, 44 | size_t size, 45 | size_t count, 46 | void* user_data); 47 | 48 | 49 | typedef struct _YR_STREAM 50 | { 51 | void* user_data; 52 | 53 | YR_STREAM_READ_FUNC read; 54 | YR_STREAM_WRITE_FUNC write; 55 | 56 | } YR_STREAM; 57 | 58 | 59 | size_t yr_stream_read( 60 | void* ptr, 61 | size_t size, 62 | size_t count, 63 | YR_STREAM* stream); 64 | 65 | 66 | size_t yr_stream_write( 67 | const void* ptr, 68 | size_t size, 69 | size_t count, 70 | YR_STREAM* stream); 71 | 72 | #endif 73 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/strutils.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_STRUTILS_H 31 | #define YR_STRUTILS_H 32 | 33 | #include 34 | #include 35 | 36 | #include "integers.h" 37 | 38 | #include "config.h" 39 | 40 | // Cygwin already has these functions. 41 | #if defined(_WIN32) && !defined(__CYGWIN__) 42 | #if defined(_MSC_VER) && _MSC_VER < 1900 43 | #define snprintf _snprintf 44 | #endif 45 | #define strcasecmp _stricmp 46 | #define strncasecmp _strnicmp 47 | #endif 48 | 49 | 50 | uint64_t xtoi( 51 | const char* hexstr); 52 | 53 | 54 | #if !HAVE_STRLCPY && !defined(strlcpy) 55 | size_t strlcpy( 56 | char* dst, 57 | const char* src, 58 | size_t size); 59 | #endif 60 | 61 | 62 | #if !HAVE_STRLCAT && !defined(strlcat) 63 | size_t strlcat( 64 | char* dst, 65 | const char* src, 66 | size_t size); 67 | #endif 68 | 69 | 70 | #if !HAVE_MEMMEM && !defined(memmem) 71 | void* memmem( 72 | const void* haystack, 73 | size_t haystack_size, 74 | const void* needle, 75 | size_t needle_size); 76 | #endif 77 | 78 | 79 | int strnlen_w( 80 | const char* w_str); 81 | 82 | 83 | int strcmp_w( 84 | const char* w_str, 85 | const char* str); 86 | 87 | 88 | size_t strlcpy_w( 89 | char* dst, 90 | const char* w_src, 91 | size_t n); 92 | 93 | #endif 94 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/threading.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2016. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_MUTEX_H 31 | #define YR_MUTEX_H 32 | 33 | 34 | 35 | #if defined(_WIN32) || defined(__CYGWIN__) 36 | 37 | #include 38 | 39 | typedef DWORD YR_THREAD_ID; 40 | typedef DWORD YR_THREAD_STORAGE_KEY; 41 | typedef HANDLE YR_MUTEX; 42 | 43 | #else 44 | 45 | #include 46 | 47 | typedef pthread_t YR_THREAD_ID; 48 | typedef pthread_key_t YR_THREAD_STORAGE_KEY; 49 | typedef pthread_mutex_t YR_MUTEX; 50 | 51 | #endif 52 | 53 | YR_THREAD_ID yr_current_thread_id(void); 54 | 55 | int yr_mutex_create(YR_MUTEX*); 56 | int yr_mutex_destroy(YR_MUTEX*); 57 | int yr_mutex_lock(YR_MUTEX*); 58 | int yr_mutex_unlock(YR_MUTEX*); 59 | 60 | int yr_thread_storage_create(YR_THREAD_STORAGE_KEY*); 61 | int yr_thread_storage_destroy(YR_THREAD_STORAGE_KEY*); 62 | int yr_thread_storage_set_value(YR_THREAD_STORAGE_KEY*, void*); 63 | void* yr_thread_storage_get_value(YR_THREAD_STORAGE_KEY*); 64 | 65 | #endif 66 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara/utils.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | 31 | #ifndef YR_UTILS_H 32 | #define YR_UTILS_H 33 | 34 | #ifndef TRUE 35 | #define TRUE 1 36 | #endif 37 | 38 | #ifndef FALSE 39 | #define FALSE 0 40 | #endif 41 | 42 | #ifndef NULL 43 | #define NULL 0 44 | #endif 45 | 46 | #ifdef __cplusplus 47 | #define EXTERNC extern "C" 48 | #else 49 | #define EXTERNC 50 | #endif 51 | 52 | #if defined(__GNUC__) 53 | #define YR_API EXTERNC __attribute__((visibility("default"))) 54 | #elif defined(_MSC_VER) 55 | #define YR_API EXTERNC __declspec(dllexport) 56 | #else 57 | #define YR_API EXTERNC 58 | #endif 59 | 60 | #if defined(__GNUC__) 61 | #define YR_ALIGN(n) __attribute__((aligned(n))) 62 | #elif defined(_MSC_VER) 63 | #define YR_ALIGN(n) __declspec(align(n)) 64 | #else 65 | #define YR_ALIGN(n) 66 | #endif 67 | 68 | #define yr_min(x, y) ((x < y) ? (x) : (y)) 69 | #define yr_max(x, y) ((x > y) ? (x) : (y)) 70 | 71 | #define PTR_TO_INT64(x) ((int64_t) (size_t) x) 72 | 73 | 74 | #ifdef NDEBUG 75 | 76 | #define assertf(expr, msg, ...) ((void)0) 77 | 78 | #else 79 | 80 | #include 81 | 82 | #define assertf(expr, msg, ...) \ 83 | if(!(expr)) { \ 84 | fprintf(stderr, "%s:%d: " msg "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ 85 | abort(); \ 86 | } 87 | 88 | #endif 89 | 90 | #endif 91 | -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/yara/yara_x64.lib -------------------------------------------------------------------------------- /x64dbg_pluginsdk/yara/yara_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m417z/Multiline-Ultimate-Assembler/f19dfe88ed16bbe4d99364106335e2c26a66b2bc/x64dbg_pluginsdk/yara/yara_x86.lib --------------------------------------------------------------------------------