├── .gitignore ├── LICENSE ├── README.md ├── SlothBP.ini ├── SlothBP.sln ├── SlothBP ├── SlothBP.vcxproj ├── SlothBP.vcxproj.filters ├── SlothBP.vcxproj.user ├── Utf8Ini.h ├── plugin.cpp ├── plugin.h ├── pluginmain.cpp ├── pluginmain.h ├── pluginsdk │ ├── DeviceNameResolver │ │ ├── DeviceNameResolver.h │ │ ├── DeviceNameResolver_x64.lib │ │ └── DeviceNameResolver_x86.lib │ ├── TitanEngine │ │ ├── TitanEngine.h │ │ ├── TitanEngine_x64.lib │ │ └── TitanEngine_x86.lib │ ├── XEDParse │ │ ├── XEDParse.h │ │ ├── XEDParse_x64.lib │ │ └── XEDParse_x86.lib │ ├── _dbgfunctions.h │ ├── _plugin_types.h │ ├── _plugins.h │ ├── _scriptapi.h │ ├── _scriptapi_argument.h │ ├── _scriptapi_assembler.h │ ├── _scriptapi_bookmark.h │ ├── _scriptapi_comment.h │ ├── _scriptapi_debug.h │ ├── _scriptapi_flag.h │ ├── _scriptapi_function.h │ ├── _scriptapi_gui.h │ ├── _scriptapi_label.h │ ├── _scriptapi_memory.h │ ├── _scriptapi_misc.h │ ├── _scriptapi_module.h │ ├── _scriptapi_pattern.h │ ├── _scriptapi_register.h │ ├── _scriptapi_stack.h │ ├── _scriptapi_symbol.h │ ├── bridgegraph.h │ ├── bridgelist.h │ ├── bridgemain.h │ ├── capstone │ │ ├── arm.h │ │ ├── arm64.h │ │ ├── capstone.h │ │ ├── capstone_x64.lib │ │ ├── capstone_x86.lib │ │ ├── m68k.h │ │ ├── mips.h │ │ ├── platform.h │ │ ├── ppc.h │ │ ├── sparc.h │ │ ├── systemz.h │ │ ├── x86.h │ │ └── xcore.h │ ├── dbghelp │ │ └── dbghelp.h │ ├── jansson │ │ ├── jansson.h │ │ ├── jansson_config.h │ │ ├── jansson_x64.lib │ │ ├── jansson_x64dbg.h │ │ └── jansson_x86.lib │ ├── lz4 │ │ ├── lz4.h │ │ ├── lz4_x64.lib │ │ ├── lz4_x86.lib │ │ ├── lz4file.h │ │ └── lz4hc.h │ ├── x32bridge.lib │ ├── x32dbg.lib │ ├── x64bridge.lib │ ├── x64dbg.lib │ └── yara │ │ ├── yara.h │ │ ├── yara │ │ ├── ahocorasick.h │ │ ├── arena.h │ │ ├── atoms.h │ │ ├── compiler.h │ │ ├── elf.h │ │ ├── error.h │ │ ├── exec.h │ │ ├── exefiles.h │ │ ├── filemap.h │ │ ├── globals.h │ │ ├── hash.h │ │ ├── hex_lexer.h │ │ ├── integers.h │ │ ├── lexer.h │ │ ├── libyara.h │ │ ├── limits.h │ │ ├── mem.h │ │ ├── modules.h │ │ ├── object.h │ │ ├── parser.h │ │ ├── pe.h │ │ ├── proc.h │ │ ├── re.h │ │ ├── re_lexer.h │ │ ├── rules.h │ │ ├── scan.h │ │ ├── sizedstr.h │ │ ├── stream.h │ │ ├── strutils.h │ │ ├── threading.h │ │ ├── types.h │ │ └── utils.h │ │ ├── yara_x64.lib │ │ └── yara_x86.lib ├── resource.h ├── resource.rc ├── sloth.png └── strUtil.h ├── SlothBP_zh.ini └── release.bat /.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | Release/ 3 | Debug/ 4 | x64/ 5 | *.sdf 6 | *.opensdf 7 | *.suo 8 | *.aps 9 | .vs/ 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 x64dbg 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # More Breakpoints! 2 | 3 | # SlothBP 4 | 5 | Collaborative Breakpoint Manager for x64dbg. 6 | 7 | ![screenshot](https://i.imgur.com/v07n6LT.png) 8 | 9 | ## Example INI 10 | 11 | ``` 12 | [Memory] 13 | VirtualAlloc="kernel32.VirtualAlloc" 14 | 15 | [Code Injection] 16 | SetWindowsHookEx="user32.SetWindowsHookEx" 17 | 18 | [Networking] 19 | UrlDownloadToFile="urlmon.UrlDownloadToFile" 20 | ``` 21 | 22 | See [SlothBP.ini](https://github.com/x64dbg/SlothBP/blob/master/SlothBP.ini) for a more complete example. 23 | 24 | ## How to use 25 | 26 | * Download relases from [Release] (https://ci.appveyor.com/project/mrexodia/slothbp/build/artifacts) 27 | * Place Plugin in x32/64 plugin directory 28 | * Debug your favorite target and set the breakpoints from the menu items. 29 | 30 | Alternatively you can fork and compile the source code. 31 | 32 | ### Sharing ini's. 33 | 34 | The 'Collaborative' part comes with the ability to share your own INI files with predefined breakpoints. 35 | The format is simple: 36 | 37 | Add a category 38 | 39 | ``` 40 | [SomeCategory] 41 | ``` 42 | The fields are in a APIName = BreakpointName format, meaning that APIName will be the menu item name, and BreakpointName is a module.apiname format. This allows the plugin to automatically set the correct breakpoint. (The module isnt necessarily required but definitely recommended). 43 | 44 | ``` 45 | SomeApi = module.SomeApi 46 | ``` 47 | 48 | Thanks to: 49 | * @mrexodia 50 | * [anuj](https://twitter.com/asoni) 51 | * All others who provided input 52 | 53 | Feel free to share your INI configurations! 54 | 55 | -------------------------------------------------------------------------------- /SlothBP.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.40629.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SlothBP", "SlothBP\SlothBP.vcxproj", "{176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Debug|x64 = Debug|x64 12 | Release|Win32 = Release|Win32 13 | Release|x64 = Release|x64 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Debug|Win32.ActiveCfg = Debug|Win32 17 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Debug|Win32.Build.0 = Debug|Win32 18 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Debug|x64.ActiveCfg = Debug|x64 19 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Debug|x64.Build.0 = Debug|x64 20 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Release|Win32.ActiveCfg = Release|Win32 21 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Release|Win32.Build.0 = Release|Win32 22 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Release|x64.ActiveCfg = Release|x64 23 | {176822C9-3CF8-41A9-81AB-8BBD3E3E2A32}.Release|x64.Build.0 = Release|x64 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | EndGlobal 29 | -------------------------------------------------------------------------------- /SlothBP/SlothBP.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /SlothBP/plugin.cpp: -------------------------------------------------------------------------------- 1 | #include "plugin.h" 2 | #include "Utf8Ini.h" 3 | #include "resource.h" 4 | #include "strUtil.h" 5 | 6 | //Original idea by https://github.com/blaquee 7 | 8 | struct API 9 | { 10 | std::string apiName; 11 | std::string bpName; 12 | std::string category; 13 | bool enabled = false; 14 | }; 15 | 16 | enum MenuEntries 17 | { 18 | MENU_RELOAD = 99999, 19 | MENU_ABOUT = 100000 20 | }; 21 | 22 | static std::vector apis; 23 | static wchar_t apiFile[MAX_PATH]; 24 | 25 | static bool LoadApis(const wchar_t* apiFile) 26 | { 27 | apis.clear(); 28 | auto hFile = CreateFileW(apiFile, GENERIC_READ, FILE_SHARE_READ, nullptr, OPEN_EXISTING, 0, nullptr); 29 | auto result = false; 30 | if(hFile != INVALID_HANDLE_VALUE) 31 | { 32 | auto size = GetFileSize(hFile, nullptr); 33 | if(size) 34 | { 35 | std::vector iniData(size + 1, '\0'); 36 | DWORD read = 0; 37 | if(ReadFile(hFile, iniData.data(), size, &read, nullptr)) 38 | { 39 | Utf8Ini ini; 40 | int errorLine; 41 | if(ini.Deserialize(iniData.data(), errorLine)) 42 | { 43 | API curApi; 44 | for(auto & section : ini.Sections()) 45 | { 46 | curApi.category = section; 47 | for(auto & key : ini.Keys(section)) 48 | { 49 | curApi.bpName = key; 50 | curApi.apiName = ini.GetValue(section, key); 51 | apis.push_back(curApi); 52 | } 53 | } 54 | _plugin_logprintf("[" PLUGIN_NAME "] Loaded %d APIs in %d categories!\n", int(apis.size()), int(ini.Sections().size())); 55 | result = true; 56 | } 57 | else 58 | _plugin_logprintf("[" PLUGIN_NAME "] Error in API file at line %d...\n", errorLine); 59 | } 60 | else 61 | _plugin_logputs("[" PLUGIN_NAME "] Failed to read file..."); 62 | } 63 | else 64 | _plugin_logputs("[" PLUGIN_NAME "] File is empty..."); 65 | CloseHandle(hFile); 66 | } 67 | else 68 | _plugin_logputs("[" PLUGIN_NAME "] Failed to open file..."); 69 | return result; 70 | } 71 | 72 | static bool SetupMenus() 73 | { 74 | if(apis.empty()) 75 | return false; 76 | std::unordered_map categories; 77 | for(size_t i = 0; i < apis.size(); i++) 78 | { 79 | const auto & api = apis[i]; 80 | if(!categories.count(api.category)) 81 | { 82 | auto cMenu = _plugin_menuadd(hMenu, api.category.c_str()); 83 | if(cMenu == -1) 84 | { 85 | _plugin_logputs("[" PLUGIN_NAME "] Failed to add menu item"); 86 | return false; 87 | } 88 | 89 | categories[api.category] = cMenu; 90 | } 91 | auto cMenu = categories[api.category]; 92 | auto hEntry = int(i); 93 | if(!_plugin_menuaddentry(cMenu, hEntry, api.bpName.c_str())) 94 | { 95 | _plugin_logputs("[" PLUGIN_NAME "] Failed to add sub menu item"); 96 | return false; 97 | } 98 | _plugin_menuentrysetchecked(pluginHandle, hEntry, false); 99 | } 100 | auto hResInfo = FindResourceW(hInst, MAKEINTRESOURCEW(IDB_SLOTH), L"PNG"); 101 | auto hResData = LoadResource(hInst, hResInfo); 102 | auto pData = LockResource(hResData); 103 | ICONDATA icon; 104 | icon.data = pData; 105 | icon.size = SizeofResource(hInst, hResInfo); 106 | _plugin_menuseticon(hMenu, &icon); 107 | _plugin_menuaddentry(hMenu, MENU_RELOAD, "Reload Config"); 108 | _plugin_menuaddentry(hMenu, MENU_ABOUT, "About"); 109 | return true; 110 | } 111 | 112 | bool ReloadConfig() 113 | { 114 | bool ret = true; 115 | 116 | // Clear the menu 117 | if(_plugin_menuclear(hMenu)) 118 | { 119 | // Load the API file 120 | if(LoadApis(apiFile)) 121 | { 122 | // Setup the menu items for new config 123 | if(SetupMenus()) 124 | return ret; 125 | else 126 | { 127 | _plugin_logputs("SLOTHBP Menu setup failed"); 128 | ret = false; 129 | } 130 | } 131 | } 132 | return ret; 133 | } 134 | 135 | static void refreshStatus(CBTYPE type, const char* modulename) 136 | { 137 | if(apis.empty()) 138 | return; 139 | if(!modulename) 140 | return; 141 | if(type == CB_STOPDEBUG) 142 | { 143 | // Check for any invalid entries to remove 144 | // TODO: find a better way to do this if needed. 145 | for(size_t i = 0; i < apis.size(); ++i) 146 | { 147 | auto & api = apis[i]; 148 | auto addr = Eval(api.apiName.c_str()); 149 | auto oldenabled = api.enabled; 150 | api.enabled = addr ? (DbgGetBpxTypeAt(addr) & bp_normal) != 0 : false; 151 | if(api.enabled != oldenabled) //only waste GUI time if an update is needed 152 | _plugin_menuentrysetchecked(pluginHandle, int(i), api.enabled); 153 | } 154 | return; 155 | } 156 | 157 | for(size_t i = 0; i < apis.size(); ++i) 158 | { 159 | //determine if we care about this module. 160 | auto modnameList = split(apis[i].apiName, ':'); 161 | auto modname = modnameList.at(0); 162 | if(strstr(modulename, modname.c_str()) == NULL) 163 | { 164 | //skip this module, we don't need to incur cycles to resolve it 165 | continue; 166 | } 167 | else 168 | { 169 | auto & api = apis[i]; 170 | auto addr = Eval(api.apiName.c_str()); 171 | auto oldenabled = api.enabled; 172 | api.enabled = addr ? (DbgGetBpxTypeAt(addr) & bp_normal) != 0 : false; 173 | if(api.enabled != oldenabled) //only waste GUI time if an update is needed 174 | _plugin_menuentrysetchecked(pluginHandle, int(i), api.enabled); 175 | } 176 | } 177 | } 178 | 179 | PLUG_EXPORT void CBCREATEPROCESS(CBTYPE cbType, PLUG_CB_CREATEPROCESS* info) 180 | { 181 | refreshStatus(cbType, info->DebugFileName); 182 | } 183 | 184 | PLUG_EXPORT void CBLOADDLL(CBTYPE cbType, PLUG_CB_LOADDLL* info) 185 | { 186 | refreshStatus(cbType, info->modname); 187 | } 188 | 189 | PLUG_EXPORT void CBSTOPDEBUG(CBTYPE cbType, PLUG_CB_STOPDEBUG* info) 190 | { 191 | refreshStatus(cbType, nullptr); 192 | } 193 | 194 | PLUG_EXPORT void CBMENUENTRY(CBTYPE cbType, PLUG_CB_MENUENTRY* info) 195 | { 196 | if(info->hEntry >= 0 && info->hEntry < int(apis.size())) 197 | { 198 | auto & api = apis[info->hEntry]; 199 | if(DbgIsDebugging()) 200 | { 201 | auto addr = Eval(api.apiName.c_str()); 202 | if(addr) 203 | { 204 | auto bpType = DbgGetBpxTypeAt(addr); 205 | char cmd[256] = ""; 206 | if(api.enabled) //already enabled -> try to disable 207 | { 208 | if(bpType & bp_normal) //enabled in the debuggee -> try to disable 209 | { 210 | sprintf_s(cmd, "bc %p", addr); 211 | if(DbgCmdExecDirect(cmd)) 212 | api.enabled = false; 213 | } 214 | else //already disabled in the debuggee -> nothing to do 215 | { 216 | _plugin_logputs("Breakpoint already disabled..."); 217 | api.enabled = false; 218 | } 219 | } 220 | else //not yet enabled -> try to enable 221 | { 222 | if(bpType & bp_normal) //already enabled in debuggee -> nothing to do 223 | { 224 | _plugin_logputs("Breakpoint already enabled..."); 225 | api.enabled = true; 226 | } 227 | else 228 | { 229 | sprintf_s(cmd, "bp %p", addr); 230 | if(DbgCmdExecDirect(cmd)) 231 | api.enabled = true; 232 | } 233 | } 234 | } 235 | else 236 | _plugin_logprintf("[" PLUGIN_NAME "] Failed to resolve api %s (%s)...\n", api.bpName.c_str(), api.apiName.c_str()); 237 | } 238 | else 239 | _plugin_logputs("[" PLUGIN_NAME "] Not debugging..."); 240 | _plugin_menuentrysetchecked(pluginHandle, info->hEntry, api.enabled); 241 | } 242 | else if(info->hEntry == MENU_RELOAD) 243 | { 244 | if(!ReloadConfig()) 245 | MessageBoxW(GuiGetWindowHandle(), L"Error Loading new config", L"Error", MB_ICONERROR); 246 | } 247 | else if(info->hEntry == MENU_ABOUT) 248 | MessageBoxW(GuiGetWindowHandle(), L"SlothBP\n\nIcon from shareicon.net", L"About", MB_ICONINFORMATION); 249 | else 250 | _plugin_logprintf("[" PLUGIN_NAME "] Unknown menu entry %d...\n", info->hEntry); 251 | } 252 | 253 | #define EXPAND(x) L ## x 254 | #define DOWIDEN(x) EXPAND(x) 255 | 256 | bool pluginInit(PLUG_INITSTRUCT* initStruct) 257 | { 258 | GetModuleFileNameW(hInst, apiFile, _countof(apiFile)); 259 | auto l = wcsrchr(apiFile, L'\\'); 260 | if(l) 261 | *l = L'\0'; 262 | wcsncat_s(apiFile, L"\\" DOWIDEN(PLUGIN_NAME) L".ini", _TRUNCATE); 263 | 264 | if(!LoadApis(apiFile)) 265 | { 266 | _plugin_logprintf("[" PLUGIN_NAME "] Failed to load API file %S...\n", apiFile); 267 | return false; 268 | } 269 | return true; 270 | } 271 | 272 | bool pluginStop() 273 | { 274 | return true; 275 | } 276 | 277 | void pluginSetup() 278 | { 279 | if(!SetupMenus()) 280 | _plugin_menuclear(hMenu); 281 | } 282 | -------------------------------------------------------------------------------- /SlothBP/plugin.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "pluginmain.h" 4 | 5 | //plugin data 6 | #define PLUGIN_NAME "SlothBP" 7 | #define PLUGIN_VERSION 1 8 | 9 | //functions 10 | bool pluginInit(PLUG_INITSTRUCT* initStruct); 11 | bool pluginStop(); 12 | void pluginSetup(); 13 | -------------------------------------------------------------------------------- /SlothBP/pluginmain.cpp: -------------------------------------------------------------------------------- 1 | #include "pluginmain.h" 2 | #include "plugin.h" 3 | 4 | HINSTANCE hInst; 5 | int pluginHandle; 6 | HWND hwndDlg; 7 | int hMenu; 8 | int hMenuDisasm; 9 | int hMenuDump; 10 | int hMenuStack; 11 | 12 | PLUG_EXPORT bool pluginit(PLUG_INITSTRUCT* initStruct) 13 | { 14 | initStruct->pluginVersion = PLUGIN_VERSION; 15 | initStruct->sdkVersion = PLUG_SDKVERSION; 16 | strncpy_s(initStruct->pluginName, PLUGIN_NAME, _TRUNCATE); 17 | pluginHandle = initStruct->pluginHandle; 18 | return pluginInit(initStruct); 19 | } 20 | 21 | PLUG_EXPORT bool plugstop() 22 | { 23 | return pluginStop(); 24 | } 25 | 26 | PLUG_EXPORT void plugsetup(PLUG_SETUPSTRUCT* setupStruct) 27 | { 28 | hwndDlg = setupStruct->hwndDlg; 29 | hMenu = setupStruct->hMenu; 30 | hMenuDisasm = setupStruct->hMenuDisasm; 31 | hMenuDump = setupStruct->hMenuDump; 32 | hMenuStack = setupStruct->hMenuStack; 33 | pluginSetup(); 34 | } 35 | 36 | BOOL WINAPI DllMain( 37 | _In_ HINSTANCE hinstDLL, 38 | _In_ DWORD fdwReason, 39 | _In_ LPVOID lpvReserved 40 | ) 41 | { 42 | hInst = hinstDLL; 43 | return TRUE; 44 | } 45 | -------------------------------------------------------------------------------- /SlothBP/pluginmain.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "pluginsdk/bridgemain.h" 4 | #include "pluginsdk/_plugins.h" 5 | 6 | #include "pluginsdk/_scriptapi_argument.h" 7 | #include "pluginsdk/_scriptapi_assembler.h" 8 | #include "pluginsdk/_scriptapi_bookmark.h" 9 | #include "pluginsdk/_scriptapi_comment.h" 10 | #include "pluginsdk/_scriptapi_debug.h" 11 | #include "pluginsdk/_scriptapi_flag.h" 12 | #include "pluginsdk/_scriptapi_function.h" 13 | #include "pluginsdk/_scriptapi_gui.h" 14 | #include "pluginsdk/_scriptapi_label.h" 15 | #include "pluginsdk/_scriptapi_memory.h" 16 | #include "pluginsdk/_scriptapi_misc.h" 17 | #include "pluginsdk/_scriptapi_module.h" 18 | #include "pluginsdk/_scriptapi_pattern.h" 19 | #include "pluginsdk/_scriptapi_register.h" 20 | #include "pluginsdk/_scriptapi_stack.h" 21 | #include "pluginsdk/_scriptapi_symbol.h" 22 | 23 | #include "pluginsdk/capstone/capstone.h" 24 | #include "pluginsdk/DeviceNameResolver/DeviceNameResolver.h" 25 | #include "pluginsdk/jansson/jansson.h" 26 | #include "pluginsdk/lz4/lz4file.h" 27 | #include "pluginsdk/TitanEngine/TitanEngine.h" 28 | #include "pluginsdk/XEDParse/XEDParse.h" 29 | #include "pluginsdk/yara/yara.h" 30 | 31 | #ifdef _WIN64 32 | #pragma comment(lib, "pluginsdk/x64dbg.lib") 33 | #pragma comment(lib, "pluginsdk/x64bridge.lib") 34 | #pragma comment(lib, "pluginsdk/capstone/capstone_x64.lib") 35 | #pragma comment(lib, "pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib") 36 | #pragma comment(lib, "pluginsdk/jansson/jansson_x64.lib") 37 | #pragma comment(lib, "pluginsdk/lz4/lz4_x64.lib") 38 | #pragma comment(lib, "pluginsdk/TitanEngine/TitanEngine_x64.lib") 39 | #pragma comment(lib, "pluginsdk/XEDParse/XEDParse_x64.lib") 40 | #pragma comment(lib, "pluginsdk/yara/yara_x64.lib") 41 | #else 42 | #pragma comment(lib, "pluginsdk/x32dbg.lib") 43 | #pragma comment(lib, "pluginsdk/x32bridge.lib") 44 | #pragma comment(lib, "pluginsdk/capstone/capstone_x86.lib") 45 | #pragma comment(lib, "pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib") 46 | #pragma comment(lib, "pluginsdk/jansson/jansson_x86.lib") 47 | #pragma comment(lib, "pluginsdk/lz4/lz4_x86.lib") 48 | #pragma comment(lib, "pluginsdk/TitanEngine/TitanEngine_x86.lib") 49 | #pragma comment(lib, "pluginsdk/XEDParse/XEDParse_x86.lib") 50 | #pragma comment(lib, "pluginsdk/yara/yara_x86.lib") 51 | #endif //_WIN64 52 | 53 | #define Cmd(x) DbgCmdExecDirect(x) 54 | #define Eval(x) DbgValFromString(x) 55 | #define PLUG_EXPORT extern "C" __declspec(dllexport) 56 | 57 | //superglobal variables 58 | extern HINSTANCE hInst; 59 | extern int pluginHandle; 60 | extern HWND hwndDlg; 61 | extern int hMenu; 62 | extern int hMenuDisasm; 63 | extern int hMenuDump; 64 | extern int hMenuStack; -------------------------------------------------------------------------------- /SlothBP/pluginsdk/DeviceNameResolver/DeviceNameResolver.h: -------------------------------------------------------------------------------- 1 | #ifndef _DEVICENAMERESOLVER_H 2 | #define _DEVICENAMERESOLVER_H 3 | 4 | #include 5 | 6 | #ifdef __cplusplus 7 | extern "C" 8 | { 9 | #endif 10 | 11 | __declspec(dllexport) bool DevicePathToPathW(const wchar_t* szDevicePath, wchar_t* szPath, size_t nSizeInChars); 12 | __declspec(dllexport) bool DevicePathToPathA(const char* szDevicePath, char* szPath, size_t nSizeInChars); 13 | __declspec(dllexport) bool DevicePathFromFileHandleW(HANDLE hFile, wchar_t* szDevicePath, size_t nSizeInChars); 14 | __declspec(dllexport) bool DevicePathFromFileHandleA(HANDLE hFile, char* szDevicePath, size_t nSizeInChars); 15 | __declspec(dllexport) bool PathFromFileHandleW(HANDLE hFile, wchar_t* szPath, size_t nSizeInChars); 16 | __declspec(dllexport) bool PathFromFileHandleA(HANDLE hFile, char* szPath, size_t nSizeInChars); 17 | 18 | #ifdef __cplusplus 19 | } 20 | #endif 21 | 22 | #endif // _DEVICENAMERESOLVER_H 23 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/TitanEngine/TitanEngine_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/TitanEngine/TitanEngine_x64.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/TitanEngine/TitanEngine_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/TitanEngine/TitanEngine_x86.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/XEDParse/XEDParse.h: -------------------------------------------------------------------------------- 1 | #ifndef _XEDPARSE_H 2 | #define _XEDPARSE_H 3 | 4 | #include 5 | 6 | //XEDParse defines 7 | #ifdef XEDPARSE_BUILD 8 | #define XEDPARSE_EXPORT __declspec(dllexport) 9 | #else 10 | #define XEDPARSE_EXPORT __declspec(dllimport) 11 | #endif //XEDPARSE_BUILD 12 | 13 | #define XEDPARSE_CALL //calling convention 14 | 15 | #define XEDPARSE_MAXBUFSIZE 256 16 | #define XEDPARSE_MAXASMSIZE 16 17 | 18 | //typedefs 19 | typedef bool (XEDPARSE_CALL* CBXEDPARSE_UNKNOWN)(const char* text, ULONGLONG* value); 20 | 21 | //XEDParse enums 22 | enum XEDPARSE_STATUS 23 | { 24 | XEDPARSE_ERROR = 0, 25 | XEDPARSE_OK = 1 26 | }; 27 | 28 | //XEDParse structs 29 | #pragma pack(push,8) 30 | struct XEDPARSE 31 | { 32 | bool x64; // use 64-bit instructions 33 | ULONGLONG cip; //instruction pointer (for relative addressing) 34 | unsigned int dest_size; //destination size (returned by XEDParse) 35 | CBXEDPARSE_UNKNOWN cbUnknown; //unknown operand callback 36 | unsigned char dest[XEDPARSE_MAXASMSIZE]; //destination buffer 37 | char instr[XEDPARSE_MAXBUFSIZE]; //instruction text 38 | char error[XEDPARSE_MAXBUFSIZE]; //error text (in case of an error) 39 | }; 40 | #pragma pack(pop) 41 | 42 | #ifdef __cplusplus 43 | extern "C" 44 | { 45 | #endif 46 | 47 | XEDPARSE_EXPORT XEDPARSE_STATUS XEDPARSE_CALL XEDParseAssemble(XEDPARSE* XEDParse); 48 | 49 | #ifdef __cplusplus 50 | } 51 | #endif 52 | 53 | #endif // _XEDPARSE_H 54 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/XEDParse/XEDParse_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/XEDParse/XEDParse_x64.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/XEDParse/XEDParse_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/XEDParse/XEDParse_x86.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_dbgfunctions.h: -------------------------------------------------------------------------------- 1 | #ifndef _DBGFUNCTIONS_H 2 | #define _DBGFUNCTIONS_H 3 | 4 | #ifndef __cplusplus 5 | #include 6 | #endif 7 | 8 | typedef struct 9 | { 10 | char mod[MAX_MODULE_SIZE]; 11 | duint addr; 12 | unsigned char oldbyte; 13 | unsigned char newbyte; 14 | } DBGPATCHINFO; 15 | 16 | typedef struct 17 | { 18 | duint addr; 19 | duint from; 20 | duint to; 21 | char comment[MAX_COMMENT_SIZE]; 22 | } DBGCALLSTACKENTRY; 23 | 24 | typedef struct 25 | { 26 | int total; 27 | DBGCALLSTACKENTRY* entries; 28 | } DBGCALLSTACK; 29 | 30 | typedef struct 31 | { 32 | duint addr; 33 | duint handler; 34 | } DBGSEHRECORD; 35 | 36 | typedef struct 37 | { 38 | duint total; 39 | DBGSEHRECORD* records; 40 | } DBGSEHCHAIN; 41 | 42 | typedef struct 43 | { 44 | DWORD dwProcessId; 45 | char szExeFile[MAX_PATH]; 46 | char szExeArgs[MAX_COMMAND_LINE_SIZE]; 47 | } DBGPROCESSINFO; 48 | 49 | typedef enum 50 | { 51 | InstructionBody = 0, 52 | InstructionHeading = 1, 53 | InstructionTailing = 2, 54 | InstructionOverlapped = 3, // The byte was executed with differing instruction base addresses 55 | DataByte, // This and the following is not implemented yet. 56 | DataWord, 57 | DataDWord, 58 | DataQWord, 59 | DataFloat, 60 | DataDouble, 61 | DataLongDouble, 62 | DataXMM, 63 | DataYMM, 64 | DataMMX, 65 | DataMixed, //the byte is accessed in multiple ways 66 | InstructionDataMixed //the byte is both executed and written 67 | } TRACERECORDBYTETYPE; 68 | 69 | typedef enum 70 | { 71 | TraceRecordNone, 72 | TraceRecordBitExec, 73 | TraceRecordByteWithExecTypeAndCounter, 74 | TraceRecordWordWithExecTypeAndCounter 75 | } TRACERECORDTYPE; 76 | 77 | typedef struct 78 | { 79 | duint Handle; 80 | unsigned char TypeNumber; 81 | unsigned int GrantedAccess; 82 | } HANDLEINFO; 83 | 84 | // The longest ip address is 1234:6789:1234:6789:1234:6789:123.567.901.345 (46 bytes) 85 | #define TCP_ADDR_SIZE 50 86 | 87 | typedef struct 88 | { 89 | char RemoteAddress[TCP_ADDR_SIZE]; 90 | unsigned short RemotePort; 91 | char LocalAddress[TCP_ADDR_SIZE]; 92 | unsigned short LocalPort; 93 | char StateText[TCP_ADDR_SIZE]; 94 | unsigned int State; 95 | } TCPCONNECTIONINFO; 96 | 97 | typedef bool (*ASSEMBLEATEX)(duint addr, const char* instruction, char* error, bool fillnop); 98 | typedef bool (*SECTIONFROMADDR)(duint addr, char* section); 99 | typedef bool (*MODNAMEFROMADDR)(duint addr, char* modname, bool extension); 100 | typedef duint(*MODBASEFROMADDR)(duint addr); 101 | typedef duint(*MODBASEFROMNAME)(const char* modname); 102 | typedef duint(*MODSIZEFROMADDR)(duint addr); 103 | typedef bool (*ASSEMBLE)(duint addr, unsigned char* dest, int* size, const char* instruction, char* error); 104 | typedef bool (*PATCHGET)(duint addr); 105 | typedef bool (*PATCHINRANGE)(duint start, duint end); 106 | typedef bool (*MEMPATCH)(duint va, const unsigned char* src, duint size); 107 | typedef void (*PATCHRESTORERANGE)(duint start, duint end); 108 | typedef bool (*PATCHENUM)(DBGPATCHINFO* patchlist, size_t* cbsize); 109 | typedef bool (*PATCHRESTORE)(duint addr); 110 | typedef int (*PATCHFILE)(DBGPATCHINFO* patchlist, int count, const char* szFileName, char* error); 111 | typedef int (*MODPATHFROMADDR)(duint addr, char* path, int size); 112 | typedef int (*MODPATHFROMNAME)(const char* modname, char* path, int size); 113 | typedef bool (*DISASMFAST)(const unsigned char* data, duint addr, BASIC_INSTRUCTION_INFO* basicinfo); 114 | typedef void (*MEMUPDATEMAP)(); 115 | typedef void (*GETCALLSTACK)(DBGCALLSTACK* callstack); 116 | typedef void (*GETSEHCHAIN)(DBGSEHCHAIN* sehchain); 117 | typedef void (*SYMBOLDOWNLOADALLSYMBOLS)(const char* szSymbolStore); 118 | typedef bool (*GETJIT)(char* jit, bool x64); 119 | typedef bool (*GETJITAUTO)(bool* jitauto); 120 | typedef bool (*GETDEFJIT)(char* defjit); 121 | typedef bool (*GETPROCESSLIST)(DBGPROCESSINFO** entries, int* count); 122 | typedef bool (*GETPAGERIGHTS)(duint addr, char* rights); 123 | typedef bool (*SETPAGERIGHTS)(duint addr, const char* rights); 124 | typedef bool (*PAGERIGHTSTOSTRING)(DWORD protect, char* rights); 125 | typedef bool (*ISPROCESSELEVATED)(); 126 | typedef bool (*GETCMDLINE)(char* cmdline, size_t* cbsize); 127 | typedef bool (*SETCMDLINE)(const char* cmdline); 128 | typedef duint(*FILEOFFSETTOVA)(const char* modname, duint offset); 129 | typedef duint(*VATOFILEOFFSET)(duint va); 130 | typedef duint(*GETADDRFROMLINE)(const char* szSourceFile, int line, duint* displacement); 131 | typedef bool (*GETSOURCEFROMADDR)(duint addr, char* szSourceFile, int* line); 132 | typedef bool (*VALFROMSTRING)(const char* string, duint* value); 133 | typedef bool (*PATCHGETEX)(duint addr, DBGPATCHINFO* info); 134 | typedef bool (*GETBRIDGEBP)(BPXTYPE type, duint addr, BRIDGEBP* bp); 135 | typedef bool (*STRINGFORMATINLINE)(const char* format, size_t resultSize, char* result); 136 | typedef void (*GETMNEMONICBRIEF)(const char* mnem, size_t resultSize, char* result); 137 | typedef unsigned int (*GETTRACERECORDHITCOUNT)(duint address); 138 | typedef TRACERECORDBYTETYPE(*GETTRACERECORDBYTETYPE)(duint address); 139 | typedef bool (*SETTRACERECORDTYPE)(duint pageAddress, TRACERECORDTYPE type); 140 | typedef TRACERECORDTYPE(*GETTRACERECORDTYPE)(duint pageAddress); 141 | typedef bool (*ENUMHANDLES)(ListOf(HANDLEINFO) handles); 142 | typedef bool (*GETHANDLENAME)(duint handle, char* name, size_t nameSize, char* typeName, size_t typeNameSize); 143 | typedef bool (*ENUMTCPCONNECTIONS)(ListOf(TCPCONNECTIONINFO) connections); 144 | typedef duint(*GETDBGEVENTS)(); 145 | typedef int (*MODGETPARTY)(duint base); 146 | typedef void (*MODSETPARTY)(duint base, int party); 147 | typedef bool(*WATCHISWATCHDOGTRIGGERED)(unsigned int id); 148 | typedef bool(*MEMISCODEPAGE)(duint addr, bool refresh); 149 | typedef bool(*ANIMATECOMMAND)(const char* command); 150 | typedef void(*DBGSETDEBUGGEEINITSCRIPT)(const char* fileName); 151 | typedef const char* (*DBGGETDEBUGGEEINITSCRIPT)(); 152 | 153 | typedef struct DBGFUNCTIONS_ 154 | { 155 | ASSEMBLEATEX AssembleAtEx; 156 | SECTIONFROMADDR SectionFromAddr; 157 | MODNAMEFROMADDR ModNameFromAddr; 158 | MODBASEFROMADDR ModBaseFromAddr; 159 | MODBASEFROMNAME ModBaseFromName; 160 | MODSIZEFROMADDR ModSizeFromAddr; 161 | ASSEMBLE Assemble; 162 | PATCHGET PatchGet; 163 | PATCHINRANGE PatchInRange; 164 | MEMPATCH MemPatch; 165 | PATCHRESTORERANGE PatchRestoreRange; 166 | PATCHENUM PatchEnum; 167 | PATCHRESTORE PatchRestore; 168 | PATCHFILE PatchFile; 169 | MODPATHFROMADDR ModPathFromAddr; 170 | MODPATHFROMNAME ModPathFromName; 171 | DISASMFAST DisasmFast; 172 | MEMUPDATEMAP MemUpdateMap; 173 | GETCALLSTACK GetCallStack; 174 | GETSEHCHAIN GetSEHChain; 175 | SYMBOLDOWNLOADALLSYMBOLS SymbolDownloadAllSymbols; 176 | GETJITAUTO GetJitAuto; 177 | GETJIT GetJit; 178 | GETDEFJIT GetDefJit; 179 | GETPROCESSLIST GetProcessList; 180 | GETPAGERIGHTS GetPageRights; 181 | SETPAGERIGHTS SetPageRights; 182 | PAGERIGHTSTOSTRING PageRightsToString; 183 | ISPROCESSELEVATED IsProcessElevated; 184 | GETCMDLINE GetCmdline; 185 | SETCMDLINE SetCmdline; 186 | FILEOFFSETTOVA FileOffsetToVa; 187 | VATOFILEOFFSET VaToFileOffset; 188 | GETADDRFROMLINE GetAddrFromLine; 189 | GETSOURCEFROMADDR GetSourceFromAddr; 190 | VALFROMSTRING ValFromString; 191 | PATCHGETEX PatchGetEx; 192 | GETBRIDGEBP GetBridgeBp; 193 | STRINGFORMATINLINE StringFormatInline; 194 | GETMNEMONICBRIEF GetMnemonicBrief; 195 | GETTRACERECORDHITCOUNT GetTraceRecordHitCount; 196 | GETTRACERECORDBYTETYPE GetTraceRecordByteType; 197 | SETTRACERECORDTYPE SetTraceRecordType; 198 | GETTRACERECORDTYPE GetTraceRecordType; 199 | ENUMHANDLES EnumHandles; 200 | GETHANDLENAME GetHandleName; 201 | ENUMTCPCONNECTIONS EnumTcpConnections; 202 | GETDBGEVENTS GetDbgEvents; 203 | MODGETPARTY ModGetParty; 204 | MODSETPARTY ModSetParty; 205 | WATCHISWATCHDOGTRIGGERED WatchIsWatchdogTriggered; 206 | MEMISCODEPAGE MemIsCodePage; 207 | ANIMATECOMMAND AnimateCommand; 208 | DBGSETDEBUGGEEINITSCRIPT DbgSetDebuggeeInitScript; 209 | DBGGETDEBUGGEEINITSCRIPT DbgGetDebuggeeInitScript; 210 | } DBGFUNCTIONS; 211 | 212 | #ifdef BUILD_DBG 213 | 214 | const DBGFUNCTIONS* dbgfunctionsget(); 215 | void dbgfunctionsinit(); 216 | 217 | #endif //BUILD_DBG 218 | 219 | #endif //_DBGFUNCTIONS_H 220 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_plugin_types.h: -------------------------------------------------------------------------------- 1 | #ifndef _PLUGIN_DATA_H 2 | #define _PLUGIN_DATA_H 3 | 4 | #ifdef BUILD_DBG 5 | 6 | #include "_global.h" 7 | 8 | #else 9 | 10 | #ifdef __GNUC__ 11 | #include "dbghelp/dbghelp.h" 12 | #else 13 | #include 14 | #endif // __GNUC__ 15 | 16 | #ifndef deflen 17 | #define deflen 1024 18 | #endif // deflen 19 | 20 | #include "bridgemain.h" 21 | #include "_dbgfunctions.h" 22 | #include "jansson/jansson.h" 23 | 24 | #endif // BUILD_DBG 25 | 26 | #endif // _PLUGIN_DATA_H 27 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_plugins.h: -------------------------------------------------------------------------------- 1 | #ifndef _PLUGINS_H 2 | #define _PLUGINS_H 3 | 4 | #ifndef __cplusplus 5 | #include 6 | #endif 7 | 8 | #ifndef PLUG_IMPEXP 9 | #ifdef BUILD_DBG 10 | #define PLUG_IMPEXP __declspec(dllexport) 11 | #else 12 | #define PLUG_IMPEXP __declspec(dllimport) 13 | #endif //BUILD_DBG 14 | #endif //PLUG_IMPEXP 15 | 16 | #include "_plugin_types.h" 17 | 18 | //default structure alignments forced 19 | #ifdef _WIN64 20 | #pragma pack(push, 16) 21 | #else //x86 22 | #pragma pack(push, 8) 23 | #endif //_WIN64 24 | 25 | //defines 26 | #define PLUG_SDKVERSION 1 27 | 28 | #define PLUG_DB_LOADSAVE_DATA 1 29 | #define PLUG_DB_LOADSAVE_ALL 2 30 | 31 | //structures 32 | typedef struct 33 | { 34 | //provided by the debugger 35 | int pluginHandle; 36 | //provided by the pluginit function 37 | int sdkVersion; 38 | int pluginVersion; 39 | char pluginName[256]; 40 | } PLUG_INITSTRUCT; 41 | 42 | typedef struct 43 | { 44 | //provided by the debugger 45 | HWND hwndDlg; //gui window handle 46 | int hMenu; //plugin menu handle 47 | int hMenuDisasm; //plugin disasm menu handle 48 | int hMenuDump; //plugin dump menu handle 49 | int hMenuStack; //plugin stack menu handle 50 | } PLUG_SETUPSTRUCT; 51 | 52 | typedef struct 53 | { 54 | void* data; //user data 55 | } PLUG_SCRIPTSTRUCT; 56 | 57 | //callback structures 58 | typedef struct 59 | { 60 | const char* szFileName; 61 | } PLUG_CB_INITDEBUG; 62 | 63 | typedef struct 64 | { 65 | void* reserved; 66 | } PLUG_CB_STOPDEBUG; 67 | 68 | typedef struct 69 | { 70 | CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo; 71 | IMAGEHLP_MODULE64* modInfo; 72 | const char* DebugFileName; 73 | PROCESS_INFORMATION* fdProcessInfo; 74 | } PLUG_CB_CREATEPROCESS; 75 | 76 | typedef struct 77 | { 78 | EXIT_PROCESS_DEBUG_INFO* ExitProcess; 79 | } PLUG_CB_EXITPROCESS; 80 | 81 | typedef struct 82 | { 83 | CREATE_THREAD_DEBUG_INFO* CreateThread; 84 | DWORD dwThreadId; 85 | } PLUG_CB_CREATETHREAD; 86 | 87 | typedef struct 88 | { 89 | EXIT_THREAD_DEBUG_INFO* ExitThread; 90 | DWORD dwThreadId; 91 | } PLUG_CB_EXITTHREAD; 92 | 93 | typedef struct 94 | { 95 | void* reserved; 96 | } PLUG_CB_SYSTEMBREAKPOINT; 97 | 98 | typedef struct 99 | { 100 | LOAD_DLL_DEBUG_INFO* LoadDll; 101 | IMAGEHLP_MODULE64* modInfo; 102 | const char* modname; 103 | } PLUG_CB_LOADDLL; 104 | 105 | typedef struct 106 | { 107 | UNLOAD_DLL_DEBUG_INFO* UnloadDll; 108 | } PLUG_CB_UNLOADDLL; 109 | 110 | typedef struct 111 | { 112 | OUTPUT_DEBUG_STRING_INFO* DebugString; 113 | } PLUG_CB_OUTPUTDEBUGSTRING; 114 | 115 | typedef struct 116 | { 117 | EXCEPTION_DEBUG_INFO* Exception; 118 | } PLUG_CB_EXCEPTION; 119 | 120 | typedef struct 121 | { 122 | BRIDGEBP* breakpoint; 123 | } PLUG_CB_BREAKPOINT; 124 | 125 | typedef struct 126 | { 127 | void* reserved; 128 | } PLUG_CB_PAUSEDEBUG; 129 | 130 | typedef struct 131 | { 132 | void* reserved; 133 | } PLUG_CB_RESUMEDEBUG; 134 | 135 | typedef struct 136 | { 137 | void* reserved; 138 | } PLUG_CB_STEPPED; 139 | 140 | typedef struct 141 | { 142 | DWORD dwProcessId; 143 | } PLUG_CB_ATTACH; 144 | 145 | typedef struct 146 | { 147 | PROCESS_INFORMATION* fdProcessInfo; 148 | } PLUG_CB_DETACH; 149 | 150 | typedef struct 151 | { 152 | DEBUG_EVENT* DebugEvent; 153 | } PLUG_CB_DEBUGEVENT; 154 | 155 | typedef struct 156 | { 157 | int hEntry; 158 | } PLUG_CB_MENUENTRY; 159 | 160 | typedef struct 161 | { 162 | MSG* message; 163 | long* result; 164 | bool retval; 165 | } PLUG_CB_WINEVENT; 166 | 167 | typedef struct 168 | { 169 | MSG* message; 170 | bool retval; 171 | } PLUG_CB_WINEVENTGLOBAL; 172 | 173 | typedef struct 174 | { 175 | json_t* root; 176 | int loadSaveType; 177 | } PLUG_CB_LOADSAVEDB; 178 | 179 | typedef struct 180 | { 181 | const char* symbol; 182 | bool retval; 183 | } PLUG_CB_FILTERSYMBOL; 184 | 185 | typedef struct 186 | { 187 | duint cip; 188 | bool stop; 189 | } PLUG_CB_TRACEEXECUTE; 190 | 191 | typedef struct 192 | { 193 | int hWindow; 194 | duint VA; 195 | } PLUG_CB_SELCHANGED; 196 | 197 | typedef struct 198 | { 199 | BridgeCFGraphList graph; 200 | } PLUG_CB_ANALYZE; 201 | 202 | typedef struct 203 | { 204 | duint addr; 205 | ADDRINFO* addrinfo; 206 | bool retval; 207 | } PLUG_CB_ADDRINFO; 208 | 209 | //enums 210 | typedef enum 211 | { 212 | CB_INITDEBUG, //PLUG_CB_INITDEBUG 213 | CB_STOPDEBUG, //PLUG_CB_STOPDEBUG 214 | CB_CREATEPROCESS, //PLUG_CB_CREATEPROCESS 215 | CB_EXITPROCESS, //PLUG_CB_EXITPROCESS 216 | CB_CREATETHREAD, //PLUG_CB_CREATETHREAD 217 | CB_EXITTHREAD, //PLUG_CB_EXITTHREAD 218 | CB_SYSTEMBREAKPOINT, //PLUG_CB_SYSTEMBREAKPOINT 219 | CB_LOADDLL, //PLUG_CB_LOADDLL 220 | CB_UNLOADDLL, //PLUG_CB_UNLOADDLL 221 | CB_OUTPUTDEBUGSTRING, //PLUG_CB_OUTPUTDEBUGSTRING 222 | CB_EXCEPTION, //PLUG_CB_EXCEPTION 223 | CB_BREAKPOINT, //PLUG_CB_BREAKPOINT 224 | CB_PAUSEDEBUG, //PLUG_CB_PAUSEDEBUG 225 | CB_RESUMEDEBUG, //PLUG_CB_RESUMEDEBUG 226 | CB_STEPPED, //PLUG_CB_STEPPED 227 | CB_ATTACH, //PLUG_CB_ATTACHED (before attaching, after CB_INITDEBUG) 228 | CB_DETACH, //PLUG_CB_DETACH (before detaching, before CB_STOPDEBUG) 229 | CB_DEBUGEVENT, //PLUG_CB_DEBUGEVENT (called on any debug event) 230 | CB_MENUENTRY, //PLUG_CB_MENUENTRY 231 | CB_WINEVENT, //PLUG_CB_WINEVENT 232 | CB_WINEVENTGLOBAL, //PLUG_CB_WINEVENTGLOBAL 233 | CB_LOADDB, //PLUG_CB_LOADSAVEDB 234 | CB_SAVEDB, //PLUG_CB_LOADSAVEDB 235 | CB_FILTERSYMBOL, //PLUG_CB_FILTERSYMBOL 236 | CB_TRACEEXECUTE, //PLUG_CB_TRACEEXECUTE 237 | CB_SELCHANGED, //PLUG_CB_SELCHANGED 238 | CB_ANALYZE, //PLUG_CB_ANALYZE 239 | CB_ADDRINFO, //PLUG_CB_ADDRINFO 240 | CB_LAST 241 | } CBTYPE; 242 | 243 | //typedefs 244 | typedef void (*CBPLUGIN)(CBTYPE cbType, void* callbackInfo); 245 | typedef bool (*CBPLUGINCOMMAND)(int argc, char** argv); 246 | typedef void (*CBPLUGINSCRIPT)(); 247 | typedef duint(*CBPLUGINEXPRFUNCTION)(int argc, duint* argv, void* userdata); 248 | 249 | //exports 250 | #ifdef __cplusplus 251 | extern "C" 252 | { 253 | #endif 254 | 255 | PLUG_IMPEXP void _plugin_registercallback(int pluginHandle, CBTYPE cbType, CBPLUGIN cbPlugin); 256 | PLUG_IMPEXP bool _plugin_unregistercallback(int pluginHandle, CBTYPE cbType); 257 | PLUG_IMPEXP bool _plugin_registercommand(int pluginHandle, const char* command, CBPLUGINCOMMAND cbCommand, bool debugonly); 258 | PLUG_IMPEXP bool _plugin_unregistercommand(int pluginHandle, const char* command); 259 | PLUG_IMPEXP void _plugin_logprintf(const char* format, ...); 260 | PLUG_IMPEXP void _plugin_logputs(const char* text); 261 | PLUG_IMPEXP void _plugin_debugpause(); 262 | PLUG_IMPEXP void _plugin_debugskipexceptions(bool skip); 263 | PLUG_IMPEXP int _plugin_menuadd(int hMenu, const char* title); 264 | PLUG_IMPEXP bool _plugin_menuaddentry(int hMenu, int hEntry, const char* title); 265 | PLUG_IMPEXP bool _plugin_menuaddseparator(int hMenu); 266 | PLUG_IMPEXP bool _plugin_menuclear(int hMenu); 267 | PLUG_IMPEXP void _plugin_menuseticon(int hMenu, const ICONDATA* icon); 268 | PLUG_IMPEXP void _plugin_menuentryseticon(int pluginHandle, int hEntry, const ICONDATA* icon); 269 | PLUG_IMPEXP void _plugin_menuentrysetchecked(int pluginHandle, int hEntry, bool checked); 270 | PLUG_IMPEXP void _plugin_startscript(CBPLUGINSCRIPT cbScript); 271 | PLUG_IMPEXP bool _plugin_waituntilpaused(); 272 | PLUG_IMPEXP bool _plugin_registerexprfunction(int pluginHandle, const char* name, int argc, CBPLUGINEXPRFUNCTION cbFunction, void* userdata); 273 | PLUG_IMPEXP bool _plugin_unregisterexprfunction(int pluginHandle, const char* name); 274 | PLUG_IMPEXP bool _plugin_unload(const char* pluginName); 275 | PLUG_IMPEXP bool _plugin_load(const char* pluginName); 276 | PLUG_IMPEXP duint _plugin_hash(const void* data, duint size); 277 | 278 | #ifdef __cplusplus 279 | } 280 | #endif 281 | 282 | #pragma pack(pop) 283 | 284 | #endif // _PLUGINS_H 285 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPT_API_H 2 | #define _SCRIPT_API_H 3 | 4 | #include "_plugins.h" 5 | 6 | #define SCRIPT_EXPORT PLUG_IMPEXP 7 | 8 | #endif //_SCRIPT_API_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_argument.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_ARGUMENT_H 2 | #define _SCRIPTAPI_ARGUMENT_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Argument 9 | { 10 | struct ArgumentInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rvaStart; 14 | duint rvaEnd; 15 | bool manual; 16 | duint instructioncount; 17 | }; 18 | 19 | SCRIPT_EXPORT bool Add(duint start, duint end, bool manual, duint instructionCount = 0); 20 | SCRIPT_EXPORT bool Add(const ArgumentInfo* info); 21 | SCRIPT_EXPORT bool Get(duint addr, duint* start = nullptr, duint* end = nullptr, duint* instructionCount = nullptr); 22 | SCRIPT_EXPORT bool GetInfo(duint addr, ArgumentInfo* info); 23 | SCRIPT_EXPORT bool Overlaps(duint start, duint end); 24 | SCRIPT_EXPORT bool Delete(duint address); 25 | SCRIPT_EXPORT void DeleteRange(duint start, duint end, bool deleteManual = false); 26 | SCRIPT_EXPORT void Clear(); 27 | SCRIPT_EXPORT bool GetList(ListOf(ArgumentInfo) list); //caller has the responsibility to free the list 28 | }; //Argument 29 | }; //Script 30 | 31 | #endif //_SCRIPTAPI_ARGUMENT_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_assembler.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_ASSEMBLER_H 2 | #define _SCRIPTAPI_ASSEMBLER_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Assembler 9 | { 10 | SCRIPT_EXPORT bool Assemble(duint addr, unsigned char* dest, int* size, const char* instruction); //dest[16] 11 | SCRIPT_EXPORT bool AssembleEx(duint addr, unsigned char* dest, int* size, const char* instruction, char* error); //dest[16], error[MAX_ERROR_SIZE] 12 | SCRIPT_EXPORT bool AssembleMem(duint addr, const char* instruction); 13 | SCRIPT_EXPORT bool AssembleMemEx(duint addr, const char* instruction, int* size, char* error, bool fillnop); //error[MAX_ERROR_SIZE] 14 | }; //Assembler 15 | }; //Script 16 | 17 | #endif //_SCRIPTAPI_ASSEMBLER_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_bookmark.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_BOOKMARK_H 2 | #define _SCRIPTAPI_BOOKMARK_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Bookmark 9 | { 10 | struct BookmarkInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rva; 14 | bool manual; 15 | }; 16 | 17 | SCRIPT_EXPORT bool Set(duint addr, bool manual = false); 18 | SCRIPT_EXPORT bool Set(const BookmarkInfo* info); 19 | SCRIPT_EXPORT bool Get(duint addr); 20 | SCRIPT_EXPORT bool GetInfo(duint addr, BookmarkInfo* info); 21 | SCRIPT_EXPORT bool Delete(duint addr); 22 | SCRIPT_EXPORT void DeleteRange(duint start, duint end); 23 | SCRIPT_EXPORT void Clear(); 24 | SCRIPT_EXPORT bool GetList(ListOf(BookmarkInfo) list); //caller has the responsibility to free the list 25 | }; //Bookmark 26 | }; //Script 27 | 28 | #endif //_SCRIPTAPI_BOOKMARK_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_comment.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_COMMENT_H 2 | #define _SCRIPTAPI_COMMENT_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Comment 9 | { 10 | struct CommentInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rva; 14 | char text[MAX_LABEL_SIZE]; 15 | bool manual; 16 | }; 17 | 18 | SCRIPT_EXPORT bool Set(duint addr, const char* text, bool manual = false); 19 | SCRIPT_EXPORT bool Set(const CommentInfo* info); 20 | SCRIPT_EXPORT bool Get(duint addr, char* text); //text[MAX_COMMENT_SIZE] 21 | SCRIPT_EXPORT bool GetInfo(duint addr, CommentInfo* info); 22 | SCRIPT_EXPORT bool Delete(duint addr); 23 | SCRIPT_EXPORT void DeleteRange(duint start, duint end); 24 | SCRIPT_EXPORT void Clear(); 25 | SCRIPT_EXPORT bool GetList(ListOf(CommentInfo) list); //caller has the responsibility to free the list 26 | }; //Comment 27 | }; //Script 28 | 29 | #endif //_SCRIPTAPI_COMMENT_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_debug.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_DEBUG_H 2 | #define _SCRIPTAPI_DEBUG_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Debug 9 | { 10 | enum HardwareType 11 | { 12 | HardwareAccess, 13 | HardwareWrite, 14 | HardwareExecute 15 | }; 16 | 17 | SCRIPT_EXPORT void Wait(); 18 | SCRIPT_EXPORT void Run(); 19 | SCRIPT_EXPORT void Pause(); 20 | SCRIPT_EXPORT void Stop(); 21 | SCRIPT_EXPORT void StepIn(); 22 | SCRIPT_EXPORT void StepOver(); 23 | SCRIPT_EXPORT void StepOut(); 24 | SCRIPT_EXPORT bool SetBreakpoint(duint address); 25 | SCRIPT_EXPORT bool DeleteBreakpoint(duint address); 26 | SCRIPT_EXPORT bool DisableBreakpoint(duint address); 27 | SCRIPT_EXPORT bool SetHardwareBreakpoint(duint address, HardwareType type = HardwareExecute); 28 | SCRIPT_EXPORT bool DeleteHardwareBreakpoint(duint address); 29 | }; //Debug 30 | }; //Script 31 | 32 | #endif //_SCRIPTAPI_DEBUG_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_flag.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_FLAG_H 2 | #define _SCRIPTAPI_FLAG_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Flag 9 | { 10 | enum FlagEnum 11 | { 12 | ZF, 13 | OF, 14 | CF, 15 | PF, 16 | SF, 17 | TF, 18 | AF, 19 | DF, 20 | IF 21 | }; 22 | 23 | SCRIPT_EXPORT bool Get(FlagEnum flag); 24 | SCRIPT_EXPORT bool Set(FlagEnum flag, bool value); 25 | 26 | SCRIPT_EXPORT bool GetZF(); 27 | SCRIPT_EXPORT bool SetZF(bool value); 28 | SCRIPT_EXPORT bool GetOF(); 29 | SCRIPT_EXPORT bool SetOF(bool value); 30 | SCRIPT_EXPORT bool GetCF(); 31 | SCRIPT_EXPORT bool SetCF(bool value); 32 | SCRIPT_EXPORT bool GetPF(); 33 | SCRIPT_EXPORT bool SetPF(bool value); 34 | SCRIPT_EXPORT bool GetSF(); 35 | SCRIPT_EXPORT bool SetSF(bool value); 36 | SCRIPT_EXPORT bool GetTF(); 37 | SCRIPT_EXPORT bool SetTF(bool value); 38 | SCRIPT_EXPORT bool GetAF(); 39 | SCRIPT_EXPORT bool SetAF(bool value); 40 | SCRIPT_EXPORT bool GetDF(); 41 | SCRIPT_EXPORT bool SetDF(bool value); 42 | SCRIPT_EXPORT bool GetIF(); 43 | SCRIPT_EXPORT bool SetIF(bool value); 44 | }; 45 | }; 46 | 47 | #endif //_SCRIPTAPI_FLAG_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_function.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_FUNCTION_H 2 | #define _SCRIPTAPI_FUNCTION_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Function 9 | { 10 | struct FunctionInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rvaStart; 14 | duint rvaEnd; 15 | bool manual; 16 | duint instructioncount; 17 | }; 18 | 19 | SCRIPT_EXPORT bool Add(duint start, duint end, bool manual, duint instructionCount = 0); 20 | SCRIPT_EXPORT bool Add(const FunctionInfo* info); 21 | SCRIPT_EXPORT bool Get(duint addr, duint* start = nullptr, duint* end = nullptr, duint* instructionCount = nullptr); 22 | SCRIPT_EXPORT bool GetInfo(duint addr, FunctionInfo* info); 23 | SCRIPT_EXPORT bool Overlaps(duint start, duint end); 24 | SCRIPT_EXPORT bool Delete(duint address); 25 | SCRIPT_EXPORT void DeleteRange(duint start, duint end, bool deleteManual); 26 | SCRIPT_EXPORT void DeleteRange(duint start, duint end); 27 | SCRIPT_EXPORT void Clear(); 28 | SCRIPT_EXPORT bool GetList(ListOf(FunctionInfo) list); //caller has the responsibility to free the list 29 | }; //Function 30 | }; //Script 31 | 32 | #endif //_SCRIPTAPI_FUNCTION_H 33 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_gui.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_GUI_H 2 | #define _SCRIPTAPI_GUI_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Gui 9 | { 10 | namespace Disassembly 11 | { 12 | SCRIPT_EXPORT bool SelectionGet(duint* start, duint* end); 13 | SCRIPT_EXPORT bool SelectionSet(duint start, duint end); 14 | SCRIPT_EXPORT duint SelectionGetStart(); 15 | SCRIPT_EXPORT duint SelectionGetEnd(); 16 | }; //Disassembly 17 | 18 | namespace Dump 19 | { 20 | SCRIPT_EXPORT bool SelectionGet(duint* start, duint* end); 21 | SCRIPT_EXPORT bool SelectionSet(duint start, duint end); 22 | SCRIPT_EXPORT duint SelectionGetStart(); 23 | SCRIPT_EXPORT duint SelectionGetEnd(); 24 | }; //Dump 25 | 26 | namespace Stack 27 | { 28 | SCRIPT_EXPORT bool SelectionGet(duint* start, duint* end); 29 | SCRIPT_EXPORT bool SelectionSet(duint start, duint end); 30 | SCRIPT_EXPORT duint SelectionGetStart(); 31 | SCRIPT_EXPORT duint SelectionGetEnd(); 32 | }; //Stack 33 | 34 | namespace Graph 35 | { 36 | SCRIPT_EXPORT duint SelectionGetStart(); 37 | }; //Graph 38 | 39 | namespace MemMap 40 | { 41 | SCRIPT_EXPORT duint SelectionGetStart(); 42 | }; //MemoryMap 43 | 44 | namespace SymMod 45 | { 46 | SCRIPT_EXPORT duint SelectionGetStart(); 47 | }; //SymMod 48 | }; //Gui 49 | 50 | namespace Gui 51 | { 52 | enum Window 53 | { 54 | DisassemblyWindow, 55 | DumpWindow, 56 | StackWindow, 57 | GraphWindow, 58 | MemMapWindow, 59 | SymModWindow 60 | }; 61 | 62 | SCRIPT_EXPORT bool SelectionGet(Window window, duint* start, duint* end); 63 | SCRIPT_EXPORT bool SelectionSet(Window window, duint start, duint end); 64 | SCRIPT_EXPORT duint SelectionGetStart(Window window); 65 | SCRIPT_EXPORT duint SelectionGetEnd(Window window); 66 | SCRIPT_EXPORT void Message(const char* message); 67 | SCRIPT_EXPORT bool MessageYesNo(const char* message); 68 | SCRIPT_EXPORT bool InputLine(const char* title, char* text); //text[GUI_MAX_LINE_SIZE] 69 | SCRIPT_EXPORT bool InputValue(const char* title, duint* value); 70 | SCRIPT_EXPORT void Refresh(); 71 | SCRIPT_EXPORT void AddQWidgetTab(void* qWidget); 72 | SCRIPT_EXPORT void ShowQWidgetTab(void* qWidget); 73 | SCRIPT_EXPORT void CloseQWidgetTab(void* qWidget); 74 | 75 | }; //Gui 76 | }; //Script 77 | 78 | #endif //_SCRIPTAPI_GUI_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_label.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_LABEL_H 2 | #define _SCRIPTAPI_LABEL_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Label 9 | { 10 | struct LabelInfo 11 | { 12 | char mod[MAX_MODULE_SIZE]; 13 | duint rva; 14 | char text[MAX_LABEL_SIZE]; 15 | bool manual; 16 | }; 17 | 18 | SCRIPT_EXPORT bool Set(duint addr, const char* text, bool manual = false); 19 | SCRIPT_EXPORT bool Set(const LabelInfo* info); 20 | SCRIPT_EXPORT bool FromString(const char* label, duint* addr); 21 | SCRIPT_EXPORT bool Get(duint addr, char* text); //text[MAX_LABEL_SIZE] 22 | SCRIPT_EXPORT bool GetInfo(duint addr, LabelInfo* info); 23 | SCRIPT_EXPORT bool Delete(duint addr); 24 | SCRIPT_EXPORT void DeleteRange(duint start, duint end); 25 | SCRIPT_EXPORT void Clear(); 26 | SCRIPT_EXPORT bool GetList(ListOf(LabelInfo) list); //caller has the responsibility to free the list 27 | }; //Label 28 | }; //Script 29 | 30 | #endif //_SCRIPTAPI_LABEL_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_memory.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_MEMORY_H 2 | #define _SCRIPTAPI_MEMORY_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Memory 9 | { 10 | SCRIPT_EXPORT bool Read(duint addr, void* data, duint size, duint* sizeRead); 11 | SCRIPT_EXPORT bool Write(duint addr, const void* data, duint size, duint* sizeWritten); 12 | SCRIPT_EXPORT bool IsValidPtr(duint addr); 13 | SCRIPT_EXPORT duint RemoteAlloc(duint addr, duint size); 14 | SCRIPT_EXPORT bool RemoteFree(duint addr); 15 | 16 | SCRIPT_EXPORT unsigned char ReadByte(duint addr); 17 | SCRIPT_EXPORT bool WriteByte(duint addr, unsigned char data); 18 | SCRIPT_EXPORT unsigned short ReadWord(duint addr); 19 | SCRIPT_EXPORT bool WriteWord(duint addr, unsigned short data); 20 | SCRIPT_EXPORT unsigned int ReadDword(duint addr); 21 | SCRIPT_EXPORT bool WriteDword(duint addr, unsigned int data); 22 | SCRIPT_EXPORT unsigned long long ReadQword(duint addr); 23 | SCRIPT_EXPORT bool WriteQword(duint addr, unsigned long long data); 24 | SCRIPT_EXPORT duint ReadPtr(duint addr); 25 | SCRIPT_EXPORT bool WritePtr(duint addr, duint data); 26 | }; //Memory 27 | }; //Script 28 | 29 | #endif //_SCRIPTAPI_MEMORY_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_misc.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_MISC_H 2 | #define _SCRIPTAPI_MISC_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Misc 9 | { 10 | SCRIPT_EXPORT bool ParseExpression(const char* expression, duint* value); 11 | SCRIPT_EXPORT duint RemoteGetProcAddress(const char* module, const char* api); 12 | SCRIPT_EXPORT duint ResolveLabel(const char* label); 13 | SCRIPT_EXPORT void* Alloc(duint size); 14 | SCRIPT_EXPORT void Free(void* ptr); 15 | }; //Misc 16 | }; //Script 17 | 18 | #endif //_SCRIPTAPI_MISC_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_module.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_MODULE_H 2 | #define _SCRIPTAPI_MODULE_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Module 9 | { 10 | struct ModuleInfo 11 | { 12 | duint base; 13 | duint size; 14 | duint entry; 15 | int sectionCount; 16 | char name[MAX_MODULE_SIZE]; 17 | char path[MAX_PATH]; 18 | }; 19 | 20 | struct ModuleSectionInfo 21 | { 22 | duint addr; 23 | duint size; 24 | char name[MAX_SECTION_SIZE * 5]; 25 | }; 26 | 27 | SCRIPT_EXPORT bool InfoFromAddr(duint addr, ModuleInfo* info); 28 | SCRIPT_EXPORT bool InfoFromName(const char* name, ModuleInfo* info); 29 | SCRIPT_EXPORT duint BaseFromAddr(duint addr); 30 | SCRIPT_EXPORT duint BaseFromName(const char* name); 31 | SCRIPT_EXPORT duint SizeFromAddr(duint addr); 32 | SCRIPT_EXPORT duint SizeFromName(const char* name); 33 | SCRIPT_EXPORT bool NameFromAddr(duint addr, char* name); //name[MAX_MODULE_SIZE] 34 | SCRIPT_EXPORT bool PathFromAddr(duint addr, char* path); //path[MAX_PATH] 35 | SCRIPT_EXPORT bool PathFromName(const char* name, char* path); //path[MAX_PATH] 36 | SCRIPT_EXPORT duint EntryFromAddr(duint addr); 37 | SCRIPT_EXPORT duint EntryFromName(const char* name); 38 | SCRIPT_EXPORT int SectionCountFromAddr(duint addr); 39 | SCRIPT_EXPORT int SectionCountFromName(const char* name); 40 | SCRIPT_EXPORT bool SectionFromAddr(duint addr, int number, ModuleSectionInfo* section); 41 | SCRIPT_EXPORT bool SectionFromName(const char* name, int number, ModuleSectionInfo* section); 42 | SCRIPT_EXPORT bool SectionListFromAddr(duint addr, ListOf(ModuleSectionInfo) list); 43 | SCRIPT_EXPORT bool SectionListFromName(const char* name, ListOf(ModuleSectionInfo) list); 44 | SCRIPT_EXPORT bool GetMainModuleInfo(ModuleInfo* info); 45 | SCRIPT_EXPORT duint GetMainModuleBase(); 46 | SCRIPT_EXPORT duint GetMainModuleSize(); 47 | SCRIPT_EXPORT duint GetMainModuleEntry(); 48 | SCRIPT_EXPORT int GetMainModuleSectionCount(); 49 | SCRIPT_EXPORT bool GetMainModuleName(char* name); //name[MAX_MODULE_SIZE] 50 | SCRIPT_EXPORT bool GetMainModulePath(char* path); //path[MAX_PATH] 51 | SCRIPT_EXPORT bool GetMainModuleSectionList(ListOf(ModuleSectionInfo) list); //caller has the responsibility to free the list 52 | SCRIPT_EXPORT bool GetList(ListOf(ModuleInfo) list); //caller has the responsibility to free the list 53 | }; //Module 54 | }; //Script 55 | 56 | #endif //_SCRIPTAPI_MODULE_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_pattern.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_PATTERN_H 2 | #define _SCRIPTAPI_PATTERN_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Pattern 9 | { 10 | SCRIPT_EXPORT duint Find(unsigned char* data, duint datasize, const char* pattern); 11 | SCRIPT_EXPORT duint FindMem(duint start, duint size, const char* pattern); 12 | SCRIPT_EXPORT void Write(unsigned char* data, duint datasize, const char* pattern); 13 | SCRIPT_EXPORT void WriteMem(duint start, duint size, const char* pattern); 14 | SCRIPT_EXPORT bool SearchAndReplace(unsigned char* data, duint datasize, const char* searchpattern, const char* replacepattern); 15 | SCRIPT_EXPORT bool SearchAndReplaceMem(duint start, duint size, const char* searchpattern, const char* replacepattern); 16 | }; 17 | }; 18 | 19 | #endif //_SCRIPTAPI_FIND_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_register.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_REGISTER_H 2 | #define _SCRIPTAPI_REGISTER_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Register 9 | { 10 | enum RegisterEnum 11 | { 12 | DR0, 13 | DR1, 14 | DR2, 15 | DR3, 16 | DR6, 17 | DR7, 18 | 19 | EAX, 20 | AX, 21 | AH, 22 | AL, 23 | EBX, 24 | BX, 25 | BH, 26 | BL, 27 | ECX, 28 | CX, 29 | CH, 30 | CL, 31 | EDX, 32 | DX, 33 | DH, 34 | DL, 35 | EDI, 36 | DI, 37 | ESI, 38 | SI, 39 | EBP, 40 | BP, 41 | ESP, 42 | SP, 43 | EIP, 44 | 45 | #ifdef _WIN64 46 | RAX, 47 | RBX, 48 | RCX, 49 | RDX, 50 | RSI, 51 | SIL, 52 | RDI, 53 | DIL, 54 | RBP, 55 | BPL, 56 | RSP, 57 | SPL, 58 | RIP, 59 | R8, 60 | R8D, 61 | R8W, 62 | R8B, 63 | R9, 64 | R9D, 65 | R9W, 66 | R9B, 67 | R10, 68 | R10D, 69 | R10W, 70 | R10B, 71 | R11, 72 | R11D, 73 | R11W, 74 | R11B, 75 | R12, 76 | R12D, 77 | R12W, 78 | R12B, 79 | R13, 80 | R13D, 81 | R13W, 82 | R13B, 83 | R14, 84 | R14D, 85 | R14W, 86 | R14B, 87 | R15, 88 | R15D, 89 | R15W, 90 | R15B, 91 | #endif //_WIN64 92 | 93 | CIP, 94 | CSP, 95 | }; //RegisterEnum 96 | 97 | SCRIPT_EXPORT duint Get(RegisterEnum reg); 98 | SCRIPT_EXPORT bool Set(RegisterEnum reg, duint value); 99 | SCRIPT_EXPORT int Size(); //gets architecture register size in bytes 100 | 101 | SCRIPT_EXPORT duint GetDR0(); 102 | SCRIPT_EXPORT bool SetDR0(duint value); 103 | SCRIPT_EXPORT duint GetDR1(); 104 | SCRIPT_EXPORT bool SetDR1(duint value); 105 | SCRIPT_EXPORT duint GetDR2(); 106 | SCRIPT_EXPORT bool SetDR2(duint value); 107 | SCRIPT_EXPORT duint GetDR3(); 108 | SCRIPT_EXPORT bool SetDR3(duint value); 109 | SCRIPT_EXPORT duint GetDR6(); 110 | SCRIPT_EXPORT bool SetDR6(duint value); 111 | SCRIPT_EXPORT duint GetDR7(); 112 | SCRIPT_EXPORT bool SetDR7(duint value); 113 | 114 | SCRIPT_EXPORT unsigned int GetEAX(); 115 | SCRIPT_EXPORT bool SetEAX(unsigned int value); 116 | SCRIPT_EXPORT unsigned short GetAX(); 117 | SCRIPT_EXPORT bool SetAX(unsigned short value); 118 | SCRIPT_EXPORT unsigned char GetAH(); 119 | SCRIPT_EXPORT bool SetAH(unsigned char value); 120 | SCRIPT_EXPORT unsigned char GetAL(); 121 | SCRIPT_EXPORT bool SetAL(unsigned char value); 122 | SCRIPT_EXPORT unsigned int GetEBX(); 123 | SCRIPT_EXPORT bool SetEBX(unsigned int value); 124 | SCRIPT_EXPORT unsigned short GetBX(); 125 | SCRIPT_EXPORT bool SetBX(unsigned short value); 126 | SCRIPT_EXPORT unsigned char GetBH(); 127 | SCRIPT_EXPORT bool SetBH(unsigned char value); 128 | SCRIPT_EXPORT unsigned char GetBL(); 129 | SCRIPT_EXPORT bool SetBL(unsigned char value); 130 | SCRIPT_EXPORT unsigned int GetECX(); 131 | SCRIPT_EXPORT bool SetECX(unsigned int value); 132 | SCRIPT_EXPORT unsigned short GetCX(); 133 | SCRIPT_EXPORT bool SetCX(unsigned short value); 134 | SCRIPT_EXPORT unsigned char GetCH(); 135 | SCRIPT_EXPORT bool SetCH(unsigned char value); 136 | SCRIPT_EXPORT unsigned char GetCL(); 137 | SCRIPT_EXPORT bool SetCL(unsigned char value); 138 | SCRIPT_EXPORT unsigned int GetEDX(); 139 | SCRIPT_EXPORT bool SetEDX(unsigned int value); 140 | SCRIPT_EXPORT unsigned short GetDX(); 141 | SCRIPT_EXPORT bool SetDX(unsigned short value); 142 | SCRIPT_EXPORT unsigned char GetDH(); 143 | SCRIPT_EXPORT bool SetDH(unsigned char value); 144 | SCRIPT_EXPORT unsigned char GetDL(); 145 | SCRIPT_EXPORT bool SetDL(unsigned char value); 146 | SCRIPT_EXPORT unsigned int GetEDI(); 147 | SCRIPT_EXPORT bool SetEDI(unsigned int value); 148 | SCRIPT_EXPORT unsigned short GetDI(); 149 | SCRIPT_EXPORT bool SetDI(unsigned short value); 150 | SCRIPT_EXPORT unsigned int GetESI(); 151 | SCRIPT_EXPORT bool SetESI(unsigned int value); 152 | SCRIPT_EXPORT unsigned short GetSI(); 153 | SCRIPT_EXPORT bool SetSI(unsigned short value); 154 | SCRIPT_EXPORT unsigned int GetEBP(); 155 | SCRIPT_EXPORT bool SetEBP(unsigned int value); 156 | SCRIPT_EXPORT unsigned short GetBP(); 157 | SCRIPT_EXPORT bool SetBP(unsigned short value); 158 | SCRIPT_EXPORT unsigned int GetESP(); 159 | SCRIPT_EXPORT bool SetESP(unsigned int value); 160 | SCRIPT_EXPORT unsigned short GetSP(); 161 | SCRIPT_EXPORT bool SetSP(unsigned short value); 162 | SCRIPT_EXPORT unsigned int GetEIP(); 163 | SCRIPT_EXPORT bool SetEIP(unsigned int value); 164 | 165 | #ifdef _WIN64 166 | SCRIPT_EXPORT unsigned long long GetRAX(); 167 | SCRIPT_EXPORT bool SetRAX(unsigned long long value); 168 | SCRIPT_EXPORT unsigned long long GetRBX(); 169 | SCRIPT_EXPORT bool SetRBX(unsigned long long value); 170 | SCRIPT_EXPORT unsigned long long GetRCX(); 171 | SCRIPT_EXPORT bool SetRCX(unsigned long long value); 172 | SCRIPT_EXPORT unsigned long long GetRDX(); 173 | SCRIPT_EXPORT bool SetRDX(unsigned long long value); 174 | SCRIPT_EXPORT unsigned long long GetRSI(); 175 | SCRIPT_EXPORT bool SetRSI(unsigned long long value); 176 | SCRIPT_EXPORT unsigned char GetSIL(); 177 | SCRIPT_EXPORT bool SetSIL(unsigned char value); 178 | SCRIPT_EXPORT unsigned long long GetRDI(); 179 | SCRIPT_EXPORT bool SetRDI(unsigned long long value); 180 | SCRIPT_EXPORT unsigned char GetDIL(); 181 | SCRIPT_EXPORT bool SetDIL(unsigned char value); 182 | SCRIPT_EXPORT unsigned long long GetRBP(); 183 | SCRIPT_EXPORT bool SetRBP(unsigned long long value); 184 | SCRIPT_EXPORT unsigned char GetBPL(); 185 | SCRIPT_EXPORT bool SetBPL(unsigned char value); 186 | SCRIPT_EXPORT unsigned long long GetRSP(); 187 | SCRIPT_EXPORT bool SetRSP(unsigned long long value); 188 | SCRIPT_EXPORT unsigned char GetSPL(); 189 | SCRIPT_EXPORT bool SetSPL(unsigned char value); 190 | SCRIPT_EXPORT unsigned long long GetRIP(); 191 | SCRIPT_EXPORT bool SetRIP(unsigned long long value); 192 | SCRIPT_EXPORT unsigned long long GetR8(); 193 | SCRIPT_EXPORT bool SetR8(unsigned long long value); 194 | SCRIPT_EXPORT unsigned int GetR8D(); 195 | SCRIPT_EXPORT bool SetR8D(unsigned int value); 196 | SCRIPT_EXPORT unsigned short GetR8W(); 197 | SCRIPT_EXPORT bool SetR8W(unsigned short value); 198 | SCRIPT_EXPORT unsigned char GetR8B(); 199 | SCRIPT_EXPORT bool SetR8B(unsigned char value); 200 | SCRIPT_EXPORT unsigned long long GetR9(); 201 | SCRIPT_EXPORT bool SetR9(unsigned long long value); 202 | SCRIPT_EXPORT unsigned int GetR9D(); 203 | SCRIPT_EXPORT bool SetR9D(unsigned int value); 204 | SCRIPT_EXPORT unsigned short GetR9W(); 205 | SCRIPT_EXPORT bool SetR9W(unsigned short value); 206 | SCRIPT_EXPORT unsigned char GetR9B(); 207 | SCRIPT_EXPORT bool SetR9B(unsigned char value); 208 | SCRIPT_EXPORT unsigned long long GetR10(); 209 | SCRIPT_EXPORT bool SetR10(unsigned long long value); 210 | SCRIPT_EXPORT unsigned int GetR10D(); 211 | SCRIPT_EXPORT bool SetR10D(unsigned int value); 212 | SCRIPT_EXPORT unsigned short GetR10W(); 213 | SCRIPT_EXPORT bool SetR10W(unsigned short value); 214 | SCRIPT_EXPORT unsigned char GetR10B(); 215 | SCRIPT_EXPORT bool SetR10B(unsigned char value); 216 | SCRIPT_EXPORT unsigned long long GetR11(); 217 | SCRIPT_EXPORT bool SetR11(unsigned long long value); 218 | SCRIPT_EXPORT unsigned int GetR11D(); 219 | SCRIPT_EXPORT bool SetR11D(unsigned int value); 220 | SCRIPT_EXPORT unsigned short GetR11W(); 221 | SCRIPT_EXPORT bool SetR11W(unsigned short value); 222 | SCRIPT_EXPORT unsigned char GetR11B(); 223 | SCRIPT_EXPORT bool SetR11B(unsigned char value); 224 | SCRIPT_EXPORT unsigned long long GetR12(); 225 | SCRIPT_EXPORT bool SetR12(unsigned long long value); 226 | SCRIPT_EXPORT unsigned int GetR12D(); 227 | SCRIPT_EXPORT bool SetR12D(unsigned int value); 228 | SCRIPT_EXPORT unsigned short GetR12W(); 229 | SCRIPT_EXPORT bool SetR12W(unsigned short value); 230 | SCRIPT_EXPORT unsigned char GetR12B(); 231 | SCRIPT_EXPORT bool SetR12B(unsigned char value); 232 | SCRIPT_EXPORT unsigned long long GetR13(); 233 | SCRIPT_EXPORT bool SetR13(unsigned long long value); 234 | SCRIPT_EXPORT unsigned int GetR13D(); 235 | SCRIPT_EXPORT bool SetR13D(unsigned int value); 236 | SCRIPT_EXPORT unsigned short GetR13W(); 237 | SCRIPT_EXPORT bool SetR13W(unsigned short value); 238 | SCRIPT_EXPORT unsigned char GetR13B(); 239 | SCRIPT_EXPORT bool SetR13B(unsigned char value); 240 | SCRIPT_EXPORT unsigned long long GetR14(); 241 | SCRIPT_EXPORT bool SetR14(unsigned long long value); 242 | SCRIPT_EXPORT unsigned int GetR14D(); 243 | SCRIPT_EXPORT bool SetR14D(unsigned int value); 244 | SCRIPT_EXPORT unsigned short GetR14W(); 245 | SCRIPT_EXPORT bool SetR14W(unsigned short value); 246 | SCRIPT_EXPORT unsigned char GetR14B(); 247 | SCRIPT_EXPORT bool SetR14B(unsigned char value); 248 | SCRIPT_EXPORT unsigned long long GetR15(); 249 | SCRIPT_EXPORT bool SetR15(unsigned long long value); 250 | SCRIPT_EXPORT unsigned int GetR15D(); 251 | SCRIPT_EXPORT bool SetR15D(unsigned int value); 252 | SCRIPT_EXPORT unsigned short GetR15W(); 253 | SCRIPT_EXPORT bool SetR15W(unsigned short value); 254 | SCRIPT_EXPORT unsigned char GetR15B(); 255 | SCRIPT_EXPORT bool SetR15B(unsigned char value); 256 | #endif //_WIN64 257 | 258 | SCRIPT_EXPORT duint GetCIP(); 259 | SCRIPT_EXPORT bool SetCIP(duint value); 260 | SCRIPT_EXPORT duint GetCSP(); 261 | SCRIPT_EXPORT bool SetCSP(duint value); 262 | }; //Register 263 | }; //Script 264 | 265 | #endif //_SCRIPTAPI_REGISTER_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_stack.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_STACK_H 2 | #define _SCRIPTAPI_STACK_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Stack 9 | { 10 | SCRIPT_EXPORT duint Pop(); 11 | SCRIPT_EXPORT duint Push(duint value); //returns the previous top, equal to Peek(1) 12 | SCRIPT_EXPORT duint Peek(int offset = 0); //offset is in multiples of Register::Size(), for easy x32/x64 portability 13 | }; //Stack 14 | }; //Script 15 | 16 | #endif //_SCRIPTAPI_STACK_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/_scriptapi_symbol.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRIPTAPI_SYMBOL_H 2 | #define _SCRIPTAPI_SYMBOL_H 3 | 4 | #include "_scriptapi.h" 5 | 6 | namespace Script 7 | { 8 | namespace Symbol 9 | { 10 | enum SymbolType 11 | { 12 | Function, 13 | Import, 14 | Export 15 | }; 16 | 17 | struct SymbolInfo 18 | { 19 | char mod[MAX_MODULE_SIZE]; 20 | duint rva; 21 | char name[MAX_LABEL_SIZE]; 22 | bool manual; 23 | SymbolType type; 24 | }; 25 | 26 | SCRIPT_EXPORT bool GetList(ListOf(SymbolInfo) list); //caller has the responsibility to free the list 27 | }; //Symbol 28 | }; //Script 29 | 30 | #endif //_SCRIPTAPI_SYMBOL_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/bridgegraph.h: -------------------------------------------------------------------------------- 1 | #ifndef _GRAPH_H 2 | #define _GRAPH_H 3 | 4 | typedef struct 5 | { 6 | duint addr; //virtual address of the instruction 7 | unsigned char data[15]; //instruction bytes 8 | } BridgeCFInstruction; 9 | 10 | typedef struct 11 | { 12 | duint parentGraph; //function of which this node is a part 13 | duint start; //start of the block 14 | duint end; //end of the block (inclusive) 15 | duint brtrue; //destination if condition is true 16 | duint brfalse; //destination if condition is false 17 | duint icount; //number of instructions in node 18 | bool terminal; //node is a RET 19 | bool split; //node is a split (brtrue points to the next node) 20 | void* userdata; //user data 21 | ListInfo exits; //exits (including brtrue and brfalse, duint) 22 | ListInfo instrs; //block instructions 23 | } BridgeCFNodeList; 24 | 25 | typedef struct 26 | { 27 | duint entryPoint; //graph entry point 28 | void* userdata; //user data 29 | ListInfo nodes; //graph nodes (BridgeCFNodeList) 30 | } BridgeCFGraphList; 31 | 32 | #ifdef __cplusplus 33 | #if _MSC_VER >= 1700 && !defined(NO_CPP11) 34 | 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | struct BridgeCFNode 41 | { 42 | duint parentGraph; //function of which this node is a part 43 | duint start; //start of the block 44 | duint end; //end of the block (inclusive) 45 | duint brtrue; //destination if condition is true 46 | duint brfalse; //destination if condition is false 47 | duint icount; //number of instructions in node 48 | bool terminal; //node is a RET 49 | bool split; //node is a split (brtrue points to the next node) 50 | void* userdata; //user data 51 | std::vector exits; //exits (including brtrue and brfalse) 52 | std::vector instrs; //block instructions 53 | 54 | static void Free(const BridgeCFNodeList* nodeList) 55 | { 56 | if(!BridgeList::Free(&nodeList->exits)) 57 | __debugbreak(); 58 | if(!BridgeList::Free(&nodeList->instrs)) 59 | __debugbreak(); 60 | } 61 | 62 | explicit BridgeCFNode(const BridgeCFNodeList* nodeList, bool freedata) 63 | { 64 | if(!nodeList) 65 | __debugbreak(); 66 | parentGraph = nodeList->parentGraph; 67 | start = nodeList->start; 68 | end = nodeList->end; 69 | brtrue = nodeList->brtrue; 70 | brfalse = nodeList->brfalse; 71 | icount = nodeList->icount; 72 | terminal = nodeList->terminal; 73 | split = nodeList->split; 74 | userdata = nodeList->userdata; 75 | if(!BridgeList::ToVector(&nodeList->exits, exits, freedata)) 76 | __debugbreak(); 77 | if(!BridgeList::ToVector(&nodeList->instrs, instrs, freedata)) 78 | __debugbreak(); 79 | } 80 | 81 | explicit BridgeCFNode(duint parentGraph, duint start, duint end) 82 | : parentGraph(parentGraph), 83 | start(start), 84 | end(end), 85 | brtrue(0), 86 | brfalse(0), 87 | icount(0), 88 | terminal(false), 89 | split(false), 90 | userdata(nullptr) 91 | { 92 | } 93 | 94 | explicit BridgeCFNode() 95 | : BridgeCFNode(0, 0, 0) 96 | { 97 | } 98 | 99 | BridgeCFNodeList ToNodeList() const 100 | { 101 | BridgeCFNodeList out; 102 | out.parentGraph = parentGraph; 103 | out.start = start; 104 | out.end = end; 105 | out.brtrue = brtrue; 106 | out.brfalse = brfalse; 107 | out.icount = icount; 108 | out.terminal = terminal; 109 | out.split = split; 110 | out.userdata = userdata; 111 | BridgeList::CopyData(&out.exits, exits); 112 | BridgeList::CopyData(&out.instrs, instrs); 113 | return std::move(out); 114 | } 115 | }; 116 | 117 | struct BridgeCFGraph 118 | { 119 | duint entryPoint; //graph entry point 120 | void* userdata; //user data 121 | std::unordered_map nodes; //CFNode.start -> CFNode 122 | std::unordered_map> parents; //CFNode.start -> parents 123 | 124 | static void Free(const BridgeCFGraphList* graphList) 125 | { 126 | if(!graphList || graphList->nodes.size != graphList->nodes.count * sizeof(BridgeCFNodeList)) 127 | __debugbreak(); 128 | auto data = (BridgeCFNodeList*)graphList->nodes.data; 129 | for(int i = 0; i < graphList->nodes.count; i++) 130 | BridgeCFNode::Free(&data[i]); 131 | BridgeFree(data); 132 | } 133 | 134 | explicit BridgeCFGraph(const BridgeCFGraphList* graphList, bool freedata) 135 | { 136 | if(!graphList || graphList->nodes.size != graphList->nodes.count * sizeof(BridgeCFNodeList)) 137 | __debugbreak(); 138 | entryPoint = graphList->entryPoint; 139 | userdata = graphList->userdata; 140 | auto data = (BridgeCFNodeList*)graphList->nodes.data; 141 | for(int i = 0; i < graphList->nodes.count; i++) 142 | AddNode(BridgeCFNode(&data[i], freedata)); 143 | if(freedata && data) 144 | BridgeFree(data); 145 | } 146 | 147 | explicit BridgeCFGraph(duint entryPoint) 148 | : entryPoint(entryPoint), 149 | userdata(nullptr) 150 | { 151 | } 152 | 153 | void AddNode(const BridgeCFNode & node) 154 | { 155 | nodes[node.start] = node; 156 | AddParent(node.start, node.brtrue); 157 | AddParent(node.start, node.brfalse); 158 | } 159 | 160 | void AddParent(duint child, duint parent) 161 | { 162 | if(!child || !parent) 163 | return; 164 | auto found = parents.find(child); 165 | if(found == parents.end()) 166 | parents[child] = std::unordered_set(std::initializer_list { parent }); 167 | else 168 | found->second.insert(parent); 169 | } 170 | 171 | BridgeCFGraphList ToGraphList() const 172 | { 173 | BridgeCFGraphList out; 174 | out.entryPoint = entryPoint; 175 | out.userdata = userdata; 176 | std::vector nodeList; 177 | nodeList.reserve(nodes.size()); 178 | for(const auto & nodeIt : nodes) 179 | nodeList.push_back(nodeIt.second.ToNodeList()); 180 | BridgeList::CopyData(&out.nodes, nodeList); 181 | return std::move(out); 182 | } 183 | }; 184 | 185 | #endif //_MSC_VER 186 | #endif //__cplusplus 187 | 188 | #endif //_GRAPH_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/bridgelist.h: -------------------------------------------------------------------------------- 1 | #ifndef _LIST_H 2 | #define _LIST_H 3 | 4 | typedef struct 5 | { 6 | int count; //Number of element in the list. 7 | size_t size; //Size of list in bytes (used for type checking). 8 | void* data; //Pointer to the list contents. Must be deleted by the caller using BridgeFree (or BridgeList::Free). 9 | } ListInfo; 10 | 11 | #define ListOf(Type) ListInfo* 12 | 13 | #ifdef __cplusplus 14 | 15 | #include 16 | 17 | /** 18 | \brief A list object. This object is NOT thread safe. 19 | \tparam Type BridgeList contents type. 20 | */ 21 | template 22 | class BridgeList 23 | { 24 | public: 25 | /** 26 | \brief BridgeList constructor. 27 | \param _freeData (Optional) the free function. 28 | */ 29 | explicit BridgeList() 30 | { 31 | memset(&_listInfo, 0, sizeof(_listInfo)); 32 | } 33 | 34 | /** 35 | \brief BridgeList destructor. 36 | */ 37 | ~BridgeList() 38 | { 39 | Cleanup(); 40 | } 41 | 42 | /** 43 | \brief Gets the list data. 44 | \return Returns ListInfo->data. Can be null if the list was never initialized. Will be destroyed once this object goes out of scope! 45 | */ 46 | Type* Data() const 47 | { 48 | return reinterpret_cast(_listInfo.data); 49 | } 50 | 51 | /** 52 | \brief Gets the number of elements in the list. This will crash the program if the data is not consistent with the specified template argument. 53 | \return The number of elements in the list. 54 | */ 55 | int Count() const 56 | { 57 | if(_listInfo.size != _listInfo.count * sizeof(Type)) //make sure the user is using the correct type. 58 | __debugbreak(); 59 | return _listInfo.count; 60 | } 61 | 62 | /** 63 | \brief Cleans up the list, freeing the list data when it is not null. 64 | */ 65 | void Cleanup() 66 | { 67 | if(_listInfo.data) 68 | { 69 | BridgeFree(_listInfo.data); 70 | _listInfo.data = nullptr; 71 | } 72 | } 73 | 74 | /** 75 | \brief Reference operator (cleans up the previous list) 76 | \return Pointer to the ListInfo. 77 | */ 78 | ListInfo* operator&() 79 | { 80 | Cleanup(); 81 | return &_listInfo; 82 | } 83 | 84 | /** 85 | \brief Array indexer operator. This will crash if you try to access out-of-bounds. 86 | \param index Zero-based index of the item you want to get. 87 | \return Reference to a value at that index. 88 | */ 89 | Type & operator[](size_t index) const 90 | { 91 | if(index >= size_t(Count())) //make sure the out-of-bounds access is caught as soon as possible. 92 | __debugbreak(); 93 | return Data()[index]; 94 | } 95 | 96 | /** 97 | \brief Copies data to a ListInfo structure.. 98 | \param [out] listInfo If non-null, information describing the list. 99 | \param listData Data to copy in the ListInfo structure. 100 | \return true if it succeeds, false if it fails. 101 | */ 102 | static bool CopyData(ListInfo* listInfo, const std::vector & listData) 103 | { 104 | if(!listInfo) 105 | return false; 106 | listInfo->count = int(listData.size()); 107 | listInfo->size = listInfo->count * sizeof(Type); 108 | if(listInfo->count) 109 | { 110 | listInfo->data = BridgeAlloc(listInfo->size); 111 | Type* curItem = reinterpret_cast(listInfo->data); 112 | for(const auto & item : listData) 113 | { 114 | *curItem = item; 115 | ++curItem; 116 | } 117 | } 118 | else 119 | listInfo->data = nullptr; 120 | return true; 121 | } 122 | 123 | static bool Free(const ListInfo* listInfo) 124 | { 125 | if(!listInfo || listInfo->size != listInfo->count * sizeof(Type) || (listInfo->count && !listInfo->data)) 126 | return false; 127 | BridgeFree(listInfo->data); 128 | return true; 129 | } 130 | 131 | static bool ToVector(const ListInfo* listInfo, std::vector & listData, bool freedata = true) 132 | { 133 | if(!listInfo || listInfo->size != listInfo->count * sizeof(Type) || (listInfo->count && !listInfo->data)) 134 | return false; 135 | listData.resize(listInfo->count); 136 | for(int i = 0; i < listInfo->count; i++) 137 | listData[i] = ((Type*)listInfo->data)[i]; 138 | if(freedata && listInfo->data) 139 | BridgeFree(listInfo->data); 140 | return true; 141 | } 142 | 143 | private: 144 | ListInfo _listInfo; 145 | }; 146 | 147 | #endif //__cplusplus 148 | 149 | #endif //_LIST_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/capstone/capstone_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/capstone/capstone_x64.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/capstone/capstone_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/capstone/capstone_x86.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/capstone/platform.h: -------------------------------------------------------------------------------- 1 | /* Capstone Disassembly Engine */ 2 | /* By Axel Souchet & Nguyen Anh Quynh, 2014 */ 3 | 4 | #ifndef CAPSTONE_PLATFORM_H 5 | #define CAPSTONE_PLATFORM_H 6 | 7 | 8 | // handle C99 issue (for pre-2013 VisualStudio) 9 | #if !defined(__CYGWIN__) && !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64)) 10 | // MSVC 11 | 12 | // stdbool.h 13 | #if (_MSC_VER < 1800) || defined(_KERNEL_MODE) 14 | // this system does not have stdbool.h 15 | #ifndef __cplusplus 16 | typedef unsigned char bool; 17 | #define false 0 18 | #define true 1 19 | #endif // __cplusplus 20 | 21 | #else 22 | // VisualStudio 2013+ -> C99 is supported 23 | #include 24 | #endif // (_MSC_VER < 1800) || defined(_KERNEL_MODE) 25 | 26 | #else 27 | // not MSVC -> C99 is supported 28 | #include 29 | #endif // !defined(__CYGWIN__) && !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64)) 30 | 31 | 32 | // handle inttypes.h / stdint.h compatibility 33 | #if defined(_WIN32_WCE) && (_WIN32_WCE < 0x800) 34 | #include "windowsce/stdint.h" 35 | #endif // defined(_WIN32_WCE) && (_WIN32_WCE < 0x800) 36 | 37 | #if defined(CAPSTONE_HAS_OSXKERNEL) || (defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE))) 38 | // this system does not have inttypes.h 39 | 40 | #if defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE)) 41 | // this system does not have stdint.h 42 | typedef signed char int8_t; 43 | typedef signed short int16_t; 44 | typedef signed int int32_t; 45 | typedef unsigned char uint8_t; 46 | typedef unsigned short uint16_t; 47 | typedef unsigned int uint32_t; 48 | typedef signed long long int64_t; 49 | typedef unsigned long long uint64_t; 50 | 51 | #define INT8_MIN (-127i8 - 1) 52 | #define INT16_MIN (-32767i16 - 1) 53 | #define INT32_MIN (-2147483647i32 - 1) 54 | #define INT64_MIN (-9223372036854775807i64 - 1) 55 | #define INT8_MAX 127i8 56 | #define INT16_MAX 32767i16 57 | #define INT32_MAX 2147483647i32 58 | #define INT64_MAX 9223372036854775807i64 59 | #define UINT8_MAX 0xffui8 60 | #define UINT16_MAX 0xffffui16 61 | #define UINT32_MAX 0xffffffffui32 62 | #define UINT64_MAX 0xffffffffffffffffui64 63 | #endif // defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE)) 64 | 65 | #define __PRI_8_LENGTH_MODIFIER__ "hh" 66 | #define __PRI_64_LENGTH_MODIFIER__ "ll" 67 | 68 | #define PRId8 __PRI_8_LENGTH_MODIFIER__ "d" 69 | #define PRIi8 __PRI_8_LENGTH_MODIFIER__ "i" 70 | #define PRIo8 __PRI_8_LENGTH_MODIFIER__ "o" 71 | #define PRIu8 __PRI_8_LENGTH_MODIFIER__ "u" 72 | #define PRIx8 __PRI_8_LENGTH_MODIFIER__ "x" 73 | #define PRIX8 __PRI_8_LENGTH_MODIFIER__ "X" 74 | 75 | #define PRId16 "hd" 76 | #define PRIi16 "hi" 77 | #define PRIo16 "ho" 78 | #define PRIu16 "hu" 79 | #define PRIx16 "hx" 80 | #define PRIX16 "hX" 81 | 82 | #if defined(_MSC_VER) && _MSC_VER <= 1700 83 | #define PRId32 "ld" 84 | #define PRIi32 "li" 85 | #define PRIo32 "lo" 86 | #define PRIu32 "lu" 87 | #define PRIx32 "lx" 88 | #define PRIX32 "lX" 89 | #else // OSX 90 | #define PRId32 "d" 91 | #define PRIi32 "i" 92 | #define PRIo32 "o" 93 | #define PRIu32 "u" 94 | #define PRIx32 "x" 95 | #define PRIX32 "X" 96 | #endif // defined(_MSC_VER) && _MSC_VER <= 1700 97 | 98 | #define PRId64 __PRI_64_LENGTH_MODIFIER__ "d" 99 | #define PRIi64 __PRI_64_LENGTH_MODIFIER__ "i" 100 | #define PRIo64 __PRI_64_LENGTH_MODIFIER__ "o" 101 | #define PRIu64 __PRI_64_LENGTH_MODIFIER__ "u" 102 | #define PRIx64 __PRI_64_LENGTH_MODIFIER__ "x" 103 | #define PRIX64 __PRI_64_LENGTH_MODIFIER__ "X" 104 | 105 | #else 106 | // this system has inttypes.h by default 107 | #include 108 | #endif // defined(CAPSTONE_HAS_OSXKERNEL) || (defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE))) 109 | 110 | #endif 111 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/capstone/xcore.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_XCORE_H 2 | #define CAPSTONE_XCORE_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014-2015 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include "platform.h" 12 | 13 | #ifdef _MSC_VER 14 | #pragma warning(disable:4201) 15 | #endif 16 | 17 | //> Operand type for instruction's operands 18 | typedef enum xcore_op_type 19 | { 20 | XCORE_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 21 | XCORE_OP_REG, // = CS_OP_REG (Register operand). 22 | XCORE_OP_IMM, // = CS_OP_IMM (Immediate operand). 23 | XCORE_OP_MEM, // = CS_OP_MEM (Memory operand). 24 | } xcore_op_type; 25 | 26 | //> XCore registers 27 | typedef enum xcore_reg 28 | { 29 | XCORE_REG_INVALID = 0, 30 | 31 | XCORE_REG_CP, 32 | XCORE_REG_DP, 33 | XCORE_REG_LR, 34 | XCORE_REG_SP, 35 | XCORE_REG_R0, 36 | XCORE_REG_R1, 37 | XCORE_REG_R2, 38 | XCORE_REG_R3, 39 | XCORE_REG_R4, 40 | XCORE_REG_R5, 41 | XCORE_REG_R6, 42 | XCORE_REG_R7, 43 | XCORE_REG_R8, 44 | XCORE_REG_R9, 45 | XCORE_REG_R10, 46 | XCORE_REG_R11, 47 | 48 | //> pseudo registers 49 | XCORE_REG_PC, // pc 50 | 51 | // internal thread registers 52 | // see The-XMOS-XS1-Architecture(X7879A).pdf 53 | XCORE_REG_SCP, // save pc 54 | XCORE_REG_SSR, // save status 55 | XCORE_REG_ET, // exception type 56 | XCORE_REG_ED, // exception data 57 | XCORE_REG_SED, // save exception data 58 | XCORE_REG_KEP, // kernel entry pointer 59 | XCORE_REG_KSP, // kernel stack pointer 60 | XCORE_REG_ID, // thread ID 61 | 62 | XCORE_REG_ENDING, // <-- mark the end of the list of registers 63 | } xcore_reg; 64 | 65 | // Instruction's operand referring to memory 66 | // This is associated with XCORE_OP_MEM operand type above 67 | typedef struct xcore_op_mem 68 | { 69 | uint8_t base; // base register, can be safely interpreted as 70 | // a value of type `xcore_reg`, but it is only 71 | // one byte wide 72 | uint8_t index; // index register, same conditions apply here 73 | int32_t disp; // displacement/offset value 74 | int direct; // +1: forward, -1: backward 75 | } xcore_op_mem; 76 | 77 | // Instruction operand 78 | typedef struct cs_xcore_op 79 | { 80 | xcore_op_type type; // operand type 81 | union 82 | { 83 | xcore_reg reg; // register value for REG operand 84 | int32_t imm; // immediate value for IMM operand 85 | xcore_op_mem mem; // base/disp value for MEM operand 86 | }; 87 | } cs_xcore_op; 88 | 89 | // Instruction structure 90 | typedef struct cs_xcore 91 | { 92 | // Number of operands of this instruction, 93 | // or 0 when instruction has no operand. 94 | uint8_t op_count; 95 | cs_xcore_op operands[8]; // operands for this instruction. 96 | } cs_xcore; 97 | 98 | //> XCore instruction 99 | typedef enum xcore_insn 100 | { 101 | XCORE_INS_INVALID = 0, 102 | 103 | XCORE_INS_ADD, 104 | XCORE_INS_ANDNOT, 105 | XCORE_INS_AND, 106 | XCORE_INS_ASHR, 107 | XCORE_INS_BAU, 108 | XCORE_INS_BITREV, 109 | XCORE_INS_BLA, 110 | XCORE_INS_BLAT, 111 | XCORE_INS_BL, 112 | XCORE_INS_BF, 113 | XCORE_INS_BT, 114 | XCORE_INS_BU, 115 | XCORE_INS_BRU, 116 | XCORE_INS_BYTEREV, 117 | XCORE_INS_CHKCT, 118 | XCORE_INS_CLRE, 119 | XCORE_INS_CLRPT, 120 | XCORE_INS_CLRSR, 121 | XCORE_INS_CLZ, 122 | XCORE_INS_CRC8, 123 | XCORE_INS_CRC32, 124 | XCORE_INS_DCALL, 125 | XCORE_INS_DENTSP, 126 | XCORE_INS_DGETREG, 127 | XCORE_INS_DIVS, 128 | XCORE_INS_DIVU, 129 | XCORE_INS_DRESTSP, 130 | XCORE_INS_DRET, 131 | XCORE_INS_ECALLF, 132 | XCORE_INS_ECALLT, 133 | XCORE_INS_EDU, 134 | XCORE_INS_EEF, 135 | XCORE_INS_EET, 136 | XCORE_INS_EEU, 137 | XCORE_INS_ENDIN, 138 | XCORE_INS_ENTSP, 139 | XCORE_INS_EQ, 140 | XCORE_INS_EXTDP, 141 | XCORE_INS_EXTSP, 142 | XCORE_INS_FREER, 143 | XCORE_INS_FREET, 144 | XCORE_INS_GETD, 145 | XCORE_INS_GET, 146 | XCORE_INS_GETN, 147 | XCORE_INS_GETR, 148 | XCORE_INS_GETSR, 149 | XCORE_INS_GETST, 150 | XCORE_INS_GETTS, 151 | XCORE_INS_INCT, 152 | XCORE_INS_INIT, 153 | XCORE_INS_INPW, 154 | XCORE_INS_INSHR, 155 | XCORE_INS_INT, 156 | XCORE_INS_IN, 157 | XCORE_INS_KCALL, 158 | XCORE_INS_KENTSP, 159 | XCORE_INS_KRESTSP, 160 | XCORE_INS_KRET, 161 | XCORE_INS_LADD, 162 | XCORE_INS_LD16S, 163 | XCORE_INS_LD8U, 164 | XCORE_INS_LDA16, 165 | XCORE_INS_LDAP, 166 | XCORE_INS_LDAW, 167 | XCORE_INS_LDC, 168 | XCORE_INS_LDW, 169 | XCORE_INS_LDIVU, 170 | XCORE_INS_LMUL, 171 | XCORE_INS_LSS, 172 | XCORE_INS_LSUB, 173 | XCORE_INS_LSU, 174 | XCORE_INS_MACCS, 175 | XCORE_INS_MACCU, 176 | XCORE_INS_MJOIN, 177 | XCORE_INS_MKMSK, 178 | XCORE_INS_MSYNC, 179 | XCORE_INS_MUL, 180 | XCORE_INS_NEG, 181 | XCORE_INS_NOT, 182 | XCORE_INS_OR, 183 | XCORE_INS_OUTCT, 184 | XCORE_INS_OUTPW, 185 | XCORE_INS_OUTSHR, 186 | XCORE_INS_OUTT, 187 | XCORE_INS_OUT, 188 | XCORE_INS_PEEK, 189 | XCORE_INS_REMS, 190 | XCORE_INS_REMU, 191 | XCORE_INS_RETSP, 192 | XCORE_INS_SETCLK, 193 | XCORE_INS_SET, 194 | XCORE_INS_SETC, 195 | XCORE_INS_SETD, 196 | XCORE_INS_SETEV, 197 | XCORE_INS_SETN, 198 | XCORE_INS_SETPSC, 199 | XCORE_INS_SETPT, 200 | XCORE_INS_SETRDY, 201 | XCORE_INS_SETSR, 202 | XCORE_INS_SETTW, 203 | XCORE_INS_SETV, 204 | XCORE_INS_SEXT, 205 | XCORE_INS_SHL, 206 | XCORE_INS_SHR, 207 | XCORE_INS_SSYNC, 208 | XCORE_INS_ST16, 209 | XCORE_INS_ST8, 210 | XCORE_INS_STW, 211 | XCORE_INS_SUB, 212 | XCORE_INS_SYNCR, 213 | XCORE_INS_TESTCT, 214 | XCORE_INS_TESTLCL, 215 | XCORE_INS_TESTWCT, 216 | XCORE_INS_TSETMR, 217 | XCORE_INS_START, 218 | XCORE_INS_WAITEF, 219 | XCORE_INS_WAITET, 220 | XCORE_INS_WAITEU, 221 | XCORE_INS_XOR, 222 | XCORE_INS_ZEXT, 223 | 224 | XCORE_INS_ENDING, // <-- mark the end of the list of instructions 225 | } xcore_insn; 226 | 227 | //> Group of XCore instructions 228 | typedef enum xcore_insn_group 229 | { 230 | XCORE_GRP_INVALID = 0, // = CS_GRP_INVALID 231 | 232 | //> Generic groups 233 | // all jump instructions (conditional+direct+indirect jumps) 234 | XCORE_GRP_JUMP, // = CS_GRP_JUMP 235 | 236 | XCORE_GRP_ENDING, // <-- mark the end of the list of groups 237 | } xcore_insn_group; 238 | 239 | #ifdef __cplusplus 240 | } 241 | #endif 242 | 243 | #endif 244 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/jansson/jansson_config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2016 Petri Lehtinen 3 | * 4 | * Jansson is free software; you can redistribute it and/or modify 5 | * it under the terms of the MIT license. See LICENSE for details. 6 | * 7 | * 8 | * This file specifies a part of the site-specific configuration for 9 | * Jansson, namely those things that affect the public API in 10 | * jansson.h. 11 | * 12 | * The CMake system will generate the jansson_config.h file and 13 | * copy it to the build and install directories. 14 | */ 15 | 16 | #ifndef JANSSON_CONFIG_H 17 | #define JANSSON_CONFIG_H 18 | 19 | /* Define this so that we can disable scattered automake configuration in source files */ 20 | #ifndef JANSSON_USING_CMAKE 21 | #define JANSSON_USING_CMAKE 22 | #endif 23 | 24 | /* Note: when using cmake, JSON_INTEGER_IS_LONG_LONG is not defined nor used, 25 | * as we will also check for __int64 etc types. 26 | * (the definition was used in the automake system) */ 27 | 28 | /* Bring in the cmake-detected defines */ 29 | #define HAVE_STDINT_H 1 30 | /* #undef HAVE_INTTYPES_H */ 31 | /* #undef HAVE_SYS_TYPES_H */ 32 | 33 | /* Include our standard type header for the integer typedef */ 34 | 35 | #if defined(HAVE_STDINT_H) 36 | # include 37 | #elif defined(HAVE_INTTYPES_H) 38 | # include 39 | #elif defined(HAVE_SYS_TYPES_H) 40 | # include 41 | #endif 42 | 43 | 44 | /* If your compiler supports the inline keyword in C, JSON_INLINE is 45 | defined to `inline', otherwise empty. In C++, the inline is always 46 | supported. */ 47 | #ifdef __cplusplus 48 | #define JSON_INLINE inline 49 | #else 50 | #define JSON_INLINE __inline 51 | #endif 52 | 53 | 54 | #define json_int_t long long 55 | #define json_strtoint strtoll 56 | #define JSON_INTEGER_FORMAT "I64d" 57 | 58 | 59 | /* If locale.h and localeconv() are available, define to 1, otherwise to 0. */ 60 | #define JSON_HAVE_LOCALECONV 1 61 | 62 | 63 | /* Maximum recursion depth for parsing JSON input. 64 | This limits the depth of e.g. array-within-array constructions. */ 65 | #define JSON_PARSER_MAX_DEPTH 2048 66 | 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/jansson/jansson_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/jansson/jansson_x64.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/jansson/jansson_x64dbg.h: -------------------------------------------------------------------------------- 1 | typedef json_t* JSON; 2 | 3 | static JSON_INLINE 4 | json_t* json_hex(unsigned json_int_t value) 5 | { 6 | char hexvalue[20]; 7 | #ifdef _WIN64 8 | sprintf(hexvalue, "0x%llX", value); 9 | #else //x64 10 | sprintf(hexvalue, "0x%X", value); 11 | #endif //_WIN64 12 | return json_string(hexvalue); 13 | } 14 | 15 | static JSON_INLINE 16 | unsigned json_int_t json_hex_value(const json_t* hex) 17 | { 18 | unsigned json_int_t ret = 0; 19 | const char* hexvalue; 20 | hexvalue = json_string_value(hex); 21 | if(!hexvalue) 22 | return 0; 23 | #ifdef _WIN64 24 | sscanf(hexvalue, "0x%llX", &ret); 25 | #else //x64 26 | sscanf(hexvalue, "0x%X", &ret); 27 | #endif //_WIN64 28 | return ret; 29 | } -------------------------------------------------------------------------------- /SlothBP/pluginsdk/jansson/jansson_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/jansson/jansson_x86.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/lz4/lz4_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/lz4/lz4_x64.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/lz4/lz4_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/lz4/lz4_x86.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/lz4/lz4file.h: -------------------------------------------------------------------------------- 1 | #ifndef _LZ4FILE_H 2 | #define _LZ4FILE_H 3 | 4 | typedef enum _LZ4_STATUS 5 | { 6 | LZ4_SUCCESS, 7 | LZ4_FAILED_OPEN_INPUT, 8 | LZ4_FAILED_OPEN_OUTPUT, 9 | LZ4_NOT_ENOUGH_MEMORY, 10 | LZ4_INVALID_ARCHIVE, 11 | LZ4_CORRUPTED_ARCHIVE 12 | } LZ4_STATUS; 13 | 14 | #if defined (__cplusplus) 15 | extern "C" 16 | { 17 | #endif 18 | 19 | __declspec(dllimport) LZ4_STATUS LZ4_compress_file(const char* input_filename, const char* output_filename); 20 | __declspec(dllimport) LZ4_STATUS LZ4_compress_fileW(const wchar_t* input_filename, const wchar_t* output_filename); 21 | __declspec(dllimport) LZ4_STATUS LZ4_decompress_file(const char* input_filename, const char* output_filename); 22 | __declspec(dllimport) LZ4_STATUS LZ4_decompress_fileW(const wchar_t* input_filename, const wchar_t* output_filename); 23 | 24 | #if defined (__cplusplus) 25 | } 26 | #endif 27 | 28 | #endif //_LZ4FILE_H -------------------------------------------------------------------------------- /SlothBP/pluginsdk/lz4/lz4hc.h: -------------------------------------------------------------------------------- 1 | /* 2 | LZ4 HC - High Compression Mode of LZ4 3 | Header File 4 | Copyright (C) 2011-2014, Yann Collet. 5 | BSD 2-Clause License (http://www.opensource.org/licenses/bsd-license.php) 6 | 7 | Redistribution and use in source and binary forms, with or without 8 | modification, are permitted provided that the following conditions are 9 | met: 10 | 11 | * Redistributions of source code must retain the above copyright 12 | notice, this list of conditions and the following disclaimer. 13 | * Redistributions in binary form must reproduce the above 14 | copyright notice, this list of conditions and the following disclaimer 15 | in the documentation and/or other materials provided with the 16 | distribution. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | 30 | You can contact the author at : 31 | - LZ4 homepage : http://fastcompression.blogspot.com/p/lz4.html 32 | - LZ4 source repository : http://code.google.com/p/lz4/ 33 | */ 34 | #ifndef _LZ4HC_H 35 | #define _LZ4HC_H 36 | 37 | #if defined (__cplusplus) 38 | extern "C" 39 | { 40 | #endif 41 | 42 | 43 | __declspec(dllimport) int LZ4_compressHC(const char* source, char* dest, int inputSize); 44 | /* 45 | LZ4_compressHC : 46 | return : the number of bytes in compressed buffer dest 47 | or 0 if compression fails. 48 | note : destination buffer must be already allocated. 49 | To avoid any problem, size it to handle worst cases situations (input data not compressible) 50 | Worst case size evaluation is provided by function LZ4_compressBound() (see "lz4.h") 51 | */ 52 | 53 | __declspec(dllimport) int LZ4_compressHC_limitedOutput(const char* source, char* dest, int inputSize, int maxOutputSize); 54 | /* 55 | LZ4_compress_limitedOutput() : 56 | Compress 'inputSize' bytes from 'source' into an output buffer 'dest' of maximum size 'maxOutputSize'. 57 | If it cannot achieve it, compression will stop, and result of the function will be zero. 58 | This function never writes outside of provided output buffer. 59 | 60 | inputSize : Max supported value is 1 GB 61 | maxOutputSize : is maximum allowed size into the destination buffer (which must be already allocated) 62 | return : the number of output bytes written in buffer 'dest' 63 | or 0 if compression fails. 64 | */ 65 | 66 | 67 | __declspec(dllimport) int LZ4_compressHC2(const char* source, char* dest, int inputSize, int compressionLevel); 68 | __declspec(dllimport) int LZ4_compressHC2_limitedOutput(const char* source, char* dest, int inputSize, int maxOutputSize, int compressionLevel); 69 | /* 70 | Same functions as above, but with programmable 'compressionLevel'. 71 | Recommended values are between 4 and 9, although any value between 0 and 16 will work. 72 | 'compressionLevel'==0 means use default 'compressionLevel' value. 73 | Values above 16 behave the same as 16. 74 | Equivalent variants exist for all other compression functions below. 75 | */ 76 | 77 | /* Note : 78 | Decompression functions are provided within LZ4 source code (see "lz4.h") (BSD license) 79 | */ 80 | 81 | 82 | /************************************** 83 | Using an external allocation 84 | **************************************/ 85 | __declspec(dllimport) int LZ4_sizeofStateHC(void); 86 | __declspec(dllimport) int LZ4_compressHC_withStateHC(void* state, const char* source, char* dest, int inputSize); 87 | __declspec(dllimport) int LZ4_compressHC_limitedOutput_withStateHC(void* state, const char* source, char* dest, int inputSize, int maxOutputSize); 88 | 89 | __declspec(dllimport) int LZ4_compressHC2_withStateHC(void* state, const char* source, char* dest, int inputSize, int compressionLevel); 90 | __declspec(dllimport) int LZ4_compressHC2_limitedOutput_withStateHC(void* state, const char* source, char* dest, int inputSize, int maxOutputSize, int compressionLevel); 91 | 92 | /* 93 | These functions are provided should you prefer to allocate memory for compression tables with your own allocation methods. 94 | To know how much memory must be allocated for the compression tables, use : 95 | int LZ4_sizeofStateHC(); 96 | 97 | Note that tables must be aligned for pointer (32 or 64 bits), otherwise compression will fail (return code 0). 98 | 99 | The allocated memory can be provided to the compressions functions using 'void* state' parameter. 100 | LZ4_compress_withStateHC() and LZ4_compress_limitedOutput_withStateHC() are equivalent to previously described functions. 101 | They just use the externally allocated memory area instead of allocating their own (on stack, or on heap). 102 | */ 103 | 104 | 105 | /************************************** 106 | Streaming Functions 107 | **************************************/ 108 | __declspec(dllimport) void* LZ4_createHC(const char* inputBuffer); 109 | __declspec(dllimport) int LZ4_compressHC_continue(void* LZ4HC_Data, const char* source, char* dest, int inputSize); 110 | __declspec(dllimport) int LZ4_compressHC_limitedOutput_continue(void* LZ4HC_Data, const char* source, char* dest, int inputSize, int maxOutputSize); 111 | __declspec(dllimport) char* LZ4_slideInputBufferHC(void* LZ4HC_Data); 112 | __declspec(dllimport) int LZ4_freeHC(void* LZ4HC_Data); 113 | 114 | __declspec(dllimport) int LZ4_compressHC2_continue(void* LZ4HC_Data, const char* source, char* dest, int inputSize, int compressionLevel); 115 | __declspec(dllimport) int LZ4_compressHC2_limitedOutput_continue(void* LZ4HC_Data, const char* source, char* dest, int inputSize, int maxOutputSize, int compressionLevel); 116 | 117 | /* 118 | These functions allow the compression of dependent blocks, where each block benefits from prior 64 KB within preceding blocks. 119 | In order to achieve this, it is necessary to start creating the LZ4HC Data Structure, thanks to the function : 120 | 121 | void* LZ4_createHC (const char* inputBuffer); 122 | The result of the function is the (void*) pointer on the LZ4HC Data Structure. 123 | This pointer will be needed in all other functions. 124 | If the pointer returned is NULL, then the allocation has failed, and compression must be aborted. 125 | The only parameter 'const char* inputBuffer' must, obviously, point at the beginning of input buffer. 126 | The input buffer must be already allocated, and size at least 192KB. 127 | 'inputBuffer' will also be the 'const char* source' of the first block. 128 | 129 | All blocks are expected to lay next to each other within the input buffer, starting from 'inputBuffer'. 130 | To compress each block, use either LZ4_compressHC_continue() or LZ4_compressHC_limitedOutput_continue(). 131 | Their behavior are identical to LZ4_compressHC() or LZ4_compressHC_limitedOutput(), 132 | but require the LZ4HC Data Structure as their first argument, and check that each block starts right after the previous one. 133 | If next block does not begin immediately after the previous one, the compression will fail (return 0). 134 | 135 | When it's no longer possible to lay the next block after the previous one (not enough space left into input buffer), a call to : 136 | char* LZ4_slideInputBufferHC(void* LZ4HC_Data); 137 | must be performed. It will typically copy the latest 64KB of input at the beginning of input buffer. 138 | Note that, for this function to work properly, minimum size of an input buffer must be 192KB. 139 | ==> The memory position where the next input data block must start is provided as the result of the function. 140 | 141 | Compression can then resume, using LZ4_compressHC_continue() or LZ4_compressHC_limitedOutput_continue(), as usual. 142 | 143 | When compression is completed, a call to LZ4_freeHC() will release the memory used by the LZ4HC Data Structure. 144 | */ 145 | 146 | __declspec(dllimport) int LZ4_sizeofStreamStateHC(void); 147 | __declspec(dllimport) int LZ4_resetStreamStateHC(void* state, const char* inputBuffer); 148 | 149 | /* 150 | These functions achieve the same result as : 151 | void* LZ4_createHC (const char* inputBuffer); 152 | 153 | They are provided here to allow the user program to allocate memory using its own routines. 154 | 155 | To know how much space must be allocated, use LZ4_sizeofStreamStateHC(); 156 | Note also that space must be aligned for pointers (32 or 64 bits). 157 | 158 | Once space is allocated, you must initialize it using : LZ4_resetStreamStateHC(void* state, const char* inputBuffer); 159 | void* state is a pointer to the space allocated. 160 | It must be aligned for pointers (32 or 64 bits), and be large enough. 161 | The parameter 'const char* inputBuffer' must, obviously, point at the beginning of input buffer. 162 | The input buffer must be already allocated, and size at least 192KB. 163 | 'inputBuffer' will also be the 'const char* source' of the first block. 164 | 165 | The same space can be re-used multiple times, just by initializing it each time with LZ4_resetStreamState(). 166 | return value of LZ4_resetStreamStateHC() must be 0 is OK. 167 | Any other value means there was an error (typically, state is not aligned for pointers (32 or 64 bits)). 168 | */ 169 | 170 | 171 | #if defined (__cplusplus) 172 | } 173 | #endif 174 | 175 | #endif //_LZ4HC_H 176 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/x32bridge.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/x32bridge.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/x32dbg.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/x32dbg.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/x64bridge.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/x64bridge.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/x64dbg.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/x64dbg.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_YARA_H 31 | #define YR_YARA_H 32 | 33 | #include "yara/utils.h" 34 | #include "yara/filemap.h" 35 | #include "yara/compiler.h" 36 | #include "yara/modules.h" 37 | #include "yara/object.h" 38 | #include "yara/libyara.h" 39 | #include "yara/error.h" 40 | #include "yara/stream.h" 41 | #include "yara/hash.h" 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/ahocorasick.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef _AHOCORASICK_H 31 | #define _AHOCORASICK_H 32 | 33 | #include "limits.h" 34 | #include "atoms.h" 35 | #include "types.h" 36 | 37 | 38 | #define YR_AC_ROOT_STATE 0 39 | #define YR_AC_NEXT_STATE(t) (t >> 32) 40 | #define YR_AC_INVALID_TRANSITION(t, c) (((t) & 0xFFFF) != c) 41 | 42 | #define YR_AC_MAKE_TRANSITION(state, code, flags) \ 43 | ((uint64_t)((((uint64_t) state) << 32) | ((flags) << 16) | (code))) 44 | 45 | #define YR_AC_USED_FLAG 0x1 46 | 47 | #define YR_AC_USED_TRANSITION_SLOT(x) ((x) & (YR_AC_USED_FLAG << 16)) 48 | #define YR_AC_UNUSED_TRANSITION_SLOT(x) (!YR_AC_USED_TRANSITION_SLOT(x)) 49 | 50 | 51 | typedef struct _YR_AC_TABLES 52 | { 53 | YR_AC_TRANSITION* transitions; 54 | YR_AC_MATCH_TABLE_ENTRY* matches; 55 | 56 | } YR_AC_TABLES; 57 | 58 | 59 | int yr_ac_automaton_create( 60 | YR_AC_AUTOMATON** automaton); 61 | 62 | 63 | int yr_ac_automaton_destroy( 64 | YR_AC_AUTOMATON* automaton); 65 | 66 | 67 | int yr_ac_add_string( 68 | YR_AC_AUTOMATON* automaton, 69 | YR_STRING* string, 70 | YR_ATOM_LIST_ITEM* atom, 71 | YR_ARENA* matches_arena); 72 | 73 | 74 | int yr_ac_compile( 75 | YR_AC_AUTOMATON* automaton, 76 | YR_ARENA* arena, 77 | YR_AC_TABLES* tables); 78 | 79 | 80 | void yr_ac_print_automaton( 81 | YR_AC_AUTOMATON* automaton); 82 | 83 | 84 | #endif 85 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/arena.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_ARENA_H 31 | #define YR_ARENA_H 32 | 33 | #include 34 | 35 | #include "integers.h" 36 | #include "stream.h" 37 | 38 | #define ARENA_FLAGS_FIXED_SIZE 1 39 | #define ARENA_FLAGS_COALESCED 2 40 | #define ARENA_FILE_VERSION 11 41 | 42 | #define EOL ((size_t) -1) 43 | 44 | 45 | typedef struct _YR_RELOC 46 | { 47 | uint32_t offset; 48 | struct _YR_RELOC* next; 49 | 50 | } YR_RELOC; 51 | 52 | 53 | typedef struct _YR_ARENA_PAGE 54 | { 55 | 56 | uint8_t* new_address; 57 | uint8_t* address; 58 | 59 | size_t size; 60 | size_t used; 61 | 62 | YR_RELOC* reloc_list_head; 63 | YR_RELOC* reloc_list_tail; 64 | 65 | struct _YR_ARENA_PAGE* next; 66 | struct _YR_ARENA_PAGE* prev; 67 | 68 | } YR_ARENA_PAGE; 69 | 70 | 71 | typedef struct _YR_ARENA 72 | { 73 | int flags; 74 | 75 | YR_ARENA_PAGE* page_list_head; 76 | YR_ARENA_PAGE* current_page; 77 | 78 | } YR_ARENA; 79 | 80 | 81 | int yr_arena_create( 82 | size_t initial_size, 83 | int flags, 84 | YR_ARENA** arena); 85 | 86 | 87 | void yr_arena_destroy( 88 | YR_ARENA* arena); 89 | 90 | 91 | void* yr_arena_base_address( 92 | YR_ARENA* arena); 93 | 94 | 95 | void* yr_arena_next_address( 96 | YR_ARENA* arena, 97 | void* address, 98 | size_t offset); 99 | 100 | 101 | int yr_arena_coalesce( 102 | YR_ARENA* arena); 103 | 104 | 105 | int yr_arena_reserve_memory( 106 | YR_ARENA* arena, 107 | size_t size); 108 | 109 | 110 | int yr_arena_allocate_memory( 111 | YR_ARENA* arena, 112 | size_t size, 113 | void** allocated_memory); 114 | 115 | 116 | int yr_arena_allocate_struct( 117 | YR_ARENA* arena, 118 | size_t size, 119 | void** allocated_memory, 120 | ...); 121 | 122 | 123 | int yr_arena_make_relocatable( 124 | YR_ARENA* arena, 125 | void* base, 126 | ...); 127 | 128 | 129 | int yr_arena_write_data( 130 | YR_ARENA* arena, 131 | void* data, 132 | size_t size, 133 | void** written_data); 134 | 135 | 136 | int yr_arena_write_string( 137 | YR_ARENA* arena, 138 | const char* string, 139 | char** written_string); 140 | 141 | 142 | int yr_arena_append( 143 | YR_ARENA* target_arena, 144 | YR_ARENA* source_arena); 145 | 146 | 147 | int yr_arena_load_stream( 148 | YR_STREAM* stream, 149 | YR_ARENA** arena); 150 | 151 | 152 | int yr_arena_save_stream( 153 | YR_ARENA* arena, 154 | YR_STREAM* stream); 155 | 156 | 157 | int yr_arena_duplicate( 158 | YR_ARENA* arena, 159 | YR_ARENA** duplicated); 160 | 161 | 162 | void yr_arena_print( 163 | YR_ARENA* arena); 164 | 165 | #endif 166 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/atoms.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_ATOMS_H 31 | #define YR_ATOMS_H 32 | 33 | #include "limits.h" 34 | #include "re.h" 35 | 36 | #define ATOM_TREE_LEAF 1 37 | #define ATOM_TREE_AND 2 38 | #define ATOM_TREE_OR 3 39 | 40 | 41 | typedef struct _ATOM_TREE_NODE 42 | { 43 | uint8_t type; 44 | uint8_t atom_length; 45 | uint8_t atom[MAX_ATOM_LENGTH]; 46 | 47 | uint8_t* forward_code; 48 | uint8_t* backward_code; 49 | 50 | RE_NODE* recent_nodes[MAX_ATOM_LENGTH]; 51 | 52 | struct _ATOM_TREE_NODE* children_head; 53 | struct _ATOM_TREE_NODE* children_tail; 54 | struct _ATOM_TREE_NODE* next_sibling; 55 | 56 | } ATOM_TREE_NODE; 57 | 58 | 59 | typedef struct _ATOM_TREE 60 | { 61 | ATOM_TREE_NODE* current_leaf; 62 | ATOM_TREE_NODE* root_node; 63 | 64 | } ATOM_TREE; 65 | 66 | 67 | typedef struct _YR_ATOM_LIST_ITEM 68 | { 69 | uint8_t atom_length; 70 | uint8_t atom[MAX_ATOM_LENGTH]; 71 | 72 | uint16_t backtrack; 73 | 74 | uint8_t* forward_code; 75 | uint8_t* backward_code; 76 | 77 | struct _YR_ATOM_LIST_ITEM* next; 78 | 79 | } YR_ATOM_LIST_ITEM; 80 | 81 | 82 | int yr_atoms_extract_from_re( 83 | RE* re, 84 | int flags, 85 | YR_ATOM_LIST_ITEM** atoms); 86 | 87 | 88 | int yr_atoms_extract_from_string( 89 | uint8_t* string, 90 | int string_length, 91 | int flags, 92 | YR_ATOM_LIST_ITEM** atoms); 93 | 94 | 95 | int yr_atoms_min_quality( 96 | YR_ATOM_LIST_ITEM* atom_list); 97 | 98 | 99 | void yr_atoms_list_destroy( 100 | YR_ATOM_LIST_ITEM* list_head); 101 | 102 | #endif 103 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/compiler.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_COMPILER_H 31 | #define YR_COMPILER_H 32 | 33 | #include 34 | #include 35 | 36 | #include "ahocorasick.h" 37 | #include "arena.h" 38 | #include "hash.h" 39 | #include "utils.h" 40 | 41 | 42 | #define YARA_ERROR_LEVEL_ERROR 0 43 | #define YARA_ERROR_LEVEL_WARNING 1 44 | 45 | 46 | typedef void (*YR_COMPILER_CALLBACK_FUNC)( 47 | int error_level, 48 | const char* file_name, 49 | int line_number, 50 | const char* message, 51 | void* user_data); 52 | 53 | 54 | typedef struct _YR_FIXUP 55 | { 56 | int64_t* address; 57 | struct _YR_FIXUP* next; 58 | 59 | } YR_FIXUP; 60 | 61 | 62 | typedef struct _YR_COMPILER 63 | { 64 | int errors; 65 | int error_line; 66 | int last_error; 67 | int last_error_line; 68 | int last_result; 69 | 70 | jmp_buf error_recovery; 71 | 72 | YR_ARENA* sz_arena; 73 | YR_ARENA* rules_arena; 74 | YR_ARENA* strings_arena; 75 | YR_ARENA* code_arena; 76 | YR_ARENA* re_code_arena; 77 | YR_ARENA* compiled_rules_arena; 78 | YR_ARENA* externals_arena; 79 | YR_ARENA* namespaces_arena; 80 | YR_ARENA* metas_arena; 81 | YR_ARENA* matches_arena; 82 | YR_ARENA* automaton_arena; 83 | 84 | YR_AC_AUTOMATON* automaton; 85 | YR_HASH_TABLE* rules_table; 86 | YR_HASH_TABLE* objects_table; 87 | YR_HASH_TABLE* strings_table; 88 | YR_NAMESPACE* current_namespace; 89 | YR_RULE* current_rule; 90 | 91 | YR_FIXUP* fixup_stack_head; 92 | 93 | int namespaces_count; 94 | 95 | uint8_t* loop_address[MAX_LOOP_NESTING]; 96 | char* loop_identifier[MAX_LOOP_NESTING]; 97 | int loop_depth; 98 | int loop_for_of_mem_offset; 99 | 100 | int allow_includes; 101 | 102 | char* file_name_stack[MAX_INCLUDE_DEPTH]; 103 | int file_name_stack_ptr; 104 | 105 | FILE* file_stack[MAX_INCLUDE_DEPTH]; 106 | int file_stack_ptr; 107 | 108 | char last_error_extra_info[MAX_COMPILER_ERROR_EXTRA_INFO]; 109 | 110 | char lex_buf[LEX_BUF_SIZE]; 111 | char* lex_buf_ptr; 112 | unsigned short lex_buf_len; 113 | 114 | char include_base_dir[MAX_PATH]; 115 | void* user_data; 116 | 117 | YR_COMPILER_CALLBACK_FUNC callback; 118 | 119 | } YR_COMPILER; 120 | 121 | 122 | #define yr_compiler_set_error_extra_info(compiler, info) \ 123 | strlcpy( \ 124 | compiler->last_error_extra_info, \ 125 | info, \ 126 | sizeof(compiler->last_error_extra_info)); \ 127 | 128 | 129 | #define yr_compiler_set_error_extra_info_fmt(compiler, fmt, ...) \ 130 | snprintf( \ 131 | compiler->last_error_extra_info, \ 132 | sizeof(compiler->last_error_extra_info), \ 133 | fmt, __VA_ARGS__); 134 | 135 | 136 | int _yr_compiler_push_file( 137 | YR_COMPILER* compiler, 138 | FILE* fh); 139 | 140 | 141 | FILE* _yr_compiler_pop_file( 142 | YR_COMPILER* compiler); 143 | 144 | 145 | int _yr_compiler_push_file_name( 146 | YR_COMPILER* compiler, 147 | const char* file_name); 148 | 149 | 150 | void _yr_compiler_pop_file_name( 151 | YR_COMPILER* compiler); 152 | 153 | 154 | YR_API int yr_compiler_create( 155 | YR_COMPILER** compiler); 156 | 157 | 158 | YR_API void yr_compiler_destroy( 159 | YR_COMPILER* compiler); 160 | 161 | 162 | YR_API void yr_compiler_set_callback( 163 | YR_COMPILER* compiler, 164 | YR_COMPILER_CALLBACK_FUNC callback, 165 | void* user_data); 166 | 167 | 168 | YR_API int yr_compiler_add_file( 169 | YR_COMPILER* compiler, 170 | FILE* rules_file, 171 | const char* namespace_, 172 | const char* file_name); 173 | 174 | 175 | YR_API int yr_compiler_add_string( 176 | YR_COMPILER* compiler, 177 | const char* rules_string, 178 | const char* namespace_); 179 | 180 | 181 | YR_API char* yr_compiler_get_error_message( 182 | YR_COMPILER* compiler, 183 | char* buffer, 184 | int buffer_size); 185 | 186 | 187 | YR_API char* yr_compiler_get_current_file_name( 188 | YR_COMPILER* context); 189 | 190 | 191 | YR_API int yr_compiler_define_integer_variable( 192 | YR_COMPILER* compiler, 193 | const char* identifier, 194 | int64_t value); 195 | 196 | 197 | YR_API int yr_compiler_define_boolean_variable( 198 | YR_COMPILER* compiler, 199 | const char* identifier, 200 | int value); 201 | 202 | 203 | YR_API int yr_compiler_define_float_variable( 204 | YR_COMPILER* compiler, 205 | const char* identifier, 206 | double value); 207 | 208 | 209 | YR_API int yr_compiler_define_string_variable( 210 | YR_COMPILER* compiler, 211 | const char* identifier, 212 | const char* value); 213 | 214 | 215 | YR_API int yr_compiler_get_rules( 216 | YR_COMPILER* compiler, 217 | YR_RULES** rules); 218 | 219 | 220 | #endif 221 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/elf.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef _ELF_H 31 | #define _ELF_H 32 | 33 | #include "integers.h" 34 | 35 | 36 | // 32-bit ELF base types 37 | 38 | typedef uint32_t elf32_addr_t; 39 | typedef uint16_t elf32_half_t; 40 | typedef uint32_t elf32_off_t; 41 | typedef uint32_t elf32_word_t; 42 | 43 | // 64-bit ELF base types 44 | 45 | typedef uint64_t elf64_addr_t; 46 | typedef uint16_t elf64_half_t; 47 | typedef uint64_t elf64_off_t; 48 | typedef uint32_t elf64_word_t; 49 | typedef uint64_t elf64_xword_t; 50 | 51 | #define ELF_MAGIC 0x464C457F 52 | 53 | #define ELF_ET_NONE 0x0000 // no type 54 | #define ELF_ET_REL 0x0001 // relocatable 55 | #define ELF_ET_EXEC 0x0002 // executeable 56 | #define ELF_ET_DYN 0x0003 // Shared-Object-File 57 | #define ELF_ET_CORE 0x0004 // Corefile 58 | #define ELF_ET_LOPROC 0xFF00 // Processor-specific 59 | #define ELF_ET_HIPROC 0x00FF // Processor-specific 60 | 61 | #define ELF_EM_NONE 0x0000 // no type 62 | #define ELF_EM_M32 0x0001 // AT&T WE 32100 63 | #define ELF_EM_SPARC 0x0002 // SPARC 64 | #define ELF_EM_386 0x0003 // Intel 80386 65 | #define ELF_EM_68K 0x0004 // Motorola 68000 66 | #define ELF_EM_88K 0x0005 // Motorola 88000 67 | #define ELF_EM_860 0x0007 // Intel 80860 68 | #define ELF_EM_MIPS 0x0008 // MIPS I Architecture 69 | #define ELF_EM_MIPS_RS3_LE 0x000A // MIPS RS3000 Little-endian 70 | #define ELF_EM_PPC 0x0014 // PowerPC 71 | #define ELF_EM_PPC64 0x0015 // 64-bit PowerPC 72 | #define ELF_EM_ARM 0x0028 // ARM 73 | #define ELF_EM_X86_64 0x003E // AMD/Intel x86_64 74 | #define ELF_EM_AARCH64 0x00B7 // 64-bit ARM 75 | 76 | #define ELF_CLASS_NONE 0x0000 77 | #define ELF_CLASS_32 0x0001 // 32bit file 78 | #define ELF_CLASS_64 0x0002 // 64bit file 79 | 80 | #define ELF_DATA_NONE 0x0000 81 | #define ELF_DATA_2LSB 0x0001 82 | #define ELF_DATA_2MSB 0x002 83 | 84 | 85 | #define ELF_SHT_NULL 0 // Section header table entry unused 86 | #define ELF_SHT_PROGBITS 1 // Program data 87 | #define ELF_SHT_SYMTAB 2 // Symbol table 88 | #define ELF_SHT_STRTAB 3 // String table 89 | #define ELF_SHT_RELA 4 // Relocation entries with addends 90 | #define ELF_SHT_HASH 5 // Symbol hash table 91 | #define ELF_SHT_DYNAMIC 6 // Dynamic linking information 92 | #define ELF_SHT_NOTE 7 // Notes 93 | #define ELF_SHT_NOBITS 8 // Program space with no data (bss) 94 | #define ELF_SHT_REL 9 // Relocation entries, no addends 95 | #define ELF_SHT_SHLIB 10 // Reserved 96 | #define ELF_SHT_DYNSYM 11 // Dynamic linker symbol table 97 | #define ELF_SHT_NUM 12 // Number of defined types 98 | 99 | #define ELF_SHF_WRITE 0x1 // Section is writable 100 | #define ELF_SHF_ALLOC 0x2 // Section is present during execution 101 | #define ELF_SHF_EXECINSTR 0x4 // Section contains executable instructions 102 | 103 | #define ELF_SHN_LORESERVE 0xFF00 104 | 105 | #define ELF_PT_NULL 0 // The array element is unused 106 | #define ELF_PT_LOAD 1 // Loadable segment 107 | #define ELF_PT_DYNAMIC 2 // Segment contains dynamic linking info 108 | #define ELF_PT_INTERP 3 // Contains interpreter pathname 109 | #define ELF_PT_NOTE 4 // Location & size of auxiliary info 110 | #define ELF_PT_SHLIB 5 // Reserved, unspecified semantics 111 | #define ELF_PT_PHDR 6 // Location and size of program header table 112 | #define ELF_PT_TLS 7 // Thread-Local Storage 113 | #define ELF_PT_GNU_EH_FRAME 0x6474e550 114 | #define ELF_PT_GNU_STACK 0x6474e551 115 | 116 | #define ELF_PF_X 0x1 // Segment is executable 117 | #define ELF_PF_W 0x2 // Segment is writable 118 | #define ELF_PF_R 0x4 // Segment is readable 119 | 120 | #define ELF_PN_XNUM 0xffff 121 | 122 | #pragma pack(push,1) 123 | 124 | typedef struct 125 | { 126 | uint32_t magic; 127 | uint8_t _class; 128 | uint8_t data; 129 | uint8_t version; 130 | uint8_t pad[8]; 131 | uint8_t nident; 132 | 133 | } elf_ident_t; 134 | 135 | 136 | typedef struct 137 | { 138 | elf_ident_t ident; 139 | elf32_half_t type; 140 | elf32_half_t machine; 141 | elf32_word_t version; 142 | elf32_addr_t entry; 143 | elf32_off_t ph_offset; 144 | elf32_off_t sh_offset; 145 | elf32_word_t flags; 146 | elf32_half_t header_size; 147 | elf32_half_t ph_entry_size; 148 | elf32_half_t ph_entry_count; 149 | elf32_half_t sh_entry_size; 150 | elf32_half_t sh_entry_count; 151 | elf32_half_t sh_str_table_index; 152 | 153 | } elf32_header_t; 154 | 155 | 156 | typedef struct 157 | { 158 | elf_ident_t ident; 159 | elf64_half_t type; 160 | elf64_half_t machine; 161 | elf64_word_t version; 162 | elf64_addr_t entry; 163 | elf64_off_t ph_offset; 164 | elf64_off_t sh_offset; 165 | elf64_word_t flags; 166 | elf64_half_t header_size; 167 | elf64_half_t ph_entry_size; 168 | elf64_half_t ph_entry_count; 169 | elf64_half_t sh_entry_size; 170 | elf64_half_t sh_entry_count; 171 | elf64_half_t sh_str_table_index; 172 | 173 | } elf64_header_t; 174 | 175 | 176 | typedef struct 177 | { 178 | elf32_word_t type; 179 | elf32_off_t offset; 180 | elf32_addr_t virt_addr; 181 | elf32_addr_t phys_addr; 182 | elf32_word_t file_size; 183 | elf32_word_t mem_size; 184 | elf32_word_t flags; 185 | elf32_word_t alignment; 186 | 187 | } elf32_program_header_t; 188 | 189 | 190 | typedef struct 191 | { 192 | elf64_word_t type; 193 | elf64_word_t flags; 194 | elf64_off_t offset; 195 | elf64_addr_t virt_addr; 196 | elf64_addr_t phys_addr; 197 | elf64_xword_t file_size; 198 | elf64_xword_t mem_size; 199 | elf64_xword_t alignment; 200 | 201 | } elf64_program_header_t; 202 | 203 | 204 | typedef struct 205 | { 206 | elf32_word_t name; 207 | elf32_word_t type; 208 | elf32_word_t flags; 209 | elf32_addr_t addr; 210 | elf32_off_t offset; 211 | elf32_word_t size; 212 | elf32_word_t link; 213 | elf32_word_t info; 214 | elf32_word_t align; 215 | elf32_word_t entry_size; 216 | 217 | } elf32_section_header_t; 218 | 219 | 220 | typedef struct 221 | { 222 | elf64_word_t name; 223 | elf64_word_t type; 224 | elf64_xword_t flags; 225 | elf64_addr_t addr; 226 | elf64_off_t offset; 227 | elf64_xword_t size; 228 | elf64_word_t link; 229 | elf64_word_t info; 230 | elf64_xword_t align; 231 | elf64_xword_t entry_size; 232 | 233 | } elf64_section_header_t; 234 | 235 | 236 | #pragma pack(pop) 237 | 238 | #endif 239 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/error.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_ERROR_H 31 | #define YR_ERROR_H 32 | 33 | #include 34 | 35 | #if defined(_WIN32) || defined(__CYGWIN__) 36 | #include 37 | #endif 38 | 39 | #ifndef ERROR_SUCCESS 40 | #define ERROR_SUCCESS 0 41 | #endif 42 | 43 | #define ERROR_INSUFICIENT_MEMORY 1 44 | #define ERROR_COULD_NOT_ATTACH_TO_PROCESS 2 45 | #define ERROR_COULD_NOT_OPEN_FILE 3 46 | #define ERROR_COULD_NOT_MAP_FILE 4 47 | #define ERROR_INVALID_FILE 6 48 | #define ERROR_CORRUPT_FILE 7 49 | #define ERROR_UNSUPPORTED_FILE_VERSION 8 50 | #define ERROR_INVALID_REGULAR_EXPRESSION 9 51 | #define ERROR_INVALID_HEX_STRING 10 52 | #define ERROR_SYNTAX_ERROR 11 53 | #define ERROR_LOOP_NESTING_LIMIT_EXCEEDED 12 54 | #define ERROR_DUPLICATED_LOOP_IDENTIFIER 13 55 | #define ERROR_DUPLICATED_IDENTIFIER 14 56 | #define ERROR_DUPLICATED_TAG_IDENTIFIER 15 57 | #define ERROR_DUPLICATED_META_IDENTIFIER 16 58 | #define ERROR_DUPLICATED_STRING_IDENTIFIER 17 59 | #define ERROR_UNREFERENCED_STRING 18 60 | #define ERROR_UNDEFINED_STRING 19 61 | #define ERROR_UNDEFINED_IDENTIFIER 20 62 | #define ERROR_MISPLACED_ANONYMOUS_STRING 21 63 | #define ERROR_INCLUDES_CIRCULAR_REFERENCE 22 64 | #define ERROR_INCLUDE_DEPTH_EXCEEDED 23 65 | #define ERROR_WRONG_TYPE 24 66 | #define ERROR_EXEC_STACK_OVERFLOW 25 67 | #define ERROR_SCAN_TIMEOUT 26 68 | #define ERROR_TOO_MANY_SCAN_THREADS 27 69 | #define ERROR_CALLBACK_ERROR 28 70 | #define ERROR_INVALID_ARGUMENT 29 71 | #define ERROR_TOO_MANY_MATCHES 30 72 | #define ERROR_INTERNAL_FATAL_ERROR 31 73 | #define ERROR_NESTED_FOR_OF_LOOP 32 74 | #define ERROR_INVALID_FIELD_NAME 33 75 | #define ERROR_UNKNOWN_MODULE 34 76 | #define ERROR_NOT_A_STRUCTURE 35 77 | #define ERROR_NOT_INDEXABLE 36 78 | #define ERROR_NOT_A_FUNCTION 37 79 | #define ERROR_INVALID_FORMAT 38 80 | #define ERROR_TOO_MANY_ARGUMENTS 39 81 | #define ERROR_WRONG_ARGUMENTS 40 82 | #define ERROR_WRONG_RETURN_TYPE 41 83 | #define ERROR_DUPLICATED_STRUCTURE_MEMBER 42 84 | #define ERROR_EMPTY_STRING 43 85 | #define ERROR_DIVISION_BY_ZERO 44 86 | #define ERROR_REGULAR_EXPRESSION_TOO_LARGE 45 87 | #define ERROR_TOO_MANY_RE_FIBERS 46 88 | #define ERROR_COULD_NOT_READ_PROCESS_MEMORY 47 89 | #define ERROR_INVALID_EXTERNAL_VARIABLE_TYPE 48 90 | 91 | 92 | #define FAIL_ON_ERROR(x) { \ 93 | int result = (x); \ 94 | if (result != ERROR_SUCCESS) \ 95 | return result; \ 96 | } 97 | 98 | #define FAIL_ON_ERROR_WITH_CLEANUP(x, cleanup) { \ 99 | int result = (x); \ 100 | if (result != ERROR_SUCCESS) { \ 101 | cleanup; \ 102 | return result; \ 103 | } \ 104 | } 105 | 106 | #define FAIL_ON_COMPILER_ERROR(x) { \ 107 | compiler->last_result = (x); \ 108 | if (compiler->last_result != ERROR_SUCCESS) \ 109 | return compiler->last_result; \ 110 | } 111 | 112 | 113 | #ifdef NDEBUG 114 | #define assertf(expr, msg, ...) ((void)0) 115 | #else 116 | #define assertf(expr, msg, ...) \ 117 | if(!(expr)) { \ 118 | fprintf(stderr, "%s:%d: " msg "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ 119 | abort(); \ 120 | } 121 | #endif 122 | 123 | #endif 124 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/exec.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013-2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_EXEC_H 31 | #define YR_EXEC_H 32 | 33 | #include "hash.h" 34 | #include "scan.h" 35 | #include "types.h" 36 | #include "rules.h" 37 | 38 | 39 | #define UNDEFINED 0xFFFABADAFABADAFFLL 40 | #define IS_UNDEFINED(x) ((size_t)(x) == (size_t) UNDEFINED) 41 | 42 | #define OP_ERROR 0 43 | #define OP_HALT 255 44 | 45 | #define OP_AND 1 46 | #define OP_OR 2 47 | #define OP_NOT 3 48 | #define OP_BITWISE_NOT 4 49 | #define OP_BITWISE_AND 5 50 | #define OP_BITWISE_OR 6 51 | #define OP_BITWISE_XOR 7 52 | #define OP_SHL 8 53 | #define OP_SHR 9 54 | #define OP_MOD 10 55 | #define OP_INT_TO_DBL 11 56 | #define OP_STR_TO_BOOL 12 57 | #define OP_PUSH 13 58 | #define OP_POP 14 59 | #define OP_CALL 15 60 | #define OP_OBJ_LOAD 16 61 | #define OP_OBJ_VALUE 17 62 | #define OP_OBJ_FIELD 18 63 | #define OP_INDEX_ARRAY 19 64 | #define OP_COUNT 20 65 | #define OP_LENGTH 21 66 | #define OP_FOUND 22 67 | #define OP_FOUND_AT 23 68 | #define OP_FOUND_IN 24 69 | #define OP_OFFSET 25 70 | #define OP_OF 26 71 | #define OP_PUSH_RULE 27 72 | #define OP_INIT_RULE 28 73 | #define OP_MATCH_RULE 29 74 | #define OP_INCR_M 30 75 | #define OP_CLEAR_M 31 76 | #define OP_ADD_M 32 77 | #define OP_POP_M 33 78 | #define OP_PUSH_M 34 79 | #define OP_SWAPUNDEF 35 80 | #define OP_JNUNDEF 36 81 | #define OP_JLE 37 82 | #define OP_FILESIZE 38 83 | #define OP_ENTRYPOINT 39 84 | #define OP_CONTAINS 40 85 | #define OP_MATCHES 41 86 | #define OP_IMPORT 42 87 | #define OP_LOOKUP_DICT 43 88 | #define OP_JFALSE 44 89 | #define OP_JTRUE 45 90 | 91 | 92 | #define _OP_EQ 0 93 | #define _OP_NEQ 1 94 | #define _OP_LT 2 95 | #define _OP_GT 3 96 | #define _OP_LE 4 97 | #define _OP_GE 5 98 | #define _OP_ADD 6 99 | #define _OP_SUB 7 100 | #define _OP_MUL 8 101 | #define _OP_DIV 9 102 | #define _OP_MINUS 10 103 | 104 | 105 | #define OP_INT_BEGIN 100 106 | #define OP_INT_EQ (OP_INT_BEGIN + _OP_EQ) 107 | #define OP_INT_NEQ (OP_INT_BEGIN + _OP_NEQ) 108 | #define OP_INT_LT (OP_INT_BEGIN + _OP_LT) 109 | #define OP_INT_GT (OP_INT_BEGIN + _OP_GT) 110 | #define OP_INT_LE (OP_INT_BEGIN + _OP_LE) 111 | #define OP_INT_GE (OP_INT_BEGIN + _OP_GE) 112 | #define OP_INT_ADD (OP_INT_BEGIN + _OP_ADD) 113 | #define OP_INT_SUB (OP_INT_BEGIN + _OP_SUB) 114 | #define OP_INT_MUL (OP_INT_BEGIN + _OP_MUL) 115 | #define OP_INT_DIV (OP_INT_BEGIN + _OP_DIV) 116 | #define OP_INT_MINUS (OP_INT_BEGIN + _OP_MINUS) 117 | #define OP_INT_END OP_INT_MINUS 118 | 119 | #define OP_DBL_BEGIN 120 120 | #define OP_DBL_EQ (OP_DBL_BEGIN + _OP_EQ) 121 | #define OP_DBL_NEQ (OP_DBL_BEGIN + _OP_NEQ) 122 | #define OP_DBL_LT (OP_DBL_BEGIN + _OP_LT) 123 | #define OP_DBL_GT (OP_DBL_BEGIN + _OP_GT) 124 | #define OP_DBL_LE (OP_DBL_BEGIN + _OP_LE) 125 | #define OP_DBL_GE (OP_DBL_BEGIN + _OP_GE) 126 | #define OP_DBL_ADD (OP_DBL_BEGIN + _OP_ADD) 127 | #define OP_DBL_SUB (OP_DBL_BEGIN + _OP_SUB) 128 | #define OP_DBL_MUL (OP_DBL_BEGIN + _OP_MUL) 129 | #define OP_DBL_DIV (OP_DBL_BEGIN + _OP_DIV) 130 | #define OP_DBL_MINUS (OP_DBL_BEGIN + _OP_MINUS) 131 | #define OP_DBL_END OP_DBL_MINUS 132 | 133 | #define OP_STR_BEGIN 140 134 | #define OP_STR_EQ (OP_STR_BEGIN + _OP_EQ) 135 | #define OP_STR_NEQ (OP_STR_BEGIN + _OP_NEQ) 136 | #define OP_STR_LT (OP_STR_BEGIN + _OP_LT) 137 | #define OP_STR_GT (OP_STR_BEGIN + _OP_GT) 138 | #define OP_STR_LE (OP_STR_BEGIN + _OP_LE) 139 | #define OP_STR_GE (OP_STR_BEGIN + _OP_GE) 140 | #define OP_STR_END OP_STR_GE 141 | 142 | #define IS_INT_OP(x) ((x) >= OP_INT_BEGIN && (x) <= OP_INT_END) 143 | #define IS_DBL_OP(x) ((x) >= OP_DBL_BEGIN && (x) <= OP_DBL_END) 144 | #define IS_STR_OP(x) ((x) >= OP_STR_BEGIN && (x) <= OP_STR_END) 145 | 146 | #define OP_READ_INT 240 147 | #define OP_INT8 (OP_READ_INT + 0) 148 | #define OP_INT16 (OP_READ_INT + 1) 149 | #define OP_INT32 (OP_READ_INT + 2) 150 | #define OP_UINT8 (OP_READ_INT + 3) 151 | #define OP_UINT16 (OP_READ_INT + 4) 152 | #define OP_UINT32 (OP_READ_INT + 5) 153 | #define OP_INT8BE (OP_READ_INT + 6) 154 | #define OP_INT16BE (OP_READ_INT + 7) 155 | #define OP_INT32BE (OP_READ_INT + 8) 156 | #define OP_UINT8BE (OP_READ_INT + 9) 157 | #define OP_UINT16BE (OP_READ_INT + 10) 158 | #define OP_UINT32BE (OP_READ_INT + 11) 159 | 160 | 161 | #define OPERATION(operator, op1, op2) \ 162 | (IS_UNDEFINED(op1) || IS_UNDEFINED(op2)) ? (UNDEFINED) : (op1 operator op2) 163 | 164 | 165 | #define COMPARISON(operator, op1, op2) \ 166 | (IS_UNDEFINED(op1) || IS_UNDEFINED(op2)) ? (0) : (op1 operator op2) 167 | 168 | 169 | int yr_execute_code( 170 | YR_RULES* rules, 171 | YR_SCAN_CONTEXT* context, 172 | int timeout, 173 | time_t start_time); 174 | 175 | #endif 176 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/exefiles.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_EXEFILES_H 31 | #define YR_EXEFILES_H 32 | 33 | uint64_t yr_get_entry_point_offset( 34 | uint8_t* buffer, 35 | size_t buffer_length); 36 | 37 | 38 | uint64_t yr_get_entry_point_address( 39 | uint8_t* buffer, 40 | size_t buffer_length, 41 | size_t base_address); 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/filemap.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_FILEMAP_H 31 | #define YR_FILEMAP_H 32 | 33 | #ifdef _MSC_VER 34 | #define off_t int64_t 35 | #else 36 | #include 37 | #endif 38 | 39 | #if defined(_WIN32) || defined(__CYGWIN__) 40 | #include 41 | #define YR_FILE_DESCRIPTOR HANDLE 42 | #else 43 | #define YR_FILE_DESCRIPTOR int 44 | #endif 45 | 46 | #include 47 | 48 | #include "integers.h" 49 | #include "utils.h" 50 | 51 | 52 | typedef struct _YR_MAPPED_FILE 53 | { 54 | YR_FILE_DESCRIPTOR file; 55 | size_t size; 56 | uint8_t* data; 57 | #if defined(_WIN32) || defined(__CYGWIN__) 58 | HANDLE mapping; 59 | #endif 60 | 61 | } YR_MAPPED_FILE; 62 | 63 | 64 | YR_API int yr_filemap_map( 65 | const char* file_path, 66 | YR_MAPPED_FILE* pmapped_file); 67 | 68 | 69 | YR_API int yr_filemap_map_fd( 70 | YR_FILE_DESCRIPTOR file, 71 | off_t offset, 72 | size_t size, 73 | YR_MAPPED_FILE* pmapped_file); 74 | 75 | 76 | YR_API int yr_filemap_map_ex( 77 | const char* file_path, 78 | off_t offset, 79 | size_t size, 80 | YR_MAPPED_FILE* pmapped_file); 81 | 82 | 83 | YR_API void yr_filemap_unmap( 84 | YR_MAPPED_FILE* pmapped_file); 85 | 86 | 87 | YR_API void yr_filemap_unmap_fd( 88 | YR_MAPPED_FILE* pmapped_file); 89 | 90 | #endif 91 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/globals.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_GLOBALS_H 31 | #define YR_GLOBALS_H 32 | 33 | extern char lowercase[256]; 34 | extern char altercase[256]; 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/hash.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_HASH_H 31 | #define YR_HASH_H 32 | 33 | #include 34 | 35 | #include "utils.h" 36 | 37 | typedef struct _YR_HASH_TABLE_ENTRY 38 | { 39 | void* key; 40 | size_t key_length; 41 | char* ns; 42 | void* value; 43 | 44 | struct _YR_HASH_TABLE_ENTRY* next; 45 | 46 | } YR_HASH_TABLE_ENTRY; 47 | 48 | 49 | typedef struct _YR_HASH_TABLE 50 | { 51 | int size; 52 | 53 | YR_HASH_TABLE_ENTRY* buckets[1]; 54 | 55 | } YR_HASH_TABLE; 56 | 57 | 58 | typedef int (*YR_HASH_TABLE_FREE_VALUE_FUNC)(void* value); 59 | 60 | 61 | YR_API int yr_hash_table_create( 62 | int size, 63 | YR_HASH_TABLE** table); 64 | 65 | 66 | YR_API void yr_hash_table_clean( 67 | YR_HASH_TABLE* table, 68 | YR_HASH_TABLE_FREE_VALUE_FUNC free_value); 69 | 70 | 71 | YR_API void yr_hash_table_destroy( 72 | YR_HASH_TABLE* table, 73 | YR_HASH_TABLE_FREE_VALUE_FUNC free_value); 74 | 75 | 76 | YR_API void* yr_hash_table_lookup( 77 | YR_HASH_TABLE* table, 78 | const char* key, 79 | const char* ns); 80 | 81 | 82 | YR_API int yr_hash_table_add( 83 | YR_HASH_TABLE* table, 84 | const char* key, 85 | const char* ns, 86 | void* value); 87 | 88 | 89 | YR_API void* yr_hash_table_lookup_raw_key( 90 | YR_HASH_TABLE* table, 91 | const void* key, 92 | size_t key_length, 93 | const char* ns); 94 | 95 | 96 | YR_API int yr_hash_table_add_raw_key( 97 | YR_HASH_TABLE* table, 98 | const void* key, 99 | size_t key_length, 100 | const char* ns, 101 | void* value); 102 | 103 | #endif 104 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/hex_lexer.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com]. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include "re.h" 31 | 32 | #undef yyparse 33 | #undef yylex 34 | #undef yyerror 35 | #undef yyfatal 36 | #undef yychar 37 | #undef yydebug 38 | #undef yynerrs 39 | #undef yyget_extra 40 | #undef yyget_lineno 41 | 42 | #undef YY_FATAL_ERROR 43 | #undef YY_DECL 44 | #undef LEX_ENV 45 | 46 | #define yyparse hex_yyparse 47 | #define yylex hex_yylex 48 | #define yyerror hex_yyerror 49 | #define yyfatal hex_yyfatal 50 | #define yychar hex_yychar 51 | #define yydebug hex_yydebug 52 | #define yynerrs hex_yynerrs 53 | #define yyget_extra hex_yyget_extra 54 | #define yyget_lineno hex_yyget_lineno 55 | 56 | 57 | #ifndef YY_TYPEDEF_YY_SCANNER_T 58 | #define YY_TYPEDEF_YY_SCANNER_T 59 | typedef void* yyscan_t; 60 | #endif 61 | 62 | #define YY_EXTRA_TYPE RE* 63 | #define YY_USE_CONST 64 | 65 | 66 | typedef struct _HEX_LEX_ENVIRONMENT 67 | { 68 | int token_count; 69 | int inside_or; 70 | int last_error_code; 71 | char last_error_message[256]; 72 | 73 | } HEX_LEX_ENVIRONMENT; 74 | 75 | 76 | #define YY_FATAL_ERROR(msg) hex_yyfatal(yyscanner, msg) 77 | 78 | #define LEX_ENV ((HEX_LEX_ENVIRONMENT*) lex_env) 79 | 80 | #include 81 | 82 | #define YY_DECL int hex_yylex \ 83 | (YYSTYPE * yylval_param , yyscan_t yyscanner, HEX_LEX_ENVIRONMENT* lex_env) 84 | 85 | 86 | YY_EXTRA_TYPE yyget_extra( 87 | yyscan_t yyscanner); 88 | 89 | int yylex( 90 | YYSTYPE* yylval_param, 91 | yyscan_t yyscanner, 92 | HEX_LEX_ENVIRONMENT* lex_env); 93 | 94 | int yyparse( 95 | void* yyscanner, 96 | HEX_LEX_ENVIRONMENT* lex_env); 97 | 98 | void yyerror( 99 | yyscan_t yyscanner, 100 | HEX_LEX_ENVIRONMENT* lex_env, 101 | const char* error_message); 102 | 103 | void yyfatal( 104 | yyscan_t yyscanner, 105 | const char* error_message); 106 | 107 | int yr_parse_hex_string( 108 | const char* hex_string, 109 | int flags, 110 | RE** re, 111 | RE_ERROR* error); 112 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/integers.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_INTEGERS_H 31 | #define YR_INTEGERS_H 32 | 33 | /* Integer type definitions 34 | */ 35 | #if ( defined( _MSC_VER ) && ( _MSC_VER < 1600 ) ) || ( defined( __BORLANDC__ ) && ( __BORLANDC__ <= 0x0560 ) ) 36 | 37 | #ifdef __cplusplus 38 | extern "C" { 39 | #endif 40 | 41 | /* Microsoft Visual Studio C++ before Visual Studio 2010 or earlier versions of the Borland C++ Builder 42 | * do not support the (u)int#_t type definitions but have __int# defintions instead 43 | */ 44 | typedef __int8 int8_t; 45 | typedef unsigned __int8 uint8_t; 46 | typedef __int16 int16_t; 47 | typedef unsigned __int16 uint16_t; 48 | typedef __int32 int32_t; 49 | typedef unsigned __int32 uint32_t; 50 | typedef __int64 int64_t; 51 | typedef unsigned __int64 uint64_t; 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | #else 58 | 59 | /* Other "compilers" and later versions of Microsoft Visual Studio C++ and 60 | * Borland C/C++ define the types in 61 | */ 62 | #include 63 | 64 | #endif 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/lexer.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com]. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include "compiler.h" 31 | 32 | 33 | #undef yyparse 34 | #undef yylex 35 | #undef yyerror 36 | #undef yyfatal 37 | #undef yychar 38 | #undef yydebug 39 | #undef yynerrs 40 | #undef yyget_extra 41 | #undef yyget_lineno 42 | 43 | #undef YY_DECL 44 | #undef YY_FATAL_ERROR 45 | #undef YY_EXTRA_TYPE 46 | 47 | #define yyparse yara_yyparse 48 | #define yylex yara_yylex 49 | #define yyerror yara_yyerror 50 | #define yyfatal yara_yyfatal 51 | #define yywarning yara_yywarning 52 | #define yychar yara_yychar 53 | #define yydebug yara_yydebug 54 | #define yynerrs yara_yynerrs 55 | #define yyget_extra yara_yyget_extra 56 | #define yyget_lineno yara_yyget_lineno 57 | 58 | 59 | #ifndef YY_TYPEDEF_YY_SCANNER_T 60 | #define YY_TYPEDEF_YY_SCANNER_T 61 | typedef void* yyscan_t; 62 | #endif 63 | 64 | #ifndef YY_TYPEDEF_EXPRESSION_T 65 | #define YY_TYPEDEF_EXPRESSION_T 66 | 67 | 68 | // Expression type constants are powers of two because they are used as flags. 69 | // For example: 70 | // CHECK_TYPE(whatever, EXPRESSION_TYPE_INTEGER | EXPRESSION_TYPE_FLOAT) 71 | // The expression above is used to ensure that the type of "whatever" is either 72 | // integer or float. 73 | 74 | #define EXPRESSION_TYPE_BOOLEAN 1 75 | #define EXPRESSION_TYPE_INTEGER 2 76 | #define EXPRESSION_TYPE_STRING 4 77 | #define EXPRESSION_TYPE_REGEXP 8 78 | #define EXPRESSION_TYPE_OBJECT 16 79 | #define EXPRESSION_TYPE_FLOAT 32 80 | 81 | typedef struct _EXPRESSION 82 | { 83 | int type; 84 | 85 | union 86 | { 87 | int64_t integer; 88 | YR_OBJECT* object; 89 | SIZED_STRING* sized_string; 90 | } value; 91 | 92 | const char* identifier; 93 | 94 | } EXPRESSION; 95 | 96 | union YYSTYPE; 97 | 98 | #endif 99 | 100 | 101 | #define YY_DECL int yylex( \ 102 | union YYSTYPE* yylval_param, yyscan_t yyscanner, YR_COMPILER* compiler) 103 | 104 | 105 | #define YY_FATAL_ERROR(msg) yara_yyfatal(yyscanner, msg) 106 | 107 | 108 | #define YY_EXTRA_TYPE YR_COMPILER* 109 | #define YY_USE_CONST 110 | 111 | 112 | int yyget_lineno(yyscan_t yyscanner); 113 | 114 | int yylex( 115 | union YYSTYPE* yylval_param, 116 | yyscan_t yyscanner, 117 | YR_COMPILER* compiler); 118 | 119 | int yyparse( 120 | void* yyscanner, 121 | YR_COMPILER* compiler); 122 | 123 | void yyerror( 124 | yyscan_t yyscanner, 125 | YR_COMPILER* compiler, 126 | const char* error_message); 127 | 128 | void yywarning( 129 | yyscan_t yyscanner, 130 | const char* message_fmt, 131 | ...); 132 | 133 | void yyfatal( 134 | yyscan_t yyscanner, 135 | const char* error_message); 136 | 137 | YY_EXTRA_TYPE yyget_extra( 138 | yyscan_t yyscanner); 139 | 140 | int yr_lex_parse_rules_string( 141 | const char* rules_string, 142 | YR_COMPILER* compiler); 143 | 144 | int yr_lex_parse_rules_file( 145 | FILE* rules_file, 146 | YR_COMPILER* compiler); 147 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/libyara.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_LIBYARA_H 31 | #define YR_LIBYARA_H 32 | 33 | #include "utils.h" 34 | 35 | #define YR_MAJOR_VERSION 3 36 | #define YR_MINOR_VERSION 5 37 | #define YR_MICRO_VERSION 0 38 | 39 | // Version as a string 40 | #define YR_VERSION "3.5.0" 41 | 42 | 43 | // Version as a single 4-byte hex number, e.g. 0x030401 == 3.4.1. 44 | #define YR_VERSION_HEX ((YR_MAJOR_VERSION << 16) | \ 45 | (YR_MINOR_VERSION << 8) | \ 46 | (YR_MICRO_VERSION << 0)) 47 | 48 | 49 | // Enumerated type listing configuration options 50 | typedef enum _YR_CONFIG_NAME 51 | { 52 | YR_CONFIG_STACK_SIZE, 53 | YR_CONFIG_MAX 54 | 55 | } YR_CONFIG_NAME; 56 | 57 | 58 | #define DEFAULT_STACK_SIZE 16384 59 | 60 | 61 | YR_API int yr_initialize(void); 62 | 63 | 64 | YR_API int yr_finalize(void); 65 | 66 | 67 | YR_API void yr_finalize_thread(void); 68 | 69 | 70 | YR_API int yr_get_tidx(void); 71 | 72 | 73 | YR_API void yr_set_tidx(int); 74 | 75 | 76 | YR_API int yr_set_configuration(YR_CONFIG_NAME, void*); 77 | 78 | 79 | YR_API int yr_get_configuration(YR_CONFIG_NAME, void*); 80 | 81 | #endif 82 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/limits.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_LIMITS_H 31 | #define YR_LIMITS_H 32 | 33 | #if defined(_WIN32) || defined(__CYGWIN__) 34 | #include 35 | #endif 36 | 37 | 38 | // MAX_THREADS is the number of threads that can use a YR_RULES 39 | // object simultaneosly. This value is limited by the number of 40 | // bits in tidx_mask. 41 | 42 | #define MAX_THREADS 32 43 | 44 | 45 | #ifndef MAX_PATH 46 | #define MAX_PATH 1024 47 | #endif 48 | 49 | #define MAX_COMPILER_ERROR_EXTRA_INFO 256 50 | #define MAX_ATOM_LENGTH 4 51 | #define MAX_LOOP_NESTING 4 52 | #define MAX_ARENA_PAGES 32 53 | #define MAX_INCLUDE_DEPTH 16 54 | #define MAX_STRING_MATCHES 1000000 55 | #define MAX_FUNCTION_ARGS 128 56 | #define MAX_FAST_HEX_RE_STACK 300 57 | #define MAX_OVERLOADED_FUNCTIONS 10 58 | #define MAX_HEX_STRING_TOKENS 10000 59 | #define MAX_MATCH_DATA 4096 60 | 61 | #define LOOP_LOCAL_VARS 4 62 | #define STRING_CHAINING_THRESHOLD 200 63 | #define LEX_BUF_SIZE 8192 64 | 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/mem.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_MEM_H 31 | #define YR_MEM_H 32 | 33 | #include 34 | 35 | #include "config.h" 36 | 37 | #ifdef DMALLOC 38 | 39 | #define yr_malloc malloc 40 | #define yr_calloc calloc 41 | #define yr_realloc realloc 42 | #define yr_free free 43 | #define yr_strdup strdup 44 | #define yr_strndup strndup 45 | 46 | #include 47 | 48 | #else 49 | 50 | void* yr_calloc( 51 | size_t count, 52 | size_t size); 53 | 54 | void* yr_malloc( 55 | size_t size); 56 | 57 | void* yr_realloc( 58 | void* ptr, 59 | size_t size); 60 | 61 | void yr_free( 62 | void* ptr); 63 | 64 | char* yr_strdup( 65 | const char* str); 66 | 67 | char* yr_strndup( 68 | const char* str, size_t n); 69 | 70 | #endif 71 | 72 | int yr_heap_alloc(void); 73 | 74 | int yr_heap_free(void); 75 | 76 | #endif 77 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/object.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_OBJECT_H 31 | #define YR_OBJECT_H 32 | 33 | #ifdef _MSC_VER 34 | 35 | #include 36 | #define isnan _isnan 37 | 38 | #ifndef INFINITY 39 | #define INFINITY (DBL_MAX + DBL_MAX) 40 | #endif 41 | 42 | #ifndef NAN 43 | #define NAN (INFINITY-INFINITY) 44 | #endif 45 | 46 | #endif 47 | 48 | #include "types.h" 49 | 50 | 51 | #define OBJECT_CREATE 1 52 | 53 | #define OBJECT_TYPE_INTEGER 1 54 | #define OBJECT_TYPE_STRING 2 55 | #define OBJECT_TYPE_STRUCTURE 3 56 | #define OBJECT_TYPE_ARRAY 4 57 | #define OBJECT_TYPE_FUNCTION 5 58 | #define OBJECT_TYPE_REGEXP 6 59 | #define OBJECT_TYPE_DICTIONARY 7 60 | #define OBJECT_TYPE_FLOAT 8 61 | 62 | 63 | int yr_object_create( 64 | int8_t type, 65 | const char* identifier, 66 | YR_OBJECT* parent, 67 | YR_OBJECT** object); 68 | 69 | 70 | int yr_object_function_create( 71 | const char* identifier, 72 | const char* arguments_fmt, 73 | const char* return_fmt, 74 | YR_MODULE_FUNC func, 75 | YR_OBJECT* parent, 76 | YR_OBJECT** function); 77 | 78 | 79 | int yr_object_from_external_variable( 80 | YR_EXTERNAL_VARIABLE* external, 81 | YR_OBJECT** object); 82 | 83 | 84 | void yr_object_destroy( 85 | YR_OBJECT* object); 86 | 87 | 88 | YR_OBJECT* yr_object_lookup_field( 89 | YR_OBJECT* object, 90 | const char* field_name); 91 | 92 | 93 | YR_OBJECT* yr_object_lookup( 94 | YR_OBJECT* root, 95 | int flags, 96 | const char* pattern, 97 | ...); 98 | 99 | 100 | int yr_object_has_undefined_value( 101 | YR_OBJECT* object, 102 | const char* field, 103 | ...); 104 | 105 | int64_t yr_object_get_integer( 106 | YR_OBJECT* object, 107 | const char* field, 108 | ...); 109 | 110 | 111 | SIZED_STRING* yr_object_get_string( 112 | YR_OBJECT* object, 113 | const char* field, 114 | ...); 115 | 116 | 117 | int yr_object_set_integer( 118 | int64_t value, 119 | YR_OBJECT* object, 120 | const char* field, 121 | ...); 122 | 123 | 124 | int yr_object_set_float( 125 | double value, 126 | YR_OBJECT* object, 127 | const char* field, 128 | ...); 129 | 130 | 131 | int yr_object_set_string( 132 | const char* value, 133 | size_t len, 134 | YR_OBJECT* object, 135 | const char* field, 136 | ...); 137 | 138 | 139 | YR_OBJECT* yr_object_array_get_item( 140 | YR_OBJECT* object, 141 | int flags, 142 | int index); 143 | 144 | 145 | int yr_object_array_set_item( 146 | YR_OBJECT* object, 147 | YR_OBJECT* item, 148 | int index); 149 | 150 | 151 | YR_OBJECT* yr_object_dict_get_item( 152 | YR_OBJECT* object, 153 | int flags, 154 | const char* key); 155 | 156 | 157 | int yr_object_dict_set_item( 158 | YR_OBJECT* object, 159 | YR_OBJECT* item, 160 | const char* key); 161 | 162 | 163 | int yr_object_structure_set_member( 164 | YR_OBJECT* object, 165 | YR_OBJECT* member); 166 | 167 | 168 | YR_OBJECT* yr_object_get_root( 169 | YR_OBJECT* object); 170 | 171 | 172 | YR_API void yr_object_print_data( 173 | YR_OBJECT* object, 174 | int indent, 175 | int print_identifier); 176 | 177 | 178 | #endif 179 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/parser.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_PARSER_H 31 | #define YR_PARSER_H 32 | 33 | 34 | #include "lexer.h" 35 | 36 | 37 | int yr_parser_emit( 38 | yyscan_t yyscanner, 39 | uint8_t instruction, 40 | uint8_t** instruction_address); 41 | 42 | 43 | int yr_parser_emit_with_arg( 44 | yyscan_t yyscanner, 45 | uint8_t instruction, 46 | int64_t argument, 47 | uint8_t** instruction_address, 48 | int64_t** argument_address); 49 | 50 | 51 | int yr_parser_emit_with_arg_double( 52 | yyscan_t yyscanner, 53 | uint8_t instruction, 54 | double argument, 55 | uint8_t** instruction_address, 56 | double** argument_address); 57 | 58 | 59 | int yr_parser_emit_with_arg_reloc( 60 | yyscan_t yyscanner, 61 | uint8_t instruction, 62 | int64_t argument, 63 | uint8_t** instruction_address, 64 | int64_t** argument_address); 65 | 66 | 67 | int yr_parser_check_types( 68 | YR_COMPILER* compiler, 69 | YR_OBJECT_FUNCTION* function, 70 | const char* actual_args_fmt); 71 | 72 | 73 | YR_STRING* yr_parser_lookup_string( 74 | yyscan_t yyscanner, 75 | const char* identifier); 76 | 77 | 78 | int yr_parser_lookup_loop_variable( 79 | yyscan_t yyscanner, 80 | const char* identifier); 81 | 82 | 83 | YR_RULE* yr_parser_reduce_rule_declaration_phase_1( 84 | yyscan_t yyscanner, 85 | int32_t flags, 86 | const char* identifier); 87 | 88 | 89 | int yr_parser_reduce_rule_declaration_phase_2( 90 | yyscan_t yyscanner, 91 | YR_RULE* rule); 92 | 93 | 94 | YR_STRING* yr_parser_reduce_string_declaration( 95 | yyscan_t yyscanner, 96 | int32_t flags, 97 | const char* identifier, 98 | SIZED_STRING* str); 99 | 100 | 101 | YR_META* yr_parser_reduce_meta_declaration( 102 | yyscan_t yyscanner, 103 | int32_t type, 104 | const char* identifier, 105 | const char* string, 106 | int64_t integer); 107 | 108 | 109 | int yr_parser_reduce_string_identifier( 110 | yyscan_t yyscanner, 111 | const char* identifier, 112 | uint8_t instruction, 113 | uint64_t at_offset); 114 | 115 | 116 | int yr_parser_emit_pushes_for_strings( 117 | yyscan_t yyscanner, 118 | const char* identifier); 119 | 120 | 121 | int yr_parser_reduce_external( 122 | yyscan_t yyscanner, 123 | const char* identifier, 124 | uint8_t intruction); 125 | 126 | 127 | int yr_parser_reduce_import( 128 | yyscan_t yyscanner, 129 | SIZED_STRING* module_name); 130 | 131 | 132 | int yr_parser_reduce_operation( 133 | yyscan_t yyscanner, 134 | const char* operation, 135 | EXPRESSION left_operand, 136 | EXPRESSION right_operand); 137 | 138 | #endif 139 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/proc.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_PROC_H 31 | #define YR_PROC_H 32 | 33 | #include "types.h" 34 | 35 | int yr_process_open_iterator( 36 | int pid, 37 | YR_MEMORY_BLOCK_ITERATOR* iterator); 38 | 39 | int yr_process_close_iterator( 40 | YR_MEMORY_BLOCK_ITERATOR* iterator); 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/re.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_RE_H 31 | #define YR_RE_H 32 | 33 | #include 34 | 35 | #include "arena.h" 36 | #include "sizedstr.h" 37 | 38 | #define RE_NODE_LITERAL 1 39 | #define RE_NODE_MASKED_LITERAL 2 40 | #define RE_NODE_ANY 3 41 | #define RE_NODE_CONCAT 4 42 | #define RE_NODE_ALT 5 43 | #define RE_NODE_RANGE 6 44 | #define RE_NODE_STAR 7 45 | #define RE_NODE_PLUS 8 46 | #define RE_NODE_CLASS 9 47 | #define RE_NODE_WORD_CHAR 10 48 | #define RE_NODE_NON_WORD_CHAR 11 49 | #define RE_NODE_SPACE 12 50 | #define RE_NODE_NON_SPACE 13 51 | #define RE_NODE_DIGIT 14 52 | #define RE_NODE_NON_DIGIT 15 53 | #define RE_NODE_EMPTY 16 54 | #define RE_NODE_ANCHOR_START 17 55 | #define RE_NODE_ANCHOR_END 18 56 | #define RE_NODE_WORD_BOUNDARY 19 57 | #define RE_NODE_NON_WORD_BOUNDARY 20 58 | 59 | 60 | #define RE_OPCODE_ANY 0xA0 61 | #define RE_OPCODE_ANY_EXCEPT_NEW_LINE 0xA1 62 | #define RE_OPCODE_LITERAL 0xA2 63 | #define RE_OPCODE_LITERAL_NO_CASE 0xA3 64 | #define RE_OPCODE_MASKED_LITERAL 0xA4 65 | #define RE_OPCODE_CLASS 0xA5 66 | #define RE_OPCODE_CLASS_NO_CASE 0xA6 67 | #define RE_OPCODE_WORD_CHAR 0xA7 68 | #define RE_OPCODE_NON_WORD_CHAR 0xA8 69 | #define RE_OPCODE_SPACE 0xA9 70 | #define RE_OPCODE_NON_SPACE 0xAA 71 | #define RE_OPCODE_DIGIT 0xAB 72 | #define RE_OPCODE_NON_DIGIT 0xAC 73 | #define RE_OPCODE_MATCH 0xAD 74 | 75 | #define RE_OPCODE_MATCH_AT_END 0xB0 76 | #define RE_OPCODE_MATCH_AT_START 0xB1 77 | #define RE_OPCODE_WORD_BOUNDARY 0xB2 78 | #define RE_OPCODE_NON_WORD_BOUNDARY 0xB3 79 | 80 | #define RE_OPCODE_SPLIT_A 0xC0 81 | #define RE_OPCODE_SPLIT_B 0xC1 82 | #define RE_OPCODE_PUSH 0xC2 83 | #define RE_OPCODE_POP 0xC3 84 | #define RE_OPCODE_JNZ 0xC4 85 | #define RE_OPCODE_JUMP 0xC5 86 | 87 | 88 | #define RE_FLAGS_FAST_HEX_REGEXP 0x02 89 | #define RE_FLAGS_BACKWARDS 0x04 90 | #define RE_FLAGS_EXHAUSTIVE 0x08 91 | #define RE_FLAGS_WIDE 0x10 92 | #define RE_FLAGS_NO_CASE 0x20 93 | #define RE_FLAGS_SCAN 0x40 94 | #define RE_FLAGS_DOT_ALL 0x80 95 | #define RE_FLAGS_NOT_AT_START 0x100 96 | #define RE_FLAGS_GREEDY 0x400 97 | #define RE_FLAGS_UNGREEDY 0x800 98 | 99 | 100 | typedef struct RE RE; 101 | typedef struct RE_NODE RE_NODE; 102 | typedef struct RE_ERROR RE_ERROR; 103 | 104 | typedef uint8_t RE_SPLIT_ID_TYPE; 105 | typedef uint8_t* RE_CODE; 106 | 107 | #define CHAR_IN_CLASS(chr, cls) \ 108 | ((cls)[(chr) / 8] & 1 << ((chr) % 8)) 109 | 110 | 111 | #define IS_WORD_CHAR(chr) \ 112 | (isalnum(chr) || (chr) == '_') 113 | 114 | 115 | struct RE_NODE 116 | { 117 | int type; 118 | 119 | union 120 | { 121 | int value; 122 | int count; 123 | int start; 124 | }; 125 | 126 | union 127 | { 128 | int mask; 129 | int end; 130 | }; 131 | 132 | int greedy; 133 | 134 | uint8_t* class_vector; 135 | 136 | RE_NODE* left; 137 | RE_NODE* right; 138 | 139 | RE_CODE forward_code; 140 | RE_CODE backward_code; 141 | }; 142 | 143 | 144 | struct RE 145 | { 146 | 147 | uint32_t flags; 148 | RE_NODE* root_node; 149 | YR_ARENA* code_arena; 150 | RE_CODE code; 151 | }; 152 | 153 | 154 | struct RE_ERROR 155 | { 156 | 157 | char message[512]; 158 | 159 | }; 160 | 161 | 162 | typedef int RE_MATCH_CALLBACK_FUNC( 163 | uint8_t* match, 164 | int match_length, 165 | int flags, 166 | void* args); 167 | 168 | 169 | int yr_re_create( 170 | RE** re); 171 | 172 | 173 | int yr_re_parse( 174 | const char* re_string, 175 | int flags, 176 | RE** re, 177 | RE_ERROR* error); 178 | 179 | 180 | int yr_re_parse_hex( 181 | const char* hex_string, 182 | int flags, 183 | RE** re, 184 | RE_ERROR* error); 185 | 186 | 187 | int yr_re_compile( 188 | const char* re_string, 189 | int flags, 190 | YR_ARENA* code_arena, 191 | RE** re, 192 | RE_ERROR* error); 193 | 194 | 195 | void yr_re_destroy( 196 | RE* re); 197 | 198 | 199 | void yr_re_print( 200 | RE* re); 201 | 202 | 203 | RE_NODE* yr_re_node_create( 204 | int type, 205 | RE_NODE* left, 206 | RE_NODE* right); 207 | 208 | 209 | void yr_re_node_destroy( 210 | RE_NODE* node); 211 | 212 | 213 | SIZED_STRING* yr_re_extract_literal( 214 | RE* re); 215 | 216 | 217 | int yr_re_contains_dot_star( 218 | RE* re); 219 | 220 | 221 | int yr_re_split_at_chaining_point( 222 | RE* re, 223 | RE** result_re, 224 | RE** remainder_re, 225 | int32_t* min_gap, 226 | int32_t* max_gap); 227 | 228 | 229 | int yr_re_emit_code( 230 | RE* re, 231 | YR_ARENA* arena); 232 | 233 | 234 | int yr_re_exec( 235 | RE_CODE re_code, 236 | uint8_t* input, 237 | size_t input_size, 238 | int flags, 239 | RE_MATCH_CALLBACK_FUNC callback, 240 | void* callback_args); 241 | 242 | 243 | int yr_re_match( 244 | RE_CODE re_code, 245 | const char* target); 246 | 247 | 248 | int yr_re_initialize(void); 249 | 250 | 251 | int yr_re_finalize(void); 252 | 253 | 254 | int yr_re_finalize_thread(void); 255 | 256 | #endif 257 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/re_lexer.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #undef yyparse 31 | #undef yylex 32 | #undef yyerror 33 | #undef yyfatal 34 | #undef yychar 35 | #undef yydebug 36 | #undef yynerrs 37 | #undef yyget_extra 38 | #undef yyget_lineno 39 | 40 | #undef YY_FATAL_ERROR 41 | #undef YY_DECL 42 | #undef LEX_ENV 43 | 44 | 45 | #define yyparse re_yyparse 46 | #define yylex re_yylex 47 | #define yyerror re_yyerror 48 | #define yyfatal re_yyfatal 49 | #define yychar re_yychar 50 | #define yydebug re_yydebug 51 | #define yynerrs re_yynerrs 52 | #define yyget_extra re_yyget_extra 53 | #define yyget_lineno re_yyget_lineno 54 | 55 | 56 | #ifndef YY_TYPEDEF_YY_SCANNER_T 57 | #define YY_TYPEDEF_YY_SCANNER_T 58 | typedef void* yyscan_t; 59 | #endif 60 | 61 | #define YY_EXTRA_TYPE RE* 62 | #define YY_USE_CONST 63 | 64 | 65 | typedef struct _RE_LEX_ENVIRONMENT 66 | { 67 | int negated_class; 68 | uint8_t class_vector[32]; 69 | int last_error_code; 70 | char last_error_message[256]; 71 | 72 | } RE_LEX_ENVIRONMENT; 73 | 74 | 75 | #define LEX_ENV ((RE_LEX_ENVIRONMENT*) lex_env) 76 | 77 | #define YY_FATAL_ERROR(msg) re_yyfatal(yyscanner, msg) 78 | 79 | #include 80 | 81 | #define YY_DECL int re_yylex \ 82 | (YYSTYPE * yylval_param , yyscan_t yyscanner, RE_LEX_ENVIRONMENT* lex_env) 83 | 84 | 85 | YY_EXTRA_TYPE yyget_extra( 86 | yyscan_t yyscanner); 87 | 88 | int yylex( 89 | YYSTYPE* yylval_param, 90 | yyscan_t yyscanner, 91 | RE_LEX_ENVIRONMENT* lex_env); 92 | 93 | int yyparse( 94 | void* yyscanner, 95 | RE_LEX_ENVIRONMENT* lex_env); 96 | 97 | void yyerror( 98 | yyscan_t yyscanner, 99 | RE_LEX_ENVIRONMENT* lex_env, 100 | const char* error_message); 101 | 102 | void yyfatal( 103 | yyscan_t yyscanner, 104 | const char* error_message); 105 | 106 | int yr_parse_re_string( 107 | const char* re_string, 108 | int flags, 109 | RE** re, 110 | RE_ERROR* error); 111 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/rules.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_RULES_H 31 | #define YR_RULES_H 32 | 33 | #include "types.h" 34 | #include "utils.h" 35 | #include "filemap.h" 36 | 37 | 38 | #define CALLBACK_MSG_RULE_MATCHING 1 39 | #define CALLBACK_MSG_RULE_NOT_MATCHING 2 40 | #define CALLBACK_MSG_SCAN_FINISHED 3 41 | #define CALLBACK_MSG_IMPORT_MODULE 4 42 | #define CALLBACK_MSG_MODULE_IMPORTED 5 43 | 44 | #define CALLBACK_CONTINUE 0 45 | #define CALLBACK_ABORT 1 46 | #define CALLBACK_ERROR 2 47 | 48 | 49 | #define yr_rule_tags_foreach(rule, tag_name) \ 50 | for (tag_name = rule->tags; \ 51 | tag_name != NULL && *tag_name != '\0'; \ 52 | tag_name += strlen(tag_name) + 1) 53 | 54 | 55 | #define yr_rule_metas_foreach(rule, meta) \ 56 | for (meta = rule->metas; !META_IS_NULL(meta); meta++) 57 | 58 | 59 | #define yr_rule_strings_foreach(rule, string) \ 60 | for (string = rule->strings; !STRING_IS_NULL(string); string++) 61 | 62 | 63 | #define yr_string_matches_foreach(string, match) \ 64 | for (match = STRING_MATCHES(string).head; match != NULL; match = match->next) 65 | 66 | 67 | #define yr_rules_foreach(rules, rule) \ 68 | for (rule = rules->rules_list_head; !RULE_IS_NULL(rule); rule++) 69 | 70 | 71 | 72 | YR_API int yr_rules_scan_mem( 73 | YR_RULES* rules, 74 | uint8_t* buffer, 75 | size_t buffer_size, 76 | int flags, 77 | YR_CALLBACK_FUNC callback, 78 | void* user_data, 79 | int timeout); 80 | 81 | 82 | YR_API int yr_rules_scan_file( 83 | YR_RULES* rules, 84 | const char* filename, 85 | int flags, 86 | YR_CALLBACK_FUNC callback, 87 | void* user_data, 88 | int timeout); 89 | 90 | 91 | YR_API int yr_rules_scan_fd( 92 | YR_RULES* rules, 93 | YR_FILE_DESCRIPTOR fd, 94 | int flags, 95 | YR_CALLBACK_FUNC callback, 96 | void* user_data, 97 | int timeout); 98 | 99 | 100 | YR_API int yr_rules_scan_proc( 101 | YR_RULES* rules, 102 | int pid, 103 | int flags, 104 | YR_CALLBACK_FUNC callback, 105 | void* user_data, 106 | int timeout); 107 | 108 | YR_API int yr_rules_save( 109 | YR_RULES* rules, 110 | const char* filename); 111 | 112 | 113 | YR_API int yr_rules_save_stream( 114 | YR_RULES* rules, 115 | YR_STREAM* stream); 116 | 117 | 118 | YR_API int yr_rules_load( 119 | const char* filename, 120 | YR_RULES** rules); 121 | 122 | 123 | YR_API int yr_rules_load_stream( 124 | YR_STREAM* stream, 125 | YR_RULES** rules); 126 | 127 | 128 | YR_API int yr_rules_destroy( 129 | YR_RULES* rules); 130 | 131 | 132 | YR_API int yr_rules_define_integer_variable( 133 | YR_RULES* rules, 134 | const char* identifier, 135 | int64_t value); 136 | 137 | 138 | YR_API int yr_rules_define_boolean_variable( 139 | YR_RULES* rules, 140 | const char* identifier, 141 | int value); 142 | 143 | 144 | YR_API int yr_rules_define_float_variable( 145 | YR_RULES* rules, 146 | const char* identifier, 147 | double value); 148 | 149 | 150 | YR_API int yr_rules_define_string_variable( 151 | YR_RULES* rules, 152 | const char* identifier, 153 | const char* value); 154 | 155 | 156 | YR_API void yr_rules_print_profiling_info( 157 | YR_RULES* rules); 158 | 159 | #endif 160 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/scan.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_SCAN_H 31 | #define YR_SCAN_H 32 | 33 | #include "types.h" 34 | 35 | // Bitmasks for flags. 36 | #define SCAN_FLAGS_FAST_MODE 1 37 | #define SCAN_FLAGS_PROCESS_MEMORY 2 38 | 39 | 40 | int yr_scan_verify_match( 41 | YR_SCAN_CONTEXT* context, 42 | YR_AC_MATCH* ac_match, 43 | uint8_t* data, 44 | size_t data_size, 45 | size_t data_base, 46 | size_t offset); 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/sizedstr.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef _SIZEDSTR_H 31 | #define _SIZEDSTR_H 32 | 33 | #include 34 | 35 | #include "integers.h" 36 | 37 | // 38 | // This struct is used to support strings containing null chars. The length of 39 | // the string is stored along the string data. However the string data is also 40 | // terminated with a null char. 41 | // 42 | 43 | #define SIZED_STRING_FLAGS_NO_CASE 1 44 | #define SIZED_STRING_FLAGS_DOT_ALL 2 45 | 46 | #pragma pack(push) 47 | #pragma pack(8) 48 | 49 | 50 | typedef struct _SIZED_STRING 51 | { 52 | uint32_t length; 53 | uint32_t flags; 54 | 55 | char c_string[1]; 56 | 57 | } SIZED_STRING; 58 | 59 | #pragma pack(pop) 60 | 61 | 62 | int sized_string_cmp( 63 | SIZED_STRING* s1, 64 | SIZED_STRING* s2); 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/stream.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2015. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_STREAM_H 31 | #define YR_STREAM_H 32 | 33 | #include 34 | 35 | typedef size_t (*YR_STREAM_READ_FUNC)( 36 | void* ptr, 37 | size_t size, 38 | size_t count, 39 | void* user_data); 40 | 41 | 42 | typedef size_t (*YR_STREAM_WRITE_FUNC)( 43 | const void* ptr, 44 | size_t size, 45 | size_t count, 46 | void* user_data); 47 | 48 | 49 | typedef struct _YR_STREAM 50 | { 51 | void* user_data; 52 | 53 | YR_STREAM_READ_FUNC read; 54 | YR_STREAM_WRITE_FUNC write; 55 | 56 | } YR_STREAM; 57 | 58 | 59 | size_t yr_stream_read( 60 | void* ptr, 61 | size_t size, 62 | size_t count, 63 | YR_STREAM* stream); 64 | 65 | 66 | size_t yr_stream_write( 67 | const void* ptr, 68 | size_t size, 69 | size_t count, 70 | YR_STREAM* stream); 71 | 72 | #endif 73 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/strutils.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_STRUTILS_H 31 | #define YR_STRUTILS_H 32 | 33 | #include 34 | #include 35 | 36 | #include "integers.h" 37 | 38 | #include "config.h" 39 | 40 | // Cygwin already has these functions. 41 | #if defined(_WIN32) && !defined(__CYGWIN__) 42 | #if defined(_MSC_VER) && _MSC_VER < 1900 43 | #define snprintf _snprintf 44 | #endif 45 | #define strcasecmp _stricmp 46 | #define strncasecmp _strnicmp 47 | #endif 48 | 49 | 50 | uint64_t xtoi( 51 | const char* hexstr); 52 | 53 | 54 | #if !HAVE_STRLCPY && !defined(strlcpy) 55 | size_t strlcpy( 56 | char* dst, 57 | const char* src, 58 | size_t size); 59 | #endif 60 | 61 | 62 | #if !HAVE_STRLCAT && !defined(strlcat) 63 | size_t strlcat( 64 | char* dst, 65 | const char* src, 66 | size_t size); 67 | #endif 68 | 69 | 70 | #if !HAVE_MEMMEM && !defined(memmem) 71 | void* memmem( 72 | const void* haystack, 73 | size_t haystack_size, 74 | const void* needle, 75 | size_t needle_size); 76 | #endif 77 | 78 | 79 | int strnlen_w( 80 | const char* w_str); 81 | 82 | 83 | int strcmp_w( 84 | const char* w_str, 85 | const char* str); 86 | 87 | 88 | size_t strlcpy_w( 89 | char* dst, 90 | const char* w_src, 91 | size_t n); 92 | 93 | #endif 94 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/threading.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2016. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef YR_MUTEX_H 31 | #define YR_MUTEX_H 32 | 33 | 34 | 35 | #if defined(_WIN32) || defined(__CYGWIN__) 36 | 37 | #include 38 | 39 | typedef DWORD YR_THREAD_ID; 40 | typedef DWORD YR_THREAD_STORAGE_KEY; 41 | typedef HANDLE YR_MUTEX; 42 | 43 | #else 44 | 45 | #include 46 | 47 | typedef pthread_t YR_THREAD_ID; 48 | typedef pthread_key_t YR_THREAD_STORAGE_KEY; 49 | typedef pthread_mutex_t YR_MUTEX; 50 | 51 | #endif 52 | 53 | YR_THREAD_ID yr_current_thread_id(void); 54 | 55 | int yr_mutex_create(YR_MUTEX*); 56 | int yr_mutex_destroy(YR_MUTEX*); 57 | int yr_mutex_lock(YR_MUTEX*); 58 | int yr_mutex_unlock(YR_MUTEX*); 59 | 60 | int yr_thread_storage_create(YR_THREAD_STORAGE_KEY*); 61 | int yr_thread_storage_destroy(YR_THREAD_STORAGE_KEY*); 62 | int yr_thread_storage_set_value(YR_THREAD_STORAGE_KEY*, void*); 63 | void* yr_thread_storage_get_value(YR_THREAD_STORAGE_KEY*); 64 | 65 | #endif 66 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara/utils.h: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software without 16 | specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | 31 | #ifndef YR_UTILS_H 32 | #define YR_UTILS_H 33 | 34 | #ifndef TRUE 35 | #define TRUE 1 36 | #endif 37 | 38 | #ifndef FALSE 39 | #define FALSE 0 40 | #endif 41 | 42 | #ifndef NULL 43 | #define NULL 0 44 | #endif 45 | 46 | #ifdef __cplusplus 47 | #define EXTERNC extern "C" 48 | #else 49 | #define EXTERNC 50 | #endif 51 | 52 | #if defined(__GNUC__) 53 | #define YR_API EXTERNC __attribute__((visibility("default"))) 54 | #elif defined(_MSC_VER) 55 | #define YR_API EXTERNC __declspec(dllexport) 56 | #else 57 | #define YR_API EXTERNC 58 | #endif 59 | 60 | #if defined(__GNUC__) 61 | #define YR_ALIGN(n) __attribute__((aligned(n))) 62 | #elif defined(_MSC_VER) 63 | #define YR_ALIGN(n) __declspec(align(n)) 64 | #else 65 | #define YR_ALIGN(n) 66 | #endif 67 | 68 | #define yr_min(x, y) ((x < y) ? (x) : (y)) 69 | #define yr_max(x, y) ((x > y) ? (x) : (y)) 70 | 71 | #define PTR_TO_INT64(x) ((int64_t) (size_t) x) 72 | 73 | 74 | #ifdef NDEBUG 75 | 76 | #define assertf(expr, msg, ...) ((void)0) 77 | 78 | #else 79 | 80 | #include 81 | 82 | #define assertf(expr, msg, ...) \ 83 | if(!(expr)) { \ 84 | fprintf(stderr, "%s:%d: " msg "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ 85 | abort(); \ 86 | } 87 | 88 | #endif 89 | 90 | #endif 91 | -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/yara/yara_x64.lib -------------------------------------------------------------------------------- /SlothBP/pluginsdk/yara/yara_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/pluginsdk/yara/yara_x86.lib -------------------------------------------------------------------------------- /SlothBP/resource.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/resource.h -------------------------------------------------------------------------------- /SlothBP/resource.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/resource.rc -------------------------------------------------------------------------------- /SlothBP/sloth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/SlothBP/176d161e753883fc1ce9fafb5604c1b408c673ed/SlothBP/sloth.png -------------------------------------------------------------------------------- /SlothBP/strUtil.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | // from: https://stackoverflow.com/questions/236129/most-elegant-way-to-split-a-string 8 | template 9 | void split(const std::string &s, char delim, Out result) { 10 | std::stringstream ss; 11 | ss.str(s); 12 | std::string item; 13 | while(std::getline(ss, item, delim)) { 14 | *(result++) = item; 15 | } 16 | } 17 | 18 | 19 | std::vector split(const std::string &s, char delim) { 20 | std::vector elems; 21 | split(s, delim, std::back_inserter(elems)); 22 | return elems; 23 | } 24 | -------------------------------------------------------------------------------- /release.bat: -------------------------------------------------------------------------------- 1 | set RELEASEDIR=.\release 2 | mkdir %RELEASEDIR%\plugins\x32 3 | mkdir %RELEASEDIR%\plugins\x64 4 | copy bin\x32\SlothBP.dp32 %RELEASEDIR%\plugins\x32\ 5 | copy SlothBP.ini %RELEASEDIR%\plugins\x32\ 6 | copy bin\x64\SlothBP.dp64 %RELEASEDIR%\plugins\x64\ 7 | copy SlothBP.ini %RELEASEDIR%\plugins\x64\ --------------------------------------------------------------------------------