Skip to content

Instantly share code, notes, and snippets.

@winapiadmin

winapiadmin/parse.cpp

Created August 17, 2024 15:26
Show Gist options
  • Save winapiadmin/741fbd2fce4f07ea6400e0e6eab440c3 to your computer and use it in GitHub Desktop.
Save winapiadmin/741fbd2fce4f07ea6400e0e6eab440c3 to your computer and use it in GitHub Desktop.
Download ZIP
parse
Raw
parse.cpp
for (size_t i = 0; i < count; ++i)
{
if (insn[i].bytes[0]==0x90) continue; // padding
if (insn[i].bytes[0]==0x00&&insn[i].bytes[1]==0x00) continue; // padding
if (insn[i].bytes[0]==0xCC) continue; // never jumps to that part
char* endptr;
ULONGLONG addr;
char* str=(char*)malloc(21);
switch(insn[i].bytes[0])
{
case 0x70 ... 0x7f:
if (has_rip_relative_addressing(&insn[i],handle))
{
addr=parse_rip_relative_addressing(&insn[i],handle);
addr += insn[i].address;
}
else
{
// Attempt to convert the string to an integer directly
addr = strtoull(insn[i].op_str, &endptr, 16);
if (*endptr != '\0')
{
// If direct conversion fails, try extracting hex value from the string
char* start_bracket = strchr(insn[i].op_str, '[');
if (start_bracket)
{
char* end_bracket = strchr(start_bracket, ']');
if (end_bracket)
{
*end_bracket = '\0'; // Null-terminate the substring
char* hex_value = start_bracket + 1;
addr = strtoull(hex_value, NULL, 16);
}
}
}
}
if (addresses.find(addr)==addresses.end())
{
sprintf(str,"loc_%llx",addr);
addresses[addr]=str;
}
case 0xe0 ... 0xe7:
case 0xe9 ... 0xeb:
break;
case 0xE8:
if (has_rip_relative_addressing(&insn[i],handle))
{
addr=parse_rip_relative_addressing(&insn[i],handle);
addr += insn[i].address;
}
else
{
// Attempt to convert the string to an integer directly
addr = strtoull(insn[i].op_str, &endptr, 16);
if (*endptr != '\0')
{
// If direct conversion fails, try extracting hex value from the string
char* start_bracket = strchr(insn[i].op_str, '[');
if (start_bracket)
{
char* end_bracket = strchr(start_bracket, ']');
if (end_bracket)
{
*end_bracket = '\0'; // Null-terminate the substring
char* hex_value = start_bracket + 1;
addr = strtoull(hex_value, NULL, 16);
}
}
}
}
if (addresses.find(addr)==addresses.end())
{
sprintf(str,"sub_%llx",addr);
addresses[addr]=str;
}
case 0x9a:
break;
default:
break;
}
switch (insn[i].bytes[0]<<8|insn[i].bytes[1])
{
case 0x0f80 ... 0x0f8f:
if (has_rip_relative_addressing(&insn[i],handle))
{
addr=parse_rip_relative_addressing(&insn[i],handle);
addr += insn[i].address;
}
else
{
// Attempt to convert the string to an integer directly
addr = strtoull(insn[i].op_str, &endptr, 16);
if (*endptr != '\0')
{
// If direct conversion fails, try extracting hex value from the string
char* start_bracket = strchr(insn[i].op_str, '[');
if (start_bracket)
{
char* end_bracket = strchr(start_bracket, ']');
if (end_bracket)
{
*end_bracket = '\0'; // Null-terminate the substring
char* hex_value = start_bracket + 1;
addr = strtoull(hex_value, NULL, 16);
}
}
}
}
if (addresses.find(addr)==addresses.end())
{
sprintf(str,"loc_%llx",addr);
addresses[addr]=str;
}
case 0xff04 ... 0xff05:
break;
case 0xff02 ... 0xff03:
if (has_rip_relative_addressing(&insn[i],handle))
{
addr=parse_rip_relative_addressing(&insn[i],handle);
addr += insn[i].address;
}
else
{
// Attempt to convert the string to an integer directly
addr = strtoull(insn[i].op_str, &endptr, 16);
if (*endptr != '\0')
{
// If direct conversion fails, try extracting hex value from the string
char* start_bracket = strchr(insn[i].op_str, '[');
if (start_bracket)
{
char* end_bracket = strchr(start_bracket, ']');
if (end_bracket)
{
*end_bracket = '\0'; // Null-terminate the substring
char* hex_value = start_bracket + 1;
addr = strtoull(hex_value, NULL, 16);
}
}
}
}
if (addresses.find(addr)==addresses.end())
{
sprintf(str,"sub_%llx",addr);
addresses[addr]=str;
}
break;
default:
break;
}
if (has_rip_relative_addressing(&insn[i],handle))
{
addr=parse_rip_relative_addressing(&insn[i],handle);
sprintf(str,"sub_%llx",addr);
addr += insn[i].address;
addresses[addr]=str;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment