From 01f2f5754a91dcd1200cc68a52a054a0d6636716 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Tue, 26 Nov 2024 13:39:12 +0100 Subject: [PATCH 01/49] more 64bits winapi --- src/emu.rs | 1 + src/emu/winapi64.rs | 4 +++ src/emu/winapi64/kernel32.rs | 15 ++++++++ src/emu/winapi64/kernelbase.rs | 66 ++++++++++++++++++++++++++++++++++ src/emu/winapi64/shlwapi.rs | 45 +++++++++++++++++++++++ 5 files changed, 131 insertions(+) create mode 100644 src/emu/winapi64/kernelbase.rs create mode 100644 src/emu/winapi64/shlwapi.rs diff --git a/src/emu.rs b/src/emu.rs index 1c93f45..b7980e0 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -972,6 +972,7 @@ impl Emu { winapi64::kernel32::load_library(self, "wininet.dll"); winapi64::kernel32::load_library(self, "dnsapi.dll"); winapi64::kernel32::load_library(self, "shell32.dll"); + winapi64::kernel32::load_library(self, "shlwapi.dll"); } diff --git a/src/emu/winapi64.rs b/src/emu/winapi64.rs index 2cedea5..a542199 100644 --- a/src/emu/winapi64.rs +++ b/src/emu/winapi64.rs @@ -8,6 +8,8 @@ mod user32; mod winhttp; mod wininet; mod ws2_32; +mod shlwapi; +mod kernelbase; use crate::emu; @@ -24,6 +26,8 @@ pub fn gateway(addr: u64, name: String, emu: &mut emu::Emu) { "dnsapi.text" => dnsapi::gateway(addr, emu), "comctl32.text" => comctl64::gateway(addr, emu), "shell32.text" => shell32::gateway(addr, emu), + "shlwapi.text" => shlwapi::gateway(addr, emu), + "kernelbase.text" => kernelbase::gateway(addr, emu), "not_loaded" => { emu.pe64.as_ref().unwrap().import_addr_to_name(addr) } diff --git a/src/emu/winapi64/kernel32.rs b/src/emu/winapi64/kernel32.rs index 8ac4219..0686b30 100644 --- a/src/emu/winapi64/kernel32.rs +++ b/src/emu/winapi64/kernel32.rs @@ -15,6 +15,7 @@ use std::sync::Mutex; pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { let api = guess_api_name(emu, addr); match api.as_str() { + "FindActCtxSectionStringW" => FindActCtxSectionStringW(emu), "LoadLibraryA" => LoadLibraryA(emu), "LoadLibraryW" => LoadLibraryW(emu), "LoadLibraryExA" => LoadLibraryExA(emu), @@ -2324,3 +2325,17 @@ fn lstrcpy(emu: &mut emu::Emu) { emu.regs.rax = dst; } } + +pub fn FindActCtxSectionStringW(emu: &mut emu::Emu) { + let actctx = emu.regs.rcx; + let section_name = emu.maps.read_wide_string(emu.regs.rdx); + let string_name = emu.maps.read_wide_string(emu.regs.r8); + let string_value = emu.maps.read_wide_string(emu.regs.r9); + + println!( + "{}** {} kernel32!FindActCtxSectionStringW section_name: {} string_name: {} string_value: {} {}", + emu.colors.light_red, emu.pos, section_name, string_name, string_value, emu.colors.nc + ); + + emu.regs.rax = 0; +} diff --git a/src/emu/winapi64/kernelbase.rs b/src/emu/winapi64/kernelbase.rs new file mode 100644 index 0000000..f953b15 --- /dev/null +++ b/src/emu/winapi64/kernelbase.rs @@ -0,0 +1,66 @@ +use crate::emu; +//use crate::emu::constants; +//use crate::emu::winapi32::helper; + +pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { + let apiname = emu::winapi64::kernel32::guess_api_name(emu, addr); + match apiname.as_str() { + + "PathCombineA" => PathCombineA(emu), + "IsCharAlphaNumericA" => IsCharAlphaNumericA(emu), + "GetTokenInformation" => GetTokenInformation(emu), + + _ => { + println!( + "calling unimplemented kernelbase API 0x{:x} {}", + addr, apiname + ); + return apiname; + } + } + + return String::new(); +} + +pub fn PathCombineA(emu: &mut emu::Emu) { + let dst: u64 = emu.regs.rcx; + let path1 = emu.maps.read_string(emu.regs.rdx); + let path2 = emu.maps.read_string(emu.regs.r8); + + println!( + "{}** {} kernelbase!PathCombineA path1: {} path2: {} {}", + emu.colors.light_red, emu.pos, path1, path2, emu.colors.nc + ); + + if dst != 0 && path1 != "" && path2 != "" { + emu.maps.write_string(dst, &format!("{}\\{}", path1, path2)); + } + + emu.regs.rax = dst; +} + +pub fn IsCharAlphaNumericA(emu: &mut emu::Emu) { + let c = emu.regs.rcx as u8 as char; + + println!( + "{}** {} kernelbase!IsCharAlphaNumericA char: {} {}", + emu.colors.light_red, emu.pos, c, emu.colors.nc + ); + + emu.regs.rax = if c.is_ascii_alphanumeric() { 1 } else { 0 }; +} + +pub fn GetTokenInformation(emu: &mut emu::Emu) { + let token_handle = emu.regs.rdx; + let token_information_class = emu.regs.rcx; + let token_information = emu.regs.r8; + let token_information_length = emu.regs.r9; + let return_length = emu.maps.read_qword(emu.regs.rsp); + + println!( + "{}** {} kernelbase!GetTokenInformation token_information_class: 0x{:x} {}", + emu.colors.light_red, emu.pos, token_information_class, emu.colors.nc + ); + + emu.regs.rax = 1; +} diff --git a/src/emu/winapi64/shlwapi.rs b/src/emu/winapi64/shlwapi.rs new file mode 100644 index 0000000..dd73c8b --- /dev/null +++ b/src/emu/winapi64/shlwapi.rs @@ -0,0 +1,45 @@ +use crate::emu; +//use crate::emu::constants; +//use crate::emu::winapi32::helper; + +pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { + let apiname = emu::winapi64::kernel32::guess_api_name(emu, addr); + match apiname.as_str() { + "PathIsContentTypeW" => PathIsContentTypeW(emu), + "PathFindSuffixArrayA" => PathFindSuffixArrayA(emu), + + _ => { + println!( + "calling unimplemented shlwapi API 0x{:x} {}", + addr, apiname + ); + return apiname; + } + } + + return String::new(); +} + +pub fn PathIsContentTypeW(emu: &mut emu::Emu) { + let path = emu.maps.read_wide_string(emu.regs.rcx); + let content_type = emu.maps.read_wide_string(emu.regs.rdx); + + println!( + "{}** {} shlwapi!PathIsContentTypeW path: {} content-type: {} {}", + emu.colors.light_red, emu.pos, path, content_type, emu.colors.nc + ); + + emu.regs.rax = 1; +} + +pub fn PathFindSuffixArrayA(emu: &mut emu::Emu) { + let path = emu.maps.read_string(emu.regs.rcx); + let suffixes = emu.maps.read_string(emu.regs.rdx); + + println!( + "{}** {} shlwapi!PathFindSuffixArrayA path: {} suffixes: {} {}", + emu.colors.light_red, emu.pos, path, suffixes, emu.colors.nc + ); + + emu.regs.rax = emu.regs.rdx; +} From 759e5a8b8e68a1958bc55408ad32d1cf06541c57 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Sat, 30 Nov 2024 12:13:54 +0100 Subject: [PATCH 02/49] minor changes --- src/emu.rs | 64 ++++++++++++++++++++++++++ src/emu/constants.rs | 6 +++ src/emu/maps.rs | 3 ++ src/emu/winapi32/kernel32.rs | 89 ++++++++++++++++++++++++++++++++++-- 4 files changed, 159 insertions(+), 3 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index b7980e0..abbadcd 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -4223,6 +4223,8 @@ impl Emu { OpKind::Immediate32to64 => 64, OpKind::Immediate8to64 => 64, //TODO: this could be 8 OpKind::Register => self.regs.get_size(ins.op_register(noperand)), + OpKind::MemoryESEDI => 32, + OpKind::MemorySegESI => 32, OpKind::Memory => { let mut info_factory = InstructionInfoFactory::new(); let info = info_factory.info(ins); @@ -13904,6 +13906,68 @@ impl Emu { } } + Mnemonic::Movlhps => { + self.show_instruction(&self.colors.red, &ins); + assert!(ins.op_count() == 2); + + let dest = self.get_operand_xmm_value_128(&ins, 0, true).unwrap_or(0); + let source = self.get_operand_xmm_value_128(&ins, 1, true).unwrap_or(0); + + let low_qword = dest & 0xFFFFFFFFFFFFFFFF; + let high_qword = (source & 0xFFFFFFFFFFFFFFFF) << 64; + let result = low_qword | high_qword; + + self.set_operand_xmm_value_128(&ins, 0, result); + } + + Mnemonic::Pshuflw => { + self.show_instruction(&self.colors.red, &ins); + assert!(ins.op_count() == 3); + + let value1 = self.get_operand_xmm_value_128(&ins, 1, true).unwrap_or(0); + let value2 = self.get_operand_value(&ins, 2, true).unwrap_or(0); + + let high_qword = value1 & 0xFFFFFFFFFFFFFFFF_0000000000000000; + let lw0 = value1 & 0xFFFF; + let lw1 = (value1 >> 16) & 0xFFFF; + let lw2 = (value1 >> 32) & 0xFFFF; + let lw3 = (value1 >> 48) & 0xFFFF; + let low_words = [lw0, lw1, lw2, lw3]; + let mut low_qword: u64 = 0; + low_qword |= (low_words[(value2 & 0b11) as usize]) as u64; + low_qword |= (low_words[((value2 >> 2) & 0b11) as usize] as u64) << 16; + low_qword |= (low_words[((value2 >> 4) & 0b11) as usize] as u64) << 32; + low_qword |= (low_words[((value2 >> 6) & 0b11) as usize] as u64) << 48; + let result = high_qword | low_qword as u128; + + self.set_operand_xmm_value_128(&ins, 0, result); + } + + Mnemonic::Pshufhw => { + self.show_instruction(&self.colors.red, &ins); + assert!(ins.op_count() == 3); + + let value1 = self.get_operand_xmm_value_128(&ins, 1, true).unwrap_or(0); + let value2 = self.get_operand_value(&ins, 2, true).unwrap_or(0); + + let low_qword = value1 & 0xFFFFFFFFFFFFFFFF; + let hw0 = (value1 >> 64) & 0xFFFF; + let hw1 = (value1 >> 80) & 0xFFFF; + let hw2 = (value1 >> 96) & 0xFFFF; + let hw3 = (value1 >> 112) & 0xFFFF; + let high_words = [hw0, hw1, hw2, hw3]; + let mut high_qword: u64 = 0; + + high_qword |= (high_words[(value2 & 0b11) as usize]) as u64; + high_qword |= (high_words[((value2 >> 2) & 0b11) as usize] as u64) << 16; + high_qword |= (high_words[((value2 >> 4) & 0b11) as usize] as u64) << 32; + high_qword |= (high_words[((value2 >> 6) & 0b11) as usize] as u64) << 48; + + let result = low_qword | ((high_qword as u128) << 64); + + self.set_operand_xmm_value_128(&ins, 0, result); + } + Mnemonic::Prefetchw => { self.show_instruction(&self.colors.red, &ins); } diff --git a/src/emu/constants.rs b/src/emu/constants.rs index 291b9b5..991b3d8 100644 --- a/src/emu/constants.rs +++ b/src/emu/constants.rs @@ -20,6 +20,12 @@ pub const WAIT_FAILED: u64 = 0xFFFFFFFF; pub const CALL_FIRST: u32 = 1; pub const CALL_LAST: u32 = 0; +pub const GENERIC_READ: u32 = 0x80000000; +pub const GENERIC_WRITE: u32 = 0x40000000; + +pub const INVALID_HANDLE_VALUE_64: u64 = 0xFFFFFFFFFFFFFFFF; +pub const INVALID_HANDLE_VALUE_32: u64 = 0xFFFFFFFF; + pub const RETURN_THREAD: u32 = 0x11223344; pub const LIBS_BARRIER: u64 = 0x60000000; pub const LIBS_BARRIER64: u64 = 0x60000000; diff --git a/src/emu/maps.rs b/src/emu/maps.rs index a6ea2c3..c2629e4 100644 --- a/src/emu/maps.rs +++ b/src/emu/maps.rs @@ -403,6 +403,7 @@ impl Maps { for (i, bsi) in bs.iter().enumerate() { self.write_byte(to + i as u64, *bsi); } + self.write_byte(to + bs.len() as u64, 0x00); } pub fn write_wide_string(&mut self, to: u64, from: &str) { @@ -413,6 +414,8 @@ impl Maps { self.write_byte(to + off + 1 as u64, 0x00); off += 2; } + self.write_byte(to + off as u64, 0x00); + self.write_byte(to + off + 1 as u64, 0x00); } pub fn write_buffer(&mut self, to: u64, from: &[u8]) { diff --git a/src/emu/winapi32/kernel32.rs b/src/emu/winapi32/kernel32.rs index c5b4478..71b02d0 100644 --- a/src/emu/winapi32/kernel32.rs +++ b/src/emu/winapi32/kernel32.rs @@ -30,6 +30,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { 0x75e9f438 => DisconnectNamedPipe(emu), 0x75e896fb => ReadFile(emu), 0x75e91400 => WriteFile(emu), + 0x75e8cc56 => CreateFileW(emu), 0x75e8ca7c => CloseHandle(emu), 0x75e9214f => ExitProcess(emu), 0x75e82331 => TerminateProcess(emu), @@ -160,6 +161,8 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { 0x75efee2a => AddVectoredExceptionHandler(emu), 0x75e91181 => GetLongPathNameW(emu), 0x75e8d9d0 => FreeLibrary(emu), + 0x75ecf311 => AreFileApisANSI(emu), + 0x75e933f6 => GetModuleFileNameA(emu), _ => { let apiname = guess_api_name(emu, addr); @@ -3689,7 +3692,7 @@ fn GetFileType(emu: &mut emu::Emu) { ); emu.stack_pop32(false); - emu.regs.rax = 1; + emu.regs.rax = 3; /* * FILE_TYPE_CHAR 0x0002 @@ -3868,7 +3871,9 @@ fn WideCharToMultiByte(emu: &mut emu::Emu) { //emu.maps.write_byte(out_default_char, 0); let s = emu.maps.read_wide_string(wstr_ptr); - emu.maps.write_string(mbytestr_ptr, &s); + if mbytestr_ptr > 0 { + emu.maps.write_string(mbytestr_ptr, &s); + } println!( "{}** {} kernel32!WideCharToMultiByte `{}` sz:{}->{} ={} {}", @@ -3884,7 +3889,7 @@ fn WideCharToMultiByte(emu: &mut emu::Emu) { for _ in 0..8 { emu.stack_pop32(false); } - emu.regs.rax = s.len() as u64; + emu.regs.rax = s.len() as u64 + 2; } fn CryptCreateHash(emu: &mut emu::Emu) { @@ -4102,3 +4107,81 @@ fn FreeLibrary(emu: &mut emu::Emu) { emu.regs.rax = 1; emu.stack_pop32(false); } + +fn AreFileApisANSI(emu: &mut emu::Emu) { + println!( + "{}** {} kernel32!AreFileApisANSI {}", + emu.colors.light_red, emu.pos, emu.colors.nc + ); + emu.regs.rax = 1; +} + +fn CreateFileW(emu: &mut emu::Emu) { + let fname_ptr = emu + .maps + .read_dword(emu.regs.get_esp()) + .expect("kernel32!CreateFileW: error reading param") as u64; + let access = emu + .maps + .read_dword(emu.regs.get_esp() + 4) + .expect("kernel32!CreateFileW: error reading param"); + + let fname = emu.maps.read_wide_string(fname_ptr); + + let mut perm: String = String::new(); + if access & constants::GENERIC_READ != 0 { + perm.push('r'); + } + if access & constants::GENERIC_WRITE != 0 { + perm.push('w'); + } + + if perm.is_empty() { + perm = "unknown permissions".to_string(); + } + + println!( + "{}** {} kernel32!CreateFileW `{}` {} {}", + emu.colors.light_red, emu.pos, fname, perm, emu.colors.nc + ); + + for _ in 0..7 { + emu.stack_pop32(false); + } + + //if perm == "r" { + // emu.regs.rax = constants::INVALID_HANDLE_VALUE_32; + //} else { + emu.regs.rax = helper::handler_create(&format!("file://{}", fname)) as u64; + //} +} + +fn GetModuleFileNameA(emu: &mut emu::Emu) { + let hmod = emu + .maps + .read_dword(emu.regs.get_esp()) + .expect("kernel32!GetModuleFileNameA: error reading param") as u64; + let fname_ptr = emu + .maps + .read_dword(emu.regs.get_esp() + 4) + .expect("kernel32!GetModuleFileNameA: error reading param") as u64; + let buff_sz = emu + .maps + .read_dword(emu.regs.get_esp() + 8) + .expect("kernel32!GetModuleFileNameA: error reading param"); + + if buff_sz > 8 { + emu.maps.write_string(fname_ptr, "test.exe"); + } + + println!( + "{}** {} kernel32!GetModuleFileNameA 0x{:x} {}", + emu.colors.light_red, emu.pos, hmod, emu.colors.nc + ); + + for _ in 0..3 { + emu.stack_pop32(false); + } + + emu.regs.rax = 8; +} From 04867dd12501cf304693dfe2d1e43a4b338e5128 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Wed, 4 Dec 2024 15:33:34 +0100 Subject: [PATCH 03/49] minor changes on msvcrt malloc's display --- src/emu/winapi32/msvcrt.rs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/emu/winapi32/msvcrt.rs b/src/emu/winapi32/msvcrt.rs index 8ab8349..07a33f5 100644 --- a/src/emu/winapi32/msvcrt.rs +++ b/src/emu/winapi32/msvcrt.rs @@ -223,13 +223,14 @@ fn malloc(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("msvcrt!malloc error reading size") as u64; + let addr = emu.alloc("alloc_malloc", size); println!( - "{}** {} msvcrt!malloc {} {}", - emu.colors.light_red, emu.pos, size, emu.colors.nc + "{}** {} msvcrt!malloc {} =0x{:x} {}", + emu.colors.light_red, emu.pos, size, addr, emu.colors.nc ); emu.stack_pop32(false); - emu.regs.rax = emu.alloc("alloc_malloc", size); + emu.regs.rax = addr; } fn __p__acmdln(emu: &mut emu::Emu) { From bb5dad1efbe9d747ebd9ec08a640e7319fbdd1c0 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Wed, 4 Dec 2024 19:14:13 +0100 Subject: [PATCH 04/49] fix on api_addr_to_name on 32bits --- src/emu/winapi32/kernel32.rs | 2 +- src/emu/winapi64/kernel32.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/emu/winapi32/kernel32.rs b/src/emu/winapi32/kernel32.rs index 71b02d0..962280e 100644 --- a/src/emu/winapi32/kernel32.rs +++ b/src/emu/winapi32/kernel32.rs @@ -229,7 +229,7 @@ pub fn resolve_api_addr_to_name(emu: &mut emu::Emu, addr: u64) -> String { let ordinal = flink.get_function_ordinal(emu, i); if ordinal.func_va == addr { - let apiname = ordinal.func_va.to_string(); + let apiname = ordinal.func_name.to_string(); return apiname; } } diff --git a/src/emu/winapi64/kernel32.rs b/src/emu/winapi64/kernel32.rs index 0686b30..d8cb957 100644 --- a/src/emu/winapi64/kernel32.rs +++ b/src/emu/winapi64/kernel32.rs @@ -197,7 +197,7 @@ pub fn resolve_api_addr_to_name(emu: &mut emu::Emu, addr: u64) -> String { let ordinal = flink.get_function_ordinal(emu, i); if ordinal.func_va == addr { - let s = ordinal.func_name.to_lowercase().to_string(); + let s = ordinal.func_name.to_string(); return s; } } From b1bee19e7792c5eac1e9a62c71d7607e832652c8 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Thu, 5 Dec 2024 11:21:34 +0100 Subject: [PATCH 05/49] msvcrt calling convention is different to other apis, dont have to compensate stack --- Cargo.toml | 2 +- src/emu.rs | 5 ++- src/emu/maps.rs | 16 ++++++++ src/emu/winapi32/kernel32.rs | 14 +++++-- src/emu/winapi32/msvcrt.rs | 67 +++++++++++++++++++++++++-------- src/emu/winapi32/user32.rs | 73 ++++++++++++++++++++++++++++++++++++ 6 files changed, 157 insertions(+), 20 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 901fbe3..394bc97 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libscemu" -version = "0.18.6" +version = "0.18.7" edition = "2018" authors = ["sha0coder"] license = "MIT" diff --git a/src/emu.rs b/src/emu.rs index abbadcd..9547261 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -4751,13 +4751,16 @@ impl Emu { let value = self .memory_read(self.cfg.inspect_seq.clone().as_str()) .unwrap_or(0); + + let mut s = self.maps.read_string(addr); + self.maps.filter_string(&mut s); println!( "\tmem_inspect: rip = {:x} (0x{:x}): 0x{:x} {} '{}' {{{}}}", self.regs.rip, addr, value, value, - self.maps.read_string(addr), + s, self.maps .read_string_of_bytes(addr, constants::NUM_BYTES_TRACE) ); diff --git a/src/emu/maps.rs b/src/emu/maps.rs index c2629e4..34d86f5 100644 --- a/src/emu/maps.rs +++ b/src/emu/maps.rs @@ -1013,6 +1013,22 @@ impl Maps { } } + pub fn dealloc(&mut self, addr: u64) { + let mut id_to_delete = 0; + let mut remove = false; + + for i in 0..self.maps.len() { + if self.maps[i].get_base() == addr { + id_to_delete = i; + remove = true; + break; + } + } + if remove { + self.maps.remove(id_to_delete); + } + } + pub fn lib64_alloc(&self, sz: u64) -> Option { // super simple memory allocator let mut addr: u64 = constants::LIB64_BARRIER; diff --git a/src/emu/winapi32/kernel32.rs b/src/emu/winapi32/kernel32.rs index 962280e..0f08b1e 100644 --- a/src/emu/winapi32/kernel32.rs +++ b/src/emu/winapi32/kernel32.rs @@ -2450,8 +2450,17 @@ fn GetComputerNameA(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!GetComputerNameA cannot read size param") as u64; - emu.maps.write_dword(size_ptr, 6); - emu.maps.write_string(buff_ptr, "medusa"); + if buff_ptr > 0 { + emu.maps.write_string(buff_ptr, "medusa"); + emu.regs.rax = 1; + } else { + emu.regs.rax = 0; + } + + if size_ptr > 0 { + emu.maps.write_dword(size_ptr, 6); + emu.regs.rax = 1; + } println!( "{}** {} kernel32!GetComputerName 'medusa' {}", @@ -2461,7 +2470,6 @@ fn GetComputerNameA(emu: &mut emu::Emu) { emu.stack_pop32(false); emu.stack_pop32(false); - emu.regs.rax = 1; } fn CreateMutexA(emu: &mut emu::Emu) { diff --git a/src/emu/winapi32/msvcrt.rs b/src/emu/winapi32/msvcrt.rs index 07a33f5..95eaf9c 100644 --- a/src/emu/winapi32/msvcrt.rs +++ b/src/emu/winapi32/msvcrt.rs @@ -3,6 +3,8 @@ use crate::emu::winapi32::helper; use crate::emu::winapi32::kernel32; //use crate::emu::endpoint; +// msvcrt is an exception and these functions dont have to compensate the stack. + pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { match addr { 0x761f1d9d => _initterm_e(emu), @@ -17,6 +19,9 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { 0x761e9cee => malloc(emu), 0x761f112d => _onexit(emu), 0x761ea449 => _lock(emu), + 0x761e9894 => free(emu), + 0x761eb10d => realloc(emu), + _ => { let apiname = kernel32::guess_api_name(emu, addr); println!("calling unimplemented msvcrt API 0x{:x} {}", addr, apiname); @@ -42,8 +47,8 @@ fn _initterm_e(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, start_ptr, end_ptr, emu.colors.nc ); - emu.stack_pop32(false); - emu.stack_pop32(false); + //emu.stack_pop32(false); + //emu.stack_pop32(false); emu.regs.rax = 0; } @@ -62,8 +67,8 @@ fn _initterm(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, start_ptr, end_ptr, emu.colors.nc ); - emu.stack_pop32(false); - emu.stack_pop32(false); + //emu.stack_pop32(false); + //emu.stack_pop32(false); emu.regs.rax = 0; } @@ -85,8 +90,8 @@ fn StrCmpCA(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, str1, str2, emu.colors.nc ); - emu.stack_pop32(false); - emu.stack_pop32(false); + //emu.stack_pop32(false); + //emu.stack_pop32(false); if str1 == str2 { emu.regs.rax = 0; @@ -113,8 +118,8 @@ fn fopen(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, filepath, mode, emu.colors.nc ); - emu.stack_pop32(false); - emu.stack_pop32(false); + //emu.stack_pop32(false); + //emu.stack_pop32(false); emu.regs.rax = helper::handler_create(&filepath); } @@ -139,9 +144,9 @@ fn fwrite(emu: &mut emu::Emu) { let filename = helper::handler_get_uri(file as u64); - for _ in 0..4 { + /*for _ in 0..4 { emu.stack_pop32(false); - } + }*/ println!( "{}** {} msvcrt!fwrite `{}` 0x{:x} {} {}", emu.colors.light_red, emu.pos, filename, buff_ptr, size, emu.colors.nc @@ -163,7 +168,7 @@ fn fflush(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, filename, emu.colors.nc ); - emu.stack_pop32(false); + //emu.stack_pop32(false); emu.regs.rax = 1; } @@ -181,7 +186,7 @@ fn fclose(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, filename, emu.colors.nc ); - emu.stack_pop32(false); + //emu.stack_pop32(false); emu.regs.rax = 1; } @@ -229,7 +234,7 @@ fn malloc(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, size, addr, emu.colors.nc ); - emu.stack_pop32(false); + //emu.stack_pop32(false); emu.regs.rax = addr; } @@ -253,7 +258,7 @@ fn _onexit(emu: &mut emu::Emu) { ); emu.regs.rax = fptr; - emu.stack_pop32(false); + //emu.stack_pop32(false); } fn _lock(emu: &mut emu::Emu) { @@ -267,5 +272,37 @@ fn _lock(emu: &mut emu::Emu) { ); emu.regs.rax = 1; - emu.stack_pop32(false); + //emu.stack_pop32(false); +} + +fn free(emu: &mut emu::Emu) { + let addr = emu.maps.read_dword(emu.regs.get_esp()) + .expect("msvcrt!free error reading addr"); + + println!( + "{}** {} msvcrt!free 0x{:x} {}", + emu.colors.light_red, emu.pos, addr, emu.colors.nc + ); } + +fn realloc(emu: &mut emu::Emu) { + + let addr = emu.maps.read_dword(emu.regs.get_esp()) + .expect("msvcrt!realloc error reading addr") as u64; + let size = emu.maps.read_dword(emu.regs.get_esp() + 4) + .expect("msvcrt!realloc error reading size"); + + let mem = emu.maps.get_mem_by_addr(addr).expect("msvcrt!realloc error getting mem"); + let prev_size = mem.size(); + + let new_addr = emu.alloc("alloc_realloc", size as u64); + emu.maps.memcpy(new_addr, addr, prev_size); + emu.maps.dealloc(addr); + + println!( + "{}** {} msvcrt!realloc 0x{:x} {} =0x{:x} {}", + emu.colors.light_red, emu.pos, addr, size, new_addr, emu.colors.nc + ); + + emu.regs.rax = new_addr; +} \ No newline at end of file diff --git a/src/emu/winapi32/user32.rs b/src/emu/winapi32/user32.rs index 8cc6ded..2081dd3 100644 --- a/src/emu/winapi32/user32.rs +++ b/src/emu/winapi32/user32.rs @@ -10,6 +10,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { 0x773bdfdc => GetProcessWindowStation(emu), 0x773be355 => GetUserObjectInformationW(emu), 0x773bba8a => CharLowerW(emu), + 0x773c3f47 => wsprintfA(emu), _ => { let apiname = kernel32::guess_api_name(emu, addr); println!("calling unimplemented user32 API 0x{:x} {}", addr, apiname); @@ -141,4 +142,76 @@ fn CharLowerW(emu: &mut emu::Emu) { emu.regs.rax = ptr_str; } +fn wsprintfA(emu: &mut emu::Emu) { + let out = emu + .maps + .read_dword(emu.regs.get_esp()) + .expect("user32!wsprintfA: error reading out") as u64; + let in_fmt = emu + .maps + .read_dword(emu.regs.get_esp() + 4) + .expect("user32!wsprintfA: error reading in_fmt") as u64; + let mut multiple = emu + .maps + .read_dword(emu.regs.get_esp() + 8) + .expect("user32!wsprintfA: error reading multiple") as u64; + + let fmt = emu.maps.read_string(in_fmt); + let mut args = Vec::new(); + let mut chars = fmt.chars().peekable(); + let mut arg_index = 0; + let mut result = String::new(); + + while let Some(arg) = emu.maps.read_dword(multiple) { + args.push(arg as u64); + multiple += 4; + } + + while let Some(c) = chars.next() { + if c == '%' { + if chars.peek() == Some(&'%') { + result.push('%'); + chars.next(); + } else if arg_index < args.len() { + let specifier = chars.next(); + match specifier { + Some('d') => result.push_str(&format!("{}", args[arg_index] as i32)), + Some('u') => result.push_str(&format!("{}", args[arg_index])), + Some('x') => result.push_str(&format!("{:x}", args[arg_index])), + Some('X') => result.push_str(&format!("{:X}", args[arg_index])), + Some('s') => { + let addr = args[arg_index]; + let s = emu.maps.read_string(addr); + if s != "" { + result.push_str(&s); + } else { + result.push_str(""); + } + } + Some('c') => result.push(args[arg_index] as u8 as char), + _ => result.push_str(""), + } + arg_index += 1; + } else { + result.push_str(""); + } + } else { + result.push(c); + } + } + + emu.maps + .write_string(out, &result); + + + println!( + "{}** {} user32!wsprintfA fmt:`{}` out:`{}` {}", + emu.colors.light_red, emu.pos, fmt, &result, emu.colors.nc + ); + + emu.stack_pop32(false); + emu.stack_pop32(false); + emu.stack_pop32(false); + emu.regs.rax = result.len() as u64; +} \ No newline at end of file From b335822208f0502849d38dfa0be0e0a68f8420f0 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Fri, 6 Dec 2024 11:50:09 +0100 Subject: [PATCH 06/49] README update --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index de1e7aa..206df45 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Download the maps32 or maps64 from: https://github.com/sha0coder/scemu -Uncompress it somewhere, in the example it's on /tmp/ but dont use tmp. +In the example it's on /tmp/ but dont use tmp. Create an emu32 or emu64 and it's important to set the maps folder. @@ -22,7 +22,7 @@ fn main() { ``` Load your shellcode or PE binary and run the emulator. -Zero parameter means emulate for-ever. +None parameter means emulate for-ever. ```rust emu.load_code("shellcodes32/shikata.bin"); @@ -65,7 +65,7 @@ println!("return value: 0x{:x}", emu.regs.get_eax()); emu.maps.dump(param2_out_buff); ``` -Now it's possible to do hooks. +Now it's possible to do hooks on libscemu but not on pyscemu. ```rust use libscemu::emu32; From 6cc0a836e98215b7c345a198c2607bda3ad6d790 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Sat, 21 Dec 2024 01:30:08 +0100 Subject: [PATCH 07/49] huge huge commit, all 32bits memory improved, faster allocator, etc. --- src/emu.rs | 876 ++++++++++----------------------- src/emu/constants.rs | 14 +- src/emu/elf32.rs | 4 +- src/emu/elf64.rs | 21 +- src/emu/fpu.rs | 2 + src/emu/maps.rs | 122 +++-- src/emu/maps/mem64.rs | 3 + src/emu/pe32.rs | 27 +- src/emu/pe64.rs | 27 +- src/emu/peb32.rs | 239 +++++---- src/emu/peb64.rs | 32 +- src/emu/script.rs | 8 +- src/emu/structures.rs | 380 +++++++++----- src/emu/syscall64.rs | 14 +- src/emu/winapi32.rs | 35 +- src/emu/winapi32/advapi32.rs | 43 +- src/emu/winapi32/crypt32.rs | 15 +- src/emu/winapi32/dnsapi.rs | 50 +- src/emu/winapi32/iphlpapi.rs | 16 + src/emu/winapi32/kernel32.rs | 592 +++++++++++++++------- src/emu/winapi32/kernelbase.rs | 36 +- src/emu/winapi32/libgcc.rs | 20 +- src/emu/winapi32/mscoree.rs | 10 +- src/emu/winapi32/msvcrt.rs | 120 +++-- src/emu/winapi32/ntdll.rs | 105 ++-- src/emu/winapi32/oleaut32.rs | 20 +- src/emu/winapi32/shlwapi.rs | 8 +- src/emu/winapi32/user32.rs | 24 +- src/emu/winapi32/wincrt.rs | 24 + src/emu/winapi32/wininet.rs | 79 ++- src/emu/winapi32/ws2_32.rs | 40 +- src/emu/winapi64/kernel32.rs | 30 +- src/emu/winapi64/ntdll.rs | 21 +- src/emu/winapi64/ws2_32.rs | 13 +- 34 files changed, 1690 insertions(+), 1380 deletions(-) create mode 100644 src/emu/winapi32/iphlpapi.rs create mode 100644 src/emu/winapi32/wincrt.rs diff --git a/src/emu.rs b/src/emu.rs index 9547261..83e0ab7 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -236,6 +236,7 @@ impl Emu { } pub fn get_base_addr(&self) -> Option { + //TODO: fix this, now there is no code map. let map = match self.maps.get_map_by_name("code") { Some(m) => m, None => return None, @@ -284,6 +285,14 @@ impl Emu { } } + pub fn link_library(&mut self, libname: &str) -> u64 { + if self.cfg.is_64bits { + return winapi64::kernel32::load_library(self, libname); + } else { + return winapi32::kernel32::load_library(self, libname); + } + } + pub fn api_addr_to_name(&mut self, addr: u64) -> String { let name: String; if self.cfg.is_64bits { @@ -306,14 +315,12 @@ impl Emu { } pub fn init_stack32(&mut self) { - let stack = self.maps.get_mem("stack"); if self.cfg.stack_addr == 0 { self.cfg.stack_addr = 0x212000; } - stack.set_base(self.cfg.stack_addr); - stack.set_size(0x030000); + let stack = self.maps.create_map("stack", self.cfg.stack_addr, 0x030000).expect("cannot create stack map"); self.regs.set_esp(self.cfg.stack_addr + 0x1c000 + 4); self.regs .set_ebp(self.cfg.stack_addr + 0x1c000 + 4 + 0x1000); @@ -328,16 +335,14 @@ impl Emu { } pub fn init_stack64(&mut self) { - let stack = self.maps.get_mem("stack"); - if self.cfg.stack_addr == 0 { self.cfg.stack_addr = 0x22a000; } self.regs.rsp = self.cfg.stack_addr + 0x4000; self.regs.rbp = self.cfg.stack_addr + 0x4000 + 0x1000; - stack.set_base(self.cfg.stack_addr); - stack.set_size(0x6000); + + let stack = self.maps.create_map("stack", self.cfg.stack_addr, 0x6000).expect("cannot create stack map"); assert!(self.regs.rsp < self.regs.rbp); assert!(self.regs.rsp > stack.get_base()); @@ -406,13 +411,14 @@ impl Emu { self.maps.is_64bits = true; self.init_regs_tests(); self.init_mem64(); - //self.init_stack64(); - self.init_stack64_tests(); + self.init_stack64(); + //self.init_stack64_tests(); //self.init_flags_tests(); } else { // 32bits + self.regs.rip = self.cfg.entry_point; + self.maps.is_64bits = false; self.regs.sanitize32(); - self.regs.set_eip(self.cfg.entry_point); self.init_mem32(); self.init_stack32(); } @@ -445,31 +451,34 @@ impl Emu { //self.regs.rsp = 0x7fffffffe2b0; self.regs.rsp = 0x7fffffffe790; self.maps - .create_map("linux_dynamic_stack") - .load_at(0x7ffffffde000); + .create_map("linux_dynamic_stack", 0x7ffffffde000, 0x100000) + .expect("cannot create linux_dynamic_stack map"); //self.maps.create_map("dso_dyn").load_at(0x7ffff7ffd0000); - self.maps.create_map("dso_dyn").load_at(0x7ffff7fd0000); - self.maps.create_map("linker").load_at(0x7ffff7ffe000); + self.maps + .create_map("dso_dyn", 0x7ffff7ffd000, 0x100000) + .expect("cannot create dso_dyn map"); + self.maps + .create_map("linker", 0x7ffff7ffe000, 0x100000) + .expect("cannot create linker map"); } else { self.regs.rsp = 0x7fffffffe270; self.maps - .create_map("linux_static_stack") - .load_at(0x7ffffffde000); - self.maps.create_map("dso").load_at(0x7ffff7ffd000); + .create_map("linux_static_stack", 0x7ffffffde000, 0x100000) + .expect("cannot create linux_static_stack map"); + self.maps + .create_map("dso", 0x7ffff7ffd000, 0x100000) + .expect("cannot create dso map"); } - let tls = self.maps.create_map("tls"); - tls.set_base(0x7ffff7fff000); - tls.set_size(0xfff); + let tls = self.maps.create_map("tls", 0x7ffff7fff000, 0xfff).expect("cannot create tls map"); + tls.load("tls.bin"); std::env::set_current_dir(orig_path); if dyn_link { //heap.set_base(0x555555579000); } else { - //heap.set_base(0x4b5000); - let heap = self.maps.create_map("heap"); - heap.set_base(0x4b5b00); - heap.set_size(0x4d8000 - 0x4b5000); + let heap = self.maps.create_map("heap", 0x4b5b00, 0x4d8000 - 0x4b5000).expect("cannot create heap map"); + heap.load("heap.bin"); } self.regs.rbp = 0; @@ -483,313 +492,39 @@ impl Emu { } pub fn init_mem32(&mut self) { - //println!("loading memory maps"); - self.maps.create_map("10000"); - self.maps.create_map("20000"); - self.maps.create_map("stack"); - self.maps.create_map("code"); - self.maps.create_map("peb"); - self.maps.create_map("teb"); - self.maps.create_map("ntdll"); - self.maps.create_map("ntdll_text"); - self.maps.create_map("ntdll_data"); - self.maps.create_map("kernel32"); - self.maps.create_map("kernel32_text"); - self.maps.create_map("kernel32_data"); - self.maps.create_map("kernelbase"); - self.maps.create_map("kernelbase_text"); - self.maps.create_map("kernelbase_data"); - self.maps.create_map("msvcrt"); - self.maps.create_map("msvcrt_text"); - self.maps.create_map("reserved"); - self.maps.create_map("kuser_shared_data"); - //self.maps.create_map("binary"); - //self.maps.create_map("reserved2"); - self.maps.create_map("ws2_32"); - self.maps.create_map("ws2_32_text"); - self.maps.create_map("wininet"); - self.maps.create_map("wininet_text"); - self.maps.create_map("shlwapi"); - self.maps.create_map("shlwapi_text"); - self.maps.create_map("gdi32"); - self.maps.create_map("gdi32_text"); - self.maps.create_map("user32"); - self.maps.create_map("user32_text"); - self.maps.create_map("lpk"); - self.maps.create_map("lpk_text"); - self.maps.create_map("usp10"); - self.maps.create_map("usp10_text"); - self.maps.create_map("advapi32"); - self.maps.create_map("advapi32_text"); - self.maps.create_map("sechost"); - self.maps.create_map("sechost_text"); - self.maps.create_map("rpcrt4"); - self.maps.create_map("rpcrt4_text"); - self.maps.create_map("urlmon"); - self.maps.create_map("urlmon_text"); - self.maps.create_map("ole32"); - self.maps.create_map("ole32_text"); - self.maps.create_map("oleaut32"); - self.maps.create_map("oleaut32_text"); - self.maps.create_map("crypt32"); - self.maps.create_map("crypt32_text"); - self.maps.create_map("msasn1"); - self.maps.create_map("msasn1_text"); - self.maps.create_map("iertutils"); - self.maps.create_map("iertutils_text"); - self.maps.create_map("imm32"); - self.maps.create_map("imm32_text"); - self.maps.create_map("msctf"); - self.maps.create_map("msctf_text"); - - //self.maps.write_byte(0x2c3000, 0x61); // metasploit trick + println!("loading memory maps"); let orig_path = std::env::current_dir().unwrap(); std::env::set_current_dir(self.cfg.maps_folder.clone()); - self.maps.get_mem("code").set_base(self.cfg.code_base_addr); - let kernel32 = self.maps.get_mem("kernel32"); - kernel32.set_base(0x75e40000); - if !kernel32.load("kernel32.bin") { - println!("cannot find the maps files, use --maps flag to speficy the folder."); - std::process::exit(1); - } - - let kernel32_text = self.maps.get_mem("kernel32_text"); - kernel32_text.set_base(0x75e41000); - kernel32_text.load("kernel32_text.bin"); - - let kernel32_data = self.maps.get_mem("kernel32_data"); - kernel32_data.set_base(0x75f06000); - kernel32_data.load("kernel32_data.bin"); - - let kernelbase = self.maps.get_mem("kernelbase"); - kernelbase.set_base(0x75940000); - kernelbase.load("kernelbase.bin"); - - let kernelbase_text = self.maps.get_mem("kernelbase_text"); - kernelbase_text.set_base(0x75941000); - kernelbase_text.load("kernelbase_text.bin"); - - let kernelbase_data = self.maps.get_mem("kernelbase_data"); - kernelbase_data.set_base(0x75984000); - kernelbase_data.load("kernelbase_data.bin"); - - let msvcrt = self.maps.get_mem("msvcrt"); - msvcrt.set_base(0x761e0000); - msvcrt.load("msvcrt.bin"); - - let msvcrt_text = self.maps.get_mem("msvcrt_text"); - msvcrt_text.set_base(0x761e1000); - msvcrt_text.load("msvcrt_text.bin"); - - /*let reserved2 = self.maps.get_mem("reserved2"); - reserved2.set_base(0x2c3000); //0x2c3018 - reserved2.set_size(0xfd000);*/ - - let reserved = self.maps.get_mem("reserved"); - reserved.set_base(0x2c0000); - reserved.load("reserved.bin"); - assert!(reserved.read_byte(0x2c31a0) != 0); - - let peb = self.maps.get_mem("peb"); - peb.set_base(0x7ffdf000); - peb.load("peb.bin"); - - //let peb = self.maps.get_mem("peb"); - peb.write_byte(peb.get_base() + 2, 0); - - //let peb = peb32::init_peb(self, space_addr, base); - //self.maps.write_dword(peb + 8, base); - - - let teb = self.maps.get_mem("teb"); - teb.set_base(0x7ffde000); - teb.load("teb.bin"); - - let ntdll = self.maps.get_mem("ntdll"); - ntdll.set_base(0x77570000); - ntdll.load("ntdll.bin"); - - let ntdll_text = self.maps.get_mem("ntdll_text"); - ntdll_text.set_base(0x77571000); - ntdll_text.load("ntdll_text.bin"); - - let ntdll_data = self.maps.get_mem("ntdll_data"); - ntdll_data.set_base(0x77647000); - ntdll_data.load("ntdll_data.bin"); - - let kuser_shared_data = self.maps.get_mem("kuser_shared_data"); - kuser_shared_data.set_base(0x7ffe0000); - kuser_shared_data.load("kuser_shared_data.bin"); - - //let binary = self.maps.get_mem("binary"); - //binary.set_base(0x400000); - //binary.set_size(0x1000); - - let ws2_32 = self.maps.get_mem("ws2_32"); - ws2_32.set_base(0x77480000); - ws2_32.load("ws2_32.bin"); - - let ws2_32_text = self.maps.get_mem("ws2_32_text"); - ws2_32_text.set_base(0x77481000); - ws2_32_text.load("ws2_32_text.bin"); - - let wininet = self.maps.get_mem("wininet"); - wininet.set_base(0x76310000); - wininet.load("wininet.bin"); - - let wininet_text = self.maps.get_mem("wininet_text"); - wininet_text.set_base(0x76311000); - wininet_text.load("wininet_text.bin"); - - let shlwapi = self.maps.get_mem("shlwapi"); - shlwapi.set_base(0x76700000); - shlwapi.load("shlwapi.bin"); - - let shlwapi_text = self.maps.get_mem("shlwapi_text"); - shlwapi_text.set_base(0x76701000); - shlwapi_text.load("shlwapi_text.bin"); - - let gdi32 = self.maps.get_mem("gdi32"); - gdi32.set_base(0x759c0000); - gdi32.load("gdi32.bin"); - - let gdi32_text = self.maps.get_mem("gdi32_text"); - gdi32_text.set_base(0x759c1000); - gdi32_text.load("gdi32_text.bin"); - - let user32 = self.maps.get_mem("user32"); - user32.set_base(0x773b0000); - user32.load("user32.bin"); - - let user32_text = self.maps.get_mem("user32_text"); - user32_text.set_base(0x773b1000); - user32_text.load("user32_text.bin"); - - let lpk = self.maps.get_mem("lpk"); - lpk.set_base(0x75b00000); - lpk.load("lpk.bin"); - - let lpk_text = self.maps.get_mem("lpk_text"); - lpk_text.set_base(0x75b01000); - lpk_text.load("lpk_text.bin"); - - let usp10 = self.maps.get_mem("usp10"); - usp10.set_base(0x76660000); - usp10.load("usp10.bin"); - - let usp10_text = self.maps.get_mem("usp10_text"); - usp10_text.set_base(0x76661000); - usp10_text.load("usp10_text.bin"); - - let advapi32 = self.maps.get_mem("advapi32"); - advapi32.set_base(0x776f0000); - advapi32.load("advapi32.bin"); - - let advapi32_text = self.maps.get_mem("advapi32_text"); - advapi32_text.set_base(0x776f1000); - advapi32_text.load("advapi32_text.bin"); - - let sechost = self.maps.get_mem("sechost"); - sechost.set_base(0x75a10000); - sechost.load("sechost.bin"); - - let sechost_text = self.maps.get_mem("sechost_text"); - sechost_text.set_base(0x75a11000); - sechost_text.load("sechost_text.bin"); - - let rpcrt4 = self.maps.get_mem("rpcrt4"); - rpcrt4.set_base(0x774c0000); - rpcrt4.load("rpcrt4.bin"); - - let rpcrt4_text = self.maps.get_mem("rpcrt4_text"); - rpcrt4_text.set_base(0x774c1000); - rpcrt4_text.load("rpcrt4_text.bin"); - - let urlmon = self.maps.get_mem("urlmon"); - urlmon.set_base(0x75b60000); - urlmon.load("urlmon.bin"); - - let urlmon_text = self.maps.get_mem("urlmon_text"); - urlmon_text.set_base(0x75b61000); - urlmon_text.load("urlmon_text.bin"); - - let ole32 = self.maps.get_mem("ole32"); - ole32.set_base(0x76500000); - ole32.load("ole32.bin"); - - let ole32_text = self.maps.get_mem("ole32_text"); - ole32_text.set_base(0x76501000); - ole32_text.load("ole32_text.bin"); + //self.maps.create_map("m10000", 0x10000, 0).expect("cannot create m10000 map"); + //self.maps.create_map("m20000", 0x20000, 0).expect("cannot create m20000 map"); + //self.maps.create_map("code", self.cfg.code_base_addr, 0); - let oleaut32 = self.maps.get_mem("oleaut32"); - oleaut32.set_base(0x76470000); - oleaut32.load("oleaut32.bin"); - - let oleaut32_text = self.maps.get_mem("oleaut32_text"); - oleaut32_text.set_base(0x76471000); - oleaut32_text.load("oleaut32_text.bin"); - - let crypt32 = self.maps.get_mem("crypt32"); - crypt32.set_base(0x757d0000); - crypt32.load("crypt32.bin"); - - let crypt32_text = self.maps.get_mem("crypt32_text"); - crypt32_text.set_base(0x757d1000); - crypt32_text.load("crypt32_text.bin"); - - let msasn1 = self.maps.get_mem("msasn1"); - msasn1.set_base(0x75730000); - msasn1.load("msasn1.bin"); - - let msasn1_text = self.maps.get_mem("msasn1_text"); - msasn1_text.set_base(0x75731000); - msasn1_text.load("msasn1_text.bin"); - - let iertutils = self.maps.get_mem("iertutils"); - iertutils.set_base(0x75fb0000); - iertutils.load("iertutils.bin"); - - let iertutils_text = self.maps.get_mem("iertutils_text"); - iertutils_text.set_base(0x75fb1000); - iertutils_text.load("iertutils_text.bin"); - - let imm32 = self.maps.get_mem("imm32"); - imm32.set_base(0x776d0000); - imm32.load("imm32.bin"); - - let imm32_text = self.maps.get_mem("imm32_text"); - imm32_text.set_base(0x776d1000); - imm32_text.load("imm32_text.bin"); - - let msctf = self.maps.get_mem("msctf"); - msctf.set_base(0x75a30000); - msctf.load("msctf.bin"); - - let msctf_text = self.maps.get_mem("msctf_text"); - msctf_text.set_base(0x75a31000); - msctf_text.load("msctf_text.bin"); - - let m10000 = self.maps.get_mem("10000"); - m10000.set_base(0x10000); - m10000.load("m10000.bin"); - m10000.set_size(0xffff); - - let m20000 = self.maps.get_mem("20000"); - m20000.set_base(0x20000); - m20000.load("m20000.bin"); - m20000.set_size(0xffff); - - let (base, pe_hdr) = self.load_pe32("nsi.dll", false, 0x776c0000); + //self.maps.write_byte(0x2c3000, 0x61); // metasploit trick std::env::set_current_dir(orig_path); + + peb32::init_peb(self); + winapi32::kernel32::load_library(self, "ntdll.dll"); + let ntdll_base = self.maps.get_mem("ntdll.pe").get_base(); + peb32::update_peb_image_base(self, ntdll_base as u32); + + winapi32::kernel32::load_library(self, "kernel32.dll"); + winapi32::kernel32::load_library(self, "kernelbase.dll"); + winapi32::kernel32::load_library(self, "iphlpapi.dll"); + winapi32::kernel32::load_library(self, "ws2_32.dll"); + winapi32::kernel32::load_library(self, "advapi32.dll"); + //winapi32::kernel32::load_library(self, "comctl64.dll"); + winapi32::kernel32::load_library(self, "winhttp.dll"); + winapi32::kernel32::load_library(self, "wininet.dll"); + //winapi32::kernel32::load_library(self, "dnsapi.dll"); + winapi32::kernel32::load_library(self, "shell32.dll"); + //winapi32::kernel32::load_library(self, "shlwapi.dll"); } pub fn init_tests(&mut self) { - let mem = self.maps.create_map("test"); - mem.set_base(0); - mem.set_size(1024); + let mem = self.maps.create_map("test", 0, 1024).expect("cannot create test map"); mem.write_qword(0, 0x1122334455667788); assert!(mem.read_qword(0) == 0x1122334455667788); self.maps.free("test"); @@ -855,110 +590,17 @@ impl Emu { let orig_path = std::env::current_dir().unwrap(); std::env::set_current_dir(self.cfg.maps_folder.clone()); - self.maps.create_map("m10000").load_at(0x10000); - self.maps.create_map("m20000").load_at(0x20000); - self.maps.create_map("m520000").load_at(0x520000); - self.maps.create_map("m53b000").load_at(0x53b000); - //self.maps.create_map("exe_pe").load_at(0x400000); - //self.maps.create_map("calc").load_at(0x110000000); - self.maps - .create_map("code") - .set_base(self.cfg.code_base_addr); - self.maps.create_map("stack"); - //self.maps.create_map("teb").load_at(0x7fffffdd000); - - /* - self.maps.create_map("ntdll_pe").load_at(0x76fd0000); - self.maps.create_map("ntdll_text").load_at(0x76fd1000); - self.maps.create_map("ntdll_rt").load_at(0x770d2000); - self.maps.create_map("ntdll_rdata").load_at(0x770d3000); - self.maps.create_map("ntdll_data").load_at(0x77102000); - self.maps.create_map("kernel32_pe").load_at(0x76db0000); - self.maps.create_map("kernel32_text").load_at(0x76db1000); - self.maps.create_map("kernel32_rdata").load_at(0x76e4c000); - self.maps.create_map("kernel32_data").load_at(0x76eba000); - self.maps.create_map("kernelbase_pe").load_at(0x7fefd010000); - self.maps - .create_map("kernelbase_text") - .load_at(0x7fefd011000); - self.maps - .create_map("kernelbase_rdata") - .load_at(0x7fefd05a000); - self.maps - .create_map("kernelbase_data") - .load_at(0x7fefd070000); - self.maps.create_map("msvcrt_pe").load_at(0x7fefef00000); - self.maps.create_map("msvcrt_text").load_at(0x7fefef01000); - self.maps.create_map("msvcrt_rdata").load_at(0x7fefef7a000); - self.maps.create_map("user32_pe").load_at(0x76ed0000); - self.maps.create_map("user32_text").load_at(0x76ed1000); - self.maps.create_map("user32_rdata").load_at(0x76f52000); - self.maps.create_map("msasn1_pe").load_at(0x7fefcfc0000); - self.maps.create_map("msasn1_text").load_at(0x7fefcfc1000); - self.maps.create_map("msasn1_rdata").load_at(0x7fefcfc9000); - self.maps.create_map("crypt32_pe").load_at(0x7fefd0c0000); - self.maps.create_map("crypt32_text").load_at(0x7fefd0c1000); - self.maps.create_map("crypt32_rdata").load_at(0x7fefd18f000); - self.maps.create_map("msctf_pe").load_at(0x7fefd2f0000); - self.maps.create_map("msctf_text").load_at(0x7fefd2f1000); - self.maps.create_map("msctf_rdata").load_at(0x7fefd391000); - self.maps.create_map("iertutil_pe").load_at(0x7fefd400000); - self.maps.create_map("iertutil_text").load_at(0x7fefd401000); - self.maps - .create_map("iertutil_rdata") - .load_at(0x7fefd43e000); - self.maps.create_map("ole32_pe").load_at(0x7fefd660000); - self.maps.create_map("ole32_text").load_at(0x7fefd661000); - self.maps.create_map("ole32_rdata").load_at(0x7fefd7df000); - self.maps.create_map("lpk_pe").load_at(0x7fefd870000); - self.maps.create_map("lpk_text").load_at(0x7fefd871000); - self.maps.create_map("lpk_rdata").load_at(0x7fefd878000); - self.maps.create_map("wininet_pe").load_at(0x7fefd880000); - self.maps.create_map("wininet_text").load_at(0x7fefd881000); - self.maps.create_map("wininet_rdata").load_at(0x7fefd940000); - self.maps.create_map("gdi32_pe").load_at(0x7fefd9b0000); - self.maps.create_map("gdi32_text").load_at(0x7fefd9b1000); - self.maps.create_map("gdi32_rdata").load_at(0x7fefda02000); - self.maps.create_map("imm32_pe").load_at(0x7fefe990000); - self.maps.create_map("imm32_text").load_at(0x7fefe991000); - self.maps.create_map("imm32_rdata").load_at(0x7fefe9ad000); - self.maps.create_map("usp10_pe").load_at(0x7fefe9c0000); - self.maps.create_map("usp10_text").load_at(0x7fefe9c1000); - self.maps.create_map("sechost_pe").load_at(0x7fefea90000); - self.maps.create_map("sechost_text").load_at(0x7fefea91000); - self.maps.create_map("rpcrt4_pe").load_at(0x7fefeab0000); - self.maps.create_map("rpcrt4_text").load_at(0x7fefeab1000); - self.maps.create_map("rpcrt4_rdata").load_at(0x7fefeb93000); - self.maps.create_map("nsi_pe").load_at(0x7fefebe0000); - self.maps.create_map("nsi_text").load_at(0x7fefebe1000); - self.maps.create_map("nsi_rdata").load_at(0x7fefebe3000); - self.maps.create_map("urlmon_pe").load_at(0x7fefed30000); - self.maps.create_map("urlmon_text").load_at(0x7fefed31000); - self.maps.create_map("urlmon_rdata").load_at(0x7fefee05000); - self.maps.create_map("advapi32_pe").load_at(0x7fefefa0000); - self.maps.create_map("advapi32_text").load_at(0x7fefefa1000); - self.maps - .create_map("advapi32_rdata") - .load_at(0x7feff00a000); - self.maps.create_map("oleaut32_pe").load_at(0x7feff180000); - self.maps.create_map("oleaut32_text").load_at(0x7feff181000); - self.maps - .create_map("oleaut32_rdata") - .load_at(0x7feff21d000); - self.maps.create_map("shlwapi_pe").load_at(0x7feff260000); - self.maps.create_map("shlwapi_text").load_at(0x7feff261000); - self.maps.create_map("shlwapi_rdata").load_at(0x7feff2a5000); - - */ - + //self.maps.create_map("m10000", 0x10000, 0).expect("cannot create m10000 map"); + //self.maps.create_map("m20000", 0x20000, 0).expect("cannot create m20000 map"); + //self.maps.create_map("m520000", 0x520000, 0).expect("cannot create m520000 map"); + //self.maps.create_map("m53b000", 0x53b000, 0).expect("cannot create m53b000 map"); + //self.maps.create_map("code", self.cfg.code_base_addr, 0); std::env::set_current_dir(orig_path); - peb64::init_peb(self); winapi64::kernel32::load_library(self, "ntdll.dll"); - let ntdll_base = self.maps.get_mem("ntdll.pe").get_base(); peb64::update_peb_image_base(self, ntdll_base); @@ -984,9 +626,13 @@ impl Emu { pub fn load_pe32(&mut self, filename: &str, set_entry: bool, force_base: u32) -> (u32, u32) { let is_maps = filename.contains("maps32/"); + let map_name = self.filename_to_mapname(filename); let mut pe32 = PE32::load(filename); let base: u32; + + // 1. base logic + // base is forced by libscemu if force_base > 0 { if self.maps.overlaps(force_base as u64, pe32.size() as u64) { @@ -1007,113 +653,120 @@ impl Emu { // user's program if set_entry { - if self.maps.overlaps(pe32.opt.image_base as u64, pe32.size() as u64) { - base = self.maps.alloc(pe32.size() as u64).expect("out of memory") as u32; + if pe32.opt.image_base >= constants::LIBS32_MIN as u32 { + base = self.maps.alloc(pe32.mem_size() as u64 + 0xff).expect("out of memory") as u32; } else { base = pe32.opt.image_base; } // system library } else { - if self.maps.overlaps(pe32.opt.image_base as u64, pe32.size() as u64) { - base = self.maps.lib32_alloc(pe32.size() as u64).expect("out of memory") as u32; - } else { - base = pe32.opt.image_base; - } + base = self.maps.lib32_alloc(pe32.mem_size() as u64).expect("out of memory") as u32; } } - let map_name = self.filename_to_mapname(filename); - if set_entry { - let space_addr = peb32::create_ldr_entry( - self, - base as u64, - pe32.dos.e_lfanew, - &map_name, - 0, - 0x2c1950, - ); - let peb = peb32::init_peb(self, space_addr, base); - self.maps.write_dword(peb + 8, base); + if set_entry { + // 2. pe binding if !is_maps { pe32.iat_binding(self); pe32.delay_load_binding(self); } + + + // 3. entry point logic + if self.cfg.entry_point == 0x3c0000 { + self.regs.rip = base as u64 + pe32.opt.address_of_entry_point as u64; + println!("entry point at 0x{:x}", self.regs.rip); + } else { + self.regs.rip = self.cfg.entry_point; + println!( + "entry point at 0x{:x} but forcing it at 0x{:x}", + base as u64 + pe32.opt.address_of_entry_point as u64, + self.regs.rip + ); + } + } - let pemap = self.maps.create_map(&format!("{}.pe", map_name)); - pemap.set_base(base.into()); - pemap.set_size(pe32.opt.size_of_headers.into()); + // 4. map pe and then sections + let pemap = self.maps.create_map(&format!("{}.pe", map_name), base.into(), pe32.opt.size_of_headers.into()).expect("cannot create pe map"); pemap.memcpy(pe32.get_headers(), pe32.opt.size_of_headers as usize); for i in 0..pe32.num_of_sections() { let ptr = pe32.get_section_ptr(i); let sect = pe32.get_section(i); let map; + let sz:u64; - if force_base == 0 && sect.get_name() == ".text" && !is_maps { - map = self.maps.get_map_by_name_mut("code").unwrap(); + if sect.virtual_size > sect.size_of_raw_data { + sz = sect.virtual_size as u64; } else { - map = self.maps.create_map(&format!( - "{}{}", - map_name, - sect.get_name() - .replace(" ", "") - .replace("\t", "") - .replace("\x0a", "") - .replace("\x0d", "") - )); + sz = sect.size_of_raw_data as u64; } - map.set_base(base as u64 + sect.virtual_address as u64); - if sect.virtual_size > sect.size_of_raw_data { - map.set_size(sect.virtual_size as u64); - } else { - map.set_size(sect.size_of_raw_data as u64); + if sz == 0 { + println!("size of section {} is 0", sect.get_name()); + continue; } - if sect.get_name() == ".text" { - map.set_size(map.size() as u64); + + let mut sect_name = sect.get_name() + .replace(" ", "") + .replace("\t", "") + .replace("\x0a", "") + .replace("\x0d", ""); + + if sect_name == "" { + sect_name = format!("{:x}", sect.virtual_address); } - map.memcpy(ptr, ptr.len()); - if set_entry { - if sect.get_name() == ".text" || i == 0 { - if self.cfg.entry_point != 0x3c0000 { - self.regs.rip = self.cfg.entry_point; - println!( - "entry point at 0x{:x} but forcing it at 0x{:x} by -a flag", - base as u64 + pe32.opt.address_of_entry_point as u64, - self.regs.rip - ); - } else { - self.regs.rip = base as u64 + pe32.opt.address_of_entry_point as u64; - } - println!( - "\tentry point at 0x{:x} 0x{:x} ", - self.regs.rip, pe32.opt.address_of_entry_point - ); - } else if sect.get_name() == ".tls" { - let tls_off = sect.pointer_to_raw_data; - self.tls_callbacks = pe32.get_tls_callbacks(sect.virtual_address); - } + map = match self.maps.create_map(&format!( + "{}{}", + map_name, + sect_name + ), base as u64 + sect.virtual_address as u64, sz) { + Ok(m) => m, + Err(e) => { + println!("weird pe, skipping section {} {} because overlaps", map_name, sect.get_name()); + continue; + }, + }; + + if ptr.len() > sz as usize { + panic!("overflow {} {} {} {}", map_name, sect.get_name(), ptr.len(), sz); } + if ptr.len() > 0 { + map.memcpy(ptr, ptr.len()); + } + } + + // 5. ldr table entry creation and link + if set_entry { + let space_addr = peb32::create_ldr_entry( + self, + base, + self.regs.rip as u32, + &map_name, + 0, + 0x2c1950, + ); + peb32::update_ldr_entry_base("loader.exe", base as u64, self); } + // 6. return values let pe_hdr_off = pe32.dos.e_lfanew; self.pe32 = Some(pe32); return (base, pe_hdr_off); } - pub fn peb64_link(&mut self, libname: &str, base: u64) { - peb64::dynamic_link_module(base, 0x3c, libname, self); - } - pub fn load_pe64(&mut self, filename: &str, set_entry: bool, force_base: u64) -> (u64, u32) { let is_maps = filename.contains("maps64/"); + let map_name = self.filename_to_mapname(filename); let mut pe64 = PE64::load(filename); let base: u64; + // 1. base logic + // base is setted by libscemu if force_base > 0 { if self.maps.overlaps(force_base, pe64.size()) { @@ -1134,104 +787,106 @@ impl Emu { // user's program if set_entry { - if self.maps.overlaps(pe64.opt.image_base, pe64.size()) { - base = self.maps.alloc(pe64.size()).expect("out of memory"); + if pe64.opt.image_base >= constants::LIBS64_MIN as u64 { + base = self.maps.alloc(pe64.size()+0xff).expect("out of memory"); } else { base = pe64.opt.image_base; } // system library } else { - if self.maps.overlaps(pe64.opt.image_base, pe64.size()) { - base = self.maps.lib64_alloc(pe64.size()).expect("out of memory"); - } else { - if pe64.opt.image_base < constants::LIB64_BARRIER { - base = self.maps.lib64_alloc(pe64.size()).expect("out of memory"); - } else { - base = pe64.opt.image_base; - } - } + base = self.maps.lib64_alloc(pe64.size()).expect("out of memory"); } } - let map_name = self.filename_to_mapname(filename); if set_entry { - let space_addr = peb64::create_ldr_entry( - self, - base, - base, // entry point - &map_name, - 0, - 0x2c1950, - ); - - peb64::update_ldr_entry_base("loader.exe", base, self); - - + // 2. pe binding if !is_maps { pe64.iat_binding(self); pe64.delay_load_binding(self); } - } + // 3. entry point logic + if self.cfg.entry_point == 0x3c0000 { + self.regs.rip = base + pe64.opt.address_of_entry_point as u64; + println!("entry point at 0x{:x}", self.regs.rip); + } else { + self.regs.rip = self.cfg.entry_point; + println!( + "entry point at 0x{:x} but forcing it at 0x{:x} by -a flag", + base + pe64.opt.address_of_entry_point as u64, + self.regs.rip + ); + } + } - let pemap = self.maps.create_map(&format!("{}.pe", map_name)); - pemap.set_base(base.into()); - pemap.set_size(pe64.opt.size_of_headers.into()); + // 4. map pe and then sections + let pemap = self.maps.create_map(&format!("{}.pe", map_name), base, pe64.opt.size_of_headers.into()).expect("cannot create pe64 map"); pemap.memcpy(pe64.get_headers(), pe64.opt.size_of_headers as usize); for i in 0..pe64.num_of_sections() { let ptr = pe64.get_section_ptr(i); let sect = pe64.get_section(i); let map; + let sz:u64; - if force_base == 0 && sect.get_name() == ".text" && !is_maps { - map = self.maps.get_map_by_name_mut("code").unwrap(); + if sect.virtual_size > sect.size_of_raw_data { + sz = sect.virtual_size as u64; } else { - map = self.maps.create_map(&format!( - "{}{}", - map_name, - sect.get_name() - .replace(" ", "") - .replace("\t", "") - .replace("\x0a", "") - .replace("\x0d", "") - )); + sz = sect.size_of_raw_data as u64; } - map.set_base(base + sect.virtual_address as u64); - if sect.virtual_size > sect.size_of_raw_data { - map.set_size(sect.virtual_size as u64); - } else { - map.set_size(sect.size_of_raw_data as u64); + if sz == 0 { + println!("size of section {} is 0", sect.get_name()); + continue; } - let qw = map.read_qword(map.get_base()); - map.memcpy(ptr, ptr.len()); - if set_entry { - if sect.get_name() == ".text" || i == 0 { - if self.cfg.entry_point != 0x3c0000 { - self.regs.rip = self.cfg.entry_point; - println!( - "entry point at 0x{:x} but forcing it at 0x{:x} by -a flag", - base + pe64.opt.address_of_entry_point as u64, - self.regs.rip - ); - } else { - self.regs.rip = base + pe64.opt.address_of_entry_point as u64; - } - println!( - "\tentry point at 0x{:x} 0x{:x} ", - self.regs.rip, pe64.opt.address_of_entry_point - ); - } else if sect.get_name() == ".tls" { - let tls_off = sect.pointer_to_raw_data; - self.tls_callbacks = pe64.get_tls_callbacks(sect.virtual_address); - } + let mut sect_name = sect.get_name() + .replace(" ", "") + .replace("\t", "") + .replace("\x0a", "") + .replace("\x0d", ""); + + if sect_name == "" { + sect_name = format!("{:x}", sect.virtual_address); + } + + map = match self.maps.create_map(&format!( + "{}{}", + map_name, + sect_name + ), base as u64 + sect.virtual_address as u64, sz) { + Ok(m) => m, + Err(e) => { + println!("weird pe, skipping section because overlaps {} {}", map_name, sect.get_name()); + continue; + }, + }; + + if ptr.len() > sz as usize { + panic!("overflow {} {} {} {}", map_name, sect.get_name(), ptr.len(), sz); + } + + if ptr.len() > 0 { + map.memcpy(ptr, ptr.len()); } } + // 5. ldr table entry creation and link + if set_entry { + let space_addr = peb64::create_ldr_entry( + self, + base, + self.regs.rip, + &map_name, + 0, + 0x2c1950, + ); + peb64::update_ldr_entry_base("loader.exe", base, self); + } + + // 6. return values let pe_hdr_off = pe64.dos.e_lfanew; self.pe64 = Some(pe64); return (base, pe_hdr_off); @@ -1351,19 +1006,20 @@ impl Emu { println!("shellcode detected."); if self.cfg.is_64bits { - let (base, pe_off) = self.load_pe64("maps64/loader.exe", false, 0); + let (base, pe_off) = self.load_pe64(&format!("{}/{}", self.cfg.maps_folder, "loader.exe"), false, 0); peb64::update_ldr_entry_base("loader.exe", base, self); } else { - peb32::init_peb(self, 0x2c18c0, 0); + let (base, pe_off) = self.load_pe32(&format!("{}/{}", self.cfg.maps_folder, "loader.exe"), false, 0); + peb32::update_ldr_entry_base("loader.exe", base as u64, self); } - if !self.maps.get_mem("code").load(filename) { + if !self.maps.create_map("code", self.cfg.code_base_addr, 0).expect("cannot create code map").load(filename) { println!("shellcode not found, select the file with -f"); std::process::exit(1); } let code = self.maps.get_mem("code"); - code.extend(0xffff); + code.extend(0xffff); // this could overlap an existing map } if self.cfg.entry_point != 0x3c0000 { @@ -1404,9 +1060,7 @@ impl Emu { return 0; } }; - let map = self.maps.create_map(name); - map.set_base(addr); - map.set_size(size); + self.maps.create_map(name, addr, size).expect("cannot create map from alloc api"); addr } @@ -1549,12 +1203,14 @@ impl Emu { } }; + /* walking mems in very pop is slow, and now we are not using "code" map if self.cfg.verbose >= 1 && pop_instruction && self.maps.get_mem("code").inside(value.into()) { println!("/!\\ poping a code address 0x{:x}", value); } + */ if self.cfg.trace_mem { let name = match self.maps.get_addr_name(self.regs.get_esp()) { @@ -1866,7 +1522,7 @@ impl Emu { if name == "code" { if self.cfg.verbose >= 1 { - println!("/!\\ polymorfic code"); + println!("/!\\ polymorfic code, write at 0x{:x}", addr); } self.force_break = true; } @@ -1952,10 +1608,9 @@ impl Emu { }; let map_name = self.filename_to_mapname(&self.cfg.filename); - if addr < constants::LIBS_BARRIER64 || name == "code" || name.starts_with(&map_name) || name == "loader.text" { - //println!("ha pasado el if {} < {} {} starts_with:{} {}", addr, constants::LIBS_BARRIER64, name, map_name, self.cfg.filename); + if addr < constants::LIBS64_MIN || name == "code" || + (map_name != "" && name.starts_with(&map_name)) || name == "loader.text" { self.regs.rip = addr; - //self.force_break = true; } else { if self.linux { self.regs.rip = addr; // in linux libs are no implemented are emulated @@ -2037,26 +1692,8 @@ impl Emu { }; let map_name = self.filename_to_mapname(&self.filename); - if name == "code" || addr < constants::LIBS_BARRIER || - (map_name != "" && name.starts_with(&map_name)) { - - /* - if addr >= constants::LIBS_BARRIER { - println!("/!\\ alert, jumping the barrier 0x{:x} name:{} map_name:{} filename:{}", - addr, name, map_name, &self.filename); - if name == "code" { - println!("warning the name is code"); - } - if name.starts_with(&map_name) { - println!("alert {} start with {}", name, map_name); - } - self.spawn_console(); - }*/ - /* - println!( - "entra map:`{}` map_name:`{}` filename:`{}` !!!", - name, map_name, &self.filename - );*/ + if name == "code" || addr < constants::LIBS32_MIN || + (map_name != "" && name.starts_with(&map_name)) || name == "loader.text" { self.regs.set_eip(addr); } else { if self.cfg.verbose >= 1 { @@ -2079,9 +1716,9 @@ impl Emu { if handle_winapi { winapi32::gateway(to32!(addr), name, self); } - self.force_break = true; } + return true; } @@ -2933,9 +2570,7 @@ impl Emu { continue; } }; - let map = self.maps.create_map(&name); - map.set_base(addr); - map.set_size(sz); + self.maps.create_map(&name, addr, sz).expect("cannot create map from console mc"); println!("allocated {} at 0x{:x} sz: {}", name, addr, sz); } "mca" => { @@ -2959,9 +2594,7 @@ impl Emu { } }; - let map = self.maps.create_map(&name); - map.set_base(addr); - map.set_size(sz); + self.maps.create_map(&name, addr, sz).expect("cannot create map from console mca"); println!("allocated {} at 0x{:x} sz: {}", name, addr, sz); } "ml" => { @@ -3395,6 +3028,26 @@ impl Emu { let s = structures::ListEntry::load(addr, &self.maps); s.print(); } + "peb64" => { + let s = structures::PEB64::load(addr, &self.maps); + s.print(); + } + "teb64" => { + let s = structures::TEB64::load(addr, &self.maps); + s.print(); + } + "peb_ldr_data64" => { + let s = structures::PebLdrData64::load(addr, &self.maps); + s.print(); + } + "ldr_data_table_entry64" => { + let s = structures::LdrDataTableEntry64::load(addr, &self.maps); + s.print(); + } + "list_entry64" => { + let s = structures::ListEntry64::load(addr, &self.maps); + s.print(); + } "cppeh_record" => { let s = structures::CppEhRecord::load(addr, &self.maps); s.print(); @@ -3411,18 +3064,6 @@ impl Emu { let s = structures::MemoryBasicInformation::load(addr, &self.maps); s.print(); } - "peb64" => { - let s = structures::PEB64::load(addr, &self.maps); - s.print(); - } - "teb64" => { - let s = structures::TEB64::load(addr, &self.maps); - s.print(); - } - "ldr_data_table_entry64" => { - let s = structures::LdrDataTableEntry64::load(addr, &self.maps); - s.print(); - } "image_export_directory" => { let s = structures::ImageExportDirectory::load(addr, &self.maps); s.print(); @@ -3917,9 +3558,7 @@ impl Emu { 64 => { if !self.maps.write_qword(mem_addr, value2) { if self.cfg.skip_unimplemented { - let map = self.maps.create_map("banzai"); - map.set_base(mem_addr); - map.set_size(8); + let map = self.maps.create_map("banzai", mem_addr, 8).expect("cannot create banzai map"); map.write_qword(mem_addr, value2); return true; } else { @@ -3935,9 +3574,7 @@ impl Emu { 32 => { if !self.maps.write_dword(mem_addr, to32!(value2)) { if self.cfg.skip_unimplemented { - let map = self.maps.create_map("banzai"); - map.set_base(mem_addr); - map.set_size(4); + let map = self.maps.create_map("banzai", mem_addr, 4).expect("cannot create banzai map"); map.write_dword(mem_addr, to32!(value2)); return true; } else { @@ -3953,9 +3590,7 @@ impl Emu { 16 => { if !self.maps.write_word(mem_addr, value2 as u16) { if self.cfg.skip_unimplemented { - let map = self.maps.create_map("banzai"); - map.set_base(mem_addr); - map.set_size(2); + let map = self.maps.create_map("banzai", mem_addr, 2).expect("cannot create banzai map"); map.write_word(mem_addr, value2 as u16); return true; } else { @@ -3971,9 +3606,7 @@ impl Emu { 8 => { if !self.maps.write_byte(mem_addr, value2 as u8) { if self.cfg.skip_unimplemented { - let map = self.maps.create_map("banzai"); - map.set_base(mem_addr); - map.set_size(1); + let map = self.maps.create_map("banzai", mem_addr, 1).expect("cannot create banzai map"); map.write_byte(mem_addr, value2 as u8); return true; } else { @@ -3997,6 +3630,7 @@ impl Emu { println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, sz, mem_addr, value2, name); } + /* let name = match self.maps.get_addr_name(mem_addr) { Some(n) => n, None => "not mapped".to_string(), @@ -4004,10 +3638,10 @@ impl Emu { if name == "code" { if self.cfg.verbose >= 1 { - println!("/!\\ polymorfic code"); + println!("/!\\ polymorfic code, addr 0x{:x}", mem_addr); } self.force_break = true; - } + }*/ if mem_addr == self.bp.get_mem_write() { println!("Memory breakpoint on write 0x{:x}", mem_addr); @@ -13971,6 +13605,20 @@ impl Emu { self.set_operand_xmm_value_128(&ins, 0, result); } + Mnemonic::Stmxcsr => { + self.show_instruction(&self.colors.red, &ins); + + let value = self.fpu.mxcsr; + self.set_operand_value(&ins, 0, value as u64); + } + + Mnemonic::Ldmxcsr => { + self.show_instruction(&self.colors.red, &ins); + + let value = self.get_operand_value(&ins, 0, true).unwrap_or(0); + self.fpu.mxcsr = value as u32; + } + Mnemonic::Prefetchw => { self.show_instruction(&self.colors.red, &ins); } diff --git a/src/emu/constants.rs b/src/emu/constants.rs index 991b3d8..d9d2a17 100644 --- a/src/emu/constants.rs +++ b/src/emu/constants.rs @@ -1,6 +1,18 @@ // https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55 #![allow(dead_code)] -pub const LIB64_BARRIER: u64 = 0x07fefff00000; +//pub const LIB64_BARRIER: u64 = 0x07fefff00000; +//pub const LIB32_BARRIER: u32 = 0x7f000000; + +//pub const LIBS32_BARRIER: u64 = 0x80000000; +//pub const LIBS64_BARRIER: u64 = 0x7f0000000000; + + +pub const LIBS32_MIN: u64 = 0x70000000; +pub const LIBS32_MAX: u64 = 0x7FFFFFFF; +pub const LIBS64_MIN: u64 = 0x7FF000000000; +pub const LIBS64_MAX: u64 = 0x7FFFFFFFFFFF; + + pub const STATUS_SUCCESS: u64 = 0x00000000; pub const STATUS_ACCESS_DENIED: u64 = 0xC0000022; pub const STATUS_INVALID_HANDLE: u64 = 0xC0000008; diff --git a/src/emu/elf32.rs b/src/emu/elf32.rs index dc2fdd0..d36b238 100644 --- a/src/emu/elf32.rs +++ b/src/emu/elf32.rs @@ -90,9 +90,7 @@ impl Elf32 { } }*/ - let mem = maps.create_map(&format!("code")); - mem.set_base(phdr.p_vaddr.into()); - mem.set_size(phdr.p_memsz.into()); + let mem = maps.create_map(&format!("code"), phdr.p_vaddr.into(), phdr.p_memsz.into()).expect("cannot create code map from load_programs elf32"); if phdr.p_filesz >phdr.p_memsz { println!("p_filesz > p_memsz bigger in file than in memory."); } diff --git a/src/emu/elf64.rs b/src/emu/elf64.rs index a757600..8fe95e4 100644 --- a/src/emu/elf64.rs +++ b/src/emu/elf64.rs @@ -205,7 +205,6 @@ impl Elf64 { i+=1; let vaddr: u64; - let map = maps.create_map(&format!("{}_{}", name, i)); if is_lib { if name.contains("libc") { @@ -227,9 +226,7 @@ impl Elf64 { } } - map.set_base(vaddr); - map.set_size(phdr.p_memsz); - + let map = maps.create_map(&format!("{}_{}", name, i), vaddr, phdr.p_memsz).expect("cannot create map from load_programs elf64"); let start = phdr.p_offset as usize; let end = (phdr.p_offset + phdr.p_filesz) as usize; @@ -249,10 +246,7 @@ impl Elf64 { elf64_base = force_base; } // elf executable need to map the header. - let hdr = maps.create_map("elf64.hdr"); - hdr.set_base(elf64_base); - //hdr.set_size(0x200); - hdr.set_size(0x4000); + let hdr = maps.create_map("elf64.hdr", elf64_base, 0x4000).expect("cannot create elf64.hdr map"); hdr.write_bytes(elf64_base, &self.bin[..0x4000]); } @@ -313,17 +307,18 @@ impl Elf64 { } //println!("loading map {} 0x{:x} sz:{}", &map_name, shdr.sh_addr, shdr.sh_size); - let mem = maps.create_map(&map_name); + let base:u64; if dynamic_linking { if shdr.sh_addr < 0x8000 { - mem.set_base(shdr.sh_addr + ELF64_DYN_BASE + 0x4000); + base = shdr.sh_addr + ELF64_DYN_BASE + 0x4000; } else { - mem.set_base(shdr.sh_addr + ELF64_DYN_BASE); + base = shdr.sh_addr + ELF64_DYN_BASE; } } else { - mem.set_base(shdr.sh_addr); + base = shdr.sh_addr; } - mem.set_size(shdr.sh_size.into()); + + let mem = maps.create_map(&map_name, base, shdr.sh_size.into()).expect("cannot create map from load_programs elf64"); let mut end_off = (shdr.sh_offset + shdr.sh_size) as usize; if end_off > self.bin.len() { diff --git a/src/emu/fpu.rs b/src/emu/fpu.rs index c5a81a2..e770460 100644 --- a/src/emu/fpu.rs +++ b/src/emu/fpu.rs @@ -22,6 +22,7 @@ pub struct FPU { pub f_c2: bool, // div by zero pub f_c3: bool, // precission pub f_c4: bool, // stack fault + pub mxcsr: u32, } impl FPU { @@ -47,6 +48,7 @@ impl FPU { f_c2: false, // div by zero f_c3: false, // precision f_c4: false, // stack fault + mxcsr: 0, } } diff --git a/src/emu/maps.rs b/src/emu/maps.rs index 34d86f5..7f16bab 100644 --- a/src/emu/maps.rs +++ b/src/emu/maps.rs @@ -59,11 +59,33 @@ impl Maps { return None; } - pub fn create_map(&mut self, name: &str) -> &mut Mem64 { + pub fn create_map(&mut self, name: &str, base: u64, size: u64) -> Result<&mut Mem64, String> { + + //if size == 0 { + // return Err(format!("map size cannot be 0")); + //} + + if self.get_mem_by_addr(base).is_some() { + return Err(format!("this map address 0x{:x} already exists!", base)); + } + + if self.exists_mapname(name) { + self.show_maps(); + return Err(format!("this map name {} already exists!", name)); + } + let mut mem = Mem64::new(); mem.set_name(name); - self.maps.push(mem); - return self.maps.last_mut().unwrap(); + mem.set_base(base); + mem.set_size(size); + + let pos = self + .maps + .binary_search_by(|c| c.get_base().cmp(&base)) + .unwrap_or_else(|e| e); + self.maps.insert(pos, mem); + + return Ok(self.maps.get_mut(pos).unwrap()); } pub fn write_qword(&mut self, addr: u64, value: u64) -> bool { @@ -997,6 +1019,19 @@ impl Maps { } } + pub fn show_maps(&self) { + for mem in self.maps.iter() { + let name = mem.get_name(); + println!( + "{} 0x{:x} - 0x{:x} ({})", + name, + mem.get_base(), + mem.get_bottom(), + mem.size() + ); + } + } + pub fn free(&mut self, name: &str) { let mut id_to_delete = 0; let mut remove = false; @@ -1030,62 +1065,64 @@ impl Maps { } pub fn lib64_alloc(&self, sz: u64) -> Option { - // super simple memory allocator - let mut addr: u64 = constants::LIB64_BARRIER; - - loop { - addr += sz; - - if addr >= 0xf0000000_00000000 { - return None; - } - - for mem in self.maps.iter() { - if addr >= mem.get_base() && addr <= mem.get_bottom() { - continue; - } - } + self._alloc(sz, constants::LIBS64_MIN, constants::LIBS64_MAX, true) + } - //return Some(addr); + pub fn lib32_alloc(&self, sz: u64) -> Option { + self._alloc(sz, constants::LIBS32_MIN, constants::LIBS32_MAX, true) + } - if !self.overlaps(addr, sz) { - return Some(addr); - } + pub fn alloc(&self, sz: u64) -> Option { + if self.is_64bits { + self._alloc(sz, 1, constants::LIBS64_MIN, false) + } else { + self._alloc(sz, 1, constants::LIBS32_MIN, false) } } - pub fn lib32_alloc(&self, sz: u64) -> Option { - // super simple memory allocator - let mut addr: u64 = constants::LIBS_BARRIER; + fn _alloc(&self, sz: u64, bottom: u64, top: u64, lib: bool) -> Option { + let mut prev: u64 = bottom; - loop { - addr += sz; + //println!("allocating {} bytes from 0x{:x} to 0x{:x}", sz, bottom, top); - if addr >= 0xf0000000 { - return None; + for i in 0..self.maps.len() { + let mem = &self.maps[i]; + let base = mem.get_base(); + + if lib && base < bottom { + //println!("skipping: 0x{:x}", base); + continue; // a lib finding allocs that are not lib } - for mem in self.maps.iter() { - if addr >= mem.get_base() && addr <= mem.get_bottom() { - continue; - } + //println!("base: 0x{:x} prev: 0x{:x} sz: 0x{:x}", base, prev, sz); + if prev > base { + //self.show_maps(); + panic!("alloc error"); + } + //println!("space: 0x{:x}", base - prev); + if (base - prev) > sz { + //println!("space found: 0x{:x}", prev); + return Some(prev); } - //return Some(addr); + prev = mem.get_bottom(); + } - if !self.overlaps(addr, sz) { - return Some(addr); - } + if top - prev > sz { + //println!("space found: 0x{:x} sz:{}", prev, sz); + return Some(prev); } - } - pub fn alloc(&self, sz: u64) -> Option { - // super simple memory allocator + println!("no space found"); + None + } - let mut addr: u64 = 100; + pub fn alloc_deprecated(&self, sz: u64) -> Option { + let mut addr: u64 = 0; + let inc = 0x10; loop { - addr += sz; + addr += inc; if addr >= 0x70000000 { return None; @@ -1093,6 +1130,7 @@ impl Maps { for mem in self.maps.iter() { if addr >= mem.get_base() && addr <= mem.get_bottom() { + addr = mem.get_bottom(); continue; } } diff --git a/src/emu/maps/mem64.rs b/src/emu/maps/mem64.rs index 15da640..a17c7b7 100644 --- a/src/emu/maps/mem64.rs +++ b/src/emu/maps/mem64.rs @@ -64,6 +64,9 @@ impl Mem64 { } pub fn memcpy(&mut self, ptr: &[u8], sz: usize) { + if self.mem.len() < sz { + panic!("memcpy: {} < {}", self.mem.len(), sz); + } for i in 0..sz { self.mem[i] = ptr[i]; } diff --git a/src/emu/pe32.rs b/src/emu/pe32.rs index 42d7e8e..d09f5a7 100644 --- a/src/emu/pe32.rs +++ b/src/emu/pe32.rs @@ -759,7 +759,7 @@ pub struct PE32 { pub nt: ImageNtHeaders, pub fh: ImageFileHeader, pub opt: ImageOptionalHeader, - sect_hdr: Vec, + pub sect_hdr: Vec, //import_dir: ImageImportDirectory, pub delay_load_dir: Vec, pub image_import_descriptor: Vec, @@ -878,10 +878,10 @@ impl PE32 { import_off += ImageImportDescriptor::size(); } } else { - println!("no import directory at va 0x{:x}.", import_va); + //println!("no import directory at va 0x{:x}.", import_va); } } else { - println!("no import directory at va 0x{:x}", import_va); + //println!("no import directory at va 0x{:x}", import_va); } PE32 { @@ -901,6 +901,25 @@ impl PE32 { return self.raw.len(); } + pub fn mem_size(&self) -> usize { + let mut max_va:u32 = 0; + let mut max_va_sz:usize = 0; + + for i in 0..self.sect_hdr.len() { + let sect = &self.sect_hdr[i]; + if sect.virtual_address > max_va { + max_va = sect.virtual_address; + if sect.size_of_raw_data > sect.virtual_size { + max_va_sz = sect.size_of_raw_data as usize; + } else { + max_va_sz = sect.virtual_size as usize; + } + } + } + + return (max_va as usize) + max_va_sz; + } + pub fn get_raw(&self) -> &[u8] { return &self.raw[0..self.raw.len()]; } @@ -1113,7 +1132,7 @@ impl PE32 { } if dbg { let old_addr = read_u32_le!(self.raw, off_addr); - println!("patch addr: 0x{:x}: 0x{:x} -> 0x{:x}", off_addr, old_addr, real_addr); + //println!("patch addr: 0x{:x}: 0x{:x} -> 0x{:x}", off_addr, old_addr, real_addr); } write_u32_le!(self.raw, off_addr, real_addr); diff --git a/src/emu/pe64.rs b/src/emu/pe64.rs index fb0e7f4..94b79ef 100644 --- a/src/emu/pe64.rs +++ b/src/emu/pe64.rs @@ -347,6 +347,19 @@ impl PE64 { return self.raw.len() as u64; } + pub fn mem_size(&self) -> usize { + let mut sz = 0; + for i in 0..self.sect_hdr.len() { + let sect = &self.sect_hdr[i]; + if sect.virtual_size > sect.size_of_raw_data { + sz += sect.virtual_size as usize; + } else { + sz += sect.size_of_raw_data as usize; + } + } + return sz; + } + pub fn is_dll(&self) -> bool { self.fh.characteristics & IMAGE_FILE_DLL != 0 } @@ -402,8 +415,10 @@ impl PE64 { off + sz ); //sz = self.raw.len() - off - 1; + if off > self.raw.len() { + return &[]; + } return &self.raw[off..]; - //return &[]; } let section_ptr = &self.raw[off..off + sz]; return section_ptr; @@ -539,13 +554,12 @@ impl PE64 { if off2 == 0 { //|| addr < 0x100 { off_name += pe32::HintNameItem::size(); - //off_addr += 8; + off_addr += 8; continue; } let func_name = PE32::read_string(&self.raw, off2 + 2); - //println!("IAT: 0x{:x} {}!{}", addr, iim.name, func_name); - let real_addr = emu::winapi64::kernel32::resolve_api_name(emu, &func_name); + println!("IAT: 0x{:x} {}!{} 0x{:x}", iim.first_thunk, iim.name, func_name, self.opt.image_base + iim.first_thunk as u64); if real_addr == 0 { break; } @@ -554,7 +568,10 @@ impl PE64 { println!("binded 0x{:x} {}", real_addr, func_name); }*/ - //println!("patching 0x{:x} at 0x{:x}", real_addr, off_addr); + if real_addr == 0x7ff000210180 { + let fake_addr = read_u64_le!(self.raw, off_addr); + println!("name: {} fake addr: 0x{:x}", func_name, fake_addr); + } write_u64_le!(self.raw, off_addr, real_addr); off_name += pe32::HintNameItem::size(); diff --git a/src/emu/peb32.rs b/src/emu/peb32.rs index e02e4e2..6cb8621 100644 --- a/src/emu/peb32.rs +++ b/src/emu/peb32.rs @@ -2,65 +2,49 @@ use crate::emu; use crate::emu::structures::LdrDataTableEntry; use crate::emu::structures::OrdinalTable; use crate::emu::structures::PEB; +use crate::emu::structures::TEB; +use crate::emu::structures::PebLdrData; + +pub fn init_ldr(emu: &mut emu::Emu) -> u64 { + let ldr_sz = PebLdrData::size(); + let ldr_addr = emu.maps.lib32_alloc(ldr_sz as u64).expect("cannot alloc the LDR"); + emu.maps.create_map("ldr", ldr_addr, ldr_sz as u64).expect("cannot create ldr map"); + let module_entry = create_ldr_entry(emu, 0, 0, "loader.exe", 0, 0) as u32; + let mut ldr = PebLdrData::new(); + ldr.initializated = 1; + ldr.in_load_order_module_list.flink = module_entry; + ldr.in_load_order_module_list.blink = module_entry; + ldr.in_memory_order_module_list.flink = module_entry+0x8; + ldr.in_memory_order_module_list.blink = module_entry+0x8; + ldr.in_initialization_order_module_list.flink = module_entry+0x10; + ldr.in_initialization_order_module_list.blink = module_entry+0x10; + ldr.entry_in_progress = module_entry; + ldr.save(ldr_addr, &mut emu.maps); + + return ldr_addr; +} -pub fn init_peb(emu: &mut emu::Emu, first_entry: u64, bin_base: u32) -> u64 { - let peb_addr = 0x7ffdf000; - // comprobar si existe ya de antes, verificar con el de 64bits y el load_pe32 - let mut peb_map = emu.maps.create_map("peb"); - peb_map.set_base(peb_addr); //TODO: use allocator - peb_map.set_size(PEB::size() as u64); - - let ldr = 0x77647880; // ntdll_data for now - let process_parameters = 0x2c1118; // reserved map for now - let alt_thunk_list_ptr = 0; - let reserved7 = 0x773cd568; - let alt_thunk_list_ptr_32 = 0; - let post_process_init_routine = 0; - let session_id = 0; - - let peb = PEB::new( - ldr as u32, - process_parameters, - alt_thunk_list_ptr, - reserved7, - alt_thunk_list_ptr_32, - post_process_init_routine, - session_id, - ); - peb.save(&mut peb_map); - //emu.maps.write_dword(ldr + 24, first_entry as u32); - emu.maps.write_dword(ldr + 0x14, first_entry as u32); - if bin_base > 0 { - let ntdll_data = emu.maps.read_dword(peb_addr + 0xc).unwrap(); - let reserved = emu.maps.read_dword(ntdll_data as u64 + 0xc).unwrap(); - emu.maps.write_dword(reserved as u64 + 0x18, bin_base); - } - //let dll_base = emu.maps.read_dword(reserved as u64 + 0x18).unwrap(); - //println!("dll_base: 0x{:x}", dll_base); - //assert!(1==2); - // +pub fn init_peb(emu: &mut emu::Emu) { + let ldr = init_ldr(emu); - // xloader checks the flink + 0x30 of every lib looking for the module name which really it's - // on flink + 0x28 - let mut flink = Flink::new(emu); - flink.load(emu); - let first_flink = flink.get_ptr(); - loop { - let libname_ptr = emu.maps.read_dword(flink.get_ptr() + 0x28).unwrap(); - let libname = emu.maps.read_wide_string(libname_ptr as u64); - emu.maps - .write_dword(flink.get_ptr() + 0x30, libname_ptr as u32); + let peb_addr = emu.maps.lib32_alloc(PEB::size() as u64).expect("cannot alloc the PEB32"); + let mut peb_map = emu.maps.create_map("peb", peb_addr, PEB::size() as u64).expect("cannot create peb map"); + let process_parameters = 0x521e20; + let peb = PEB::new(0, ldr as u32, process_parameters); + peb.save(&mut peb_map); - flink.next(emu); - if flink.get_ptr() == first_flink { - break; - } - } + let teb_addr = emu.maps.lib32_alloc(TEB::size() as u64).expect("cannot alloc the TEB32"); + let mut teb_map = emu.maps.create_map("teb", teb_addr, TEB::size() as u64).expect("cannot create teb map"); + let teb = TEB::new(peb_addr as u32); + teb.save(&mut teb_map); +} - emu.maps.write_byte(peb_addr + 2, 0); // not being_debugged - return peb_addr; +pub fn update_peb_image_base(emu: &mut emu::Emu, base: u32) { + let peb = emu.maps.get_mem("peb"); + let peb_base = peb.get_base(); + emu.maps.write_dword(peb_base + 0x10, base); } #[derive(Debug)] @@ -83,10 +67,10 @@ impl Flink { pub fn new(emu: &mut emu::Emu) -> Flink { let peb = emu.maps.get_mem("peb"); let peb_base = peb.get_base(); - let ldr = peb.read_dword(peb_base + 0x0c) as u64; + let ldr = peb.read_dword(peb_base + 0x0c) as u64; // peb->ldr let flink = emu .maps - .read_dword(ldr + 0x14) + .read_dword(ldr + 0x0c) .expect("peb32::new() error reading flink") as u64; Flink { @@ -124,18 +108,18 @@ impl Flink { pub fn get_mod_base(&mut self, emu: &mut emu::Emu) { self.mod_base = emu .maps - .read_dword(self.flink_addr + 0x10) + .read_dword(self.flink_addr + 0x18) .expect("error reading mod_addr") as u64; } pub fn set_mod_base(&mut self, base: u64, emu: &mut emu::Emu) { - emu.maps.write_dword(self.flink_addr + 0x10, base as u32); + emu.maps.write_dword(self.flink_addr + 0x18, base as u32); } pub fn get_mod_name(&mut self, emu: &mut emu::Emu) { let mod_name_ptr = emu .maps - .read_dword(self.flink_addr + 0x28) //0x28 + .read_dword(self.flink_addr + 0x38) //0x28 .expect("error reading mod_name_ptr") as u64; self.mod_name = emu.maps.read_wide_string(mod_name_ptr); } @@ -159,6 +143,7 @@ impl Flink { return; } + //println!("base: 0x{:x} + pe_hdr {} + 0x78 = {}", self.mod_base, self.pe_hdr, self.mod_base + self.pe_hdr + 0x78); self.export_table_rva = match emu.maps .read_dword(self.mod_base + self.pe_hdr + 0x78) { @@ -201,9 +186,18 @@ impl Flink { Some(addr) => addr as u64, None => return ordinal, }; - //.expect("error reading func_rva") as u64; - ordinal.func_name = emu.maps.read_string(func_name_rva + self.mod_base); + if func_name_rva == 0 { + ordinal.func_name = "-".to_string(); + } else { + ordinal.func_name = emu.maps.read_string(func_name_rva + self.mod_base); + } + + if ordinal.func_name == "VCOMPort" { + emu.spawn_console(); + } + + ordinal.ordinal_tbl_rva = emu .maps .read_dword(self.export_table + 0x24) @@ -234,6 +228,13 @@ impl Flink { .expect("error reading next flink") as u64; } + pub fn get_prev_flink(&self, emu: &mut emu::Emu) -> u64 { + return emu + .maps + .read_dword(self.flink_addr + 4) + .expect("error reading prev flink") as u64; + } + pub fn next(&mut self, emu: &mut emu::Emu) { self.flink_addr = self.get_next_flink(emu); self.load(emu); @@ -282,10 +283,11 @@ pub fn show_linked_modules(emu: &mut emu::Emu) { None => 0, }; println!( - "0x{:x} {} flink:{:x} base:{:x} pe_hdr:{:x} {:x}{:x}", + "0x{:x} {} flink:{:x} blink:{:x} base:{:x} pe_hdr:{:x} {:x}{:x}", flink.get_ptr(), flink.mod_name, flink.get_next_flink(emu), + flink.get_prev_flink(emu), flink.mod_base, flink.pe_hdr, pe1, @@ -298,6 +300,15 @@ pub fn show_linked_modules(emu: &mut emu::Emu) { } } +pub fn update_ldr_entry_base(libname: &str, base: u64, emu: &mut emu::Emu) { + let mut flink = Flink::new(emu); + flink.load(emu); + while flink.mod_name.to_lowercase() != libname.to_lowercase() { + flink.next(emu); + } + flink.set_mod_base(base, emu); +} + pub fn dynamic_unlink_module(libname: &str, emu: &mut emu::Emu) { let mut prev_flink: u64 = 0; let next_flink: u64; @@ -337,7 +348,7 @@ pub fn dynamic_link_module(base: u64, pe_off: u32, libname: &str, emu: &mut emu: // get last element loop { - last_flink = flink.get_ptr(); + //last_flink = flink.get_ptr(); commented on 64bits flink.next(emu); if flink.get_next_flink(emu) == first_flink { break; @@ -346,16 +357,25 @@ pub fn dynamic_link_module(base: u64, pe_off: u32, libname: &str, emu: &mut emu: let next_flink: u64 = flink.get_ptr(); //first_flink = 0x2c18c0; - let space_addr = create_ldr_entry(emu, base, pe_off, libname, last_flink, first_flink); + //let space_addr = create_ldr_entry(emu, base, pe_off, libname, last_flink, first_flink); + let space_addr = create_ldr_entry(emu, base as u32, pe_off, libname, first_flink as u32, next_flink as u32); + // point previous flink to this ldr - emu.maps.write_dword(last_flink, space_addr as u32); + emu.maps.write_dword(next_flink, space_addr as u32); // in_load_order_links.flink + emu.maps.write_dword(next_flink + 0x08, (space_addr + 0x08) as u32); // in_memory_order_links.flink + emu.maps.write_dword(next_flink + 0x10, (space_addr + 0x10) as u32); // in_initialization_order_links.flink + + // blink of first flink will point to last created + emu.maps.write_dword(first_flink + 4, space_addr as u32); // in_load_order_links.blink + emu.maps.write_dword(first_flink + 0x08 + 4, (space_addr + 0x08) as u32); // in_memory_order_links.blink + emu.maps.write_dword(first_flink + 0x10 + 4, (space_addr + 0x10) as u32); // in_initialization_order_links.blink - // point next blink to this ldr - emu.maps.write_dword(next_flink + 4, space_addr as u32); + //show_linked_modules(emu); } -pub fn create_ldr_entry( + +pub fn create_ldr_entry_prev( emu: &mut emu::Emu, base: u64, pe_off: u32, @@ -371,20 +391,9 @@ pub fn create_ldr_entry( .expect("cannot alloc few bytes to put the LDR for LoadLibraryA"); let mut lib = libname.to_string(); lib.push_str(".ldr"); - let mem = emu.maps.create_map(lib.as_str()); - mem.set_base(space_addr); - mem.set_size(sz); + let mem = emu.maps.create_map(lib.as_str(), space_addr, sz).expect("cannot create ldr entry map"); mem.write_byte(space_addr + sz - 1, 0x61); - // craft an ldr - /* - println!("space_addr: 0x{:x}" , space_addr); - println!("+0 next_flink: 0x{:x}" , next_flink as u32); - println!("+4 next_flink: 0x{:x}" , last_flink as u32); - println!("+1c base: 0x{:x}" , base as u32); - println!("+3c pe_off: 0x{:x}" , pe_off); - println!("+28 libname_ptr: 0x{:x}" , space_addr as u32 + 0x3d); - */ //mem.write_dword(space_addr, next_flink as u32); mem.write_dword(space_addr, prev_flink as u32); //0x2c18c0); @@ -402,11 +411,71 @@ pub fn create_ldr_entry( space_addr } -pub fn update_ldr_entry_base(libname: &str, base: u64, emu: &mut emu::Emu) { - let mut flink = Flink::new(emu); - flink.load(emu); - while flink.mod_name.to_lowercase() != libname.to_lowercase() { - flink.next(emu); +pub fn create_ldr_entry( + emu: &mut emu::Emu, + base: u32, + entry_point: u32, + libname: &str, + next_flink: u32, + prev_flink: u32, +) -> u64 { + // make space for ldr + let sz = (LdrDataTableEntry::size() + 0x40 + (1024*2)) as u64; + let space_addr = emu + .maps + .alloc(sz) + .expect("cannot alloc few bytes to put the LDR for LoadLibraryA"); + let mut lib = libname.to_string(); + lib.push_str(".ldr"); + let mut image_sz = 0; + if base > 0 { + let pe_hdr = emu.maps.read_dword(base as u64 + 0x3c).unwrap() as u64; + image_sz = emu.maps.read_dword(base as u64 + pe_hdr + 0x50).unwrap() as u64; } - flink.set_mod_base(base, emu); + let mem = emu.maps.create_map(lib.as_str(), space_addr, sz).expect("create_ldr_entry cannot create map"); + mem.write_byte(space_addr + sz - 1, 0x61); + + let full_libname = "C:\\Windows\\System32\\".to_string() + &libname.to_string(); + let mut ldr = LdrDataTableEntry::new(); + if next_flink != 0 { + ldr.in_load_order_links.flink = next_flink; + ldr.in_load_order_links.blink = prev_flink; + ldr.in_memory_order_links.flink = next_flink+0x8; + ldr.in_memory_order_links.blink = prev_flink+0x8; + ldr.in_initialization_order_links.flink = next_flink+0x10; + ldr.in_initialization_order_links.blink = prev_flink+0x10; + ldr.hash_links.flink = next_flink+0x44; + ldr.hash_links.blink = prev_flink+0x44; + } else { + ldr.in_load_order_links.flink = space_addr as u32; + ldr.in_load_order_links.blink = space_addr as u32; + ldr.in_memory_order_links.flink = space_addr as u32+0x8; + ldr.in_memory_order_links.blink = space_addr as u32+0x8; + ldr.in_initialization_order_links.flink = space_addr as u32+0x10; + ldr.in_initialization_order_links.blink = space_addr as u32+0x10; + ldr.hash_links.flink = space_addr as u32+0x44; + ldr.hash_links.blink = space_addr as u32+0x44; + } + ldr.dll_base = base; + ldr.entry_point = entry_point; + ldr.size_of_image = image_sz as u32; + ldr.full_dll_name.length = full_libname.len() as u16 * 2; + ldr.full_dll_name.maximum_length = full_libname.len() as u16 * 2 + 4; + ldr.full_dll_name.buffer = space_addr as u32 + LdrDataTableEntry::size() as u32; + ldr.base_dll_name.length = libname.len() as u16 * 2; + ldr.base_dll_name.maximum_length = libname.len() as u16 * 2 + 2; + ldr.base_dll_name.buffer = space_addr as u32 + LdrDataTableEntry::size() as u32 + full_libname.len() as u32 * 2 + 10; + ldr.flags = 0; + ldr.load_count = 0; + ldr.tls_index = 0; + ldr.hash_links.flink = next_flink; + ldr.hash_links.blink = prev_flink; + mem.write_wide_string(space_addr as u64 + LdrDataTableEntry::size() as u64, &(full_libname.clone() + "\x00\x00")); + mem.write_wide_string(space_addr as u64 + LdrDataTableEntry::size() as u64 + full_libname.len() as u64 * 2 +10, &(libname.to_string() + "\x00")); + ldr.save(space_addr, &mut emu.maps); + + // http://terminus.rewolf.pl/terminus/structures/ntdll/_LDR_DATA_TABLE_ENTRY_x64.html + + space_addr } + diff --git a/src/emu/peb64.rs b/src/emu/peb64.rs index 2dd6ad3..39293e0 100644 --- a/src/emu/peb64.rs +++ b/src/emu/peb64.rs @@ -8,14 +8,8 @@ use crate::emu::structures::PebLdrData64; pub fn init_ldr(emu: &mut emu::Emu) -> u64 { let ldr_sz = PebLdrData64::size(); let ldr_addr = emu.maps.lib64_alloc(ldr_sz as u64).expect("cannot alloc the LDR"); - let ldr_map = emu.maps.create_map("ldr"); - ldr_map.set_base(ldr_addr); - ldr_map.set_size(ldr_sz as u64); - + emu.maps.create_map("ldr", ldr_addr, ldr_sz as u64).expect("cannot create ldr map"); let module_entry = create_ldr_entry(emu, 0, 0, "loader.exe", 0, 0); - //let ntdll_entry = create_ldr_entry(emu, ntdll_base, 0, "ntdll", module_entry, module_entry); - - let mut ldr = PebLdrData64::new(); ldr.initializated = 1; ldr.in_load_order_module_list.flink = module_entry; @@ -35,18 +29,14 @@ pub fn init_peb(emu: &mut emu::Emu) { let ldr = init_ldr(emu); let peb_addr = emu.maps.lib64_alloc(PEB64::size() as u64).expect("cannot alloc the PEB64"); - let mut peb_map = emu.maps.create_map("peb"); - peb_map.set_base(peb_addr); - peb_map.set_size(PEB64::size() as u64); + let mut peb_map = emu.maps.create_map("peb", peb_addr, PEB64::size() as u64).expect("cannot create peb map"); let process_parameters = 0x521e20; let peb = PEB64::new(0, ldr, process_parameters); peb.save(&mut peb_map); emu.maps.write_byte(peb_addr + 2, 0); // not being_debugged let teb_addr = emu.maps.lib64_alloc(TEB64::size() as u64).expect("cannot alloc the TEB64"); - let mut teb_map = emu.maps.create_map("teb"); - teb_map.set_base(teb_addr); - teb_map.set_size(TEB64::size() as u64); + let mut teb_map = emu.maps.create_map("teb", teb_addr, TEB64::size() as u64).expect("cannot create teb map"); let teb = TEB64::new(peb_addr); teb.save(&mut teb_map); @@ -353,6 +343,7 @@ pub fn dynamic_link_module(base: u64, pe_off: u32, libname: &str, emu: &mut emu: let mut flink = Flink::new(emu); flink.load(emu); let first_flink = flink.get_ptr(); + // get last element loop { //last_flink = flink.get_ptr(); @@ -400,9 +391,12 @@ pub fn create_ldr_entry( .expect("cannot alloc few bytes to put the LDR for LoadLibraryA"); let mut lib = libname.to_string(); lib.push_str(".ldr"); - let mem = emu.maps.create_map(lib.as_str()); - mem.set_base(space_addr); - mem.set_size(sz); + let mut image_sz = 0; + if base > 0 { + let pe_hdr = emu.maps.read_dword(base as u64 + 0x3c).unwrap() as u64; + image_sz = emu.maps.read_qword(base as u64 + pe_hdr + 0x50).unwrap() as u64; + } + let mem = emu.maps.create_map(lib.as_str(), space_addr, sz).expect("cannot create ldr entry map"); mem.write_byte(space_addr + sz - 1, 0x61); //let full_libname = "\"C:\\Windows\\System32\\".to_string() + &libname.to_string() + "\"\x00"; @@ -416,6 +410,8 @@ pub fn create_ldr_entry( ldr.in_memory_order_links.blink = prev_flink+0x10; ldr.in_initialization_order_links.flink = next_flink+0x20; ldr.in_initialization_order_links.blink = prev_flink+0x20; + ldr.hash_links.flink = next_flink+0x7f; + ldr.hash_links.blink = prev_flink+0x7f; } else { ldr.in_load_order_links.flink = space_addr; ldr.in_load_order_links.blink = space_addr; @@ -423,10 +419,12 @@ pub fn create_ldr_entry( ldr.in_memory_order_links.blink = space_addr+0x10; ldr.in_initialization_order_links.flink = space_addr+0x20; ldr.in_initialization_order_links.blink = space_addr+0x20; + ldr.hash_links.flink = space_addr+0x7f; + ldr.hash_links.blink = space_addr+0x7f; } ldr.dll_base = base; ldr.entry_point = entry_point; - ldr.size_of_image = 0; + ldr.size_of_image = image_sz; ldr.full_dll_name.length = full_libname.len() as u16 * 2; ldr.full_dll_name.maximum_length = full_libname.len() as u16 * 2 + 4; ldr.full_dll_name.buffer = space_addr + LdrDataTableEntry64::size(); diff --git a/src/emu/script.rs b/src/emu/script.rs index 26ec6df..c6afd7e 100644 --- a/src/emu/script.rs +++ b/src/emu/script.rs @@ -407,9 +407,7 @@ impl Script { return; } }; - let map = emu.maps.create_map(&args[1]); - map.set_base(addr); - map.set_size(sz); + emu.maps.create_map(&args[1], addr, sz); println!("allocated {} at 0x{:x} sz: {}", &args[1], addr, sz); self.result = addr; } @@ -427,9 +425,7 @@ impl Script { return; } }; - let map = emu.maps.create_map(&args[1]); - map.set_base(addr); - map.set_size(sz); + emu.maps.create_map(&args[1], addr, sz); println!("allocated {} at 0x{:x} sz: {}", &args[1], addr, sz); } "ml" => { diff --git a/src/emu/structures.rs b/src/emu/structures.rs index 2e0f186..f49239b 100644 --- a/src/emu/structures.rs +++ b/src/emu/structures.rs @@ -63,52 +63,78 @@ impl ListEntry64 { #[derive(Debug)] pub struct LdrDataTableEntry { - pub reserved1: [u32; 2], - pub in_memory_order_module_links: ListEntry, // +8 - pub reserved2: [u32; 2], - pub dll_base: u32, // +16 +0x10 - pub entry_point: u32, // +20 +0x14 - pub reserved3: u32, - pub full_dll_name: u32, // ptr to string +28 +0x1c - pub reserved4: [u8; 8], - pub reserved5: [u32; 3], - pub checksum: u32, // +52 +0x34 - pub reserved6: u32, - pub time_date_stamp: u32, // +60 +0x3c + pub in_load_order_links: ListEntry, + pub in_memory_order_links: ListEntry, // +8 + pub in_initialization_order_links: ListEntry, // +16 + pub dll_base: u32, // +24 +0x18 + pub entry_point: u32, // +28 +0x1c + pub size_of_image: u32, // +32 +0x20 + pub full_dll_name: UnicodeString, // ptr to string +36 +0x24 + pub base_dll_name: UnicodeString, // ptr to string +40 +0x28 + pub flags: u32, // +44 +0x2c + pub load_count: u16, // +46 +0x2e + pub tls_index: u16, // +48 +0x30 + pub hash_links: ListEntry, // +52 +0x34 + pub time_date_stamp: u32, // +56 +0x38 } impl LdrDataTableEntry { pub fn size() -> usize { - return 62; + return 100; // really 80 + } + + pub fn new() -> LdrDataTableEntry { + LdrDataTableEntry { + in_load_order_links: ListEntry::new(), + in_memory_order_links: ListEntry::new(), + in_initialization_order_links: ListEntry::new(), + dll_base: 0, + entry_point: 0, + size_of_image: 0, + full_dll_name: UnicodeString::new(), + base_dll_name: UnicodeString::new(), + flags: 0, + load_count: 0, + tls_index: 0, + hash_links: ListEntry::new(), + time_date_stamp: 0, + } } pub fn load(addr: u64, maps: &Maps) -> LdrDataTableEntry { LdrDataTableEntry { - reserved1: [ - maps.read_dword(addr).unwrap(), - maps.read_dword(addr + 4).unwrap(), - ], - in_memory_order_module_links: ListEntry::load(addr + 8, &maps), - reserved2: [ - maps.read_dword(addr + 12).unwrap(), - maps.read_dword(addr + 16).unwrap(), - ], - dll_base: maps.read_dword(addr + 20).unwrap(), - entry_point: maps.read_dword(addr + 24).unwrap(), - reserved3: maps.read_dword(addr + 28).unwrap(), - full_dll_name: maps.read_dword(addr + 32).unwrap(), - reserved4: [0; 8], - reserved5: [ - maps.read_dword(addr + 38).unwrap(), - maps.read_dword(addr + 42).unwrap(), - maps.read_dword(addr + 46).unwrap(), - ], - checksum: maps.read_dword(addr + 50).unwrap(), - reserved6: maps.read_dword(addr + 54).unwrap(), - time_date_stamp: maps.read_dword(addr + 58).unwrap(), + in_load_order_links: ListEntry::load(addr, &maps), + in_memory_order_links: ListEntry::load(addr + 8, &maps), + in_initialization_order_links: ListEntry::load(addr + 16, &maps), + dll_base: maps.read_dword(addr + 24).unwrap(), + entry_point: maps.read_dword(addr + 28).unwrap(), + size_of_image: maps.read_dword(addr + 32).unwrap(), + full_dll_name: UnicodeString::load(addr + 36, &maps), + base_dll_name: UnicodeString::load(addr + 48, &maps), + flags: maps.read_dword(addr + 60).unwrap(), + load_count: maps.read_word(addr + 64).unwrap(), + tls_index: maps.read_word(addr + 66).unwrap(), + hash_links: ListEntry::load(addr + 68, &maps), + time_date_stamp: maps.read_dword(addr + 76).unwrap(), } } + pub fn save(&self, addr: u64, maps: &mut Maps) { + self.in_load_order_links.save(addr, maps); + self.in_memory_order_links.save(addr + 8, maps); + self.in_initialization_order_links.save(addr + 16, maps); + maps.write_dword(addr + 24, self.dll_base); + maps.write_dword(addr + 28, self.entry_point); + maps.write_dword(addr + 32, self.size_of_image); + self.full_dll_name.save(addr + 36, maps); + self.base_dll_name.save(addr + 48, maps); + maps.write_dword(addr + 60, self.flags); + maps.write_word(addr + 64, self.load_count); + maps.write_word(addr + 66, self.tls_index); + self.hash_links.save(addr + 68, maps); + maps.write_dword(addr + 76, self.time_date_stamp); + } + pub fn print(&self) { println!("{:#x?}", self); } @@ -116,18 +142,34 @@ impl LdrDataTableEntry { #[derive(Debug)] pub struct PebLdrData { - length: u32, - initializated: u32, - sshandle: u32, - in_load_order_module_list: ListEntry, // +0x14 - in_memory_order_module_list: ListEntry, // +0x1c - in_initialization_order_module_list: ListEntry, - entry_in_progress: ListEntry, + pub length: u32, + pub initializated: u32, + pub sshandle: u32, + pub in_load_order_module_list: ListEntry, // 0x0c (12) + pub in_memory_order_module_list: ListEntry, + pub in_initialization_order_module_list: ListEntry, + pub entry_in_progress: u32, + pub shutdown_in_progress: u32, + pub shutdown_thread_id: u32, } impl PebLdrData { pub fn size() -> usize { - return 44; + return 48; + } + + pub fn new() -> PebLdrData { + PebLdrData { + length: 48, + initializated: 0, + sshandle: 0, + in_load_order_module_list: ListEntry::new(), + in_memory_order_module_list: ListEntry::new(), + in_initialization_order_module_list: ListEntry::new(), + entry_in_progress: 0, + shutdown_in_progress: 0, + shutdown_thread_id: 0, + } } pub fn load(addr: u64, maps: &Maps) -> PebLdrData { @@ -136,9 +178,11 @@ impl PebLdrData { initializated: maps.read_dword(addr + 4).unwrap(), sshandle: maps.read_dword(addr + 8).unwrap(), in_load_order_module_list: ListEntry::load(addr + 12, &maps), - in_memory_order_module_list: ListEntry::load(addr + 12 + 8, &maps), - in_initialization_order_module_list: ListEntry::load(addr + 12 + 8 + 8, &maps), - entry_in_progress: ListEntry::load(addr + 12 + 8 + 8 + 8, &maps), + in_memory_order_module_list: ListEntry::load(addr + 20, &maps), + in_initialization_order_module_list: ListEntry::load(addr + 28, &maps), + entry_in_progress: maps.read_dword(addr + 36).unwrap(), + shutdown_in_progress: maps.read_dword(addr + 40).unwrap(), + shutdown_thread_id: maps.read_dword(addr + 44).unwrap(), } } @@ -147,9 +191,11 @@ impl PebLdrData { maps.write_dword(addr + 4, self.initializated); maps.write_dword(addr + 8, self.sshandle); self.in_load_order_module_list.save(addr + 12, maps); - self.in_memory_order_module_list.save(addr + 12 + 8, maps); - self.in_initialization_order_module_list.save(addr + 12 + 8 + 8, maps); - self.entry_in_progress.save(addr + 12 + 8 + 8 + 8, maps); + self.in_memory_order_module_list.save(addr + 20, maps); + self.in_initialization_order_module_list.save(addr + 28, maps); + maps.write_dword(addr + 36, self.entry_in_progress); + maps.write_dword(addr + 40, self.shutdown_in_progress); + maps.write_dword(addr + 44, self.shutdown_thread_id); } pub fn print(&self) { @@ -175,7 +221,7 @@ impl PebLdrData64 { pub fn new() -> PebLdrData64 { PebLdrData64 { - length: 72, + length: 80, // prev:72 initializated: 0, sshandle: 0, in_load_order_module_list: ListEntry64::new(), @@ -241,34 +287,107 @@ impl OrdinalTable { #[derive(Debug)] pub struct TEB { - reserved1: [u32; 12], - peb: u32, - reserved2: [u32; 399], - reserved3: [u8; 1952], - tls_slots: [u32; 64], - reserved4: [u8; 8], - reserved5: [u32; 26], - reserved_for_ole: u32, - reserved6: [u32; 4], - tls_expansion_slots: u32, + nt_tib: [u8; 28], + environment_pointer: u32, + process_id: u32, + thread_id: u32, + active_rpc_handle: u32, + thread_local_storage_pointer: u32, + process_environment_block: u32, // PEB 0x30 + last_error_value: u32, + count_of_owned_critical_sections: u32, + csr_client_thread: u32, + win32_thread_info: u32, + user32_reserved: [u32; 26], + user_reserved: [u32; 6], + wow32_reserved: u32, + current_locale: u32, + fp_software_status_register: u32, + system_reserved1: [u64; 54], + exception_code: u32, + activation_context_stack_pointer: u32, + spare_bytes: [u8; 24], + tx_fs_context: u32, } impl TEB { + pub fn size() -> usize { + return 1000; + } + + pub fn new(peb_addr: u32) -> TEB { + TEB { + nt_tib: [0; 28], + environment_pointer: 0, + process_id: 3240, + thread_id: 1, + active_rpc_handle: 0, + thread_local_storage_pointer: 0, + process_environment_block: peb_addr, // PEB 0x30 + last_error_value: 0, + count_of_owned_critical_sections: 0, + csr_client_thread: 0, + win32_thread_info: 0, + user32_reserved: [0; 26], + user_reserved: [0; 6], + wow32_reserved: 0, + current_locale: 0, + fp_software_status_register: 0, + system_reserved1: [0; 54], + exception_code: 0, + activation_context_stack_pointer: 0, + spare_bytes: [0; 24], + tx_fs_context: 0, + } + } + pub fn load(addr: u64, maps: &Maps) -> TEB { TEB { - reserved1: [0; 12], - peb: maps.read_dword(addr + 48).unwrap(), - reserved2: [0; 399], - reserved3: [0; 1952], - tls_slots: [0; 64], //TODO: read this - reserved4: [0; 8], - reserved5: [0; 26], - reserved_for_ole: maps.read_dword(addr + 3968).unwrap(), - reserved6: [0; 4], - tls_expansion_slots: maps.read_dword(addr + 3988).unwrap(), + nt_tib: [0; 28], + environment_pointer: maps.read_dword(addr + 28).unwrap(), + process_id: maps.read_dword(addr + 32).unwrap(), + thread_id: maps.read_dword(addr + 36).unwrap(), + active_rpc_handle: maps.read_dword(addr + 40).unwrap(), + thread_local_storage_pointer: maps.read_dword(addr + 44).unwrap(), + process_environment_block: maps.read_dword(addr + 48).unwrap(), + last_error_value: maps.read_dword(addr + 52).unwrap(), + count_of_owned_critical_sections: maps.read_dword(addr + 56).unwrap(), + csr_client_thread: maps.read_dword(addr + 60).unwrap(), + win32_thread_info: maps.read_dword(addr + 64).unwrap(), + user32_reserved: [0; 26], + user_reserved: [0; 6], + wow32_reserved: maps.read_dword(addr + 70).unwrap(), + current_locale: maps.read_dword(addr + 74).unwrap(), + fp_software_status_register: maps.read_dword(addr + 78).unwrap(), + system_reserved1: [0; 54], + exception_code: maps.read_dword(addr + 82).unwrap(), + activation_context_stack_pointer: maps.read_dword(addr + 86).unwrap(), + spare_bytes: [0; 24], + tx_fs_context: maps.read_dword(addr + 190).unwrap(), } } + pub fn save(&self, mem: &mut Mem64) { + let base = mem.get_base(); + mem.write_dword(base + 28, self.environment_pointer); + mem.write_dword(base + 32, self.process_id); + mem.write_dword(base + 36, self.thread_id); + mem.write_dword(base + 40, self.active_rpc_handle); + mem.write_dword(base + 44, self.thread_local_storage_pointer); + mem.write_dword(base + 48, self.process_environment_block); + mem.write_dword(base + 52, self.last_error_value); + mem.write_dword(base + 56, self.count_of_owned_critical_sections); + mem.write_dword(base + 60, self.csr_client_thread); + mem.write_dword(base + 64, self.win32_thread_info); + //maps.write_dword(addr + 68, self.user32_reserved); + //maps.write_dword(addr + 70, self.user_reserved); + mem.write_dword(base + 70, self.wow32_reserved); + mem.write_dword(base + 74, self.current_locale); + mem.write_dword(base + 78, self.fp_software_status_register); + mem.write_dword(base + 82, self.exception_code); + mem.write_dword(base + 86, self.activation_context_stack_pointer); + } + pub fn print(&self) { println!("{:#x?}", self); } @@ -276,10 +395,12 @@ impl TEB { #[derive(Debug)] pub struct PEB { - reserved1: [u8; 2], - being_debugged: u8, - reserved2: u8, - reserved3: [u32; 2], + inheritet_addr_space: u8, + read_img_file_exec_options: u8, + pub being_debugged: u8, + speer_bool: u8, + padding: u32, + image_base_addr: u32, ldr: u32, // ptr to PEB_LDR_DATA +0x0c process_parameters: u32, reserved4: [u32; 3], @@ -299,50 +420,47 @@ pub struct PEB { impl PEB { pub fn size() -> usize { - return 848; // std::mem::size_of_val + return 800; // TODO: std::mem::size_of_val } pub fn new( + image_base_addr: u32, ldr: u32, process_parameters: u32, - alt_thunk_list_ptr: u32, - reserved7: u32, - alt_thunk_list_ptr_32: u32, - post_process_init_routine: u32, - session_id: u32, ) -> PEB { PEB { - reserved1: [0; 2], + inheritet_addr_space: 0, + read_img_file_exec_options: 0, being_debugged: 0, - reserved2: 0, - reserved3: [0; 2], + speer_bool: 0, + padding: 0, + image_base_addr: image_base_addr, ldr: ldr, process_parameters: process_parameters, reserved4: [0; 3], - alt_thunk_list_ptr: alt_thunk_list_ptr, + alt_thunk_list_ptr: 0, reserved5: 0, - reserved6: 6, - reserved7: reserved7, + reserved6: 0, + reserved7: 0, reserved8: 0, - alt_thunk_list_ptr_32: alt_thunk_list_ptr_32, + alt_thunk_list_ptr_32: 0, reserved9: [0; 45], reserved10: [0; 96], - post_process_init_routine: post_process_init_routine, + post_process_init_routine: 0, reserved11: [0; 128], reserved12: 0, - session_id: session_id, + session_id: 0, } } pub fn load(addr: u64, maps: &Maps) -> PEB { PEB { - reserved1: [0; 2], + inheritet_addr_space: maps.read_byte(addr + 0).unwrap(), + read_img_file_exec_options: maps.read_byte(addr + 1).unwrap(), being_debugged: maps.read_byte(addr + 2).unwrap(), - reserved2: maps.read_byte(addr + 3).unwrap(), - reserved3: [ - maps.read_dword(addr + 4).unwrap(), - maps.read_dword(addr + 8).unwrap(), - ], + speer_bool: maps.read_byte(addr + 3).unwrap(), + padding: maps.read_dword(addr + 4).unwrap(), + image_base_addr: maps.read_dword(addr + 8).unwrap(), ldr: maps.read_dword(addr + 12).unwrap(), process_parameters: maps.read_dword(addr + 16).unwrap(), reserved4: [ @@ -358,25 +476,25 @@ impl PEB { alt_thunk_list_ptr_32: maps.read_dword(addr + 52).unwrap(), reserved9: [0; 45], reserved10: [0; 96], - post_process_init_routine: maps.read_dword(addr + 328).unwrap(), + post_process_init_routine: maps.read_dword(addr + 56).unwrap(), reserved11: [0; 128], - reserved12: maps.read_dword(addr + 840).unwrap(), - session_id: maps.read_dword(addr + 844).unwrap(), + reserved12: maps.read_dword(addr + 60).unwrap(), + session_id: maps.read_dword(addr + 64).unwrap(), } } pub fn set_image_base(&mut self, image_base: u32) { - self.reserved3[1] = image_base; + self.image_base_addr = image_base; } pub fn save(&self, mem: &mut Mem64) { let base = mem.get_base(); - mem.write_byte(base, self.reserved1[0]); - mem.write_byte(base + 1, self.reserved1[1]); + mem.write_byte(base, self.inheritet_addr_space); + mem.write_byte(base + 1, self.read_img_file_exec_options); mem.write_byte(base + 2, self.being_debugged); - mem.write_byte(base + 3, self.reserved2); - mem.write_dword(base + 4, self.reserved3[0]); - mem.write_dword(base + 8, self.reserved3[1]); + mem.write_byte(base + 3, self.speer_bool); + mem.write_dword(base + 4, self.padding); + mem.write_dword(base + 8, self.image_base_addr); mem.write_dword(base + 12, self.ldr); mem.write_dword(base + 16, self.process_parameters); mem.write_dword(base + 20, self.reserved4[0]); @@ -388,11 +506,9 @@ impl PEB { mem.write_dword(base + 44, self.reserved7); mem.write_dword(base + 48, self.reserved8); mem.write_dword(base + 52, self.alt_thunk_list_ptr_32); - - mem.write_dword(base + 328, self.post_process_init_routine); - - mem.write_dword(base + 840, self.reserved12); - mem.write_dword(base + 844, self.session_id); + mem.write_dword(base + 56, self.post_process_init_routine); + mem.write_dword(base + 60, self.reserved12); + mem.write_dword(base + 64, self.session_id); } pub fn print(&self) { @@ -479,7 +595,10 @@ impl PEB64 { return 800; // std::mem::size_of_val } - pub fn new(image_base_addr: u64, ldr: u64, process_parameters: u64) -> PEB64 { + pub fn new( + image_base_addr: u64, + ldr: u64, + process_parameters: u64) -> PEB64 { PEB64 { inheritet_addr_space: 0x0, read_img_file_exec_options: 0x0, @@ -828,6 +947,47 @@ impl TEB64 { } } + +#[derive(Debug)] +pub struct UnicodeString { + pub length: u16, // 0x58 0x68 + pub maximum_length: u16, // 0x5a 0x6a + pub padding: u32, // 0x5c 0x6c + pub buffer: u32, // 0x60 0x70 +} + +impl UnicodeString { + pub fn size() -> u32 { + return 0x10; + } + + pub fn new() -> UnicodeString { + UnicodeString { + length: 0, + maximum_length: 0, + padding: 0, + buffer: 0, + } + } + + pub fn load(addr: u64, maps: &Maps) -> UnicodeString { + UnicodeString { + length: maps.read_word(addr).unwrap(), + maximum_length: maps.read_word(addr + 2).unwrap(), + padding: maps.read_dword(addr + 4).unwrap(), + buffer: maps.read_dword(addr + 8).unwrap(), + } + } + + pub fn save(&self, addr: u64, maps: &mut Maps) { + maps.write_word(addr, self.length); + maps.write_word(addr + 2, self.maximum_length); + maps.write_dword(addr + 4, self.padding); + maps.write_dword(addr + 8, self.buffer); + } +} + + #[derive(Debug)] pub struct UnicodeString64 { pub length: u16, // 0x58 0x68 diff --git a/src/emu/syscall64.rs b/src/emu/syscall64.rs index d8938b3..1a4320f 100644 --- a/src/emu/syscall64.rs +++ b/src/emu/syscall64.rs @@ -193,15 +193,7 @@ pub fn gateway(emu: &mut emu::Emu) { let heap_base = 0x4b5b00; let heap_size = 0x4d8000-0x4b5000; - let heap = match emu.maps.get_map_by_name_mut("heap") { - Some(h) => h, - None => { - let h = emu.maps.create_map("heap"); - h.set_base(heap_base); - h.set_size(heap_size); - h - } - }; + let heap = emu.maps.create_map("heap", heap_base, heap_size).expect("cannot create heap map from brk syscall"); if emu.regs.rdi == 0 { emu.regs.r11 = 0x346; @@ -714,9 +706,7 @@ pub fn gateway(emu: &mut emu::Emu) { addr = emu.maps.lib64_alloc(sz).expect("syscall64 mmap cannot alloc"); } - let map = emu.maps.create_map(&format!("mmap_{:x}",addr)); - map.set_base(addr); - map.set_size(sz); + let map = emu.maps.create_map(&format!("mmap_{:x}",addr), addr, sz).expect("cannot create mmap map"); if helper::handler_exist(fd) { let filepath = helper::handler_get_uri(fd); diff --git a/src/emu/winapi32.rs b/src/emu/winapi32.rs index 0b0f6ce..ec2c99f 100644 --- a/src/emu/winapi32.rs +++ b/src/emu/winapi32.rs @@ -13,33 +13,37 @@ mod user32; mod wininet; mod ws2_32; mod libgcc; +mod iphlpapi; +mod wincrt; use crate::emu; pub fn gateway(addr: u32, name: String, emu: &mut emu::Emu) { emu.regs.sanitize32(); let unimplemented_api = match name.as_str() { - "kernel32_text" => kernel32::gateway(addr, emu), - "ntdll_text" => ntdll::gateway(addr, emu), - "user32_text" => user32::gateway(addr, emu), - "ws2_32_text" => ws2_32::gateway(addr, emu), - "wininet_text" => wininet::gateway(addr, emu), - "advapi32_text" => advapi32::gateway(addr, emu), + "kernel32.text" => kernel32::gateway(addr, emu), + "kernel32.rdata" => kernel32::gateway(addr, emu), + "ntdll.text" => ntdll::gateway(addr, emu), + "user32.text" => user32::gateway(addr, emu), + "ws2_32.text" => ws2_32::gateway(addr, emu), + "wininet.text" => wininet::gateway(addr, emu), + "advapi32.text" => advapi32::gateway(addr, emu), "crypt32.text" => crypt32::gateway(addr, emu), - "crypt32_text" => crypt32::gateway(addr, emu), "dnsapi.text" => dnsapi::gateway(addr, emu), "mscoree.text" => mscoree::gateway(addr, emu), - "msvcrt_text" => msvcrt::gateway(addr, emu), - "shlwapi_text" => msvcrt::gateway(addr, emu), - "oleaut32_text" => oleaut32::gateway(addr, emu), - "kernelbase_text" => kernelbase::gateway(addr, emu), + "msvcrt.text" => msvcrt::gateway(addr, emu), + "shlwapi.text" => shlwapi::gateway(addr, emu), + "oleaut32.text" => oleaut32::gateway(addr, emu), + "kernelbase.text" => kernelbase::gateway(addr, emu), + "iphlpapi.text" => iphlpapi::gateway(addr, emu), "libgcc_s_dw2-1.text" => libgcc::gateway(addr, emu), + "api-ms-win-crt-runtime-l1-1-0.text" => wincrt::gateway(addr, emu), "not_loaded" => { emu.pe32.as_ref().unwrap().import_addr_to_name(addr as u32) } _ => { println!("/!\\ trying to execute on {} at 0x{:x}", name, addr); - name + name.clone() } }; @@ -47,9 +51,12 @@ pub fn gateway(addr: u32, name: String, emu: &mut emu::Emu) { let params = emu.banzai.get_params(&unimplemented_api); println!("{} {} parameters", unimplemented_api, params); - for _ in 0..params { - emu.stack_pop32(false); + if name != "msvcrt.text" { + for _ in 0..params { + emu.stack_pop32(false); + } } + emu.regs.rax = 1; } } diff --git a/src/emu/winapi32/advapi32.rs b/src/emu/winapi32/advapi32.rs index 2dac4af..c99268f 100644 --- a/src/emu/winapi32/advapi32.rs +++ b/src/emu/winapi32/advapi32.rs @@ -5,33 +5,32 @@ use crate::emu::winapi32::helper; use crate::emu::winapi32::kernel32; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x77733553 => StartServiceCtrlDispatcherA(emu), - 0x776fa965 => StartServiceCtrlDispatcherW(emu), - 0x777041b3 => LookupPrivilegeValueW(emu), - 0x776f91dd => CryptAcquireContextA(emu), - 0x776fdf14 => CryptAcquireContextW(emu), - 0x7771779b => CryptEncrypt(emu), - 0x77733178 => CryptDecrypt(emu), - 0x776fdf4e => CryptCreateHash(emu), - 0x776f8ee9 => CryptGenKey(emu), - 0x776fdf7e => CryptGetHashParam(emu), - 0x777177cb => CryptGetKeyParam(emu), - 0x776fc532 => CryptImportKey(emu), - 0x777332a8 => CryptSignHashA(emu), - 0x777332b8 => CryptSignHashW(emu), - 0x776fe124 => CryptReleaseContext(emu), - 0x776fdf36 => CryptHashData(emu), - 0x77733188 => CryptDeriveKey(emu), - + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "StartServiceCtrlDispatcherA" => StartServiceCtrlDispatcherA(emu), + "StartServiceCtrlDispatcherW" => StartServiceCtrlDispatcherW(emu), + "LookupPrivilegeValueW" => LookupPrivilegeValueW(emu), + "CryptAcquireContextA" => CryptAcquireContextA(emu), + "CryptAcquireContextW" => CryptAcquireContextW(emu), + "CryptEncrypt" => CryptEncrypt(emu), + "CryptDecrypt" => CryptDecrypt(emu), + "CryptCreateHash" => CryptCreateHash(emu), + "CryptGenKey" => CryptGenKey(emu), + "CryptGetHashParam" => CryptGetHashParam(emu), + "CryptGetKeyParam" => CryptGetKeyParam(emu), + "CryptImportKey" => CryptImportKey(emu), + "CryptSignHashA" => CryptSignHashA(emu), + "CryptSignHashW" => CryptSignHashW(emu), + "CryptReleaseContext" => CryptReleaseContext(emu), + "CryptHashData" => CryptHashData(emu), + "CryptDeriveKey" => CryptDeriveKey(emu), _ => { - let apiname = kernel32::guess_api_name(emu, addr); println!( "calling unimplemented advapi32 API 0x{:x} {}", - addr, apiname + addr, api ); - return apiname; + return api; } } diff --git a/src/emu/winapi32/crypt32.rs b/src/emu/winapi32/crypt32.rs index 99e47ec..3d13bfa 100644 --- a/src/emu/winapi32/crypt32.rs +++ b/src/emu/winapi32/crypt32.rs @@ -8,16 +8,17 @@ use crate::emu::console; */ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x719b1540 => PkiInitializeCriticalSection(emu), - 0x75805d77 => CryptStringToBinaryA(emu), + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "PkiInitializeCriticalSection" => PkiInitializeCriticalSection(emu), + "CryptStringToBinaryA" => CryptStringToBinaryA(emu), + _ => { - let apiname = kernel32::guess_api_name(emu, addr); println!( - "calling unimplemented kernel32 API 0x{:x} {}", - addr, apiname + "calling unimplemented crypt32 API 0x{:x} {}", + addr, api ); - return apiname; + return api; } } diff --git a/src/emu/winapi32/dnsapi.rs b/src/emu/winapi32/dnsapi.rs index 664c29e..78d8ae6 100644 --- a/src/emu/winapi32/dnsapi.rs +++ b/src/emu/winapi32/dnsapi.rs @@ -4,12 +4,16 @@ use crate::emu::winapi32::kernel32; //use crate::emu::endpoint; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x6dc2a9bc => DnsQuery_A(emu), + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "DnsQuery_A" => DnsQuery_A(emu), + "DnsQueryA" => DnsQuery_A(emu), + "DnsQuery_W" => DnsQuery_W(emu), + "DnsQueryW" => DnsQuery_W(emu), + _ => { - let apiname = kernel32::guess_api_name(emu, addr); - println!("calling unimplemented dnsapi API 0x{:x} {}", addr, apiname); - return apiname; + println!("calling unimplemented dnsapi API 0x{:x} {}", addr, api); + return api; } } @@ -51,3 +55,39 @@ fn DnsQuery_A(emu: &mut emu::Emu) { emu.regs.rax = 1; } + +fn DnsQuery_W(emu: &mut emu::Emu) { + let name_ptr = emu + .maps + .read_dword(emu.regs.get_esp()) + .expect("dnsapi!DnsQuery_W cant read name ptr param") as u64; + let wtype = emu + .maps + .read_dword(emu.regs.get_esp() + 4) + .expect("dnsapi!DnsQuery_W cant read wtype pram"); + let opt = emu + .maps + .read_dword(emu.regs.get_esp() + 8) + .expect("dnsapi!DnsQuery_W cant read options param"); + let extra = emu + .maps + .read_dword(emu.regs.get_esp() + 12) + .expect("dnsapi!DnsQuery_W cant read extra param"); + let out_results = emu + .maps + .read_dword(emu.regs.get_esp() + 16) + .expect("dnsapi!DnsQuery_W cant read out results param"); + let out_reserved = emu + .maps + .read_dword(emu.regs.get_esp() + 20) + .expect("dnsapi!DnsQuery_W cant read out reserved param"); + + let name = emu.maps.read_wide_string(name_ptr); + + println!( + "{}** {} dnsapi!DnsQuery_W '{}' {}", + emu.colors.light_red, emu.pos, name, emu.colors.nc + ); + + emu.regs.rax = 1; +} diff --git a/src/emu/winapi32/iphlpapi.rs b/src/emu/winapi32/iphlpapi.rs new file mode 100644 index 0000000..32a4c09 --- /dev/null +++ b/src/emu/winapi32/iphlpapi.rs @@ -0,0 +1,16 @@ +use crate::emu; +use crate::emu::winapi32::kernel32; + +pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + //"LoadLibraryA" => LoadLibraryA(emu), + _ => { + println!( + "calling unimplemented iphlpapi API 0x{:x} {}", + addr, api + ); + return api; + } + } +} \ No newline at end of file diff --git a/src/emu/winapi32/kernel32.rs b/src/emu/winapi32/kernel32.rs index 0f08b1e..44c301d 100644 --- a/src/emu/winapi32/kernel32.rs +++ b/src/emu/winapi32/kernel32.rs @@ -10,167 +10,180 @@ use lazy_static::lazy_static; use std::sync::Mutex; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x75e9395c => LoadLibraryA(emu), - 0x75e847fa => LoadLibraryExA(emu), - 0x75e93951 => LoadLibraryExA(emu), // from jump table - 0x75e84775 => LoadLibraryExW(emu), - 0x75e933d3 => GetProcAddress(emu), - 0x75e93c01 => LoadLibraryW(emu), - 0x75ece5fd => WinExec(emu), - 0x75e8154e => GetVersion(emu), - 0x75e42082 => CreateProcessA(emu), - 0x75e8ba90 => WaitForSingleObject(emu), - 0x75e92fb6 => VirtualAlloc(emu), - 0x75e7c1b6 => VirtualAllocEx(emu), - 0x75e7c1de => WriteProcessMemory(emu), - 0x75ecf33b => CreateRemoteThread(emu), - 0x75ecd44f => CreateNamedPipeA(emu), - 0x75e72727 => ConnectNamedPipe(emu), - 0x75e9f438 => DisconnectNamedPipe(emu), - 0x75e896fb => ReadFile(emu), - 0x75e91400 => WriteFile(emu), - 0x75e8cc56 => CreateFileW(emu), - 0x75e8ca7c => CloseHandle(emu), - 0x75e9214f => ExitProcess(emu), - 0x75e82331 => TerminateProcess(emu), - 0x75ea0cc1 => GetThreadContext(emu), - 0x75e7c1ce => ReadProcessMemory(emu), - 0x75e9c13a => GetCurrentDirectoryW(emu), - 0x75e7733c => GetCurrentDirectoryA(emu), - 0x75e82341 => VirtualProtect(emu), - 0x75ecf5d9 => VirtualProtectEx(emu), - 0x75e80f1c => ResumeThread(emu), - 0x75e93735 => GetFullPathNameA(emu), - 0x75e94543 => GetFullPathNameW(emu), - 0x75e7b149 => SystemTimeToTzSpecificLocalTime(emu), - 0x75e85986 => GetLogicalDrives(emu), - 0x75e78a5b => ExpandEnvironmentStringsA(emu), - 0x75e84680 => ExpandEnvironmentStringsW(emu), - 0x75e91de6 => GetFileAttributesA(emu), - 0x75e964ff => GetFileAttributesW(emu), - 0x75e91dfe => FileTimeToSystemTime(emu), - 0x75e92289 => FindFirstFileA(emu), - 0x75e8a187 => FindNextFileA(emu), - 0x75e953b2 => FindFirstFileW(emu), - 0x75e8963a => FindNextFileW(emu), - 0x75ea532c => CopyFileA(emu), - 0x75e767c3 => CopyFileW(emu), - 0x75e90e62 => FindClose(emu), - 0x75eca559 => MoveFileA(emu), - 0x75ea548a => MoveFileW(emu), - 0x75e859d7 => OpenProcess(emu), - 0x75e8cac4 => GetCurrentProcessId(emu), - 0x75ea7e4c => Thread32First(emu), - 0x75ea7edc => Thread32Next(emu), - 0x75e96733 => OpenThread(emu), - 0x75e7f731 => CreateToolhelp32Snapshot(emu), - 0x75e9375d => CreateThread(emu), - 0x75ed0193 => SetThreadContext(emu), - 0x75e8899b => MapViewOfFile(emu), - 0x75e92fde => GetSystemTimeAsFileTime(emu), - 0x75e8bb80 => GetCurrentThreadId(emu), - 0x75e8ba60 => GetTickCount(emu), - 0x75e8bb9f => QueryPerformanceCounter(emu), - 0x75e93ea2 => HeapCreate(emu), - 0x75e82301 => HeapDestroy(emu), - 0x75e8cf41 => GetModuleHandleA(emu), - 0x75e9374d => GetModuleHandleW(emu), - 0x75e935a1 => TlsAlloc(emu), - 0x75e8da88 => TlsSetValue(emu), - 0x75e8da70 => TlsGetValue(emu), - 0x75e913b8 => TlsFree(emu), - 0x75eff02b => EncodePointer(emu), - 0x75efef55 => DecodePointer(emu), - 0x75e8ba46 => Sleep(emu), - 0x75e93939 => InitializeCriticalSectionAndSpinCount(emu), - 0x75eff164 => HeapAlloc(emu), - 0x75e82351 => GetProcessAffinityMask(emu), - 0x75e83ea8 => IsDebuggerPresent(emu), - 0x75e93d01 => SetUnhandledExceptionFilter(emu), - 0x75e9ed38 => UnhandledExceptionFilter(emu), - 0x75e8cdcf => GetCurrentProcess(emu), - 0x75e93363 => LocalAlloc(emu), - 0x75ecf5c9 => VirtualAllocExNuma(emu), - 0x75ea6447 => GetUserDefaultLangID(emu), - 0x75e91280 => GetProcessHeap(emu), - 0x75e76ba9 => GetComputerNameA(emu), - 0x75e93589 => CreateMutexA(emu), - 0x75e8bf00 => GetLastError(emu), - 0x75e897e9 => CreateFileMappingA(emu), - 0x75e80a7f => CreateFileMappingW(emu), - 0x75e8ced8 => GetSystemTime(emu), - 0x75e8a19f => lstrcat(emu), - 0x75e94a51 => SetErrorMode(emu), - 0x75e83b1a => GetVersionExW(emu), - 0x75e88fc5 => GetSystemDirectoryA(emu), - 0x75e940fb => GetSystemDirectoryW(emu), - 0x75e41e10 => GetStartupInfoA(emu), - 0x75e93891 => GetStartupInfoW(emu), - 0x75e91e16 => FlsGetValue(emu), - 0x75e976b5 => IsProcessorFeaturePresent(emu), - 0x75eff1e4 => InitializeCriticalSection(emu), - 0x75e93879 => InitializeCriticalSectionEx(emu), - 0x75e9418d => FlsAlloc(emu), - 0x75e976e6 => FlsSetValue(emu), - 0x75e8bb08 => SetLastError(emu), - 0x75e8a611 => lstrlen(emu), - 0x75e9452b => MultiByteToWideChar(emu), - 0x75e93728 => GetSystemInfo(emu), - 0x75e8bbd0 => HeapFree(emu), - 0x75ea88e6 => SetThreadLocale(emu), - 0x75e998ff => GetCommandLineA(emu), - 0x75e9679e => GetCommandLineW(emu), - 0x75e939aa => GetAcp(emu), - 0x75e93c26 => GetModuleFileNameW(emu), - 0x75e8c189 => RegOpenKeyExW(emu), - 0x75e822ef => GetUserDefaultUILanguage(emu), - 0x75eff05f => EnterCriticalSection(emu), - 0x75eff346 => LeaveCriticalSection(emu), - 0x75e83de4 => IsValidLocale(emu), - 0x75e7ae42 => GetThreadUILanguage(emu), - 0x75e822d7 => GetThreadPreferredUILanguages(emu), - 0x75e78c59 => lstrcmp(emu), - 0x75e7be77 => GetNativeSystemInfo(emu), - 0x75e78b33 => GetTempPathW(emu), - 0x75e92004 => FileTimeToLocalFileTime(emu), - 0x75e82ce1 => FileTimeToDosDateTime(emu), - 0x75e82aee => CreateMutexW(emu), - 0x75e976d6 => VirtualQuery(emu), - 0x75e91da4 => VirtualFree(emu), - 0x75e7eb60 => RaiseException(emu), - 0x75e80e91 => VerifyVersionInfoW(emu), - 0x75e78a3b => GetTimeZoneInformation(emu), - 0x75e74e42 => VirtualQueryEx(emu), - 0x75e8bbc0 => InterlockedIncrement(emu), - 0x75e91dbc => GetEnvironmentStringsW(emu), - 0x75e92f99 => GetEnvironmentStrings(emu), - 0x75e91dc3 => FreeEnvironmentStringsW(emu), - 0x75e91e46 => GetStdHandle(emu), - 0x75e975a5 => GetFileType(emu), - 0x75e99911 => SetHandleCount(emu), - 0x75e9c1c0 => IsValidCodePage(emu), - 0x75e91e2e => GetCPInfo(emu), - 0x75e967c8 => GetStringTypeW(emu), - 0x75e913d0 => LCMapStringW(emu), - 0x75e9450e => WideCharToMultiByte(emu), - 0x776fdf4e => CryptCreateHash(emu), - 0x75e94157 => HeapSetInformation(emu), - 0x75eff395 => OpenProcessToken(emu), - 0x75e80ef7 => CreateEventA(emu), - 0x75efee2a => AddVectoredExceptionHandler(emu), - 0x75e91181 => GetLongPathNameW(emu), - 0x75e8d9d0 => FreeLibrary(emu), - 0x75ecf311 => AreFileApisANSI(emu), - 0x75e933f6 => GetModuleFileNameA(emu), - + let api = guess_api_name(emu, addr); + match api.as_str() { + "LoadLibraryA" => LoadLibraryA(emu), + "LoadLibraryExA" => LoadLibraryExA(emu), + "LoadLibraryExW" => LoadLibraryExW(emu), + "GetProcAddress" => GetProcAddress(emu), + "LoadLibraryW" => LoadLibraryW(emu), + "WinExec" => WinExec(emu), + "GetVersion" => GetVersion(emu), + "CreateProcessA" => CreateProcessA(emu), + "WaitForSingleObject" => WaitForSingleObject(emu), + "VirtualAlloc" => VirtualAlloc(emu), + "VirtualAllocEx" => VirtualAllocEx(emu), + "WriteProcessMemory" => WriteProcessMemory(emu), + "CreateRemoteThread" => CreateRemoteThread(emu), + "CreateNamedPipeA" => CreateNamedPipeA(emu), + "ConnectNamedPipe" => ConnectNamedPipe(emu), + "DisconnectNamedPipe" => DisconnectNamedPipe(emu), + "ReadFile" => ReadFile(emu), + "WriteFile" => WriteFile(emu), + "CreateFileW" => CreateFileW(emu), + "CloseHandle" => CloseHandle(emu), + "ExitProcess" => ExitProcess(emu), + "TerminateProcess" => TerminateProcess(emu), + "GetThreadContext" => GetThreadContext(emu), + "ReadProcessMemory" => ReadProcessMemory(emu), + "GetCurrentDirectoryW" => GetCurrentDirectoryW(emu), + "GetCurrentDirectoryA" => GetCurrentDirectoryA(emu), + "VirtualProtect" => VirtualProtect(emu), + "VirtualProtectEx" => VirtualProtectEx(emu), + "ResumeThread" => ResumeThread(emu), + "GetFullPathNameA" => GetFullPathNameA(emu), + "GetFullPathNameW" => GetFullPathNameW(emu), + "SystemTimeToTzSpecificLocalTime" => SystemTimeToTzSpecificLocalTime(emu), + "GetLogicalDrives" => GetLogicalDrives(emu), + "ExpandEnvironmentStringsA" => ExpandEnvironmentStringsA(emu), + "ExpandEnvironmentStringsW" => ExpandEnvironmentStringsW(emu), + "GetFileAttributesA" => GetFileAttributesA(emu), + "GetFileAttributesW" => GetFileAttributesW(emu), + "FileTimeToSystemTime" => FileTimeToSystemTime(emu), + "FindFirstFileA" => FindFirstFileA(emu), + "FindNextFileA" => FindNextFileA(emu), + "FindFirstFileW" => FindFirstFileW(emu), + "FindNextFileW" => FindNextFileW(emu), + "CopyFileA" => CopyFileA(emu), + "CopyFileW" => CopyFileW(emu), + "FindClose" => FindClose(emu), + "MoveFileA" => MoveFileA(emu), + "MoveFileW" => MoveFileW(emu), + "OpenProcess" => OpenProcess(emu), + "GetCurrentProcessId" => GetCurrentProcessId(emu), + "Thread32First" => Thread32First(emu), + "Thread32Next" => Thread32Next(emu), + "OpenThread" => OpenThread(emu), + "CreateToolhelp32Snapshot" => CreateToolhelp32Snapshot(emu), + "CreateThread" => CreateThread(emu), + "SetThreadContext" => SetThreadContext(emu), + "MapViewOfFile" => MapViewOfFile(emu), + "GetSystemTimeAsFileTime" => GetSystemTimeAsFileTime(emu), + "GetCurrentThreadId" => GetCurrentThreadId(emu), + "GetTickCount" => GetTickCount(emu), + "QueryPerformanceCounter" => QueryPerformanceCounter(emu), + "HeapCreate" => HeapCreate(emu), + "HeapDestroy" => HeapDestroy(emu), + "GetModuleHandleA" => GetModuleHandleA(emu), + "GetModuleHandleW" => GetModuleHandleW(emu), + "TlsAlloc" => TlsAlloc(emu), + "TlsSetValue" => TlsSetValue(emu), + "TlsGetValue" => TlsGetValue(emu), + "TlsFree" => TlsFree(emu), + "EncodePointer" => EncodePointer(emu), + "DecodePointer" => DecodePointer(emu), + "Sleep" => Sleep(emu), + "InitializeCriticalSectionAndSpinCount" => InitializeCriticalSectionAndSpinCount(emu), + "HeapAlloc" => HeapAlloc(emu), + "GetProcessAffinityMask" => GetProcessAffinityMask(emu), + "IsDebuggerPresent" => IsDebuggerPresent(emu), + "SetUnhandledExceptionFilter" => SetUnhandledExceptionFilter(emu), + "UnhandledExceptionFilter" => UnhandledExceptionFilter(emu), + "GetCurrentProcess" => GetCurrentProcess(emu), + "LocalAlloc" => LocalAlloc(emu), + "VirtualAllocExNuma" => VirtualAllocExNuma(emu), + "GetUserDefaultLangID" => GetUserDefaultLangID(emu), + "GetProcessHeap" => GetProcessHeap(emu), + "GetComputerNameA" => GetComputerNameA(emu), + "CreateMutexA" => CreateMutexA(emu), + "GetLastError" => GetLastError(emu), + "CreateFileMappingA" => CreateFileMappingA(emu), + "CreateFileMappingW" => CreateFileMappingW(emu), + "GetSystemTime" => GetSystemTime(emu), + "lstrcat" => lstrcat(emu), + "SetErrorMode" => SetErrorMode(emu), + "GetVersionExW" => GetVersionExW(emu), + "GetSystemDirectoryA" => GetSystemDirectoryA(emu), + "GetSystemDirectoryW" => GetSystemDirectoryW(emu), + "GetStartupInfoA" => GetStartupInfoA(emu), + "GetStartupInfoW" => GetStartupInfoW(emu), + "FlsGetValue" => FlsGetValue(emu), + "IsProcessorFeaturePresent" => IsProcessorFeaturePresent(emu), + "InitializeCriticalSection" => InitializeCriticalSection(emu), + "InitializeCriticalSectionEx" => InitializeCriticalSectionEx(emu), + "FlsAlloc" => FlsAlloc(emu), + "FlsSetValue" => FlsSetValue(emu), + "SetLastError" => SetLastError(emu), + "lstrlen" => lstrlen(emu), + "MultiByteToWideChar" => MultiByteToWideChar(emu), + "GetSystemInfo" => GetSystemInfo(emu), + "HeapFree" => HeapFree(emu), + "SetThreadLocale" => SetThreadLocale(emu), + "GetCommandLineA" => GetCommandLineA(emu), + "GetCommandLineW" => GetCommandLineW(emu), + "GetAcp" => GetAcp(emu), + "GetModuleFileNameW" => GetModuleFileNameW(emu), + "RegOpenKeyExW" => RegOpenKeyExW(emu), + "GetUserDefaultUILanguage" => GetUserDefaultUILanguage(emu), + "EnterCriticalSection" => EnterCriticalSection(emu), + "LeaveCriticalSection" => LeaveCriticalSection(emu), + "IsValidLocale" => IsValidLocale(emu), + "GetThreadUILanguage" => GetThreadUILanguage(emu), + "GetThreadPreferredUILanguages" => GetThreadPreferredUILanguages(emu), + "lstrcmp" => lstrcmpA(emu), + "lstrcmpA" => lstrcmpA(emu), + "lstrcmpW" => lstrcmpW(emu), + "GetNativeSystemInfo" => GetNativeSystemInfo(emu), + "GetTempPathW" => GetTempPathW(emu), + "FileTimeToLocalFileTime" => FileTimeToLocalFileTime(emu), + "FileTimeToDosDateTime" => FileTimeToDosDateTime(emu), + "CreateMutexW" => CreateMutexW(emu), + "VirtualQuery" => VirtualQuery(emu), + "VirtualFree" => VirtualFree(emu), + "RaiseException" => RaiseException(emu), + "VerifyVersionInfoW" => VerifyVersionInfoW(emu), + "GetTimeZoneInformation" => GetTimeZoneInformation(emu), + "VirtualQueryEx" => VirtualQueryEx(emu), + "InterlockedIncrement" => InterlockedIncrement(emu), + "GetEnvironmentStrings" => GetEnvironmentStrings(emu), + "GetEnvironmentStringsW" => GetEnvironmentStringsW(emu), + "GetStdHandle" => GetStdHandle(emu), + "GetFileType" => GetFileType(emu), + "SetHandleCount" => SetHandleCount(emu), + "IsValidCodePage" => IsValidCodePage(emu), + "GetCPInfo" => GetCPInfo(emu), + "GetStringTypeW" => GetStringTypeW(emu), + "LCMapStringW" => LCMapStringW(emu), + "WideCharToMultiByte" => WideCharToMultiByte(emu), + "CryptCreateHash" => CryptCreateHash(emu), + "HeapSetInformation" => HeapSetInformation(emu), + "OpenProcessToken" => OpenProcessToken(emu), + "CreateEventA" => CreateEventA(emu), + "AddVectoredExceptionHandler" => AddVectoredExceptionHandler(emu), + "GetLongPathNameW" => GetLongPathNameW(emu), + "FreeLibrary" => FreeLibrary(emu), + "AreFileApisANSI" => AreFileApisANSI(emu), + "GetModuleFileNameA" => GetModuleFileNameA(emu), + "lstrcpy" => lstrcpy(emu), + "GetACP" => GetACP(emu), + "GetOEMCP" => GetOEMCP(emu), + "GetWindowsDirectoryA" => GetWindowsDirectoryA(emu), + "GetWindowsDirectoryW" => GetWindowsDirectoryW(emu), + "GetSystemWindowsDirectoryA" => GetSystemWindowsDirectoryA(emu), + "GetSystemWindowsDirectoryW" => GetSystemWindowsDirectoryW(emu), + "RegCreateKeyExA" => RegCreateKeyExA(emu), + "RegCreateKeyExW" => RegCreateKeyExW(emu), + "RegSetValueExA" => RegSetValueExA(emu), + "RegSetValueExW" => RegSetValueExW(emu), + "RegCloseKey" => RegCloseKey(emu), + "RegOpenKeyA" => RegOpenKeyA(emu), + "RegOpenKeyW" => RegOpenKeyW(emu), _ => { - let apiname = guess_api_name(emu, addr); println!( "calling unimplemented kernel32 API 0x{:x} {}", - addr, apiname + addr, api ); - return apiname; + return api; } } @@ -634,9 +647,7 @@ fn VirtualAlloc(emu: &mut emu::Emu) { .maps .alloc(size) .expect("kernel32!VirtualAlloc out of memory"); - let alloc = emu.maps.create_map(format!("alloc_{:x}", base).as_str()); - alloc.set_base(base); - alloc.set_size(size); + emu.maps.create_map(format!("alloc_{:x}", base).as_str(), base, size).expect("kernel32!VirtualAlloc out of memory"); println!( "{}** {} kernel32!VirtualAlloc sz: {} addr: 0x{:x} {}", @@ -681,9 +692,7 @@ fn VirtualAllocEx(emu: &mut emu::Emu) { .maps .alloc(size) .expect("kernel32!VirtualAllocEx out of memory"); - let alloc = emu.maps.create_map(format!("alloc_{:x}", base).as_str()); - alloc.set_base(base); - alloc.set_size(size); + emu.maps.create_map(format!("alloc_{:x}", base).as_str(), base, size).expect("kernel32!VirtualAllocEx out of memory"); emu.regs.rax = base; @@ -1823,7 +1832,9 @@ fn CreateThread(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 20) .expect("kernel32!CreateThread cannot read tid_ptr") as u64; - emu.maps.write_dword(tid_ptr, 0x123); + if tid_ptr > 0 { + emu.maps.write_dword(tid_ptr, 0x123); + } println!( "{}** {} kernel32!CreateThread code: 0x{:x} {}", @@ -1895,9 +1906,7 @@ fn MapViewOfFile(emu: &mut emu::Emu) { .maps .alloc(size) .expect("kernel32!MapViewOfFile cannot allocate"); - let mem = emu.maps.create_map("file_map"); - mem.set_base(addr); - mem.set_size(size); + let mem = emu.maps.create_map("file_map", addr, size).expect("kernel32!MapViewOfFile cannot create map"); let loaded = mem.load_chunk(&emu.filename, off, size as usize); println!( @@ -2242,11 +2251,7 @@ fn HeapAlloc(emu: &mut emu::Emu) { None => 0, }; - let mem = emu - .maps - .create_map(format!("alloc_{:x}", emu.regs.get_eax() as u32).as_str()); - mem.set_base(emu.regs.get_eax()); - mem.set_size(size); + emu.maps.create_map(format!("alloc_{:x}", emu.regs.get_eax() as u32).as_str(), emu.regs.get_eax(), size).expect("kernel32!HeapAlloc out of memory"); println!( "{}** {} kernel32!HeapAlloc flags: 0x{:x} size: {} =0x{:x} {}", @@ -2358,11 +2363,7 @@ fn LocalAlloc(emu: &mut emu::Emu) { None => 0, }; - let mem = emu - .maps - .create_map(format!("alloc_{:x}", emu.regs.get_eax() as u32).as_str()); - mem.set_base(emu.regs.get_eax()); - mem.set_size(size); + emu.maps.create_map(format!("alloc_{:x}", emu.regs.get_eax() as u32).as_str(), emu.regs.get_eax(), size).expect("kernel32!LocalAlloc out of memory"); println!( "{}** {} kernel32!LocalAlloc flags: 0x{:x} size: {} =0x{:x} {}", @@ -2413,9 +2414,7 @@ fn VirtualAllocExNuma(emu: &mut emu::Emu) { .maps .alloc(size) .expect("kernel32!VirtualAllocExNuma out of memory"); - let alloc = emu.maps.create_map(format!("alloc_{:x}", base).as_str()); - alloc.set_base(base); - alloc.set_size(size); + emu.maps.create_map(format!("alloc_{:x}", base).as_str(), base, size).expect("kernel32!VirtualAllocExNuma out of memory"); emu.regs.rax = base; @@ -3296,7 +3295,7 @@ fn GetThreadPreferredUILanguages(emu: &mut emu::Emu) { emu.regs.rax = 1; } -fn lstrcmp(emu: &mut emu::Emu) { +fn lstrcmpA(emu: &mut emu::Emu) { let s1_ptr = emu .maps .read_dword(emu.regs.get_esp()) @@ -3310,7 +3309,38 @@ fn lstrcmp(emu: &mut emu::Emu) { let s2 = emu.maps.read_string(s2_ptr); println!( - "{}** {} kernel32!lstrcmp '{}' == '{}' {}", + "{}** {} kernel32!lstrcmpA '{}' == '{}' {}", + emu.colors.light_red, emu.pos, s1, s2, emu.colors.nc + ); + + emu.stack_pop32(false); + emu.stack_pop32(false); + + let result = s1.cmp(&s2); + if result == std::cmp::Ordering::Less { + emu.regs.rax = 0xffffffff; + } else if result == std::cmp::Ordering::Greater { + emu.regs.rax = 1; + } else { + emu.regs.rax = 0; + } +} + +fn lstrcmpW(emu: &mut emu::Emu) { + let s1_ptr = emu + .maps + .read_dword(emu.regs.get_esp()) + .expect("kernel32!lstrcmp cannot read s1_ptr") as u64; + let s2_ptr = emu + .maps + .read_dword(emu.regs.get_esp() + 4) + .expect("kernel32!lstrcmp cannot read s2_ptr") as u64; + + let s1 = emu.maps.read_wide_string(s1_ptr); + let s2 = emu.maps.read_wide_string(s2_ptr); + + println!( + "{}** {} kernel32!lstrcmpW '{}' == '{}' {}", emu.colors.light_red, emu.pos, s1, s2, emu.colors.nc ); @@ -4179,7 +4209,7 @@ fn GetModuleFileNameA(emu: &mut emu::Emu) { .expect("kernel32!GetModuleFileNameA: error reading param"); if buff_sz > 8 { - emu.maps.write_string(fname_ptr, "test.exe"); + emu.maps.write_string(fname_ptr, "c:\\test.exe"); } println!( @@ -4193,3 +4223,199 @@ fn GetModuleFileNameA(emu: &mut emu::Emu) { emu.regs.rax = 8; } + +fn lstrcpy(emu: &mut emu::Emu) { + let dst = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!lstrcpy: error reading dst") as u64; + let src = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!lstrcpy: error reading src") as u64; + let s = emu.maps.read_string(src); + emu.maps.write_string(dst, &s); + + println!("{}** {} kernel32!lstrcpy 0x{:x} `{}` {}", emu.colors.light_red, emu.pos, dst, s, emu.colors.nc); + + emu.regs.rax = dst; + emu.stack_pop32(false); + emu.stack_pop32(false); +} + +fn GetACP(emu: &mut emu::Emu) { + println!("{}** {} kernel32!GetACP {}", emu.colors.light_red, emu.pos, emu.colors.nc); + emu.regs.rax = 0x00000409; +} + +fn GetOEMCP(emu: &mut emu::Emu) { + println!("{}** {} kernel32!GetOEMCP {}", emu.colors.light_red, emu.pos, emu.colors.nc); + emu.regs.rax = 0x00000409; +} + +fn GetWindowsDirectoryA(emu: &mut emu::Emu) { + let ptr = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!GetWindowsDirectoryA: error reading param") as u64; + let size = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!GetWindowsDirectoryA: error reading param") as u64; + + println!("{}** {} kernel32!GetWindowsDirectoryA {}", emu.colors.light_red, emu.pos, emu.colors.nc); + + emu.maps.write_string(ptr, "C:\\Windows\\"); + emu.regs.rax = size; + + emu.stack_pop32(false); + emu.stack_pop32(false); +} + +fn GetWindowsDirectoryW(emu: &mut emu::Emu) { + let ptr = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!GetWindowsDirectoryW: error reading param") as u64; + let size = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!GetWindowsDirectoryW: error reading param") as u64; + + println!("{}** {} kernel32!GetWindowsDirectoryW {}", emu.colors.light_red, emu.pos, emu.colors.nc); + + emu.maps.write_wide_string(ptr, "C:\\Windows\\"); + emu.regs.rax = size; + + emu.stack_pop32(false); + emu.stack_pop32(false); +} + +fn GetSystemWindowsDirectoryA(emu: &mut emu::Emu) { + let ptr = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!GetSystemWindowsDirectoryA: error reading param") as u64; + let size = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!GetSystemWindowsDirectoryA: error reading param") as u64; + + println!("{}** {} kernel32!GetSystemWindowsDirectoryA {}", emu.colors.light_red, emu.pos, emu.colors.nc); + + emu.maps.write_string(ptr, "C:\\Windows\\system32\\"); + emu.regs.rax = size; + + emu.stack_pop32(false); + emu.stack_pop32(false); +} + +fn GetSystemWindowsDirectoryW(emu: &mut emu::Emu) { + let ptr = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!GetSystemWindowsDirectoryW: error reading param") as u64; + let size = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!GetSystemWindowsDirectoryW: error reading param") as u64; + + println!("{}** {} kernel32!GetSystemWindowsDirectoryW {}", emu.colors.light_red, emu.pos, emu.colors.nc); + + emu.maps.write_wide_string(ptr, "C:\\Windows\\system32\\"); + emu.regs.rax = size; + + + emu.stack_pop32(false); + emu.stack_pop32(false); +} + +fn RegCreateKeyExA(emu: &mut emu::Emu) { + let hKey = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!RegCreateKeyExA: error reading param") as u64; + let subkey_ptr = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!RegCreateKeyExA: error reading param") as u64; + let reserved = emu.maps.read_dword(emu.regs.get_esp() + 8).expect("kernel32!RegCreateKeyExA: error reading param") as u64; + let class_ptr = emu.maps.read_dword(emu.regs.get_esp() + 12).expect("kernel32!RegCreateKeyExA: error reading param") as u64; + let options = emu.maps.read_dword(emu.regs.get_esp() + 16).expect("kernel32!RegCreateKeyExA: error reading param") as u64; + let security_attr = emu.maps.read_dword(emu.regs.get_esp() + 20).expect("kernel32!RegCreateKeyExA: error reading param") as u64; + + let subkey = emu.maps.read_string(subkey_ptr); + let mut class_name = "".to_string(); + if class_ptr > 0 { + class_name = emu.maps.read_string(class_ptr); + } + + println!("{}** {} kernel32!RegCreateKeyExA {} {} {}", emu.colors.light_red, emu.pos, subkey, class_name, emu.colors.nc); + emu.regs.rax = constants::ERROR_SUCCESS; + + for _ in 0..9 { + emu.stack_pop32(false); + } +} + +fn RegCreateKeyExW(emu: &mut emu::Emu) { + let hKey = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!RegCreateKeyExW: error reading param") as u64; + let subkey_ptr = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!RegCreateKeyExW: error reading param") as u64; + let reserved = emu.maps.read_dword(emu.regs.get_esp() + 8).expect("kernel32!RegCreateKeyExW: error reading param") as u64; + let class_ptr = emu.maps.read_dword(emu.regs.get_esp() + 12).expect("kernel32!RegCreateKeyExW: error reading param") as u64; + let options = emu.maps.read_dword(emu.regs.get_esp() + 16).expect("kernel32!RegCreateKeyExW: error reading param") as u64; + let security_attr = emu.maps.read_dword(emu.regs.get_esp() + 20).expect("kernel32!RegCreateKeyExW: error reading param") as u64; + + let subkey = emu.maps.read_wide_string(subkey_ptr); + let mut class_name = "".to_string(); + if class_ptr > 0 { + class_name = emu.maps.read_wide_string(class_ptr); + } + + println!("{}** {} kernel32!RegCreateKeyExW {} {} {}", emu.colors.light_red, emu.pos, subkey, class_name, emu.colors.nc); + emu.regs.rax = constants::ERROR_SUCCESS; + + for _ in 0..9 { + emu.stack_pop32(false); + } +} + +fn RegSetValueExA(emu: &mut emu::Emu) { + let hKey = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!RegSetValueExA: error reading param") as u64; + let value_name_ptr = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!RegSetValueExA: error reading param") as u64; + let reserved = emu.maps.read_dword(emu.regs.get_esp() + 8).expect("kernel32!RegSetValueExA: error reading param") as u64; + let value_type = emu.maps.read_dword(emu.regs.get_esp() + 12).expect("kernel32!RegSetValueExA: error reading param") as u64; + let data_ptr = emu.maps.read_dword(emu.regs.get_esp() + 16).expect("kernel32!RegSetValueExA: error reading param") as u64; + let data_size = emu.maps.read_dword(emu.regs.get_esp() + 20).expect("kernel32!RegSetValueExA: error reading param") as u64; + + let value_name = emu.maps.read_string(value_name_ptr); + + println!("{}** {} kernel32!RegSetValueExA `{}` type: {} data: 0x{:x} {}", emu.colors.light_red, emu.pos, value_name, value_type, data_ptr, emu.colors.nc); + emu.regs.rax = constants::ERROR_SUCCESS; + + for _ in 0..6 { + emu.stack_pop32(false); + } +} + +fn RegSetValueExW(emu: &mut emu::Emu) { + let hKey = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!RegSetValueExW: error reading param") as u64; + let value_name_ptr = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!RegSetValueExW: error reading param") as u64; + let reserved = emu.maps.read_dword(emu.regs.get_esp() + 8).expect("kernel32!RegSetValueExW: error reading param") as u64; + let value_type = emu.maps.read_dword(emu.regs.get_esp() + 12).expect("kernel32!RegSetValueExW: error reading param") as u64; + let data_ptr = emu.maps.read_dword(emu.regs.get_esp() + 16).expect("kernel32!RegSetValueExW: error reading param") as u64; + let data_size = emu.maps.read_dword(emu.regs.get_esp() + 20).expect("kernel32!RegSetValueExW: error reading param") as u64; + + let value_name = emu.maps.read_wide_string(value_name_ptr); + + println!("{}** {} kernel32!RegSetValueExW `{}` type: {} data: 0x{:x} {}", emu.colors.light_red, emu.pos, value_name, value_type, data_ptr, emu.colors.nc); + emu.regs.rax = constants::ERROR_SUCCESS; + + for _ in 0..6 { + emu.stack_pop32(false); + } +} + +fn RegCloseKey(emu: &mut emu::Emu) { + let hKey = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!RegCloseKey: error reading param") as u64; + + println!("{}** {} kernel32!RegCloseKey hkey: 0x{:x} {}", emu.colors.light_red, emu.pos, hKey, emu.colors.nc); + emu.stack_pop32(false); + emu.regs.rax = constants::ERROR_SUCCESS; +} + +fn RegOpenKeyA(emu: &mut emu::Emu) { + let hKey = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!RegOpenKeyA: error reading param") as u64; + let subkey_ptr = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!RegOpenKeyA: error reading param") as u64; + let result = emu.maps.read_dword(emu.regs.get_esp() + 8).expect("kernel32!RegOpenKeyA: error reading param") as u64; + + let subkey = emu.maps.read_string(subkey_ptr); + emu.maps.write_dword(result, helper::handler_create(&format!("key://{}", subkey)) as u32); + + println!("{}** {} kernel32!RegOpenKeyA `{}` {}", emu.colors.light_red, emu.pos, subkey, emu.colors.nc); + emu.regs.rax = constants::ERROR_SUCCESS; + + for _ in 0..3 { + emu.stack_pop32(false); + } +} + +fn RegOpenKeyW(emu: &mut emu::Emu) { + let hKey = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!RegOpenKeyW: error reading param") as u64; + let subkey_ptr = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!RegOpenKeyW: error reading param") as u64; + let result = emu.maps.read_dword(emu.regs.get_esp() + 8).expect("kernel32!RegOpenKeyW: error reading param") as u64; + + let subkey = emu.maps.read_wide_string(subkey_ptr); + emu.maps.write_dword(result, helper::handler_create(&format!("key://{}", subkey)) as u32); + + println!("{}** {} kernel32!RegOpenKeyW `{}` {}", emu.colors.light_red, emu.pos, subkey, emu.colors.nc); + emu.regs.rax = constants::ERROR_SUCCESS; + + for _ in 0..3 { + emu.stack_pop32(false); + } +} diff --git a/src/emu/winapi32/kernelbase.rs b/src/emu/winapi32/kernelbase.rs index 8d11878..a22d9fc 100644 --- a/src/emu/winapi32/kernelbase.rs +++ b/src/emu/winapi32/kernelbase.rs @@ -11,16 +11,15 @@ use lazy_static::lazy_static; use std::sync::Mutex; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x7594eca1 => LoadStringW(emu), + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "LoadStringW" => LoadStringW(emu), + "_initterm" => _initterm(emu), + "_initterm_e" => _initterm_e(emu), _ => { - let apiname = kernel32::guess_api_name(emu, addr); - println!( - "calling unimplemented kernelbase API 0x{:x} {}", - addr, apiname - ); - return apiname; + println!("calling unimplemented kernelbase API 0x{:x} {}", addr, api); + return api; } } @@ -58,6 +57,27 @@ fn LoadStringW(emu: &mut emu::Emu) { emu.regs.rax = 1; } +fn _initterm(emu: &mut emu::Emu) { + let ptr1 = emu.maps.read_dword(emu.regs.rsp) + .expect("kernelbase!_initterm error reading param"); + let ptr2 = emu.maps.read_dword(emu.regs.rsp+4) + .expect("kernelbase!_initterm error reading param"); + println!("{}** {} kernelbase!_initterm 0x{:x} 0x{:x} {}", emu.colors.light_red, emu.pos, ptr1, ptr2, emu.colors.nc); + emu.stack_pop32(false); + emu.stack_pop32(false); + emu.regs.rax = 0; +} + +fn _initterm_e(emu: &mut emu::Emu) { + let ptr1 = emu.maps.read_dword(emu.regs.rsp) + .expect("kernelbase!_initterm_e error reading param"); + let ptr2 = emu.maps.read_dword(emu.regs.rsp+4) + .expect("kernelbase!_initterm_e error reading param"); + println!("{}** {} kernelbase!_initterm_e 0x{:x} 0x{:x} {}", emu.colors.light_red, emu.pos, ptr1, ptr2, emu.colors.nc); + emu.stack_pop32(false); + emu.stack_pop32(false); + emu.regs.rax = 0; +} diff --git a/src/emu/winapi32/libgcc.rs b/src/emu/winapi32/libgcc.rs index 8a8b615..8b42ccf 100644 --- a/src/emu/winapi32/libgcc.rs +++ b/src/emu/winapi32/libgcc.rs @@ -4,18 +4,15 @@ use crate::emu; use crate::emu::winapi32::kernel32; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x6e955da8 => __register_frame_info(emu), - 0x6e9565c0 => __deregister_frame_info(emu), + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "__register_frame_info" => __register_frame_info(emu), + "__deregister_frame_info" => __deregister_frame_info(emu), _ => { - let apiname = kernel32::guess_api_name(emu, addr); - println!( - "calling unimplemented libgcc API 0x{:x} {}", - addr, apiname - ); - return apiname; + println!("calling unimplemented libgcc API 0x{:x} {}", addr, api); + return api; } } @@ -41,10 +38,7 @@ fn __register_frame_info(emu: &mut emu::Emu) { let mem = match emu.maps.get_mem_by_addr(0x40E198) { Some(m) => m, None => { - let m = emu.maps.create_map("glob1"); - m.set_base(0x40E198); - m.set_size(100); - m + emu.maps.create_map("glob1", 0x40E198, 100).expect("cannot create glob1 map") } }; diff --git a/src/emu/winapi32/mscoree.rs b/src/emu/winapi32/mscoree.rs index a4eb8bd..ef91d1c 100644 --- a/src/emu/winapi32/mscoree.rs +++ b/src/emu/winapi32/mscoree.rs @@ -2,13 +2,13 @@ use crate::emu; use crate::emu::winapi32::kernel32; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x79004ddb => _CorExeMain(emu), + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "_CorExeMain" => _CorExeMain(emu), _ => { - let apiname = kernel32::guess_api_name(emu, addr); - println!("calling unimplemented mscoree API 0x{:x} {}", addr, apiname); - return apiname; + println!("calling unimplemented mscoree API 0x{:x} {}", addr, api); + return api; } } diff --git a/src/emu/winapi32/msvcrt.rs b/src/emu/winapi32/msvcrt.rs index 95eaf9c..9d261cc 100644 --- a/src/emu/winapi32/msvcrt.rs +++ b/src/emu/winapi32/msvcrt.rs @@ -6,26 +6,27 @@ use crate::emu::winapi32::kernel32; // msvcrt is an exception and these functions dont have to compensate the stack. pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x761f1d9d => _initterm_e(emu), - 0x761ec151 => _initterm(emu), - 0x7670d2ac => StrCmpCA(emu), - 0x761fb2c4 => fopen(emu), - 0x761f76ac => fwrite(emu), - 0x761f4142 => fflush(emu), - 0x761f3d79 => fclose(emu), - 0x76233ab4 => __p___argv(emu), - 0x76233a88 => __p___argc(emu), - 0x761e9cee => malloc(emu), - 0x761f112d => _onexit(emu), - 0x761ea449 => _lock(emu), - 0x761e9894 => free(emu), - 0x761eb10d => realloc(emu), + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "_initterm_e" => _initterm_e(emu), + "_initterm" => _initterm(emu), + "StrCmpCA" => StrCmpCA(emu), + "fopen" => fopen(emu), + "fwrite" => fwrite(emu), + "fflush" => fflush(emu), + "fclose" => fclose(emu), + "__p___argv" => __p___argv(emu), + "__p___argc" => __p___argc(emu), + "malloc" => malloc(emu), + "_onexit" => _onexit(emu), + "_lock" => _lock(emu), + "free" => free(emu), + "realloc" => realloc(emu), + "strtok" => strtok(emu), _ => { - let apiname = kernel32::guess_api_name(emu, addr); - println!("calling unimplemented msvcrt API 0x{:x} {}", addr, apiname); - return apiname; + println!("calling unimplemented msvcrt API 0x{:x} {}", addr, api); + return api; } } @@ -205,11 +206,7 @@ fn __p___argc(emu: &mut emu::Emu) { Some(a) => a, None => { let addr = emu.maps.alloc(1024).expect("out of memory"); - let a = emu.maps.create_map("args"); - a.set_base(addr); - a.set_size(1024); - - a + emu.maps.create_map("args", addr, 1024).expect("cannot create args map") } }; @@ -222,20 +219,23 @@ fn __p___argc(emu: &mut emu::Emu) { } fn malloc(emu: &mut emu::Emu) { - - let size = emu - .maps - .read_dword(emu.regs.get_esp()) + let size = emu.maps.read_dword(emu.regs.get_esp()) .expect("msvcrt!malloc error reading size") as u64; - let addr = emu.alloc("alloc_malloc", size); - println!( - "{}** {} msvcrt!malloc {} =0x{:x} {}", - emu.colors.light_red, emu.pos, size, addr, emu.colors.nc - ); + if size > 0 { + let base = emu.maps.alloc(size) + .expect("msvcrt!malloc out of memory"); + + emu.maps.create_map(&format!("alloc_{:x}", base), base, size) + .expect("msvcrt!malloc cannot create map"); - //emu.stack_pop32(false); - emu.regs.rax = addr; + println!("{}** {} msvcrt!malloc sz: {} addr: 0x{:x} {}", + emu.colors.light_red, emu.pos, size, base, emu.colors.nc); + + emu.regs.rax = base; + } else { + emu.regs.rax = 0x1337; // weird msvcrt has to return a random unallocated pointer, and the program has to do free() on it + } } fn __p__acmdln(emu: &mut emu::Emu) { @@ -290,12 +290,44 @@ fn realloc(emu: &mut emu::Emu) { let addr = emu.maps.read_dword(emu.regs.get_esp()) .expect("msvcrt!realloc error reading addr") as u64; let size = emu.maps.read_dword(emu.regs.get_esp() + 4) - .expect("msvcrt!realloc error reading size"); + .expect("msvcrt!realloc error reading size") as u64; + + if addr == 0 { + if size == 0 { + emu.regs.rax = 0; + return; + } else { + let base = emu.maps.alloc(size) + .expect("msvcrt!malloc out of memory"); + + emu.maps.create_map(&format!("alloc_{:x}", base), base, size) + .expect("msvcrt!malloc cannot create map"); + + println!("{}** {} msvcrt!realloc 0x{:x} {} =0x{:x} {}", + emu.colors.light_red, emu.pos, addr, size, base, emu.colors.nc); + + emu.regs.rax = base; + return; + } + } + + if size == 0 { + println!("{}** {} msvcrt!realloc 0x{:x} {} =0x1337 {}", + emu.colors.light_red, emu.pos, addr, size, emu.colors.nc); + + emu.regs.rax = 0x1337; // weird msvcrt has to return a random unallocated pointer, and the program has to do free() on it + return; + } let mem = emu.maps.get_mem_by_addr(addr).expect("msvcrt!realloc error getting mem"); let prev_size = mem.size(); - let new_addr = emu.alloc("alloc_realloc", size as u64); + let new_addr = emu.maps.alloc(size) + .expect("msvcrt!realloc out of memory"); + + emu.maps.create_map(&format!("alloc_{:x}", new_addr), new_addr, size) + .expect("msvcrt!realloc cannot create map"); + emu.maps.memcpy(new_addr, addr, prev_size); emu.maps.dealloc(addr); @@ -305,4 +337,20 @@ fn realloc(emu: &mut emu::Emu) { ); emu.regs.rax = new_addr; +} + +fn strtok(emu: &mut emu::Emu) { + let str_ptr = emu.maps.read_dword(emu.regs.get_esp()) + .expect("msvcrt!strtok error reading str_ptr"); + + let delim_ptr = emu.maps.read_dword(emu.regs.get_esp() + 4) + .expect("msvcrt!strtok error reading delim"); + + let str = emu.maps.read_string(str_ptr as u64); + let delim = emu.maps.read_string(delim_ptr as u64); + + println!("{}** {} msvcrt!strtok `{}` `{}` {}", + emu.colors.light_red, emu.pos, str, delim, emu.colors.nc); + + emu.regs.rax = 0; } \ No newline at end of file diff --git a/src/emu/winapi32/ntdll.rs b/src/emu/winapi32/ntdll.rs index e9f46d1..c3232ae 100644 --- a/src/emu/winapi32/ntdll.rs +++ b/src/emu/winapi32/ntdll.rs @@ -8,43 +8,43 @@ use crate::emu::winapi32::kernel32; use scan_fmt::scan_fmt_some; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x775b52d8 => NtAllocateVirtualMemory(emu), - 0x775b5a18 => NtGetContextThread(emu), - 0x7757f774 => RtlVectoredExceptionHandler(emu), - 0x775d22b8 => LdrLoadDll(emu), - 0x775b6258 => NtQueryVirtualMemory(emu), - 0x775d531f => stricmp(emu), - 0x7759f611 => RtlExitUserThread(emu), - 0x7763a4dd => sscanf(emu), - 0x7761b3de => NtGetTickCount(emu), - 0x775b6158 => NtQueryPerformanceCounter(emu), - 0x775eabd1 => RtlGetProcessHeaps(emu), - 0x775d27e0 => RtlDosPathNameToNtPathName_U(emu), - 0x775b55c8 => NtCreateFile(emu), - 0x775c2c6a => RtlFreeHeap(emu), - 0x775b6018 => NtQueryInformationFile(emu), - 0x775c2dd6 => RtlAllocateHeap(emu), - 0x775b62b8 => NtReadFile(emu), - 0x775b54c8 => NtClose(emu), - 0x775cee8d => RtlInitializeCriticalSectionAndSpinCount(emu), - 0x775b5f18 => NtProtectVirtualMemory(emu), - 0x775b77a0 => RtlEnterCriticalSection(emu), - 0x775b7760 => RtlLeaveCriticalSection(emu), - 0x775d65e3 => RtlGetVersion(emu), - 0x775c6db9 => RtlInitializeCriticalSectionEx(emu), - 0x775a5340 => memset(emu), - 0x775d7de2 => RtlSetUnhandledExceptionFilter(emu), - 0x775a55c0 => strlen(emu), - 0x77593030 => VerSetConditionMask(emu), - 0x775a53d0 => strcat(emu), - 0x775a4cc0 => memcpy(emu), - 0x775d22bd => LdrLoadDll_gul(emu), + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "NtAllocateVirtualMemory" => NtAllocateVirtualMemory(emu), + "NtGetContextThread" => NtGetContextThread(emu), + "RtlVectoredExceptionHandler" => RtlVectoredExceptionHandler(emu), + "LdrLoadDll" => LdrLoadDll(emu), + "NtQueryVirtualMemory" => NtQueryVirtualMemory(emu), + "stricmp" => stricmp(emu), + "RtlExitUserThread" => RtlExitUserThread(emu), + "sscanf" => sscanf(emu), + "NtGetTickCount" => NtGetTickCount(emu), + "NtQueryPerformanceCounter" => NtQueryPerformanceCounter(emu), + "RtlGetProcessHeaps" => RtlGetProcessHeaps(emu), + "RtlDosPathNameToNtPathName_U" => RtlDosPathNameToNtPathName_U(emu), + "NtCreateFile" => NtCreateFile(emu), + "RtlFreeHeap" => RtlFreeHeap(emu), + "NtQueryInformationFile" => NtQueryInformationFile(emu), + "RtlAllocateHeap" => RtlAllocateHeap(emu), + "NtReadFile" => NtReadFile(emu), + "NtClose" => NtClose(emu), + "RtlInitializeCriticalSectionAndSpinCount" => RtlInitializeCriticalSectionAndSpinCount(emu), + "NtProtectVirtualMemory" => NtProtectVirtualMemory(emu), + "RtlEnterCriticalSection" => RtlEnterCriticalSection(emu), + "RtlLeaveCriticalSection" => RtlLeaveCriticalSection(emu), + "RtlGetVersion" => RtlGetVersion(emu), + "RtlInitializeCriticalSectionEx" => RtlInitializeCriticalSectionEx(emu), + "memset" => memset(emu), + "RtlSetUnhandledExceptionFilter" => RtlSetUnhandledExceptionFilter(emu), + "strlen" => strlen(emu), + "VerSetConditionMask" => VerSetConditionMask(emu), + "strcat" => strcat(emu), + "memcpy" => memcpy(emu), + "LdrLoadDll_gul" => LdrLoadDll_gul(emu), _ => { - let apiname = kernel32::guess_api_name(emu, addr); - println!("calling unimplemented ntdll API 0x{:x} {}", addr, apiname); - return apiname; + println!("calling unimplemented ntdll API 0x{:x} {}", addr, api); + return api; } } @@ -108,12 +108,7 @@ fn NtAllocateVirtualMemory(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, addr, size, alloc_addr, emu.colors.nc ); - let alloc = emu - .maps - .create_map(format!("valloc_{:x}", alloc_addr).as_str()); - alloc.set_base(alloc_addr); - alloc.set_size(size); - //alloc.set_bottom(alloc_addr + size); + emu.maps.create_map(format!("valloc_{:x}", alloc_addr).as_str(), alloc_addr, size).expect("ntdll!NtAllocateVirtualMemory cannot create map"); if !emu.maps.write_dword(addr_ptr, alloc_addr as u32) { panic!("NtAllocateVirtualMemory: cannot write on address pointer"); @@ -231,18 +226,8 @@ fn LdrLoadDll(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, libname, emu.colors.nc ); - if libname == "user32.dll" { - let user32 = emu.maps.create_map("user32"); - user32.set_base(0x773b0000); - user32.load("maps32/user32.bin"); - let user32_text = emu.maps.create_map("user32_text"); - user32_text.set_base(0x773b1000); - user32_text.load("maps32/user32_text.bin"); - - if !emu.maps.write_dword(libaddr_ptr, 0x773b0000) { - panic!("ntdll_LdrLoadDll: cannot write in addr param"); - } - } + let base = kernel32::load_library(emu, &libname); + emu.maps.write_dword(libname_ptr, base as u32); for _ in 0..4 { emu.stack_pop32(false); @@ -277,11 +262,9 @@ fn LdrLoadDll_gul(emu: &mut emu::Emu) { if libname == "user32.dll" { - let user32 = emu.maps.create_map("user32"); - user32.set_base(0x773b0000); + let user32 = emu.maps.create_map("user32", 0x773b0000, 0x1000).expect("ntdll!LdrLoadDll_gul cannot create map"); user32.load("maps32/user32.bin"); - let user32_text = emu.maps.create_map("user32_text"); - user32_text.set_base(0x773b1000); + let user32_text = emu.maps.create_map("user32_text", 0x773b1000, 0x1000).expect("ntdll!LdrLoadDll_gul cannot create map"); user32_text.load("maps32/user32_text.bin"); if !emu.maps.write_dword(libaddr_ptr, 0x773b0000) { @@ -554,9 +537,7 @@ fn RtlDosPathNameToNtPathName_U(emu: &mut emu::Emu) { } else { let addr = match emu.maps.alloc(255) { Some(a) => { - let mem = emu.maps.create_map("nt_alloc"); - mem.set_base(a); - mem.set_size(255); + emu.maps.create_map("nt_alloc", a, 255).expect("ntdll!RtlDosPathNameToNtPathName_U cannot create map"); emu.maps.write_dword(nt_path_name_ptr, a as u32); emu.maps.memcpy( a, @@ -773,9 +754,7 @@ fn RtlAllocateHeap(emu: &mut emu::Emu) { .maps .alloc(size) .expect("ntdll!RtlAllocateHeap out of memory"); - let alloc = emu.maps.create_map(format!("alloc_{:x}", base).as_str()); - alloc.set_base(base); - alloc.set_size(size); + emu.maps.create_map(format!("alloc_{:x}", base).as_str(), base, size).expect("ntdll!RtlAllocateHeap cannot create map"); println!( "{}** {} ntdll!RtlAllocateHeap sz: {} addr: 0x{:x} {}", diff --git a/src/emu/winapi32/oleaut32.rs b/src/emu/winapi32/oleaut32.rs index 14ef8af..7aede3b 100644 --- a/src/emu/winapi32/oleaut32.rs +++ b/src/emu/winapi32/oleaut32.rs @@ -3,17 +3,14 @@ use crate::emu::winapi32::kernel32; use crate::emu; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x764745d2 => SysAllocStringLen(emu), - 0x76473e59 => SysFreeString(emu), + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "SysAllocStringLen" => SysAllocStringLen(emu), + "SysFreeString" => SysFreeString(emu), _ => { - let apiname = kernel32::guess_api_name(emu, addr); - println!( - "calling unimplemented oleaut32 API 0x{:x} {}", - addr, apiname - ); - return apiname; + println!("calling unimplemented oleaut32 API 0x{:x} {}", addr, api); + return api; } } @@ -41,10 +38,7 @@ fn SysAllocStringLen(emu: &mut emu::Emu) { .alloc(size + 8) .expect("oleaut32!SysAllocStringLen out of memory"); let name = format!("alloc_{:x}", base + 8); - let alloc = emu.maps.create_map(&name); - alloc.set_base(base); - alloc.set_size(size); - + emu.maps.create_map(&name, base, size); emu.maps.memcpy(base + 8, str_ptr, size as usize - 1); println!( diff --git a/src/emu/winapi32/shlwapi.rs b/src/emu/winapi32/shlwapi.rs index 919d9e2..7f3c4d8 100644 --- a/src/emu/winapi32/shlwapi.rs +++ b/src/emu/winapi32/shlwapi.rs @@ -4,11 +4,11 @@ use crate::emu::winapi32::kernel32; //use crate::emu::endpoint; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { _ => { - let apiname = kernel32::guess_api_name(emu, addr); - println!("calling unimplemented shlwapi API 0x{:x} {}", addr, apiname); - return apiname; + println!("calling unimplemented shlwapi API 0x{:x} {}", addr, api); + return api; } } } diff --git a/src/emu/winapi32/user32.rs b/src/emu/winapi32/user32.rs index 2081dd3..b16d6a1 100644 --- a/src/emu/winapi32/user32.rs +++ b/src/emu/winapi32/user32.rs @@ -2,19 +2,19 @@ use crate::emu; use crate::emu::winapi32::kernel32; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x7740ea11 => MessageBoxA(emu), - 0x7740ea5f => MessageBoxW(emu), - 0x773c01a9 => GetDesktopWindow(emu), - 0x773d426d => wsprintfW(emu), - 0x773bdfdc => GetProcessWindowStation(emu), - 0x773be355 => GetUserObjectInformationW(emu), - 0x773bba8a => CharLowerW(emu), - 0x773c3f47 => wsprintfA(emu), + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "MessageBoxA" => MessageBoxA(emu), + "MessageBoxW" => MessageBoxW(emu), + "GetDesktopWindow" => GetDesktopWindow(emu), + "wsprintfW" => wsprintfW(emu), + "GetProcessWindowStation" => GetProcessWindowStation(emu), + "GetUserObjectInformationW" => GetUserObjectInformationW(emu), + "CharLowerW" => CharLowerW(emu), + "wsprintfA" => wsprintfA(emu), _ => { - let apiname = kernel32::guess_api_name(emu, addr); - println!("calling unimplemented user32 API 0x{:x} {}", addr, apiname); - return apiname; + println!("calling unimplemented user32 API 0x{:x} {}", addr, api); + return api; } } diff --git a/src/emu/winapi32/wincrt.rs b/src/emu/winapi32/wincrt.rs new file mode 100644 index 0000000..3d3cc6e --- /dev/null +++ b/src/emu/winapi32/wincrt.rs @@ -0,0 +1,24 @@ +use crate::emu; +//use crate::emu::constants::*; +//use crate::emu::winapi32::helper; +use crate::emu::winapi32::kernel32; + +pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "_set_invalid_parameter_handler" => set_invalid_parameter_handler(emu), + + + _ => { + println!("calling unimplemented wincrt API 0x{:x} {}", addr, api); + return api; + } + } + + return String::new(); +} + +fn set_invalid_parameter_handler(emu: &mut emu::Emu) { + println!("{}** {} wincrt!_set_invalid_parameter_handler {}", emu.colors.light_red, emu.pos, emu.colors.nc); + emu.regs.rax = 0; +} diff --git a/src/emu/winapi32/wininet.rs b/src/emu/winapi32/wininet.rs index 99302be..3d71e11 100644 --- a/src/emu/winapi32/wininet.rs +++ b/src/emu/winapi32/wininet.rs @@ -8,25 +8,27 @@ use lazy_static::lazy_static; use std::sync::Mutex; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x7633f18e => InternetOpenA(emu), - 0x76339197 => InternetOpenW(emu), - 0x763349e9 => InternetConnectA(emu), - 0x7633492c => InternetConnectW(emu), - 0x76334c7d => HttpOpenRequestA(emu), - 0x76334a42 => HttpOpenRequestW(emu), - 0x763275e8 => InternetSetOptionA(emu), - 0x76327741 => InternetSetOptionW(emu), - 0x763a18f8 => HttpSendRequestA(emu), - 0x7633ba12 => HttpSendRequestW(emu), - 0x7632b406 => InternetReadFile(emu), - 0x763b3328 => InternetErrorDlg(emu), - 0x7632a33e => HttpQueryInfoA(emu), - 0x7632ab49 => InternetCloseHandle(emu), + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "InternetOpenA" => InternetOpenA(emu), + "InternetOpenW" => InternetOpenW(emu), + "InternetConnectA" => InternetConnectA(emu), + "InternetConnectW" => InternetConnectW(emu), + "HttpOpenRequestA" => HttpOpenRequestA(emu), + "HttpOpenRequestW" => HttpOpenRequestW(emu), + "InternetSetOptionA" => InternetSetOptionA(emu), + "InternetSetOptionW" => InternetSetOptionW(emu), + "HttpSendRequestA" => HttpSendRequestA(emu), + "HttpSendRequestW" => HttpSendRequestW(emu), + "InternetReadFile" => InternetReadFile(emu), + "InternetErrorDlg" => InternetErrorDlg(emu), + "HttpQueryInfoA" => HttpQueryInfoA(emu), + "InternetCloseHandle" => InternetCloseHandle(emu), + "InternetCrackUrlA" => InternetCrackUrlA(emu), + "InternetCrackUrlW" => InternetCrackUrlW(emu), _ => { - let apiname = kernel32::guess_api_name(emu, addr); - println!("calling unimplemented wininet API 0x{:x} {}", addr, apiname); - return apiname; + println!("calling unimplemented wininet API 0x{:x} {}", addr, api); + return api; } } @@ -767,3 +769,44 @@ fn InternetCloseHandle(emu: &mut emu::Emu) { emu.stack_pop32(false); emu.regs.rax = 1; // true } + +fn InternetCrackUrlA(emu: &mut emu::Emu) { + let url_ptr = emu.maps.read_dword(emu.regs.get_esp()) + .expect("wininet!InternetCrackUrlA error reading url_ptr") as u64; + let url_len = emu.maps.read_dword(emu.regs.get_esp() + 4) + .expect("wininet!InternetCrackUrlA error reading flags"); + let flags = emu.maps.read_dword(emu.regs.get_esp() + 8) + .expect("wininet!InternetCrackUrlA error reading reserved"); + let components = emu.maps.read_dword(emu.regs.get_esp() + 12) + .expect("wininet!InternetCrackUrlA error reading component"); + + let url = emu.maps.read_string(url_ptr); + + println!("{}** {} wininet!InternetCrackUrlA url: `{}` {}", emu.colors.light_red, emu.pos, url, emu.colors.nc); + + for _ in 0..4 { + emu.stack_pop32(false); + } + emu.regs.rax = 1; +} + +fn InternetCrackUrlW(emu: &mut emu::Emu) { + let url_ptr = emu.maps.read_dword(emu.regs.get_esp()) + .expect("wininet!InternetCrackUrlW error reading url_ptr") as u64; + let url_len = emu.maps.read_dword(emu.regs.get_esp() + 4) + .expect("wininet!InternetCrackUrlW error reading url_len"); + let flags = emu.maps.read_dword(emu.regs.get_esp() + 8) + .expect("wininet!InternetCrackUrlW error reading flags"); + let components = emu.maps.read_dword(emu.regs.get_esp() + 12) + .expect("wininet!InternetCrackUrlW error reading components"); + + let url = emu.maps.read_wide_string(url_ptr); + + println!("{}** {} wininet!InternetCrackUrlW url: `{}` {}", emu.colors.light_red, emu.pos, url, emu.colors.nc); + + for _ in 0..4 { + emu.stack_pop32(false); + } + + emu.regs.rax = 1; +} diff --git a/src/emu/winapi32/ws2_32.rs b/src/emu/winapi32/ws2_32.rs index 4ae7808..4b14d9e 100644 --- a/src/emu/winapi32/ws2_32.rs +++ b/src/emu/winapi32/ws2_32.rs @@ -7,23 +7,24 @@ use lazy_static::lazy_static; use std::sync::Mutex; pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { - match addr { - 0x77483ab2 => WsaStartup(emu), - 0x7748c82a => WsaSocketA(emu), - 0x77483eb8 => socket(emu), - 0x77493c11 => WsaHtons(emu), - 0x77482d8b => htons(emu), - 0x7748311b => inet_addr(emu), - 0x77486bdd => connect(emu), - 0x77486b0e => recv(emu), - 0x77486f01 => send(emu), - 0x77484582 => bind(emu), - 0x7748b001 => listen(emu), - 0x774868b6 => accept(emu), - 0x77483918 => closesocket(emu), - 0x774841b6 => setsockopt(emu), - 0x7748737d => getsockopt(emu), - 0x774868d6 => WsaAccept(emu), + let api = kernel32::guess_api_name(emu, addr); + match api.as_str() { + "WsaStartup" => WsaStartup(emu), + "WsaSocketA" => WsaSocketA(emu), + "socket" => socket(emu), + "WsaHtons" => WsaHtons(emu), + "htons" => htons(emu), + "inet_addr" => inet_addr(emu), + "connect" => connect(emu), + "recv" => recv(emu), + "send" => send(emu), + "bind" => bind(emu), + "listen" => listen(emu), + "accept" => accept(emu), + "closesocket" => closesocket(emu), + "setsockopt" => setsockopt(emu), + "getsockopt" => getsockopt(emu), + "WsaAccept" => WsaAccept(emu), /* 0x774834b5 => sendto(emu), @@ -33,9 +34,8 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { 0x7748cc3f => WsaConnect(emu), */ _ => { - let apiname = kernel32::guess_api_name(emu, addr); - println!("calling unimplemented ws2_32 API 0x{:x} {}", addr, apiname); - return apiname; + println!("calling unimplemented ws2_32 API 0x{:x} {}", addr, api); + return api; } } diff --git a/src/emu/winapi64/kernel32.rs b/src/emu/winapi64/kernel32.rs index d8cb957..35e725f 100644 --- a/src/emu/winapi64/kernel32.rs +++ b/src/emu/winapi64/kernel32.rs @@ -661,9 +661,7 @@ fn VirtualAlloc(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, addr, size, base, emu.colors.nc ); - let alloc = emu.maps.create_map(format!("alloc_{:x}", base).as_str()); - alloc.set_base(base); - alloc.set_size(size); + emu.maps.create_map(format!("alloc_{:x}", base).as_str(), base, size).expect("kernel32!VirtualAlloc out of memory"); emu.regs.rax = base; } @@ -689,9 +687,7 @@ fn VirtualAllocEx(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, proc_hndl, addr, size, base, emu.colors.nc ); - let alloc = emu.maps.create_map(format!("alloc_{:x}", base).as_str()); - alloc.set_base(base); - alloc.set_size(size); + emu.maps.create_map(format!("alloc_{:x}", base).as_str(), base, size).expect("kernel32!VirtualAllocEx out of memory"); emu.regs.rax = base; } @@ -832,11 +828,7 @@ fn HeapAlloc(emu: &mut emu::Emu) { None => 0, }; - let mem = emu - .maps - .create_map(format!("alloc_{:x}", emu.regs.rax).as_str()); - mem.set_base(emu.regs.rax); - mem.set_size(size); + emu.maps.create_map(format!("alloc_{:x}", emu.regs.rax).as_str(), emu.regs.rax, size).expect("kernel32!HeapAlloc out of memory"); println!( "{}** {} kernel32!HeapAlloc flags: 0x{:x} size: {} =0x{:x} {}", @@ -878,7 +870,9 @@ fn CreateThread(emu: &mut emu::Emu) { .read_qword(emu.regs.rsp + 8) .expect("kernel32!CreateThread cannot read tid_ptr") as u64; - emu.maps.write_dword(tid_ptr, 0x123); + if tid_ptr > 0 { + emu.maps.write_dword(tid_ptr, 0x123); + } println!( "{}** {} kernel32!CreateThread code: 0x{:x} param: 0x{:x} {}", @@ -936,9 +930,7 @@ fn LocalAlloc(emu: &mut emu::Emu) { .maps .alloc(bytes) .expect("kernel32!LocalAlloc out of memory"); - let alloc = emu.maps.create_map(format!("alloc_{:x}", base).as_str()); - alloc.set_base(base); - alloc.set_size(bytes); + emu.maps.create_map(format!("alloc_{:x}", base).as_str(), base, bytes).expect("kernel32!LocalAlloc out of memory"); emu.regs.rax = base; } @@ -1566,9 +1558,7 @@ fn MapViewOfFile(emu: &mut emu::Emu) { .maps .alloc(size) .expect("kernel32!MapViewOfFile cannot allocate"); - let mem = emu.maps.create_map("file_map"); - mem.set_base(addr); - mem.set_size(size); + let mem = emu.maps.create_map("file_map", addr, size).expect("kernel32!MapViewOfFile cannot create map"); let loaded = mem.load_chunk(&emu.filename, off, size as usize); println!( @@ -1680,9 +1670,7 @@ fn VirtualAllocExNuma(emu: &mut emu::Emu) { .maps .alloc(size) .expect("kernel32!VirtualAllocExNuma out of memory"); - let alloc = emu.maps.create_map(format!("alloc_{:x}", base).as_str()); - alloc.set_base(base); - alloc.set_size(size); + emu.maps.create_map(format!("alloc_{:x}", base).as_str(), base, size).expect("kernel32!VirtualAllocExNuma cannot create map"); emu.regs.rax = base; } diff --git a/src/emu/winapi64/ntdll.rs b/src/emu/winapi64/ntdll.rs index fcaeb1c..e26212c 100644 --- a/src/emu/winapi64/ntdll.rs +++ b/src/emu/winapi64/ntdll.rs @@ -101,12 +101,7 @@ fn NtAllocateVirtualMemory(emu: &mut emu::Emu) { emu.colors.light_red, emu.pos, addr, size, alloc_addr, emu.colors.nc ); - let alloc = emu - .maps - .create_map(format!("valloc_{:x}", alloc_addr).as_str()); - alloc.set_base(alloc_addr); - alloc.set_size(size); - //alloc.set_bottom(alloc_addr + size); + emu.maps.create_map(format!("valloc_{:x}", alloc_addr).as_str(), alloc_addr, size).expect("ntdll!NtAllocateVirtualMemory cannot create map"); if !emu.maps.write_qword(addr_ptr, alloc_addr) { panic!("NtAllocateVirtualMemory: cannot write on address pointer"); @@ -192,11 +187,9 @@ fn LdrLoadDll(emu: &mut emu::Emu) { ); if libname == "user32.dll" { - let user32 = emu.maps.create_map("user32"); - user32.set_base(0x773b0000); + let user32 = emu.maps.create_map("user32", 0x773b0000, 0x1000).expect("ntdll!LdrLoadDll_gul cannot create map"); user32.load("maps32/user32.bin"); - let user32_text = emu.maps.create_map("user32_text"); - user32_text.set_base(0x773b1000); + let user32_text = emu.maps.create_map("user32_text", 0x773b1000, 0x1000).expect("ntdll!LdrLoadDll_gul cannot create map"); user32_text.load("maps32/user32_text.bin"); if !emu.maps.write_qword(libaddr_ptr, 0x773b0000) { @@ -311,9 +304,7 @@ fn RtlAllocateHeap(emu: &mut emu::Emu) { Some(a) => a, None => panic!("/!\\ out of memory cannot allocate ntdll!RtlAllocateHeap"), }; - let alloc = emu.maps.create_map(&map_name); - alloc.set_base(alloc_addr); - alloc.set_size(size); + emu.maps.create_map(&map_name, alloc_addr, size).expect("ntdll!RtlAllocateHeap cannot create map"); //} println!( @@ -481,9 +472,7 @@ fn RtlDosPathNameToNtPathName_U(emu: &mut emu::Emu) { } else { let addr = match emu.maps.alloc(255) { Some(a) => { - let mem = emu.maps.create_map("nt_alloc"); - mem.set_base(a); - mem.set_size(255); + let mem = emu.maps.create_map("nt_alloc", a, 255).expect("ntdll!RtlDosPathNameToNtPathName_U cannot create map"); emu.maps.write_dword(nt_path_name_ptr, a as u32); emu.maps.memcpy( a, diff --git a/src/emu/winapi64/ws2_32.rs b/src/emu/winapi64/ws2_32.rs index 2365875..7c5e928 100644 --- a/src/emu/winapi64/ws2_32.rs +++ b/src/emu/winapi64/ws2_32.rs @@ -450,15 +450,12 @@ fn gethostbyname(emu: &mut emu::Emu) { ); let addr = emu.maps.alloc(1024).expect("low memory"); - let map = emu.maps.create_map("hostent"); let str_addr = addr + 1024 - 100; - - map.set_base(addr); - map.set_size(1024); - map.write_dword(addr, 0x04030201); - map.write_qword(addr + 8, addr); - map.write_qword(addr + 16, 0); - map.write_string(str_addr, &domain_name); + let mem = emu.maps.create_map("hostent", addr, 1024).expect("cannot create hostent map"); + mem.write_dword(addr, 0x04030201); + mem.write_qword(addr + 8, addr); + mem.write_qword(addr + 16, 0); + mem.write_string(str_addr, &domain_name); let mut hostent = Hostent::new(); hostent.hname = str_addr; From 2973b46f93e267989588c01f6b4170b1f6cbebee Mon Sep 17 00:00:00 2001 From: sha0coder Date: Sat, 21 Dec 2024 01:30:32 +0100 Subject: [PATCH 08/49] update version --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 394bc97..ba6967e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libscemu" -version = "0.18.7" +version = "0.19.0" edition = "2018" authors = ["sha0coder"] license = "MIT" From 2bf5f0d03828cbefbda9278bf9808e8efca1b1f0 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Sun, 22 Dec 2024 13:00:03 +0100 Subject: [PATCH 09/49] implemented instruction used by enigma packers --- src/emu.rs | 9 ++++ src/emu/pe32.rs | 4 ++ src/emu/structures.rs | 118 +++++++++++++++++++++++++++++++++++++++--- 3 files changed, 125 insertions(+), 6 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index 83e0ab7..e2dee55 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -342,6 +342,7 @@ impl Emu { self.regs.rsp = self.cfg.stack_addr + 0x4000; self.regs.rbp = self.cfg.stack_addr + 0x4000 + 0x1000; + let stack = self.maps.create_map("stack", self.cfg.stack_addr, 0x6000).expect("cannot create stack map"); assert!(self.regs.rsp < self.regs.rbp); @@ -351,6 +352,7 @@ impl Emu { assert!(self.regs.rbp < stack.get_bottom()); assert!(stack.inside(self.regs.rsp)); assert!(stack.inside(self.regs.rbp)); + } pub fn init_stack64_tests(&mut self) { @@ -414,6 +416,13 @@ impl Emu { self.init_stack64(); //self.init_stack64_tests(); //self.init_flags_tests(); + + let teb_map = self.maps.get_mem("teb"); + //let mut teb = structures::TEB64::load(teb_map.get_base(), &self.maps); + let mut teb = structures::TEB64::load(teb_map.get_base(), &self.maps); + teb.nt_tib.stack_base = self.cfg.stack_addr; + teb.nt_tib.stack_limit = self.cfg.stack_addr + 0x6000; + teb.save(teb_map); } else { // 32bits self.regs.rip = self.cfg.entry_point; diff --git a/src/emu/pe32.rs b/src/emu/pe32.rs index d09f5a7..3a9220d 100644 --- a/src/emu/pe32.rs +++ b/src/emu/pe32.rs @@ -787,6 +787,10 @@ impl PE32 { pub fn read_string(raw: &[u8], off: usize) -> String { let mut last = 0; + if raw.len() < off + 200 { + return String::new(); + } + for i in off..off + 200 { if raw[i] == 0 { last = i; diff --git a/src/emu/structures.rs b/src/emu/structures.rs index f49239b..bfba4b7 100644 --- a/src/emu/structures.rs +++ b/src/emu/structures.rs @@ -285,9 +285,62 @@ impl OrdinalTable { } } +#[derive(Debug)] +pub struct NtTib32 { + pub exception_list: u32, + pub stack_base: u32, + pub stack_limit: u32, + pub sub_system_tib: u32, + pub fiber_data: u32, + pub arbitrary_user_pointer: u32, + pub self_pointer: u32, +} + +impl NtTib32 { + pub fn size() -> usize { + return 28; + } + + pub fn new() -> NtTib32 { + NtTib32 { + exception_list: 0, + stack_base: 0, + stack_limit: 0, + sub_system_tib: 0, + fiber_data: 0, + arbitrary_user_pointer: 0, + self_pointer: 0, + } + } + + pub fn load(addr: u64, maps: &Maps) -> NtTib32 { + NtTib32 { + exception_list: maps.read_dword(addr).unwrap(), + stack_base: maps.read_dword(addr + 4).unwrap(), + stack_limit: maps.read_dword(addr + 8).unwrap(), + sub_system_tib: maps.read_dword(addr + 12).unwrap(), + fiber_data: maps.read_dword(addr + 16).unwrap(), + arbitrary_user_pointer: maps.read_dword(addr + 20).unwrap(), + self_pointer: maps.read_dword(addr + 24).unwrap(), + } + } + + pub fn save(&self, addr: u64, mem: &mut Mem64) { + mem.write_dword(addr, self.exception_list); + mem.write_dword(addr + 4, self.stack_base); + mem.write_dword(addr + 8, self.stack_limit); + mem.write_dword(addr + 12, self.sub_system_tib); + mem.write_dword(addr + 16, self.fiber_data); + mem.write_dword(addr + 20, self.arbitrary_user_pointer); + mem.write_dword(addr + 24, self.self_pointer); + } +} + + + #[derive(Debug)] pub struct TEB { - nt_tib: [u8; 28], + pub nt_tib: NtTib32, environment_pointer: u32, process_id: u32, thread_id: u32, @@ -317,7 +370,7 @@ impl TEB { pub fn new(peb_addr: u32) -> TEB { TEB { - nt_tib: [0; 28], + nt_tib: NtTib32::new(), environment_pointer: 0, process_id: 3240, thread_id: 1, @@ -343,7 +396,7 @@ impl TEB { pub fn load(addr: u64, maps: &Maps) -> TEB { TEB { - nt_tib: [0; 28], + nt_tib: NtTib32::load(addr, maps), environment_pointer: maps.read_dword(addr + 28).unwrap(), process_id: maps.read_dword(addr + 32).unwrap(), thread_id: maps.read_dword(addr + 36).unwrap(), @@ -369,6 +422,7 @@ impl TEB { pub fn save(&self, mem: &mut Mem64) { let base = mem.get_base(); + self.nt_tib.save(base, mem); mem.write_dword(base + 28, self.environment_pointer); mem.write_dword(base + 32, self.process_id); mem.write_dword(base + 36, self.thread_id); @@ -837,9 +891,60 @@ impl PEB64 { } } +#[derive(Debug)] +pub struct NtTib64 { + pub exception_list: u64, + pub stack_base: u64, + pub stack_limit: u64, + pub sub_system_tib: u64, + pub fiber_data: u64, + pub arbitrary_user_pointer: u64, + pub self_pointer: u64, +} + +impl NtTib64 { + pub fn new() -> NtTib64 { + NtTib64 { + exception_list: 0, + stack_base: 0, + stack_limit: 0, + sub_system_tib: 0, + fiber_data: 0, + arbitrary_user_pointer: 0, + self_pointer: 0, + } + } + + pub fn size() -> usize { + return 56; + } + + pub fn load(addr: u64, maps: &Maps) -> NtTib64 { + NtTib64 { + exception_list: maps.read_qword(addr).unwrap(), + stack_base: maps.read_qword(addr + 8).unwrap(), + stack_limit: maps.read_qword(addr + 16).unwrap(), + sub_system_tib: maps.read_qword(addr + 24).unwrap(), + fiber_data: maps.read_qword(addr + 32).unwrap(), + arbitrary_user_pointer: maps.read_qword(addr + 40).unwrap(), + self_pointer: maps.read_qword(addr + 48).unwrap(), + } + } + + pub fn save(&self, base: u64, mem: &mut Mem64) { + mem.write_qword(base, self.exception_list); + mem.write_qword(base + 8, self.stack_base); + mem.write_qword(base + 16, self.stack_limit); + mem.write_qword(base + 24, self.sub_system_tib); + mem.write_qword(base + 32, self.fiber_data); + mem.write_qword(base + 40, self.arbitrary_user_pointer); + mem.write_qword(base + 48, self.self_pointer); + } +} + #[derive(Debug)] pub struct TEB64 { - nt_tib: [u8; 56], + pub nt_tib: NtTib64, environment_pointer: u64, process_id: u64, thread_id: u64, @@ -863,7 +968,7 @@ pub struct TEB64 { impl TEB64 { pub fn new(peb_addr: u64) -> TEB64 { TEB64 { - nt_tib: [0; 56], + nt_tib: NtTib64::new(), environment_pointer: 0, process_id: 3240, thread_id: 1, @@ -891,7 +996,7 @@ impl TEB64 { pub fn load(addr: u64, maps: &Maps) -> TEB64 { TEB64 { - nt_tib: [0; 56], + nt_tib: NtTib64::load(addr, maps), environment_pointer: maps.read_qword(addr + 0x38).unwrap(), process_id: maps.read_qword(addr + 0x40).unwrap(), thread_id: maps.read_qword(addr + 0x48).unwrap(), @@ -915,6 +1020,7 @@ impl TEB64 { pub fn save(&self, mem: &mut Mem64) { let base = mem.get_base(); + self.nt_tib.save(base, mem); mem.write_qword(base + 0x38, self.environment_pointer); mem.write_qword(base + 0x40, self.process_id); mem.write_qword(base + 0x48, self.thread_id); From 01dc30e9b6ae271cbf37263da435e5bbfb430f98 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Sun, 22 Dec 2024 14:47:28 +0100 Subject: [PATCH 10/49] fix borrowing --- src/emu.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/emu.rs b/src/emu.rs index e2dee55..b228347 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -417,12 +417,14 @@ impl Emu { //self.init_stack64_tests(); //self.init_flags_tests(); + /*/ let teb_map = self.maps.get_mem("teb"); //let mut teb = structures::TEB64::load(teb_map.get_base(), &self.maps); let mut teb = structures::TEB64::load(teb_map.get_base(), &self.maps); teb.nt_tib.stack_base = self.cfg.stack_addr; teb.nt_tib.stack_limit = self.cfg.stack_addr + 0x6000; teb.save(teb_map); + */ } else { // 32bits self.regs.rip = self.cfg.entry_point; From f9f898b1adb1a9495645438231a968f3e72ada1d Mon Sep 17 00:00:00 2001 From: sha0coder Date: Sun, 22 Dec 2024 14:53:55 +0100 Subject: [PATCH 11/49] NtTib initialized with stack data for 32 and 64bits --- src/emu.rs | 22 ++++++++----- src/emu/structures.rs | 75 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+), 8 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index b228347..c24d3c2 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -332,6 +332,12 @@ impl Emu { assert!(self.regs.get_ebp() < stack.get_bottom()); assert!(stack.inside(self.regs.get_esp())); assert!(stack.inside(self.regs.get_ebp())); + + let teb_map = self.maps.get_mem("teb"); + let mut teb = structures::TEB::load_map(teb_map.get_base(), &teb_map); + teb.nt_tib.stack_base = self.cfg.stack_addr as u32; + teb.nt_tib.stack_limit = (self.cfg.stack_addr + 0x30000) as u32; + teb.save(teb_map); } pub fn init_stack64(&mut self) { @@ -353,6 +359,12 @@ impl Emu { assert!(stack.inside(self.regs.rsp)); assert!(stack.inside(self.regs.rbp)); + let teb_map = self.maps.get_mem("teb"); + let mut teb = structures::TEB64::load_map(teb_map.get_base(), &teb_map); + teb.nt_tib.stack_base = self.cfg.stack_addr; + teb.nt_tib.stack_limit = self.cfg.stack_addr + 0x6000; + teb.save(teb_map); + } pub fn init_stack64_tests(&mut self) { @@ -417,14 +429,8 @@ impl Emu { //self.init_stack64_tests(); //self.init_flags_tests(); - /*/ - let teb_map = self.maps.get_mem("teb"); - //let mut teb = structures::TEB64::load(teb_map.get_base(), &self.maps); - let mut teb = structures::TEB64::load(teb_map.get_base(), &self.maps); - teb.nt_tib.stack_base = self.cfg.stack_addr; - teb.nt_tib.stack_limit = self.cfg.stack_addr + 0x6000; - teb.save(teb_map); - */ + + } else { // 32bits self.regs.rip = self.cfg.entry_point; diff --git a/src/emu/structures.rs b/src/emu/structures.rs index bfba4b7..35befcd 100644 --- a/src/emu/structures.rs +++ b/src/emu/structures.rs @@ -325,6 +325,18 @@ impl NtTib32 { } } + pub fn load_map(addr: u64, map: &Mem64) -> NtTib32 { + NtTib32 { + exception_list: map.read_dword(addr), + stack_base: map.read_dword(addr + 4), + stack_limit: map.read_dword(addr + 8), + sub_system_tib: map.read_dword(addr + 12), + fiber_data: map.read_dword(addr + 16), + arbitrary_user_pointer: map.read_dword(addr + 20), + self_pointer: map.read_dword(addr + 24), + } + } + pub fn save(&self, addr: u64, mem: &mut Mem64) { mem.write_dword(addr, self.exception_list); mem.write_dword(addr + 4, self.stack_base); @@ -420,6 +432,32 @@ impl TEB { } } + pub fn load_map(addr: u64, map: &Mem64) -> TEB { + TEB { + nt_tib: NtTib32::load_map(addr, map), + environment_pointer: map.read_dword(addr + 28), + process_id: map.read_dword(addr + 32), + thread_id: map.read_dword(addr + 36), + active_rpc_handle: map.read_dword(addr + 40), + thread_local_storage_pointer: map.read_dword(addr + 44), + process_environment_block: map.read_dword(addr + 48), + last_error_value: map.read_dword(addr + 52), + count_of_owned_critical_sections: map.read_dword(addr + 56), + csr_client_thread: map.read_dword(addr + 60), + win32_thread_info: map.read_dword(addr + 64), + user32_reserved: [0; 26], + user_reserved: [0; 6], + wow32_reserved: map.read_dword(addr + 70), + current_locale: map.read_dword(addr + 74), + fp_software_status_register: map.read_dword(addr + 78), + system_reserved1: [0; 54], + exception_code: map.read_dword(addr + 82), + activation_context_stack_pointer: map.read_dword(addr + 86), + spare_bytes: [0; 24], + tx_fs_context: map.read_dword(addr + 190), + } + } + pub fn save(&self, mem: &mut Mem64) { let base = mem.get_base(); self.nt_tib.save(base, mem); @@ -931,6 +969,19 @@ impl NtTib64 { } } + + pub fn load_map(addr: u64, map: &Mem64) -> NtTib64 { + NtTib64 { + exception_list: map.read_qword(addr), + stack_base: map.read_qword(addr + 8), + stack_limit: map.read_qword(addr + 16), + sub_system_tib: map.read_qword(addr + 24), + fiber_data: map.read_qword(addr + 32), + arbitrary_user_pointer: map.read_qword(addr + 40), + self_pointer: map.read_qword(addr + 48), + } + } + pub fn save(&self, base: u64, mem: &mut Mem64) { mem.write_qword(base, self.exception_list); mem.write_qword(base + 8, self.stack_base); @@ -1018,6 +1069,30 @@ impl TEB64 { } } + pub fn load_map(addr: u64, map: &Mem64) -> TEB64 { + TEB64 { + nt_tib: NtTib64::load_map(addr, map), + environment_pointer: map.read_qword(addr + 0x38), + process_id: map.read_qword(addr + 0x40), + thread_id: map.read_qword(addr + 0x48), + active_rpc_handle: map.read_qword(addr + 0x50), + thread_local_storage_pointer: map.read_qword(addr + 0x58), + process_environment_block: map.read_qword(addr + 0x60), + last_error_value: map.read_dword(addr + 0x68), + count_of_owned_critical_sections: map.read_dword(addr + 0x6c), + csr_client_thread: map.read_qword(addr + 0x70), + win32_thread_info: map.read_qword(addr + 0x78), + user32_reserved: [0; 26], + user_reserved: [0; 6], + wow32_reserved: map.read_qword(addr + 0x100), + current_locale: map.read_dword(addr + 0x108), + fp_software_status_register: map.read_dword(addr + 0x10c), + system_reserved1: [0; 54], + exception_code: map.read_dword(addr + 0x2c0), + activation_context_stack_pointer: map.read_qword(addr + 0x2c8), + } + } + pub fn save(&self, mem: &mut Mem64) { let base = mem.get_base(); self.nt_tib.save(base, mem); From f9ccccdc3939afb0d7b45d3af2cdc505ce4850bc Mon Sep 17 00:00:00 2001 From: sha0coder Date: Sun, 22 Dec 2024 15:34:37 +0100 Subject: [PATCH 12/49] removing prints --- src/emu/pe64.rs | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/emu/pe64.rs b/src/emu/pe64.rs index 94b79ef..2279193 100644 --- a/src/emu/pe64.rs +++ b/src/emu/pe64.rs @@ -559,7 +559,6 @@ impl PE64 { } let func_name = PE32::read_string(&self.raw, off2 + 2); let real_addr = emu::winapi64::kernel32::resolve_api_name(emu, &func_name); - println!("IAT: 0x{:x} {}!{} 0x{:x}", iim.first_thunk, iim.name, func_name, self.opt.image_base + iim.first_thunk as u64); if real_addr == 0 { break; } @@ -568,10 +567,6 @@ impl PE64 { println!("binded 0x{:x} {}", real_addr, func_name); }*/ - if real_addr == 0x7ff000210180 { - let fake_addr = read_u64_le!(self.raw, off_addr); - println!("name: {} fake addr: 0x{:x}", func_name, fake_addr); - } write_u64_le!(self.raw, off_addr, real_addr); off_name += pe32::HintNameItem::size(); From d3f3a91af110bd73a3c7bf2267b2a2cfb65ebb06 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Sun, 22 Dec 2024 15:44:39 +0100 Subject: [PATCH 13/49] updating version --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index ba6967e..a6df714 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libscemu" -version = "0.19.0" +version = "0.19.1" edition = "2018" authors = ["sha0coder"] license = "MIT" From 9bcfd497f502fff918bed1e78ef1926e86f7f948 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 13:11:53 -0500 Subject: [PATCH 14/49] trace to file --- src/config.rs | 3 +- src/emu.rs | 430 +++++++++++++++++++++++------------ src/emu/elf32.rs | 1 + src/emu/elf64.rs | 1 + src/emu/flags.rs | 5 +- src/emu/maps/mem64.rs | 2 + src/emu/pe32.rs | 9 +- src/emu/pe64.rs | 9 +- src/emu/regs64.rs | 4 +- src/emu/script.rs | 1 + src/emu/structures.rs | 22 +- src/emu/syscall64.rs | 2 + src/emu/winapi64/kernel32.rs | 2 + 13 files changed, 328 insertions(+), 163 deletions(-) diff --git a/src/config.rs b/src/config.rs index 0b60e53..cf98027 100644 --- a/src/config.rs +++ b/src/config.rs @@ -1,4 +1,3 @@ -#[derive(Clone)] pub struct Config { pub filename: String, // filename with full path included pub trace_mem: bool, // show memory operations in every step. @@ -26,6 +25,7 @@ pub struct Config { pub console_enabled: bool, pub skip_unimplemented: bool, pub stack_addr: u64, + pub trace_file: Option, } impl Config { @@ -57,6 +57,7 @@ impl Config { console_enabled: true, skip_unimplemented: false, stack_addr: 0, + trace_file: None, } } } diff --git a/src/emu.rs b/src/emu.rs index c24d3c2..c6fe714 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -53,10 +53,12 @@ use maps::Maps; use pe32::PE32; use pe64::PE64; use regs64::Regs64; +use structures::MemoryOperation; use std::collections::BTreeMap; use std::sync::atomic; use std::sync::Arc; use std::time::Instant; +use std::io::Write as _; //use std::arch::asm; use iced_x86::{ @@ -126,6 +128,9 @@ pub struct Emu { pub tls: Vec, pub fls: Vec, pub out: String, + pub instruction: Option, + pub instruction_bytes: Vec, + pub memory_operations: Vec, main_thread_cont: u64, gateway_return: u64, is_running: Arc, @@ -183,7 +188,7 @@ impl Emu { break_on_next_cmp: false, break_on_next_return: false, filename: String::new(), - enabled_ctrlc: true, + enabled_ctrlc: false, // TODO: make configurable with command line arg run_until_ret: false, running_script: false, banzai: Banzai::new(), @@ -197,6 +202,9 @@ impl Emu { last_instruction_size: 0, pe64: None, pe32: None, + instruction: None, + instruction_bytes: vec![], + memory_operations: vec![], } } @@ -428,9 +436,6 @@ impl Emu { self.init_stack64(); //self.init_stack64_tests(); //self.init_flags_tests(); - - - } else { // 32bits self.regs.rip = self.cfg.entry_point; @@ -1092,6 +1097,16 @@ impl Emu { Some(n) => n, None => "not mapped".to_string(), }; + let memory_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "write".to_string(), + bits: 32, + address: self.regs.get_esp(), + value: value as u64, + name: name.clone(), + }; + self.memory_operations.push(memory_operation); println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, self.regs.get_esp(), value, name); } @@ -1142,6 +1157,16 @@ impl Emu { Some(n) => n, None => "not mapped".to_string(), }; + let memory_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "write".to_string(), + bits: 64, + address: self.regs.rsp, + value: value as u64, + name: name.clone(), + }; + self.memory_operations.push(memory_operation); println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, self.regs.rsp, value, name); } @@ -1234,6 +1259,16 @@ impl Emu { Some(n) => n, None => "not mapped".to_string(), }; + let memory_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "read".to_string(), + bits: 32, + address: self.regs.get_esp(), + value: value as u64, + name: name.clone(), + }; + self.memory_operations.push(memory_operation); println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, self.regs.get_esp(), value, name); } @@ -1286,7 +1321,17 @@ impl Emu { Some(n) => n, None => "not mapped".to_string(), }; - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, self.regs.rsp, value, name); + let memory_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "read".to_string(), + bits: 64, + address: self.regs.rsp, + value: value as u64, + name: name.clone(), + }; + self.memory_operations.push(memory_operation); + println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, self.regs.rsp, value, name); } self.regs.rsp += 8; @@ -1469,6 +1514,16 @@ impl Emu { Some(n) => n, None => "not mapped".to_string(), }; + let memory_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "read".to_string(), + bits: 64, + address: addr, + value: v as u64, + name: name.clone(), + }; + self.memory_operations.push(memory_operation); println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, operand, addr, v, name); } return Some(v); @@ -1482,6 +1537,16 @@ impl Emu { Some(n) => n, None => "not mapped".to_string(), }; + let memory_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "read".to_string(), + bits: 32, + address: addr, + value: v as u64, + name: name.clone(), + }; + self.memory_operations.push(memory_operation); println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, operand, addr, v, name); } return Some(v.into()); @@ -1495,6 +1560,16 @@ impl Emu { Some(n) => n, None => "not mapped".to_string(), }; + let memory_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "read".to_string(), + bits: 16, + address: addr, + value: v as u64, + name: name.clone(), + }; + self.memory_operations.push(memory_operation); println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, operand, addr, v, name); } return Some(v.into()); @@ -1508,6 +1583,16 @@ impl Emu { Some(n) => n, None => "not mapped".to_string(), }; + let memory_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "read".to_string(), + bits: 8, + address: addr, + value: v as u64, + name: name.clone(), + }; + self.memory_operations.push(memory_operation); println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, operand, addr, v, name); } return Some(v.into()); @@ -1545,6 +1630,16 @@ impl Emu { } if self.cfg.trace_mem { + let memory_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "write".to_string(), + bits: 32, + address: addr, + value: value as u64, + name: name.clone(), + }; + self.memory_operations.push(memory_operation); println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, operand, addr, value, name); } @@ -3489,6 +3584,16 @@ impl Emu { Some(n) => n, None => "not mapped".to_string(), }; + let memory_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "read".to_string(), + bits: sz, + address: mem_addr, + value: value, + name: name.clone(), + }; + self.memory_operations.push(memory_operation); println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, sz, mem_addr, value, name); } @@ -3644,6 +3749,16 @@ impl Emu { Some(n) => n, None => "not mapped".to_string(), }; + let memory_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "write".to_string(), + bits: sz, + address: mem_addr, + value: value2, + name: name.clone(), + }; + self.memory_operations.push(memory_operation); println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, sz, mem_addr, value2, name); } @@ -4069,18 +4184,156 @@ impl Emu { } pub fn diff_pre_op_post_op(&mut self) { - Regs64::diff( + // 00,00007FFBEF4E5FF0,EB 08,jmp 7FFBEF4E5FFA,rax: 7FFBEF4E5FF0-> 7FFBEF4E5FF0 rbx: 7FFE0385-> 7FFE0385 rcx: 7FFBEE4B0000-> 7FFBEE4B0000 rdx: 1-> 1 rsp: 98EB5DDFF8-> 98EB5DDFF8 rbp: 98EB5DE338-> 98EB5DE338 rsi: 1-> 1 rdi: 7FFE0384-> 7FFE0384 r8: 0-> 0 r9: 0-> 0 r10: A440AE23305F3A70-> A440AE23305F3A70 r11: 98EB5DE068-> 98EB5DE068 r12: 7FFBEF4E5FF0-> 7FFBEF4E5FF0 r13: 1FC18C72DC0-> 1FC18C72DC0 r14: 7FFBEE4B0000-> 7FFBEE4B0000 r15: 0-> 0 rflags: 344-> 246,,OptionalHeader.AddressOfEntryPoint + // 01,00007FFBEF4E5FFA,50,push rax,rsp: 98EB5DDFF8-> 98EB5DDFF0,00000098EB5DDFF0: 7FFC65FF8B8F-> 7FFBEF4E5FF0,rax:GetMsgProc+102D07D + let instruction = self.instruction.unwrap(); + let instruction_bytes = &self.instruction_bytes; + + let registers = Regs64::diff( self.pre_op_regs.rip, self.pos - 1, self.pre_op_regs, self.post_op_regs, ); - Flags::diff( + let flags = Flags::diff( self.pre_op_regs.rip, self.pos - 1, self.pre_op_flags, self.post_op_flags, ); + + let mut memory = String::new(); + for op in self.memory_operations.iter() { + memory += &format!("{:?}", op); + } + + let mut trace_file = self.cfg.trace_file.as_ref().unwrap(); + writeln!( + trace_file, + "{index:02X},{address:016X},{bytes:02x?},{disassembly},{registers},{memory},{comments}", + index = self.pos - 1, + address = self.pre_op_regs.rip, + bytes = instruction_bytes, + disassembly = self.out, + registers = format!("{} {}", registers, flags), + memory = memory, + comments = "" + ); + } + + fn trace_registers_64bit(&mut self) { + println!( + "\trax: 0x{:x} rbx: 0x{:x} rcx: 0x{:x} rdx: 0x{:x} rsi: 0x{:x} rdi: 0x{:x} rbp: 0x{:x} rsp: 0x{:x}", + self.regs.rax, self.regs.rbx, self.regs.rcx, + self.regs.rdx, self.regs.rsi, self.regs.rdi, self.regs.rbp, self.regs.rsp + ); + println!( + "\tr8: 0x{:x} r9: 0x{:x} r10: 0x{:x} r11: 0x{:x} r12: 0x{:x} r13: 0x{:x} r14: 0x{:x} r15: 0x{:x}", + self.regs.r8, self.regs.r9, self.regs.r10, self.regs.r11, self.regs.r12, self.regs.r13, self.regs.r14, + self.regs.r15, + ); + println!( + "\tr8u: 0x{:x} r9u: 0x{:x} r10u: 0x{:x} r11u: 0x{:x} r12u: 0x{:x} r13u: 0x{:x} r14u: 0x{:x} r15u: 0x{:x}", + self.regs.get_r8u(), self.regs.get_r9u(), self.regs.get_r10u(), self.regs.get_r11u(), self.regs.get_r12u(), self.regs.get_r13u(), self.regs.get_r14u(), + self.regs.get_r15u(), + ); + println!( + "\tr8d: 0x{:x} r9d: 0x{:x} r10d: 0x{:x} r11d: 0x{:x} r12d: 0x{:x} r13d: 0x{:x} r14d: 0x{:x} r15d: 0x{:x}", + self.regs.get_r8d(), self.regs.get_r9d(), self.regs.get_r10d(), self.regs.get_r11d(), self.regs.get_r12d(), self.regs.get_r13d(), self.regs.get_r14d(), + self.regs.get_r15d(), + ); + println!( + "\tr8w: 0x{:x} r9w: 0x{:x} r10w: 0x{:x} r11w: 0x{:x} r12w: 0x{:x} r13w: 0x{:x} r14w: 0x{:x} r15w: 0x{:x}", + self.regs.get_r8w(), self.regs.get_r9w(), self.regs.get_r10w(), self.regs.get_r11w(), self.regs.get_r12w(), self.regs.get_r13w(), self.regs.get_r14w(), + self.regs.get_r15w(), + ); + println!( + "\tr8l: 0x{:x} r9l: 0x{:x} r10l: 0x{:x} r11l: 0x{:x} r12l: 0x{:x} r13l: 0x{:x} r14l: 0x{:x} r15l: 0x{:x}", + self.regs.get_r8l(), self.regs.get_r9l(), self.regs.get_r10l(), self.regs.get_r11l(), self.regs.get_r12l(), self.regs.get_r13l(), self.regs.get_r14l(), + self.regs.get_r15l(), + ); + println!( + "\tzf: {:?} pf: {:?} af: {:?} of: {:?} sf: {:?} df: {:?} cf: {:?} tf: {:?} if: {:?} nt: {:?}", + self.flags.f_zf, self.flags.f_pf, self.flags.f_af, + self.flags.f_of, self.flags.f_sf, self.flags.f_df, + self.flags.f_cf, self.flags.f_tf, self.flags.f_if, + self.flags.f_nt + ); + } + + fn trace_registers_32bit(&mut self) { + println!("\teax: 0x{:x} ebx: 0x{:x} ecx: 0x{:x} edx: 0x{:x} esi: 0x{:x} edi: 0x{:x} ebp: 0x{:x} esp: 0x{:x}", + self.regs.get_eax() as u32, self.regs.get_ebx() as u32, self.regs.get_ecx() as u32, + self.regs.get_edx() as u32, self.regs.get_esi() as u32, self.regs.get_edi() as u32, + self.regs.get_ebp() as u32, self.regs.get_esp() as u32); + } + + fn trace_specific_register(&self, reg: &str) { + match reg { + "rax" => self.regs.show_rax(&self.maps, self.pos), + "rbx" => self.regs.show_rbx(&self.maps, self.pos), + "rcx" => self.regs.show_rcx(&self.maps, self.pos), + "rdx" => self.regs.show_rdx(&self.maps, self.pos), + "rsi" => self.regs.show_rsi(&self.maps, self.pos), + "rdi" => self.regs.show_rdi(&self.maps, self.pos), + "rbp" => println!("\t{} rbp: 0x{:x}", self.pos, self.regs.rbp), + "rsp" => println!("\t{} rsp: 0x{:x}", self.pos, self.regs.rsp), + "rip" => println!("\t{} rip: 0x{:x}", self.pos, self.regs.rip), + "r8" => self.regs.show_r8(&self.maps, self.pos), + "r9" => self.regs.show_r9(&self.maps, self.pos), + "r10" => self.regs.show_r10(&self.maps, self.pos), + "r10d" => self.regs.show_r10d(&self.maps, self.pos), + "r11" => self.regs.show_r11(&self.maps, self.pos), + "r11d" => self.regs.show_r11d(&self.maps, self.pos), + "r12" => self.regs.show_r12(&self.maps, self.pos), + "r13" => self.regs.show_r13(&self.maps, self.pos), + "r14" => self.regs.show_r14(&self.maps, self.pos), + "r15" => self.regs.show_r15(&self.maps, self.pos), + "eax" => self.regs.show_eax(&self.maps, self.pos), + "ebx" => self.regs.show_ebx(&self.maps, self.pos), + "ecx" => self.regs.show_ecx(&self.maps, self.pos), + "edx" => self.regs.show_edx(&self.maps, self.pos), + "esi" => self.regs.show_esi(&self.maps, self.pos), + "edi" => self.regs.show_edi(&self.maps, self.pos), + "esp" => println!("\t{} esp: 0x{:x}", self.pos, self.regs.get_esp() as u32), + "ebp" => println!("\t{} ebp: 0x{:x}", self.pos, self.regs.get_ebp() as u32), + "eip" => println!("\t{} eip: 0x{:x}", self.pos, self.regs.get_eip() as u32), + "xmm1" => println!("\t{} xmm1: 0x{:x}", self.pos, self.regs.xmm1), + _ => panic!("invalid register."), + } + } + + fn trace_string(&mut self) { + let s = self.maps.read_string(self.cfg.string_addr); + + if s.len() >= 2 && s.len() < 80 { + println!("\ttrace string -> 0x{:x}: '{}'", self.cfg.string_addr, s); + } else { + let w = self.maps.read_wide_string(self.cfg.string_addr); + if w.len() < 80 { + println!("\ttrace wide string -> 0x{:x}: '{}'", self.cfg.string_addr, w); + } else { + println!("\ttrace wide string -> 0x{:x}: ''", self.cfg.string_addr); + } + } + } + + fn trace_memory_inspection(&mut self) { + let addr: u64 = self.memory_operand_to_address(self.cfg.inspect_seq.clone().as_str()); + let bits = self.get_size(self.cfg.inspect_seq.clone().as_str()); + let value = self.memory_read(self.cfg.inspect_seq.clone().as_str()).unwrap_or(0); + + let mut s = self.maps.read_string(addr); + self.maps.filter_string(&mut s); + println!( + "\tmem_inspect: rip = {:x} (0x{:x}): 0x{:x} {} '{}' {{{}}}", + self.regs.rip, + addr, + value, + value, + s, + self.maps.read_string_of_bytes(addr, constants::NUM_BYTES_TRACE) + ); } pub fn step(&mut self) -> bool { @@ -4121,7 +4374,12 @@ impl Emu { // clear self.out.clear(); + + // format formatter.format(&ins, &mut self.out); + self.instruction = Some(ins); + self.instruction_bytes = vec![]; // TODO + self.memory_operations.clear(); // emulate let result_ok = self.emulate_instruction(&ins, sz, true); @@ -4198,14 +4456,19 @@ impl Emu { for ins in decoder.iter() { let sz = ins.len(); let addr = ins.ip(); + let position = ins.ip() - self.regs.rip; + let instruction_bytes = block[position as usize..position as usize + sz].to_vec(); if !end_addr.is_none() && Some(addr) == end_addr { return Ok(self.regs.rip); } + self.out.clear(); formatter.format(&ins, &mut self.out); - + self.instruction = Some(ins); + self.instruction_bytes = instruction_bytes; + self.memory_operations.clear(); self.pos += 1; if self.exp == self.pos @@ -4258,126 +4521,18 @@ impl Emu { //TODO: if more than x addresses remove the bottom ones } - if self.cfg.trace_regs { - if self.cfg.is_64bits { - self.capture_pre_op(); - println!( - "\trax: 0x{:x} rbx: 0x{:x} rcx: 0x{:x} rdx: 0x{:x} rsi: 0x{:x} rdi: 0x{:x} rbp: 0x{:x} rsp: 0x{:x}", - self.regs.rax, self.regs.rbx, self.regs.rcx, - self.regs.rdx, self.regs.rsi, self.regs.rdi, self.regs.rbp, self.regs.rsp - ); - // 64-bits (bytes 0-8) - println!( - "\tr8: 0x{:x} r9: 0x{:x} r10: 0x{:x} r11: 0x{:x} r12: 0x{:x} r13: 0x{:x} r14: 0x{:x} r15: 0x{:x}", - self.regs.r8, self.regs.r9, self.regs.r10, self.regs.r11, self.regs.r12, self.regs.r13, self.regs.r14, - self.regs.r15, - ); - // 32-bits (upper, unofficial, bytes 4-7) - println!( - "\tr8u: 0x{:x} r9u: 0x{:x} r10u: 0x{:x} r11u: 0x{:x} r12u: 0x{:x} r13u: 0x{:x} r14u: 0x{:x} r15u: 0x{:x}", - self.regs.get_r8u(), self.regs.get_r9u(), self.regs.get_r10u(), self.regs.get_r11u(), self.regs.get_r12u(), self.regs.get_r13u(), self.regs.get_r14u(), - self.regs.get_r15u(), - ); - // 32-bits (lower, bytes 0-3) - println!( - "\tr8d: 0x{:x} r9d: 0x{:x} r10d: 0x{:x} r11d: 0x{:x} r12d: 0x{:x} r13d: 0x{:x} r14d: 0x{:x} r15d: 0x{:x}", - self.regs.get_r8d(), self.regs.get_r9d(), self.regs.get_r10d(), self.regs.get_r11d(), self.regs.get_r12d(), self.regs.get_r13d(), self.regs.get_r14d(), - self.regs.get_r15d(), - ); - // 16-bits (bytes 0-1) - println!( - "\tr8w: 0x{:x} r9w: 0x{:x} r10w: 0x{:x} r11w: 0x{:x} r12w: 0x{:x} r13w: 0x{:x} r14w: 0x{:x} r15w: 0x{:x}", - self.regs.get_r8w(), self.regs.get_r9w(), self.regs.get_r10w(), self.regs.get_r11w(), self.regs.get_r12w(), self.regs.get_r13w(), self.regs.get_r14w(), - self.regs.get_r15w(), - ); - // 8-bits (bytes 0, should end in b and not l) - println!( - "\tr8l: 0x{:x} r9l: 0x{:x} r10l: 0x{:x} r11l: 0x{:x} r12l: 0x{:x} r13l: 0x{:x} r14l: 0x{:x} r15l: 0x{:x}", - self.regs.get_r8l(), self.regs.get_r9l(), self.regs.get_r10l(), self.regs.get_r11l(), self.regs.get_r12l(), self.regs.get_r13l(), self.regs.get_r14l(), - self.regs.get_r15l(), - ); - // flags - println!( - "\tzf: {:?} pf: {:?} af: {:?} of: {:?} sf: {:?} df: {:?} cf: {:?} tf: {:?} if: {:?} nt: {:?}", - self.flags.f_zf, self.flags.f_pf, self.flags.f_af, - self.flags.f_of, self.flags.f_sf, self.flags.f_df, - self.flags.f_cf, self.flags.f_tf, self.flags.f_if, - self.flags.f_nt - ); - } else { - // TODO: capture pre_op_registers 32-bits? - println!("\teax: 0x{:x} ebx: 0x{:x} ecx: 0x{:x} edx: 0x{:x} esi: 0x{:x} edi: 0x{:x} ebp: 0x{:x} esp: 0x{:x}", - self.regs.get_eax() as u32, self.regs.get_ebx() as u32, self.regs.get_ecx() as u32, - self.regs.get_edx() as u32, self.regs.get_esi() as u32, self.regs.get_edi() as u32, - self.regs.get_ebp() as u32, self.regs.get_esp() as u32); - } + if self.cfg.trace_file.is_some() { + self.capture_pre_op(); } - + if self.cfg.trace_reg { for reg in self.cfg.reg_names.iter() { - match reg.as_str() { - "rax" => self.regs.show_rax(&self.maps, self.pos), - "rbx" => self.regs.show_rbx(&self.maps, self.pos), - "rcx" => self.regs.show_rcx(&self.maps, self.pos), - "rdx" => self.regs.show_rdx(&self.maps, self.pos), - "rsi" => self.regs.show_rsi(&self.maps, self.pos), - "rdi" => self.regs.show_rdi(&self.maps, self.pos), - "rbp" => println!("\t{} rbp: 0x{:x}", self.pos, self.regs.rbp), - "rsp" => println!("\t{} rsp: 0x{:x}", self.pos, self.regs.rsp), - "rip" => println!("\t{} rip: 0x{:x}", self.pos, self.regs.rip), - "r8" => self.regs.show_r8(&self.maps, self.pos), - "r9" => self.regs.show_r9(&self.maps, self.pos), - "r10" => self.regs.show_r10(&self.maps, self.pos), - "r10d" => self.regs.show_r10d(&self.maps, self.pos), - "r11" => self.regs.show_r11(&self.maps, self.pos), - "r11d" => self.regs.show_r11d(&self.maps, self.pos), - "r12" => self.regs.show_r12(&self.maps, self.pos), - "r13" => self.regs.show_r13(&self.maps, self.pos), - "r14" => self.regs.show_r14(&self.maps, self.pos), - "r15" => self.regs.show_r15(&self.maps, self.pos), - "eax" => self.regs.show_eax(&self.maps, self.pos), - "ebx" => self.regs.show_ebx(&self.maps, self.pos), - "ecx" => self.regs.show_ecx(&self.maps, self.pos), - "edx" => self.regs.show_edx(&self.maps, self.pos), - "esi" => self.regs.show_esi(&self.maps, self.pos), - "edi" => self.regs.show_edi(&self.maps, self.pos), - "esp" => println!( - "\t{} esp: 0x{:x}", - self.pos, - self.regs.get_esp() as u32 - ), - "ebp" => println!( - "\t{} ebp: 0x{:x}", - self.pos, - self.regs.get_ebp() as u32 - ), - "eip" => println!( - "\t{} eip: 0x{:x}", - self.pos, - self.regs.get_eip() as u32 - ), - "xmm1" => println!("\t{} xmm1: 0x{:x}", self.pos, self.regs.xmm1), - _ => panic!("invalid register."), - } + self.trace_specific_register(®); } } - + if self.cfg.trace_string { - let s = self.maps.read_string(self.cfg.string_addr); - - if s.len() >= 2 && s.len() < 80 { - println!("\ttrace string -> 0x{:x}: '{}'", self.cfg.string_addr, s); - } else { - let w = self.maps.read_wide_string(self.cfg.string_addr); - if w.len() < 80 { - println!( - "\ttrace wide string -> 0x{:x}: '{}'", - self.cfg.string_addr, w - ); - } else { - println!("\ttrace wide string -> 0x{:x}: ''", self.cfg.string_addr); - } - } + self.trace_string(); } //let mut info_factory = InstructionInfoFactory::new(); @@ -4396,35 +4551,12 @@ impl Emu { } if self.cfg.inspect { - let addr: u64 = - self.memory_operand_to_address(self.cfg.inspect_seq.clone().as_str()); - let bits = self.get_size(self.cfg.inspect_seq.clone().as_str()); - let value = self - .memory_read(self.cfg.inspect_seq.clone().as_str()) - .unwrap_or(0); - - let mut s = self.maps.read_string(addr); - self.maps.filter_string(&mut s); - println!( - "\tmem_inspect: rip = {:x} (0x{:x}): 0x{:x} {} '{}' {{{}}}", - self.regs.rip, - addr, - value, - value, - s, - self.maps - .read_string_of_bytes(addr, constants::NUM_BYTES_TRACE) - ); + self.trace_memory_inspection(); } - if self.cfg.trace_regs { - // registers - if self.cfg.is_64bits { - self.capture_post_op(); - self.diff_pre_op_post_op(); - } else { - // TODO: self.diff_pre_op_post_op_registers_32bits(); - } + if self.cfg.trace_file.is_some() { + self.capture_post_op(); + self.diff_pre_op_post_op(); } if !emulation_ok { diff --git a/src/emu/elf32.rs b/src/emu/elf32.rs index d36b238..db8dfcb 100644 --- a/src/emu/elf32.rs +++ b/src/emu/elf32.rs @@ -104,6 +104,7 @@ impl Elf32 { } pub fn is_elf32(filename:&str) -> bool { + //println!("checking if elf32: {}", filename); let mut fd = File::open(filename).expect("file not found"); let mut raw = vec![0u8; 5]; fd.read_exact(&mut raw).expect("couldnt read the file"); diff --git a/src/emu/elf64.rs b/src/emu/elf64.rs index 8fe95e4..b147735 100644 --- a/src/emu/elf64.rs +++ b/src/emu/elf64.rs @@ -429,6 +429,7 @@ impl Elf64 { } pub fn is_elf64(filename:&str) -> bool { + //println!("checking if elf64: {}", filename); let mut fd = File::open(filename).expect("file not found"); let mut raw = vec![0u8; 5]; fd.read_exact(&mut raw).expect("couldnt read the file"); diff --git a/src/emu/flags.rs b/src/emu/flags.rs index d77286e..568f432 100644 --- a/src/emu/flags.rs +++ b/src/emu/flags.rs @@ -86,7 +86,7 @@ impl Flags { } } - pub fn diff(rip: u64, pos: u64, a: Flags, b: Flags) { + pub fn diff(rip: u64, pos: u64, a: Flags, b: Flags) -> String { let mut output = format!( "\tdiff_flags: pos = {} rip = {:x} in = {:x} out = {:x} ", pos, @@ -202,8 +202,7 @@ impl Flags { output, "f_id", a.f_id as u8, b.f_id as u8 ); } - - println!("{}", output); + output } pub fn clear(&mut self) { diff --git a/src/emu/maps/mem64.rs b/src/emu/maps/mem64.rs index a17c7b7..3fcfbe3 100644 --- a/src/emu/maps/mem64.rs +++ b/src/emu/maps/mem64.rs @@ -243,6 +243,7 @@ impl Mem64 { } pub fn load_chunk(&mut self, filename: &str, off: u64, sz: usize) -> bool { + // println!("loading chunk: {} {} {}", filename, off, sz); let mut f = match File::open(&filename) { Ok(f) => f, Err(_) => { @@ -263,6 +264,7 @@ impl Mem64 { } pub fn load(&mut self, filename: &str) -> bool { + // println!("loading map: {}", filename); let f = match File::open(&filename) { Ok(f) => f, Err(_) => { diff --git a/src/emu/pe32.rs b/src/emu/pe32.rs index 3a9220d..eb008c9 100644 --- a/src/emu/pe32.rs +++ b/src/emu/pe32.rs @@ -768,6 +768,7 @@ pub struct PE32 { impl PE32 { pub fn is_pe32(filename: &str) -> bool { + //println!("checking if pe32: {}", filename); let mut fd = File::open(filename).expect("file not found"); let mut raw = vec![0u8; ImageDosHeader::size()]; fd.read_exact(&mut raw).expect("couldnt read the file"); @@ -787,6 +788,7 @@ impl PE32 { pub fn read_string(raw: &[u8], off: usize) -> String { let mut last = 0; + // TODO: bounds error? if raw.len() < off + 200 { return String::new(); } @@ -810,6 +812,7 @@ impl PE32 { } pub fn load(filename: &str) -> PE32 { + //println!("loading pe32: {}", filename); let mut fd = File::open(filename).expect("pe32 binary not found"); let mut raw: Vec = Vec::new(); fd.read_to_end(&mut raw) @@ -1089,7 +1092,11 @@ impl PE32 { let dbg = false; // https://docs.microsoft.com/en-us/archive/msdn-magazine/2002/march/inside-windows-an-in-depth-look-into-the-win32-portable-executable-file-format-part-2#Binding - println!("IAT binding started ..."); + println!( + "IAT binding started image_import_descriptor.len() = {} ...", + self.image_import_descriptor.len() + ); + for i in 0..self.image_import_descriptor.len() { let iim = &self.image_import_descriptor[i]; if dbg { diff --git a/src/emu/pe64.rs b/src/emu/pe64.rs index 2279193..4aa060f 100644 --- a/src/emu/pe64.rs +++ b/src/emu/pe64.rs @@ -232,8 +232,8 @@ pub struct PE64 { impl PE64 { pub fn is_pe64(filename: &str) -> bool { + // println!("checking if pe64: {}", filename); let mut fd = File::open(filename).expect("file not found"); - println!("loading pe64: {}", filename); let mut raw = vec![0u8; pe32::ImageDosHeader::size()]; fd.read_exact(&mut raw).expect("couldnt read the file"); let dos = pe32::ImageDosHeader::load(&raw, 0); @@ -250,6 +250,7 @@ impl PE64 { } pub fn load(filename: &str) -> PE64 { + //println!("loading pe64: {}", filename); let mut fd = File::open(filename).expect("pe64 binary not found"); let mut raw: Vec = Vec::new(); fd.read_to_end(&mut raw) @@ -519,7 +520,7 @@ impl PE64 { // https://docs.microsoft.com/en-us/archive/msdn-magazine/2002/march/inside-windows-an-in-depth-look-into-the-win32-portable-executable-file-format-part-2#Binding println!( - "IAT binding started {} ...", + "IAT binding started image_import_descriptor.len() = {} ...", self.image_import_descriptor.len() ); @@ -567,6 +568,10 @@ impl PE64 { println!("binded 0x{:x} {}", real_addr, func_name); }*/ + if real_addr == 0x7ff000210180 { + let fake_addr = read_u64_le!(self.raw, off_addr); + println!("name: {} fake addr: 0x{:x}", func_name, fake_addr); + } write_u64_le!(self.raw, off_addr, real_addr); off_name += pe32::HintNameItem::size(); diff --git a/src/emu/regs64.rs b/src/emu/regs64.rs index 7b2d820..3532c2d 100644 --- a/src/emu/regs64.rs +++ b/src/emu/regs64.rs @@ -268,7 +268,7 @@ impl Regs64 { } } - pub fn diff(rip: u64, pos: u64, a: Regs64, b: Regs64) { + pub fn diff(rip: u64, pos: u64, a: Regs64, b: Regs64) -> String { let mut output = format!("\tdiff_reg: pos = {} rip = {:x} ", pos, rip); if a.dr0 != b.dr0 { output = format!("{}{} {:x} -> {:x}; ", output, "dr0", a.dr0, b.dr0); @@ -529,7 +529,7 @@ impl Regs64 { if a.fs != b.fs { output = format!("{}{} {:x} -> {:x}; ", output, "fs", a.fs, b.fs); } - println!("{}", output); + output } pub fn clear(&mut self) { diff --git a/src/emu/script.rs b/src/emu/script.rs index c6afd7e..7ae3c93 100644 --- a/src/emu/script.rs +++ b/src/emu/script.rs @@ -27,6 +27,7 @@ impl Script { } pub fn load(&mut self, filename: &str) { + // println!("loading script: {}", filename); let file = File::open(filename).unwrap(); let buf = BufReader::new(file); diff --git a/src/emu/structures.rs b/src/emu/structures.rs index 35befcd..35d0e34 100644 --- a/src/emu/structures.rs +++ b/src/emu/structures.rs @@ -2043,8 +2043,20 @@ impl Hostent { } } - - - - - +#[derive(Debug, Clone)] +pub struct MemoryOperation { + /// Position/step counter in the emulation + pub pos: u64, + /// Instruction pointer at time of operation + pub rip: u64, + /// Type of memory operation ("read" or "write") + pub op: String, + /// Size of the operation in bits (8, 16, 32, 64) + pub bits: u32, + /// Memory address being accessed + pub address: u64, + /// Value being read or written + pub value: u64, + /// Name of the memory region being accessed + pub name: String, +} diff --git a/src/emu/syscall64.rs b/src/emu/syscall64.rs index 1a4320f..812bbd1 100644 --- a/src/emu/syscall64.rs +++ b/src/emu/syscall64.rs @@ -58,6 +58,7 @@ pub fn gateway(emu: &mut emu::Emu) { let mut lib_buff: Vec = Vec::new(); + // println!("opening lib: {}", filepath); match File::open(&filepath) { Ok(f) => { let len = f.metadata().unwrap().len(); @@ -713,6 +714,7 @@ pub fn gateway(emu: &mut emu::Emu) { if filepath.contains(".so") { let mut lib_buff: Vec = Vec::new(); + //println!("opening lib: {}", filepath); match File::open(&filepath) { Ok(f) => { let len = f.metadata().unwrap().len(); diff --git a/src/emu/winapi64/kernel32.rs b/src/emu/winapi64/kernel32.rs index 35e725f..0fdab81 100644 --- a/src/emu/winapi64/kernel32.rs +++ b/src/emu/winapi64/kernel32.rs @@ -308,6 +308,8 @@ pub fn guess_api_name(emu: &mut emu::Emu, addr: u64) -> String { } pub fn load_library(emu: &mut emu::Emu, libname: &str) -> u64 { + // println!("kern32!load_library: {}", libname); + let mut dll = libname.to_string().to_lowercase(); if dll.len() == 0 { From e18be760e2ed9a5cec2eaf4da9300b55b544b702 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 13:20:10 -0500 Subject: [PATCH 15/49] fix memory operation --- src/emu.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index c6fe714..36721b3 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -1325,13 +1325,13 @@ impl Emu { pos: self.pos, rip: self.regs.rip, op: "read".to_string(), - bits: 64, + bits: 32, address: self.regs.rsp, value: value as u64, name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, self.regs.rsp, value, name); + println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, self.regs.rsp, value, name); } self.regs.rsp += 8; From 7665470a48b5df3a49a411343e7d2231b5c7c485 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 13:21:42 -0500 Subject: [PATCH 16/49] fix mem_trace lines --- src/emu.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index 36721b3..7dd9711 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -1524,7 +1524,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, operand, addr, v, name); + println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, addr, v, name); } return Some(v); } @@ -1547,7 +1547,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, operand, addr, v, name); + println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, addr, v, name); } return Some(v.into()); } @@ -1570,7 +1570,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, operand, addr, v, name); + println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 16, addr, v, name); } return Some(v.into()); } @@ -1593,7 +1593,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, operand, addr, v, name); + println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 8, addr, v, name); } return Some(v.into()); } From 552a5197f53bb960e1ee917ab10a7d7d4994e4e0 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 13:27:21 -0500 Subject: [PATCH 17/49] fix trace_mem --- src/emu.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/emu.rs b/src/emu.rs index 7dd9711..06b9678 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -1640,7 +1640,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, operand, addr, value, name); + println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, addr, value, name); } let bits = self.get_size(operand); From 0d8454d0f0c08f97d834e0fa231bb65eefc6684f Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 13:41:49 -0500 Subject: [PATCH 18/49] memory old value --- src/emu.rs | 55 ++++++++++++++------ src/emu/flags.rs | 117 ++---------------------------------------- src/emu/regs64.rs | 2 +- src/emu/structures.rs | 6 ++- 4 files changed, 46 insertions(+), 134 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index 06b9678..ecbe9cc 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -1103,7 +1103,8 @@ impl Emu { op: "write".to_string(), bits: 32, address: self.regs.get_esp(), - value: value as u64, + old_value: 0, // TODO + new_value: value as u64, name: name.clone(), }; self.memory_operations.push(memory_operation); @@ -1163,7 +1164,8 @@ impl Emu { op: "write".to_string(), bits: 64, address: self.regs.rsp, - value: value as u64, + old_value: 0, // TODO + new_value: value as u64, name: name.clone(), }; self.memory_operations.push(memory_operation); @@ -1265,7 +1267,8 @@ impl Emu { op: "read".to_string(), bits: 32, address: self.regs.get_esp(), - value: value as u64, + old_value: 0, // TODO + new_value: value as u64, name: name.clone(), }; self.memory_operations.push(memory_operation); @@ -1327,7 +1330,8 @@ impl Emu { op: "read".to_string(), bits: 32, address: self.regs.rsp, - value: value as u64, + old_value: 0, // TODO + new_value: value as u64, name: name.clone(), }; self.memory_operations.push(memory_operation); @@ -1520,7 +1524,8 @@ impl Emu { op: "read".to_string(), bits: 64, address: addr, - value: v as u64, + old_value: 0, // TODO + new_value: v as u64, name: name.clone(), }; self.memory_operations.push(memory_operation); @@ -1543,7 +1548,8 @@ impl Emu { op: "read".to_string(), bits: 32, address: addr, - value: v as u64, + old_value: 0, // TODO + new_value: v as u64, name: name.clone(), }; self.memory_operations.push(memory_operation); @@ -1566,7 +1572,8 @@ impl Emu { op: "read".to_string(), bits: 16, address: addr, - value: v as u64, + old_value: 0, // TODO + new_value: v as u64, name: name.clone(), }; self.memory_operations.push(memory_operation); @@ -1589,7 +1596,8 @@ impl Emu { op: "read".to_string(), bits: 8, address: addr, - value: v as u64, + old_value: 0, // TODO + new_value: v as u64, name: name.clone(), }; self.memory_operations.push(memory_operation); @@ -1636,7 +1644,8 @@ impl Emu { op: "write".to_string(), bits: 32, address: addr, - value: value as u64, + old_value: 0, // TODO + new_value: value as u64, name: name.clone(), }; self.memory_operations.push(memory_operation); @@ -3590,7 +3599,8 @@ impl Emu { op: "read".to_string(), bits: sz, address: mem_addr, - value: value, + old_value: 0, // TODO + new_value: value, name: name.clone(), }; self.memory_operations.push(memory_operation); @@ -3755,7 +3765,8 @@ impl Emu { op: "write".to_string(), bits: sz, address: mem_addr, - value: value2, + old_value: 0, // TODO + new_value: value2, name: name.clone(), }; self.memory_operations.push(memory_operation); @@ -4183,9 +4194,11 @@ impl Emu { self.post_op_flags = self.flags.clone(); } - pub fn diff_pre_op_post_op(&mut self) { + pub fn write_to_trace_file(&mut self) { // 00,00007FFBEF4E5FF0,EB 08,jmp 7FFBEF4E5FFA,rax: 7FFBEF4E5FF0-> 7FFBEF4E5FF0 rbx: 7FFE0385-> 7FFE0385 rcx: 7FFBEE4B0000-> 7FFBEE4B0000 rdx: 1-> 1 rsp: 98EB5DDFF8-> 98EB5DDFF8 rbp: 98EB5DE338-> 98EB5DE338 rsi: 1-> 1 rdi: 7FFE0384-> 7FFE0384 r8: 0-> 0 r9: 0-> 0 r10: A440AE23305F3A70-> A440AE23305F3A70 r11: 98EB5DE068-> 98EB5DE068 r12: 7FFBEF4E5FF0-> 7FFBEF4E5FF0 r13: 1FC18C72DC0-> 1FC18C72DC0 r14: 7FFBEE4B0000-> 7FFBEE4B0000 r15: 0-> 0 rflags: 344-> 246,,OptionalHeader.AddressOfEntryPoint // 01,00007FFBEF4E5FFA,50,push rax,rsp: 98EB5DDFF8-> 98EB5DDFF0,00000098EB5DDFF0: 7FFC65FF8B8F-> 7FFBEF4E5FF0,rax:GetMsgProc+102D07D + let index = self.pos - 1; + let instruction = self.instruction.unwrap(); let instruction_bytes = &self.instruction_bytes; @@ -4203,22 +4216,30 @@ impl Emu { ); let mut memory = String::new(); - for op in self.memory_operations.iter() { - memory += &format!("{:?}", op); + for memory_op in self.memory_operations.iter() { + if memory_op.op == "read" { + continue; + } + // 00000098EB5DDFF0: 7FFC65FF8B8F-> 7FFBEF4E5FF0 + memory = format!("{} {:x}: {:x}-> {:x}", memory, memory_op.address, memory_op.old_value, memory_op.new_value); } let mut trace_file = self.cfg.trace_file.as_ref().unwrap(); writeln!( trace_file, "{index:02X},{address:016X},{bytes:02x?},{disassembly},{registers},{memory},{comments}", - index = self.pos - 1, + index = index, address = self.pre_op_regs.rip, bytes = instruction_bytes, disassembly = self.out, registers = format!("{} {}", registers, flags), memory = memory, comments = "" - ); + ).expect("failed to write to trace file"); + + if index > 10 { + panic!("OUT"); + } } fn trace_registers_64bit(&mut self) { @@ -4556,7 +4577,7 @@ impl Emu { if self.cfg.trace_file.is_some() { self.capture_post_op(); - self.diff_pre_op_post_op(); + self.write_to_trace_file(); } if !emulation_ok { diff --git a/src/emu/flags.rs b/src/emu/flags.rs index 568f432..29791c7 100644 --- a/src/emu/flags.rs +++ b/src/emu/flags.rs @@ -87,120 +87,9 @@ impl Flags { } pub fn diff(rip: u64, pos: u64, a: Flags, b: Flags) -> String { - let mut output = format!( - "\tdiff_flags: pos = {} rip = {:x} in = {:x} out = {:x} ", - pos, - rip, - a.dump(), - b.dump() - ); - if a.f_cf != b.f_cf { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_cf", a.f_cf as u8, b.f_cf as u8 - ); - } - if a.f_pf != b.f_pf { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_pf", a.f_pf as u8, b.f_pf as u8 - ); - } - if a.f_af != b.f_af { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_af", a.f_af as u8, b.f_af as u8 - ); - } - if a.f_zf != b.f_zf { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_zf", a.f_zf as u8, b.f_zf as u8 - ); - } - if a.f_sf != b.f_sf { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_sf", a.f_sf as u8, b.f_sf as u8 - ); - } - if a.f_tf != b.f_tf { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_tf", a.f_tf as u8, b.f_tf as u8 - ); - } - if a.f_if != b.f_if { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_if", a.f_if as u8, b.f_if as u8 - ); - } - if a.f_df != b.f_df { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_df", a.f_df as u8, b.f_df as u8 - ); - } - if a.f_of != b.f_of { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_of", a.f_of as u8, b.f_of as u8 - ); - } - if a.f_iopl1 != b.f_iopl1 { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_iopl1", a.f_iopl1 as u8, b.f_iopl1 as u8 - ); - } - if a.f_iopl2 != b.f_iopl2 { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_iopl2", a.f_iopl2 as u8, b.f_iopl2 as u8 - ); - } - if a.f_nt != b.f_nt { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_nt", a.f_nt as u8, b.f_nt as u8 - ); - } - if a.f_rf != b.f_rf { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_rf", a.f_rf as u8, b.f_rf as u8 - ); - } - if a.f_vm != b.f_vm { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_vm", a.f_vm as u8, b.f_vm as u8 - ); - } - if a.f_ac != b.f_ac { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_ac", a.f_ac as u8, b.f_ac as u8 - ); - } - if a.f_vif != b.f_vif { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_vif", a.f_vif as u8, b.f_vif as u8 - ); - } - if a.f_vip != b.f_vip { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_vip", a.f_vip as u8, b.f_vip as u8 - ); - } - if a.f_id != b.f_id { - output = format!( - "{}{} {:x} -> {:x}; ", - output, "f_id", a.f_id as u8, b.f_id as u8 - ); + let mut output = String::new(); + if a.dump() != b.dump() { + output = format!("rflags: {:x} -> {:x}; ", a.dump(), b.dump()); } output } diff --git a/src/emu/regs64.rs b/src/emu/regs64.rs index 3532c2d..f00bb9b 100644 --- a/src/emu/regs64.rs +++ b/src/emu/regs64.rs @@ -269,7 +269,7 @@ impl Regs64 { } pub fn diff(rip: u64, pos: u64, a: Regs64, b: Regs64) -> String { - let mut output = format!("\tdiff_reg: pos = {} rip = {:x} ", pos, rip); + let mut output = String::new(); if a.dr0 != b.dr0 { output = format!("{}{} {:x} -> {:x}; ", output, "dr0", a.dr0, b.dr0); } diff --git a/src/emu/structures.rs b/src/emu/structures.rs index 35d0e34..a98e9dc 100644 --- a/src/emu/structures.rs +++ b/src/emu/structures.rs @@ -2055,8 +2055,10 @@ pub struct MemoryOperation { pub bits: u32, /// Memory address being accessed pub address: u64, - /// Value being read or written - pub value: u64, + /// Old value before the operation + pub old_value: u64, + /// New value after the operation + pub new_value: u64, /// Name of the memory region being accessed pub name: String, } From 8b5767cdd047b25515ad4ab5bb09a879b31a4917 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 13:48:47 -0500 Subject: [PATCH 19/49] dump state on index == 0 --- src/emu.rs | 59 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 47 insertions(+), 12 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index ecbe9cc..b5cbdfa 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -4202,18 +4202,53 @@ impl Emu { let instruction = self.instruction.unwrap(); let instruction_bytes = &self.instruction_bytes; - let registers = Regs64::diff( - self.pre_op_regs.rip, - self.pos - 1, - self.pre_op_regs, - self.post_op_regs, - ); - let flags = Flags::diff( - self.pre_op_regs.rip, - self.pos - 1, - self.pre_op_flags, - self.post_op_flags, - ); + let mut registers = String::new(); + if index == 0 { + /* + rax: 7FFBEF4E5FF0->7FFBEF4E5FF0 + rbx: 7FFE0385->7FFE0385 + rcx: 7FFBEE4B0000->7FFBEE4B0000 + rdx: 1->1 + rsp: 98EB5DDFF8->98EB5DDFF8 + rbp: 98EB5DE338->98EB5DE338 + rsi: 1->1 + rdi: 7FFE0384->7FFE0384 + r8: 0->0 + r9: 0->0 + r10: A440AE23305F3A70->A440AE23305F3A70 + r11: 98EB5DE068->98EB5DE068 + r12: 7FFBEF4E5FF0->7FFBEF4E5FF0 + r13: 1FC18C72DC0->1FC18C72DC0 + r14: 7FFBEE4B0000->7FFBEE4B0000 + r15: 0->0 + rflags: 344->246 + */ + registers = format!("{} rax: {:x}-> {:x}", registers, self.pre_op_regs.rax, self.post_op_regs.rax); + registers = format!("{} rbx: {:x}-> {:x}", registers, self.pre_op_regs.rbx, self.post_op_regs.rbx); + registers = format!("{} rcx: {:x}-> {:x}", registers, self.pre_op_regs.rcx, self.post_op_regs.rcx); + registers = format!("{} rdx: {:x}-> {:x}", registers, self.pre_op_regs.rdx, self.post_op_regs.rdx); + registers = format!("{} rsp: {:x}-> {:x}", registers, self.pre_op_regs.rsp, self.post_op_regs.rsp); + registers = format!("{} rbp: {:x}-> {:x}", registers, self.pre_op_regs.rbp, self.post_op_regs.rbp); + registers = format!("{} rsi: {:x}-> {:x}", registers, self.pre_op_regs.rsi, self.post_op_regs.rsi); + registers = format!("{} rdi: {:x}-> {:x}", registers, self.pre_op_regs.rdi, self.post_op_regs.rdi); + registers = format!("{} r8: {:x}-> {:x}", registers, self.pre_op_regs.r8, self.post_op_regs.r8); + registers = format!("{} r9: {:x}-> {:x}", registers, self.pre_op_regs.r9, self.post_op_regs.r9); + registers = format!("{} r10: {:x}-> {:x}", registers, self.pre_op_regs.r10, self.post_op_regs.r10); + registers = format!("{} r11: {:x}-> {:x}", registers, self.pre_op_regs.r11, self.post_op_regs.r11); + registers = format!("{} r12: {:x}-> {:x}", registers, self.pre_op_regs.r12, self.post_op_regs.r12); + registers = format!("{} r13: {:x}-> {:x}", registers, self.pre_op_regs.r13, self.post_op_regs.r13); + registers = format!("{} r14: {:x}-> {:x}", registers, self.pre_op_regs.r14, self.post_op_regs.r14); + registers = format!("{} r15: {:x}-> {:x}", registers, self.pre_op_regs.r15, self.post_op_regs.r15); + } else { + registers = Regs64::diff( + self.pre_op_regs.rip, + self.pos - 1, + self.pre_op_regs, + self.post_op_regs, + ); + } + + let flags = format!("rflags: {:x}-> {:x}", self.pre_op_flags.dump(), self.post_op_flags.dump()); let mut memory = String::new(); for memory_op in self.memory_operations.iter() { From 3eefc73dc204d8f46e6c1bd87b71b423e29b2612 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 14:31:54 -0500 Subject: [PATCH 20/49] wrong bits --- src/emu.rs | 40 +++++++---- src/emu/regs64.rs | 174 +++++++++++++++++++++++----------------------- 2 files changed, 113 insertions(+), 101 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index b5cbdfa..639fa9c 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -1637,12 +1637,14 @@ impl Emu { self.force_break = true; } + let bits = self.get_size(operand); + if self.cfg.trace_mem { let memory_operation = MemoryOperation { pos: self.pos, rip: self.regs.rip, op: "write".to_string(), - bits: 32, + bits: bits as u32, address: addr, old_value: 0, // TODO new_value: value as u64, @@ -1651,8 +1653,7 @@ impl Emu { self.memory_operations.push(memory_operation); println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, addr, value, name); } - - let bits = self.get_size(operand); + let ret = match bits { 64 => self.maps.write_qword(addr, value), 32 => self.maps.write_dword(addr, (value & 0xffffffff) as u32), @@ -4202,6 +4203,7 @@ impl Emu { let instruction = self.instruction.unwrap(); let instruction_bytes = &self.instruction_bytes; + // dump all registers on first, only differences on next let mut registers = String::new(); if index == 0 { /* @@ -4248,7 +4250,14 @@ impl Emu { ); } - let flags = format!("rflags: {:x}-> {:x}", self.pre_op_flags.dump(), self.post_op_flags.dump()); + let mut flags = String::new(); + if index == 0 { + flags = format!("rflags: {:x}-> {:x}", self.pre_op_flags.dump(), self.post_op_flags.dump()); + } else { + if self.pre_op_flags.dump() != self.post_op_flags.dump() { + flags = format!("rflags: {:x}-> {:x}", self.pre_op_flags.dump(), self.post_op_flags.dump()); + } + } let mut memory = String::new(); for memory_op in self.memory_operations.iter() { @@ -4262,7 +4271,7 @@ impl Emu { let mut trace_file = self.cfg.trace_file.as_ref().unwrap(); writeln!( trace_file, - "{index:02X},{address:016X},{bytes:02x?},{disassembly},{registers},{memory},{comments}", + r#""{index:02X}","{address:016X}","{bytes:02x?}","{disassembly}","{registers}","{memory}","{comments}""#, index = index, address = self.pre_op_regs.rip, bytes = instruction_bytes, @@ -4272,7 +4281,7 @@ impl Emu { comments = "" ).expect("failed to write to trace file"); - if index > 10 { + if index > 32 { panic!("OUT"); } } @@ -4423,19 +4432,22 @@ impl Emu { let mut formatter = IntelFormatter::new(); formatter.options_mut().set_digit_separator(""); formatter.options_mut().set_first_operand_char_index(6); + // get first instruction from iterator - let ins = decoder.iter().next().unwrap(); - // size + let ins = decoder.decode(); let sz = ins.len(); + let addr = ins.ip(); + let position = decoder.position(); + let instruction_bytes = block[position-sz..position].to_vec(); // clear self.out.clear(); + self.memory_operations.clear(); // format formatter.format(&ins, &mut self.out); self.instruction = Some(ins); - self.instruction_bytes = vec![]; // TODO - self.memory_operations.clear(); + self.instruction_bytes = instruction_bytes; // emulate let result_ok = self.emulate_instruction(&ins, sz, true); @@ -4509,17 +4521,17 @@ impl Emu { Decoder::with_ip(32, &block, self.regs.get_eip(), DecoderOptions::NONE); } - for ins in decoder.iter() { + while decoder.can_decode() { + let ins = decoder.decode(); let sz = ins.len(); let addr = ins.ip(); - let position = ins.ip() - self.regs.rip; - let instruction_bytes = block[position as usize..position as usize + sz].to_vec(); + let position = decoder.position(); + let instruction_bytes = block[position-sz..position].to_vec(); if !end_addr.is_none() && Some(addr) == end_addr { return Ok(self.regs.rip); } - self.out.clear(); formatter.format(&ins, &mut self.out); self.instruction = Some(ins); diff --git a/src/emu/regs64.rs b/src/emu/regs64.rs index f00bb9b..7fc0b6e 100644 --- a/src/emu/regs64.rs +++ b/src/emu/regs64.rs @@ -271,263 +271,263 @@ impl Regs64 { pub fn diff(rip: u64, pos: u64, a: Regs64, b: Regs64) -> String { let mut output = String::new(); if a.dr0 != b.dr0 { - output = format!("{}{} {:x} -> {:x}; ", output, "dr0", a.dr0, b.dr0); + output = format!("{}{}: {:x} -> {:x} ", output, "dr0", a.dr0, b.dr0); } if a.dr1 != b.dr1 { - output = format!("{}{} {:x} -> {:x}; ", output, "dr1", a.dr1, b.dr1); + output = format!("{}{}: {:x} -> {:x} ", output, "dr1", a.dr1, b.dr1); } if a.dr2 != b.dr2 { - output = format!("{}{} {:x} -> {:x}; ", output, "dr2", a.dr2, b.dr2); + output = format!("{}{}: {:x} -> {:x} ", output, "dr2", a.dr2, b.dr2); } if a.dr3 != b.dr3 { - output = format!("{}{} {:x} -> {:x}; ", output, "dr3", a.dr3, b.dr3); + output = format!("{}{}: {:x} -> {:x} ", output, "dr3", a.dr3, b.dr3); } if a.dr6 != b.dr6 { - output = format!("{}{} {:x} -> {:x}; ", output, "dr6", a.dr6, b.dr6); + output = format!("{}{}: {:x} -> {:x} ", output, "dr6", a.dr6, b.dr6); } if a.dr7 != b.dr7 { - output = format!("{}{} {:x} -> {:x}; ", output, "dr7", a.dr7, b.dr7); + output = format!("{}{}: {:x} -> {:x} ", output, "dr7", a.dr7, b.dr7); } if a.rax != b.rax { - output = format!("{}{} {:x} -> {:x}; ", output, "rax", a.rax, b.rax); + output = format!("{}{}: {:x} -> {:x} ", output, "rax", a.rax, b.rax); } if a.rbx != b.rbx { - output = format!("{}{} {:x} -> {:x}; ", output, "rbx", a.rbx, b.rbx); + output = format!("{}{}: {:x} -> {:x} ", output, "rbx", a.rbx, b.rbx); } if a.rcx != b.rcx { - output = format!("{}{} {:x} -> {:x}; ", output, "rcx", a.rcx, b.rcx); + output = format!("{}{}: {:x} -> {:x} ", output, "rcx", a.rcx, b.rcx); } if a.rdx != b.rdx { - output = format!("{}{} {:x} -> {:x}; ", output, "rdx", a.rdx, b.rdx); + output = format!("{}{}: {:x} -> {:x} ", output, "rdx", a.rdx, b.rdx); } if a.rsi != b.rsi { - output = format!("{}{} {:x} -> {:x}; ", output, "rsi", a.rsi, b.rsi); + output = format!("{}{}: {:x} -> {:x} ", output, "rsi", a.rsi, b.rsi); } if a.rdi != b.rdi { - output = format!("{}{} {:x} -> {:x}; ", output, "rdi", a.rdi, b.rdi); + output = format!("{}{}: {:x} -> {:x} ", output, "rdi", a.rdi, b.rdi); } if a.rbp != b.rbp { - output = format!("{}{} {:x} -> {:x}; ", output, "rbp", a.rbp, b.rbp); + output = format!("{}{}: {:x} -> {:x} ", output, "rbp", a.rbp, b.rbp); } if a.rsp != b.rsp { - output = format!("{}{} {:x} -> {:x}; ", output, "rsp", a.rsp, b.rsp); + output = format!("{}{}: {:x} -> {:x} ", output, "rsp", a.rsp, b.rsp); } - //if a.rip != b.rip { output = format!("{}{} {:x} -> {:x}; ", output, "rip", a.rip, b.rip); } + //if a.rip != b.rip { output = format!("{}{}: {:x} -> {:x} ", output, "rip", a.rip, b.rip) } if a.r8 != b.r8 { - output = format!("{}{} {:x} -> {:x}; ", output, "r8", a.r8, b.r8); + output = format!("{}{}: {:x} -> {:x} ", output, "r8", a.r8, b.r8); } if a.r9 != b.r9 { - output = format!("{}{} {:x} -> {:x}; ", output, "r9", a.r9, b.r9); + output = format!("{}{}: {:x} -> {:x} ", output, "r9", a.r9, b.r9); } if a.r10 != b.r10 { - output = format!("{}{} {:x} -> {:x}; ", output, "r10", a.r10, b.r10); + output = format!("{}{}: {:x} -> {:x} ", output, "r10", a.r10, b.r10); } if a.r11 != b.r11 { - output = format!("{}{} {:x} -> {:x}; ", output, "r11", a.r11, b.r11); + output = format!("{}{}: {:x} -> {:x} ", output, "r11", a.r11, b.r11); } if a.r12 != b.r12 { - output = format!("{}{} {:x} -> {:x}; ", output, "r12", a.r12, b.r12); + output = format!("{}{}: {:x} -> {:x} ", output, "r12", a.r12, b.r12); } if a.r13 != b.r13 { - output = format!("{}{} {:x} -> {:x}; ", output, "r13", a.r13, b.r13); + output = format!("{}{}: {:x} -> {:x} ", output, "r13", a.r13, b.r13); } if a.r14 != b.r14 { - output = format!("{}{} {:x} -> {:x}; ", output, "r14", a.r14, b.r14); + output = format!("{}{}: {:x} -> {:x} ", output, "r14", a.r14, b.r14); } if a.r15 != b.r15 { - output = format!("{}{} {:x} -> {:x}; ", output, "r15", a.r15, b.r15); + output = format!("{}{}: {:x} -> {:x} ", output, "r15", a.r15, b.r15); } if a.cr0 != b.cr0 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr0", a.cr0, b.cr0); + output = format!("{}{}: {:x} -> {:x} ", output, "cr0", a.cr0, b.cr0); } if a.cr1 != b.cr1 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr1", a.cr1, b.cr1); + output = format!("{}{}: {:x} -> {:x} ", output, "cr1", a.cr1, b.cr1); } if a.cr2 != b.cr2 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr2", a.cr2, b.cr2); + output = format!("{}{}: {:x} -> {:x} ", output, "cr2", a.cr2, b.cr2); } if a.cr3 != b.cr3 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr3", a.cr3, b.cr3); + output = format!("{}{}: {:x} -> {:x} ", output, "cr3", a.cr3, b.cr3); } if a.cr4 != b.cr4 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr4", a.cr4, b.cr4); + output = format!("{}{}: {:x} -> {:x} ", output, "cr4", a.cr4, b.cr4); } if a.cr5 != b.cr5 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr5", a.cr5, b.cr5); + output = format!("{}{}: {:x} -> {:x} ", output, "cr5", a.cr5, b.cr5); } if a.cr6 != b.cr6 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr6", a.cr6, b.cr6); + output = format!("{}{}: {:x} -> {:x} ", output, "cr6", a.cr6, b.cr6); } if a.cr7 != b.cr7 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr7", a.cr7, b.cr7); + output = format!("{}{}: {:x} -> {:x} ", output, "cr7", a.cr7, b.cr7); } if a.cr8 != b.cr8 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr8", a.cr8, b.cr8); + output = format!("{}{}: {:x} -> {:x} ", output, "cr8", a.cr8, b.cr8); } if a.cr9 != b.cr9 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr9", a.cr9, b.cr9); + output = format!("{}{}: {:x} -> {:x} ", output, "cr9", a.cr9, b.cr9); } if a.cr10 != b.cr10 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr10", a.cr10, b.cr10); + output = format!("{}{}: {:x} -> {:x} ", output, "cr10", a.cr10, b.cr10); } if a.cr11 != b.cr11 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr11", a.cr11, b.cr11); + output = format!("{}{}: {:x} -> {:x} ", output, "cr11", a.cr11, b.cr11); } if a.cr12 != b.cr12 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr12", a.cr12, b.cr12); + output = format!("{}{}: {:x} -> {:x} ", output, "cr12", a.cr12, b.cr12); } if a.cr13 != b.cr13 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr13", a.cr13, b.cr13); + output = format!("{}{}: {:x} -> {:x} ", output, "cr13", a.cr13, b.cr13); } if a.cr14 != b.cr14 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr14", a.cr14, b.cr14); + output = format!("{}{}: {:x} -> {:x} ", output, "cr14", a.cr14, b.cr14); } if a.cr15 != b.cr15 { - output = format!("{}{} {:x} -> {:x}; ", output, "cr15", a.cr15, b.cr15); + output = format!("{}{}: {:x} -> {:x} ", output, "cr15", a.cr15, b.cr15); } if a.msr != b.msr { - output = format!("{}{} {:x} -> {:x}; ", output, "msr", a.msr, b.msr); + output = format!("{}{}: {:x} -> {:x} ", output, "msr", a.msr, b.msr); } if a.tr3 != b.tr3 { - output = format!("{}{} {:x} -> {:x}; ", output, "tr3", a.tr3, b.tr3); + output = format!("{}{}: {:x} -> {:x} ", output, "tr3", a.tr3, b.tr3); } if a.tr4 != b.tr4 { - output = format!("{}{} {:x} -> {:x}; ", output, "tr4", a.tr4, b.tr4); + output = format!("{}{}: {:x} -> {:x} ", output, "tr4", a.tr4, b.tr4); } if a.tr5 != b.tr5 { - output = format!("{}{} {:x} -> {:x}; ", output, "tr5", a.tr5, b.tr5); + output = format!("{}{}: {:x} -> {:x} ", output, "tr5", a.tr5, b.tr5); } if a.tr6 != b.tr6 { - output = format!("{}{} {:x} -> {:x}; ", output, "tr6", a.tr6, b.tr6); + output = format!("{}{}: {:x} -> {:x} ", output, "tr6", a.tr6, b.tr6); } if a.tr7 != b.tr7 { - output = format!("{}{} {:x} -> {:x}; ", output, "tr7", a.tr7, b.tr7); + output = format!("{}{}: {:x} -> {:x} ", output, "tr7", a.tr7, b.tr7); } if a.xmm0 != b.xmm0 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm0", a.xmm0, b.xmm0); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm0", a.xmm0, b.xmm0); } if a.xmm1 != b.xmm1 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm1", a.xmm1, b.xmm1); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm1", a.xmm1, b.xmm1); } if a.xmm2 != b.xmm2 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm2", a.xmm2, b.xmm2); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm2", a.xmm2, b.xmm2); } if a.xmm3 != b.xmm3 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm3", a.xmm3, b.xmm3); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm3", a.xmm3, b.xmm3); } if a.xmm4 != b.xmm4 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm4", a.xmm4, b.xmm4); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm4", a.xmm4, b.xmm4); } if a.xmm5 != b.xmm5 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm5", a.xmm5, b.xmm5); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm5", a.xmm5, b.xmm5); } if a.xmm6 != b.xmm6 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm6", a.xmm6, b.xmm6); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm6", a.xmm6, b.xmm6); } if a.xmm7 != b.xmm7 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm7", a.xmm7, b.xmm7); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm7", a.xmm7, b.xmm7); } if a.xmm8 != b.xmm8 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm8", a.xmm8, b.xmm8); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm8", a.xmm8, b.xmm8); } if a.xmm9 != b.xmm9 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm9", a.xmm9, b.xmm9); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm9", a.xmm9, b.xmm9); } if a.xmm10 != b.xmm10 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm10", a.xmm10, b.xmm10); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm10", a.xmm10, b.xmm10); } if a.xmm11 != b.xmm11 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm11", a.xmm11, b.xmm11); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm11", a.xmm11, b.xmm11); } if a.xmm12 != b.xmm12 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm12", a.xmm12, b.xmm12); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm12", a.xmm12, b.xmm12); } if a.xmm13 != b.xmm13 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm13", a.xmm13, b.xmm13); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm13", a.xmm13, b.xmm13); } if a.xmm14 != b.xmm14 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm14", a.xmm14, b.xmm14); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm14", a.xmm14, b.xmm14); } if a.xmm15 != b.xmm15 { - output = format!("{}{} {:x} -> {:x}; ", output, "xmm15", a.xmm15, b.xmm15); + output = format!("{}{}: {:x} -> {:x} ", output, "xmm15", a.xmm15, b.xmm15); } if a.ymm0 != b.ymm0 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm0", a.ymm0, b.ymm0); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm0", a.ymm0, b.ymm0); } if a.ymm1 != b.ymm1 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm1", a.ymm1, b.ymm1); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm1", a.ymm1, b.ymm1); } if a.ymm2 != b.ymm2 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm2", a.ymm2, b.ymm2); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm2", a.ymm2, b.ymm2); } if a.ymm3 != b.ymm3 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm3", a.ymm3, b.ymm3); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm3", a.ymm3, b.ymm3); } if a.ymm4 != b.ymm4 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm4", a.ymm4, b.ymm4); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm4", a.ymm4, b.ymm4); } if a.ymm5 != b.ymm5 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm5", a.ymm5, b.ymm5); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm5", a.ymm5, b.ymm5); } if a.ymm6 != b.ymm6 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm6", a.ymm6, b.ymm6); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm6", a.ymm6, b.ymm6); } if a.ymm7 != b.ymm7 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm7", a.ymm7, b.ymm7); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm7", a.ymm7, b.ymm7); } if a.ymm8 != b.ymm8 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm8", a.ymm8, b.ymm8); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm8", a.ymm8, b.ymm8); } if a.ymm9 != b.ymm9 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm9", a.ymm9, b.ymm9); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm9", a.ymm9, b.ymm9); } if a.ymm10 != b.ymm10 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm10", a.ymm10, b.ymm10); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm10", a.ymm10, b.ymm10); } if a.ymm11 != b.ymm11 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm11", a.ymm11, b.ymm11); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm11", a.ymm11, b.ymm11); } if a.ymm12 != b.ymm12 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm12", a.ymm12, b.ymm12); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm12", a.ymm12, b.ymm12); } if a.ymm13 != b.ymm13 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm13", a.ymm13, b.ymm13); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm13", a.ymm13, b.ymm13); } if a.ymm14 != b.ymm14 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm14", a.ymm14, b.ymm14); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm14", a.ymm14, b.ymm14); } if a.ymm15 != b.ymm15 { - output = format!("{}{} {:x} -> {:x}; ", output, "ymm15", a.ymm15, b.ymm15); + output = format!("{}{}: {:x} -> {:x} ", output, "ymm15", a.ymm15, b.ymm15); } if a.mm0 != b.mm0 { - output = format!("{}{} {:x} -> {:x}; ", output, "mm0", a.mm0, b.mm0); + output = format!("{}{}: {:x} -> {:x} ", output, "mm0", a.mm0, b.mm0); } if a.mm1 != b.mm1 { - output = format!("{}{} {:x} -> {:x}; ", output, "mm1", a.mm1, b.mm1); + output = format!("{}{}: {:x} -> {:x} ", output, "mm1", a.mm1, b.mm1); } if a.mm2 != b.mm2 { - output = format!("{}{} {:x} -> {:x}; ", output, "mm2", a.mm2, b.mm2); + output = format!("{}{}: {:x} -> {:x} ", output, "mm2", a.mm2, b.mm2); } if a.mm3 != b.mm3 { - output = format!("{}{} {:x} -> {:x}; ", output, "mm3", a.mm3, b.mm3); + output = format!("{}{}: {:x} -> {:x} ", output, "mm3", a.mm3, b.mm3); } if a.mm4 != b.mm4 { - output = format!("{}{} {:x} -> {:x}; ", output, "mm4", a.mm4, b.mm4); + output = format!("{}{}: {:x} -> {:x} ", output, "mm4", a.mm4, b.mm4); } if a.mm5 != b.mm5 { - output = format!("{}{} {:x} -> {:x}; ", output, "mm5", a.mm5, b.mm5); + output = format!("{}{}: {:x} -> {:x} ", output, "mm5", a.mm5, b.mm5); } if a.mm6 != b.mm6 { - output = format!("{}{} {:x} -> {:x}; ", output, "mm6", a.mm6, b.mm6); + output = format!("{}{}: {:x} -> {:x} ", output, "mm6", a.mm6, b.mm6); } if a.mm7 != b.mm7 { - output = format!("{}{} {:x} -> {:x}; ", output, "mm7", a.mm7, b.mm7); + output = format!("{}{}: {:x} -> {:x} ", output, "mm7", a.mm7, b.mm7); } if a.gs != b.gs { - output = format!("{}{} {:x} -> {:x}; ", output, "gs", a.gs, b.gs); + output = format!("{}{}: {:x} -> {:x} ", output, "gs", a.gs, b.gs); } if a.fs != b.fs { - output = format!("{}{} {:x} -> {:x}; ", output, "fs", a.fs, b.fs); + output = format!("{}{}: {:x} -> {:x} ", output, "fs", a.fs, b.fs); } output } From bfc107e76289beba1cec8dbef53fcf3065a303d9 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 14:46:05 -0500 Subject: [PATCH 21/49] old value stack push fix --- src/emu.rs | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index 639fa9c..7bcfb45 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -1103,7 +1103,7 @@ impl Emu { op: "write".to_string(), bits: 32, address: self.regs.get_esp(), - old_value: 0, // TODO + old_value: self.maps.read_dword(self.regs.get_esp()).unwrap_or(0) as u64, new_value: value as u64, name: name.clone(), }; @@ -1164,7 +1164,7 @@ impl Emu { op: "write".to_string(), bits: 64, address: self.regs.rsp, - old_value: 0, // TODO + old_value: self.maps.read_qword(self.regs.rsp).unwrap_or(0) as u64, new_value: value as u64, name: name.clone(), }; @@ -1172,7 +1172,7 @@ impl Emu { println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, self.regs.rsp, value, name); } - self.regs.rsp -= 8; + self.regs.rsp = self.regs.rsp - 8; /* let stack = self.maps.get_mem("stack"); if stack.inside(self.regs.rsp) { @@ -1267,7 +1267,7 @@ impl Emu { op: "read".to_string(), bits: 32, address: self.regs.get_esp(), - old_value: 0, // TODO + old_value: 0, // not needed for read? new_value: value as u64, name: name.clone(), }; @@ -1330,7 +1330,7 @@ impl Emu { op: "read".to_string(), bits: 32, address: self.regs.rsp, - old_value: 0, // TODO + old_value: 0, // not needed for read? new_value: value as u64, name: name.clone(), }; @@ -1524,7 +1524,7 @@ impl Emu { op: "read".to_string(), bits: 64, address: addr, - old_value: 0, // TODO + old_value: 0, // not needed for read? new_value: v as u64, name: name.clone(), }; @@ -1548,7 +1548,7 @@ impl Emu { op: "read".to_string(), bits: 32, address: addr, - old_value: 0, // TODO + old_value: 0, // not needed for read? new_value: v as u64, name: name.clone(), }; @@ -1572,7 +1572,7 @@ impl Emu { op: "read".to_string(), bits: 16, address: addr, - old_value: 0, // TODO + old_value: 0, // not needed for read? new_value: v as u64, name: name.clone(), }; @@ -1596,7 +1596,7 @@ impl Emu { op: "read".to_string(), bits: 8, address: addr, - old_value: 0, // TODO + old_value: 0, // not needed for read? new_value: v as u64, name: name.clone(), }; @@ -1646,7 +1646,13 @@ impl Emu { op: "write".to_string(), bits: bits as u32, address: addr, - old_value: 0, // TODO + old_value: match bits { + 64 => self.maps.read_qword(addr).unwrap_or(0), + 32 => self.maps.read_dword(addr).unwrap_or(0) as u64, + 16 => self.maps.read_word(addr).unwrap_or(0) as u64, + 8 => self.maps.read_byte(addr).unwrap_or(0) as u64, + _ => unreachable!("weird size: {}", operand), + }, new_value: value as u64, name: name.clone(), }; @@ -3600,7 +3606,7 @@ impl Emu { op: "read".to_string(), bits: sz, address: mem_addr, - old_value: 0, // TODO + old_value: 0, // not needed for read? new_value: value, name: name.clone(), }; @@ -3687,6 +3693,18 @@ impl Emu { None => value, }; + let old_value = if self.cfg.trace_mem { + match sz { + 64 => self.maps.read_qword(mem_addr).unwrap_or(0), + 32 => self.maps.read_dword(mem_addr).unwrap_or(0) as u64, + 16 => self.maps.read_word(mem_addr).unwrap_or(0) as u64, + 8 => self.maps.read_byte(mem_addr).unwrap_or(0) as u64, + _ => unreachable!("weird size: {}", sz), + } + } else { + 0 + }; + match sz { 64 => { if !self.maps.write_qword(mem_addr, value2) { @@ -3766,7 +3784,7 @@ impl Emu { op: "write".to_string(), bits: sz, address: mem_addr, - old_value: 0, // TODO + old_value: old_value, new_value: value2, name: name.clone(), }; From 5444733ed77c217709872800d16eba91c90a7a8f Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 15:13:06 -0500 Subject: [PATCH 22/49] set_reg_by_name --- src/emu/regs64.rs | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/emu/regs64.rs b/src/emu/regs64.rs index 7fc0b6e..0c79ee0 100644 --- a/src/emu/regs64.rs +++ b/src/emu/regs64.rs @@ -1607,6 +1607,29 @@ impl Regs64 { }; } + pub fn set_reg_by_name(&mut self, reg_name: &str, value: u64) { + let reg = match reg_name { + "rax" => Register::RAX, + "rbx" => Register::RBX, + "rcx" => Register::RCX, + "rdx" => Register::RDX, + "rsp" => Register::RSP, + "rbp" => Register::RBP, + "rsi" => Register::RSI, + "rdi" => Register::RDI, + "r8" => Register::R8, + "r9" => Register::R9, + "r10" => Register::R10, + "r11" => Register::R11, + "r12" => Register::R12, + "r13" => Register::R13, + "r14" => Register::R14, + "r15" => Register::R15, + _ => unimplemented!("unimplemented register {:?}", reg_name), + }; + self.set_reg(reg, value); + } + pub fn is_fpu(&self, reg: Register) -> bool { match reg { Register::ST0 => true, From 17c405c055b400ed3edefce7a678cfab826d0d33 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 15:36:18 -0500 Subject: [PATCH 23/49] register args --- src/emu.rs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index 7bcfb45..78d1829 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -323,15 +323,14 @@ impl Emu { } pub fn init_stack32(&mut self) { - + // default if not set via clap args if self.cfg.stack_addr == 0 { self.cfg.stack_addr = 0x212000; + self.regs.set_esp(self.cfg.stack_addr + 0x1c000 + 4); + self.regs.set_ebp(self.cfg.stack_addr + 0x1c000 + 4 + 0x1000); } let stack = self.maps.create_map("stack", self.cfg.stack_addr, 0x030000).expect("cannot create stack map"); - self.regs.set_esp(self.cfg.stack_addr + 0x1c000 + 4); - self.regs - .set_ebp(self.cfg.stack_addr + 0x1c000 + 4 + 0x1000); assert!(self.regs.get_esp() < self.regs.get_ebp()); assert!(self.regs.get_esp() > stack.get_base()); @@ -349,14 +348,13 @@ impl Emu { } pub fn init_stack64(&mut self) { + // default if not set via clap args if self.cfg.stack_addr == 0 { self.cfg.stack_addr = 0x22a000; + self.regs.rsp = self.cfg.stack_addr + 0x4000; + self.regs.rbp = self.cfg.stack_addr + 0x4000 + 0x1000; } - self.regs.rsp = self.cfg.stack_addr + 0x4000; - self.regs.rbp = self.cfg.stack_addr + 0x4000 + 0x1000; - - let stack = self.maps.create_map("stack", self.cfg.stack_addr, 0x6000).expect("cannot create stack map"); assert!(self.regs.rsp < self.regs.rbp); @@ -414,7 +412,7 @@ impl Emu { self.flags.f_nt = false; } - pub fn init(&mut self) { + pub fn init(&mut self, clear_registers: bool) { self.pos = 0; if !atty::is(Stream::Stdout) { @@ -425,7 +423,9 @@ impl Emu { } //println!("initializing regs"); - self.regs.clear::<64>(); + if clear_registers { + self.regs.clear::<64>(); + } //self.regs.rand(); if self.cfg.is_64bits { From 854e19c1cda6bb1930d2ce96154874041fc7c005 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 15:55:09 -0500 Subject: [PATCH 24/49] stack push had a bug --- src/emu.rs | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index 78d1829..457d9ed 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -412,7 +412,7 @@ impl Emu { self.flags.f_nt = false; } - pub fn init(&mut self, clear_registers: bool) { + pub fn init(&mut self, clear_registers: bool, clear_flags: bool) { self.pos = 0; if !atty::is(Stream::Stdout) { @@ -426,12 +426,16 @@ impl Emu { if clear_registers { self.regs.clear::<64>(); } + if clear_flags { + self.flags.clear(); + } //self.regs.rand(); if self.cfg.is_64bits { self.regs.rip = self.cfg.entry_point; self.maps.is_64bits = true; - self.init_regs_tests(); + + //self.init_regs_tests(); // TODO: not sure why this was on self.init_mem64(); self.init_stack64(); //self.init_stack64_tests(); @@ -1102,7 +1106,7 @@ impl Emu { rip: self.regs.rip, op: "write".to_string(), bits: 32, - address: self.regs.get_esp(), + address: self.regs.get_esp() - 4, old_value: self.maps.read_dword(self.regs.get_esp()).unwrap_or(0) as u64, new_value: value as u64, name: name.clone(), @@ -1163,7 +1167,7 @@ impl Emu { rip: self.regs.rip, op: "write".to_string(), bits: 64, - address: self.regs.rsp, + address: self.regs.rsp - 8, old_value: self.maps.read_qword(self.regs.rsp).unwrap_or(0) as u64, new_value: value as u64, name: name.clone(), @@ -4283,7 +4287,7 @@ impl Emu { continue; } // 00000098EB5DDFF0: 7FFC65FF8B8F-> 7FFBEF4E5FF0 - memory = format!("{} {:x}: {:x}-> {:x}", memory, memory_op.address, memory_op.old_value, memory_op.new_value); + memory = format!("{} {:016X}: {:X}-> {:X}", memory, memory_op.address, memory_op.old_value, memory_op.new_value); } let mut trace_file = self.cfg.trace_file.as_ref().unwrap(); From beec066287ba77eed73fccc98a59e140b97f9a17 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 16:09:30 -0500 Subject: [PATCH 25/49] pop was missing a write --- src/emu.rs | 52 +++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index 457d9ed..3cd0149 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -1261,22 +1261,39 @@ impl Emu { */ if self.cfg.trace_mem { + // Record the read from stack memory let name = match self.maps.get_addr_name(self.regs.get_esp()) { Some(n) => n, None => "not mapped".to_string(), }; - let memory_operation = MemoryOperation { + let read_operation = MemoryOperation { pos: self.pos, rip: self.regs.rip, op: "read".to_string(), bits: 32, address: self.regs.get_esp(), - old_value: 0, // not needed for read? + old_value: 0, // not needed for read new_value: value as u64, name: name.clone(), }; - self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, self.regs.get_esp(), value, name); + self.memory_operations.push(read_operation); + println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", + self.pos, self.regs.rip, 32, self.regs.get_esp(), value, name); + + // Record the write to register + let write_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "write".to_string(), + bits: 32, + address: self.regs.get_esp(), + old_value: self.maps.read_dword(self.regs.get_esp()).unwrap_or(0) as u64, + new_value: value as u64, // new value being written + name: "register".to_string(), + }; + self.memory_operations.push(write_operation); + println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = 'register'", + self.pos, self.regs.rip, 32, self.regs.get_esp(), value); } self.regs.set_esp(self.regs.get_esp() + 4); @@ -1324,22 +1341,39 @@ impl Emu { }; if self.cfg.trace_mem { + // Record the read from stack memory let name = match self.maps.get_addr_name(self.regs.rsp) { Some(n) => n, None => "not mapped".to_string(), }; - let memory_operation = MemoryOperation { + let read_operation = MemoryOperation { pos: self.pos, rip: self.regs.rip, op: "read".to_string(), - bits: 32, + bits: 64, // Changed from 32 to 64 for 64-bit operations address: self.regs.rsp, - old_value: 0, // not needed for read? + old_value: 0, // not needed for read new_value: value as u64, name: name.clone(), }; - self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, self.regs.rsp, value, name); + self.memory_operations.push(read_operation); + println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", + self.pos, self.regs.rip, 64, self.regs.rsp, value, name); + + // Record the write to register + let write_operation = MemoryOperation { + pos: self.pos, + rip: self.regs.rip, + op: "write".to_string(), + bits: 64, // Changed from 32 to 64 for 64-bit operations + address: self.regs.rsp, + old_value: self.maps.read_qword(self.regs.rsp).unwrap_or(0) as u64, + new_value: value as u64, // new value being written + name: "register".to_string(), + }; + self.memory_operations.push(write_operation); + println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = 'register'", + self.pos, self.regs.rip, 64, self.regs.rsp, value); } self.regs.rsp += 8; From 78aae520627b95a98516efb7fe5cde01c6c67c44 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 16:11:40 -0500 Subject: [PATCH 26/49] fix bad merge --- src/emu/pe64.rs | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/emu/pe64.rs b/src/emu/pe64.rs index 4aa060f..63b0d61 100644 --- a/src/emu/pe64.rs +++ b/src/emu/pe64.rs @@ -568,10 +568,6 @@ impl PE64 { println!("binded 0x{:x} {}", real_addr, func_name); }*/ - if real_addr == 0x7ff000210180 { - let fake_addr = read_u64_le!(self.raw, off_addr); - println!("name: {} fake addr: 0x{:x}", func_name, fake_addr); - } write_u64_le!(self.raw, off_addr, real_addr); off_name += pe32::HintNameItem::size(); From cece115d1075e0ac5fbac5d25d5695c67b7e6005 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 16:14:09 -0500 Subject: [PATCH 27/49] no out --- src/emu.rs | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index 3cd0149..f59e8c8 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -4336,10 +4336,6 @@ impl Emu { memory = memory, comments = "" ).expect("failed to write to trace file"); - - if index > 32 { - panic!("OUT"); - } } fn trace_registers_64bit(&mut self) { From 03a587c4022a81eb3b969897f6826afdac7aaea5 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 16:15:30 -0500 Subject: [PATCH 28/49] unused tracing --- src/emu.rs | 47 ----------------------------------------------- 1 file changed, 47 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index f59e8c8..705a4e6 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -4338,53 +4338,6 @@ impl Emu { ).expect("failed to write to trace file"); } - fn trace_registers_64bit(&mut self) { - println!( - "\trax: 0x{:x} rbx: 0x{:x} rcx: 0x{:x} rdx: 0x{:x} rsi: 0x{:x} rdi: 0x{:x} rbp: 0x{:x} rsp: 0x{:x}", - self.regs.rax, self.regs.rbx, self.regs.rcx, - self.regs.rdx, self.regs.rsi, self.regs.rdi, self.regs.rbp, self.regs.rsp - ); - println!( - "\tr8: 0x{:x} r9: 0x{:x} r10: 0x{:x} r11: 0x{:x} r12: 0x{:x} r13: 0x{:x} r14: 0x{:x} r15: 0x{:x}", - self.regs.r8, self.regs.r9, self.regs.r10, self.regs.r11, self.regs.r12, self.regs.r13, self.regs.r14, - self.regs.r15, - ); - println!( - "\tr8u: 0x{:x} r9u: 0x{:x} r10u: 0x{:x} r11u: 0x{:x} r12u: 0x{:x} r13u: 0x{:x} r14u: 0x{:x} r15u: 0x{:x}", - self.regs.get_r8u(), self.regs.get_r9u(), self.regs.get_r10u(), self.regs.get_r11u(), self.regs.get_r12u(), self.regs.get_r13u(), self.regs.get_r14u(), - self.regs.get_r15u(), - ); - println!( - "\tr8d: 0x{:x} r9d: 0x{:x} r10d: 0x{:x} r11d: 0x{:x} r12d: 0x{:x} r13d: 0x{:x} r14d: 0x{:x} r15d: 0x{:x}", - self.regs.get_r8d(), self.regs.get_r9d(), self.regs.get_r10d(), self.regs.get_r11d(), self.regs.get_r12d(), self.regs.get_r13d(), self.regs.get_r14d(), - self.regs.get_r15d(), - ); - println!( - "\tr8w: 0x{:x} r9w: 0x{:x} r10w: 0x{:x} r11w: 0x{:x} r12w: 0x{:x} r13w: 0x{:x} r14w: 0x{:x} r15w: 0x{:x}", - self.regs.get_r8w(), self.regs.get_r9w(), self.regs.get_r10w(), self.regs.get_r11w(), self.regs.get_r12w(), self.regs.get_r13w(), self.regs.get_r14w(), - self.regs.get_r15w(), - ); - println!( - "\tr8l: 0x{:x} r9l: 0x{:x} r10l: 0x{:x} r11l: 0x{:x} r12l: 0x{:x} r13l: 0x{:x} r14l: 0x{:x} r15l: 0x{:x}", - self.regs.get_r8l(), self.regs.get_r9l(), self.regs.get_r10l(), self.regs.get_r11l(), self.regs.get_r12l(), self.regs.get_r13l(), self.regs.get_r14l(), - self.regs.get_r15l(), - ); - println!( - "\tzf: {:?} pf: {:?} af: {:?} of: {:?} sf: {:?} df: {:?} cf: {:?} tf: {:?} if: {:?} nt: {:?}", - self.flags.f_zf, self.flags.f_pf, self.flags.f_af, - self.flags.f_of, self.flags.f_sf, self.flags.f_df, - self.flags.f_cf, self.flags.f_tf, self.flags.f_if, - self.flags.f_nt - ); - } - - fn trace_registers_32bit(&mut self) { - println!("\teax: 0x{:x} ebx: 0x{:x} ecx: 0x{:x} edx: 0x{:x} esi: 0x{:x} edi: 0x{:x} ebp: 0x{:x} esp: 0x{:x}", - self.regs.get_eax() as u32, self.regs.get_ebx() as u32, self.regs.get_ecx() as u32, - self.regs.get_edx() as u32, self.regs.get_esi() as u32, self.regs.get_edi() as u32, - self.regs.get_ebp() as u32, self.regs.get_esp() as u32); - } - fn trace_specific_register(&self, reg: &str) { match reg { "rax" => self.regs.show_rax(&self.maps, self.pos), From b4e6e068e240ec47da19aaf1cbea36d849137b09 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 16:25:37 -0500 Subject: [PATCH 29/49] log crate --- Cargo.toml | 1 + README.md | 12 +- src/emu.rs | 1084 ++++++++++++++++---------------- src/emu/breakpoint.rs | 8 +- src/emu/console.rs | 134 ++-- src/emu/elf32.rs | 8 +- src/emu/elf64.rs | 16 +- src/emu/endpoint.rs | 18 +- src/emu/flags.rs | 42 +- src/emu/fpu.rs | 12 +- src/emu/inline.rs | 4 +- src/emu/maps.rs | 72 +-- src/emu/maps/mem64.rs | 22 +- src/emu/ntapi32.rs | 6 +- src/emu/pe32.rs | 86 +-- src/emu/pe64.rs | 46 +- src/emu/peb32.rs | 16 +- src/emu/peb64.rs | 24 +- src/emu/regs64.rs | 132 ++-- src/emu/script.rs | 208 +++--- src/emu/structures.rs | 36 +- src/emu/syscall32.rs | 498 +++++++-------- src/emu/syscall64.rs | 146 ++--- src/emu/winapi32.rs | 4 +- src/emu/winapi32/advapi32.rs | 36 +- src/emu/winapi32/crypt32.rs | 6 +- src/emu/winapi32/dnsapi.rs | 6 +- src/emu/winapi32/helper.rs | 2 +- src/emu/winapi32/iphlpapi.rs | 2 +- src/emu/winapi32/kernel32.rs | 372 +++++------ src/emu/winapi32/kernelbase.rs | 8 +- src/emu/winapi32/libgcc.rs | 6 +- src/emu/winapi32/mscoree.rs | 4 +- src/emu/winapi32/msvcrt.rs | 38 +- src/emu/winapi32/ntdll.rs | 84 +-- src/emu/winapi32/oleaut32.rs | 6 +- src/emu/winapi32/shlwapi.rs | 2 +- src/emu/winapi32/user32.rs | 16 +- src/emu/winapi32/wincrt.rs | 4 +- src/emu/winapi32/wininet.rs | 54 +- src/emu/winapi32/ws2_32.rs | 60 +- src/emu/winapi64.rs | 2 +- src/emu/winapi64/advapi32.rs | 8 +- src/emu/winapi64/comctl64.rs | 2 +- src/emu/winapi64/dnsapi.rs | 2 +- src/emu/winapi64/kernel32.rs | 282 ++++----- src/emu/winapi64/kernelbase.rs | 8 +- src/emu/winapi64/ntdll.rs | 86 +-- src/emu/winapi64/shell32.rs | 4 +- src/emu/winapi64/shlwapi.rs | 6 +- src/emu/winapi64/user32.rs | 6 +- src/emu/winapi64/winhttp.rs | 2 +- src/emu/winapi64/wininet.rs | 54 +- src/emu/winapi64/ws2_32.rs | 64 +- 54 files changed, 1934 insertions(+), 1933 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index a6df714..574955e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,3 +23,4 @@ scan_fmt = "0.2.6" atty = "0.2.14" csv = "1.3.0" chrono = { version = "0.4", features = ["serde"] } +log = "0.4.22" diff --git a/README.md b/README.md index 206df45..66f5a92 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,7 @@ while emu.step() { } // check result -println!("return value: 0x{:x}", emu.regs.get_eax()); +log::info!("return value: 0x{:x}", emu.regs.get_eax()); emu.maps.dump(param2_out_buff); ``` @@ -77,7 +77,7 @@ use iced_x86::{Instruction}; fn trace_memory_read(emu:&mut libscemu::emu::Emu, ip_addr:u64, mem_addr:u64, sz:u8) { - println!("0x{:x}: reading {} at 0x{:x}", ip_addr, sz, mem_addr); + log::info!("0x{:x}: reading {} at 0x{:x}", ip_addr, sz, mem_addr); if mem_addr == 0x22dff0 { emu.stop(); } @@ -85,20 +85,20 @@ fn trace_memory_read(emu:&mut libscemu::emu::Emu, ip_addr:u64, fn trace_memory_write(emu:&mut libscemu::emu::Emu, ip_addr:u64, mem_addr:u64, sz:u8, value:u128) -> u128 { - println!("0x{:x}: writing {} '0x{:x}' at 0x{:x}", ip_addr, sz, + log::info!("0x{:x}: writing {} '0x{:x}' at 0x{:x}", ip_addr, sz, value, mem_addr); value // I could change the value to write } fn trace_interrupt(emu:&mut libscemu::emu::Emu, ip_addr:u64, interrupt:u64) -> bool { - println!("interrupt {} triggered at eip: 0x{:x}", interrupt, + log::info!("interrupt {} triggered at eip: 0x{:x}", interrupt, ip_addr); true // do handle interrupts } fn trace_exceptions(emu:&mut libscemu::emu::Emu, ip_addr:u64) -> bool { - println!("0x{:x} triggered an exception", ip_addr); + log::info!("0x{:x} triggered an exception", ip_addr); true // do handle exceptions } @@ -128,6 +128,6 @@ fn main() { emu.hook.on_post_instruction(trace_post_instruction); emu.hook.on_winapi_call(trace_winapi_call); emu.run(None).unwrap(); - println!("end!"); + log::info!("end!"); } ``` diff --git a/src/emu.rs b/src/emu.rs index 705a4e6..9097316 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -422,7 +422,7 @@ impl Emu { self.disable_ctrlc(); } - //println!("initializing regs"); + //log::info!("initializing regs"); if clear_registers { self.regs.clear::<64>(); } @@ -518,7 +518,7 @@ impl Emu { } pub fn init_mem32(&mut self) { - println!("loading memory maps"); + log::info!("loading memory maps"); let orig_path = std::env::current_dir().unwrap(); std::env::set_current_dir(self.cfg.maps_folder.clone()); @@ -602,16 +602,16 @@ impl Emu { assert!(r == 0x53d26); if self.maps.mem_test() { - println!("memory test Ok."); + log::info!("memory test Ok."); } else { - eprintln!("It doesn't pass the memory tests!!"); + log::error!("It doesn't pass the memory tests!!"); self.spawn_console(); std::process::exit(1); } } pub fn init_mem64(&mut self) { - println!("loading memory maps"); + log::info!("loading memory maps"); let orig_path = std::env::current_dir().unwrap(); std::env::set_current_dir(self.cfg.maps_folder.clone()); @@ -703,10 +703,10 @@ impl Emu { // 3. entry point logic if self.cfg.entry_point == 0x3c0000 { self.regs.rip = base as u64 + pe32.opt.address_of_entry_point as u64; - println!("entry point at 0x{:x}", self.regs.rip); + log::info!("entry point at 0x{:x}", self.regs.rip); } else { self.regs.rip = self.cfg.entry_point; - println!( + log::info!( "entry point at 0x{:x} but forcing it at 0x{:x}", base as u64 + pe32.opt.address_of_entry_point as u64, self.regs.rip @@ -732,7 +732,7 @@ impl Emu { } if sz == 0 { - println!("size of section {} is 0", sect.get_name()); + log::info!("size of section {} is 0", sect.get_name()); continue; } @@ -753,7 +753,7 @@ impl Emu { ), base as u64 + sect.virtual_address as u64, sz) { Ok(m) => m, Err(e) => { - println!("weird pe, skipping section {} {} because overlaps", map_name, sect.get_name()); + log::info!("weird pe, skipping section {} {} because overlaps", map_name, sect.get_name()); continue; }, }; @@ -836,10 +836,10 @@ impl Emu { // 3. entry point logic if self.cfg.entry_point == 0x3c0000 { self.regs.rip = base + pe64.opt.address_of_entry_point as u64; - println!("entry point at 0x{:x}", self.regs.rip); + log::info!("entry point at 0x{:x}", self.regs.rip); } else { self.regs.rip = self.cfg.entry_point; - println!( + log::info!( "entry point at 0x{:x} but forcing it at 0x{:x} by -a flag", base + pe64.opt.address_of_entry_point as u64, self.regs.rip @@ -864,7 +864,7 @@ impl Emu { } if sz == 0 { - println!("size of section {} is 0", sect.get_name()); + log::info!("size of section {} is 0", sect.get_name()); continue; } @@ -885,7 +885,7 @@ impl Emu { ), base as u64 + sect.virtual_address as u64, sz) { Ok(m) => m, Err(e) => { - println!("weird pe, skipping section because overlaps {} {}", map_name, sect.get_name()); + log::info!("weird pe, skipping section because overlaps {} {}", map_name, sect.get_name()); continue; }, }; @@ -939,7 +939,7 @@ impl Emu { self.linux = true; self.cfg.is_64bits = false; - println!("elf32 detected."); + log::info!("elf32 detected."); let mut elf32 = Elf32::parse(filename).unwrap(); elf32.load(&mut self.maps); self.regs.rip = elf32.elf_hdr.e_entry.into(); @@ -952,7 +952,7 @@ impl Emu { self.cfg.is_64bits = true; self.maps.clear(); - println!("elf64 detected."); + log::info!("elf64 detected."); let mut elf64 = Elf64::parse(filename).unwrap(); let dyn_link = elf64.get_dynamic().len() > 0; @@ -968,7 +968,7 @@ impl Emu { if dyn_link { let mut ld = Elf64::parse("/lib64/ld-linux-x86-64.so.2").unwrap(); ld.load(&mut self.maps, "ld-linux", true, dyn_link, 0x3c0000); - println!("--- emulating ld-linux _start ---"); + log::info!("--- emulating ld-linux _start ---"); self.regs.rip = ld.elf_hdr.e_entry + elf64::LD_BASE; self.run(None); @@ -978,7 +978,7 @@ impl Emu { /* for lib in elf64.get_dynamic() { - println!("dynamic library {}", lib); + log::info!("dynamic library {}", lib); let libspath = "/usr/lib/x86_64-linux-gnu/"; let libpath = format!("{}{}", libspath, lib); let mut elflib = Elf64::parse(&libpath).unwrap(); @@ -997,7 +997,7 @@ impl Emu { }*/ }*/ } else if !self.cfg.is_64bits && PE32::is_pe32(filename) { - println!("PE32 header detected."); + log::info!("PE32 header detected."); let (base, pe_off) = self.load_pe32(filename, true, 0); let ep = self.regs.rip; @@ -1005,14 +1005,14 @@ impl Emu { /* for i in 0..self.tls_callbacks.len() { self.regs.rip = self.tls_callbacks[i]; - println!("emulating tls_callback {} at 0x{:x}", i + 1, self.regs.rip); + log::info!("emulating tls_callback {} at 0x{:x}", i + 1, self.regs.rip); self.stack_push32(base); self.run(Some(base as u64)); }*/ self.regs.rip = ep; } else if self.cfg.is_64bits && PE64::is_pe64(filename) { - println!("PE64 header detected."); + log::info!("PE64 header detected."); let (base, pe_off) = self.load_pe64(filename, true, 0); let ep = self.regs.rip; @@ -1020,7 +1020,7 @@ impl Emu { /* for i in 0..self.tls_callbacks.len() { self.regs.rip = self.tls_callbacks[i]; - println!("emulating tls_callback {} at 0x{:x}", i + 1, self.regs.rip); + log::info!("emulating tls_callback {} at 0x{:x}", i + 1, self.regs.rip); self.stack_push64(base); self.run(Some(base)); }*/ @@ -1029,7 +1029,7 @@ impl Emu { } else { // shellcode - println!("shellcode detected."); + log::info!("shellcode detected."); if self.cfg.is_64bits { let (base, pe_off) = self.load_pe64(&format!("{}/{}", self.cfg.maps_folder, "loader.exe"), false, 0); @@ -1041,7 +1041,7 @@ impl Emu { } if !self.maps.create_map("code", self.cfg.code_base_addr, 0).expect("cannot create code map").load(filename) { - println!("shellcode not found, select the file with -f"); + log::info!("shellcode not found, select the file with -f"); std::process::exit(1); } let code = self.maps.get_mem("code"); @@ -1061,7 +1061,7 @@ impl Emu { pub fn load_code_bytes(&mut self, bytes: &[u8]) { if self.cfg.verbose >= 1 { - println!("Loading shellcode from bytes"); + log::info!("Loading shellcode from bytes"); } if self.cfg.code_base_addr != 0x3c0000 { let code = self.maps.get_mem("code"); @@ -1082,7 +1082,7 @@ impl Emu { let addr = match self.maps.alloc(size) { Some(a) => a, None => { - println!("low memory"); + log::info!("low memory"); return 0; } }; @@ -1092,7 +1092,7 @@ impl Emu { pub fn stack_push32(&mut self, value: u32) -> bool { if self.cfg.stack_trace { - println!("--- stack push32 ---"); + log::info!("--- stack push32 ---"); self.maps.dump_dwords(self.regs.get_esp(), 5); } @@ -1112,7 +1112,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", + log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, self.regs.get_esp(), value, name); } @@ -1129,7 +1129,7 @@ impl Emu { let mem = match self.maps.get_mem_by_addr(self.regs.get_esp()) { Some(m) => m, None => { - println!( + log::info!( "/!\\ pushing stack outside maps esp: 0x{:x}", self.regs.get_esp() ); @@ -1146,14 +1146,14 @@ impl Emu { if self.maps.write_dword(self.regs.get_esp(), value) { return true; } else { - println!("/!\\ pushing in non mapped mem 0x{:x}", self.regs.get_esp()); + log::info!("/!\\ pushing in non mapped mem 0x{:x}", self.regs.get_esp()); return false; } } pub fn stack_push64(&mut self, value: u64) -> bool { if self.cfg.stack_trace { - println!("--- stack push64 ---"); + log::info!("--- stack push64 ---"); self.maps.dump_qwords(self.regs.rsp, 5); } @@ -1173,7 +1173,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, self.regs.rsp, value, name); + log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, self.regs.rsp, value, name); } self.regs.rsp = self.regs.rsp - 8; @@ -1185,7 +1185,7 @@ impl Emu { let mem = match self.maps.get_mem_by_addr(self.regs.rsp) { Some(m) => m, None => { - println!( + log::info!( "pushing stack outside maps rsp: 0x{:x}", self.regs.get_esp() ); @@ -1199,14 +1199,14 @@ impl Emu { if self.maps.write_qword(self.regs.rsp, value) { return true; } else { - println!("/!\\ pushing in non mapped mem 0x{:x}", self.regs.rsp); + log::info!("/!\\ pushing in non mapped mem 0x{:x}", self.regs.rsp); return false; } } pub fn stack_pop32(&mut self, pop_instruction: bool) -> Option { if self.cfg.stack_trace { - println!("--- stack pop32 ---"); + log::info!("--- stack pop32 ---"); self.maps.dump_dwords(self.regs.get_esp(), 5); } @@ -1217,7 +1217,7 @@ impl Emu { let value = match self.maps.read_dword(self.regs.get_esp()) { Some(v) => v, None => { - println!("esp out of stack"); + log::info!("esp out of stack"); return None; } }; @@ -1225,7 +1225,7 @@ impl Emu { && pop_instruction && self.maps.get_mem("code").inside(value.into()) { - println!("/!\\ poping a code address 0x{:x}", value); + log::info!("/!\\ poping a code address 0x{:x}", value); } self.regs.set_esp(self.regs.get_esp() + 4); return Some(value); @@ -1234,7 +1234,7 @@ impl Emu { let mem = match self.maps.get_mem_by_addr(self.regs.get_esp()) { Some(m) => m, None => { - println!( + log::info!( "poping stack outside map esp: 0x{:x}", self.regs.get_esp() as u32 ); @@ -1246,7 +1246,7 @@ impl Emu { let value = match self.maps.read_dword(self.regs.get_esp()) { Some(v) => v, None => { - println!("esp point to non mapped mem"); + log::info!("esp point to non mapped mem"); return None; } }; @@ -1256,7 +1256,7 @@ impl Emu { && pop_instruction && self.maps.get_mem("code").inside(value.into()) { - println!("/!\\ poping a code address 0x{:x}", value); + log::info!("/!\\ poping a code address 0x{:x}", value); } */ @@ -1277,7 +1277,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(read_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", + log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, self.regs.get_esp(), value, name); // Record the write to register @@ -1292,7 +1292,7 @@ impl Emu { name: "register".to_string(), }; self.memory_operations.push(write_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = 'register'", + log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = 'register'", self.pos, self.regs.rip, 32, self.regs.get_esp(), value); } @@ -1302,7 +1302,7 @@ impl Emu { pub fn stack_pop64(&mut self, pop_instruction: bool) -> Option { if self.cfg.stack_trace { - println!("--- stack pop64 ---"); + log::info!("--- stack pop64 ---"); self.maps.dump_qwords(self.regs.rsp, 5); } @@ -1314,7 +1314,7 @@ impl Emu { && pop_instruction && self.maps.get_mem("code").inside(value.into()) { - println!("/!\\ poping a code address 0x{:x}", value); + log::info!("/!\\ poping a code address 0x{:x}", value); } self.regs.rsp += 8; return Some(value); @@ -1323,7 +1323,7 @@ impl Emu { let mem = match self.maps.get_mem_by_addr(self.regs.rsp) { Some(m) => m, None => { - println!("poping stack outside map esp: 0x{:x}", self.regs.rsp); + log::info!("poping stack outside map esp: 0x{:x}", self.regs.rsp); self.spawn_console(); return None; } @@ -1335,7 +1335,7 @@ impl Emu { let value = match self.maps.read_qword(self.regs.rsp) { Some(v) => v, None => { - println!("rsp point to non mapped mem"); + log::info!("rsp point to non mapped mem"); return None; } }; @@ -1357,7 +1357,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(read_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", + log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, self.regs.rsp, value, name); // Record the write to register @@ -1372,7 +1372,7 @@ impl Emu { name: "register".to_string(), }; self.memory_operations.push(write_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = 'register'", + log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = 'register'", self.pos, self.regs.rip, 64, self.regs.rsp, value); } @@ -1405,13 +1405,13 @@ impl Emu { //let inm = self.get_inmediate(spl[0]); if self.cfg.verbose >= 1 { - println!("FS ACCESS TO 0x{:x}", value); + log::info!("FS ACCESS TO 0x{:x}", value); } if value == 0x30 { // PEB if self.cfg.verbose >= 1 { - println!("ACCESS TO PEB"); + log::info!("ACCESS TO PEB"); } let peb = self.maps.get_mem("peb"); return peb.get_base(); @@ -1419,7 +1419,7 @@ impl Emu { if value == 0x18 { if self.cfg.verbose >= 1 { - println!("ACCESS TO TEB"); + log::info!("ACCESS TO TEB"); } let teb = self.maps.get_mem("teb"); return teb.get_base(); @@ -1427,14 +1427,14 @@ impl Emu { if value == 0x2c { if self.cfg.verbose >= 1 { - println!("ACCESS TO CURRENT LOCALE"); + log::info!("ACCESS TO CURRENT LOCALE"); } return constants::EN_US_LOCALE as u64; } if value == 0xc0 { if self.cfg.verbose >= 1 { - println!("CHECKING IF ITS 32bits (ISWOW64)"); + log::info!("CHECKING IF ITS 32bits (ISWOW64)"); } if self.cfg.is_64bits { @@ -1483,7 +1483,7 @@ impl Emu { let reg = spl[0]; let sign = spl[1]; - //println!("disp --> {} operand:{}", spl[2], operand); + //log::info!("disp --> {} operand:{}", spl[2], operand); let disp: u64; if self.regs.is_reg(spl[2]) { disp = self.regs.get_by_name(spl[2]); @@ -1525,7 +1525,7 @@ impl Emu { pub fn memory_read(&mut self, operand: &str) -> Option { if operand.contains("fs:[0]") { if self.cfg.verbose >= 1 { - println!("{} Reading SEH fs:[0] 0x{:x}", self.pos, self.seh); + log::info!("{} Reading SEH fs:[0] 0x{:x}", self.pos, self.seh); } return Some(self.seh); } @@ -1567,7 +1567,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, addr, v, name); + log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, addr, v, name); } return Some(v); } @@ -1591,7 +1591,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, addr, v, name); + log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, addr, v, name); } return Some(v.into()); } @@ -1615,7 +1615,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 16, addr, v, name); + log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 16, addr, v, name); } return Some(v.into()); } @@ -1639,7 +1639,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 8, addr, v, name); + log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 8, addr, v, name); } return Some(v.into()); } @@ -1652,7 +1652,7 @@ impl Emu { // this is not used on the emulation pub fn memory_write(&mut self, operand: &str, value: u64) -> bool { if operand.contains("fs:[0]") { - println!("Setting SEH fs:[0] 0x{:x}", value); + log::info!("Setting SEH fs:[0] 0x{:x}", value); self.seh = value; return true; } @@ -1670,7 +1670,7 @@ impl Emu { if name == "code" { if self.cfg.verbose >= 1 { - println!("/!\\ polymorfic code, write at 0x{:x}", addr); + log::info!("/!\\ polymorfic code, write at 0x{:x}", addr); } self.force_break = true; } @@ -1695,7 +1695,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, addr, value, name); + log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, addr, value, name); } let ret = match bits { @@ -1748,7 +1748,7 @@ impl Emu { self.force_reload = true; if addr == constants::RETURN_THREAD.into() { - println!("/!\\ Thread returned, continuing the main thread"); + log::info!("/!\\ Thread returned, continuing the main thread"); self.regs.rip = self.main_thread_cont; self.spawn_console(); self.force_break = true; @@ -1766,7 +1766,7 @@ impl Emu { self.force_break = true; return true; } else { - eprintln!("/!\\ setting eip to non mapped addr 0x{:x}", addr); + log::error!("/!\\ setting eip to non mapped addr 0x{:x}", addr); self.exception(); return false; } @@ -1782,7 +1782,7 @@ impl Emu { self.regs.rip = addr; // in linux libs are no implemented are emulated } else { if self.cfg.verbose >= 1 { - println!("/!\\ changing RIP to {} ", name); + log::info!("/!\\ changing RIP to {} ", name); } if self.skip_apicall { @@ -1812,7 +1812,7 @@ impl Emu { let name = match self.maps.get_addr_name(addr) { Some(n) => n, None => { - eprintln!("/!\\ setting rip to non mapped addr 0x{:x}", addr); + log::error!("/!\\ setting rip to non mapped addr 0x{:x}", addr); self.exception(); return; } @@ -1832,7 +1832,7 @@ impl Emu { self.force_reload = true; if addr == constants::RETURN_THREAD.into() { - println!("/!\\ Thread returned, continuing the main thread"); + log::info!("/!\\ Thread returned, continuing the main thread"); self.regs.rip = self.main_thread_cont; self.spawn_console(); self.force_break = true; @@ -1850,7 +1850,7 @@ impl Emu { self.force_break = true; return true; } else { - eprintln!("/!\\ setting eip to non mapped addr 0x{:x}", addr); + log::error!("/!\\ setting eip to non mapped addr 0x{:x}", addr); self.exception(); return false; } @@ -1863,7 +1863,7 @@ impl Emu { self.regs.set_eip(addr); } else { if self.cfg.verbose >= 1 { - println!("/!\\ changing EIP to {} 0x{:x}", name, addr); + log::info!("/!\\ changing EIP to {} 0x{:x}", name, addr); } if self.skip_apicall { @@ -1899,7 +1899,7 @@ impl Emu { for _ in 0..rot { let last_bit = get_bit!(ret, bits - 1); - //println!("last bit: {}", last_bit); + //log::info!("last bit: {}", last_bit); let mut ret2: u64 = ret; // For the ROL and ROR instructions, the original value of the CF flag is not a part of the result, but the CF flag receives a copy of the bit that was shifted from one end to the other. @@ -1912,7 +1912,7 @@ impl Emu { set_bit!(ret2, 0, last_bit); ret = ret2; - //println!("{:b}", ret); + //log::info!("{:b}", ret); } ret @@ -1935,7 +1935,7 @@ impl Emu { for _ in 0..rot { let last_bit = get_bit!(ret, bits); - //println!("last bit: {}", last_bit); + //log::info!("last bit: {}", last_bit); let mut ret2: u128 = ret; for j in 0..bits { @@ -1945,7 +1945,7 @@ impl Emu { set_bit!(ret2, 0, last_bit); ret = ret2; - //println!("{:b}", ret); + //log::info!("{:b}", ret); } let a: u128 = 2; @@ -2117,7 +2117,7 @@ impl Emu { if value2 == 0 { self.flags.f_tf = true; - println!("/!\\ division by 0 exception"); + log::info!("/!\\ division by 0 exception"); self.exception(); self.force_break = true; return; @@ -2130,7 +2130,7 @@ impl Emu { self.flags.calc_pf(resq as u8); self.flags.f_of = resq > 0xffffffffffffffff; if self.flags.f_of { - println!("/!\\ int overflow on division"); + log::info!("/!\\ int overflow on division"); } } @@ -2142,7 +2142,7 @@ impl Emu { if value2 == 0 { self.flags.f_tf = true; - println!("/!\\ division by 0 exception"); + log::info!("/!\\ division by 0 exception"); self.exception(); self.force_break = true; return; @@ -2155,7 +2155,7 @@ impl Emu { self.flags.calc_pf(resq as u8); self.flags.f_of = resq > 0xffffffff; if self.flags.f_of { - println!("/!\\ int overflow on division"); + log::info!("/!\\ int overflow on division"); } } @@ -2165,7 +2165,7 @@ impl Emu { if value2 == 0 { self.flags.f_tf = true; - println!("/!\\ division by 0 exception"); + log::info!("/!\\ division by 0 exception"); self.exception(); self.force_break = true; return; @@ -2179,7 +2179,7 @@ impl Emu { self.flags.f_of = resq > 0xffff; self.flags.f_tf = false; if self.flags.f_of { - println!("/!\\ int overflow on division"); + log::info!("/!\\ int overflow on division"); } } @@ -2188,7 +2188,7 @@ impl Emu { let value2: u32 = value0 as u32; if value2 == 0 { self.flags.f_tf = true; - println!("/!\\ division by 0 exception"); + log::info!("/!\\ division by 0 exception"); self.exception(); self.force_break = true; return; @@ -2202,7 +2202,7 @@ impl Emu { self.flags.f_of = resq > 0xff; self.flags.f_tf = false; if self.flags.f_of { - println!("/!\\ int overflow"); + log::info!("/!\\ int overflow"); } } @@ -2213,7 +2213,7 @@ impl Emu { let value2: u128 = value0 as u128; if value2 == 0 { self.flags.f_tf = true; - println!("/!\\ division by 0 exception"); + log::info!("/!\\ division by 0 exception"); self.exception(); self.force_break = true; return; @@ -2225,14 +2225,14 @@ impl Emu { self.regs.rdx = resr as u64; self.flags.calc_pf(resq as u8); if resq > 0xffffffffffffffff { - println!("/!\\ int overflow exception on division"); + log::info!("/!\\ int overflow exception on division"); if self.break_on_alert { panic!(); } } else if ((value1 as i128) > 0 && (resq as i64) < 0) || ((value1 as i128) < 0 && (resq as i64) > 0) { - println!("/!\\ sign change exception on division"); + log::info!("/!\\ sign change exception on division"); self.exception(); self.force_break = true; } @@ -2245,7 +2245,7 @@ impl Emu { let value2: u64 = value0; if value2 == 0 { self.flags.f_tf = true; - println!("/!\\ division by 0 exception"); + log::info!("/!\\ division by 0 exception"); self.exception(); self.force_break = true; return; @@ -2257,14 +2257,14 @@ impl Emu { self.regs.set_edx(resr); self.flags.calc_pf(resq as u8); if resq > 0xffffffff { - println!("/!\\ int overflow exception on division"); + log::info!("/!\\ int overflow exception on division"); if self.break_on_alert { panic!(); } } else if ((value1 as i64) > 0 && (resq as i32) < 0) || ((value1 as i64) < 0 && (resq as i32) > 0) { - println!("/!\\ sign change exception on division"); + log::info!("/!\\ sign change exception on division"); self.exception(); self.force_break = true; } @@ -2275,7 +2275,7 @@ impl Emu { let value2: u32 = value0 as u32; if value2 == 0 { self.flags.f_tf = true; - println!("/!\\ division by 0 exception"); + log::info!("/!\\ division by 0 exception"); self.exception(); self.force_break = true; return; @@ -2288,14 +2288,14 @@ impl Emu { self.flags.calc_pf(resq as u8); self.flags.f_tf = false; if resq > 0xffff { - println!("/!\\ int overflow exception on division"); + log::info!("/!\\ int overflow exception on division"); if self.break_on_alert { panic!(); } } else if ((value1 as i32) > 0 && (resq as i16) < 0) || ((value1 as i32) < 0 && (resq as i16) > 0) { - println!("/!\\ sign change exception on division"); + log::info!("/!\\ sign change exception on division"); self.exception(); self.force_break = true; } @@ -2306,7 +2306,7 @@ impl Emu { let value2: u32 = value0 as u32; if value2 == 0 { self.flags.f_tf = true; - println!("/!\\ division by 0 exception"); + log::info!("/!\\ division by 0 exception"); self.exception(); self.force_break = true; return; @@ -2319,14 +2319,14 @@ impl Emu { self.flags.calc_pf(resq as u8); self.flags.f_tf = false; if resq > 0xff { - println!("/!\\ int overflow exception on division"); + log::info!("/!\\ int overflow exception on division"); if self.break_on_alert { panic!(); } } else if ((value1 as i16) > 0 && (resq as i8) < 0) || ((value1 as i16) < 0 && (resq as i8) > 0) { - println!("/!\\ sign change exception on division"); + log::info!("/!\\ sign change exception on division"); self.exception(); self.force_break = true; } @@ -2354,7 +2354,7 @@ impl Emu { if counter >= size as u64 { if self.cfg.verbose >= 1 { - println!("/!\\ SHRD undefined behaviour value0 = 0x{:x} value1 = 0x{:x} pcounter = 0x{:x} counter = 0x{:x} size = 0x{:x}", value0, value1, pcounter, counter, size); + log::info!("/!\\ SHRD undefined behaviour value0 = 0x{:x} value1 = 0x{:x} pcounter = 0x{:x} counter = 0x{:x} size = 0x{:x}", value0, value1, pcounter, counter, size); } let result = 0; //inline::shrd(value0, value1, pcounter, size); self.flags.calc_flags(result, size); @@ -2365,7 +2365,7 @@ impl Emu { let mut to = size as u64 - 1 - counter; if to > 64 { - // println!("to: {}", to); + // log::info!("to: {}", to); to = 64; } @@ -2376,7 +2376,7 @@ impl Emu { let from = size as u64 - counter; - //println!("from: {}", from); + //log::info!("from: {}", from); for i in from..size as u64 { let bit = get_bit!(value1, i as u32 + counter as u32 - size as u32); @@ -2418,7 +2418,7 @@ impl Emu { if counter > size as u64 { if self.cfg.verbose >= 1 { - println!("/!\\ undefined behaviour on shld"); + log::info!("/!\\ undefined behaviour on shld"); } let result = 0; @@ -2477,18 +2477,18 @@ impl Emu { "r rdx" => self.regs.show_rdx(&self.maps, 0), "r rsi" => self.regs.show_rsi(&self.maps, 0), "r rdi" => self.regs.show_rdi(&self.maps, 0), - "r rbp" => println!("\trbp: 0x{:x}", self.regs.rbp), - "r rsp" => println!("\trsp: 0x{:x}", self.regs.rsp), - "r rip" => println!("\trip: 0x{:x}", self.regs.rip), + "r rbp" => log::info!("\trbp: 0x{:x}", self.regs.rbp), + "r rsp" => log::info!("\trsp: 0x{:x}", self.regs.rsp), + "r rip" => log::info!("\trip: 0x{:x}", self.regs.rip), "r eax" => self.regs.show_eax(&self.maps, 0), "r ebx" => self.regs.show_ebx(&self.maps, 0), "r ecx" => self.regs.show_ecx(&self.maps, 0), "r edx" => self.regs.show_edx(&self.maps, 0), "r esi" => self.regs.show_esi(&self.maps, 0), "r edi" => self.regs.show_edi(&self.maps, 0), - "r esp" => println!("\tesp: 0x{:x}", self.regs.get_esp() as u32), - "r ebp" => println!("\tebp: 0x{:x}", self.regs.get_ebp() as u32), - "r eip" => println!("\teip: 0x{:x}", self.regs.get_eip() as u32), + "r esp" => log::info!("\tesp: 0x{:x}", self.regs.get_esp() as u32), + "r ebp" => log::info!("\tebp: 0x{:x}", self.regs.get_ebp() as u32), + "r eip" => log::info!("\teip: 0x{:x}", self.regs.get_eip() as u32), "r r8" => self.regs.show_r8(&self.maps, 0), "r r9" => self.regs.show_r9(&self.maps, 0), "r r10" => self.regs.show_r10(&self.maps, 0), @@ -2521,38 +2521,38 @@ impl Emu { "r r13l" => self.regs.show_r13l(&self.maps, 0), "r r14l" => self.regs.show_r14l(&self.maps, 0), "r r15l" => self.regs.show_r15l(&self.maps, 0), - "r xmm0" => println!("\txmm0: 0x{:x}", self.regs.xmm0), - "r xmm1" => println!("\txmm1: 0x{:x}", self.regs.xmm1), - "r xmm2" => println!("\txmm2: 0x{:x}", self.regs.xmm2), - "r xmm3" => println!("\txmm3: 0x{:x}", self.regs.xmm3), - "r xmm4" => println!("\txmm4: 0x{:x}", self.regs.xmm4), - "r xmm5" => println!("\txmm5: 0x{:x}", self.regs.xmm5), - "r xmm6" => println!("\txmm6: 0x{:x}", self.regs.xmm6), - "r xmm7" => println!("\txmm7: 0x{:x}", self.regs.xmm7), - "r xmm8" => println!("\txmm8: 0x{:x}", self.regs.xmm8), - "r xmm9" => println!("\txmm9: 0x{:x}", self.regs.xmm9), - "r xmm10" => println!("\txmm10: 0x{:x}", self.regs.xmm10), - "r xmm11" => println!("\txmm11: 0x{:x}", self.regs.xmm11), - "r xmm12" => println!("\txmm12: 0x{:x}", self.regs.xmm12), - "r xmm13" => println!("\txmm13: 0x{:x}", self.regs.xmm13), - "r xmm14" => println!("\txmm14: 0x{:x}", self.regs.xmm14), - "r xmm15" => println!("\txmm15: 0x{:x}", self.regs.xmm15), - "r ymm0" => println!("\tymm0: 0x{:x}", self.regs.ymm0), - "r ymm1" => println!("\tymm1: 0x{:x}", self.regs.ymm1), - "r ymm2" => println!("\tymm2: 0x{:x}", self.regs.ymm2), - "r ymm3" => println!("\tymm3: 0x{:x}", self.regs.ymm3), - "r ymm4" => println!("\tymm4: 0x{:x}", self.regs.ymm4), - "r ymm5" => println!("\tymm5: 0x{:x}", self.regs.ymm5), - "r ymm6" => println!("\tymm6: 0x{:x}", self.regs.ymm6), - "r ymm7" => println!("\tymm7: 0x{:x}", self.regs.ymm7), - "r ymm8" => println!("\tymm8: 0x{:x}", self.regs.ymm8), - "r ymm9" => println!("\tymm9: 0x{:x}", self.regs.ymm9), - "r ymm10" => println!("\tymm10: 0x{:x}", self.regs.ymm10), - "r ymm11" => println!("\tymm11: 0x{:x}", self.regs.ymm11), - "r ymm12" => println!("\tymm12: 0x{:x}", self.regs.ymm12), - "r ymm13" => println!("\tymm13: 0x{:x}", self.regs.ymm13), - "r ymm14" => println!("\tymm14: 0x{:x}", self.regs.ymm14), - "r ymm15" => println!("\tymm15: 0x{:x}", self.regs.ymm15), + "r xmm0" => log::info!("\txmm0: 0x{:x}", self.regs.xmm0), + "r xmm1" => log::info!("\txmm1: 0x{:x}", self.regs.xmm1), + "r xmm2" => log::info!("\txmm2: 0x{:x}", self.regs.xmm2), + "r xmm3" => log::info!("\txmm3: 0x{:x}", self.regs.xmm3), + "r xmm4" => log::info!("\txmm4: 0x{:x}", self.regs.xmm4), + "r xmm5" => log::info!("\txmm5: 0x{:x}", self.regs.xmm5), + "r xmm6" => log::info!("\txmm6: 0x{:x}", self.regs.xmm6), + "r xmm7" => log::info!("\txmm7: 0x{:x}", self.regs.xmm7), + "r xmm8" => log::info!("\txmm8: 0x{:x}", self.regs.xmm8), + "r xmm9" => log::info!("\txmm9: 0x{:x}", self.regs.xmm9), + "r xmm10" => log::info!("\txmm10: 0x{:x}", self.regs.xmm10), + "r xmm11" => log::info!("\txmm11: 0x{:x}", self.regs.xmm11), + "r xmm12" => log::info!("\txmm12: 0x{:x}", self.regs.xmm12), + "r xmm13" => log::info!("\txmm13: 0x{:x}", self.regs.xmm13), + "r xmm14" => log::info!("\txmm14: 0x{:x}", self.regs.xmm14), + "r xmm15" => log::info!("\txmm15: 0x{:x}", self.regs.xmm15), + "r ymm0" => log::info!("\tymm0: 0x{:x}", self.regs.ymm0), + "r ymm1" => log::info!("\tymm1: 0x{:x}", self.regs.ymm1), + "r ymm2" => log::info!("\tymm2: 0x{:x}", self.regs.ymm2), + "r ymm3" => log::info!("\tymm3: 0x{:x}", self.regs.ymm3), + "r ymm4" => log::info!("\tymm4: 0x{:x}", self.regs.ymm4), + "r ymm5" => log::info!("\tymm5: 0x{:x}", self.regs.ymm5), + "r ymm6" => log::info!("\tymm6: 0x{:x}", self.regs.ymm6), + "r ymm7" => log::info!("\tymm7: 0x{:x}", self.regs.ymm7), + "r ymm8" => log::info!("\tymm8: 0x{:x}", self.regs.ymm8), + "r ymm9" => log::info!("\tymm9: 0x{:x}", self.regs.ymm9), + "r ymm10" => log::info!("\tymm10: 0x{:x}", self.regs.ymm10), + "r ymm11" => log::info!("\tymm11: 0x{:x}", self.regs.ymm11), + "r ymm12" => log::info!("\tymm12: 0x{:x}", self.regs.ymm12), + "r ymm13" => log::info!("\tymm13: 0x{:x}", self.regs.ymm13), + "r ymm14" => log::info!("\tymm14: 0x{:x}", self.regs.ymm14), + "r ymm15" => log::info!("\tymm15: 0x{:x}", self.regs.ymm15), "rc" => { con.print("register name"); @@ -2561,7 +2561,7 @@ impl Emu { let value = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value"); + log::info!("bad hex value"); continue; } }; @@ -2574,11 +2574,11 @@ impl Emu { let value = match self.memory_read(operand.as_str()) { Some(v) => v, None => { - println!("bad address."); + log::info!("bad address."); continue; } }; - println!("0x{:x}: 0x{:x}", to32!(addr), value); + log::info!("0x{:x}: 0x{:x}", to32!(addr), value); } "mw" | "wm" => { con.print("memory argument"); @@ -2587,14 +2587,14 @@ impl Emu { let value = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; if self.memory_write(operand.as_str(), value) { - println!("done."); + log::info!("done."); } else { - println!("cannot write there."); + log::info!("cannot write there."); } } "mwb" => { @@ -2602,14 +2602,14 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(a) => a, Err(_) => { - println!("bad hex value"); + log::info!("bad hex value"); continue; } }; con.print("spaced bytes"); let bytes = con.cmd(); self.maps.write_spaced_bytes(addr, &bytes); - println!("done."); + log::info!("done."); } "b" => { self.bp.show(); @@ -2619,7 +2619,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; @@ -2630,7 +2630,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; @@ -2641,7 +2641,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; @@ -2652,7 +2652,7 @@ impl Emu { let num = match con.cmd_num() { Ok(v) => v, Err(_) => { - println!("bad instruction number."); + log::info!("bad instruction number."); continue; } }; @@ -2666,7 +2666,7 @@ impl Emu { "bcmp" => { self.break_on_next_cmp = true; } - "cls" => println!("{}", self.colors.clear_screen), + "cls" => log::info!("{}", self.colors.clear_screen), "s" => { if self.cfg.is_64bits { self.maps.dump_qwords(self.regs.rsp, 10); @@ -2689,7 +2689,7 @@ impl Emu { self.cfg.verbose = match con.cmd_num() { Ok(v) => to32!(v), Err(_) => { - println!("incorrect verbose level, set 0, 1 or 2"); + log::info!("incorrect verbose level, set 0, 1 or 2"); continue; } }; @@ -2724,7 +2724,7 @@ impl Emu { let sz = match con.cmd_num() { Ok(v) => v, Err(_) => { - println!("bad size."); + log::info!("bad size."); continue; } }; @@ -2732,12 +2732,12 @@ impl Emu { let addr = match self.maps.alloc(sz) { Some(a) => a, None => { - println!("memory full"); + log::info!("memory full"); continue; } }; self.maps.create_map(&name, addr, sz).expect("cannot create map from console mc"); - println!("allocated {} at 0x{:x} sz: {}", name, addr, sz); + log::info!("allocated {} at 0x{:x} sz: {}", name, addr, sz); } "mca" => { con.print("name "); @@ -2746,7 +2746,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad size."); + log::info!("bad size."); continue; } }; @@ -2755,13 +2755,13 @@ impl Emu { let sz = match con.cmd_num() { Ok(v) => v, Err(_) => { - println!("bad size."); + log::info!("bad size."); continue; } }; self.maps.create_map(&name, addr, sz).expect("cannot create map from console mca"); - println!("allocated {} at 0x{:x} sz: {}", name, addr, sz); + log::info!("allocated {} at 0x{:x} sz: {}", name, addr, sz); } "ml" => { con.print("map name"); @@ -2775,7 +2775,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; @@ -2784,7 +2784,7 @@ impl Emu { Some(n) => n, None => { if !self.cfg.skip_unimplemented { - println!("address not found on any map"); + log::info!("address not found on any map"); continue; } @@ -2794,7 +2794,7 @@ impl Emu { let mem = self.maps.get_mem(name.as_str()); if self.cfg.is_64bits { - println!( + log::info!( "map: {} 0x{:x}-0x{:x} ({})", name, mem.get_base(), @@ -2802,7 +2802,7 @@ impl Emu { mem.size() ); } else { - println!( + log::info!( "map: {} 0x{:x}-0x{:x} ({})", name, to32!(mem.get_base()), @@ -2819,7 +2819,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; @@ -2830,7 +2830,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; @@ -2841,7 +2841,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; @@ -2852,14 +2852,14 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; if self.cfg.is_64bits { - println!("0x{:x}: '{}'", addr, self.maps.read_string(addr)); + log::info!("0x{:x}: '{}'", addr, self.maps.read_string(addr)); } else { - println!("0x{:x}: '{}'", to32!(addr), self.maps.read_string(addr)); + log::info!("0x{:x}: '{}'", to32!(addr), self.maps.read_string(addr)); } } "mdw" => { @@ -2867,14 +2867,14 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; if self.cfg.is_64bits { - println!("0x{:x}: '{}'", addr, self.maps.read_wide_string(addr)); + log::info!("0x{:x}: '{}'", addr, self.maps.read_wide_string(addr)); } else { - println!( + log::info!( "0x{:x}: '{}'", to32!(addr), self.maps.read_wide_string(addr) @@ -2886,7 +2886,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; @@ -2894,7 +2894,7 @@ impl Emu { let sz = match con.cmd_num() { Ok(v) => v, Err(_) => { - println!("bad numeric decimal value."); + log::info!("bad numeric decimal value."); continue; } }; @@ -2911,9 +2911,9 @@ impl Emu { } "mt" => { if self.maps.mem_test() { - println!("mem test passed ok."); + log::info!("mem test passed ok."); } else { - println!("memory errors."); + log::info!("memory errors."); } } "eip" => { @@ -2921,7 +2921,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value"); + log::info!("bad hex value"); continue; } }; @@ -2934,7 +2934,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value"); + log::info!("bad hex value"); continue; } }; @@ -2947,7 +2947,7 @@ impl Emu { let value = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value"); + log::info!("bad hex value"); continue; } }; @@ -2956,21 +2956,21 @@ impl Emu { let value = match con.cmd_hex32() { Ok(v) => v, Err(_) => { - println!("bad hex value"); + log::info!("bad hex value"); continue; } }; self.stack_push32(value); } - println!("pushed."); + log::info!("pushed."); } "pop" => { if self.cfg.is_64bits { let value = self.stack_pop64(false).unwrap_or(0); - println!("poped value 0x{:x}", value); + log::info!("poped value 0x{:x}", value); } else { let value = self.stack_pop32(false).unwrap_or(0); - println!("poped value 0x{:x}", value); + log::info!("poped value 0x{:x}", value); } } "fpu" => { @@ -2981,7 +2981,7 @@ impl Emu { let mem_name = con.cmd(); let mem = self.maps.get_mem(&mem_name); let md5 = mem.md5(); - println!("md5sum: {:x}", md5); + log::info!("md5sum: {:x}", md5); } "ss" => { con.print("map name"); @@ -2991,15 +2991,15 @@ impl Emu { let result = match self.maps.search_string(&kw, &mem_name) { Some(v) => v, None => { - println!("not found."); + log::info!("not found."); continue; } }; for addr in result.iter() { if self.cfg.is_64bits { - println!("found 0x{:x} '{}'", *addr, self.maps.read_string(*addr)); + log::info!("found 0x{:x} '{}'", *addr, self.maps.read_string(*addr)); } else { - println!( + log::info!( "found 0x{:x} '{}'", *addr as u32, self.maps.read_string(*addr) @@ -3014,15 +3014,15 @@ impl Emu { let sbs = con.cmd(); let results = self.maps.search_spaced_bytes(&sbs, &mem_name); if results.len() == 0 { - println!("not found."); + log::info!("not found."); } else { if self.cfg.is_64bits { for addr in results.iter() { - println!("found at 0x{:x}", addr); + log::info!("found at 0x{:x}", addr); } } else { for addr in results.iter() { - println!("found at 0x{:x}", to32!(addr)); + log::info!("found at 0x{:x}", to32!(addr)); } } } @@ -3032,15 +3032,15 @@ impl Emu { let sbs = con.cmd(); let results = self.maps.search_spaced_bytes_in_all(&sbs); if results.len() == 0 { - println!("not found."); + log::info!("not found."); } else { if self.cfg.is_64bits { for addr in results.iter() { - println!("found at 0x{:x}", addr); + log::info!("found at 0x{:x}", addr); } } else { for addr in results.iter() { - println!("found at 0x{:x}", to32!(addr)); + log::info!("found at 0x{:x}", to32!(addr)); } } } @@ -3051,23 +3051,23 @@ impl Emu { self.maps.search_string_in_all(kw); } "seh" => { - println!("0x{:x}", self.seh); + log::info!("0x{:x}", self.seh); } "veh" => { - println!("0x{:x}", self.veh); + log::info!("0x{:x}", self.veh); } "ll" => { con.print("ptr"); let ptr1 = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value"); + log::info!("bad hex value"); continue; } }; let mut ptr = ptr1; loop { - println!("- 0x{:x}", ptr); + log::info!("- 0x{:x}", ptr); ptr = match self.maps.read_dword(ptr) { Some(v) => v.into(), None => break, @@ -3096,11 +3096,11 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value"); + log::info!("bad hex value"); continue; } }; - println!("{}", self.disassemble(addr, 10)); + log::info!("{}", self.disassemble(addr, 10)); } "ldr" => { if self.cfg.is_64bits { @@ -3123,9 +3123,9 @@ impl Emu { } if addr == 0 { - println!("api not found"); + log::info!("api not found"); } else { - println!("found: 0x{:x} {}!{}", addr, lib, name); + log::info!("found: 0x{:x} {}!{}", addr, lib, name); } } "iatx" => { @@ -3134,7 +3134,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value."); + log::info!("bad hex value."); continue; } }; @@ -3147,9 +3147,9 @@ impl Emu { } if name == "" { - println!("api addr not found"); + log::info!("api addr not found"); } else { - println!("found: 0x{:x} {}", addr, name); + log::info!("found: 0x{:x} {}", addr, name); } } "iatd" => { @@ -3168,7 +3168,7 @@ impl Emu { let addr = match con.cmd_hex64() { Ok(v) => v, Err(_) => { - println!("bad hex value"); + log::info!("bad hex value"); continue; } }; @@ -3235,11 +3235,11 @@ impl Emu { s.print(); } - _ => println!("unrecognized structure."), + _ => log::info!("unrecognized structure."), } } // end dt command - _ => println!("command not found, type h"), + _ => log::info!("command not found, type h"), } // match commands } // end loop } // end commands function @@ -3251,9 +3251,9 @@ impl Emu { self.regs.show_edx(&self.maps, 0); self.regs.show_esi(&self.maps, 0); self.regs.show_edi(&self.maps, 0); - println!("\tesp: 0x{:x}", self.regs.get_esp() as u32); - println!("\tebp: 0x{:x}", self.regs.get_ebp() as u32); - println!("\teip: 0x{:x}", self.regs.get_eip() as u32); + log::info!("\tesp: 0x{:x}", self.regs.get_esp() as u32); + log::info!("\tebp: 0x{:x}", self.regs.get_ebp() as u32); + log::info!("\teip: 0x{:x}", self.regs.get_eip() as u32); } fn featured_regs64(&self) { @@ -3263,9 +3263,9 @@ impl Emu { self.regs.show_rdx(&self.maps, 0); self.regs.show_rsi(&self.maps, 0); self.regs.show_rdi(&self.maps, 0); - println!("\trsp: 0x{:x}", self.regs.rsp); - println!("\trbp: 0x{:x}", self.regs.rbp); - println!("\trip: 0x{:x}", self.regs.rip); + log::info!("\trsp: 0x{:x}", self.regs.rsp); + log::info!("\trbp: 0x{:x}", self.regs.rbp); + log::info!("\trip: 0x{:x}", self.regs.rip); self.regs.show_r8(&self.maps, 0); self.regs.show_r9(&self.maps, 0); self.regs.show_r10(&self.maps, 0); @@ -3300,7 +3300,7 @@ impl Emu { } } else { if self.seh == 0 { - println!("exception without any SEH handler nor vector configured."); + log::info!("exception without any SEH handler nor vector configured."); if self.cfg.console_enabled { self.spawn_console(); } @@ -3312,7 +3312,7 @@ impl Emu { next = match self.maps.read_dword(self.seh) { Some(value) => value.into(), None => { - println!("exception wihout correct SEH"); + log::info!("exception wihout correct SEH"); return; } }; @@ -3320,7 +3320,7 @@ impl Emu { addr = match self.maps.read_dword(self.seh + 4) { Some(value) => value.into(), None => { - println!("exception without correct SEH."); + log::info!("exception without correct SEH."); return; } }; @@ -3364,10 +3364,10 @@ impl Emu { formatter.format(&instruction, &mut output); if self.cfg.is_64bits { out.push_str(&format!("0x{:x}: {}\n", instruction.ip(), output)); - //println!("0x{:x}: {}", instruction.ip(), output); + //log::info!("0x{:x}: {}", instruction.ip(), output); } else { out.push_str(&format!("0x{:x}: {}\n", instruction.ip32(), output)); - //println!("0x{:x}: {}", instruction.ip32(), output); + //log::info!("0x{:x}: {}", instruction.ip32(), output); } count += 1; if count == amount { @@ -3438,7 +3438,7 @@ impl Emu { if self.linux { if let Some(val) = self.fs.get(&mem_addr) { if self.cfg.verbose > 0 { - println!("reading FS[0x{:x}] -> 0x{:x}", mem_addr, *val); + log::info!("reading FS[0x{:x}] -> 0x{:x}", mem_addr, *val); } if *val == 0 { return Some(0); //0x7ffff7ff000); @@ -3446,7 +3446,7 @@ impl Emu { return Some(*val); } else { if self.cfg.verbose > 0 { - println!("reading FS[0x{:x}] -> 0", mem_addr); + log::info!("reading FS[0x{:x}] -> 0", mem_addr); } return Some(0); //0x7ffff7fff000); } @@ -3455,7 +3455,7 @@ impl Emu { let value: u64 = match mem_addr { 0xc0 => { if self.cfg.verbose >= 1 { - println!( + log::info!( "{} Reading ISWOW64 is 32bits on a 64bits system?", self.pos ); @@ -3469,38 +3469,38 @@ impl Emu { 0x30 => { let peb = self.maps.get_mem("peb"); if self.cfg.verbose >= 1 { - println!("{} Reading PEB 0x{:x}", self.pos, peb.get_base()); + log::info!("{} Reading PEB 0x{:x}", self.pos, peb.get_base()); } peb.get_base() } 0x20 => { if self.cfg.verbose >= 1 { - println!("{} Reading PID 0x{:x}", self.pos, 10); + log::info!("{} Reading PID 0x{:x}", self.pos, 10); } 10 } 0x24 => { if self.cfg.verbose >= 1 { - println!("{} Reading TID 0x{:x}", self.pos, 101); + log::info!("{} Reading TID 0x{:x}", self.pos, 101); } 101 } 0x34 => { if self.cfg.verbose >= 1 { - println!("{} Reading last error value 0", self.pos); + log::info!("{} Reading last error value 0", self.pos); } 0 } 0x18 => { let teb = self.maps.get_mem("teb"); if self.cfg.verbose >= 1 { - println!("{} Reading TEB 0x{:x}", self.pos, teb.get_base()); + log::info!("{} Reading TEB 0x{:x}", self.pos, teb.get_base()); } teb.get_base() } 0x00 => { if self.cfg.verbose >= 1 { - println!("Reading SEH 0x{:x}", self.seh); + log::info!("Reading SEH 0x{:x}", self.seh); } self.seh } @@ -3510,7 +3510,7 @@ impl Emu { } 0x2c => { if self.cfg.verbose >= 1 { - println!("Reading local "); + log::info!("Reading local "); } let locale = self.alloc("locale", 100); self.maps.write_dword(locale, constants::EN_US_LOCALE); @@ -3526,7 +3526,7 @@ impl Emu { locale } _ => { - println!("unimplemented fs:[{}]", mem_addr); + log::info!("unimplemented fs:[{}]", mem_addr); return None; } }; @@ -3537,33 +3537,33 @@ impl Emu { 0x60 => { let peb = self.maps.get_mem("peb"); if self.cfg.verbose >= 1 { - println!("{} Reading PEB 0x{:x}", self.pos, peb.get_base()); + log::info!("{} Reading PEB 0x{:x}", self.pos, peb.get_base()); } peb.get_base() } 0x30 => { let teb = self.maps.get_mem("teb"); if self.cfg.verbose >= 1 { - println!("{} Reading TEB 0x{:x}", self.pos, teb.get_base()); + log::info!("{} Reading TEB 0x{:x}", self.pos, teb.get_base()); } teb.get_base() } 0x40 => { if self.cfg.verbose >= 1 { - println!("{} Reading PID 0x{:x}", self.pos, 10); + log::info!("{} Reading PID 0x{:x}", self.pos, 10); } 10 } 0x48 => { if self.cfg.verbose >= 1 { - println!("{} Reading TID 0x{:x}", self.pos, 101); + log::info!("{} Reading TID 0x{:x}", self.pos, 101); } 101 } 0x10 => { let stack = self.maps.get_mem("stack"); if self.cfg.verbose >= 1 { - println!("{} Reading StackLimit 0x{:x}", self.pos, &stack.size()); + log::info!("{} Reading StackLimit 0x{:x}", self.pos, &stack.size()); } stack.size() as u64 } @@ -3572,12 +3572,12 @@ impl Emu { } 0x1488 => { if self.cfg.verbose >= 1 { - println!("Reading SEH 0x{:x}", self.seh); + log::info!("Reading SEH 0x{:x}", self.seh); } self.seh } _ => { - println!("unimplemented gs:[{}]", mem_addr); + log::info!("unimplemented gs:[{}]", mem_addr); return None; } }; @@ -3597,7 +3597,7 @@ impl Emu { 64 => match self.maps.read_qword(mem_addr) { Some(v) => v, None => { - println!("/!\\ error dereferencing qword on 0x{:x}", mem_addr); + log::info!("/!\\ error dereferencing qword on 0x{:x}", mem_addr); self.exception(); return None; } @@ -3606,7 +3606,7 @@ impl Emu { 32 => match self.maps.read_dword(mem_addr) { Some(v) => v.into(), None => { - println!("/!\\ error dereferencing dword on 0x{:x}", mem_addr); + log::info!("/!\\ error dereferencing dword on 0x{:x}", mem_addr); self.exception(); return None; } @@ -3615,7 +3615,7 @@ impl Emu { 16 => match self.maps.read_word(mem_addr) { Some(v) => v.into(), None => { - println!("/!\\ error dereferencing word on 0x{:x}", mem_addr); + log::info!("/!\\ error dereferencing word on 0x{:x}", mem_addr); self.exception(); return None; } @@ -3624,7 +3624,7 @@ impl Emu { 8 => match self.maps.read_byte(mem_addr) { Some(v) => v.into(), None => { - println!("/!\\ error dereferencing byte on 0x{:x}", mem_addr); + log::info!("/!\\ error dereferencing byte on 0x{:x}", mem_addr); self.exception(); return None; } @@ -3649,11 +3649,11 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, sz, mem_addr, value, name); + log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, sz, mem_addr, value, name); } if mem_addr == self.bp.get_mem_read() { - println!("Memory breakpoint on read 0x{:x}", mem_addr); + log::info!("Memory breakpoint on read 0x{:x}", mem_addr); if self.running_script { self.force_break = true; } else { @@ -3692,7 +3692,7 @@ impl Emu { if idx == 0 { if self.linux { if self.cfg.verbose > 0 { - println!("writting FS[0x{:x}] = 0x{:x}", idx, value); + log::info!("writting FS[0x{:x}] = 0x{:x}", idx, value); } if value == 0x4b6c50 { self.fs.insert(0xffffffffffffffc8, 0x4b6c50); @@ -3700,14 +3700,14 @@ impl Emu { self.fs.insert(idx as u64, value); } else { if self.cfg.verbose >= 1 { - println!("fs:{:x} setting SEH to 0x{:x}", idx, value); + log::info!("fs:{:x} setting SEH to 0x{:x}", idx, value); } self.seh = value; } } else { if self.linux { if self.cfg.verbose > 0 { - println!("writting FS[0x{:x}] = 0x{:x}", idx, value); + log::info!("writting FS[0x{:x}] = 0x{:x}", idx, value); } self.fs.insert(idx as u64, value); } else { @@ -3751,7 +3751,7 @@ impl Emu { map.write_qword(mem_addr, value2); return true; } else { - println!( + log::info!( "/!\\ exception dereferencing bad address. 0x{:x}", mem_addr ); @@ -3767,7 +3767,7 @@ impl Emu { map.write_dword(mem_addr, to32!(value2)); return true; } else { - println!( + log::info!( "/!\\ exception dereferencing bad address. 0x{:x}", mem_addr ); @@ -3783,7 +3783,7 @@ impl Emu { map.write_word(mem_addr, value2 as u16); return true; } else { - println!( + log::info!( "/!\\ exception dereferencing bad address. 0x{:x}", mem_addr ); @@ -3799,7 +3799,7 @@ impl Emu { map.write_byte(mem_addr, value2 as u8); return true; } else { - println!( + log::info!( "/!\\ exception dereferencing bad address. 0x{:x}", mem_addr ); @@ -3827,7 +3827,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - println!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, sz, mem_addr, value2, name); + log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, sz, mem_addr, value2, name); } /* @@ -3838,13 +3838,13 @@ impl Emu { if name == "code" { if self.cfg.verbose >= 1 { - println!("/!\\ polymorfic code, addr 0x{:x}", mem_addr); + log::info!("/!\\ polymorfic code, addr 0x{:x}", mem_addr); } self.force_break = true; }*/ if mem_addr == self.bp.get_mem_write() { - println!("Memory breakpoint on write 0x{:x}", mem_addr); + log::info!("Memory breakpoint on write 0x{:x}", mem_addr); if self.running_script { self.force_break = true; } else { @@ -3885,7 +3885,7 @@ impl Emu { }) { Some(addr) => addr, None => { - println!("/!\\ xmm exception reading operand"); + log::info!("/!\\ xmm exception reading operand"); self.exception(); return None; } @@ -3900,7 +3900,7 @@ impl Emu { let value: u128 = match self.maps.read_128bits_le(mem_addr) { Some(v) => v, None => { - println!("/!\\ exception reading xmm operand at 0x{:x} ", mem_addr); + log::info!("/!\\ exception reading xmm operand at 0x{:x} ", mem_addr); self.exception(); return None; } @@ -3926,7 +3926,7 @@ impl Emu { }) { Some(addr) => addr, None => { - println!("/!\\ exception setting xmm operand."); + log::info!("/!\\ exception setting xmm operand."); self.exception(); return; } @@ -3971,7 +3971,7 @@ impl Emu { }) { Some(addr) => addr, None => { - println!("/!\\ xmm exception reading operand"); + log::info!("/!\\ xmm exception reading operand"); self.exception(); return None; } @@ -4012,7 +4012,7 @@ impl Emu { }) { Some(addr) => addr, None => { - println!("/!\\ exception setting xmm operand."); + log::info!("/!\\ exception setting xmm operand."); self.exception(); return; } @@ -4105,7 +4105,7 @@ impl Emu { pub fn show_instruction(&self, color: &str, ins: &Instruction) { if self.cfg.verbose >= 2 { - println!( + log::info!( "{}{} 0x{:x}: {}{}", color, self.pos, @@ -4118,7 +4118,7 @@ impl Emu { pub fn show_instruction_ret(&self, color: &str, ins: &Instruction, addr: u64) { if self.cfg.verbose >= 2 { - println!( + log::info!( "{}{} 0x{:x}: {} ; ret-addr: 0x{:x} ret-value: 0x{:x} {}", color, self.pos, @@ -4133,7 +4133,7 @@ impl Emu { pub fn show_instruction_pushpop(&self, color: &str, ins: &Instruction, value: u64) { if self.cfg.verbose >= 2 { - println!( + log::info!( "{}{} 0x{:x}: {} ;0x{:x} {}", color, self.pos, @@ -4147,7 +4147,7 @@ impl Emu { pub fn show_instruction_taken(&self, color: &str, ins: &Instruction) { if self.cfg.verbose >= 2 { - println!( + log::info!( "{}{} 0x{:x}: {} taken {}", color, self.pos, @@ -4160,7 +4160,7 @@ impl Emu { pub fn show_instruction_not_taken(&self, color: &str, ins: &Instruction) { if self.cfg.verbose >= 2 { - println!( + log::info!( "{}{} 0x{:x}: {} not taken {}", color, self.pos, @@ -4346,9 +4346,9 @@ impl Emu { "rdx" => self.regs.show_rdx(&self.maps, self.pos), "rsi" => self.regs.show_rsi(&self.maps, self.pos), "rdi" => self.regs.show_rdi(&self.maps, self.pos), - "rbp" => println!("\t{} rbp: 0x{:x}", self.pos, self.regs.rbp), - "rsp" => println!("\t{} rsp: 0x{:x}", self.pos, self.regs.rsp), - "rip" => println!("\t{} rip: 0x{:x}", self.pos, self.regs.rip), + "rbp" => log::info!("\t{} rbp: 0x{:x}", self.pos, self.regs.rbp), + "rsp" => log::info!("\t{} rsp: 0x{:x}", self.pos, self.regs.rsp), + "rip" => log::info!("\t{} rip: 0x{:x}", self.pos, self.regs.rip), "r8" => self.regs.show_r8(&self.maps, self.pos), "r9" => self.regs.show_r9(&self.maps, self.pos), "r10" => self.regs.show_r10(&self.maps, self.pos), @@ -4365,10 +4365,10 @@ impl Emu { "edx" => self.regs.show_edx(&self.maps, self.pos), "esi" => self.regs.show_esi(&self.maps, self.pos), "edi" => self.regs.show_edi(&self.maps, self.pos), - "esp" => println!("\t{} esp: 0x{:x}", self.pos, self.regs.get_esp() as u32), - "ebp" => println!("\t{} ebp: 0x{:x}", self.pos, self.regs.get_ebp() as u32), - "eip" => println!("\t{} eip: 0x{:x}", self.pos, self.regs.get_eip() as u32), - "xmm1" => println!("\t{} xmm1: 0x{:x}", self.pos, self.regs.xmm1), + "esp" => log::info!("\t{} esp: 0x{:x}", self.pos, self.regs.get_esp() as u32), + "ebp" => log::info!("\t{} ebp: 0x{:x}", self.pos, self.regs.get_ebp() as u32), + "eip" => log::info!("\t{} eip: 0x{:x}", self.pos, self.regs.get_eip() as u32), + "xmm1" => log::info!("\t{} xmm1: 0x{:x}", self.pos, self.regs.xmm1), _ => panic!("invalid register."), } } @@ -4377,13 +4377,13 @@ impl Emu { let s = self.maps.read_string(self.cfg.string_addr); if s.len() >= 2 && s.len() < 80 { - println!("\ttrace string -> 0x{:x}: '{}'", self.cfg.string_addr, s); + log::info!("\ttrace string -> 0x{:x}: '{}'", self.cfg.string_addr, s); } else { let w = self.maps.read_wide_string(self.cfg.string_addr); if w.len() < 80 { - println!("\ttrace wide string -> 0x{:x}: '{}'", self.cfg.string_addr, w); + log::info!("\ttrace wide string -> 0x{:x}: '{}'", self.cfg.string_addr, w); } else { - println!("\ttrace wide string -> 0x{:x}: ''", self.cfg.string_addr); + log::info!("\ttrace wide string -> 0x{:x}: ''", self.cfg.string_addr); } } } @@ -4395,7 +4395,7 @@ impl Emu { let mut s = self.maps.read_string(addr); self.maps.filter_string(&mut s); - println!( + log::info!( "\tmem_inspect: rip = {:x} (0x{:x}): 0x{:x} {} '{}' {{{}}}", self.regs.rip, addr, @@ -4413,7 +4413,7 @@ impl Emu { let code = match self.maps.get_mem_by_addr(self.regs.rip) { Some(c) => c, None => { - println!( + log::info!( "redirecting code flow to non maped address 0x{:x}", self.regs.rip ); @@ -4480,7 +4480,7 @@ impl Emu { if self.enabled_ctrlc { ctrlc::set_handler(move || { - println!("Ctrl-C detected, spawning console"); + log::info!("Ctrl-C detected, spawning console"); is_running2.store(0, atomic::Ordering::Relaxed); }) .expect("ctrl-c handler failed"); @@ -4492,7 +4492,7 @@ impl Emu { let mut repeat_counter: u32 = 0; if end_addr.is_none() { - println!(" ----- emulation -----"); + log::info!(" ----- emulation -----"); } //let ins = Instruction::default(); @@ -4504,11 +4504,11 @@ impl Emu { loop { while self.is_running.load(atomic::Ordering::Relaxed) == 1 { - //println!("reloading rip 0x{:x}", self.regs.rip); + //log::info!("reloading rip 0x{:x}", self.regs.rip); let code = match self.maps.get_mem_by_addr(self.regs.rip) { Some(c) => c, None => { - println!( + log::info!( "redirecting code flow to non maped address 0x{:x}", self.regs.rip ); @@ -4554,8 +4554,8 @@ impl Emu { } self.cfg.console2 = false; - println!("-------"); - println!("{} 0x{:x}: {}", self.pos, ins.ip(), self.out); + log::info!("-------"); + log::info!("{} 0x{:x}: {}", self.pos, ins.ip(), self.out); self.spawn_console(); if self.force_break { self.force_break = false; @@ -4571,7 +4571,7 @@ impl Emu { //prev_prev_addr = prev_addr; prev_addr = addr; if repeat_counter == 100 { - println!("infinite loop! opcode: {}", ins.op_code().op_code_string()); + log::info!("infinite loop! opcode: {}", ins.op_code().op_code_string()); return Err(ScemuError::new("inifinite loop found")); } @@ -4585,7 +4585,7 @@ impl Emu { } } if count > 2 { - println!(" loop: {} interations", count); + log::info!(" loop: {} interations", count); } /* if count > self.loop_limit { @@ -4881,7 +4881,7 @@ impl Emu { } } else { if arg % 4 != 0 { - println!("weird ret argument!"); + log::info!("weird ret argument!"); return false; } @@ -5608,7 +5608,7 @@ impl Emu { } } - //println!("0x{:x}: 0x{:x} SHL 0x{:x} = 0x{:x}", ins.ip32(), value0, value1, result); + //log::info!("0x{:x}: 0x{:x} SHL 0x{:x} = 0x{:x}", ins.ip32(), value0, value1, result); if !self.set_operand_value(&ins, 0, result) { return false; @@ -5678,7 +5678,7 @@ impl Emu { } } - //println!("0x{:x} SHR 0x{:x} >> 0x{:x} = 0x{:x}", ins.ip32(), value0, value1, result); + //log::info!("0x{:x} SHR 0x{:x} >> 0x{:x} = 0x{:x}", ins.ip32(), value0, value1, result); if !self.set_operand_value(&ins, 0, result) { return false; @@ -5981,15 +5981,15 @@ impl Emu { if self.cfg.test_mode { let (post_rdx, post_rax) = inline::mul(value0, pre_rax, pre_rdx, sz); if post_rax != self.regs.rax || post_rdx != self.regs.rdx { - println!( + log::info!( "sz: {} value0: 0x{:x} pre_rax: 0x{:x} pre_rdx: 0x{:x}", sz, value0, pre_rax, pre_rdx ); - println!( + log::info!( "mul rax is 0x{:x} and should be 0x{:x}", self.regs.rax, post_rax ); - println!( + log::info!( "mul rdx is 0x{:x} and should be 0x{:x}", self.regs.rdx, post_rdx ); @@ -6023,16 +6023,16 @@ impl Emu { if self.cfg.test_mode { let (post_rdx, post_rax) = inline::div(value0, pre_rax, pre_rdx, sz); if post_rax != self.regs.rax || post_rdx != self.regs.rdx { - println!("pos: {}", self.pos); - println!( + log::info!("pos: {}", self.pos); + log::info!( "sz: {} value0: 0x{:x} pre_rax: 0x{:x} pre_rdx: 0x{:x}", sz, value0, pre_rax, pre_rdx ); - println!( + log::info!( "div{} rax is 0x{:x} and should be 0x{:x}", sz, self.regs.rax, post_rax ); - println!( + log::info!( "div{} rdx is 0x{:x} and should be 0x{:x}", sz, self.regs.rdx, post_rdx ); @@ -6066,15 +6066,15 @@ impl Emu { if self.cfg.test_mode { let (post_rdx, post_rax) = inline::idiv(value0, pre_rax, pre_rdx, sz); if post_rax != self.regs.rax || post_rdx != self.regs.rdx { - println!( + log::info!( "sz: {} value0: 0x{:x} pre_rax: 0x{:x} pre_rdx: 0x{:x}", sz, value0, pre_rax, pre_rdx ); - println!( + log::info!( "idiv rax is 0x{:x} and should be 0x{:x}", self.regs.rax, post_rax ); - println!( + log::info!( "idiv rdx is 0x{:x} and should be 0x{:x}", self.regs.rdx, post_rdx ); @@ -6111,15 +6111,15 @@ impl Emu { if self.cfg.test_mode { let (post_rdx, post_rax) = inline::imul1p(value0, pre_rax, pre_rdx, sz); if post_rax != self.regs.rax || post_rdx != self.regs.rdx { - println!( + log::info!( "sz: {} value0: 0x{:x} pre_rax: 0x{:x} pre_rdx: 0x{:x}", sz, value0, pre_rax, pre_rdx ); - println!( + log::info!( "imul1p rax is 0x{:x} and should be 0x{:x}", self.regs.rax, post_rax ); - println!( + log::info!( "imul1p rdx is 0x{:x} and should be 0x{:x}", self.regs.rdx, post_rdx ); @@ -6328,7 +6328,7 @@ impl Emu { self.flags.f_zf = true; if self.cfg.verbose >= 1 { - println!("/!\\ undefined behavior on BSF with src == 0"); + log::info!("/!\\ undefined behavior on BSF with src == 0"); } } else { self.flags.f_zf = false; @@ -6341,7 +6341,7 @@ impl Emu { // cf flag undefined behavior apple mac x86_64 problem if self.regs.rip == 0x144ed424a { if self.cfg.verbose >= 1 { - println!("/!\\ f_cf undefined behaviour"); + log::info!("/!\\ f_cf undefined behaviour"); } self.flags.f_cf = false; } @@ -6350,7 +6350,7 @@ impl Emu { if src == 0 { self.flags.f_zf = true; if self.cfg.verbose >= 1 { - println!("/!\\ bsf src == 0 is undefined behavior"); + log::info!("/!\\ bsf src == 0 is undefined behavior"); } } else { let sz = self.get_operand_sz(&ins, 0); @@ -6402,7 +6402,7 @@ impl Emu { if value1 == 0 { self.flags.f_zf = true; if self.cfg.verbose >= 1 { - println!("/!\\ bsr src == 0 is undefined behavior"); + log::info!("/!\\ bsr src == 0 is undefined behavior"); } } else { let sz = self.get_operand_sz(&ins, 0); @@ -6454,7 +6454,7 @@ impl Emu { } else if sz == 16 { value1 = 0; if self.cfg.verbose >= 1 { - println!("/!\\ bswap of 16bits has undefined behaviours"); + log::info!("/!\\ bswap of 16bits has undefined behaviours"); } } else { unimplemented!("bswap <16bits makes no sense, isn't it?"); @@ -6722,7 +6722,7 @@ impl Emu { result = value1; - //println!("0x{:x}: MOVZX 0x{:x}", ins.ip32(), result); + //log::info!("0x{:x}: MOVZX 0x{:x}", ins.ip32(), result); /* if self.cfg.test_mode { @@ -6752,12 +6752,12 @@ impl Emu { let val = match self.maps.read_byte(self.regs.rsi) { Some(v) => v, None => { - println!("cannot read memory on rsi"); + log::info!("cannot read memory on rsi"); return false; } }; if !self.maps.write_byte(self.regs.rdi, val) { - println!("cannot write memoryh on rdi"); + log::info!("cannot write memoryh on rdi"); return false; } @@ -6811,12 +6811,12 @@ impl Emu { let val = match self.maps.read_byte(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read memory on esi"); + log::info!("cannot read memory on esi"); return false; } }; if !self.maps.write_byte(self.regs.get_edi(), val) { - println!("cannot write memory on edi"); + log::info!("cannot write memory on edi"); return false; } @@ -6951,7 +6951,7 @@ impl Emu { let val = match self.maps.read_word(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read memory on esi"); + log::info!("cannot read memory on esi"); return false; } }; @@ -7116,7 +7116,7 @@ impl Emu { let val = match self.maps.read_dword(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read memory at esi"); + log::info!("cannot read memory at esi"); return false; } }; @@ -7145,7 +7145,7 @@ impl Emu { let val = match self.maps.read_dword(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read memory"); + log::info!("cannot read memory"); return false; } }; @@ -7819,7 +7819,7 @@ impl Emu { // this is for the diff2.py diffing with gdb that // unrolls the reps if self.cfg.verbose > 2 { - println!("\t{} rip: 0x{:x}", self.pos, self.regs.rip); + log::info!("\t{} rip: 0x{:x}", self.pos, self.regs.rip); } } @@ -7862,7 +7862,7 @@ impl Emu { let value0: u64 = match self.maps.read_byte(self.regs.rdi) { Some(value) => value.into(), None => { - println!("/!\\ error reading byte on rdi 0x{:x}", self.regs.rdi); + log::info!("/!\\ error reading byte on rdi 0x{:x}", self.regs.rdi); return false; } }; @@ -8081,11 +8081,11 @@ impl Emu { if self.cfg.verbose >= 2 { if value0 > value1 { - println!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); } else if value0 < value1 { - println!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); } else { - println!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } } @@ -8105,11 +8105,11 @@ impl Emu { if self.cfg.verbose >= 2 { if value0 > value1 { - println!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); } else if value0 < value1 { - println!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); } else { - println!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } } } @@ -8151,14 +8151,14 @@ impl Emu { value0 = match self.maps.read_qword(self.regs.rsi) { Some(v) => v, None => { - println!("cannot read rsi"); + log::info!("cannot read rsi"); return false; } }; value1 = match self.maps.read_qword(self.regs.rdi) { Some(v) => v, None => { - println!("cannot read rdi"); + log::info!("cannot read rdi"); return false; } }; @@ -8175,14 +8175,14 @@ impl Emu { value0 = match self.maps.read_qword(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read esi"); + log::info!("cannot read esi"); return false; } }; value1 = match self.maps.read_qword(self.regs.get_edi()) { Some(v) => v, None => { - println!("cannot read edi"); + log::info!("cannot read edi"); return false; } }; @@ -8200,17 +8200,17 @@ impl Emu { if value0 > value1 { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); } return false; } else if value0 < value1 { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); } return false; } else { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } } @@ -8234,14 +8234,14 @@ impl Emu { value0 = match self.maps.read_qword(self.regs.rsi) { Some(v) => v, None => { - println!("cannot read rsi"); + log::info!("cannot read rsi"); return false; } }; value1 = match self.maps.read_qword(self.regs.rdi) { Some(v) => v, None => { - println!("cannot read rdi"); + log::info!("cannot read rdi"); return false; } }; @@ -8258,14 +8258,14 @@ impl Emu { value0 = match self.maps.read_qword(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read esi"); + log::info!("cannot read esi"); return false; } }; value1 = match self.maps.read_qword(self.regs.get_edi()) { Some(v) => v, None => { - println!("cannot read edi"); + log::info!("cannot read edi"); return false; } }; @@ -8283,11 +8283,11 @@ impl Emu { if self.cfg.verbose >= 2 { if value0 > value1 { - println!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); } else if value0 < value1 { - println!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); } else { - println!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } } } @@ -8311,14 +8311,14 @@ impl Emu { value0 = match self.maps.read_dword(self.regs.rsi) { Some(v) => v, None => { - println!("cannot read rsi"); + log::info!("cannot read rsi"); return false; } }; value1 = match self.maps.read_dword(self.regs.rdi) { Some(v) => v, None => { - println!("cannot read rdi"); + log::info!("cannot read rdi"); return false; } }; @@ -8335,14 +8335,14 @@ impl Emu { value0 = match self.maps.read_dword(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read esi"); + log::info!("cannot read esi"); return false; } }; value1 = match self.maps.read_dword(self.regs.get_edi()) { Some(v) => v, None => { - println!("cannot read edi"); + log::info!("cannot read edi"); return false; } }; @@ -8360,17 +8360,17 @@ impl Emu { if value0 > value1 { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); } return false; } else if value0 < value1 { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); } return false; } else { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } } @@ -8394,14 +8394,14 @@ impl Emu { value0 = match self.maps.read_dword(self.regs.rsi) { Some(v) => v, None => { - println!("cannot read rsi"); + log::info!("cannot read rsi"); return false; } }; value1 = match self.maps.read_dword(self.regs.rdi) { Some(v) => v, None => { - println!("cannot read rdi"); + log::info!("cannot read rdi"); return false; } }; @@ -8418,14 +8418,14 @@ impl Emu { value0 = match self.maps.read_dword(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read esi"); + log::info!("cannot read esi"); return false; } }; value1 = match self.maps.read_dword(self.regs.get_edi()) { Some(v) => v, None => { - println!("cannot read edi"); + log::info!("cannot read edi"); return false; } }; @@ -8443,11 +8443,11 @@ impl Emu { if self.cfg.verbose >= 2 { if value0 > value1 { - println!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); } else if value0 < value1 { - println!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); } else { - println!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } } } @@ -8471,14 +8471,14 @@ impl Emu { value0 = match self.maps.read_word(self.regs.rsi) { Some(v) => v, None => { - println!("cannot read rsi"); + log::info!("cannot read rsi"); return false; } }; value1 = match self.maps.read_word(self.regs.rdi) { Some(v) => v, None => { - println!("cannot read rdi"); + log::info!("cannot read rdi"); return false; } }; @@ -8495,14 +8495,14 @@ impl Emu { value0 = match self.maps.read_word(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read esi"); + log::info!("cannot read esi"); return false; } }; value1 = match self.maps.read_word(self.regs.get_edi()) { Some(v) => v, None => { - println!("cannot read edi"); + log::info!("cannot read edi"); return false; } }; @@ -8520,17 +8520,17 @@ impl Emu { if value0 > value1 { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); } break; } else if value0 < value1 { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); } break; } else { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } } @@ -8554,14 +8554,14 @@ impl Emu { value0 = match self.maps.read_word(self.regs.rsi) { Some(v) => v, None => { - println!("cannot read rsi"); + log::info!("cannot read rsi"); return false; } }; value1 = match self.maps.read_word(self.regs.rdi) { Some(v) => v, None => { - println!("cannot read rdi"); + log::info!("cannot read rdi"); return false; } }; @@ -8578,14 +8578,14 @@ impl Emu { value0 = match self.maps.read_word(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read esi"); + log::info!("cannot read esi"); return false; } }; value1 = match self.maps.read_word(self.regs.get_edi()) { Some(v) => v, None => { - println!("cannot read edi"); + log::info!("cannot read edi"); return false; } }; @@ -8603,11 +8603,11 @@ impl Emu { if self.cfg.verbose >= 2 { if value0 > value1 { - println!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); } else if value0 < value1 { - println!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); } else { - println!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } } } @@ -8631,14 +8631,14 @@ impl Emu { value0 = match self.maps.read_byte(self.regs.rsi) { Some(v) => v, None => { - println!("cannot read rsi"); + log::info!("cannot read rsi"); return false; } }; value1 = match self.maps.read_byte(self.regs.rdi) { Some(v) => v, None => { - println!("cannot read rdi"); + log::info!("cannot read rdi"); return false; } }; @@ -8655,14 +8655,14 @@ impl Emu { value0 = match self.maps.read_byte(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read esi"); + log::info!("cannot read esi"); return false; } }; value1 = match self.maps.read_byte(self.regs.get_edi()) { Some(v) => v, None => { - println!("cannot read edi"); + log::info!("cannot read edi"); return false; } }; @@ -8680,21 +8680,21 @@ impl Emu { if value0 > value1 { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); } assert!(self.flags.f_zf == false); break; //return false; } else if value0 < value1 { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); } assert!(self.flags.f_zf == false); break; //return false; } else { if self.cfg.verbose >= 2 { - println!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } assert!(self.flags.f_zf == true); } @@ -8719,14 +8719,14 @@ impl Emu { value0 = match self.maps.read_byte(self.regs.rsi) { Some(v) => v, None => { - println!("cannot read rsi"); + log::info!("cannot read rsi"); return false; } }; value1 = match self.maps.read_byte(self.regs.rdi) { Some(v) => v, None => { - println!("cannot read rdi"); + log::info!("cannot read rdi"); return false; } }; @@ -8743,14 +8743,14 @@ impl Emu { value0 = match self.maps.read_byte(self.regs.get_esi()) { Some(v) => v, None => { - println!("cannot read esi"); + log::info!("cannot read esi"); return false; } }; value1 = match self.maps.read_byte(self.regs.get_edi()) { Some(v) => v, None => { - println!("cannot read edi"); + log::info!("cannot read edi"); return false; } }; @@ -8768,11 +8768,11 @@ impl Emu { if self.cfg.verbose >= 2 { if value0 > value1 { - println!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); } else if value0 < value1 { - println!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); } else { - println!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } } } @@ -9166,7 +9166,7 @@ impl Emu { Mnemonic::Int3 => { self.show_instruction(&self.colors.red, &ins); - println!("/!\\ int 3 sigtrap!!!!"); + log::info!("/!\\ int 3 sigtrap!!!!"); self.exception(); return true; } @@ -9191,7 +9191,7 @@ impl Emu { // TODO: implement 0x40000000 -> get the virtualization vendor if self.cfg.verbose >= 1 { - println!( + log::info!( "\tcpuid input value: 0x{:x}, 0x{:x}", self.regs.rax, self.regs.rcx ); @@ -9318,7 +9318,7 @@ impl Emu { self.regs.rdx = 0; //0x100; } _ => { - println!("unimplemented cpuid call 0x{:x}", self.regs.rax); + log::info!("unimplemented cpuid call 0x{:x}", self.regs.rax); return false; } } @@ -9558,23 +9558,23 @@ impl Emu { } 0x29 => { - println!("int 0x21: __fastfail {}", self.regs.rcx); + log::info!("int 0x21: __fastfail {}", self.regs.rcx); std::process::exit(1); } 0x03 => { self.show_instruction(&self.colors.red, &ins); - println!("/!\\ int 0x3 sigtrap!!!!"); + log::info!("/!\\ int 0x3 sigtrap!!!!"); self.exception(); return false; } 0xdc => { - println!("/!\\ direct syscall: NtAlpcSendWaitReceivePort"); + log::info!("/!\\ direct syscall: NtAlpcSendWaitReceivePort"); } _ => { - println!("unimplemented interrupt {}", interrupt); + log::info!("unimplemented interrupt {}", interrupt); return false; } } @@ -9698,7 +9698,7 @@ impl Emu { let val = match self.maps.read_byte(self.regs.rsi) { Some(v) => v, None => { - println!("lodsb: memory read error"); + log::info!("lodsb: memory read error"); self.spawn_console(); 0 } @@ -9714,7 +9714,7 @@ impl Emu { let val = match self.maps.read_byte(self.regs.get_esi()) { Some(v) => v, None => { - println!("lodsb: memory read error"); + log::info!("lodsb: memory read error"); self.spawn_console(); 0 } @@ -9787,7 +9787,7 @@ impl Emu { None => return false, }; - //println!("{} {}", value, value as f32); + //log::info!("{} {}", value, value as f32); self.fpu.set_st(0, value as f64); } @@ -9928,7 +9928,7 @@ impl Emu { //C1 Set to 1 if stack overflow occurred; set to 0 otherwise. - //println!("operands: {}", ins.op_count()); + //log::info!("operands: {}", ins.op_count()); let value1 = match self.get_operand_value(&ins, 0, true) { Some(v) => v as i64 as f64, None => return false, @@ -10306,7 +10306,7 @@ impl Emu { let flags: u16 = match self.maps.read_word(self.regs.rsp) { Some(v) => v, None => { - eprintln!("popf cannot read the stack"); + log::error!("popf cannot read the stack"); self.exception(); return false; } @@ -10388,7 +10388,7 @@ impl Emu { if value0 == 0xde2f && value1 == 0x4239 && counter == 0x3c && sz == 16 { if self.cfg.verbose >= 1 { - println!("/!\\ shld undefined behaviour"); + log::info!("/!\\ shld undefined behaviour"); } let result = 0x9de2; // TODO: flags? @@ -10428,7 +10428,7 @@ impl Emu { inline::shrd(value0, value1, counter, sz, self.flags.dump()); self.flags.load(new_flags); - //println!("0x{:x} SHRD 0x{:x}, 0x{:x}, 0x{:x} = 0x{:x}", ins.ip32(), value0, value1, counter, result); + //log::info!("0x{:x} SHRD 0x{:x}, 0x{:x}, 0x{:x} = 0x{:x}", ins.ip32(), value0, value1, counter, result); /* if self.cfg.test_mode { //&& !undef { if result != inline::shrd(value0, value1, counter, sz) { @@ -10458,7 +10458,7 @@ impl Emu { Mnemonic::Pcmpeqd => { self.show_instruction(&self.colors.green, &ins); if self.get_operand_sz(&ins, 0) != 128 || self.get_operand_sz(&ins, 1) != 128 { - println!("unimplemented"); + log::info!("unimplemented"); return false; } @@ -10484,7 +10484,7 @@ impl Emu { Mnemonic::Psubusb => { self.show_instruction(&self.colors.green, &ins); if self.get_operand_sz(&ins, 0) != 128 || self.get_operand_sz(&ins, 1) != 128 { - println!("unimplemented"); + log::info!("unimplemented"); return false; } @@ -10547,14 +10547,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value0"); + log::info!("error getting xmm value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10572,14 +10572,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value0"); + log::info!("error getting xmm value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10598,14 +10598,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value0"); + log::info!("error getting xmm value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10625,14 +10625,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value0"); + log::info!("error getting xmm value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10663,14 +10663,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value0"); + log::info!("error getting xmm value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10695,14 +10695,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value0"); + log::info!("error getting xmm value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10725,14 +10725,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value0"); + log::info!("error getting xmm value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10763,14 +10763,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10799,14 +10799,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10835,14 +10835,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10871,14 +10871,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10911,7 +10911,7 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10920,7 +10920,7 @@ impl Emu { let value1 = match self.get_operand_value(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10930,7 +10930,7 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10940,21 +10940,21 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, false) { Some(v) => v, None => { - println!("error getting xmm address value1"); + log::info!("error getting xmm address value1"); return false; } }; let addr = match self.get_operand_value(&ins, 1, false) { Some(v) => v, None => { - println!("error getting xmm address value1"); + log::info!("error getting xmm address value1"); return false; } }; let value1 = match self.maps.read_qword(addr) { Some(v) => v, None => { - println!("error getting xmm qword value1"); + log::info!("error getting xmm qword value1"); return false; } }; @@ -10966,7 +10966,7 @@ impl Emu { let mut value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -10974,7 +10974,7 @@ impl Emu { self.set_operand_value(&ins, 0, value1 as u64); } else { - println!("SSE with other size combinations sz0:{} sz1:{}", sz0, sz1); + log::info!("SSE with other size combinations sz0:{} sz1:{}", sz0, sz1); return false; } } @@ -10991,7 +10991,7 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11000,7 +11000,7 @@ impl Emu { let value1 = match self.get_operand_value(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11009,7 +11009,7 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11018,21 +11018,21 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, false) { Some(v) => v, None => { - println!("error getting xmm address value1"); + log::info!("error getting xmm address value1"); return false; } }; let addr = match self.get_operand_value(&ins, 1, false) { Some(v) => v, None => { - println!("error getting xmm address value1"); + log::info!("error getting xmm address value1"); return false; } }; let value1 = match self.maps.read_qword(addr) { Some(v) => v, None => { - println!("error getting xmm qword value1"); + log::info!("error getting xmm qword value1"); return false; } }; @@ -11045,13 +11045,13 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; self.set_operand_value(&ins, 0, value1 as u64); } else { - println!("SSE with other size combinations sz0:{} sz1:{}", sz0, sz1); + log::info!("SSE with other size combinations sz0:{} sz1:{}", sz0, sz1); return false; } } @@ -11067,7 +11067,7 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value0"); + log::info!("error getting xmm value0"); return false; } }; @@ -11075,7 +11075,7 @@ impl Emu { let value1 = match self.get_operand_value(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11089,7 +11089,7 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11101,7 +11101,7 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value0"); + log::info!("error getting xmm value0"); return false; } }; @@ -11109,7 +11109,7 @@ impl Emu { let value1 = match self.get_operand_value(&ins, 1, true) { Some(v) => (v & 0xffffffff) as u32, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11133,7 +11133,7 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value0"); + log::info!("error getting xmm value0"); return false; } }; @@ -11141,7 +11141,7 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => (v & 0xffffffff) as u32, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11151,7 +11151,7 @@ impl Emu { self.set_operand_xmm_value_128(&ins, 0, result); } else { - println!("unimplemented case punpcklqdq {} {}", sz0, sz1); + log::info!("unimplemented case punpcklqdq {} {}", sz0, sz1); return false; } } @@ -11168,7 +11168,7 @@ impl Emu { value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11176,7 +11176,7 @@ impl Emu { value1 = match self.get_operand_value(&ins, 1, true) { Some(v) => v as u128, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11199,7 +11199,7 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11207,7 +11207,7 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11231,7 +11231,7 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11239,7 +11239,7 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11269,7 +11269,7 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11278,7 +11278,7 @@ impl Emu { let value1 = match self.get_operand_value(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11287,7 +11287,7 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; @@ -11296,14 +11296,14 @@ impl Emu { let addr = match self.get_operand_value(&ins, 1, false) { Some(v) => v, None => { - println!("error getting xmm address value1"); + log::info!("error getting xmm address value1"); return false; } }; let value1 = match self.maps.read_qword(addr) { Some(v) => v, None => { - println!("error getting xmm qword value1"); + log::info!("error getting xmm qword value1"); return false; } }; @@ -11313,13 +11313,13 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; self.set_operand_value(&ins, 0, value1 as u64); } else { - println!("SSE with other size combinations sz0:{} sz1:{}", sz0, sz1); + log::info!("SSE with other size combinations sz0:{} sz1:{}", sz0, sz1); return false; } } @@ -11336,18 +11336,18 @@ impl Emu { let xmm = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; let addr = match self.get_operand_value(&ins, 0, false) { Some(v) => v, None => { - println!("error getting address value0"); + log::info!("error getting address value0"); return false; } }; - //println!("addr: 0x{:x} value: 0x{:x}", addr, xmm); + //log::info!("addr: 0x{:x} value: 0x{:x}", addr, xmm); self.maps.write_dword( addr, ((xmm & 0xffffffff_00000000_00000000_00000000) >> (12 * 8)) as u32, @@ -11363,14 +11363,14 @@ impl Emu { let addr = match self.get_operand_value(&ins, 1, false) { Some(v) => v, None => { - println!("error reading address value1"); + log::info!("error reading address value1"); return false; } }; let bytes = self.maps.read_bytes(addr, 16); if bytes.len() != 16 { - println!("error reading 16 bytes"); + log::info!("error reading 16 bytes"); return false; } @@ -11385,14 +11385,14 @@ impl Emu { let xmm = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting xmm value1"); + log::info!("error getting xmm value1"); return false; } }; self.set_operand_xmm_value_128(&ins, 0, xmm); } else { - println!("sz0: {} sz1: {}\n", sz0, sz1); + log::info!("sz0: {} sz1: {}\n", sz0, sz1); unimplemented!("movdqa"); } } @@ -11403,14 +11403,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11426,14 +11426,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11449,14 +11449,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11479,14 +11479,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11505,14 +11505,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11528,14 +11528,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11551,14 +11551,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11581,14 +11581,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11607,14 +11607,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11630,14 +11630,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11653,14 +11653,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11679,14 +11679,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11709,14 +11709,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11732,14 +11732,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11755,14 +11755,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11814,14 +11814,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11861,14 +11861,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let mut value1 = match self.get_operand_value(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11891,14 +11891,14 @@ impl Emu { let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let mut value2 = match self.get_operand_value(&ins, 2, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -11986,14 +11986,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -12078,14 +12078,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -12196,14 +12196,14 @@ impl Emu { let value0 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error getting value0"); + log::info!("error getting value0"); return false; } }; let value1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error getting value1"); + log::info!("error getting value1"); return false; } }; @@ -12304,7 +12304,7 @@ impl Emu { let source = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -12349,7 +12349,7 @@ impl Emu { let source = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -12360,7 +12360,7 @@ impl Emu { let source = match self.get_operand_ymm_value_256(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory ymm 1 source operand"); + log::info!("error reading memory ymm 1 source operand"); return false; } }; @@ -12389,7 +12389,7 @@ impl Emu { let source = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -12400,7 +12400,7 @@ impl Emu { let source = match self.get_operand_ymm_value_256(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory ymm 1 source operand"); + log::info!("error reading memory ymm 1 source operand"); return false; } }; @@ -12418,7 +12418,7 @@ impl Emu { let source = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -12435,7 +12435,7 @@ impl Emu { let value = match self.get_operand_value(&ins, 1, true) { Some(v) => v, None => { - println!("error reading second operand"); + log::info!("error reading second operand"); return false; } }; @@ -12461,7 +12461,7 @@ impl Emu { let value = match self.get_operand_value(&ins, 1, true) { Some(v) => v, None => { - println!("error reading second operand"); + log::info!("error reading second operand"); return false; } }; @@ -12488,7 +12488,7 @@ impl Emu { let source = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -12500,7 +12500,7 @@ impl Emu { let source = match self.get_operand_ymm_value_256(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory ymm 1 source operand"); + log::info!("error reading memory ymm 1 source operand"); return false; } }; @@ -12539,7 +12539,7 @@ impl Emu { let source1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -12547,7 +12547,7 @@ impl Emu { let source2 = match self.get_operand_xmm_value_128(&ins, 2, true) { Some(v) => v, None => { - println!("error reading memory xmm 2 source operand"); + log::info!("error reading memory xmm 2 source operand"); return false; } }; @@ -12558,7 +12558,7 @@ impl Emu { let source1 = match self.get_operand_ymm_value_256(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory ymm 1 source operand"); + log::info!("error reading memory ymm 1 source operand"); return false; } }; @@ -12566,7 +12566,7 @@ impl Emu { let source2 = match self.get_operand_ymm_value_256(&ins, 2, true) { Some(v) => v, None => { - println!("error reading memory ymm 2 source operand"); + log::info!("error reading memory ymm 2 source operand"); return false; } }; @@ -12585,7 +12585,7 @@ impl Emu { let source1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -12593,7 +12593,7 @@ impl Emu { let source2 = match self.get_operand_xmm_value_128(&ins, 2, true) { Some(v) => v, None => { - println!("error reading memory xmm 2 source operand"); + log::info!("error reading memory xmm 2 source operand"); return false; } }; @@ -12604,7 +12604,7 @@ impl Emu { let source1 = match self.get_operand_ymm_value_256(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory ymm 1 source operand"); + log::info!("error reading memory ymm 1 source operand"); return false; } }; @@ -12612,7 +12612,7 @@ impl Emu { let source2 = match self.get_operand_ymm_value_256(&ins, 2, true) { Some(v) => v, None => { - println!("error reading memory ymm 2 source operand"); + log::info!("error reading memory ymm 2 source operand"); return false; } }; @@ -12631,7 +12631,7 @@ impl Emu { let source1 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -12639,7 +12639,7 @@ impl Emu { let source2 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 2 source operand"); + log::info!("error reading memory xmm 2 source operand"); return false; } }; @@ -12665,7 +12665,7 @@ impl Emu { let source1 = match self.get_operand_ymm_value_256(&ins, 0, true) { Some(v) => v, None => { - println!("error reading memory ymm 1 source operand"); + log::info!("error reading memory ymm 1 source operand"); return false; } }; @@ -12673,7 +12673,7 @@ impl Emu { let source2 = match self.get_operand_ymm_value_256(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory ymm 2 source operand"); + log::info!("error reading memory ymm 2 source operand"); return false; } }; @@ -12982,7 +12982,7 @@ impl Emu { let source1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -12990,7 +12990,7 @@ impl Emu { let source2 = match self.get_operand_xmm_value_128(&ins, 2, true) { Some(v) => v, None => { - println!("error reading memory xmm 2 source operand"); + log::info!("error reading memory xmm 2 source operand"); return false; } }; @@ -13016,7 +13016,7 @@ impl Emu { let source1 = match self.get_operand_ymm_value_256(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory ymm 1 source operand"); + log::info!("error reading memory ymm 1 source operand"); return false; } }; @@ -13024,7 +13024,7 @@ impl Emu { let source2 = match self.get_operand_ymm_value_256(&ins, 2, true) { Some(v) => v, None => { - println!("error reading memory ymm 2 source operand"); + log::info!("error reading memory ymm 2 source operand"); return false; } }; @@ -13100,7 +13100,7 @@ impl Emu { let source1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -13119,7 +13119,7 @@ impl Emu { let source1 = match self.get_operand_ymm_value_256(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory ymm 1 source operand"); + log::info!("error reading memory ymm 1 source operand"); return false; } }; @@ -13148,7 +13148,7 @@ impl Emu { let source1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -13167,7 +13167,7 @@ impl Emu { let source1 = match self.get_operand_ymm_value_256(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory ymm 1 source operand"); + log::info!("error reading memory ymm 1 source operand"); return false; } }; @@ -13196,7 +13196,7 @@ impl Emu { let source1 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -13204,7 +13204,7 @@ impl Emu { let source2 = match self.get_operand_xmm_value_128(&ins, 2, true) { Some(v) => v, None => { - println!("error reading memory xmm 2 source operand"); + log::info!("error reading memory xmm 2 source operand"); return false; } }; @@ -13223,7 +13223,7 @@ impl Emu { let source1 = match self.get_operand_ymm_value_256(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory ymm 1 source operand"); + log::info!("error reading memory ymm 1 source operand"); return false; } }; @@ -13231,7 +13231,7 @@ impl Emu { let source2 = match self.get_operand_ymm_value_256(&ins, 2, true) { Some(v) => v, None => { - println!("error reading memory ymm 2 source operand"); + log::info!("error reading memory ymm 2 source operand"); return false; } }; @@ -13376,7 +13376,7 @@ impl Emu { let source1 = match self.get_operand_xmm_value_128(&ins, 0, true) { Some(v) => v, None => { - println!("error reading memory xmm 1 source operand"); + log::info!("error reading memory xmm 1 source operand"); return false; } }; @@ -13384,7 +13384,7 @@ impl Emu { let source2 = match self.get_operand_xmm_value_128(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory xmm 2 source operand"); + log::info!("error reading memory xmm 2 source operand"); return false; } }; @@ -13409,7 +13409,7 @@ impl Emu { let source1 = match self.get_operand_ymm_value_256(&ins, 0, true) { Some(v) => v, None => { - println!("error reading memory ymm 1 source operand"); + log::info!("error reading memory ymm 1 source operand"); return false; } }; @@ -13417,7 +13417,7 @@ impl Emu { let source2 = match self.get_operand_ymm_value_256(&ins, 1, true) { Some(v) => v, None => { - println!("error reading memory ymm 2 source operand"); + log::info!("error reading memory ymm 2 source operand"); return false; } }; @@ -13687,7 +13687,7 @@ impl Emu { self.regs.rsp -= 2; if !self.maps.write_word(self.regs.rsp, val) { - println!("/!\\ exception writing word at rsp 0x{:x}", self.regs.rsp); + log::info!("/!\\ exception writing word at rsp 0x{:x}", self.regs.rsp); self.exception(); return false; } @@ -13717,23 +13717,23 @@ impl Emu { let array_index = match self.get_operand_value(&ins, 0, true) { Some(v) => v, None => { - println!("cannot read first opreand of bound"); + log::info!("cannot read first opreand of bound"); return false; } }; let lower_upper_bound = match self.get_operand_value(&ins, 1, true) { Some(v) => v, None => { - println!("cannot read second opreand of bound"); + log::info!("cannot read second opreand of bound"); return false; } }; - println!( + log::info!( "bound idx:{} lower_upper:{}", array_index, lower_upper_bound ); - println!("Bound unimplemented"); + log::info!("Bound unimplemented"); return false; // https://www.felixcloutier.com/x86/bound } @@ -13741,7 +13741,7 @@ impl Emu { Mnemonic::Lahf => { self.show_instruction(&self.colors.red, &ins); - //println!("\tlahf: flags = {:?}", self.flags); + //log::info!("\tlahf: flags = {:?}", self.flags); let mut result: u8 = 0; set_bit!(result, 0, self.flags.f_cf as u8); @@ -13933,7 +13933,7 @@ impl Emu { self.regs.rax = self.cfg.code_base_addr + 0x42; } _ => { - println!("/!\\ unimplemented rdmsr with value {}", self.regs.rcx); + log::info!("/!\\ unimplemented rdmsr with value {}", self.regs.rcx); return false; } } @@ -13942,7 +13942,7 @@ impl Emu { _ => { if self.cfg.verbose >= 2 || !self.cfg.skip_unimplemented { if self.cfg.is_64bits { - println!( + log::info!( "{}{} 0x{:x}: {}{}", self.colors.red, self.pos, @@ -13951,7 +13951,7 @@ impl Emu { self.colors.nc ); } else { - println!( + log::info!( "{}{} 0x{:x}: {}{}", self.colors.red, self.pos, @@ -13963,7 +13963,7 @@ impl Emu { } if !self.cfg.skip_unimplemented { - println!("unimplemented or invalid instruction. use --banzai (cfg.skip_unimplemented) mode to skip"); + log::info!("unimplemented or invalid instruction. use --banzai (cfg.skip_unimplemented) mode to skip"); if self.cfg.console_enabled { self.spawn_console(); } diff --git a/src/emu/breakpoint.rs b/src/emu/breakpoint.rs index 1c4f14b..22ee6cd 100644 --- a/src/emu/breakpoint.rs +++ b/src/emu/breakpoint.rs @@ -55,9 +55,9 @@ impl Breakpoint { } pub fn show(&self) { - println!("break on address: 0x{:x}", self.addr); - println!("break on instruction: {}", self.instruction); - println!("break on memory read: 0x{:x}", self.mem_read_addr); - println!("break on memory write: 0x{:x}", self.mem_write_addr); + log::info!("break on address: 0x{:x}", self.addr); + log::info!("break on instruction: {}", self.instruction); + log::info!("break on memory read: 0x{:x}", self.mem_read_addr); + log::info!("break on memory write: 0x{:x}", self.mem_write_addr); } } diff --git a/src/emu/console.rs b/src/emu/console.rs index 7a88780..9285a69 100644 --- a/src/emu/console.rs +++ b/src/emu/console.rs @@ -5,7 +5,7 @@ pub struct Console {} impl Console { pub fn new() -> Console { - println!("--- console ---"); + log::info!("--- console ---"); Console {} } @@ -67,74 +67,74 @@ impl Console { }*/ pub fn help(&self) { - println!("--- help ---"); - println!("q ...................... quit"); - println!("cls .................... clear screen"); - println!("h ...................... help"); - println!("s ...................... stack"); - println!("v ...................... vars"); - println!("sv ..................... set verbose level 0, 1 or 2"); - println!("r ...................... register show all"); - println!("r reg .................. show reg"); - println!("rc ..................... register change"); - println!("f ...................... show all flags"); - println!("fc ..................... clear all flags"); - println!("fz ..................... toggle flag zero"); - println!("fs ..................... toggle flag sign"); - println!("c ...................... continue"); - println!("b ...................... breakpoint list"); - println!("ba ..................... breakpoint on address"); - println!("bi ..................... breakpoint on instruction number"); - println!("bmr .................... breakpoint on read memory"); - println!("bmw .................... breakpoint on write memory"); - println!("bmx .................... breakpoint on execute memory"); - println!("bcmp ................... break on next cmp or test"); - println!("bc ..................... clear breakpoint"); - println!("n ...................... next instruction"); - println!("eip .................... change eip"); - println!("rip .................... change rip"); - println!("push ................... push dword to the stack"); - println!("pop .................... pop dword from stack"); - println!("fpu .................... fpu view"); - println!("md5 .................... check the md5 of a memory map"); - println!("seh .................... view SEH"); - println!("veh .................... view vectored execption pointer"); - println!("m ...................... memory maps"); - println!("ms ..................... memory filtered by keyword string"); - println!("ma ..................... memory allocs"); - println!("mc ..................... memory create map"); - println!("mn ..................... memory name of an address"); - println!("ml ..................... memory load file content to map"); - println!("mr ..................... memory read, speficy ie: dword ptr [esi]"); - println!( + log::info!("--- help ---"); + log::info!("q ...................... quit"); + log::info!("cls .................... clear screen"); + log::info!("h ...................... help"); + log::info!("s ...................... stack"); + log::info!("v ...................... vars"); + log::info!("sv ..................... set verbose level 0, 1 or 2"); + log::info!("r ...................... register show all"); + log::info!("r reg .................. show reg"); + log::info!("rc ..................... register change"); + log::info!("f ...................... show all flags"); + log::info!("fc ..................... clear all flags"); + log::info!("fz ..................... toggle flag zero"); + log::info!("fs ..................... toggle flag sign"); + log::info!("c ...................... continue"); + log::info!("b ...................... breakpoint list"); + log::info!("ba ..................... breakpoint on address"); + log::info!("bi ..................... breakpoint on instruction number"); + log::info!("bmr .................... breakpoint on read memory"); + log::info!("bmw .................... breakpoint on write memory"); + log::info!("bmx .................... breakpoint on execute memory"); + log::info!("bcmp ................... break on next cmp or test"); + log::info!("bc ..................... clear breakpoint"); + log::info!("n ...................... next instruction"); + log::info!("eip .................... change eip"); + log::info!("rip .................... change rip"); + log::info!("push ................... push dword to the stack"); + log::info!("pop .................... pop dword from stack"); + log::info!("fpu .................... fpu view"); + log::info!("md5 .................... check the md5 of a memory map"); + log::info!("seh .................... view SEH"); + log::info!("veh .................... view vectored execption pointer"); + log::info!("m ...................... memory maps"); + log::info!("ms ..................... memory filtered by keyword string"); + log::info!("ma ..................... memory allocs"); + log::info!("mc ..................... memory create map"); + log::info!("mn ..................... memory name of an address"); + log::info!("ml ..................... memory load file content to map"); + log::info!("mr ..................... memory read, speficy ie: dword ptr [esi]"); + log::info!( "mw ..................... memory write, speficy ie: dword ptr [esi] and then: 1af" ); - println!("mwb .................... memory write bytes, input spaced bytes"); - println!("md ..................... memory dump"); - println!("mrd .................... memory read dwords"); - println!("mrq .................... memory read qwords"); - println!("mds .................... memory dump string"); - println!("mdw .................... memory dump wide string"); - println!("mdd .................... memory dump to disk"); - println!("mdda ................... memory dump all allocations to disk"); - println!("mt ..................... memory test"); - println!("ss ..................... search string"); - println!("sb ..................... search bytes"); - println!("sba .................... search bytes in all the maps"); - println!("ssa .................... search string in all the maps"); - println!("ll ..................... linked list walk"); - println!("d ...................... dissasemble"); - println!("dt ..................... dump structure"); - println!("enter .................. step into"); - println!("tr ..................... trace reg"); - println!("trc .................... trace regs clear"); - println!("ldr .................... show ldr linked list"); - println!("iat .................... find api name in all iat's "); - println!("iatx ................... addr to api name"); - println!("iatd ................... dump the iat of specific module"); + log::info!("mwb .................... memory write bytes, input spaced bytes"); + log::info!("md ..................... memory dump"); + log::info!("mrd .................... memory read dwords"); + log::info!("mrq .................... memory read qwords"); + log::info!("mds .................... memory dump string"); + log::info!("mdw .................... memory dump wide string"); + log::info!("mdd .................... memory dump to disk"); + log::info!("mdda ................... memory dump all allocations to disk"); + log::info!("mt ..................... memory test"); + log::info!("ss ..................... search string"); + log::info!("sb ..................... search bytes"); + log::info!("sba .................... search bytes in all the maps"); + log::info!("ssa .................... search string in all the maps"); + log::info!("ll ..................... linked list walk"); + log::info!("d ...................... dissasemble"); + log::info!("dt ..................... dump structure"); + log::info!("enter .................. step into"); + log::info!("tr ..................... trace reg"); + log::info!("trc .................... trace regs clear"); + log::info!("ldr .................... show ldr linked list"); + log::info!("iat .................... find api name in all iat's "); + log::info!("iatx ................... addr to api name"); + log::info!("iatd ................... dump the iat of specific module"); - //println!("o ...................... step over"); - println!(); - println!("---"); + //log::info!("o ...................... step over"); + log::info!(""); + log::info!("---"); } } diff --git a/src/emu/elf32.rs b/src/emu/elf32.rs index db8dfcb..b2bef58 100644 --- a/src/emu/elf32.rs +++ b/src/emu/elf32.rs @@ -85,16 +85,16 @@ impl Elf32 { let end = self.bin.iter().skip(off) .position(|&x| x == 0x00).unwrap_or(0) + off; let name = std::str::from_utf8(&self.bin[off..end]).unwrap(); - println!("la seccion {} es pt_load", &name); + log::info!("la seccion {} es pt_load", &name); } }*/ let mem = maps.create_map(&format!("code"), phdr.p_vaddr.into(), phdr.p_memsz.into()).expect("cannot create code map from load_programs elf32"); if phdr.p_filesz >phdr.p_memsz { - println!("p_filesz > p_memsz bigger in file than in memory."); + log::info!("p_filesz > p_memsz bigger in file than in memory."); } - println!("segment {} - {}", phdr.p_offset, (phdr.p_offset+phdr.p_filesz)); + log::info!("segment {} - {}", phdr.p_offset, (phdr.p_offset+phdr.p_filesz)); let segment = &self.bin[phdr.p_offset as usize.. (phdr.p_offset + phdr.p_filesz) as usize]; mem.write_bytes(phdr.p_vaddr.into(), segment); @@ -104,7 +104,7 @@ impl Elf32 { } pub fn is_elf32(filename:&str) -> bool { - //println!("checking if elf32: {}", filename); + //log::info!("checking if elf32: {}", filename); let mut fd = File::open(filename).expect("file not found"); let mut raw = vec![0u8; 5]; fd.read_exact(&mut raw).expect("couldnt read the file"); diff --git a/src/emu/elf64.rs b/src/emu/elf64.rs index b147735..8f0a02e 100644 --- a/src/emu/elf64.rs +++ b/src/emu/elf64.rs @@ -142,7 +142,7 @@ impl Elf64 { for phdr in &self.elf_phdr { if phdr.p_type == constants::PT_LOAD { if phdr.p_vaddr > 0 && (phdr.p_vaddr <= addr || addr <= (phdr.p_vaddr+phdr.p_memsz)) { - //println!("vaddr 0x{:x}", phdr.p_vaddr); + //log::info!("vaddr 0x{:x}", phdr.p_vaddr); return true; } } @@ -161,7 +161,7 @@ impl Elf64 { pub fn sym_get_addr_from_name(&self, name: &str) -> Option { for sym in self.elf_dynsym.iter() { - println!("{} == {}", &sym.st_dynstr_name, name); + log::info!("{} == {}", &sym.st_dynstr_name, name); if &sym.st_dynstr_name == name { return Some(sym.st_value); } @@ -306,7 +306,7 @@ impl Elf64 { self.init = Some(shdr.sh_addr.into()); } - //println!("loading map {} 0x{:x} sz:{}", &map_name, shdr.sh_addr, shdr.sh_size); + //log::info!("loading map {} 0x{:x} sz:{}", &map_name, shdr.sh_addr, shdr.sh_size); let base:u64; if dynamic_linking { if shdr.sh_addr < 0x8000 { @@ -347,10 +347,10 @@ impl Elf64 { if sym_name.contains("libc") { sym_addr += LIBC_BASE; } - println!("crafting got 0x{:x} <- 0x{:x} {}", addr, sym_addr, sym_name); + log::info!("crafting got 0x{:x} <- 0x{:x} {}", addr, sym_addr, sym_name); got.write_qword(addr, sym_addr); } else { - println!("crafting got error, no symbol {}", sym_name); + log::info!("crafting got error, no symbol {}", sym_name); } } @@ -395,7 +395,7 @@ impl Elf64 { } if off_strtab == 0 { - println!("dt_strtab not found"); + log::info!("dt_strtab not found"); return libs; } @@ -415,7 +415,7 @@ impl Elf64 { .expect("error searching on DT_STRTAB"); let lib_name = std::str::from_utf8(&self.bin[off_lib..off_lib + off_lib_end]) .expect("libname on DT_STRTAB is not utf-8"); - println!("lib: {}", lib_name); + log::info!("lib: {}", lib_name); libs.push(lib_name.to_string()); } off += 16; @@ -429,7 +429,7 @@ impl Elf64 { } pub fn is_elf64(filename:&str) -> bool { - //println!("checking if elf64: {}", filename); + //log::info!("checking if elf64: {}", filename); let mut fd = File::open(filename).expect("file not found"); let mut raw = vec![0u8; 5]; fd.read_exact(&mut raw).expect("couldnt read the file"); diff --git a/src/emu/endpoint.rs b/src/emu/endpoint.rs index d2361f5..9e4daf5 100644 --- a/src/emu/endpoint.rs +++ b/src/emu/endpoint.rs @@ -44,14 +44,14 @@ pub fn warning() { pub fn sock_connect(host: &str, port: u16) -> bool { let mut stream = STREAM.lock().unwrap(); - println!("\tconnecting to {}:{}...", host, port); + log::info!("\tconnecting to {}:{}...", host, port); stream.push(match TcpStream::connect((host, port)) { Ok(s) => s, Err(_) => { return false; } }); - println!("\tconnected!"); + log::info!("\tconnected!"); return true; } @@ -145,7 +145,7 @@ pub fn http_send_request() { url = format!("http://{}:{}{}", host, port, path); } - println!("\tconnecting to url: {}", url); + log::info!("\tconnecting to url: {}", url); let mut req: RequestBuilder = match method.as_str() { "get" => attohttpc::get(url), @@ -156,7 +156,7 @@ pub fn http_send_request() { "patch" => attohttpc::patch(url), "trace" => attohttpc::trace(url), _ => { - println!("\tweird method."); + log::info!("\tweird method."); return; } }; @@ -171,11 +171,11 @@ pub fn http_send_request() { match header::HeaderName::from_bytes(&key.to_lowercase().as_bytes()) { Ok(h) => h, Err(e) => { - println!("\terror in header {} err: {}", &key, e); + log::info!("\terror in header {} err: {}", &key, e); return; } }; - //println!("\tadding header: `{}` value: `{}`", &key, &v); + //log::info!("\tadding header: `{}` value: `{}`", &key, &v); req = req .try_header_append::(hn, &v) .expect("cannot add header"); @@ -184,16 +184,16 @@ pub fn http_send_request() { let resp = match req.send() { Ok(r) => r, Err(_) => { - println!("\tCannot connect."); + log::info!("\tCannot connect."); return; } }; if resp.is_success() { *data = resp.bytes().expect("error receiving data"); - println!("\t{} bytes downloaded", data.len()); + log::info!("\t{} bytes downloaded", data.len()); } else { - println!("\tURL not Ok."); + log::info!("\tURL not Ok."); } } diff --git a/src/emu/flags.rs b/src/emu/flags.rs index 29791c7..1239ccc 100644 --- a/src/emu/flags.rs +++ b/src/emu/flags.rs @@ -116,27 +116,27 @@ impl Flags { } pub fn print(&self) { - println!("--- flags ---"); - println!("0x{:x}", self.dump()); - println!("cf: {}", self.f_cf); - println!("pf: {}", self.f_pf); - println!("af: {}", self.f_af); - println!("zf: {}", self.f_zf); - println!("sf: {}", self.f_sf); - println!("tf: {}", self.f_tf); - println!("if: {}", self.f_if); - println!("df: {}", self.f_df); - println!("of: {}", self.f_of); - println!("iopl1: {}", self.f_iopl1); - println!("iopl2: {}", self.f_iopl2); - println!("nt: {}", self.f_nt); - println!("rf: {}", self.f_rf); - println!("vm: {}", self.f_vm); - println!("ac: {}", self.f_ac); - println!("vif: {}", self.f_vif); - println!("vip: {}", self.f_vip); - println!("id: {}", self.f_id); - println!("---"); + log::info!("--- flags ---"); + log::info!("0x{:x}", self.dump()); + log::info!("cf: {}", self.f_cf); + log::info!("pf: {}", self.f_pf); + log::info!("af: {}", self.f_af); + log::info!("zf: {}", self.f_zf); + log::info!("sf: {}", self.f_sf); + log::info!("tf: {}", self.f_tf); + log::info!("if: {}", self.f_if); + log::info!("df: {}", self.f_df); + log::info!("of: {}", self.f_of); + log::info!("iopl1: {}", self.f_iopl1); + log::info!("iopl2: {}", self.f_iopl2); + log::info!("nt: {}", self.f_nt); + log::info!("rf: {}", self.f_rf); + log::info!("vm: {}", self.f_vm); + log::info!("ac: {}", self.f_ac); + log::info!("vif: {}", self.f_vif); + log::info!("vip: {}", self.f_vip); + log::info!("id: {}", self.f_id); + log::info!("---"); } pub fn dump(&self) -> u32 { diff --git a/src/emu/fpu.rs b/src/emu/fpu.rs index e770460..eedf3b9 100644 --- a/src/emu/fpu.rs +++ b/src/emu/fpu.rs @@ -119,16 +119,16 @@ impl FPU { } pub fn print(&self) { - println!("---- fpu ----"); + log::info!("---- fpu ----"); for i in 0..self.st.len() { - println!("st({}): {}", i, self.st[i]); + log::info!("st({}): {}", i, self.st[i]); } - println!("stat: 0x{:x}", self.stat); - println!("ctrl: 0x{:x}", self.ctrl); - println!("eip: 0x{:x}", self.ip); + log::info!("stat: 0x{:x}", self.stat); + log::info!("ctrl: 0x{:x}", self.ctrl); + log::info!("eip: 0x{:x}", self.ip); - println!("--------"); + log::info!("--------"); } pub fn set_st(&mut self, i: usize, value: f64) { diff --git a/src/emu/inline.rs b/src/emu/inline.rs index fb87af5..f640b6b 100644 --- a/src/emu/inline.rs +++ b/src/emu/inline.rs @@ -518,7 +518,7 @@ pub fn shld(a: u64, b: u64, c: u64, bits: u32, flags: u32) -> (u64, u32) { unimplemented!("doesnt exit shld of 8bits"); } _ => { - println!("sz: {}", bits); + log::info!("sz: {}", bits); unimplemented!("weird case"); } }*/ @@ -607,7 +607,7 @@ pub fn shrd(a: u64, b: u64, c: u64, bits: u32, flags: u32) -> (u64, u32) { unimplemented!("doesnt exit shrd of 8bits"); } _ => { - println!("sz: {}", bits); + log::info!("sz: {}", bits); unimplemented!("weird case"); } }*/ diff --git a/src/emu/maps.rs b/src/emu/maps.rs index 7f16bab..91e934c 100644 --- a/src/emu/maps.rs +++ b/src/emu/maps.rs @@ -158,7 +158,7 @@ impl Maps { return true; } } - println!("writing byte on non mapped zone 0x{:x}", addr); + log::info!("writing byte on non mapped zone 0x{:x}", addr); false } @@ -463,7 +463,7 @@ impl Maps { } pub fn print_maps_keyword(&self, kw: &str) { - println!("--- maps ---"); + log::info!("--- maps ---"); for mem in self.maps.iter() { let k = mem.get_name(); let n; @@ -477,7 +477,7 @@ impl Maps { spcs.push(' '); } if k.contains(kw) { - println!( + log::info!( "{}{}0x{:x} - 0x{:x} ({})", k, spcs, @@ -487,12 +487,12 @@ impl Maps { ); } } - println!("memory usage: {} bytes", self.size()); - println!("---"); + log::info!("memory usage: {} bytes", self.size()); + log::info!("---"); } pub fn print_maps(&self) { - println!("--- maps ---"); + log::info!("--- maps ---"); for mem in self.maps.iter() { let k = mem.get_name(); let n; @@ -505,7 +505,7 @@ impl Maps { for i in 0..n { spcs.push(' '); } - println!( + log::info!( "{}{}0x{:x} - 0x{:x} ({})", k, spcs, @@ -514,8 +514,8 @@ impl Maps { mem.size() ); } - println!("memory usage: {} bytes", self.size()); - println!("---"); + log::info!("memory usage: {} bytes", self.size()); + log::info!("---"); } pub fn get_addr_base(&self, addr: u64) -> Option { @@ -539,7 +539,7 @@ impl Maps { pub fn show_addr_names(&self, addr: u64) { for mem in self.maps.iter() { if mem.inside(addr) { - println!("{}", mem.get_name()); + log::info!("{}", mem.get_name()); } } } @@ -571,7 +571,7 @@ impl Maps { Err(n) => " -utf8err- ".to_string(), }; - println!(" {}", s); + log::info!(" {}", s); } } @@ -586,7 +586,7 @@ impl Maps { count += 1; print!("{:02x} ", b); if count >= amount { - println!(""); + log::info!(""); return; } } @@ -597,7 +597,7 @@ impl Maps { Err(n) => " -utf8err- ".to_string(), }; - println!(" {}", s); + log::info!(" {}", s); } } @@ -611,7 +611,7 @@ impl Maps { let dw = match self.read_dword(addr + count * 4) { Some(v) => v, None => { - println!("bad address"); + log::info!("bad address"); return; } }; @@ -635,7 +635,7 @@ impl Maps { Err(n) => " -utf8err- ".to_string(), }; - println!("{}", s); + log::info!("{}", s); } } @@ -654,7 +654,7 @@ impl Maps { None => "".to_string(), }; - println!( + log::info!( "0x{:x}: 0x{:x} ({}) '{}'", a, value, @@ -681,7 +681,7 @@ impl Maps { None => "".to_string(), }; - println!( + log::info!( "0x{:x}: 0x{:x} ({}) '{}'", a, value, @@ -689,7 +689,7 @@ impl Maps { self.filter_replace_string(&self.read_string(value.into())) ); } else { - println!("0x{:x}: 0x{:x}", a, value); + log::info!("0x{:x}: 0x{:x}", a, value); } } } @@ -790,7 +790,7 @@ impl Maps { } } } - println!("map not found"); + log::info!("map not found"); None } @@ -814,7 +814,7 @@ impl Maps { let b = match u8::from_str_radix(bsi, 16) { Ok(b) => b, Err(_) => { - println!("bad hex bytes"); + log::info!("bad hex bytes"); return bytes; } }; @@ -939,9 +939,9 @@ impl Maps { for addr in results.iter() { if self.is_64bits { - println!("found at 0x{:x} '{}'", addr, self.read_string(*addr)); + log::info!("found at 0x{:x} '{}'", addr, self.read_string(*addr)); } else { - println!( + log::info!( "found at 0x{:x} '{}'", *addr as u32, self.read_string(*addr) @@ -952,7 +952,7 @@ impl Maps { } if !found { - println!("not found."); + log::info!("not found."); } } @@ -1008,7 +1008,7 @@ impl Maps { for mem in self.maps.iter() { let name = mem.get_name(); if name.starts_with("alloc_") || name.starts_with("valloc_") { - println!( + log::info!( "{} 0x{:x} - 0x{:x} ({})", name, mem.get_base(), @@ -1022,7 +1022,7 @@ impl Maps { pub fn show_maps(&self) { for mem in self.maps.iter() { let name = mem.get_name(); - println!( + log::info!( "{} 0x{:x} - 0x{:x} ({})", name, mem.get_base(), @@ -1083,25 +1083,25 @@ impl Maps { fn _alloc(&self, sz: u64, bottom: u64, top: u64, lib: bool) -> Option { let mut prev: u64 = bottom; - //println!("allocating {} bytes from 0x{:x} to 0x{:x}", sz, bottom, top); + //log::info!("allocating {} bytes from 0x{:x} to 0x{:x}", sz, bottom, top); for i in 0..self.maps.len() { let mem = &self.maps[i]; let base = mem.get_base(); if lib && base < bottom { - //println!("skipping: 0x{:x}", base); + //log::info!("skipping: 0x{:x}", base); continue; // a lib finding allocs that are not lib } - //println!("base: 0x{:x} prev: 0x{:x} sz: 0x{:x}", base, prev, sz); + //log::info!("base: 0x{:x} prev: 0x{:x} sz: 0x{:x}", base, prev, sz); if prev > base { //self.show_maps(); panic!("alloc error"); } - //println!("space: 0x{:x}", base - prev); + //log::info!("space: 0x{:x}", base - prev); if (base - prev) > sz { - //println!("space found: 0x{:x}", prev); + //log::info!("space found: 0x{:x}", prev); return Some(prev); } @@ -1109,11 +1109,11 @@ impl Maps { } if top - prev > sz { - //println!("space found: 0x{:x} sz:{}", prev, sz); + //log::info!("space found: 0x{:x} sz:{}", prev, sz); return Some(prev); } - println!("no space found"); + log::info!("no space found"); None } @@ -1160,7 +1160,7 @@ impl Maps { m.save(addr, size as usize, filename); } None => { - println!("this address is not mapped."); + log::info!("this address is not mapped."); } } } @@ -1226,8 +1226,8 @@ impl Maps { if name1 != name2 { for addr1 in mem1.get_base()..mem1.get_bottom() { if mem2.inside(addr1) { - println!("/!\\ {} overlaps with {}", name1, name2); - println!( + log::info!("/!\\ {} overlaps with {}", name1, name2); + log::info!( "/!\\ 0x{:x}-0x{:x} vs 0x{:x}-0x{:x}", mem1.get_base(), mem1.get_bottom(), @@ -1241,7 +1241,7 @@ impl Maps { } if (mem1.get_base() + (mem1.size() as u64)) != mem1.get_bottom() { - println!("/!\\ memory bottom dont match, mem: {}", name1); + log::info!("/!\\ memory bottom dont match, mem: {}", name1); return false; } } diff --git a/src/emu/maps/mem64.rs b/src/emu/maps/mem64.rs index 3fcfbe3..10c5676 100644 --- a/src/emu/maps/mem64.rs +++ b/src/emu/maps/mem64.rs @@ -211,11 +211,11 @@ impl Mem64 { } pub fn print_bytes(&self) { - println!("---mem---"); + log::info!("---mem---"); for b in self.mem.iter() { print!("{}", b); } - println!("---"); + log::info!("---"); } pub fn print_dwords(&self) { @@ -223,12 +223,12 @@ impl Mem64 { } pub fn print_dwords_from_to(&self, from: u64, to: u64) { - println!("---mem---"); + log::info!("---mem---"); for addr in (from..to).step_by(4) { - println!("0x{:x}", self.read_dword(addr)) + log::info!("0x{:x}", self.read_dword(addr)) } - println!("---"); + log::info!("---"); } pub fn md5(&self) -> md5::Digest { @@ -243,7 +243,7 @@ impl Mem64 { } pub fn load_chunk(&mut self, filename: &str, off: u64, sz: usize) -> bool { - // println!("loading chunk: {} {} {}", filename, off, sz); + // log::info!("loading chunk: {} {} {}", filename, off, sz); let mut f = match File::open(&filename) { Ok(f) => f, Err(_) => { @@ -264,7 +264,7 @@ impl Mem64 { } pub fn load(&mut self, filename: &str) -> bool { - // println!("loading map: {}", filename); + // log::info!("loading map: {}", filename); let f = match File::open(&filename) { Ok(f) => f, Err(_) => { @@ -285,14 +285,14 @@ impl Mem64 { let idx = (addr - self.base_addr) as usize; let sz2 = idx as usize + size; if sz2 > self.mem.len() { - println!("size too big, map size is {} sz2:{}", self.mem.len(), sz2); + log::info!("size too big, map size is {} sz2:{}", self.mem.len(), sz2); return; } let mut f = match File::create(filename) { Ok(f) => f, Err(e) => { - println!("cannot create the file {}", e); + log::info!("cannot create the file {}", e); return; } }; @@ -300,8 +300,8 @@ impl Mem64 { let blob = self.mem.get(idx..sz2).unwrap(); match f.write_all(blob) { - Ok(_) => println!("saved."), - Err(_) => println!("couldn't save the file"), + Ok(_) => log::info!("saved."), + Err(_) => log::info!("couldn't save the file"), } f.sync_all().unwrap(); diff --git a/src/emu/ntapi32.rs b/src/emu/ntapi32.rs index 1071518..86cc302 100644 --- a/src/emu/ntapi32.rs +++ b/src/emu/ntapi32.rs @@ -12,17 +12,17 @@ use std::sync::Mutex; pub fn gateway(syscall: u64, argv: u64, emu: &mut emu::Emu) { match syscall { 0xdc => { - println!("/!\\ direct syscall: NtAlpcSendWaitReceivePort"); + log::info!("/!\\ direct syscall: NtAlpcSendWaitReceivePort"); emu.regs.rax = 0; } 0x10f => { - println!("/!\\ direct syscall: NtOpenFile {:x}", argv); + log::info!("/!\\ direct syscall: NtOpenFile {:x}", argv); emu.regs.rax = 0; } _ => { - println!( + log::info!( "{}{} 0x{:x}: {}{}", emu.colors.red, emu.pos, diff --git a/src/emu/pe32.rs b/src/emu/pe32.rs index eb008c9..71b14ad 100644 --- a/src/emu/pe32.rs +++ b/src/emu/pe32.rs @@ -126,7 +126,7 @@ impl ImageDosHeader { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -143,7 +143,7 @@ impl ImageNtHeaders { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -172,7 +172,7 @@ impl ImageFileHeader { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -191,7 +191,7 @@ impl ImageDataDirectory { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -275,7 +275,7 @@ impl ImageOptionalHeader { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -337,7 +337,7 @@ impl ImageSectionHeader { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -356,7 +356,7 @@ impl ImageResourceDirectoryEntry { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -383,7 +383,7 @@ impl ImageResourceDirectory { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -406,7 +406,7 @@ impl ImageResourceDataEntry { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -425,7 +425,7 @@ impl ImageResourceDirStringU { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -462,7 +462,7 @@ impl ImageExportDirectory { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -489,7 +489,7 @@ impl TlsDirectory32 { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } pub fn size() -> usize { @@ -520,7 +520,7 @@ impl DelayLoadDirectory { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } pub fn load(raw: &Vec, off: usize) -> DelayLoadDirectory { @@ -580,7 +580,7 @@ impl ImageImportDirectory { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -683,7 +683,7 @@ impl TagImportDirectory { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -714,7 +714,7 @@ impl ImageDebugDirectory { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -733,7 +733,7 @@ impl ImageBaseRelocation { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -768,7 +768,7 @@ pub struct PE32 { impl PE32 { pub fn is_pe32(filename: &str) -> bool { - //println!("checking if pe32: {}", filename); + //log::info!("checking if pe32: {}", filename); let mut fd = File::open(filename).expect("file not found"); let mut raw = vec![0u8; ImageDosHeader::size()]; fd.read_exact(&mut raw).expect("couldnt read the file"); @@ -812,7 +812,7 @@ impl PE32 { } pub fn load(filename: &str) -> PE32 { - //println!("loading pe32: {}", filename); + //log::info!("loading pe32: {}", filename); let mut fd = File::open(filename).expect("pe32 binary not found"); let mut raw: Vec = Vec::new(); fd.read_to_end(&mut raw) @@ -844,7 +844,7 @@ impl PE32 { let mut delay_load_dir: Vec = Vec::new(); if delay_load_va > 0 { - //println!("delay load detected!"); + //log::info!("delay load detected!"); delay_load_off = PE32::vaddr_to_off(§, delay_load_va) as usize; if delay_load_off > 0 { loop { @@ -885,10 +885,10 @@ impl PE32 { import_off += ImageImportDescriptor::size(); } } else { - //println!("no import directory at va 0x{:x}.", import_va); + //log::info!("no import directory at va 0x{:x}.", import_va); } } else { - //println!("no import directory at va 0x{:x}", import_va); + //log::info!("no import directory at va 0x{:x}", import_va); } PE32 { @@ -944,7 +944,7 @@ impl PE32 { for sect in sections { if vaddr >= sect.virtual_address && vaddr < sect.virtual_address + sect.virtual_size { /* - println!("{:x} = vaddr:{:x} - sect.vaddr:{:x} + sect.ptr2rawdata:{:x}", + log::info!("{:x} = vaddr:{:x} - sect.vaddr:{:x} + sect.ptr2rawdata:{:x}", (vaddr - sect.virtual_address + sect.pointer_to_raw_data), vaddr, sect.virtual_address, sect.pointer_to_raw_data); */ return vaddr - sect.virtual_address + sect.pointer_to_raw_data; @@ -979,7 +979,7 @@ impl PE32 { let off = self.sect_hdr[id].pointer_to_raw_data as usize; let mut sz = self.sect_hdr[id].size_of_raw_data as usize; //TODO: coger sz en disk no en va if off + sz >= self.raw.len() { - //println!("/!\\ warning: raw sz:{} off:{} sz:{} off+sz:{}", self.raw.len(), off, sz, off+sz); + //log::info!("/!\\ warning: raw sz:{} off:{} sz:{} off+sz:{}", self.raw.len(), off, sz, off+sz); sz = self.raw.len() - off - 1; } if sz == 0 || off > self.raw.len() || off + sz > self.raw.len() { @@ -999,7 +999,7 @@ impl PE32 { let mut callbacks: Vec = Vec::new(); if self.opt.data_directory.len() < IMAGE_DIRECTORY_ENTRY_TLS { - println!("/!\\ alert there is .tls section but not tls directory entry"); + log::info!("/!\\ alert there is .tls section but not tls directory entry"); return callbacks; } @@ -1009,7 +1009,7 @@ impl PE32 { tls_off = PE32::vaddr_to_off(&self.sect_hdr, entry_tls) as usize; - println!("raw {:x} off {:x}", self.raw.len(), tls_off); + log::info!("raw {:x} off {:x}", self.raw.len(), tls_off); let tls = TlsDirectory32::load(&self.raw, tls_off); tls.print(); @@ -1020,16 +1020,16 @@ impl PE32 { } cb_off = (tls.tls_callbacks - self.opt.image_base - 0xf000 + 0xa400) as usize; - println!("cb_off {:x}", cb_off); + log::info!("cb_off {:x}", cb_off); //cb_off = (tls.tls_callbacks - iat - self.opt.image_base - align) as usize; - println!("cb_off {:x} {:x}", cb_off, self.opt.image_base); + log::info!("cb_off {:x} {:x}", cb_off, self.opt.image_base); loop { let callback: u64 = read_u32_le!(&self.raw, cb_off as usize) as u64; if callback == 0 { break; } - println!("TLS Callback: 0x{:x}", callback); + log::info!("TLS Callback: 0x{:x}", callback); callbacks.push(callback); cb_off += 4; } @@ -1038,7 +1038,7 @@ impl PE32 { } pub fn delay_load_binding(&mut self, emu: &mut emu::Emu) { - println!("Delay load binding started ..."); + log::info!("Delay load binding started ..."); for i in 0..self.delay_load_dir.len() { let dld = &self.delay_load_dir[i]; if dld.name.len() == 0 { @@ -1067,16 +1067,16 @@ impl PE32 { continue; } let func_name = PE32::read_string(&self.raw, off2 + 2); - //println!("IAT: 0x{:x} {}!{}", addr, iim.name, func_name); + //log::info!("IAT: 0x{:x} {}!{}", addr, iim.name, func_name); let real_addr = emu::winapi32::kernel32::resolve_api_name(emu, &func_name); if real_addr == 0 { break; } - //println!("IAT: real addr: 0x{:x}", real_addr); + //log::info!("IAT: real addr: 0x{:x}", real_addr); /* if emu.cfg.verbose >= 1 { - println!("binded 0x{:x} {}", real_addr, func_name); + log::info!("binded 0x{:x} {}", real_addr, func_name); }*/ write_u32_le!(self.raw, off_addr, real_addr); @@ -1085,14 +1085,14 @@ impl PE32 { off_addr += 4; } } - println!("delay load bound!"); + log::info!("delay load bound!"); } pub fn iat_binding(&mut self, emu: &mut emu::Emu) { let dbg = false; // https://docs.microsoft.com/en-us/archive/msdn-magazine/2002/march/inside-windows-an-in-depth-look-into-the-win32-portable-executable-file-format-part-2#Binding - println!( + log::info!( "IAT binding started image_import_descriptor.len() = {} ...", self.image_import_descriptor.len() ); @@ -1100,7 +1100,7 @@ impl PE32 { for i in 0..self.image_import_descriptor.len() { let iim = &self.image_import_descriptor[i]; if dbg { - println!("import: {}", iim.name); + log::info!("import: {}", iim.name); } if iim.name.len() == 0 { @@ -1108,10 +1108,10 @@ impl PE32 { } if emu::winapi32::kernel32::load_library(emu, &iim.name) == 0 { - println!("cannot found the library `{}` on maps32/", &iim.name); + log::info!("cannot found the library `{}` on maps32/", &iim.name); return; } else if dbg { - println!("library `{}` loaded", &iim.name); + log::info!("library `{}` loaded", &iim.name); } // Walking function names. @@ -1134,7 +1134,7 @@ impl PE32 { } let func_name = PE32::read_string(&self.raw, off2 + 2); if dbg { - println!("0x{:x} {}!{}", addr, iim.name, func_name); + log::info!("0x{:x} {}!{}", addr, iim.name, func_name); } let real_addr = emu::winapi32::kernel32::resolve_api_name(emu, &func_name); @@ -1143,21 +1143,21 @@ impl PE32 { } if dbg { let old_addr = read_u32_le!(self.raw, off_addr); - //println!("patch addr: 0x{:x}: 0x{:x} -> 0x{:x}", off_addr, old_addr, real_addr); + //log::info!("patch addr: 0x{:x}: 0x{:x} -> 0x{:x}", off_addr, old_addr, real_addr); } write_u32_le!(self.raw, off_addr, real_addr); /* if emu.cfg.verbose >= 1 { - println!("binded 0x{:x} {}", real_addr, func_name); + log::info!("binded 0x{:x} {}", real_addr, func_name); }*/ off_name += HintNameItem::size(); off_addr += 4; } } - println!("IAT Bound."); + log::info!("IAT Bound."); } @@ -1170,7 +1170,7 @@ impl PE32 { for i in 0..self.image_import_descriptor.len() { let iim = &self.image_import_descriptor[i]; if dbg { - println!("import: {}", iim.name); + log::info!("import: {}", iim.name); } if iim.name.len() == 0 { diff --git a/src/emu/pe64.rs b/src/emu/pe64.rs index 63b0d61..9078ac1 100644 --- a/src/emu/pe64.rs +++ b/src/emu/pe64.rs @@ -82,7 +82,7 @@ impl ImageDataDirectory64 { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } }*/ @@ -129,7 +129,7 @@ impl ImageOptionalHeader64 { let mut pos = 112; //+ 144; //108; for i in 0..pe32::IMAGE_NUMBEROF_DIRECTORY_ENTRIES { let idd = pe32::ImageDataDirectory::load(raw, off + pos); - //println!("{} 0x{:x} {}", i, idd.virtual_address, idd.size); + //log::info!("{} 0x{:x} {}", i, idd.virtual_address, idd.size); dd.push(idd); pos += 8; } @@ -170,7 +170,7 @@ impl ImageOptionalHeader64 { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -197,7 +197,7 @@ impl TlsDirectory64 { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -232,7 +232,7 @@ pub struct PE64 { impl PE64 { pub fn is_pe64(filename: &str) -> bool { - // println!("checking if pe64: {}", filename); + // log::info!("checking if pe64: {}", filename); let mut fd = File::open(filename).expect("file not found"); let mut raw = vec![0u8; pe32::ImageDosHeader::size()]; fd.read_exact(&mut raw).expect("couldnt read the file"); @@ -250,7 +250,7 @@ impl PE64 { } pub fn load(filename: &str) -> PE64 { - //println!("loading pe64: {}", filename); + //log::info!("loading pe64: {}", filename); let mut fd = File::open(filename).expect("pe64 binary not found"); let mut raw: Vec = Vec::new(); fd.read_to_end(&mut raw) @@ -282,12 +282,12 @@ impl PE64 { let mut delay_load_dir: Vec = Vec::new(); if delay_load_va > 0 { - //println!("delay load detected!"); + //log::info!("delay load detected!"); delay_load_off = PE32::vaddr_to_off(§, delay_load_va) as usize; if delay_load_off > 0 { loop { let mut delay_load = pe32::DelayLoadDirectory::load(&raw, delay_load_off); - //println!("{:#x?}", delay_load); + //log::info!("{:#x?}", delay_load); if delay_load.handle == 0 || delay_load.name_ptr == 0 { break; } @@ -325,10 +325,10 @@ impl PE64 { import_off += pe32::ImageImportDescriptor::size(); } } else { - //println!("no import directory at va 0x{:x}.", import_va); + //log::info!("no import directory at va 0x{:x}.", import_va); } } else { - //println!("no import directory at va 0x{:x}", import_va); + //log::info!("no import directory at va 0x{:x}", import_va); } PE64 { @@ -406,7 +406,7 @@ impl PE64 { let off = self.sect_hdr[id].pointer_to_raw_data as usize; let sz = self.sect_hdr[id].size_of_raw_data as usize; //TODO: coger sz en disk if off + sz > self.raw.len() { - println!( + log::info!( "/!\\ warning: id:{} name:{} raw sz:{} off:{} sz:{} off+sz:{}", id, self.sect_hdr[id].get_name(), @@ -435,7 +435,7 @@ impl PE64 { //if tls_off == 0 { if self.opt.data_directory.len() < pe32::IMAGE_DIRECTORY_ENTRY_TLS { - println!("/!\\ alert there is .tls section but not tls directory entry"); + log::info!("/!\\ alert there is .tls section but not tls directory entry"); return callbacks; } @@ -456,7 +456,7 @@ impl PE64 { if callback == 0 { break; } - println!("0x{:x} TLS Callback: 0x{:x}", cb_off, callback); + log::info!("0x{:x} TLS Callback: 0x{:x}", cb_off, callback); callbacks.push(callback); cb_off += 8; } @@ -465,7 +465,7 @@ impl PE64 { } pub fn delay_load_binding(&mut self, emu: &mut emu::Emu) { - println!("Delay load binding started ..."); + log::info!("Delay load binding started ..."); for i in 0..self.delay_load_dir.len() { let dld = &self.delay_load_dir[i]; if dld.name.len() == 0 { @@ -493,7 +493,7 @@ impl PE64 { continue; } let func_name = PE32::read_string(&self.raw, off2 + 2); - //println!("IAT: 0x{:x} {}!{}", addr, iim.name, func_name); + //log::info!("IAT: 0x{:x} {}!{}", addr, iim.name, func_name); let real_addr = emu::winapi64::kernel32::resolve_api_name(emu, &func_name); if real_addr == 0 { @@ -501,7 +501,7 @@ impl PE64 { } /* if emu.cfg.verbose >= 1 { - println!("binded 0x{:x} {}", real_addr, func_name); + log::info!("binded 0x{:x} {}", real_addr, func_name); }*/ write_u64_le!(self.raw, off_addr, real_addr); @@ -509,7 +509,7 @@ impl PE64 { off_addr += 8; } } - println!("delay load bound!"); + log::info!("delay load bound!"); } pub fn iat_binding(&mut self, emu: &mut emu::Emu) { @@ -519,7 +519,7 @@ impl PE64 { // https://docs.microsoft.com/en-us/archive/msdn-magazine/2002/march/inside-windows-an-in-depth-look-into-the-win32-portable-executable-file-format-part-2#Binding - println!( + log::info!( "IAT binding started image_import_descriptor.len() = {} ...", self.image_import_descriptor.len() ); @@ -532,7 +532,7 @@ impl PE64 { } if emu::winapi64::kernel32::load_library(emu, &iim.name) == 0 { - println!("cannot found the library {} on maps64/", &iim.name); + log::info!("cannot found the library {} on maps64/", &iim.name); return; } @@ -540,7 +540,7 @@ impl PE64 { let mut off_name = PE32::vaddr_to_off(&self.sect_hdr, iim.original_first_thunk) as usize; - //println!("----> 0x{:x}", iim.first_thunk); + //log::info!("----> 0x{:x}", iim.first_thunk); let mut off_addr = PE32::vaddr_to_off(&self.sect_hdr, iim.first_thunk) as usize; //off_addr += 8; @@ -565,7 +565,7 @@ impl PE64 { } /*if emu.cfg.verbose >= 1 { - println!("binded 0x{:x} {}", real_addr, func_name); + log::info!("binded 0x{:x} {}", real_addr, func_name); }*/ write_u64_le!(self.raw, off_addr, real_addr); @@ -574,7 +574,7 @@ impl PE64 { off_addr += 8; } } - println!("IAT Bound."); + log::info!("IAT Bound."); } pub fn import_addr_to_name(&self, paddr: u64) -> String { @@ -593,7 +593,7 @@ impl PE64 { let mut off_name = PE32::vaddr_to_off(&self.sect_hdr, iim.original_first_thunk) as usize; - //println!("----> 0x{:x}", iim.first_thunk); + //log::info!("----> 0x{:x}", iim.first_thunk); let mut off_addr = PE32::vaddr_to_off(&self.sect_hdr, iim.first_thunk) as usize; //off_addr += 8; diff --git a/src/emu/peb32.rs b/src/emu/peb32.rs index 6cb8621..feee34e 100644 --- a/src/emu/peb32.rs +++ b/src/emu/peb32.rs @@ -87,7 +87,7 @@ impl Flink { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } pub fn get_ptr(&self) -> u64 { @@ -144,7 +144,7 @@ impl Flink { } - //println!("base: 0x{:x} + pe_hdr {} + 0x78 = {}", self.mod_base, self.pe_hdr, self.mod_base + self.pe_hdr + 0x78); + //log::info!("base: 0x{:x} + pe_hdr {} + 0x78 = {}", self.mod_base, self.pe_hdr, self.mod_base + self.pe_hdr + 0x78); self.export_table_rva = match emu.maps .read_dword(self.mod_base + self.pe_hdr + 0x78) { Some(v) => v as u64, @@ -162,7 +162,7 @@ impl Flink { self.num_of_funcs = match emu.maps.read_dword(self.export_table + 0x18) { Some(num_of_funcs) => num_of_funcs as u64, None => { - println!( + log::info!( "error reading export_table 0x{:x} = 0x{:x} + 0x{:x}", self.export_table, self.export_table_rva, self.mod_base ); @@ -251,7 +251,7 @@ pub fn get_module_base(libname: &str, emu: &mut emu::Emu) -> Option { flink.load(emu); let first_flink = flink.get_ptr(); loop { - //println!("{} == {}", libname2, flink.mod_name); + //log::info!("{} == {}", libname2, flink.mod_name); if libname.to_string().to_lowercase() == flink.mod_name.to_string().to_lowercase() || libname2 == flink.mod_name.to_string().to_lowercase() @@ -282,7 +282,7 @@ pub fn show_linked_modules(emu: &mut emu::Emu) { Some(b) => b, None => 0, }; - println!( + log::info!( "0x{:x} {} flink:{:x} blink:{:x} base:{:x} pe_hdr:{:x} {:x}{:x}", flink.get_ptr(), flink.mod_name, @@ -316,7 +316,7 @@ pub fn dynamic_unlink_module(libname: &str, emu: &mut emu::Emu) { let mut flink = Flink::new(emu); flink.load(emu); while flink.mod_name != libname { - println!("{}", flink.mod_name); + log::info!("{}", flink.mod_name); prev_flink = flink.get_ptr(); flink.next(emu); } @@ -325,12 +325,12 @@ pub fn dynamic_unlink_module(libname: &str, emu: &mut emu::Emu) { next_flink = flink.get_ptr(); // previous flink - println!("prev_flink: 0x{:x}", prev_flink); + log::info!("prev_flink: 0x{:x}", prev_flink); //emu.maps.write_dword(prev_flink, next_flink as u32); emu.maps.write_dword(prev_flink, 0); // next blink - println!("next_flink: 0x{:x}", next_flink); + log::info!("next_flink: 0x{:x}", next_flink); emu.maps.write_dword(next_flink + 4, prev_flink as u32); show_linked_modules(emu); diff --git a/src/emu/peb64.rs b/src/emu/peb64.rs index 39293e0..60240c3 100644 --- a/src/emu/peb64.rs +++ b/src/emu/peb64.rs @@ -87,7 +87,7 @@ impl Flink { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } pub fn get_ptr(&self) -> u64 { @@ -144,7 +144,7 @@ impl Flink { return; } - //println!("mod_base 0x{:x} pe_hdr 0x{:x}", self.mod_base, self.pe_hdr); + //log::info!("mod_base 0x{:x} pe_hdr 0x{:x}", self.mod_base, self.pe_hdr); self.export_table_rva = match emu .maps @@ -162,16 +162,16 @@ impl Flink { //////// /* emu.maps.print_maps(); - println!("rva: 0x{:x} = 0x{:x} + 0x{:x} + 0x88 -> 0x{:x}", + log::info!("rva: 0x{:x} = 0x{:x} + 0x{:x} + 0x88 -> 0x{:x}", self.mod_base+self.pe_hdr+0x88, self.mod_base, self.pe_hdr, self.export_table_rva); - println!("export_table: 0x{:x} = 0x{:x} + 0x{:x}", + log::info!("export_table: 0x{:x} = 0x{:x} + 0x{:x}", self.export_table, self.mod_base, self.export_table_rva); - println!("num_of_funcs [0x{:x} + 0x18] = [0x{:x}]", + log::info!("num_of_funcs [0x{:x} + 0x18] = [0x{:x}]", self.export_table, self.export_table+0x18); */ @@ -249,7 +249,7 @@ pub fn get_module_base(libname: &str, emu: &mut emu::Emu) -> Option { let first_flink = flink.get_ptr(); loop { - //println!("{} == {}", libname2, flink.mod_name); + //log::info!("{} == {}", libname2, flink.mod_name); if libname.to_string().to_lowercase() == flink.mod_name.to_string().to_lowercase() || libname2 == flink.mod_name.to_string().to_lowercase() @@ -280,7 +280,7 @@ pub fn show_linked_modules(emu: &mut emu::Emu) { Some(b) => b, None => 0, }; - println!( + log::info!( "0x{:x} {} flink:{:x} blink:{:x} base:{:x} pe_hdr:{:x} {:x}{:x}", flink.get_ptr(), flink.mod_name, @@ -314,7 +314,7 @@ pub fn dynamic_unlink_module(libname: &str, emu: &mut emu::Emu) { let mut flink = Flink::new(emu); flink.load(emu); while flink.mod_name != libname { - println!("{}", flink.mod_name); + log::info!("{}", flink.mod_name); prev_flink = flink.get_ptr(); flink.next(emu); } @@ -323,12 +323,12 @@ pub fn dynamic_unlink_module(libname: &str, emu: &mut emu::Emu) { next_flink = flink.get_ptr(); // previous flink - println!("prev_flink: 0x{:x}", prev_flink); + log::info!("prev_flink: 0x{:x}", prev_flink); //emu.maps.write_qword(prev_flink, next_flink); emu.maps.write_qword(prev_flink, 0); // next blink - println!("next_flink: 0x{:x}", next_flink); + log::info!("next_flink: 0x{:x}", next_flink); emu.maps.write_qword(next_flink + 4, prev_flink); show_linked_modules(emu); @@ -338,7 +338,7 @@ pub fn dynamic_link_module(base: u64, pe_off: u32, libname: &str, emu: &mut emu: /* * LoadLibary* family triggers this. */ - //println!("************ dynamic_link_module {}", libname); + //log::info!("************ dynamic_link_module {}", libname); let mut last_flink: u64; let mut flink = Flink::new(emu); flink.load(emu); @@ -354,7 +354,7 @@ pub fn dynamic_link_module(base: u64, pe_off: u32, libname: &str, emu: &mut emu: } let next_flink: u64 = flink.get_ptr(); - //println!("last: {} {:x}", flink.mod_name, next_flink); + //log::info!("last: {} {:x}", flink.mod_name, next_flink); //let space_addr = create_ldr_entry(emu, base, pe_off, libname, last_flink, first_flink); let space_addr = create_ldr_entry(emu, base, pe_off.into(), libname, first_flink, next_flink /*first_flink*/); diff --git a/src/emu/regs64.rs b/src/emu/regs64.rs index 0c79ee0..495e0f5 100644 --- a/src/emu/regs64.rs +++ b/src/emu/regs64.rs @@ -605,75 +605,75 @@ impl Regs64 { } pub fn print(&self) { - println!("regs:"); + log::info!("regs:"); match B { 64 => { - println!(" rax: 0x{:x}", self.rax); - println!(" rbx: 0x{:x}", self.rbx); - println!(" rcx: 0x{:x}", self.rcx); - println!(" rdx: 0x{:x}", self.rdx); - println!(" rsi: 0x{:x}", self.rsi); - println!(" rdi: 0x{:x}", self.rdi); - println!(" rbp: 0x{:x}", self.rbp); - println!(" rsp: 0x{:x}", self.rsp); - println!(" rip: 0x{:x}", self.rip); + log::info!(" rax: 0x{:x}", self.rax); + log::info!(" rbx: 0x{:x}", self.rbx); + log::info!(" rcx: 0x{:x}", self.rcx); + log::info!(" rdx: 0x{:x}", self.rdx); + log::info!(" rsi: 0x{:x}", self.rsi); + log::info!(" rdi: 0x{:x}", self.rdi); + log::info!(" rbp: 0x{:x}", self.rbp); + log::info!(" rsp: 0x{:x}", self.rsp); + log::info!(" rip: 0x{:x}", self.rip); } 32 => { - println!(" eax: 0x{:x}", self.get_eax()); - println!(" ebx: 0x{:x}", self.get_ebx()); - println!(" ecx: 0x{:x}", self.get_ecx()); - println!(" edx: 0x{:x}", self.get_edx()); - println!(" esi: 0x{:x}", self.get_esi()); - println!(" edi: 0x{:x}", self.get_edi()); - println!(" ebp: 0x{:x}", self.get_ebp()); - println!(" esp: 0x{:x}", self.get_esp()); - println!(" eip: 0x{:x}", self.get_eip()); + log::info!(" eax: 0x{:x}", self.get_eax()); + log::info!(" ebx: 0x{:x}", self.get_ebx()); + log::info!(" ecx: 0x{:x}", self.get_ecx()); + log::info!(" edx: 0x{:x}", self.get_edx()); + log::info!(" esi: 0x{:x}", self.get_esi()); + log::info!(" edi: 0x{:x}", self.get_edi()); + log::info!(" ebp: 0x{:x}", self.get_ebp()); + log::info!(" esp: 0x{:x}", self.get_esp()); + log::info!(" eip: 0x{:x}", self.get_eip()); } _ => unimplemented!(), } - println!("---"); + log::info!("---"); } pub fn print_xmm(&self) { - println!("xmm regs:"); - println!(" xmm0: {}", self.xmm0); - println!(" xmm1: {}", self.xmm1); - println!(" xmm2: {}", self.xmm2); - println!(" xmm3: {}", self.xmm3); - println!(" xmm4: {}", self.xmm4); - println!(" xmm5: {}", self.xmm5); - println!(" xmm6: {}", self.xmm6); - println!(" xmm7: {}", self.xmm7); - println!(" xmm8: {}", self.xmm8); - println!(" xmm9: {}", self.xmm9); - println!(" xmm10: {}", self.xmm10); - println!(" xmm11: {}", self.xmm11); - println!(" xmm12: {}", self.xmm12); - println!(" xmm13: {}", self.xmm13); - println!(" xmm14: {}", self.xmm14); - println!(" xmm15: {}", self.xmm15); + log::info!("xmm regs:"); + log::info!(" xmm0: {}", self.xmm0); + log::info!(" xmm1: {}", self.xmm1); + log::info!(" xmm2: {}", self.xmm2); + log::info!(" xmm3: {}", self.xmm3); + log::info!(" xmm4: {}", self.xmm4); + log::info!(" xmm5: {}", self.xmm5); + log::info!(" xmm6: {}", self.xmm6); + log::info!(" xmm7: {}", self.xmm7); + log::info!(" xmm8: {}", self.xmm8); + log::info!(" xmm9: {}", self.xmm9); + log::info!(" xmm10: {}", self.xmm10); + log::info!(" xmm11: {}", self.xmm11); + log::info!(" xmm12: {}", self.xmm12); + log::info!(" xmm13: {}", self.xmm13); + log::info!(" xmm14: {}", self.xmm14); + log::info!(" xmm15: {}", self.xmm15); } pub fn print_ymm(&self) { - println!("ymm regs:"); - println!(" ymm0: {}", self.ymm0); - println!(" ymm1: {}", self.ymm1); - println!(" ymm2: {}", self.ymm2); - println!(" ymm3: {}", self.ymm3); - println!(" ymm4: {}", self.ymm4); - println!(" ymm5: {}", self.ymm5); - println!(" ymm6: {}", self.ymm6); - println!(" ymm7: {}", self.ymm7); - println!(" ymm8: {}", self.ymm8); - println!(" ymm9: {}", self.ymm9); - println!(" ymm10: {}", self.ymm10); - println!(" ymm11: {}", self.ymm11); - println!(" ymm12: {}", self.ymm12); - println!(" ymm13: {}", self.ymm13); - println!(" ymm14: {}", self.ymm14); - println!(" ymm15: {}", self.ymm15); + log::info!("ymm regs:"); + log::info!(" ymm0: {}", self.ymm0); + log::info!(" ymm1: {}", self.ymm1); + log::info!(" ymm2: {}", self.ymm2); + log::info!(" ymm3: {}", self.ymm3); + log::info!(" ymm4: {}", self.ymm4); + log::info!(" ymm5: {}", self.ymm5); + log::info!(" ymm6: {}", self.ymm6); + log::info!(" ymm7: {}", self.ymm7); + log::info!(" ymm8: {}", self.ymm8); + log::info!(" ymm9: {}", self.ymm9); + log::info!(" ymm10: {}", self.ymm10); + log::info!(" ymm11: {}", self.ymm11); + log::info!(" ymm12: {}", self.ymm12); + log::info!(" ymm13: {}", self.ymm13); + log::info!(" ymm14: {}", self.ymm14); + log::info!(" ymm15: {}", self.ymm15); } // get 16 bits @@ -2031,25 +2031,25 @@ impl Regs64 { if s.len() > 1 { if pos > 0 { - println!( + log::info!( "\t{} {}: 0x{:x} {} '{}' {}", pos, sreg, value, value, s, name ); } else { - println!("\t{}: 0x{:x} {} '{}' {}", sreg, value, value, s, name); + log::info!("\t{}: 0x{:x} {} '{}' {}", sreg, value, value, s, name); } } else { if pos > 0 { - println!("\t{} {}: 0x{:x} {} {}", pos, sreg, value, value, name); + log::info!("\t{} {}: 0x{:x} {} {}", pos, sreg, value, value, name); } else { - println!("\t{}: 0x{:x} {} {}", sreg, value, value, name); + log::info!("\t{}: 0x{:x} {} {}", sreg, value, value, name); } } } else { if pos > 0 { - println!("\t{} {}: 0x{:x} {}", pos, sreg, value, value); + log::info!("\t{} {}: 0x{:x} {}", pos, sreg, value, value); } else { - println!("\t{}: 0x{:x} {}", sreg, value, value); + log::info!("\t{}: 0x{:x} {}", sreg, value, value); } } } @@ -2074,31 +2074,31 @@ impl Regs64 { if s.len() > 1 { if pos > 0 { - println!( + log::info!( "\t{} {}: 0x{:x} {} '{}' {}", pos, sreg, value as u32, value as u32, s, name ); } else { - println!( + log::info!( "\t{}: 0x{:x} {} '{}' {}", sreg, value as u32, value as u32, s, name ); } } else { if pos > 0 { - println!( + log::info!( "\t{} {}: 0x{:x} {} {}", pos, sreg, value as u32, value as u32, name ); } else { - println!("\t{}: 0x{:x} {} {}", sreg, value as u32, value as u32, name); + log::info!("\t{}: 0x{:x} {} {}", sreg, value as u32, value as u32, name); } } } else { if pos > 0 { - println!("\t{} {}: 0x{:x} {}", pos, sreg, value as u32, value as u32); + log::info!("\t{} {}: 0x{:x} {}", pos, sreg, value as u32, value as u32); } else { - println!("\t{}: 0x{:x} {}", sreg, value as u32, value as u32); + log::info!("\t{}: 0x{:x} {}", sreg, value as u32, value as u32); } } } diff --git a/src/emu/script.rs b/src/emu/script.rs index 7ae3c93..74e0257 100644 --- a/src/emu/script.rs +++ b/src/emu/script.rs @@ -27,7 +27,7 @@ impl Script { } pub fn load(&mut self, filename: &str) { - // println!("loading script: {}", filename); + // log::info!("loading script: {}", filename); let file = File::open(filename).unwrap(); let buf = BufReader::new(file); @@ -96,7 +96,7 @@ impl Script { let args: Vec<&str> = line.split_whitespace().collect(); if self.trace { - println!("==> {} {}", i, line); + log::info!("==> {} {}", i, line); } if line == "endif" { @@ -110,11 +110,11 @@ impl Script { match args[0] { "pr" => { - println!("result: 0x{:x}", self.result); + log::info!("result: 0x{:x}", self.result); } "p" => { if args.len() < 2 { - println!( + log::info!( "error in line {}, `p` command needs a message to be printed", i ); @@ -127,7 +127,7 @@ impl Script { .collect::>() .join(" "); - println!("{}", msg); + log::info!("{}", msg); } "q" => std::process::exit(1), "r" => { @@ -147,18 +147,18 @@ impl Script { "rdx" => emu.regs.show_rdx(&emu.maps, 0), "rsi" => emu.regs.show_rsi(&emu.maps, 0), "rdi" => emu.regs.show_rdi(&emu.maps, 0), - "rbp" => println!("\trbp: 0x{:x}", emu.regs.rbp), - "rsp" => println!("\trsp: 0x{:x}", emu.regs.rsp), - "rip" => println!("\trip: 0x{:x}", emu.regs.rip), + "rbp" => log::info!("\trbp: 0x{:x}", emu.regs.rbp), + "rsp" => log::info!("\trsp: 0x{:x}", emu.regs.rsp), + "rip" => log::info!("\trip: 0x{:x}", emu.regs.rip), "eax" => emu.regs.show_eax(&emu.maps, 0), "ebx" => emu.regs.show_ebx(&emu.maps, 0), "ecx" => emu.regs.show_ecx(&emu.maps, 0), "edx" => emu.regs.show_edx(&emu.maps, 0), "esi" => emu.regs.show_esi(&emu.maps, 0), "edi" => emu.regs.show_edi(&emu.maps, 0), - "esp" => println!("\tesp: 0x{:x}", emu.regs.get_esp() as u32), - "ebp" => println!("\tebp: 0x{:x}", emu.regs.get_ebp() as u32), - "eip" => println!("\teip: 0x{:x}", emu.regs.get_eip() as u32), + "esp" => log::info!("\tesp: 0x{:x}", emu.regs.get_esp() as u32), + "ebp" => log::info!("\tebp: 0x{:x}", emu.regs.get_ebp() as u32), + "eip" => log::info!("\teip: 0x{:x}", emu.regs.get_eip() as u32), "r8" => emu.regs.show_r8(&emu.maps, 0), "r9" => emu.regs.show_r9(&emu.maps, 0), "r10" => emu.regs.show_r10(&emu.maps, 0), @@ -191,29 +191,29 @@ impl Script { "r13l" => emu.regs.show_r13l(&emu.maps, 0), "r14l" => emu.regs.show_r14l(&emu.maps, 0), "r15l" => emu.regs.show_r15l(&emu.maps, 0), - "xmm0" => println!("\txmm0: 0x{:x}", emu.regs.xmm0), - "xmm1" => println!("\txmm1: 0x{:x}", emu.regs.xmm1), - "xmm2" => println!("\txmm2: 0x{:x}", emu.regs.xmm2), - "xmm3" => println!("\txmm3: 0x{:x}", emu.regs.xmm3), - "xmm4" => println!("\txmm4: 0x{:x}", emu.regs.xmm4), - "xmm5" => println!("\txmm5: 0x{:x}", emu.regs.xmm5), - "xmm6" => println!("\txmm6: 0x{:x}", emu.regs.xmm6), - "xmm7" => println!("\txmm7: 0x{:x}", emu.regs.xmm7), - "xmm8" => println!("\txmm8: 0x{:x}", emu.regs.xmm8), - "xmm9" => println!("\txmm9: 0x{:x}", emu.regs.xmm9), - "xmm10" => println!("\txmm10: 0x{:x}", emu.regs.xmm10), - "xmm11" => println!("\txmm11: 0x{:x}", emu.regs.xmm11), - "xmm12" => println!("\txmm12: 0x{:x}", emu.regs.xmm12), - "xmm13" => println!("\txmm13: 0x{:x}", emu.regs.xmm13), - "xmm14" => println!("\txmm14: 0x{:x}", emu.regs.xmm14), - "xmm15" => println!("\txmm15: 0x{:x}", emu.regs.xmm15), - _ => println!("unknown register r `{}` in line {}", args[1], i), + "xmm0" => log::info!("\txmm0: 0x{:x}", emu.regs.xmm0), + "xmm1" => log::info!("\txmm1: 0x{:x}", emu.regs.xmm1), + "xmm2" => log::info!("\txmm2: 0x{:x}", emu.regs.xmm2), + "xmm3" => log::info!("\txmm3: 0x{:x}", emu.regs.xmm3), + "xmm4" => log::info!("\txmm4: 0x{:x}", emu.regs.xmm4), + "xmm5" => log::info!("\txmm5: 0x{:x}", emu.regs.xmm5), + "xmm6" => log::info!("\txmm6: 0x{:x}", emu.regs.xmm6), + "xmm7" => log::info!("\txmm7: 0x{:x}", emu.regs.xmm7), + "xmm8" => log::info!("\txmm8: 0x{:x}", emu.regs.xmm8), + "xmm9" => log::info!("\txmm9: 0x{:x}", emu.regs.xmm9), + "xmm10" => log::info!("\txmm10: 0x{:x}", emu.regs.xmm10), + "xmm11" => log::info!("\txmm11: 0x{:x}", emu.regs.xmm11), + "xmm12" => log::info!("\txmm12: 0x{:x}", emu.regs.xmm12), + "xmm13" => log::info!("\txmm13: 0x{:x}", emu.regs.xmm13), + "xmm14" => log::info!("\txmm14: 0x{:x}", emu.regs.xmm14), + "xmm15" => log::info!("\txmm15: 0x{:x}", emu.regs.xmm15), + _ => log::info!("unknown register r `{}` in line {}", args[1], i), } } } "rc" => { if args.len() != 3 { - println!("expected: rc "); + log::info!("expected: rc "); } else { let value: u64 = self.resolve(args[2], i, emu); emu.regs.set_by_name(args[1], value); @@ -221,7 +221,7 @@ impl Script { } "mr" | "rm" => { if args.len() < 2 { - println!("error in line {}, command `mr` without arguments", i); + log::info!("error in line {}, command `mr` without arguments", i); return; } @@ -236,18 +236,18 @@ impl Script { let value = match emu.memory_read(&ins) { Some(v) => v, None => { - println!("error in line {}, bad address.", i); + log::info!("error in line {}, bad address.", i); return; } }; self.result = value; - println!("0x{:x}", value); + log::info!("0x{:x}", value); } "mw" | "wm" => { // mw 0x11223344 dword ptr [eax + 3] if args.len() < 3 { - println!("error in line {}, command `mw` without arguments", i); + log::info!("error in line {}, command `mw` without arguments", i); return; } @@ -261,7 +261,7 @@ impl Script { let value = self.resolve(args[1], i, emu); if !emu.memory_write(&ins, value) { - println!("error in line {}, cannot write on `{}`", i, args[1]); + log::info!("error in line {}, cannot write on `{}`", i, args[1]); return; } } @@ -282,7 +282,7 @@ impl Script { } "ba" => { if args.len() < 2 { - println!("error in line {}, address is missing", i); + log::info!("error in line {}, address is missing", i); return; } let addr = self.resolve(args[1], i, emu); @@ -290,7 +290,7 @@ impl Script { } "bmr" => { if args.len() < 2 { - println!("error in line {}, address is missing", i); + log::info!("error in line {}, address is missing", i); return; } let addr = self.resolve(args[1], i, emu); @@ -299,7 +299,7 @@ impl Script { } "bmw" => { if args.len() < 2 { - println!("error in line {}, address is missing", i); + log::info!("error in line {}, address is missing", i); return; } let addr = self.resolve(args[1], i, emu); @@ -307,13 +307,13 @@ impl Script { } "bi" => { if args.len() < 2 { - println!("error in line {}, number is missing", i); + log::info!("error in line {}, number is missing", i); return; } let num = match self.to_int(args[1]) { Some(v) => v, None => { - println!("error in line {}, bad number", i); + log::info!("error in line {}, bad number", i); return; } }; @@ -328,7 +328,7 @@ impl Script { emu.break_on_next_cmp = true; } "cls" => { - println!("{}", emu.colors.clear_screen); + log::info!("{}", emu.colors.clear_screen); } "s" => { if emu.cfg.is_64bits { @@ -349,13 +349,13 @@ impl Script { } "sv" => { if args.len() < 2 { - println!("error in line {}, number is missing", i); + log::info!("error in line {}, number is missing", i); return; } let num = match self.to_int(args[1]) { Some(v) => v, None => { - println!("error in line {}, bad number", i); + log::info!("error in line {}, bad number", i); return; } }; @@ -363,7 +363,7 @@ impl Script { } "tr" => { if args.len() < 2 { - println!("error in line {}, register is missing", i); + log::info!("error in line {}, register is missing", i); return; } emu.cfg.trace_reg = true; @@ -391,48 +391,48 @@ impl Script { "mc" => { // mc mymap 1024 if args.len() != 3 { - println!("error in line {}, mc ", i); + log::info!("error in line {}, mc ", i); return; } let sz = match self.to_int(&args[2]) { Some(v) => v, None => { - println!("error in line {}, bad size", i); + log::info!("error in line {}, bad size", i); return; } }; let addr = match emu.maps.alloc(sz) { Some(a) => a, None => { - println!("error in line {}, memory full", i); + log::info!("error in line {}, memory full", i); return; } }; emu.maps.create_map(&args[1], addr, sz); - println!("allocated {} at 0x{:x} sz: {}", &args[1], addr, sz); + log::info!("allocated {} at 0x{:x} sz: {}", &args[1], addr, sz); self.result = addr; } "mca" => { // mc mymap if args.len() != 4 { - println!("error in line {}, mc ", i); + log::info!("error in line {}, mc ", i); return; } let addr = self.resolve(args[2], i, emu); let sz = match self.to_int(&args[3]) { Some(v) => v, None => { - println!("error in line {}, bad size", i); + log::info!("error in line {}, bad size", i); return; } }; emu.maps.create_map(&args[1], addr, sz); - println!("allocated {} at 0x{:x} sz: {}", &args[1], addr, sz); + log::info!("allocated {} at 0x{:x} sz: {}", &args[1], addr, sz); } "ml" => { // ml if args.len() != 3 { - println!("error in line {}, `ml` needs mapname and a filename", i); + log::info!("error in line {}, `ml` needs mapname and a filename", i); return; } emu.maps.get_mem(&args[1]).load(&args[2]); @@ -440,7 +440,7 @@ impl Script { "mn" => { // mn
if args.len() != 2 { - println!("error in line {}, `mn` needs an address", i); + log::info!("error in line {}, `mn` needs an address", i); return; } @@ -449,14 +449,14 @@ impl Script { let name = match emu.maps.get_addr_name(addr) { Some(n) => n, None => { - println!("error in line {}, address not found on any map", i); + log::info!("error in line {}, address not found on any map", i); return; } }; let mem = emu.maps.get_mem(&name); if emu.cfg.is_64bits { - println!( + log::info!( "map: {} 0x{:x}-0x{:x} ({})", name, mem.get_base(), @@ -464,7 +464,7 @@ impl Script { mem.size() ); } else { - println!( + log::info!( "map: {} 0x{:x}-0x{:x} ({})", name, mem.get_base() as u32, @@ -479,7 +479,7 @@ impl Script { "md" => { // md if args.len() != 2 { - println!("error in line {}, address missing", i); + log::info!("error in line {}, address missing", i); return; } @@ -490,7 +490,7 @@ impl Script { "mrd" => { // mrd if args.len() != 3 { - println!("error in line {}, address or number of dwords missing", i); + log::info!("error in line {}, address or number of dwords missing", i); return; } @@ -499,7 +499,7 @@ impl Script { let num = match self.to_int(&args[2]) { Some(v) => v, None => { - println!("error in line {}, bad number", i); + log::info!("error in line {}, bad number", i); return; } }; @@ -509,7 +509,7 @@ impl Script { "mrq" => { // mrq if args.len() != 3 { - println!("error in line {}, address or number of qwords missing", i); + log::info!("error in line {}, address or number of qwords missing", i); return; } @@ -518,7 +518,7 @@ impl Script { let num = match self.to_int(&args[2]) { Some(v) => v, None => { - println!("error in line {}, bad number", i); + log::info!("error in line {}, bad number", i); return; } }; @@ -528,37 +528,37 @@ impl Script { "mds" => { // mds if args.len() != 2 { - println!("error in line {}, address is missing", i); + log::info!("error in line {}, address is missing", i); return; } let addr = self.resolve(args[1], i, emu); if emu.cfg.is_64bits { - println!("0x{:x}: '{}'", addr, emu.maps.read_string(addr)); + log::info!("0x{:x}: '{}'", addr, emu.maps.read_string(addr)); } else { - println!("0x{:x}: '{}'", addr as u32, emu.maps.read_string(addr)); + log::info!("0x{:x}: '{}'", addr as u32, emu.maps.read_string(addr)); } } "mdw" => { // mdw if args.len() != 2 { - println!("error in line {}, address is missing", i); + log::info!("error in line {}, address is missing", i); return; } let addr = self.resolve(args[1], i, emu); if emu.cfg.is_64bits { - println!("0x{:x}: '{}'", addr, emu.maps.read_wide_string(addr)); + log::info!("0x{:x}: '{}'", addr, emu.maps.read_wide_string(addr)); } else { - println!("0x{:x}: '{}'", addr as u32, emu.maps.read_wide_string(addr)); + log::info!("0x{:x}: '{}'", addr as u32, emu.maps.read_wide_string(addr)); } } "mdd" => { // mdd if args.len() != 4 { - println!("error in line {}, address, size or filename is missing", i); + log::info!("error in line {}, address, size or filename is missing", i); return; } @@ -567,13 +567,13 @@ impl Script { let sz = match self.to_int(&args[2]) { Some(v) => v, None => { - println!("error in line {}, bad size", i); + log::info!("error in line {}, bad size", i); return; } }; if sz <= 0 { - println!("error in line {}, bad size", i); + log::info!("error in line {}, bad size", i); return; } emu.maps.save(addr, sz, args[3].to_string()); @@ -581,22 +581,22 @@ impl Script { "mdda" => { // mdda if args.len() != 2 { - println!("error in line {}, foler is needed", i); + log::info!("error in line {}, foler is needed", i); return; } emu.maps.save_all_allocs(args[1].to_string()); } "mt" => { if emu.maps.mem_test() { - println!("mem tests passed ok."); + log::info!("mem tests passed ok."); } else { - println!("memory errors."); + log::info!("memory errors."); } } "eip" => { // eip if args.len() != 2 { - println!("error in line {}, address is missing", i); + log::info!("error in line {}, address is missing", i); return; } @@ -607,7 +607,7 @@ impl Script { "rip" => { // rip if args.len() != 2 { - println!("error in line {}, address is missing", i); + log::info!("error in line {}, address is missing", i); return; } @@ -618,7 +618,7 @@ impl Script { "push" => { // push if args.len() != 2 { - println!("error in line {}, hex value is missing", i); + log::info!("error in line {}, hex value is missing", i); return; } @@ -633,17 +633,17 @@ impl Script { "pop" => { // pop if args.len() != 1 { - println!("error in line {}, no args required.", i); + log::info!("error in line {}, no args required.", i); return; } if emu.cfg.is_64bits { let value = emu.stack_pop64(false).expect("pop failed"); - println!("poped value 0x{:x}", value); + log::info!("poped value 0x{:x}", value); self.result = value; } else { let value = emu.stack_pop32(false).expect("pop failed"); - println!("poped value 0x{:x}", value); + log::info!("poped value 0x{:x}", value); self.result = value as u64; } } @@ -651,18 +651,18 @@ impl Script { "md5" => { // md5 if args.len() != 2 { - println!("error in line {}, no args required.", i); + log::info!("error in line {}, no args required.", i); return; } let mem = emu.maps.get_mem(&args[1]); let md5 = mem.md5(); - println!("md5sum: {:x}", md5); + log::info!("md5sum: {:x}", md5); } "ss" => { // ss if args.len() < 2 { - println!("error in line {}, need map name and string", i); + log::info!("error in line {}, need map name and string", i); return; } @@ -676,16 +676,16 @@ impl Script { let result = match emu.maps.search_string(&kw, &args[1]) { Some(v) => v, None => { - println!("string not found"); + log::info!("string not found"); return; } }; for addr in result.iter() { if emu.cfg.is_64bits { - println!("found 0x{:x} '{}'", *addr, emu.maps.read_string(*addr)); + log::info!("found 0x{:x} '{}'", *addr, emu.maps.read_string(*addr)); } else { - println!( + log::info!( "found 0x{:x} '{}'", *addr as u32, emu.maps.read_string(*addr) @@ -696,7 +696,7 @@ impl Script { "sb" => { // sb if args.len() < 2 { - println!("error in line {}, need map name and spaced bytes", i); + log::info!("error in line {}, need map name and spaced bytes", i); return; } @@ -708,7 +708,7 @@ impl Script { .join(" "); if emu.maps.search_spaced_bytes(&bytes, &args[1]).len() == 0 { - println!("bytes not found."); + log::info!("bytes not found."); } } "sba" => { @@ -723,7 +723,7 @@ impl Script { let results = emu.maps.search_spaced_bytes_in_all(&bytes); for addr in results.iter() { - println!("found at 0x{:x}", addr); + log::info!("found at 0x{:x}", addr); self.result = *addr; } } @@ -740,17 +740,17 @@ impl Script { emu.maps.search_string_in_all(s); } "seh" => { - println!("0x{:x}", emu.seh); + log::info!("0x{:x}", emu.seh); } "veh" => { - println!("0x{:x}", emu.veh); + log::info!("0x{:x}", emu.veh); } "ll" => { // ll let addr = self.resolve(args[1], i, emu); let mut ptr = addr; loop { - println!("- 0x{:x}", ptr); + log::info!("- 0x{:x}", ptr); ptr = match emu.maps.read_dword(ptr) { Some(v) => v.into(), None => break, @@ -769,7 +769,7 @@ impl Script { "ms" => { // ms if args.len() != 2 { - println!("error in line {}, `ms` command needs a keyword", i); + log::info!("error in line {}, `ms` command needs a keyword", i); return; } emu.maps.print_maps_keyword(&args[1]); @@ -777,7 +777,7 @@ impl Script { "d" => { // d if args.len() != 3 { - println!("error in line {}, `d` command needs an address to disasemble and amount of bytes", i); + log::info!("error in line {}, `d` command needs an address to disasemble and amount of bytes", i); return; } @@ -786,7 +786,7 @@ impl Script { let sz = match self.to_int(&args[2]) { Some(v) => v, None => { - println!("error in line {}, bad size", i); + log::info!("error in line {}, bad size", i); return; } }; @@ -804,7 +804,7 @@ impl Script { "iat" => { // iat if args.len() != 2 { - println!("error in line {}, keyword expected", i); + log::info!("error in line {}, keyword expected", i); return; } @@ -818,16 +818,16 @@ impl Script { } if addr == 0 { - println!("api not found on iat."); + log::info!("api not found on iat."); } else { - println!("found: 0x{:x} {}!{}", addr, lib, name); + log::info!("found: 0x{:x} {}!{}", addr, lib, name); } } "iatx" => { // iatx //TODO: implement this well if args.len() != 2 { - println!("error in line {}, api expected", i); + log::info!("error in line {}, api expected", i); return; } @@ -841,15 +841,15 @@ impl Script { } if addr == 0 { - println!("api not found on iat."); + log::info!("api not found on iat."); } else { - println!("found: 0x{:x} {}!{}", addr, lib, name); + log::info!("found: 0x{:x} {}!{}", addr, lib, name); } } "iatd" => { // iatd if args.len() != 2 { - println!("error in line {}, module expected", i); + log::info!("error in line {}, module expected", i); return; } if emu.cfg.is_64bits { @@ -861,7 +861,7 @@ impl Script { "dt" => { // dt
if args.len() != 3 { - println!("error in line {}, structure and address expected", i); + log::info!("error in line {}, structure and address expected", i); return; } @@ -921,7 +921,7 @@ impl Script { s.print(); } - _ => println!("unrecognized structure."), + _ => log::info!("unrecognized structure."), } } "if" => { @@ -929,7 +929,7 @@ impl Script { // if rbx > 0x123 if args.len() != 4 { - println!("error in line {}, incomplete `if`", i); + log::info!("error in line {}, incomplete `if`", i); return; } @@ -961,7 +961,7 @@ impl Script { self.skip = true; } } else { - println!("error in line {}, if with worng operator", i); + log::info!("error in line {}, if with worng operator", i); return; } } diff --git a/src/emu/structures.rs b/src/emu/structures.rs index a98e9dc..9c5278d 100644 --- a/src/emu/structures.rs +++ b/src/emu/structures.rs @@ -29,7 +29,7 @@ impl ListEntry { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -57,7 +57,7 @@ impl ListEntry64 { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -136,7 +136,7 @@ impl LdrDataTableEntry { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -199,7 +199,7 @@ impl PebLdrData { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -254,7 +254,7 @@ impl PebLdrData64 { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -481,7 +481,7 @@ impl TEB { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -604,7 +604,7 @@ impl PEB { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -925,7 +925,7 @@ impl PEB64 { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -1124,7 +1124,7 @@ impl TEB64 { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -1283,7 +1283,7 @@ impl LdrDataTableEntry64 { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -1320,7 +1320,7 @@ impl ImageExportDirectory { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -1355,7 +1355,7 @@ impl PScopeTableEntry { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -1384,7 +1384,7 @@ impl CppEhRecord { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -1407,7 +1407,7 @@ impl ExceptionPointers { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -1432,7 +1432,7 @@ impl Eh3ExceptionRegistration { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -1503,7 +1503,7 @@ impl MemoryBasicInformation { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -1532,7 +1532,7 @@ impl TlsDirectory32 { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } @@ -1559,7 +1559,7 @@ impl TlsDirectory64 { } pub fn print(&self) { - println!("{:#x?}", self); + log::info!("{:#x?}", self); } } diff --git a/src/emu/syscall32.rs b/src/emu/syscall32.rs index 8bf9656..e0f9ea0 100644 --- a/src/emu/syscall32.rs +++ b/src/emu/syscall32.rs @@ -12,14 +12,14 @@ pub fn gateway(emu: &mut emu::Emu) { match emu.regs.get_eax() { 0 => { - println!( + log::info!( "{}** {} syscall restart_syscall {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 1 => { - println!( + log::info!( "{}** {} syscall exit() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -27,7 +27,7 @@ pub fn gateway(emu: &mut emu::Emu) { } 2 => { - println!( + log::info!( "{}** {} syscall fork() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -39,7 +39,7 @@ pub fn gateway(emu: &mut emu::Emu) { let buff = emu.regs.rcx; let sz = emu.regs.rdx; emu.regs.rax = buff; - println!( + log::info!( "{}** {} syscall read() fd: {} buf: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, fd, buff, sz, emu.colors.nc ); @@ -50,7 +50,7 @@ pub fn gateway(emu: &mut emu::Emu) { let buff = emu.regs.rcx; let sz = emu.regs.rdx; emu.regs.rax = sz; - println!( + log::info!( "{}** {} syscall write() fd: {} buf: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, fd, buff, sz, emu.colors.nc ); @@ -60,7 +60,7 @@ pub fn gateway(emu: &mut emu::Emu) { let file_path = emu.maps.read_string(emu.regs.rbx); let fd = helper::socket_create(); emu.regs.rax = fd as u64; - println!( + log::info!( "{}** {} syscall open() file: {} fd:{} {}", emu.colors.light_red, emu.pos, file_path, fd, emu.colors.nc ); @@ -68,7 +68,7 @@ pub fn gateway(emu: &mut emu::Emu) { 6 => { let fd = emu.regs.rbx; - println!( + log::info!( "{}** {} syscall close() fd: {} {}", emu.colors.light_red, emu.pos, fd, emu.colors.nc ); @@ -77,28 +77,28 @@ pub fn gateway(emu: &mut emu::Emu) { } 7 => { - println!( + log::info!( "{}** {} syscall waitpid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 8 => { - println!( + log::info!( "{}** {} syscall creat() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 9 => { - println!( + log::info!( "{}** {} syscall link() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 10 => { - println!( + log::info!( "{}** {} syscall unlink() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -106,7 +106,7 @@ pub fn gateway(emu: &mut emu::Emu) { 11 => { let cmd = emu.maps.read_string(emu.regs.rbx); - println!( + log::info!( "{}** {} syscall execve() cmd: {} {}", emu.colors.light_red, emu.pos, cmd, emu.colors.nc ); @@ -115,21 +115,21 @@ pub fn gateway(emu: &mut emu::Emu) { 12 => { let path = emu.maps.read_string(emu.regs.rbx); - println!( + log::info!( "{}** {} syscall chdir() path: {} {}", emu.colors.light_red, emu.pos, path, emu.colors.nc ); } 13 => { - println!( + log::info!( "{}** {} syscall time() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 14 => { - println!( + log::info!( "{}** {} syscall mknod() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -138,28 +138,28 @@ pub fn gateway(emu: &mut emu::Emu) { 15 => { let file_path = emu.maps.read_string(emu.regs.rbx); let perm = emu.regs.rcx; - println!( + log::info!( "{}** {} syscall chmod() file: {} perm: {} {}", emu.colors.light_red, emu.pos, file_path, perm, emu.colors.nc ); } 16 => { - println!( + log::info!( "{}** {} syscall lchown() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 17 => { - println!( + log::info!( "{}** {} syscall break() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 18 => { - println!( + log::info!( "{}** {} syscall oldstat() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -167,126 +167,126 @@ pub fn gateway(emu: &mut emu::Emu) { 19 => { let fd = emu.regs.rbx; - println!( + log::info!( "{}** {} syscall lseek() fd: {} {}", emu.colors.light_red, emu.pos, fd, emu.colors.nc ); } 20 => { - println!( + log::info!( "{}** {} syscall getpid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 21 => { - println!( + log::info!( "{}** {} syscall mount() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 22 => { - println!( + log::info!( "{}** {} syscall umount() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 23 => { - println!( + log::info!( "{}** {} syscall setuid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 24 => { - println!( + log::info!( "{}** {} syscall getuid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 25 => { - println!( + log::info!( "{}** {} syscall stime() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 26 => { - println!( + log::info!( "{}** {} syscall ptrace() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 27 => { - println!( + log::info!( "{}** {} syscall alarm() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 28 => { - println!( + log::info!( "{}** {} syscall oldfstat() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 29 => { - println!( + log::info!( "{}** {} syscall pause() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 30 => { - println!( + log::info!( "{}** {} syscall utime() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 31 => { - println!( + log::info!( "{}** {} syscall stty() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 32 => { - println!( + log::info!( "{}** {} syscall gtty() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 33 => { - println!( + log::info!( "{}** {} syscall access() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 34 => { - println!( + log::info!( "{}** {} syscall nice() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 35 => { - println!( + log::info!( "{}** {} syscall ftime() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 36 => { - println!( + log::info!( "{}** {} syscall sync() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -295,28 +295,28 @@ pub fn gateway(emu: &mut emu::Emu) { 37 => { let pid = emu.regs.rbx; let sig = emu.regs.rcx; - println!( + log::info!( "{}** {} syscall kill() pid: {} sig: {} {}", emu.colors.light_red, emu.pos, pid, sig, emu.colors.nc ); } 38 => { - println!( + log::info!( "{}** {} syscall rename() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 39 => { - println!( + log::info!( "{}** {} syscall mkdir() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 40 => { - println!( + log::info!( "{}** {} syscall rmdir() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -324,154 +324,154 @@ pub fn gateway(emu: &mut emu::Emu) { 41 => { let fd = emu.regs.rbx; - println!( + log::info!( "{}** {} syscall dup() fd: {} {}", emu.colors.light_red, emu.pos, fd, emu.colors.nc ); } 42 => { - println!( + log::info!( "{}** {} syscall pipe() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 43 => { - println!( + log::info!( "{}** {} syscall times() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 44 => { - println!( + log::info!( "{}** {} syscall prof() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 45 => { - println!( + log::info!( "{}** {} syscall brk() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 46 => { - println!( + log::info!( "{}** {} syscall setgid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 47 => { - println!( + log::info!( "{}** {} syscall getgid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 48 => { - println!( + log::info!( "{}** {} syscall signal() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 49 => { - println!( + log::info!( "{}** {} syscall geteuid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 50 => { - println!( + log::info!( "{}** {} syscall getegid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 51 => { - println!( + log::info!( "{}** {} syscall acct() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 52 => { - println!( + log::info!( "{}** {} syscall umount2() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 53 => { - println!( + log::info!( "{}** {} syscall lock() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 54 => { - println!( + log::info!( "{}** {} syscall ioctl() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 55 => { - println!( + log::info!( "{}** {} syscall fcntl() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 56 => { - println!( + log::info!( "{}** {} syscall mpx() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 57 => { - println!( + log::info!( "{}** {} syscall setpgid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 58 => { - println!( + log::info!( "{}** {} syscall ulimit() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 59 => { - println!( + log::info!( "{}** {} syscall oldolduname() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 60 => { - println!( + log::info!( "{}** {} syscall umask() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 61 => { - println!( + log::info!( "{}** {} syscall chroot() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 62 => { - println!( + log::info!( "{}** {} syscall ustat() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -480,273 +480,273 @@ pub fn gateway(emu: &mut emu::Emu) { 63 => { let old_fd = emu.regs.get_ebx(); let new_fd = emu.regs.get_ecx(); - println!( + log::info!( "{}** {} syscall dup2() oldfd: {} newfd: {} {}", emu.colors.light_red, emu.pos, old_fd, new_fd, emu.colors.nc ); } 64 => { - println!( + log::info!( "{}** {} syscall getppid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 65 => { - println!( + log::info!( "{}** {} syscall getpgrp() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 66 => { - println!( + log::info!( "{}** {} syscall setsid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 67 => { - println!( + log::info!( "{}** {} syscall sigaction() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 68 => { - println!( + log::info!( "{}** {} syscall sgetmask() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 69 => { - println!( + log::info!( "{}** {} syscall ssetmask() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 70 => { - println!( + log::info!( "{}** {} syscall setreuid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 71 => { - println!( + log::info!( "{}** {} syscall setregid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 72 => { - println!( + log::info!( "{}** {} syscall sigsuspend() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 73 => { - println!( + log::info!( "{}** {} syscall sigpending() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 74 => { - println!( + log::info!( "{}** {} syscall sethostname() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 75 => { - println!( + log::info!( "{}** {} syscall setrlimit() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 76 => { - println!( + log::info!( "{}** {} syscall getrlimit() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 77 => { - println!( + log::info!( "{}** {} syscall getrusage() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 78 => { - println!( + log::info!( "{}** {} syscall gettimeofday() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 79 => { - println!( + log::info!( "{}** {} syscall settimeofday() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 80 => { - println!( + log::info!( "{}** {} syscall getgroups() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 81 => { - println!( + log::info!( "{}** {} syscall setgroups() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 82 => { - println!( + log::info!( "{}** {} syscall select() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 83 => { - println!( + log::info!( "{}** {} syscall symlink() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 84 => { - println!( + log::info!( "{}** {} syscall oldlstat() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 85 => { - println!( + log::info!( "{}** {} syscall readlink() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 86 => { - println!( + log::info!( "{}** {} syscall uselib() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 87 => { - println!( + log::info!( "{}** {} syscall swapon() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 88 => { - println!( + log::info!( "{}** {} syscall reboot() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 89 => { - println!( + log::info!( "{}** {} syscall readdir() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 90 => { - println!( + log::info!( "{}** {} syscall mmap() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 91 => { - println!( + log::info!( "{}** {} syscall munmap() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 92 => { - println!( + log::info!( "{}** {} syscall truncate() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 93 => { - println!( + log::info!( "{}** {} syscall ftruncate() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 94 => { - println!( + log::info!( "{}** {} syscall fchmod() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 95 => { - println!( + log::info!( "{}** {} syscall fchown() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 96 => { - println!( + log::info!( "{}** {} syscall getpriority() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 97 => { - println!( + log::info!( "{}** {} syscall setpriority() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 98 => { - println!( + log::info!( "{}** {} syscall profil() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 99 => { - println!( + log::info!( "{}** {} syscall statfs() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 100 => { - println!( + log::info!( "{}** {} syscall fstatfs() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 101 => { - println!( + log::info!( "{}** {} syscall ioperm() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -769,7 +769,7 @@ pub fn gateway(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("socket() cannot read proto"); - println!("{}** {} syscall socketcall socket() fam: {} type: {} proto: {} sock: {} {}", emu.colors.light_red, emu.pos, fam, typ, proto, sock, emu.colors.nc); + log::info!("{}** {} syscall socketcall socket() fam: {} type: {} proto: {} sock: {} {}", emu.colors.light_red, emu.pos, fam, typ, proto, sock, emu.colors.nc); emu.regs.rax = sock; } @@ -808,13 +808,13 @@ pub fn gateway(emu: &mut emu::Emu) { (ip & 0xff000000) >> 24 ); - println!( + log::info!( "{}** {} syscall socketcall bind() sock: {} fam: {} {}:{} {}", emu.colors.light_red, emu.pos, sock, fam, sip, port, emu.colors.nc ); if !helper::socket_exist(sock as u64) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; } else { emu.regs.rax = 0; @@ -856,13 +856,13 @@ pub fn gateway(emu: &mut emu::Emu) { (ip & 0xff000000) >> 24 ); - println!( + log::info!( "{}** {} syscall socketcall connect() sock: {} fam: {} {}:{} {}", emu.colors.light_red, emu.pos, sock, fam, sip, port, emu.colors.nc ); if !helper::socket_exist(sock as u64) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; return; } @@ -870,9 +870,9 @@ pub fn gateway(emu: &mut emu::Emu) { /* if emu.cfg.endpoint { if endpoint::sock_connect(sip.as_str(), port) { - println!("\tconnected to the endpoint."); + log::info!("\tconnected to the endpoint."); } else { - println!("\tcannot connect. dont use -e"); + log::info!("\tcannot connect. dont use -e"); } }*/ @@ -889,13 +889,13 @@ pub fn gateway(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("listen() cannot read num of conns"); - println!( + log::info!( "{}** {} syscall socketcall listen() sock: {} conns: {} {}", emu.colors.light_red, emu.pos, sock, conns, emu.colors.nc ); if !helper::socket_exist(sock as u64) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; } else { emu.regs.rax = 0; @@ -924,13 +924,13 @@ pub fn gateway(emu: &mut emu::Emu) { emu.maps.write_dword((sockaddr + 4) as u64, incoming_ip); } - println!( + log::info!( "{}** {} syscall socketcall accept() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); if !helper::socket_exist(sock as u64) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; } else { emu.regs.rax = 0; @@ -942,7 +942,7 @@ pub fn gateway(emu: &mut emu::Emu) { .maps .read_dword(emu.regs.get_esp()) .expect("getsockname() cannot read sock"); - println!( + log::info!( "{}** {} syscall socketcall getsockname() sock: {} {}", emu.colors.light_red, emu.pos, sock, emu.colors.nc ); @@ -950,14 +950,14 @@ pub fn gateway(emu: &mut emu::Emu) { } constants::SYS_GETPEERNAME => { - println!( + log::info!( "{}** {} syscall socketcall getpeername() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::SYS_SOCKETPAIR => { - println!( + log::info!( "{}** {} syscall socketcall socketpair() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -981,13 +981,13 @@ pub fn gateway(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 12) .expect("send() cannot read flags"); - println!( + log::info!( "{}** {} syscall socketcall send() sock: {} buff: {} len: {} {}", emu.colors.light_red, emu.pos, sock, buf, len, emu.colors.nc ); if !helper::socket_exist(sock as u64) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; return; } @@ -996,7 +996,7 @@ pub fn gateway(emu: &mut emu::Emu) { if emu.cfg.endpoint { let buffer = emu.maps.read_buffer(buf as u64, len as usize); let n = endpoint::sock_send(&buffer); - println!("\tsent {} bytes.", n); + log::info!("\tsent {} bytes.", n); emu.regs.rax = n as u64; } else { emu.regs.rax = len as u64; @@ -1023,13 +1023,13 @@ pub fn gateway(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 12) .expect("recv() cannot read flags"); - println!( + log::info!( "{}** {} syscall socketcall recv() sock: {} buff: {} len: {} {}", emu.colors.light_red, emu.pos, sock, buf, len, emu.colors.nc ); if !helper::socket_exist(sock as u64) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; return; } @@ -1039,7 +1039,7 @@ pub fn gateway(emu: &mut emu::Emu) { let mut rbuff: Vec = vec![0; len as usize]; let n = endpoint::sock_recv(&mut rbuff); emu.maps.write_buffer(buf as u64, &rbuff); - println!("\nreceived {} bytes from the endpoint.", n); + log::info!("\nreceived {} bytes from the endpoint.", n); emu.regs.rax = n as u64; } else { emu.regs.rax = len as u64; //TODO: avoid loops @@ -1096,16 +1096,16 @@ pub fn gateway(emu: &mut emu::Emu) { (ip & 0xff000000) >> 24 ); - println!("{}** {} syscall socketcall sendto() sock: {} buff: {} len: {} fam: {} {}:{} {}", emu.colors.light_red, emu.pos, sock, buf, len, fam, sip, port, emu.colors.nc); + log::info!("{}** {} syscall socketcall sendto() sock: {} buff: {} len: {} fam: {} {}:{} {}", emu.colors.light_red, emu.pos, sock, buf, len, fam, sip, port, emu.colors.nc); } else { - println!( + log::info!( "{}** {} syscall socketcall sendto() sock: {} buff: {} len: {} {}", emu.colors.light_red, emu.pos, sock, buf, len, emu.colors.nc ); } if !helper::socket_exist(sock as u64) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; } else { emu.regs.rax = len as u64; @@ -1147,13 +1147,13 @@ pub fn gateway(emu: &mut emu::Emu) { emu.maps.write_dword((sockaddr + 4) as u64, incoming_ip); } - println!( + log::info!( "{}** {} syscall socketcall recvfrom() sock: {} buff: {} len: {} {}", emu.colors.light_red, emu.pos, sock, buf, len, emu.colors.nc ); if !helper::socket_exist(sock as u64) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; } else { emu.regs.rax = len as u64; //TODO: avoid loops @@ -1161,7 +1161,7 @@ pub fn gateway(emu: &mut emu::Emu) { } constants::SYS_SHUTDOWN => { - println!( + log::info!( "{}** {} syscall socketcall shutdown() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1169,49 +1169,49 @@ pub fn gateway(emu: &mut emu::Emu) { } constants::SYS_SETSOCKOPT => { - println!( + log::info!( "{}** {} syscall socketcall setsockopt() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::SYS_GETSOCKOPT => { - println!( + log::info!( "{}** {} syscall socketcall getsockopt() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::SYS_SENDMSG => { - println!( + log::info!( "{}** {} syscall socketcall sendmsg() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::SYS_RECVMSG => { - println!( + log::info!( "{}** {} syscall socketcall recvmsg() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::SYS_ACCEPT4 => { - println!( + log::info!( "{}** {} syscall socketcall accept4() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::SYS_RECVMMSG => { - println!( + log::info!( "{}** {} syscall socketcall recvmsg() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::SYS_SENDMMSG => { - println!( + log::info!( "{}** {} syscall socketcall sendmsg() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1222,784 +1222,784 @@ pub fn gateway(emu: &mut emu::Emu) { } 103 => { - println!( + log::info!( "{}** {} syscall syslog() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 104 => { - println!( + log::info!( "{}** {} syscall setitimer() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 105 => { - println!( + log::info!( "{}** {} syscall getitimer() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 106 => { - println!( + log::info!( "{}** {} syscall stat() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 107 => { - println!( + log::info!( "{}** {} syscall lstat() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 108 => { - println!( + log::info!( "{}** {} syscall fstat() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 109 => { - println!( + log::info!( "{}** {} syscall olduname() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 110 => { - println!( + log::info!( "{}** {} syscall iopl() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 111 => { - println!( + log::info!( "{}** {} syscall vhanghup() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 112 => { - println!( + log::info!( "{}** {} syscall idle() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 113 => { - println!( + log::info!( "{}** {} syscall vm86old() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 114 => { - println!( + log::info!( "{}** {} syscall wait4() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 115 => { - println!( + log::info!( "{}** {} syscall swapoff() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 116 => { - println!( + log::info!( "{}** {} syscall sysinfo() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 117 => { - println!( + log::info!( "{}** {} syscall ipc() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 118 => { - println!( + log::info!( "{}** {} syscall fsync() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 119 => { - println!( + log::info!( "{}** {} syscall sigreturn() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 120 => { - println!( + log::info!( "{}** {} syscall clone() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 121 => { - println!( + log::info!( "{}** {} syscall setdomainname() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 122 => { - println!( + log::info!( "{}** {} syscall uname() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 123 => { - println!( + log::info!( "{}** {} syscall modify_ltd() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 124 => { - println!( + log::info!( "{}** {} syscall adjtimex() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 125 => { - println!( + log::info!( "{}** {} syscall mprotect() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 126 => { - println!( + log::info!( "{}** {} syscall sigprocmask() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 127 => { - println!( + log::info!( "{}** {} syscall create_module() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 128 => { - println!( + log::info!( "{}** {} syscall init_module() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 129 => { - println!( + log::info!( "{}** {} syscall delete_module() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 130 => { - println!( + log::info!( "{}** {} syscall get_kernel_syms() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 131 => { - println!( + log::info!( "{}** {} syscall quotactl() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 132 => { - println!( + log::info!( "{}** {} syscall getpgid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 133 => { - println!( + log::info!( "{}** {} syscall fchdir() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 134 => { - println!( + log::info!( "{}** {} syscall bdflush() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 135 => { - println!( + log::info!( "{}** {} syscall sysfs() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 136 => { - println!( + log::info!( "{}** {} syscall personality() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 137 => { - println!( + log::info!( "{}** {} syscall afs_syscall() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 138 => { - println!( + log::info!( "{}** {} syscall setfsuid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 139 => { - println!( + log::info!( "{}** {} syscall setfsgid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 140 => { - println!( + log::info!( "{}** {} syscall _llseek() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 141 => { - println!( + log::info!( "{}** {} syscall getdents() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 142 => { - println!( + log::info!( "{}** {} syscall _newselect() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 143 => { - println!( + log::info!( "{}** {} syscall flock() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 144 => { - println!( + log::info!( "{}** {} syscall msync() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 145 => { - println!( + log::info!( "{}** {} syscall readv() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 146 => { - println!( + log::info!( "{}** {} syscall writev() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 147 => { - println!( + log::info!( "{}** {} syscall getsid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 148 => { - println!( + log::info!( "{}** {} syscall fdatasync() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 149 => { - println!( + log::info!( "{}** {} syscall _sysctl() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 150 => { - println!( + log::info!( "{}** {} syscall mlock() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 151 => { - println!( + log::info!( "{}** {} syscall munlock() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 152 => { - println!( + log::info!( "{}** {} syscall mlockall() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 153 => { - println!( + log::info!( "{}** {} syscall munlockall() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 154 => { - println!( + log::info!( "{}** {} syscall sched_setparam() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 155 => { - println!( + log::info!( "{}** {} syscall sched_getparam() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 156 => { - println!( + log::info!( "{}** {} syscall sched_setscheduler() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 157 => { - println!( + log::info!( "{}** {} syscall sched_getscheduler() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 158 => { - println!( + log::info!( "{}** {} syscall sched_yield() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 159 => { - println!( + log::info!( "{}** {} syscall sched_get_priority_max() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 160 => { - println!( + log::info!( "{}** {} syscall sched_get_priority_min() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 161 => { - println!( + log::info!( "{}** {} syscall sched_rr_get_inverval() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 162 => { - println!( + log::info!( "{}** {} syscall nanosleep() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 163 => { - println!( + log::info!( "{}** {} syscall mremap() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 164 => { - println!( + log::info!( "{}** {} syscall setresuid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 165 => { - println!( + log::info!( "{}** {} syscall getresuid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 166 => { - println!( + log::info!( "{}** {} syscall vm86() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 167 => { - println!( + log::info!( "{}** {} syscall query_module() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 168 => { - println!( + log::info!( "{}** {} syscall poll() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 169 => { - println!( + log::info!( "{}** {} syscall nfsservctrl() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 170 => { - println!( + log::info!( "{}** {} syscall setresgid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 171 => { - println!( + log::info!( "{}** {} syscall getresgid() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 172 => { - println!( + log::info!( "{}** {} syscall prctl() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 173 => { - println!( + log::info!( "{}** {} syscall rt_sigreturn() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 174 => { - println!( + log::info!( "{}** {} syscall rt_sigcation() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 175 => { - println!( + log::info!( "{}** {} syscall rt_sigprocmask() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 176 => { - println!( + log::info!( "{}** {} syscall rt_sigpending() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 177 => { - println!( + log::info!( "{}** {} syscall rt_sigtimedwait() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 178 => { - println!( + log::info!( "{}** {} syscall rt_sigqueueinfo() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 179 => { - println!( + log::info!( "{}** {} syscall rt_sigsuspend() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 180 => { - println!( + log::info!( "{}** {} syscall pread64() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 181 => { - println!( + log::info!( "{}** {} syscall pwrite64() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 182 => { - println!( + log::info!( "{}** {} syscall chown() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 183 => { - println!( + log::info!( "{}** {} syscall getcwd() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 184 => { - println!( + log::info!( "{}** {} syscall capget() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 185 => { - println!( + log::info!( "{}** {} syscall capset() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 186 => { - println!( + log::info!( "{}** {} syscall sigaltstack() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 187 => { - println!( + log::info!( "{}** {} syscall sendfile() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 188 => { - println!( + log::info!( "{}** {} syscall getpmsg() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 189 => { - println!( + log::info!( "{}** {} syscall putpmsg() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 190 => { - println!( + log::info!( "{}** {} syscall vfork() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 191 => { - println!( + log::info!( "{}** {} syscall ugetrlimit() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 192 => { - println!( + log::info!( "{}** {} syscall mmap2() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 193 => { - println!( + log::info!( "{}** {} syscall truncate64() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 194 => { - println!( + log::info!( "{}** {} syscall ftruncate64() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 195 => { - println!( + log::info!( "{}** {} syscall stat64() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 196 => { - println!( + log::info!( "{}** {} syscall lstat64() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 197 => { - println!( + log::info!( "{}** {} syscall fstat64() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 198 => { - println!( + log::info!( "{}** {} syscall lchown32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 199 => { - println!( + log::info!( "{}** {} syscall getuid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 200 => { - println!( + log::info!( "{}** {} syscall getgid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 201 => { - println!( + log::info!( "{}** {} syscall geteuid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 202 => { - println!( + log::info!( "{}** {} syscall getegid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 203 => { - println!( + log::info!( "{}** {} syscall getreuid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 204 => { - println!( + log::info!( "{}** {} syscall getregid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 205 => { - println!( + log::info!( "{}** {} syscall getgrups32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 206 => { - println!( + log::info!( "{}** {} syscall setgroups32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 207 => { - println!( + log::info!( "{}** {} syscall fchown32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 208 => { - println!( + log::info!( "{}** {} syscall setresuid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 209 => { - println!( + log::info!( "{}** {} syscall getresuid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 210 => { - println!( + log::info!( "{}** {} syscall setresgid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 211 => { - println!( + log::info!( "{}** {} syscall getresgid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 212 => { - println!( + log::info!( "{}** {} syscall chown32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 213 => { - println!( + log::info!( "{}** {} syscall setuid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } 214 => { - println!( + log::info!( "{}** {} syscall setgid32() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2447,12 +2447,12 @@ pub fn gateway(emu: &mut emu::Emu) { "process_mrelease".to_string(), ]; if emu.regs.rax >= data.len() as u64 { - println!( + log::info!( "{}** interrupt 0x80 bad rax value 0x{:x} {}", emu.colors.light_red, emu.regs.rax, emu.colors.nc ); } else { - println!( + log::info!( "{}** interrupt 0x80 function:{} {}", emu.colors.light_red, data[emu.regs.rax as usize], emu.colors.nc ); diff --git a/src/emu/syscall64.rs b/src/emu/syscall64.rs index 812bbd1..1411378 100644 --- a/src/emu/syscall64.rs +++ b/src/emu/syscall64.rs @@ -24,14 +24,14 @@ pub fn gateway(emu: &mut emu::Emu) { match emu.regs.rax { constants::NR64_RESTART_SYSCALL => { - println!( + log::info!( "{}** {} syscall restart_syscall {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::NR64_EXIT => { - println!( + log::info!( "{}** {} syscall exit() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -39,7 +39,7 @@ pub fn gateway(emu: &mut emu::Emu) { } constants::NR64_FORK => { - println!( + log::info!( "{}** {} syscall fork() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -58,7 +58,7 @@ pub fn gateway(emu: &mut emu::Emu) { let mut lib_buff: Vec = Vec::new(); - // println!("opening lib: {}", filepath); + // log::info!("opening lib: {}", filepath); match File::open(&filepath) { Ok(f) => { let len = f.metadata().unwrap().len(); @@ -68,7 +68,7 @@ pub fn gateway(emu: &mut emu::Emu) { .expect("kernel64 cannot load dynamic library"); f.sync_all(); - //println!("readed a lib with sz: {} buff:0x{:x}", lib_buff.len(), buff); + //log::info!("readed a lib with sz: {} buff:0x{:x}", lib_buff.len(), buff); let map = emu.maps.get_mem_by_addr(buff) .expect("buffer send to read syscall point to no map"); @@ -85,7 +85,7 @@ pub fn gateway(emu: &mut emu::Emu) { emu.regs.rax = sz; }, Err(_) => { - println!("file not found"); + log::info!("file not found"); emu.regs.rax = 0; } }; @@ -94,7 +94,7 @@ pub fn gateway(emu: &mut emu::Emu) { emu.regs.rax = sz; } - println!( + log::info!( "{}** {} syscall read(fd:{} buf:0x{:x} sz:{}) ={} {}", emu.colors.light_red, emu.pos, fd, buff, sz, emu.regs.rax, emu.colors.nc ); @@ -105,17 +105,17 @@ pub fn gateway(emu: &mut emu::Emu) { let buff = emu.regs.rsi; let sz = emu.regs.rdx; emu.regs.rax = sz; - println!( + log::info!( "{}** {} syscall write() fd: {} buf: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, fd, buff, sz, emu.colors.nc ); if fd == 1 { let s = emu.maps.read_string(buff); - println!("stdout: `{}`", s) + log::info!("stdout: `{}`", s) } if fd == 2 { let s = emu.maps.read_string(buff); - println!("stderr: `{}`", s) + log::info!("stderr: `{}`", s) } } @@ -125,17 +125,17 @@ pub fn gateway(emu: &mut emu::Emu) { let buff = emu.regs.rsi; let sz = emu.regs.rdx; emu.regs.rax = sz; - println!( + log::info!( "{}** {} syscall write() fd: {} buf: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, fd, buff, sz, emu.colors.nc ); if fd == 1 { let s = emu.maps.read_string(buff); - println!("stdout: `{}`", s) + log::info!("stdout: `{}`", s) } if fd == 2 { let s = emu.maps.read_string(buff); - println!("stderr: `{}`", s) + log::info!("stderr: `{}`", s) } }*/ @@ -144,7 +144,7 @@ pub fn gateway(emu: &mut emu::Emu) { let fd = helper::handler_create(&file_path); emu.regs.rax = fd; - println!( + log::info!( "{}** {} syscall open({}) ={} {}", emu.colors.light_red, emu.pos, file_path, fd, emu.colors.nc ); @@ -160,7 +160,7 @@ pub fn gateway(emu: &mut emu::Emu) { fd = helper::handler_create(&file_path); } - println!( + log::info!( "{}** {} syscall openat({} '{}') ={} {}", emu.colors.light_red, emu.pos, dirfd, file_path, fd as i64, emu.colors.nc ); @@ -184,7 +184,7 @@ pub fn gateway(emu: &mut emu::Emu) { endpoint::sock_close(); }*/ - println!( + log::info!( "{}** {} syscall close(fd:{}) ={} {}", emu.colors.light_red, emu.pos, fd, emu.regs.rax, emu.colors.nc ); @@ -212,14 +212,14 @@ pub fn gateway(emu: &mut emu::Emu) { //emu.fs.insert(0xffffffffffffffc8, 0x4b6c50); - println!("{}** {} syscall brk({:x}) ={:x} {}", + log::info!("{}** {} syscall brk({:x}) ={:x} {}", emu.colors.light_red, emu.pos, emu.regs.rdi, emu.regs.rax, emu.colors.nc ); } constants::NR64_EXECVE => { let cmd = emu.maps.read_string(emu.regs.rdi); - println!( + log::info!( "{}** {} syscall execve() cmd: {} {}", emu.colors.light_red, emu.pos, cmd, emu.colors.nc ); @@ -228,7 +228,7 @@ pub fn gateway(emu: &mut emu::Emu) { constants::NR64_CHDIR => { let path = emu.maps.read_string(emu.regs.rdi); - println!( + log::info!( "{}** {} syscall chdir() path: {} {}", emu.colors.light_red, emu.pos, path, emu.colors.nc ); @@ -237,7 +237,7 @@ pub fn gateway(emu: &mut emu::Emu) { constants::NR64_CHMOD => { let file_path = emu.maps.read_string(emu.regs.rdi); let perm = emu.regs.rsi; - println!( + log::info!( "{}** {} syscall chmod() file: {} perm: {} {}", emu.colors.light_red, emu.pos, file_path, perm, emu.colors.nc ); @@ -245,7 +245,7 @@ pub fn gateway(emu: &mut emu::Emu) { constants::NR64_LSEEK => { let fd = emu.regs.rdi; - println!( + log::info!( "{}** {} syscall lseek() fd: {} {}", emu.colors.light_red, emu.pos, fd, emu.colors.nc ); @@ -254,7 +254,7 @@ pub fn gateway(emu: &mut emu::Emu) { constants::NR64_KILL => { let pid = emu.regs.rdi; let sig = emu.regs.rsi; - println!( + log::info!( "{}** {} syscall kill() pid: {} sig: {} {}", emu.colors.light_red, emu.pos, pid, sig, emu.colors.nc ); @@ -262,7 +262,7 @@ pub fn gateway(emu: &mut emu::Emu) { constants::NR64_DUP => { let fd = emu.regs.rdi; - println!( + log::info!( "{}** {} syscall dup() fd: {} {}", emu.colors.light_red, emu.pos, fd, emu.colors.nc ); @@ -271,7 +271,7 @@ pub fn gateway(emu: &mut emu::Emu) { constants::NR64_DUP2 => { let old_fd = emu.regs.rdi; let new_fd = emu.regs.rsi; - println!( + log::info!( "{}** {} syscall dup2() oldfd: {} newfd: {} {}", emu.colors.light_red, emu.pos, old_fd, new_fd, emu.colors.nc ); @@ -283,7 +283,7 @@ pub fn gateway(emu: &mut emu::Emu) { let typ = emu.regs.rsi; let proto = emu.regs.rdx; - println!( + log::info!( "{}** {} syscall socketcall socket() fam: {} type: {} proto: {} sock: {} {}", emu.colors.light_red, emu.pos, fam, typ, proto, sock, emu.colors.nc ); @@ -313,13 +313,13 @@ pub fn gateway(emu: &mut emu::Emu) { (ip & 0xff000000) >> 24 ); - println!( + log::info!( "{}** {} syscall socketcall bind() sock: {} fam: {} {}:{} {}", emu.colors.light_red, emu.pos, sock, fam, sip, port, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; } else { emu.regs.rax = 0; @@ -349,13 +349,13 @@ pub fn gateway(emu: &mut emu::Emu) { (ip & 0xff000000) >> 24 ); - println!( + log::info!( "{}** {} syscall socketcall connect() sock: {} fam: {} {}:{} {}", emu.colors.light_red, emu.pos, sock, fam, sip, port, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; return; } @@ -363,9 +363,9 @@ pub fn gateway(emu: &mut emu::Emu) { /* if emu.cfg.endpoint { if endpoint::sock_connect(sip.as_str(), port) { - println!("\tconnected to the endpoint."); + log::info!("\tconnected to the endpoint."); } else { - println!("\tcannot connect. dont use -e"); + log::info!("\tcannot connect. dont use -e"); } }*/ @@ -376,13 +376,13 @@ pub fn gateway(emu: &mut emu::Emu) { let sock = emu.regs.rdi; let conns = emu.regs.rsi; - println!( + log::info!( "{}** {} syscall socketcall listen() sock: {} conns: {} {}", emu.colors.light_red, emu.pos, sock, conns, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; } else { emu.regs.rax = 0; @@ -403,13 +403,13 @@ pub fn gateway(emu: &mut emu::Emu) { emu.maps.write_dword(sockaddr + 4, incoming_ip); } - println!( + log::info!( "{}** {} syscall socketcall accept() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; } else { emu.regs.rax = 0; @@ -418,7 +418,7 @@ pub fn gateway(emu: &mut emu::Emu) { constants::NR64_GETSOCKNAME => { let sock = emu.regs.rdi; - println!( + log::info!( "{}** {} syscall socketcall getsockname() sock: {} {}", emu.colors.light_red, emu.pos, sock, emu.colors.nc ); @@ -426,14 +426,14 @@ pub fn gateway(emu: &mut emu::Emu) { } constants::NR64_GETPEERNAME => { - println!( + log::info!( "{}** {} syscall socketcall getpeername() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::NR64_SOCKETPAIR => { - println!( + log::info!( "{}** {} syscall socketcall socketpair() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -445,10 +445,10 @@ pub fn gateway(emu: &mut emu::Emu) { let len = emu.maps.read_dword(emu.regs.rsp+8).expect("send() cannot read len"); let flags = emu.maps.read_dword(emu.regs.rsp+12).expect("send() cannot read flags"); - println!("{}** {} syscall socketcall send() sock: {} buff: {} len: {} {}", emu.colors.light_red, emu.pos, sock, buf, len, emu.colors.nc); + log::info!("{}** {} syscall socketcall send() sock: {} buff: {} len: {} {}", emu.colors.light_red, emu.pos, sock, buf, len, emu.colors.nc); if !helper::socket_exist(sock) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; return; } @@ -456,7 +456,7 @@ pub fn gateway(emu: &mut emu::Emu) { if emu.cfg.endpoint { let buffer = emu.maps.read_buffer(buf, len as usize); let n = endpoint::sock_send(&buffer); - println!("\tsent {} bytes.", n); + log::info!("\tsent {} bytes.", n); emu.regs.rax = n; } else { emu.regs.rax = len; @@ -469,10 +469,10 @@ pub fn gateway(emu: &mut emu::Emu) { let len = emu.maps.read_dword(emu.regs.rsp+8).expect("recv() cannot read len"); let flags = emu.maps.read_dword(emu.regs.rsp+12).expect("recv() cannot read flags"); - println!("{}** {} syscall socketcall recv() sock: {} buff: {} len: {} {}", emu.colors.light_red, emu.pos, sock, buf, len, emu.colors.nc); + log::info!("{}** {} syscall socketcall recv() sock: {} buff: {} len: {} {}", emu.colors.light_red, emu.pos, sock, buf, len, emu.colors.nc); if !helper::socket_exist(sock) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; return; } @@ -482,7 +482,7 @@ pub fn gateway(emu: &mut emu::Emu) { let mut rbuff:Vec = vec![0;len as usize]; let n = endpoint::sock_recv(&mut rbuff); emu.maps.write_buffer(buf, &rbuff); - println!("\nreceived {} bytes from the endpoint.", n); + log::info!("\nreceived {} bytes from the endpoint.", n); emu.regs.rax = n; } else { @@ -516,16 +516,16 @@ pub fn gateway(emu: &mut emu::Emu) { (ip & 0xff000000) >> 24 ); - println!("{}** {} syscall socketcall sendto() sock: {} buff: {} len: {} fam: {} {}:{} {}", emu.colors.light_red, emu.pos, sock, buf, len, fam, sip, port, emu.colors.nc); + log::info!("{}** {} syscall socketcall sendto() sock: {} buff: {} len: {} fam: {} {}:{} {}", emu.colors.light_red, emu.pos, sock, buf, len, fam, sip, port, emu.colors.nc); } else { - println!( + log::info!( "{}** {} syscall socketcall sendto() sock: {} buff: {} len: {} {}", emu.colors.light_red, emu.pos, sock, buf, len, emu.colors.nc ); } if !helper::socket_exist(sock) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; } else { emu.regs.rax = len; @@ -549,13 +549,13 @@ pub fn gateway(emu: &mut emu::Emu) { emu.maps.write_dword(sockaddr + 4, incoming_ip); } - println!( + log::info!( "{}** {} syscall socketcall recvfrom() sock: {} buff: {} len: {} {}", emu.colors.light_red, emu.pos, sock, buf, len, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tbad socket/"); + log::info!("\tbad socket/"); emu.regs.rax = constants::ENOTSOCK; } else { emu.regs.rax = len; //TODO: avoid loops @@ -563,7 +563,7 @@ pub fn gateway(emu: &mut emu::Emu) { } constants::NR64_SHUTDOWN => { - println!( + log::info!( "{}** {} syscall socketcall shutdown() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -571,49 +571,49 @@ pub fn gateway(emu: &mut emu::Emu) { } constants::NR64_SETSOCKOPT => { - println!( + log::info!( "{}** {} syscall socketcall setsockopt() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::NR64_GETSOCKOPT => { - println!( + log::info!( "{}** {} syscall socketcall getsockopt() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::NR64_SENDMSG => { - println!( + log::info!( "{}** {} syscall socketcall sendmsg() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::NR64_RECVMSG => { - println!( + log::info!( "{}** {} syscall socketcall recvmsg() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::NR64_ACCEPT4 => { - println!( + log::info!( "{}** {} syscall socketcall accept4() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::NR64_RECVMMSG => { - println!( + log::info!( "{}** {} syscall socketcall recvmsg() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); } constants::NR64_SENDMMSG => { - println!( + log::info!( "{}** {} syscall socketcall sendmsg() {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -645,7 +645,7 @@ pub fn gateway(emu: &mut emu::Emu) { _ => {} } - println!( + log::info!( "{}** {} syscall arch_prctl({}) {}", emu.colors.light_red, emu.pos, op, emu.colors.nc ); @@ -656,7 +656,7 @@ pub fn gateway(emu: &mut emu::Emu) { let ptr = emu.regs.rdi; emu.maps.write_bytes(ptr, constants::UTSNAME.to_vec()); - println!( + log::info!( "{}** {} syscall uname(0x{:x}) {}", emu.colors.light_red, emu.pos, ptr, emu.colors.nc ); @@ -665,7 +665,7 @@ pub fn gateway(emu: &mut emu::Emu) { constants::NR64_ACCESS => { let filename = emu.maps.read_string(emu.regs.rdi); - println!( + log::info!( "{}** {} syscall access({}) {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -683,7 +683,7 @@ pub fn gateway(emu: &mut emu::Emu) { emu.maps.free(&format!("mmap_{:x}",addr)); - println!( + log::info!( "{}** {} syscall munmap(0x{:x} sz:{}) {}", emu.colors.light_red, emu.pos, addr, sz, emu.colors.nc ); @@ -701,7 +701,7 @@ pub fn gateway(emu: &mut emu::Emu) { if addr == 0 { if sz > 0xffffff { - println!("/!\\ Warning trying to allocate {} bytes", sz); + log::info!("/!\\ Warning trying to allocate {} bytes", sz); sz = 0xffffff; } addr = emu.maps.lib64_alloc(sz).expect("syscall64 mmap cannot alloc"); @@ -714,7 +714,7 @@ pub fn gateway(emu: &mut emu::Emu) { if filepath.contains(".so") { let mut lib_buff: Vec = Vec::new(); - //println!("opening lib: {}", filepath); + //log::info!("opening lib: {}", filepath); match File::open(&filepath) { Ok(f) => { let len = f.metadata().unwrap().len(); @@ -725,7 +725,7 @@ pub fn gateway(emu: &mut emu::Emu) { .expect("kernel64 cannot load dynamic library"); f.sync_all(); - //println!("readed a lib with sz: {} buff:0x{:x}", lib_buff.len(), addr); + //log::info!("readed a lib with sz: {} buff:0x{:x}", lib_buff.len(), addr); let map = emu.maps.get_mem_by_addr(addr) .expect("buffer send to read syscall point to no map"); @@ -742,14 +742,14 @@ pub fn gateway(emu: &mut emu::Emu) { emu.regs.rax = sz; }, Err(_) => { - println!("file not found"); + log::info!("file not found"); emu.regs.rax = 0; } }; } } - println!( + log::info!( "{}** {} syscall mmap(fd:{} sz:{} off:{}) =0x{:x} {}", emu.colors.light_red, emu.pos, fd as i32, sz, off, addr, emu.colors.nc ); @@ -772,7 +772,7 @@ pub fn gateway(emu: &mut emu::Emu) { stat.save(stat_ptr, &mut emu.maps); - println!( + log::info!( "{}** {} syscall ftat(0x{:x}) =0 {}", emu.colors.light_red, emu.pos, emu.regs.rdi, emu.colors.nc ); @@ -793,7 +793,7 @@ pub fn gateway(emu: &mut emu::Emu) { stat.size = file_size as i64; stat.save(stat_ptr, &mut emu.maps); - println!( + log::info!( "{}** {} syscall stat({}) =0 {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -811,7 +811,7 @@ pub fn gateway(emu: &mut emu::Emu) { Ok(link) => link, Err(_) => { emu.regs.rax = 0xffffffffffffffff; - println!( + log::info!( "{}** {} syscall uname({}) err! {}", emu.colors.light_red, emu.pos, link, emu.colors.nc ); @@ -821,7 +821,7 @@ pub fn gateway(emu: &mut emu::Emu) { emu.maps.write_string(buff, sym_link_dest.to_str().unwrap()); - println!( + log::info!( "{}** {} syscall uname({}) {}", emu.colors.light_red, emu.pos, link, emu.colors.nc ); @@ -842,7 +842,7 @@ pub fn gateway(emu: &mut emu::Emu) { }*/ emu.regs.rax = 0; - println!( + log::info!( "{}** {} syscall mprotect(0x{:x}) ={:x} {}", emu.colors.light_red, emu.pos, addr, emu.regs.rax, emu.colors.nc ); @@ -1213,12 +1213,12 @@ pub fn gateway(emu: &mut emu::Emu) { ]; if emu.regs.rax >= data.len() as u64 { - println!( + log::info!( "{}** interrupt 0x80 bad rax value 0x{:x} {}", emu.colors.light_red, emu.regs.rax, emu.colors.nc ); } else { - println!( + log::info!( "{}** interrupt 0x80 function:{} {}", emu.colors.light_red, data[emu.regs.rax as usize], emu.colors.nc ); diff --git a/src/emu/winapi32.rs b/src/emu/winapi32.rs index ec2c99f..f0e21c4 100644 --- a/src/emu/winapi32.rs +++ b/src/emu/winapi32.rs @@ -42,14 +42,14 @@ pub fn gateway(addr: u32, name: String, emu: &mut emu::Emu) { emu.pe32.as_ref().unwrap().import_addr_to_name(addr as u32) } _ => { - println!("/!\\ trying to execute on {} at 0x{:x}", name, addr); + log::info!("/!\\ trying to execute on {} at 0x{:x}", name, addr); name.clone() } }; if unimplemented_api.len() > 0 { let params = emu.banzai.get_params(&unimplemented_api); - println!("{} {} parameters", unimplemented_api, params); + log::info!("{} {} parameters", unimplemented_api, params); if name != "msvcrt.text" { for _ in 0..params { diff --git a/src/emu/winapi32/advapi32.rs b/src/emu/winapi32/advapi32.rs index c99268f..f50398a 100644 --- a/src/emu/winapi32/advapi32.rs +++ b/src/emu/winapi32/advapi32.rs @@ -26,7 +26,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { "CryptDeriveKey" => CryptDeriveKey(emu), _ => { - println!( + log::info!( "calling unimplemented advapi32 API 0x{:x} {}", addr, api ); @@ -48,7 +48,7 @@ fn StartServiceCtrlDispatcherA(emu: &mut emu::Emu) { let service_name = emu.maps.read_dword((service_table_entry_ptr+4) as u64) .expect("advapi32!StartServiceCtrlDispatcherA error reading service_name");*/ - println!( + log::info!( "{}** {} advapi321!StartServiceCtrlDispatcherA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -63,7 +63,7 @@ fn StartServiceCtrlDispatcherW(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("advapi32!StartServiceCtrlDispatcherW error reading service_table_entry pointer"); - println!( + log::info!( "{}** {} advapi321!StartServiceCtrlDispatcherW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -121,7 +121,7 @@ fn CryptAcquireContextA(emu: &mut emu::Emu) { sflags.push_str("CRYPT_DEFAULT_CONTAINER_OPTIONAL "); } - println!( + log::info!( "{}** {} advapi321!CryptAcquireContextA =0x{:x} type: {} flags: `{}` {}", emu.colors.light_red, emu.pos, hndl, prov_type, &sflags, emu.colors.nc ); @@ -178,7 +178,7 @@ fn CryptAcquireContextW(emu: &mut emu::Emu) { sflags.push_str("CRYPT_DEFAULT_CONTAINER_OPTIONAL "); } - println!( + log::info!( "{}** {} advapi321!CryptAcquireContextW =0x{:x} type: {} flags: `{}` {}", emu.colors.light_red, emu.pos, hndl, prov_type, &sflags, emu.colors.nc ); @@ -207,7 +207,7 @@ fn LookupPrivilegeValueW(emu: &mut emu::Emu) { let name = emu.maps.read_wide_string(ptr_name); emu.maps.write_dword(ptr_uid, 123); - println!( + log::info!( "{}** {} advapi321!LookupPrivilegeValueW `{}` `{}` {}", emu.colors.light_red, emu.pos, sysname, name, emu.colors.nc ); @@ -248,7 +248,7 @@ fn CryptEncrypt(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()+24) .expect("advapi32!CryptEncrypt error reading param") as u64; - println!( + log::info!( "{}** {} advapi32!CryptEncrypt {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -291,7 +291,7 @@ fn CryptDecrypt(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()+24) .expect("advapi32!CryptDecrypt error reading param") as u64; - println!( + log::info!( "{}** {} advapi32!CryptDecrypt {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -314,7 +314,7 @@ fn CryptReleaseContext(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()+4) .expect("advapi32!CryptReleaseContext error reading param") as u64; - println!( + log::info!( "{}** {} advapi32!CryptReleaseContext {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -349,7 +349,7 @@ fn CryptCreateHash(emu: &mut emu::Emu) { .expect("advapi32!CryptCreateHash error reading param") as u64; - println!( + log::info!( "{}** {} advapi32!CryptCreateHash {} {}", emu.colors.light_red, emu.pos, get_cryptoalgorithm_name(algid), emu.colors.nc @@ -384,7 +384,7 @@ fn CryptGenKey(emu: &mut emu::Emu) { .expect("advapi32!CryptGenKey error reading param"); - println!( + log::info!( "{}** {} advapi32!CryptGenKey {} {}", emu.colors.light_red, emu.pos, get_cryptoalgorithm_name(algid), emu.colors.nc @@ -419,7 +419,7 @@ fn CryptGetHashParam(emu: &mut emu::Emu) { .expect("advapi32!CryptGetHashParam error reading param") as u64; - println!( + log::info!( "{}** {} advapi32!CryptGetHashParam {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -454,7 +454,7 @@ fn CryptGetKeyParam(emu: &mut emu::Emu) { .expect("advapi32!CryptGetKeyParam error reading param") as u64; - println!( + log::info!( "{}** {} advapi32!CryptGetKeyParam {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -492,7 +492,7 @@ fn CryptImportKey(emu: &mut emu::Emu) { .expect("advapi32!CryptImportKey error reading param") as u64; - println!( + log::info!( "{}** {} advapi32!CryptImportKey {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -530,7 +530,7 @@ fn CryptSignHashA(emu: &mut emu::Emu) { .expect("advapi32!CryptSignHashA error reading param") as u64; - println!( + log::info!( "{}** {} advapi32!CryptSignHashA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -568,7 +568,7 @@ fn CryptSignHashW(emu: &mut emu::Emu) { .expect("advapi32!CryptSignHashW error reading param") as u64; - println!( + log::info!( "{}** {} advapi32!CryptSignHashW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -602,7 +602,7 @@ fn CryptHashData(emu: &mut emu::Emu) { helper::handler_put_bytes(hhash, b"deadcafebabe"); } - println!( + log::info!( "{}** {} advapi32!CryptHashData {} {}", emu.colors.light_red, emu.pos, hex_hash, emu.colors.nc ); @@ -634,7 +634,7 @@ fn CryptDeriveKey(emu: &mut emu::Emu) { } helper::handler_put_bytes(handle, &vec![0x41u8;alg_len]); - println!( + log::info!( "{}** {} advapi32!CryptDeriveKey {} {}", emu.colors.light_red, emu.pos, alg, emu.colors.nc ); diff --git a/src/emu/winapi32/crypt32.rs b/src/emu/winapi32/crypt32.rs index 3d13bfa..c080466 100644 --- a/src/emu/winapi32/crypt32.rs +++ b/src/emu/winapi32/crypt32.rs @@ -14,7 +14,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { "CryptStringToBinaryA" => CryptStringToBinaryA(emu), _ => { - println!( + log::info!( "calling unimplemented crypt32 API 0x{:x} {}", addr, api ); @@ -35,7 +35,7 @@ fn PkiInitializeCriticalSection(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("crypt32!PkiInitializeCriticalSection error getting addr param"); - println!( + log::info!( "{}** {} crypt32!Pki_InitializeCriticalSection flags: {:x} addr: 0x{:x} {}", emu.colors.light_red, emu.pos, flags, addr, emu.colors.nc ); @@ -94,7 +94,7 @@ fn CryptStringToBinaryA(emu: &mut emu::Emu) { _ => "incorrect flag", }; - println!( + log::info!( "{}** {} crypt32!CryptStringToBinaryA str: 0x{:x} len: {} ptr: {} len: {} {}{}", emu.colors.light_red, emu.pos, string, num_chars, ptr, inout_sz, dflags, emu.colors.nc ); diff --git a/src/emu/winapi32/dnsapi.rs b/src/emu/winapi32/dnsapi.rs index 78d8ae6..1017bbc 100644 --- a/src/emu/winapi32/dnsapi.rs +++ b/src/emu/winapi32/dnsapi.rs @@ -12,7 +12,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { "DnsQueryW" => DnsQuery_W(emu), _ => { - println!("calling unimplemented dnsapi API 0x{:x} {}", addr, api); + log::info!("calling unimplemented dnsapi API 0x{:x} {}", addr, api); return api; } } @@ -48,7 +48,7 @@ fn DnsQuery_A(emu: &mut emu::Emu) { let name = emu.maps.read_string(name_ptr); - println!( + log::info!( "{}** {} dnsapi!DnsQuery_A '{}' {}", emu.colors.light_red, emu.pos, name, emu.colors.nc ); @@ -84,7 +84,7 @@ fn DnsQuery_W(emu: &mut emu::Emu) { let name = emu.maps.read_wide_string(name_ptr); - println!( + log::info!( "{}** {} dnsapi!DnsQuery_W '{}' {}", emu.colors.light_red, emu.pos, name, emu.colors.nc ); diff --git a/src/emu/winapi32/helper.rs b/src/emu/winapi32/helper.rs index 4bd93ae..8d7f151 100644 --- a/src/emu/winapi32/helper.rs +++ b/src/emu/winapi32/helper.rs @@ -52,7 +52,7 @@ pub fn handler_close(hndl: u64) -> bool { pub fn handler_print() { let hndls = HANDLERS.lock().unwrap(); for h in hndls.iter() { - println!("{:x} {}", h.id, h.uri); + log::info!("{:x} {}", h.id, h.uri); } } diff --git a/src/emu/winapi32/iphlpapi.rs b/src/emu/winapi32/iphlpapi.rs index 32a4c09..0e1f7d1 100644 --- a/src/emu/winapi32/iphlpapi.rs +++ b/src/emu/winapi32/iphlpapi.rs @@ -6,7 +6,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { match api.as_str() { //"LoadLibraryA" => LoadLibraryA(emu), _ => { - println!( + log::info!( "calling unimplemented iphlpapi API 0x{:x} {}", addr, api ); diff --git a/src/emu/winapi32/kernel32.rs b/src/emu/winapi32/kernel32.rs index 44c301d..5dbae0d 100644 --- a/src/emu/winapi32/kernel32.rs +++ b/src/emu/winapi32/kernel32.rs @@ -179,7 +179,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { "RegOpenKeyA" => RegOpenKeyA(emu), "RegOpenKeyW" => RegOpenKeyW(emu), _ => { - println!( + log::info!( "calling unimplemented kernel32 API 0x{:x} {}", addr, api ); @@ -213,7 +213,7 @@ pub fn dump_module_iat(emu: &mut emu::Emu, module: &str) { } let ordinal = flink.get_function_ordinal(emu, i); - println!( + log::info!( "0x{:x} {}!{}", ordinal.func_va, &flink.mod_name, &ordinal.func_name ); @@ -278,7 +278,7 @@ pub fn resolve_api_name(emu: &mut emu::Emu, name: &str) -> u64 { } flink.next(emu); - //println!("flink: 0x{:x} first_ptr: 0x{:x} num_of_funcs: {}", flink.get_ptr(), first_ptr, flink.num_of_funcs); + //log::info!("flink: 0x{:x} first_ptr: 0x{:x} num_of_funcs: {}", flink.get_ptr(), first_ptr, flink.num_of_funcs); if flink.get_ptr() == first_ptr { break; @@ -363,7 +363,7 @@ fn GetProcAddress(emu: &mut emu::Emu) { .expect("kernel32!GetProcAddress cannot read the func name") as u64; let func = emu.maps.read_string(func_ptr).to_lowercase(); - //println!("looking for '{}'", func); + //log::info!("looking for '{}'", func); emu.stack_pop32(false); emu.stack_pop32(false); @@ -382,11 +382,11 @@ fn GetProcAddress(emu: &mut emu::Emu) { } let ordinal = flink.get_function_ordinal(emu, i); - //println!("func name {}!{}", flink.mod_name, ordinal.func_name); + //log::info!("func name {}!{}", flink.mod_name, ordinal.func_name); if ordinal.func_name.to_lowercase() == func { emu.regs.rax = ordinal.func_va; - println!( + log::info!( "{}** {} kernel32!GetProcAddress `{}!{}` =0x{:x} {}", emu.colors.light_red, emu.pos, @@ -407,7 +407,7 @@ fn GetProcAddress(emu: &mut emu::Emu) { } emu.regs.rax = 0; if emu.cfg.verbose >= 1 { - println!("kernel32!GetProcAddress error searching {}", func); + log::info!("kernel32!GetProcAddress error searching {}", func); } } @@ -432,7 +432,7 @@ pub fn load_library(emu: &mut emu::Emu, libname: &str) -> u64 { // already linked /* if emu.cfg.verbose > 0 { - println!("dll {} already linked.", dll); + log::info!("dll {} already linked.", dll); }*/ return base; } @@ -444,7 +444,7 @@ pub fn load_library(emu: &mut emu::Emu, libname: &str) -> u64 { return base as u64; } else { if emu.cfg.verbose > 0 { - println!("dll {} not found.", dll_path); + log::info!("dll {} not found.", dll_path); } return 0; } @@ -461,7 +461,7 @@ fn LoadLibraryA(emu: &mut emu::Emu) { emu.regs.rax = load_library(emu, &dll); - println!( + log::info!( "{}** {} kernel32!LoadLibraryA '{}' =0x{:x} {}", emu.colors.light_red, emu.pos, @@ -482,7 +482,7 @@ fn LoadLibraryExA(emu: &mut emu::Emu) { .expect("kernel32_LoadLibraryExA: error reading libname ptr param") as u64; let libname = emu.maps.read_string(libname_ptr); - println!( + log::info!( "{}** {} kernel32!LoadLibraryExA '{}' {}", emu.colors.light_red, emu.pos, libname, emu.colors.nc ); @@ -510,7 +510,7 @@ fn LoadLibraryExW(emu: &mut emu::Emu) { let libname = emu.maps.read_wide_string(libname_ptr); - println!( + log::info!( "{}** {} LoadLibraryExW '{}' {}", emu.colors.light_red, emu.pos, libname, emu.colors.nc ); @@ -533,7 +533,7 @@ fn LoadLibraryW(emu: &mut emu::Emu) { None => panic!("bad LoadLibraryW parameter"), }; let dll = emu.maps.read_wide_string(dllptr); - println!( + log::info!( "{}** {} LoadLibraryW '{}' {}", emu.colors.light_red, emu.pos, dll, emu.colors.nc ); @@ -556,7 +556,7 @@ fn WinExec(emu: &mut emu::Emu) { //emu.spawn_console(); - println!( + log::info!( "{}** {} WinExec '{}' {}", emu.colors.light_red, emu.pos, cmdline, emu.colors.nc ); @@ -567,7 +567,7 @@ fn WinExec(emu: &mut emu::Emu) { fn GetVersion(emu: &mut emu::Emu) { emu.regs.rax = emu::constants::VERSION; - println!( + log::info!( "{}** {} kernel32!GetVersion =0x{:x} {}", emu.colors.light_red, emu.pos, @@ -593,7 +593,7 @@ fn CreateProcessA(emu: &mut emu::Emu) { let appname = emu.maps.read_string(appname_ptr); let cmdline = emu.maps.read_string(cmdline_ptr); - println!( + log::info!( "{}** {} kernel32!CreateProcessA {} {} {}", emu.colors.light_red, emu.pos, appname, cmdline, emu.colors.nc ); @@ -615,7 +615,7 @@ fn WaitForSingleObject(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!WaitForSingleObject error reading millis"); - println!( + log::info!( "{}** {} kernel32!WaitForSingleObject hndl: {} millis: {} {}", emu.colors.light_red, emu.pos, handle, millis, emu.colors.nc ); @@ -649,7 +649,7 @@ fn VirtualAlloc(emu: &mut emu::Emu) { .expect("kernel32!VirtualAlloc out of memory"); emu.maps.create_map(format!("alloc_{:x}", base).as_str(), base, size).expect("kernel32!VirtualAlloc out of memory"); - println!( + log::info!( "{}** {} kernel32!VirtualAlloc sz: {} addr: 0x{:x} {}", emu.colors.light_red, emu.pos, size, base, emu.colors.nc ); @@ -683,7 +683,7 @@ fn VirtualAllocEx(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 16) .expect("kernel32!VirtualAllocEx cannot read the protect"); - println!( + log::info!( "{}** {} kernel32!VirtualAllocEx hproc: 0x{:x} addr: 0x{:x} {}", emu.colors.light_red, emu.pos, proc_hndl, addr, emu.colors.nc ); @@ -723,20 +723,20 @@ fn WriteProcessMemory(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 16) .expect("kernel32!WriteProcessMemory cannot read the ptr of num of written bytes"); - println!( + log::info!( "{}** {} kernel32!WriteProcessMemory hproc: 0x{:x} from: 0x{:x } to: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, proc_hndl, buff, addr, size, emu.colors.nc ); if emu.maps.memcpy(buff, addr, size as usize) { emu.regs.rax = 1; - println!( + log::info!( "{}\twritten succesfully{}", emu.colors.light_red, emu.colors.nc ); } else { emu.regs.rax = 0; - println!( + log::info!( "{}\tcouldnt write the bytes{}", emu.colors.light_red, emu.colors.nc ); @@ -778,7 +778,7 @@ fn CreateRemoteThread(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 24) .expect("kernel32!CreateRemoteThread cannot read the tid") as u64; - println!( + log::info!( "{}** {} kernel32!CreateRemoteThread hproc: 0x{:x} addr: 0x{:x} {}", emu.colors.light_red, emu.pos, proc_hndl, addr, emu.colors.nc ); @@ -827,7 +827,7 @@ fn CreateNamedPipeA(emu: &mut emu::Emu) { let name = emu.maps.read_string(name_ptr); - println!( + log::info!( "{}** {} kernel32!CreateNamedPipeA name:{} in: 0x{:x} out: 0x{:x} {}", emu.colors.light_red, emu.pos, name, in_buff_sz, out_buff_sz, emu.colors.nc ); @@ -849,12 +849,12 @@ fn ConnectNamedPipe(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!ConnectNamedPipe cannot read the overlapped"); - println!( + log::info!( "{}** {} kernel32!ConnectNamedPipe hndl: 0x{:x} {}", emu.colors.light_red, emu.pos, handle, emu.colors.nc ); if !helper::handler_exist(handle) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } for _ in 0..2 { @@ -869,7 +869,7 @@ fn DisconnectNamedPipe(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!DisconnectNamedPipe cannot read the handle"); - println!( + log::info!( "{}** {} kernel32!DisconnectNamedPipe hndl: 0x{:x} {}", emu.colors.light_red, emu.pos, handle, emu.colors.nc ); @@ -922,13 +922,13 @@ fn ReadFile(emu: &mut emu::Emu) { //TODO: write some random bytes to the buffer //emu.maps.write_spaced_bytes(buff, "00 00 00 01".to_string()); - println!( + log::info!( "{}** {} kernel32!ReadFile hndl: 0x{:x} buff: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, file_hndl, buff, size, emu.colors.nc ); if !helper::handler_exist(file_hndl) { - println!("\tinvalid handle.") + log::info!("\tinvalid handle.") } for _ in 0..5 { @@ -963,13 +963,13 @@ fn WriteFile(emu: &mut emu::Emu) { emu.maps.write_dword(bytes_written, size); - println!( + log::info!( "{}** {} kernel32!WriteFile hndl: 0x{:x} buff: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, file_hndl, buff, size, emu.colors.nc ); if !helper::handler_exist(file_hndl) { - println!("\tinvalid handle.") + log::info!("\tinvalid handle.") } for _ in 0..5 { @@ -984,13 +984,13 @@ fn CloseHandle(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!CloseHandle cannot read the handle") as u64; - println!( + log::info!( "{}** {} kernel32!CloseHandle 0x{:X} {}", emu.colors.light_red, emu.pos, hndl, emu.colors.nc ); if !helper::handler_close(hndl) { - println!("\tinvalid handle.") + log::info!("\tinvalid handle.") } emu.stack_pop32(false); emu.regs.rax = 1; @@ -1002,7 +1002,7 @@ fn ExitProcess(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!ExitProcess cannot read the exit code"); - println!( + log::info!( "{}** {} kernel32!ExitProcess code: {} {}", emu.colors.light_red, emu.pos, code, emu.colors.nc ); @@ -1021,7 +1021,7 @@ fn TerminateProcess(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!TerminateProcess cannot read the exit code"); - println!( + log::info!( "{}** {} kernel32!TerminateProcess hndl: {} code: {} {}", emu.colors.light_red, emu.pos, hndl, code, emu.colors.nc ); @@ -1044,7 +1044,7 @@ fn GetThreadContext(emu: &mut emu::Emu) { let ctx = context32::Context32::new(&emu.regs); ctx.save(ctx_ptr, &mut emu.maps); - println!( + log::info!( "{}** {} kernel32!GetThreadContext {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1065,7 +1065,7 @@ fn SetThreadContext(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!SetThreadContext cannot read the ctx_ptr"); - println!( + log::info!( "{}** {} kernel32!SetThreadContext {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1108,7 +1108,7 @@ fn ReadProcessMemory(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 16) .expect("kernel32!ReadProcessMemory cannot read bytes") as u64; - println!( + log::info!( "{}** {} kernel32!ReadProcessMemory hndl: {} from: 0x{:x} to: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, hndl, addr, buff, size, emu.colors.nc ); @@ -1136,7 +1136,7 @@ fn GetCurrentDirectoryW(emu: &mut emu::Emu) { emu.maps .write_string(buff_ptr, "c\x00:\x00\\\x00\x00\x00\x00\x00"); - println!( + log::info!( "{}** {} kernel32!GetCurrentDirectoryW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1159,7 +1159,7 @@ fn GetCurrentDirectoryA(emu: &mut emu::Emu) { emu.maps.write_string(buff_ptr, "c:\\\x00"); - println!( + log::info!( "{}** {} kernel32!GetCurrentDirectoryA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1190,7 +1190,7 @@ fn VirtualProtect(emu: &mut emu::Emu) { emu.maps.write_dword(old_prot_ptr, new_prot); - println!( + log::info!( "{}** {} kernel32!VirtualProtect addr: 0x{:x} sz: {} prot: {} {}", emu.colors.light_red, emu.pos, addr, size, new_prot, emu.colors.nc ); @@ -1226,7 +1226,7 @@ fn VirtualProtectEx(emu: &mut emu::Emu) { emu.maps.write_dword(old_prot_ptr, new_prot); - println!( + log::info!( "{}** {} kernel32!VirtualProtectEx hproc: {} addr: 0x{:x} sz: {} prot: {} {}", emu.colors.light_red, emu.pos, hproc, addr, size, new_prot, emu.colors.nc ); @@ -1244,7 +1244,7 @@ fn ResumeThread(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!ResumeThread cannot read the handle"); - println!( + log::info!( "{}** {} kernel32!ResumeThread hndl: {} {}", emu.colors.light_red, emu.pos, hndl, emu.colors.nc ); @@ -1274,7 +1274,7 @@ fn GetFullPathNameA(emu: &mut emu::Emu) { let filename = emu.maps.read_string(file_ptr); - println!( + log::info!( "{}** {} kernel32!GetFullPathNameA file: {} {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -1306,7 +1306,7 @@ fn GetFullPathNameW(emu: &mut emu::Emu) { let filename = emu.maps.read_wide_string(file_ptr); - println!( + log::info!( "{}** {} kernel32!GetFullPathNameW file: {} {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -1332,7 +1332,7 @@ fn SystemTimeToTzSpecificLocalTime(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("kernel32!SystemTimeToTzSpecificLocalTime cannot read lt_ptr"); - println!( + log::info!( "{}** {} kernel32!SystemTimeToTzSpecificLocalTime {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1345,7 +1345,7 @@ fn SystemTimeToTzSpecificLocalTime(emu: &mut emu::Emu) { } fn GetLogicalDrives(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetLogicalDrives {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1369,7 +1369,7 @@ fn ExpandEnvironmentStringsA(emu: &mut emu::Emu) { let src = emu.maps.read_string(src_ptr); - println!( + log::info!( "{}** {} kernel32!ExpandEnvironmentStringsA `{}` {}", emu.colors.light_red, emu.pos, src, emu.colors.nc ); @@ -1399,7 +1399,7 @@ fn ExpandEnvironmentStringsW(emu: &mut emu::Emu) { let src = emu.maps.read_wide_string(src_ptr); - println!( + log::info!( "{}** {} kernel32!ExpandEnvironmentStringsW `{}` {}", emu.colors.light_red, emu.pos, src, emu.colors.nc ); @@ -1420,7 +1420,7 @@ fn GetFileAttributesA(emu: &mut emu::Emu) { .expect("kernel32!GetFileAttributesA cannot read filename_ptr") as u64; let filename = emu.maps.read_string(filename_ptr); - println!( + log::info!( "{}** {} kernel32!GetFileAttributesA file: {} {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -1437,7 +1437,7 @@ fn GetFileAttributesW(emu: &mut emu::Emu) { .expect("kernel32!GetFileAttributesW cannot read filename_ptr") as u64; let filename = emu.maps.read_wide_string(filename_ptr); - println!( + log::info!( "{}** {} kernel32!GetFileAttributesW file: {} {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -1457,7 +1457,7 @@ fn FileTimeToSystemTime(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!FileTimeToSystemTime cannot read sys_time_ptr"); - println!( + log::info!( "{}** {} kernel32!FileTimeToSystemTime {} ", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1480,7 +1480,7 @@ fn FindFirstFileA(emu: &mut emu::Emu) { let file = emu.maps.read_string(file_ptr); - println!( + log::info!( "{}** {} kernel32!FindFirstFileA file: {} {}", emu.colors.light_red, emu.pos, file, emu.colors.nc ); @@ -1503,7 +1503,7 @@ fn FindFirstFileW(emu: &mut emu::Emu) { let file = emu.maps.read_wide_string(file_ptr); - println!( + log::info!( "{}** {} kernel32!FindFirstFileW file: {} {}", emu.colors.light_red, emu.pos, file, emu.colors.nc ); @@ -1524,7 +1524,7 @@ fn FindNextFileA(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!FindNextFileA cannot read the find_data"); - println!( + log::info!( "{}** {} kernel32!FindNextFileA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1545,7 +1545,7 @@ fn FindNextFileW(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!FindNextFileW cannot read the find_data"); - println!( + log::info!( "{}** {} kernel32!FindNextFileW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1573,7 +1573,7 @@ fn CopyFileA(emu: &mut emu::Emu) { let src = emu.maps.read_string(src_ptr); let dst = emu.maps.read_string(dst_ptr); - println!( + log::info!( "{}** {} kernel32!CopyFileA `{}` to `{}` {}", emu.colors.light_red, emu.pos, src, dst, emu.colors.nc ); @@ -1602,7 +1602,7 @@ fn CopyFileW(emu: &mut emu::Emu) { let src = emu.maps.read_wide_string(src_ptr); let dst = emu.maps.read_wide_string(dst_ptr); - println!( + log::info!( "{}** {} kernel32!CopyFileW `{}` to `{}` {}", emu.colors.light_red, emu.pos, src, dst, emu.colors.nc ); @@ -1620,7 +1620,7 @@ fn FindClose(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!FindClose cannot read the handle") as u64; - println!( + log::info!( "{}** {} kernel32!FindClose {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1644,7 +1644,7 @@ fn MoveFileA(emu: &mut emu::Emu) { let src = emu.maps.read_string(src_ptr); let dst = emu.maps.read_string(dst_ptr); - println!( + log::info!( "{}** {} kernel32!MoveFileA `{}` to `{}` {}", emu.colors.light_red, emu.pos, src, dst, emu.colors.nc ); @@ -1668,7 +1668,7 @@ fn MoveFileW(emu: &mut emu::Emu) { let src = emu.maps.read_wide_string(src_ptr); let dst = emu.maps.read_wide_string(dst_ptr); - println!( + log::info!( "{}** {} kernel32!MoveFileW `{}` to `{}` {}", emu.colors.light_red, emu.pos, src, dst, emu.colors.nc ); @@ -1693,7 +1693,7 @@ fn OpenProcess(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("kernel32!OpenProcess cannot read pid"); - println!( + log::info!( "{}** {} kernel32!OpenProcess pid: {} {}", emu.colors.light_red, emu.pos, pid, emu.colors.nc ); @@ -1707,7 +1707,7 @@ fn OpenProcess(emu: &mut emu::Emu) { } fn GetCurrentProcessId(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetCurrentProcessId {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1725,7 +1725,7 @@ fn Thread32First(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!Thread32First cannot read the entry32"); - println!( + log::info!( "{}** {} kernel32!Thread32First {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1746,7 +1746,7 @@ fn Thread32Next(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!Thread32Next cannot read the entry32"); - println!( + log::info!( "{}** {} kernel32!Thread32Next {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1771,7 +1771,7 @@ fn OpenThread(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("kernel32!OpenThread cannot read tid"); - println!( + log::info!( "{}** {} kernel32!OpenThread tid: {} {}", emu.colors.light_red, emu.pos, tid, emu.colors.nc ); @@ -1794,7 +1794,7 @@ fn CreateToolhelp32Snapshot(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!CreateToolhelp32Snapshot cannot read pid"); - println!( + log::info!( "{}** {} kernel32!CreateToolhelp32Snapshot pid: {} {}", emu.colors.light_red, emu.pos, pid, emu.colors.nc ); @@ -1836,7 +1836,7 @@ fn CreateThread(emu: &mut emu::Emu) { emu.maps.write_dword(tid_ptr, 0x123); } - println!( + log::info!( "{}** {} kernel32!CreateThread code: 0x{:x} {}", emu.colors.light_red, emu.pos, code, emu.colors.nc ); @@ -1846,7 +1846,7 @@ fn CreateThread(emu: &mut emu::Emu) { } if flags == constants::CREATE_SUSPENDED { - println!("\tcreated suspended!"); + log::info!("\tcreated suspended!"); } let con = console::Console::new(); @@ -1865,7 +1865,7 @@ fn CreateThread(emu: &mut emu::Emu) { // alloc a stack vs reusing stack. return; } else { - println!("cannot emulate the thread, the function pointer is not mapped."); + log::info!("cannot emulate the thread, the function pointer is not mapped."); } } @@ -1909,13 +1909,13 @@ fn MapViewOfFile(emu: &mut emu::Emu) { let mem = emu.maps.create_map("file_map", addr, size).expect("kernel32!MapViewOfFile cannot create map"); let loaded = mem.load_chunk(&emu.filename, off, size as usize); - println!( + log::info!( "{}** {} kernel32!MapViewOfFile hndl: {} off: {} sz: {} ={} {}", emu.colors.light_red, emu.pos, hndl, off, size, addr, emu.colors.nc ); if off > 0 { - println!("the non-zero offset is not implemented for now"); + log::info!("the non-zero offset is not implemented for now"); } for _ in 0..5 { @@ -1931,7 +1931,7 @@ fn GetSystemTimeAsFileTime(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!GetSystemTimeAsFileTime cannot read sys_time_ptr"); - println!( + log::info!( "{}** {} kernel32!GetSystemTimeAsFileTime {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1942,7 +1942,7 @@ fn GetSystemTimeAsFileTime(emu: &mut emu::Emu) { } fn GetCurrentThreadId(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetCurrentThreadId {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1951,7 +1951,7 @@ fn GetCurrentThreadId(emu: &mut emu::Emu) { } fn GetTickCount(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetTickCount {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1968,7 +1968,7 @@ fn QueryPerformanceCounter(emu: &mut emu::Emu) { emu.maps.write_dword(counter_ptr, 0x1); - println!( + log::info!( "{}** {} kernel32!QueryPerformanceCounter {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1984,7 +1984,7 @@ fn HeapDestroy(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!HeapDestroy cannot read handle") as u64; - println!( + log::info!( "{}** {} kernel32!HeapDestroy {:x} {}", emu.colors.light_red, emu.pos, hndl, emu.colors.nc ); @@ -2009,7 +2009,7 @@ fn HeapCreate(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("kernel32!HeapCreate cannot read max_sz"); - println!( + log::info!( "{}** {} kernel32!HeapCreate initSz: {} maxSz: {} {}", emu.colors.light_red, emu.pos, init_sz, max_sz, emu.colors.nc ); @@ -2048,7 +2048,7 @@ fn GetModuleHandleA(emu: &mut emu::Emu) { emu.regs.rax = mod_mem.get_base(); } - println!( + log::info!( "{}** {} kernel32!GetModuleHandleA '{}' {}", emu.colors.light_red, emu.pos, mod_name, emu.colors.nc ); @@ -2082,7 +2082,7 @@ fn GetModuleHandleW(emu: &mut emu::Emu) { emu.regs.rax = mod_mem.get_base(); } - println!( + log::info!( "{}** {} kernel32!GetModuleHandleW '{}' {}", emu.colors.light_red, emu.pos, mod_name, emu.colors.nc ); @@ -2091,7 +2091,7 @@ fn GetModuleHandleW(emu: &mut emu::Emu) { } fn TlsAlloc(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!TlsAlloc {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2105,7 +2105,7 @@ fn TlsFree(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!TlsFree cannot read idx"); - println!( + log::info!( "{}** {} kernel32!TlsFree idx: {} {}", emu.colors.light_red, emu.pos, idx, emu.colors.nc ); @@ -2124,7 +2124,7 @@ fn TlsSetValue(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!TlsSetValue cannot read val_ptr"); - println!( + log::info!( "{}** {} kernel32!TlsSetValue idx: {} val: 0x{:x} {}", emu.colors.light_red, emu.pos, idx, val, emu.colors.nc ); @@ -2158,7 +2158,7 @@ fn TlsGetValue(emu: &mut emu::Emu) { emu.regs.rax = emu.tls[idx as usize] as u64; } - println!( + log::info!( "{}** {} kernel32!TlsGetValue idx: {} =0x{:x} {}", emu.colors.light_red, emu.pos, @@ -2174,7 +2174,7 @@ fn EncodePointer(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!EncodePointer cannot read the pointer") as u64; - println!( + log::info!( "{}** {} kernel32!EncodePointer ptr: 0x{:x} {}", emu.colors.light_red, emu.pos, ptr, emu.colors.nc ); @@ -2189,7 +2189,7 @@ fn DecodePointer(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!DecodePointer cannot read the pointer") as u64; - println!( + log::info!( "{}** {} kernel32!DecodePointer ptr: 0x{:x} {}", emu.colors.light_red, emu.pos, ptr, emu.colors.nc ); @@ -2204,7 +2204,7 @@ fn Sleep(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!Sleep cannot read millis"); - println!( + log::info!( "{}** {} kernel32!Sleep millis: {} {}", emu.colors.light_red, emu.pos, millis, emu.colors.nc ); @@ -2224,7 +2224,7 @@ fn InitializeCriticalSectionAndSpinCount(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!InitializeCriticalSectionAndSpinCount cannot read spin_count"); - println!("{}** {} kernel32!InitializeCriticalSectionAndSpinCount crit_sect: 0x{:x} spin_count: {} {}", emu.colors.light_red, emu.pos, crit_sect, spin_count, emu.colors.nc); + log::info!("{}** {} kernel32!InitializeCriticalSectionAndSpinCount crit_sect: 0x{:x} spin_count: {} {}", emu.colors.light_red, emu.pos, crit_sect, spin_count, emu.colors.nc); emu.stack_pop32(false); emu.stack_pop32(false); @@ -2253,7 +2253,7 @@ fn HeapAlloc(emu: &mut emu::Emu) { emu.maps.create_map(format!("alloc_{:x}", emu.regs.get_eax() as u32).as_str(), emu.regs.get_eax(), size).expect("kernel32!HeapAlloc out of memory"); - println!( + log::info!( "{}** {} kernel32!HeapAlloc flags: 0x{:x} size: {} =0x{:x} {}", emu.colors.light_red, emu.pos, @@ -2287,7 +2287,7 @@ fn GetProcessAffinityMask(emu: &mut emu::Emu) { emu.maps.write_dword(proc_affinity_mask_ptr, 0x1337); emu.maps.write_dword(sys_affinity_mask_ptr, 0x1337); - println!( + log::info!( "{}** {} kernel32!GetProcessAffinityMask {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2300,7 +2300,7 @@ fn GetProcessAffinityMask(emu: &mut emu::Emu) { } fn IsDebuggerPresent(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!IsDebuggerPresent {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2313,7 +2313,7 @@ fn SetUnhandledExceptionFilter(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!SetUnhandledExceptionFilter cannot read the callback") as u64; - println!( + log::info!( "{}** {} kernel32!SetUnhandledExceptionFilter callback: 0x{:x} {}", emu.colors.light_red, emu.pos, callback, emu.colors.nc ); @@ -2330,7 +2330,7 @@ fn UnhandledExceptionFilter(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!UnhandledExceptionFilter cannot read exception_info"); - println!( + log::info!( "{}** {} kernel32!UnhandledExceptionFilter exception_info: 0x{:x} {}", emu.colors.light_red, emu.pos, exception_info, emu.colors.nc ); @@ -2341,7 +2341,7 @@ fn UnhandledExceptionFilter(emu: &mut emu::Emu) { } fn GetCurrentProcess(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetCurrentProcess {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2365,7 +2365,7 @@ fn LocalAlloc(emu: &mut emu::Emu) { emu.maps.create_map(format!("alloc_{:x}", emu.regs.get_eax() as u32).as_str(), emu.regs.get_eax(), size).expect("kernel32!LocalAlloc out of memory"); - println!( + log::info!( "{}** {} kernel32!LocalAlloc flags: 0x{:x} size: {} =0x{:x} {}", emu.colors.light_red, emu.pos, @@ -2405,7 +2405,7 @@ fn VirtualAllocExNuma(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 20) .expect("kernel32!VirtualAllocExNuma cannot read the nndPreferred"); - println!( + log::info!( "{}** {} kernel32!VirtualAllocExNuma hproc: 0x{:x} addr: 0x{:x} {}", emu.colors.light_red, emu.pos, proc_hndl, addr, emu.colors.nc ); @@ -2425,7 +2425,7 @@ fn VirtualAllocExNuma(emu: &mut emu::Emu) { fn GetUserDefaultLangID(emu: &mut emu::Emu) { emu.regs.rax = 0x000000000000ffff; - println!( + log::info!( "{}** {} kernel32!GetUserDefaultLangID =0x{:x} {}", emu.colors.light_red, emu.pos, emu.regs.rax as u16, emu.colors.nc ); @@ -2433,7 +2433,7 @@ fn GetUserDefaultLangID(emu: &mut emu::Emu) { fn GetProcessHeap(emu: &mut emu::Emu) { emu.regs.rax = helper::handler_create("process heap"); - println!( + log::info!( "{}** {} kernel32!GetProcessHeap =0x{:x} {}", emu.colors.light_red, emu.pos, emu.regs.rax as u32, emu.colors.nc ); @@ -2461,7 +2461,7 @@ fn GetComputerNameA(emu: &mut emu::Emu) { emu.regs.rax = 1; } - println!( + log::info!( "{}** {} kernel32!GetComputerName 'medusa' {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2486,7 +2486,7 @@ fn CreateMutexA(emu: &mut emu::Emu) { .expect("kernel32!CreateMutexA cannot read name param") as u64; let name = emu.maps.read_string(name_ptr); - println!( + log::info!( "{}** {} kernel32!CreateMutexA '{}' {}", emu.colors.light_red, emu.pos, name, emu.colors.nc ); @@ -2514,7 +2514,7 @@ fn CreateMutexW(emu: &mut emu::Emu) { .expect("kernel32!CreateMutexW cannot read name param") as u64; let name = emu.maps.read_wide_string(name_ptr); - println!( + log::info!( "{}** {} kernel32!CreateMutexW '{}' {}", emu.colors.light_red, emu.pos, name, emu.colors.nc ); @@ -2530,7 +2530,7 @@ fn CreateMutexW(emu: &mut emu::Emu) { fn GetLastError(emu: &mut emu::Emu) { let err = LAST_ERROR.lock().unwrap(); emu.regs.rax = *err as u64; - println!( + log::info!( "{}** {} kernel32!GetLastError ={} {}", emu.colors.light_red, emu.pos, emu.regs.rax, emu.colors.nc ); @@ -2570,7 +2570,7 @@ fn CreateFileMappingA(emu: &mut emu::Emu) { emu.regs.rax = helper::handler_create(&name); - println!( + log::info!( "{}** {} kernel32!CreateFileMappingA {} '{}' ={} {}", emu.colors.light_red, emu.pos, @@ -2619,7 +2619,7 @@ fn CreateFileMappingW(emu: &mut emu::Emu) { emu.regs.rax = helper::handler_create(&name); - println!( + log::info!( "{}** {} kernel32!CreateFileMappingW '{}' ={} {}", emu.colors.light_red, emu.pos, @@ -2639,7 +2639,7 @@ fn GetSystemTime(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!GetSystemTime cannot read out_time param") as u64; - println!( + log::info!( "{}** {} kernel32!GetSystemTime ptr: 0x{:x}' {}", emu.colors.light_red, emu.pos, out_time, emu.colors.nc ); @@ -2662,7 +2662,7 @@ fn lstrcat(emu: &mut emu::Emu) { let mut str1 = emu.maps.read_string(str1_ptr); let str2 = emu.maps.read_string(str2_ptr); - println!( + log::info!( "{}** {} kernel32!lstrcat '{}'+'{}' {}", emu.colors.light_red, emu.pos, str1, str2, emu.colors.nc ); @@ -2683,7 +2683,7 @@ fn SetErrorMode(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!SetErrorMode cannot read mode param"); - println!( + log::info!( "{}** {} kernel32!SetErrorMode 0x{:x} {}", emu.colors.light_red, emu.pos, mode, emu.colors.nc ); @@ -2699,7 +2699,7 @@ fn GetVersionExW(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!GetVersionExW cannot read version_info_ptr param") as u64; - println!( + log::info!( "{}** {} kernel32!GetVersionExW 0x{:x} {}", emu.colors.light_red, emu.pos, version_info_ptr, emu.colors.nc ); @@ -2724,7 +2724,7 @@ fn GetSystemDirectoryA(emu: &mut emu::Emu) { emu.maps.write_string(out_buff_ptr, "C:\\Windows\\\x00"); - println!( + log::info!( "{}** {} kernel32!GetSystemDirectoryA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2748,7 +2748,7 @@ fn GetSystemDirectoryW(emu: &mut emu::Emu) { emu.maps .write_wide_string(out_buff_ptr, "C:\\Windows\\\x00\x00"); - println!( + log::info!( "{}** {} kernel32!GetSystemDirectoryW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2765,7 +2765,7 @@ fn GetStartupInfoA(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!GetStartupInfoA cannot read startup_info_ptr param") as u64; - println!( + log::info!( "{}** {} kernel32!GetStartupInfoA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2783,7 +2783,7 @@ fn GetStartupInfoW(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!GetStartupInfoW cannot read startup_info_ptr param") as u64; - println!( + log::info!( "{}** {} kernel32!GetStartupInfoW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2809,7 +2809,7 @@ fn FlsGetValue(emu: &mut emu::Emu) { emu.regs.rax = emu.fls[idx as usize] as u64; } - println!( + log::info!( "{}** {} kernel32!FlsGetValue idx: {} =0x{:x} {}", emu.colors.light_red, emu.pos, @@ -2870,7 +2870,7 @@ fn IsProcessorFeaturePresent(emu: &mut emu::Emu) { _ => "unknown feature", }; - println!( + log::info!( "{}** {} kernel32!IsProcessorFeaturePresent feature: {} {} {}", emu.colors.light_red, emu.pos, feature, msg, emu.colors.nc ); @@ -2886,7 +2886,7 @@ fn InitializeCriticalSection(emu: &mut emu::Emu) { emu.stack_pop32(false); - println!( + log::info!( "{}** {} kernel32!InitializeCriticalSection ptr: 0x{:x} {}", emu.colors.light_red, emu.pos, ptr_crit_sect, emu.colors.nc ); @@ -2912,7 +2912,7 @@ fn InitializeCriticalSectionEx(emu: &mut emu::Emu) { emu.stack_pop32(false); emu.stack_pop32(false); - println!( + log::info!( "{}** {} kernel32!InitializeCriticalSectionEx ptr: 0x{:x} {}", emu.colors.light_red, emu.pos, ptr_crit_sect, emu.colors.nc ); @@ -2926,7 +2926,7 @@ fn FlsAlloc(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!FlsAlloc cannot read callback"); - println!( + log::info!( "{}** {} kernel32!FlsAlloc callback: 0x{:x} {}", emu.colors.light_red, emu.pos, callback, emu.colors.nc ); @@ -2945,7 +2945,7 @@ fn FlsSetValue(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!FlsSetValue cannot read value"); - println!( + log::info!( "{}** {} kernel32!FlsSetValue idx: {} val: {} {}", emu.colors.light_red, emu.pos, idx, val, emu.colors.nc ); @@ -2970,7 +2970,7 @@ fn SetLastError(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!SetLastError cannot read err_code"); - println!( + log::info!( "{}** {} kernel32!SetLastError err: {} {}", emu.colors.light_red, emu.pos, err_code, emu.colors.nc ); @@ -2991,7 +2991,7 @@ fn lstrlen(emu: &mut emu::Emu) { let s = emu.maps.read_string(s_ptr); let len = s.len() as u64; - println!( + log::info!( "{}** {} kernel32!lstrlen '{}' ={} {}", emu.colors.light_red, emu.pos, s, len, emu.colors.nc ); @@ -3036,7 +3036,7 @@ fn MultiByteToWideChar(emu: &mut emu::Emu) { wide.push_str("\x00"); } - println!( + log::info!( "{}** {} kernel32!MultiByteToWideChar '{}' dst:0x{:x} {}", emu.colors.light_red, emu.pos, utf8, wide_ptr, emu.colors.nc ); @@ -3053,7 +3053,7 @@ fn GetSystemInfo(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!GetSystemInfo cannot read out_sysinfo") as u64; - println!( + log::info!( "{}** {} kernel32!GetSystemInfo sysinfo: 0x{:x} {}", emu.colors.light_red, emu.pos, out_sysinfo, emu.colors.nc ); @@ -3078,7 +3078,7 @@ fn HeapFree(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("kernel32!HeapFree cannot read heap handle"); - println!( + log::info!( "{}** {} kernel32!HeapFree mem: 0x{:x} {}", emu.colors.light_red, emu.pos, mem, emu.colors.nc ); @@ -3096,7 +3096,7 @@ fn SetThreadLocale(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!SetThreadLocale cannot read locale param"); - println!( + log::info!( "{}** {} kernel32!SetThreadLocale {} {}", emu.colors.light_red, emu.pos, locale, emu.colors.nc ); @@ -3106,7 +3106,7 @@ fn SetThreadLocale(emu: &mut emu::Emu) { } fn GetCommandLineA(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetCommandlineA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3116,7 +3116,7 @@ fn GetCommandLineA(emu: &mut emu::Emu) { } fn GetCommandLineW(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetCommandlineW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3126,7 +3126,7 @@ fn GetCommandLineW(emu: &mut emu::Emu) { } fn GetAcp(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetAcp {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3147,7 +3147,7 @@ fn GetModuleFileNameW(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("kernel32!GetModuleFileNameW cannot read out_filename_ptr"); - println!( + log::info!( "{}** {} kernel32!GetModuleFileNameW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3183,7 +3183,7 @@ fn RegOpenKeyExW(emu: &mut emu::Emu) { .expect("kernel32!RegOpenKeyExW cannot read result"); let subkey = emu.maps.read_wide_string(subkey_ptr); - println!( + log::info!( "{}** {} kernel32!RegOpenKeyExW {} {}", emu.colors.light_red, emu.pos, subkey, emu.colors.nc ); @@ -3196,7 +3196,7 @@ fn RegOpenKeyExW(emu: &mut emu::Emu) { } fn GetUserDefaultUILanguage(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetUserDefaultUILanguage (0x0409 en_US) {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3209,7 +3209,7 @@ fn EnterCriticalSection(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!EnterCriticalSection cannot read crit_sect"); - println!( + log::info!( "{}** {} kernel32!EnterCriticalSection 0x{:x} {}", emu.colors.light_red, emu.pos, crit_sect, emu.colors.nc ); @@ -3223,7 +3223,7 @@ fn LeaveCriticalSection(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!LeaveCriticalSection cannot read crit_sect"); - println!( + log::info!( "{}** {} kernel32!LeaveCriticalSection {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3241,7 +3241,7 @@ fn IsValidLocale(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!IsValidLocale cannot read flags"); - println!( + log::info!( "{}** {} kernel32!IsValidLocale {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3252,7 +3252,7 @@ fn IsValidLocale(emu: &mut emu::Emu) { } fn GetThreadUILanguage(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetThreadUILanguage (0x0409 en_US) {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3280,7 +3280,7 @@ fn GetThreadPreferredUILanguages(emu: &mut emu::Emu) { .expect("kernel32!GetThreadPreferredUILanguages cannot read sz") as u64; emu.maps.write_dword(num_langs_ptr, 0); - println!( + log::info!( "{}** {} kernel32!GetThreadPreferredUILanguages {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3308,7 +3308,7 @@ fn lstrcmpA(emu: &mut emu::Emu) { let s1 = emu.maps.read_string(s1_ptr); let s2 = emu.maps.read_string(s2_ptr); - println!( + log::info!( "{}** {} kernel32!lstrcmpA '{}' == '{}' {}", emu.colors.light_red, emu.pos, s1, s2, emu.colors.nc ); @@ -3339,7 +3339,7 @@ fn lstrcmpW(emu: &mut emu::Emu) { let s1 = emu.maps.read_wide_string(s1_ptr); let s2 = emu.maps.read_wide_string(s2_ptr); - println!( + log::info!( "{}** {} kernel32!lstrcmpW '{}' == '{}' {}", emu.colors.light_red, emu.pos, s1, s2, emu.colors.nc ); @@ -3366,7 +3366,7 @@ fn GetNativeSystemInfo(emu: &mut emu::Emu) { let mut sysinfo = emu::structures::SystemInfo32::new(); sysinfo.save(sysinfo_ptr, &mut emu.maps); - println!( + log::info!( "{}** {} kernel32!GetNativeSystemInfo {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3391,7 +3391,7 @@ fn GetTempPathW(emu: &mut emu::Emu) { emu.regs.rax = 0; } - println!( + log::info!( "{}** {} kernel32!GetTempPathW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3424,7 +3424,7 @@ fn FileTimeToLocalFileTime(emu: &mut emu::Emu) { emu.maps .write_dword(out_lpLocalFileTime + 4, dwHighDateTime); - println!( + log::info!( "{}** {} kernel32!FileTimeToLocalFileTime {} {} {}", emu.colors.light_red, emu.pos, dwLowDateTime, dwHighDateTime, emu.colors.nc ); @@ -3478,7 +3478,7 @@ fn FileTimeToDosDateTime(emu: &mut emu::Emu) { emu.maps.write_dword(out_lpFatDate, 0); emu.maps.write_dword(out_lpFatTime, 0); - println!( + log::info!( "{}** {} kernel32!FileTimeToDosDateTime {} {} {}", emu.colors.light_red, emu.pos, dwLowDateTime, dwHighDateTime, emu.colors.nc ); @@ -3503,13 +3503,13 @@ fn VirtualQuery(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("kernel32!VirtualQuery cannot read size"); - println!( + log::info!( "{}** {} kernel32!VirtualQuery 0x{:x} 0x{:x} {} {}", emu.colors.light_red, emu.pos, addr, out_buff, size, emu.colors.nc ); if size < 30 { - println!("buffer to short: {}", size); + log::info!("buffer to short: {}", size); emu.regs.rax = 0; } else { let mbi = structures::MemoryBasicInformation::guess(addr, &mut emu.maps); @@ -3536,7 +3536,7 @@ fn VirtualFree(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("kernel32!VirtualFree cannot read size") as u64; - println!( + log::info!( "{}** {} kernel32!VirtualFree 0x{:x} {} {}", emu.colors.light_red, emu.pos, addr, size, emu.colors.nc ); @@ -3575,7 +3575,7 @@ fn RaiseException(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 12) .expect("kernel32!RaiseException cannot read args"); - println!( + log::info!( "{}** {} kernel32!RaiseException {} {} {}", emu.colors.light_red, emu.pos, code, flags, emu.colors.nc ); @@ -3589,7 +3589,7 @@ fn RaiseException(emu: &mut emu::Emu) { } fn VerifyVersionInfoW(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!VerifyVersionInfoW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3608,7 +3608,7 @@ fn GetTimeZoneInformation(emu: &mut emu::Emu) { //TODO: new structure https://learn.microsoft.com/en-us/windows/win32/api/timezoneapi/ns-timezoneapi-time_zone_information - println!( + log::info!( "{}** {} kernel32!GetTimeZoneInformation {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3635,13 +3635,13 @@ fn VirtualQueryEx(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 12) .expect("kernel32!VirtualQueryEx cannot read size"); - println!( + log::info!( "{}** {} kernel32!VirtualQueryEx 0x{:x} 0x{:x} {} {}", emu.colors.light_red, emu.pos, addr, out_buff, size, emu.colors.nc ); if size < 30 { - println!("buffer to short: {}", size); + log::info!("buffer to short: {}", size); emu.regs.rax = 0; } else { let mbi = structures::MemoryBasicInformation::guess(addr, &mut emu.maps); @@ -3668,7 +3668,7 @@ fn InterlockedIncrement(emu: &mut emu::Emu) { emu.maps.write_dword(addend as u64, prev + 1); - println!( + log::info!( "{}** {} kernel32!InterlockedIncrement 0x{:x} {}->{} {}", emu.colors.light_red, emu.pos, @@ -3683,7 +3683,7 @@ fn InterlockedIncrement(emu: &mut emu::Emu) { } fn GetEnvironmentStrings(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetEnvironmentStrings {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3693,7 +3693,7 @@ fn GetEnvironmentStrings(emu: &mut emu::Emu) { } fn GetEnvironmentStringsW(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetEnvironmentStringsW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -3709,7 +3709,7 @@ fn GetStdHandle(emu: &mut emu::Emu) { .read_dword(emu.regs.rsp) .expect("kernel32!GetStdHandle error reading nstd param"); - println!( + log::info!( "{}** {} kernel32!GetStdHandle {} {}", emu.colors.light_red, emu.pos, nstd, emu.colors.nc ); @@ -3724,7 +3724,7 @@ fn GetFileType(emu: &mut emu::Emu) { .read_dword(emu.regs.rsp) .expect("kernel32!GetFileType error getting hndl param"); - println!( + log::info!( "{}** {} kernel32!GetFileType 0x{:x} {}", emu.colors.light_red, emu.pos, hndl, emu.colors.nc ); @@ -3747,7 +3747,7 @@ fn SetHandleCount(emu: &mut emu::Emu) { .read_dword(emu.regs.rsp) .expect("kernel32!SetHandleCount error getting num param"); - println!( + log::info!( "{}** {} kernel32!SetHandleCount {} {}", emu.colors.light_red, emu.pos, num, emu.colors.nc ); @@ -3762,7 +3762,7 @@ fn IsValidCodePage(emu: &mut emu::Emu) { .read_dword(emu.regs.rsp) .expect("kernel32!IsValidCodePage error geting codepage param"); - println!( + log::info!( "{}** {} kernel32!IsValidCodePage {} {}", emu.colors.light_red, emu.pos, codepage, emu.colors.nc ); @@ -3781,7 +3781,7 @@ fn GetCPInfo(emu: &mut emu::Emu) { .read_dword(emu.regs.rsp + 4) .expect("kernel32!GetCPInfo error reading inmfo_ptr param"); - println!( + log::info!( "{}** {} kernel32!GetCPInfo {} 0x{} {}", emu.colors.light_red, emu.pos, codepage, info_ptr, emu.colors.nc ); @@ -3813,7 +3813,7 @@ fn GetStringTypeW(emu: &mut emu::Emu) { let ustr = emu.maps.read_wide_string(str_ptr); - println!( + log::info!( "{}** {} kernel32!GetStringTypeW `{}` 0x{} {}", emu.colors.light_red, emu.pos, ustr, sz, emu.colors.nc ); @@ -3853,7 +3853,7 @@ fn LCMapStringW(emu: &mut emu::Emu) { let s = emu.maps.read_wide_string(src_ptr); - println!( + log::info!( "{}** {} kernel32!LCMapStringW `{}` dst:0x{:x} sz:{}->{} {}", emu.colors.light_red, emu.pos, s, dest_ptr, src_sz, dest_sz, emu.colors.nc ); @@ -3902,7 +3902,7 @@ fn WideCharToMultiByte(emu: &mut emu::Emu) { .read_dword(emu.regs.rsp + 28) .expect("kernel32!WideCharToMultiByte error reading param") as u64; - //println!("default_char_ptr 0x{:x}", in_default_char); + //log::info!("default_char_ptr 0x{:x}", in_default_char); //let default_char = emu.maps.read_byte(in_default_char) // .expect("kernel32!WideCharToMultiByte error reading default char"); @@ -3913,7 +3913,7 @@ fn WideCharToMultiByte(emu: &mut emu::Emu) { emu.maps.write_string(mbytestr_ptr, &s); } - println!( + log::info!( "{}** {} kernel32!WideCharToMultiByte `{}` sz:{}->{} ={} {}", emu.colors.light_red, emu.pos, @@ -3954,7 +3954,7 @@ fn CryptCreateHash(emu: &mut emu::Emu) { let alg_name = constants::get_cryptoalgorithm_name(algid); - println!( + log::info!( "{}** {} kernel32!CryptCreateHash alg:{} {}", emu.colors.light_red, emu.pos, alg_name, emu.colors.nc, ); @@ -3988,7 +3988,7 @@ fn HeapSetInformation(emu: &mut emu::Emu) { .read_dword(emu.regs.rsp + 12) .expect("kernel32!HeapSetInformation error reading param"); - println!( + log::info!( "{}** {} kernel32!HeapSetInformation {}", emu.colors.light_red, emu.pos, emu.colors.nc, ); @@ -4005,7 +4005,7 @@ fn FreeEnvironmentStringsW(emu: &mut emu::Emu) { .read_dword(emu.regs.rsp) .expect("kernel32!FreeEnvironmentStringsW error reading param"); - println!( + log::info!( "{}** {} kernel32!FreeEnvironmentStringsW 0x{:x} {}", emu.colors.light_red, emu.pos, env, emu.colors.nc, ); @@ -4027,7 +4027,7 @@ fn OpenProcessToken(emu: &mut emu::Emu) { .read_dword(emu.regs.rsp + 8) .expect("kernel32!OpenProcessToken error reading param") as u64; - println!( + log::info!( "{}** {} kernel32!OpenProcessToken 0x{:x} {} {}", emu.colors.light_red, emu.pos, hndl, access, emu.colors.nc, ); @@ -4063,7 +4063,7 @@ fn CreateEventA(emu: &mut emu::Emu) { let name = emu.maps.read_string(name_ptr); - println!( + log::info!( "{}** {} kernel32!CreateEventA `{}` {}", emu.colors.light_red, emu.pos, name, emu.colors.nc, ); @@ -4085,7 +4085,7 @@ fn AddVectoredExceptionHandler(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("kernel32!AddVectoredExceptionHandler: error reading fptr") as u64; - println!( + log::info!( "{}** {} kernel32!AddVectoredExceptionHandler {} callback: 0x{:x} {}", emu.colors.light_red, emu.pos, p1, fptr, emu.colors.nc ); @@ -4113,7 +4113,7 @@ fn GetLongPathNameW(emu: &mut emu::Emu) { let short = emu.maps.read_wide_string(short_path_ptr); - println!( + log::info!( "{}** {} kernel32!GetLongPathNameW {} {:x} {}", emu.colors.light_red, emu.pos, short, long_path_ptr, emu.colors.nc ); @@ -4137,7 +4137,7 @@ fn FreeLibrary(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("kernel32!FreeLibrary: error reading param") as u64; - println!( + log::info!( "{}** {} kernel32!FreeLibrary {:x} {}", emu.colors.light_red, emu.pos, hmod, emu.colors.nc ); @@ -4147,7 +4147,7 @@ fn FreeLibrary(emu: &mut emu::Emu) { } fn AreFileApisANSI(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!AreFileApisANSI {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -4178,7 +4178,7 @@ fn CreateFileW(emu: &mut emu::Emu) { perm = "unknown permissions".to_string(); } - println!( + log::info!( "{}** {} kernel32!CreateFileW `{}` {} {}", emu.colors.light_red, emu.pos, fname, perm, emu.colors.nc ); @@ -4212,7 +4212,7 @@ fn GetModuleFileNameA(emu: &mut emu::Emu) { emu.maps.write_string(fname_ptr, "c:\\test.exe"); } - println!( + log::info!( "{}** {} kernel32!GetModuleFileNameA 0x{:x} {}", emu.colors.light_red, emu.pos, hmod, emu.colors.nc ); @@ -4230,7 +4230,7 @@ fn lstrcpy(emu: &mut emu::Emu) { let s = emu.maps.read_string(src); emu.maps.write_string(dst, &s); - println!("{}** {} kernel32!lstrcpy 0x{:x} `{}` {}", emu.colors.light_red, emu.pos, dst, s, emu.colors.nc); + log::info!("{}** {} kernel32!lstrcpy 0x{:x} `{}` {}", emu.colors.light_red, emu.pos, dst, s, emu.colors.nc); emu.regs.rax = dst; emu.stack_pop32(false); @@ -4238,12 +4238,12 @@ fn lstrcpy(emu: &mut emu::Emu) { } fn GetACP(emu: &mut emu::Emu) { - println!("{}** {} kernel32!GetACP {}", emu.colors.light_red, emu.pos, emu.colors.nc); + log::info!("{}** {} kernel32!GetACP {}", emu.colors.light_red, emu.pos, emu.colors.nc); emu.regs.rax = 0x00000409; } fn GetOEMCP(emu: &mut emu::Emu) { - println!("{}** {} kernel32!GetOEMCP {}", emu.colors.light_red, emu.pos, emu.colors.nc); + log::info!("{}** {} kernel32!GetOEMCP {}", emu.colors.light_red, emu.pos, emu.colors.nc); emu.regs.rax = 0x00000409; } @@ -4251,7 +4251,7 @@ fn GetWindowsDirectoryA(emu: &mut emu::Emu) { let ptr = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!GetWindowsDirectoryA: error reading param") as u64; let size = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!GetWindowsDirectoryA: error reading param") as u64; - println!("{}** {} kernel32!GetWindowsDirectoryA {}", emu.colors.light_red, emu.pos, emu.colors.nc); + log::info!("{}** {} kernel32!GetWindowsDirectoryA {}", emu.colors.light_red, emu.pos, emu.colors.nc); emu.maps.write_string(ptr, "C:\\Windows\\"); emu.regs.rax = size; @@ -4264,7 +4264,7 @@ fn GetWindowsDirectoryW(emu: &mut emu::Emu) { let ptr = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!GetWindowsDirectoryW: error reading param") as u64; let size = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!GetWindowsDirectoryW: error reading param") as u64; - println!("{}** {} kernel32!GetWindowsDirectoryW {}", emu.colors.light_red, emu.pos, emu.colors.nc); + log::info!("{}** {} kernel32!GetWindowsDirectoryW {}", emu.colors.light_red, emu.pos, emu.colors.nc); emu.maps.write_wide_string(ptr, "C:\\Windows\\"); emu.regs.rax = size; @@ -4277,7 +4277,7 @@ fn GetSystemWindowsDirectoryA(emu: &mut emu::Emu) { let ptr = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!GetSystemWindowsDirectoryA: error reading param") as u64; let size = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!GetSystemWindowsDirectoryA: error reading param") as u64; - println!("{}** {} kernel32!GetSystemWindowsDirectoryA {}", emu.colors.light_red, emu.pos, emu.colors.nc); + log::info!("{}** {} kernel32!GetSystemWindowsDirectoryA {}", emu.colors.light_red, emu.pos, emu.colors.nc); emu.maps.write_string(ptr, "C:\\Windows\\system32\\"); emu.regs.rax = size; @@ -4290,7 +4290,7 @@ fn GetSystemWindowsDirectoryW(emu: &mut emu::Emu) { let ptr = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!GetSystemWindowsDirectoryW: error reading param") as u64; let size = emu.maps.read_dword(emu.regs.get_esp() + 4).expect("kernel32!GetSystemWindowsDirectoryW: error reading param") as u64; - println!("{}** {} kernel32!GetSystemWindowsDirectoryW {}", emu.colors.light_red, emu.pos, emu.colors.nc); + log::info!("{}** {} kernel32!GetSystemWindowsDirectoryW {}", emu.colors.light_red, emu.pos, emu.colors.nc); emu.maps.write_wide_string(ptr, "C:\\Windows\\system32\\"); emu.regs.rax = size; @@ -4314,7 +4314,7 @@ fn RegCreateKeyExA(emu: &mut emu::Emu) { class_name = emu.maps.read_string(class_ptr); } - println!("{}** {} kernel32!RegCreateKeyExA {} {} {}", emu.colors.light_red, emu.pos, subkey, class_name, emu.colors.nc); + log::info!("{}** {} kernel32!RegCreateKeyExA {} {} {}", emu.colors.light_red, emu.pos, subkey, class_name, emu.colors.nc); emu.regs.rax = constants::ERROR_SUCCESS; for _ in 0..9 { @@ -4336,7 +4336,7 @@ fn RegCreateKeyExW(emu: &mut emu::Emu) { class_name = emu.maps.read_wide_string(class_ptr); } - println!("{}** {} kernel32!RegCreateKeyExW {} {} {}", emu.colors.light_red, emu.pos, subkey, class_name, emu.colors.nc); + log::info!("{}** {} kernel32!RegCreateKeyExW {} {} {}", emu.colors.light_red, emu.pos, subkey, class_name, emu.colors.nc); emu.regs.rax = constants::ERROR_SUCCESS; for _ in 0..9 { @@ -4354,7 +4354,7 @@ fn RegSetValueExA(emu: &mut emu::Emu) { let value_name = emu.maps.read_string(value_name_ptr); - println!("{}** {} kernel32!RegSetValueExA `{}` type: {} data: 0x{:x} {}", emu.colors.light_red, emu.pos, value_name, value_type, data_ptr, emu.colors.nc); + log::info!("{}** {} kernel32!RegSetValueExA `{}` type: {} data: 0x{:x} {}", emu.colors.light_red, emu.pos, value_name, value_type, data_ptr, emu.colors.nc); emu.regs.rax = constants::ERROR_SUCCESS; for _ in 0..6 { @@ -4372,7 +4372,7 @@ fn RegSetValueExW(emu: &mut emu::Emu) { let value_name = emu.maps.read_wide_string(value_name_ptr); - println!("{}** {} kernel32!RegSetValueExW `{}` type: {} data: 0x{:x} {}", emu.colors.light_red, emu.pos, value_name, value_type, data_ptr, emu.colors.nc); + log::info!("{}** {} kernel32!RegSetValueExW `{}` type: {} data: 0x{:x} {}", emu.colors.light_red, emu.pos, value_name, value_type, data_ptr, emu.colors.nc); emu.regs.rax = constants::ERROR_SUCCESS; for _ in 0..6 { @@ -4383,7 +4383,7 @@ fn RegSetValueExW(emu: &mut emu::Emu) { fn RegCloseKey(emu: &mut emu::Emu) { let hKey = emu.maps.read_dword(emu.regs.get_esp()).expect("kernel32!RegCloseKey: error reading param") as u64; - println!("{}** {} kernel32!RegCloseKey hkey: 0x{:x} {}", emu.colors.light_red, emu.pos, hKey, emu.colors.nc); + log::info!("{}** {} kernel32!RegCloseKey hkey: 0x{:x} {}", emu.colors.light_red, emu.pos, hKey, emu.colors.nc); emu.stack_pop32(false); emu.regs.rax = constants::ERROR_SUCCESS; } @@ -4396,7 +4396,7 @@ fn RegOpenKeyA(emu: &mut emu::Emu) { let subkey = emu.maps.read_string(subkey_ptr); emu.maps.write_dword(result, helper::handler_create(&format!("key://{}", subkey)) as u32); - println!("{}** {} kernel32!RegOpenKeyA `{}` {}", emu.colors.light_red, emu.pos, subkey, emu.colors.nc); + log::info!("{}** {} kernel32!RegOpenKeyA `{}` {}", emu.colors.light_red, emu.pos, subkey, emu.colors.nc); emu.regs.rax = constants::ERROR_SUCCESS; for _ in 0..3 { @@ -4412,7 +4412,7 @@ fn RegOpenKeyW(emu: &mut emu::Emu) { let subkey = emu.maps.read_wide_string(subkey_ptr); emu.maps.write_dword(result, helper::handler_create(&format!("key://{}", subkey)) as u32); - println!("{}** {} kernel32!RegOpenKeyW `{}` {}", emu.colors.light_red, emu.pos, subkey, emu.colors.nc); + log::info!("{}** {} kernel32!RegOpenKeyW `{}` {}", emu.colors.light_red, emu.pos, subkey, emu.colors.nc); emu.regs.rax = constants::ERROR_SUCCESS; for _ in 0..3 { diff --git a/src/emu/winapi32/kernelbase.rs b/src/emu/winapi32/kernelbase.rs index a22d9fc..bebc247 100644 --- a/src/emu/winapi32/kernelbase.rs +++ b/src/emu/winapi32/kernelbase.rs @@ -18,7 +18,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { "_initterm_e" => _initterm_e(emu), _ => { - println!("calling unimplemented kernelbase API 0x{:x} {}", addr, api); + log::info!("calling unimplemented kernelbase API 0x{:x} {}", addr, api); return api; } } @@ -45,7 +45,7 @@ fn LoadStringW(emu: &mut emu::Emu) { let len = emu.maps.read_dword(emu.regs.rsp+12) .expect("kernelbase!LoadStringW error reading param"); - println!( + log::info!( "{}** {} kernelbase!LoadStringW {} 0x{} {}", emu.colors.light_red, emu.pos, id, buff, emu.colors.nc, ); @@ -62,7 +62,7 @@ fn _initterm(emu: &mut emu::Emu) { .expect("kernelbase!_initterm error reading param"); let ptr2 = emu.maps.read_dword(emu.regs.rsp+4) .expect("kernelbase!_initterm error reading param"); - println!("{}** {} kernelbase!_initterm 0x{:x} 0x{:x} {}", emu.colors.light_red, emu.pos, ptr1, ptr2, emu.colors.nc); + log::info!("{}** {} kernelbase!_initterm 0x{:x} 0x{:x} {}", emu.colors.light_red, emu.pos, ptr1, ptr2, emu.colors.nc); emu.stack_pop32(false); emu.stack_pop32(false); emu.regs.rax = 0; @@ -73,7 +73,7 @@ fn _initterm_e(emu: &mut emu::Emu) { .expect("kernelbase!_initterm_e error reading param"); let ptr2 = emu.maps.read_dword(emu.regs.rsp+4) .expect("kernelbase!_initterm_e error reading param"); - println!("{}** {} kernelbase!_initterm_e 0x{:x} 0x{:x} {}", emu.colors.light_red, emu.pos, ptr1, ptr2, emu.colors.nc); + log::info!("{}** {} kernelbase!_initterm_e 0x{:x} 0x{:x} {}", emu.colors.light_red, emu.pos, ptr1, ptr2, emu.colors.nc); emu.stack_pop32(false); emu.stack_pop32(false); emu.regs.rax = 0; diff --git a/src/emu/winapi32/libgcc.rs b/src/emu/winapi32/libgcc.rs index 8b42ccf..a1d0e79 100644 --- a/src/emu/winapi32/libgcc.rs +++ b/src/emu/winapi32/libgcc.rs @@ -11,7 +11,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { _ => { - println!("calling unimplemented libgcc API 0x{:x} {}", addr, api); + log::info!("calling unimplemented libgcc API 0x{:x} {}", addr, api); return api; } } @@ -30,7 +30,7 @@ fn __register_frame_info(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()+4) .expect("advapi32!__register_frame_info error reading param"); - println!( + log::info!( "{}** {} libgcc!__register_frame_info {:x} {:x} {}", emu.colors.light_red, emu.pos, p1, p2, emu.colors.nc ); @@ -58,7 +58,7 @@ fn __deregister_frame_info(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("advapi32!__deregister_frame_info error reading param"); - println!( + log::info!( "{}** {} libgcc!__deregister_frame_info {:x} {}", emu.colors.light_red, emu.pos, p1, emu.colors.nc ); diff --git a/src/emu/winapi32/mscoree.rs b/src/emu/winapi32/mscoree.rs index ef91d1c..d84771f 100644 --- a/src/emu/winapi32/mscoree.rs +++ b/src/emu/winapi32/mscoree.rs @@ -7,7 +7,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { "_CorExeMain" => _CorExeMain(emu), _ => { - println!("calling unimplemented mscoree API 0x{:x} {}", addr, api); + log::info!("calling unimplemented mscoree API 0x{:x} {}", addr, api); return api; } } @@ -16,7 +16,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { } pub fn _CorExeMain(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} mscoree!_CorExeMain {}", emu.colors.light_red, emu.pos, emu.colors.nc ); diff --git a/src/emu/winapi32/msvcrt.rs b/src/emu/winapi32/msvcrt.rs index 9d261cc..a888efa 100644 --- a/src/emu/winapi32/msvcrt.rs +++ b/src/emu/winapi32/msvcrt.rs @@ -25,7 +25,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { "strtok" => strtok(emu), _ => { - println!("calling unimplemented msvcrt API 0x{:x} {}", addr, api); + log::info!("calling unimplemented msvcrt API 0x{:x} {}", addr, api); return api; } } @@ -43,7 +43,7 @@ fn _initterm_e(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("msvcrt!_initterm_e: error reading en pointer") as u64; - println!( + log::info!( "{}** {} msvcrt!_initterm_e 0x{:x} - 0x{:x} {}", emu.colors.light_red, emu.pos, start_ptr, end_ptr, emu.colors.nc ); @@ -63,7 +63,7 @@ fn _initterm(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("msvcrt!_initterm_e: error reading end pointer") as u64; - println!( + log::info!( "{}** {} msvcrt!_initterm 0x{:x} - 0x{:x} {}", emu.colors.light_red, emu.pos, start_ptr, end_ptr, emu.colors.nc ); @@ -86,7 +86,7 @@ fn StrCmpCA(emu: &mut emu::Emu) { let str1 = emu.maps.read_string(str1_ptr); let str2 = emu.maps.read_string(str2_ptr); - println!( + log::info!( "{}** {} msvcrt!StrCmpA {} == {} {}", emu.colors.light_red, emu.pos, str1, str2, emu.colors.nc ); @@ -114,7 +114,7 @@ fn fopen(emu: &mut emu::Emu) { let filepath = emu.maps.read_string(filepath_ptr); let mode = emu.maps.read_string(mode_ptr); - println!( + log::info!( "{}** {} msvcrt!fopen `{}` fmt:`{}` {}", emu.colors.light_red, emu.pos, filepath, mode, emu.colors.nc ); @@ -148,7 +148,7 @@ fn fwrite(emu: &mut emu::Emu) { /*for _ in 0..4 { emu.stack_pop32(false); }*/ - println!( + log::info!( "{}** {} msvcrt!fwrite `{}` 0x{:x} {} {}", emu.colors.light_red, emu.pos, filename, buff_ptr, size, emu.colors.nc ); @@ -164,7 +164,7 @@ fn fflush(emu: &mut emu::Emu) { let filename = helper::handler_get_uri(file as u64); - println!( + log::info!( "{}** {} msvcrt!fflush `{}` {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -182,7 +182,7 @@ fn fclose(emu: &mut emu::Emu) { let filename = helper::handler_get_uri(file as u64); - println!( + log::info!( "{}** {} msvcrt!fclose `{}` {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -193,7 +193,7 @@ fn fclose(emu: &mut emu::Emu) { } fn __p___argv(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} msvcrt!__p___argc {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -210,7 +210,7 @@ fn __p___argc(emu: &mut emu::Emu) { } }; - println!( + log::info!( "{}** {} msvcrt!__p___argc {} {}", emu.colors.light_red, emu.pos, args.get_base(), emu.colors.nc ); @@ -229,7 +229,7 @@ fn malloc(emu: &mut emu::Emu) { emu.maps.create_map(&format!("alloc_{:x}", base), base, size) .expect("msvcrt!malloc cannot create map"); - println!("{}** {} msvcrt!malloc sz: {} addr: 0x{:x} {}", + log::info!("{}** {} msvcrt!malloc sz: {} addr: 0x{:x} {}", emu.colors.light_red, emu.pos, size, base, emu.colors.nc); emu.regs.rax = base; @@ -240,7 +240,7 @@ fn malloc(emu: &mut emu::Emu) { fn __p__acmdln(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} msvcrt!__p___argc {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -252,7 +252,7 @@ fn _onexit(emu: &mut emu::Emu) { let fptr = emu.maps.read_dword(emu.regs.get_esp()) .expect("msvcrt!_onexit") as u64; - println!( + log::info!( "{}** {} msvcrt!_onexit 0x{:x} {}", emu.colors.light_red, emu.pos, fptr, emu.colors.nc ); @@ -266,7 +266,7 @@ fn _lock(emu: &mut emu::Emu) { let lock_num = emu.maps.read_dword(emu.regs.get_esp()) .expect("msvcrt!_lock"); - println!( + log::info!( "{}** {} msvcrt!_lock {} {}", emu.colors.light_red, emu.pos, lock_num, emu.colors.nc ); @@ -279,7 +279,7 @@ fn free(emu: &mut emu::Emu) { let addr = emu.maps.read_dword(emu.regs.get_esp()) .expect("msvcrt!free error reading addr"); - println!( + log::info!( "{}** {} msvcrt!free 0x{:x} {}", emu.colors.light_red, emu.pos, addr, emu.colors.nc ); @@ -303,7 +303,7 @@ fn realloc(emu: &mut emu::Emu) { emu.maps.create_map(&format!("alloc_{:x}", base), base, size) .expect("msvcrt!malloc cannot create map"); - println!("{}** {} msvcrt!realloc 0x{:x} {} =0x{:x} {}", + log::info!("{}** {} msvcrt!realloc 0x{:x} {} =0x{:x} {}", emu.colors.light_red, emu.pos, addr, size, base, emu.colors.nc); emu.regs.rax = base; @@ -312,7 +312,7 @@ fn realloc(emu: &mut emu::Emu) { } if size == 0 { - println!("{}** {} msvcrt!realloc 0x{:x} {} =0x1337 {}", + log::info!("{}** {} msvcrt!realloc 0x{:x} {} =0x1337 {}", emu.colors.light_red, emu.pos, addr, size, emu.colors.nc); emu.regs.rax = 0x1337; // weird msvcrt has to return a random unallocated pointer, and the program has to do free() on it @@ -331,7 +331,7 @@ fn realloc(emu: &mut emu::Emu) { emu.maps.memcpy(new_addr, addr, prev_size); emu.maps.dealloc(addr); - println!( + log::info!( "{}** {} msvcrt!realloc 0x{:x} {} =0x{:x} {}", emu.colors.light_red, emu.pos, addr, size, new_addr, emu.colors.nc ); @@ -349,7 +349,7 @@ fn strtok(emu: &mut emu::Emu) { let str = emu.maps.read_string(str_ptr as u64); let delim = emu.maps.read_string(delim_ptr as u64); - println!("{}** {} msvcrt!strtok `{}` `{}` {}", + log::info!("{}** {} msvcrt!strtok `{}` `{}` {}", emu.colors.light_red, emu.pos, str, delim, emu.colors.nc); emu.regs.rax = 0; diff --git a/src/emu/winapi32/ntdll.rs b/src/emu/winapi32/ntdll.rs index c3232ae..0be3ac6 100644 --- a/src/emu/winapi32/ntdll.rs +++ b/src/emu/winapi32/ntdll.rs @@ -43,7 +43,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { "LdrLoadDll_gul" => LdrLoadDll_gul(emu), _ => { - println!("calling unimplemented ntdll API 0x{:x} {}", addr, api); + log::info!("calling unimplemented ntdll API 0x{:x} {}", addr, api); return api; } } @@ -103,7 +103,7 @@ fn NtAllocateVirtualMemory(emu: &mut emu::Emu) { alloc_addr = addr; } - println!( + log::info!( "{}** {} ntdll!NtAllocateVirtualMemory addr: 0x{:x} sz: {} alloc: 0x{:x} {}", emu.colors.light_red, emu.pos, addr, size, alloc_addr, emu.colors.nc ); @@ -133,7 +133,7 @@ fn stricmp(emu: &mut emu::Emu) { let str1 = emu.maps.read_string(str1ptr); let str2 = emu.maps.read_string(str2ptr); - println!( + log::info!( "{}** {} ntdll!stricmp '{}'=='{}'? {}", emu.colors.light_red, emu.pos, str1, str2, emu.colors.nc ); @@ -159,16 +159,16 @@ fn NtQueryVirtualMemory(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("ntdll!NtQueryVirtualMemory: error reading address") as u64; - println!( + log::info!( "{}** {} ntdll!NtQueryVirtualMemory addr: 0x{:x} {}", emu.colors.light_red, emu.pos, addr, emu.colors.nc ); if handle != 0xffffffff { - println!("\tusing handle of remote process {:x}", handle); + log::info!("\tusing handle of remote process {:x}", handle); if !helper::handler_exist(handle) { - println!("\nhandler doesnt exist."); + log::info!("\nhandler doesnt exist."); } } @@ -179,7 +179,7 @@ fn NtQueryVirtualMemory(emu: &mut emu::Emu) { as u64; if !emu.maps.is_mapped(addr) { - println!( + log::info!( "/!\\ ntdll!NtQueryVirtualMemory: querying non maped addr: 0x{:x}", addr ); @@ -221,7 +221,7 @@ fn LdrLoadDll(emu: &mut emu::Emu) { .expect("LdrLoadDll: error reading lib base") as u64; let libname = emu.maps.read_wide_string(libname_ptr); - println!( + log::info!( "{}** {} ntdll!LdrLoadDll lib: {} {}", emu.colors.light_red, emu.pos, libname, emu.colors.nc ); @@ -255,7 +255,7 @@ fn LdrLoadDll_gul(emu: &mut emu::Emu) { let libname = emu.maps.read_wide_string(libname_ptr); let path = emu.maps.read_wide_string(path_to_file_ptr); - println!( + log::info!( "{}** {} ntdll!LdrLoadDll_gul lib: {} {} ->{:x} {}", emu.colors.light_red, emu.pos, libname, path, libaddr_ptr, emu.colors.nc ); @@ -306,7 +306,7 @@ fn RtlVectoredExceptionHandler(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("ntdll_RtlVectoredExceptionHandler: error reading fptr") as u64; - println!( + log::info!( "{}** {} ntdll!RtlVectoredExceptionHandler {} callback: 0x{:x} {}", emu.colors.light_red, emu.pos, p1, fptr, emu.colors.nc ); @@ -332,7 +332,7 @@ fn NtGetContextThread(emu: &mut emu::Emu) { .read_dword(ctx_ptr) .expect("ntdll_NtGetContextThread: error reading context ptr") as u64; - println!( + log::info!( "{}** {} ntdll_NtGetContextThread ctx {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -347,7 +347,7 @@ fn NtGetContextThread(emu: &mut emu::Emu) { fn RtlExitUserThread(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} ntdll!RtlExitUserThread {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -372,7 +372,7 @@ fn sscanf(emu: &mut emu::Emu) { let buffer = emu.maps.read_string(buffer_ptr); let fmt = emu.maps.read_string(fmt_ptr); - println!( + log::info!( "{}** {} ntdll!sscanf out_buff: `{}` fmt: `{}` {}", emu.colors.light_red, emu.pos, buffer, fmt, emu.colors.nc ); @@ -396,12 +396,12 @@ fn sscanf(emu: &mut emu::Emu) { //let params = scanf!(b, format!("{}", rust_fmt)).unwrap(); unimplemented!("sscanf is unimplemented for now."); - //println!("sscanf not implemented for now"); + //log::info!("sscanf not implemented for now"); //emu.spawn_console(); } fn NtGetTickCount(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} ntdll!NtGetTickCount {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -420,7 +420,7 @@ fn NtQueryPerformanceCounter(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("ntdll!NtQueryPerformanceCounter error reading perf_freq_ptr") as u64; - println!( + log::info!( "{}** {} ntdll!NtQueryPerformanceCounter {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -440,7 +440,7 @@ fn RtlGetProcessHeaps(emu: &mut emu::Emu) { let hndl = emu.maps.read_dword(emu.regs.get_esp()+4) .expect("ntdll!RtlGetProcessHeaps error reading handle param"); */ - println!( + log::info!( "{}** {} ntdll!RtlGetProcessHeaps {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -479,7 +479,7 @@ fn RtlDosPathNameToNtPathName_U(emu: &mut emu::Emu) { let dos_path_name = emu.maps.read_wide_string(dos_path_name_ptr); - println!( + log::info!( "{}** {} ntdll!RtlDosPathNameToNtPathName_U {} {}", emu.colors.light_red, emu.pos, dos_path_name, emu.colors.nc ); @@ -506,11 +506,11 @@ fn RtlDosPathNameToNtPathName_U(emu: &mut emu::Emu) { ); } else { if emu.cfg.verbose >= 1 { - println!( + log::info!( "/!\\ ntdll!RtlDosPathNameToNtPathName_U denied dest buffer on {} map", dst_map_name ); - println!( + log::info!( "memcpy1 0x{:x} <- 0x{:x} sz: {}", dos_path_unicode_ptr, dos_path_name_ptr, @@ -547,7 +547,7 @@ fn RtlDosPathNameToNtPathName_U(emu: &mut emu::Emu) { } None => { if emu.cfg.verbose >= 1 { - println!("/!\\ ntdll!RtlDosPathNameToNtPathName_U low memory"); + log::info!("/!\\ ntdll!RtlDosPathNameToNtPathName_U low memory"); } } }; @@ -637,7 +637,7 @@ fn NtCreateFile(emu: &mut emu::Emu) { .expect("ntdll!NtCreateFile error reading oattrib +8") as u64; let filename = emu.maps.read_wide_string(obj_name_ptr); - println!( + log::info!( "{}** {} ntdll!NtCreateFile {} {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -668,7 +668,7 @@ fn RtlFreeHeap(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("ntdll!RtlFreeHeap error reading base_addr param") as u64; - println!( + log::info!( "{}** {} ntdll!RtlFreeHeap 0x{} {}", emu.colors.light_red, emu.pos, base_addr, emu.colors.nc ); @@ -685,7 +685,7 @@ fn RtlFreeHeap(emu: &mut emu::Emu) { .unwrap_or_else(|| String::new()); if name == "" { if emu.cfg.verbose >= 1 { - println!("map not allocated, so cannot free it."); + log::info!("map not allocated, so cannot free it."); } emu.regs.rax = 0; return; @@ -697,7 +697,7 @@ fn RtlFreeHeap(emu: &mut emu::Emu) { } else { emu.regs.rax = 0; if emu.cfg.verbose >= 1 { - println!("trying to free a systems map {}", name); + log::info!("trying to free a systems map {}", name); } } } @@ -724,7 +724,7 @@ fn NtQueryInformationFile(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 16) .expect("ntdll!NtQueryInformationFile error reading fileinfocls param"); - println!( + log::info!( "{}** {} ntdll!NtQueryInformationFile {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -756,7 +756,7 @@ fn RtlAllocateHeap(emu: &mut emu::Emu) { .expect("ntdll!RtlAllocateHeap out of memory"); emu.maps.create_map(format!("alloc_{:x}", base).as_str(), base, size).expect("ntdll!RtlAllocateHeap cannot create map"); - println!( + log::info!( "{}** {} ntdll!RtlAllocateHeap sz: {} addr: 0x{:x} {}", emu.colors.light_red, emu.pos, size, base, emu.colors.nc ); @@ -820,7 +820,7 @@ fn NtReadFile(emu: &mut emu::Emu) { let file = helper::handler_get_uri(file_hndl); - println!( + log::info!( "{}** {} ntdll!NtReadFile {} buff: 0x{:x} sz: {} off_var: 0x{:x} {}", emu.colors.light_red, emu.pos, file, buff, len, off, emu.colors.nc ); @@ -842,7 +842,7 @@ fn NtClose(emu: &mut emu::Emu) { let uri = helper::handler_get_uri(hndl); - println!( + log::info!( "{}** {} ntdll!NtClose hndl: 0x{:x} uri: {} {}", emu.colors.light_red, emu.pos, hndl, uri, emu.colors.nc ); @@ -866,7 +866,7 @@ fn RtlInitializeCriticalSectionAndSpinCount(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("ntdll!RtlInitializeCriticalSectionAndSpinCount error reading spin_count param"); - println!( + log::info!( "{}** {} ntdll!RtlInitializeCriticalSectionAndSpinCount {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -899,7 +899,7 @@ fn NtProtectVirtualMemory(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 16) .expect("ntdll!NtProtectVirtualMemory error reading old prot param") as u64; - println!( + log::info!( "{}** {} ntdll!NtProtectVirtualMemory sz: {} {}", emu.colors.light_red, emu.pos, sz, emu.colors.nc ); @@ -921,7 +921,7 @@ fn CheckRemoteDebuggerPresent(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("ntdll!CheckRemoteDebuggerPresent reading bool ptr param") as u64; - println!( + log::info!( "{}** {} ntdll!CheckRemoteDebuggerPresent {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -939,7 +939,7 @@ fn RtlEnterCriticalSection(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("ntdll!RtlEnterCriticalSection error reading hndl param") as u64; - println!( + log::info!( "{}** {} ntdll!RtlEnterCriticalSection {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -954,7 +954,7 @@ fn RtlLeaveCriticalSection(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("ntdll!RtlLeaveCriticalSection error reading hndl param") as u64; - println!( + log::info!( "{}** {} ntdll!RtlLeaveCriticalSection {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -970,7 +970,7 @@ fn RtlGetVersion(emu: &mut emu::Emu) { .expect("ntdll!RtlLeaveCriticalSection error reading versioninfo_ptr param") as u64; - println!( + log::info!( "{}** {} ntdll!RtlGetVersion {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -997,7 +997,7 @@ fn RtlInitializeCriticalSectionEx(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("ntdll!RtlInitializeCriticalSectionEx error reading flags"); - println!( + log::info!( "{}** {} ntdll!RtlInitializeCriticalSectionEx {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1022,7 +1022,7 @@ fn memset(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("ntdll!memset error reading count"); - println!( + log::info!( "{}** {} ntdll!memset ptr: 0x{:x} byte: {} count: {} {}", emu.colors.light_red, emu.pos, ptr, byte, count, emu.colors.nc ); @@ -1042,7 +1042,7 @@ fn RtlSetUnhandledExceptionFilter(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("ntdll!RtlSetUnhandledExceptionFilter error reading filter") as u64; - println!( + log::info!( "{}** {} ntdll!RtlSetUnhandledExceptionFilter filter: 0x{:x} {}", emu.colors.light_red, emu.pos, filter, emu.colors.nc ); @@ -1061,7 +1061,7 @@ fn strlen(emu: &mut emu::Emu) { let s = emu.maps.read_string(s_ptr); let l = s.len(); - println!( + log::info!( "{}** {} ntdll!strlen: `{}` {} {}", emu.colors.light_red, emu.pos, s, l, emu.colors.nc ); @@ -1071,7 +1071,7 @@ fn strlen(emu: &mut emu::Emu) { } fn VerSetConditionMask(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} ntdll!strlen: {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1096,7 +1096,7 @@ fn strcat(emu: &mut emu::Emu) { let dst = emu.maps.read_string(dst_ptr); let src = emu.maps.read_string(src_ptr); - println!( + log::info!( "{}** {} ntdll!strcat: `{}`+`{}` {}", emu.colors.light_red, emu.pos, src, dst, emu.colors.nc ); @@ -1124,7 +1124,7 @@ fn memcpy(emu: &mut emu::Emu) { .expect("ntdll!strcat error reading src") as usize; - println!( + log::info!( "{}** {} ntdll!memcpy: 0x{:x} <- 0x{:x} {} {}", emu.colors.light_red, emu.pos, dst_ptr, src_ptr, count, emu.colors.nc ); diff --git a/src/emu/winapi32/oleaut32.rs b/src/emu/winapi32/oleaut32.rs index 7aede3b..029679a 100644 --- a/src/emu/winapi32/oleaut32.rs +++ b/src/emu/winapi32/oleaut32.rs @@ -9,7 +9,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { "SysFreeString" => SysFreeString(emu), _ => { - println!("calling unimplemented oleaut32 API 0x{:x} {}", addr, api); + log::info!("calling unimplemented oleaut32 API 0x{:x} {}", addr, api); return api; } } @@ -41,7 +41,7 @@ fn SysAllocStringLen(emu: &mut emu::Emu) { emu.maps.create_map(&name, base, size); emu.maps.memcpy(base + 8, str_ptr, size as usize - 1); - println!( + log::info!( "{}** {} oleaut32!SysAllocStringLen ={} {} {}", emu.colors.light_red, emu.pos, @@ -63,7 +63,7 @@ fn SysFreeString(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("oleaut32!SysFreeString cannot read host_port") as u64; - println!( + log::info!( "{}** {} oleaut32!SysFreeString 0x{:x} {}", emu.colors.light_red, emu.pos, str_ptr, emu.colors.nc ); diff --git a/src/emu/winapi32/shlwapi.rs b/src/emu/winapi32/shlwapi.rs index 7f3c4d8..ac18c27 100644 --- a/src/emu/winapi32/shlwapi.rs +++ b/src/emu/winapi32/shlwapi.rs @@ -7,7 +7,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { let api = kernel32::guess_api_name(emu, addr); match api.as_str() { _ => { - println!("calling unimplemented shlwapi API 0x{:x} {}", addr, api); + log::info!("calling unimplemented shlwapi API 0x{:x} {}", addr, api); return api; } } diff --git a/src/emu/winapi32/user32.rs b/src/emu/winapi32/user32.rs index b16d6a1..246c9c2 100644 --- a/src/emu/winapi32/user32.rs +++ b/src/emu/winapi32/user32.rs @@ -13,7 +13,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { "CharLowerW" => CharLowerW(emu), "wsprintfA" => wsprintfA(emu), _ => { - println!("calling unimplemented user32 API 0x{:x} {}", addr, api); + log::info!("calling unimplemented user32 API 0x{:x} {}", addr, api); return api; } } @@ -33,7 +33,7 @@ fn MessageBoxA(emu: &mut emu::Emu) { let msg = emu.maps.read_string(msgptr); let title = emu.maps.read_string(titleptr); - println!( + log::info!( "{}** {} user32!MessageBoxA {} {} {}", emu.colors.light_red, emu.pos, title, msg, emu.colors.nc ); @@ -56,7 +56,7 @@ fn MessageBoxW(emu: &mut emu::Emu) { let msg = emu.maps.read_wide_string(msgptr); let title = emu.maps.read_wide_string(titleptr); - println!( + log::info!( "{}** {} user32!MessageBoxW {} {} {}", emu.colors.light_red, emu.pos, title, msg, emu.colors.nc ); @@ -68,7 +68,7 @@ fn MessageBoxW(emu: &mut emu::Emu) { } fn GetDesktopWindow(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} user32!GetDesktopWindow {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -79,7 +79,7 @@ fn GetDesktopWindow(emu: &mut emu::Emu) { fn wsprintfW(emu: &mut emu::Emu) {} fn GetProcessWindowStation(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} user32!GetProcessWindowStation {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -111,7 +111,7 @@ fn GetUserObjectInformationW(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} user32!GetUserObjectInformationW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -131,7 +131,7 @@ fn CharLowerW(emu: &mut emu::Emu) { let s = emu.maps.read_wide_string(ptr_str); - println!( + log::info!( "{}** {} user32!CharLowerW(`{}`) {}", emu.colors.light_red, emu.pos, s, emu.colors.nc ); @@ -204,7 +204,7 @@ fn wsprintfA(emu: &mut emu::Emu) { .write_string(out, &result); - println!( + log::info!( "{}** {} user32!wsprintfA fmt:`{}` out:`{}` {}", emu.colors.light_red, emu.pos, fmt, &result, emu.colors.nc ); diff --git a/src/emu/winapi32/wincrt.rs b/src/emu/winapi32/wincrt.rs index 3d3cc6e..a07b7be 100644 --- a/src/emu/winapi32/wincrt.rs +++ b/src/emu/winapi32/wincrt.rs @@ -10,7 +10,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { _ => { - println!("calling unimplemented wincrt API 0x{:x} {}", addr, api); + log::info!("calling unimplemented wincrt API 0x{:x} {}", addr, api); return api; } } @@ -19,6 +19,6 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { } fn set_invalid_parameter_handler(emu: &mut emu::Emu) { - println!("{}** {} wincrt!_set_invalid_parameter_handler {}", emu.colors.light_red, emu.pos, emu.colors.nc); + log::info!("{}** {} wincrt!_set_invalid_parameter_handler {}", emu.colors.light_red, emu.pos, emu.colors.nc); emu.regs.rax = 0; } diff --git a/src/emu/winapi32/wininet.rs b/src/emu/winapi32/wininet.rs index 3d71e11..71e821b 100644 --- a/src/emu/winapi32/wininet.rs +++ b/src/emu/winapi32/wininet.rs @@ -27,7 +27,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { "InternetCrackUrlA" => InternetCrackUrlA(emu), "InternetCrackUrlW" => InternetCrackUrlW(emu), _ => { - println!("calling unimplemented wininet API 0x{:x} {}", addr, api); + log::info!("calling unimplemented wininet API 0x{:x} {}", addr, api); return api; } } @@ -75,7 +75,7 @@ pub fn InternetOpenA(emu: &mut emu::Emu) { proxy_bypass = emu.maps.read_string(proxybypass_ptr); } - println!( + log::info!( "{}** {} wininet!InternetOpenA uagent: {} proxy: {} {} {}", emu.colors.light_red, emu.pos, uagent, proxy, proxy_bypass, emu.colors.nc ); @@ -132,7 +132,7 @@ pub fn InternetOpenW(emu: &mut emu::Emu) { proxy_bypass = emu.maps.read_wide_string(proxybypass_ptr); } - println!( + log::info!( "{}** {} wininet!InternetOpenW uagent: {} proxy: {} {} {}", emu.colors.light_red, emu.pos, uagent, proxy, proxy_bypass, emu.colors.nc ); @@ -200,13 +200,13 @@ pub fn InternetConnectA(emu: &mut emu::Emu) { passw = emu.maps.read_string(passw_ptr); } - println!( + log::info!( "{}** {} wininet!InternetConnectA host: {} port: {} login: {} passw: {} {}", emu.colors.light_red, emu.pos, server, port, login, passw, emu.colors.nc ); if !helper::handler_exist(internet_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } /* @@ -270,13 +270,13 @@ pub fn InternetConnectW(emu: &mut emu::Emu) { passw = emu.maps.read_wide_string(passw_ptr); } - println!( + log::info!( "{}** {} wininet!InternetConnectW host: {} port: {} login: {} passw: {} {}", emu.colors.light_red, emu.pos, server, port, login, passw, emu.colors.nc ); if !helper::handler_exist(internet_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } /* @@ -348,17 +348,17 @@ fn HttpOpenRequestA(emu: &mut emu::Emu) { access = emu.maps.read_string(access_ptr); } - println!( + log::info!( "{}** {} wininet!HttpOpenRequestA method: {} path: {} ver: {} ref: {} access: {} {}", emu.colors.light_red, emu.pos, method, path, version, referrer, access, emu.colors.nc ); if !helper::handler_exist(conn_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } if flags & constants::INTERNET_FLAG_SECURE == 1 { - println!("\tssl communication."); + log::info!("\tssl communication."); } /* @@ -442,13 +442,13 @@ fn HttpOpenRequestW(emu: &mut emu::Emu) { access = emu.maps.read_wide_string(access_ptr); } - println!( + log::info!( "{}** {} wininet!HttpOpenRequestW method: {} path: {} ver: {} ref: {} access: {} {}", emu.colors.light_red, emu.pos, method, path, version, referrer, access, emu.colors.nc ); if !helper::handler_exist(conn_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } /* @@ -501,13 +501,13 @@ fn InternetSetOptionA(emu: &mut emu::Emu) { } let sbuff = emu.maps.read_string(buffer); - println!( + log::info!( "{}** {} wininet!InternetSetOptionA option: 0x{:x} buff: {{{}}} {} {}", emu.colors.light_red, emu.pos, option, buffer_content, sbuff, emu.colors.nc ); if !helper::handler_exist(inet_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } for _ in 0..4 { @@ -541,13 +541,13 @@ fn InternetSetOptionW(emu: &mut emu::Emu) { } let sbuff = emu.maps.read_wide_string(buffer); - println!( + log::info!( "{}** {} wininet!InternetSetOptionW option: 0x{:x} buff: {{{}}} {} {}", emu.colors.light_red, emu.pos, option, buffer_content, sbuff, emu.colors.nc ); if !helper::handler_exist(inet_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } for _ in 0..4 { @@ -582,13 +582,13 @@ fn HttpSendRequestA(emu: &mut emu::Emu) { let hdrs = emu.maps.read_string(hdrs_ptr); let opt = emu.maps.read_string(opt_ptr); - println!( + log::info!( "{}** {} wininet!HttpSendRequestA hdrs: {} opt: {} {}", emu.colors.light_red, emu.pos, hdrs, opt, emu.colors.nc ); if !helper::handler_exist(req_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } /* @@ -629,13 +629,13 @@ fn HttpSendRequestW(emu: &mut emu::Emu) { let hdrs = emu.maps.read_wide_string(hdrs_ptr); let opt = emu.maps.read_wide_string(opt_ptr); - println!( + log::info!( "{}** {} wininet!HttpSendRequestW hdrs: {} opt: {} {}", emu.colors.light_red, emu.pos, hdrs, opt, emu.colors.nc ); if !helper::handler_exist(req_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } /* @@ -657,7 +657,7 @@ fn InternetErrorDlg(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("wininet!InternetErrorDlg cannot read error"); - println!( + log::info!( "{}** {} wininet!InternetErrorDlg err: {} {}", emu.colors.light_red, emu.pos, err, emu.colors.nc ); @@ -686,13 +686,13 @@ fn InternetReadFile(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 12) .expect("wininet!InternetReadFile cannot read bytes_read") as u64; - println!( + log::info!( "{}** {} wininet!InternetReadFile sz: {} buff: 0x{:x} {}", emu.colors.light_red, emu.pos, bytes_to_read, buff_ptr, emu.colors.nc ); if !helper::handler_exist(file_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } if emu.cfg.endpoint { @@ -742,7 +742,7 @@ fn HttpQueryInfoA(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 16) .expect("wininet!HttpQueryInfoA cannot read index") as u64; - println!( + log::info!( "{}** {} wininet!HttpQueryInfoA buff: 0x{:x} sz:{} {}", emu.colors.light_red, emu.pos, buff, buff_len, emu.colors.nc ); @@ -760,7 +760,7 @@ fn InternetCloseHandle(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("wininet!InternetCloseHandle cannot read handle") as u64; - println!( + log::info!( "{}** {} wininet!InternetCloseHandle handle: {:x} {}", emu.colors.light_red, emu.pos, handle, emu.colors.nc ); @@ -782,7 +782,7 @@ fn InternetCrackUrlA(emu: &mut emu::Emu) { let url = emu.maps.read_string(url_ptr); - println!("{}** {} wininet!InternetCrackUrlA url: `{}` {}", emu.colors.light_red, emu.pos, url, emu.colors.nc); + log::info!("{}** {} wininet!InternetCrackUrlA url: `{}` {}", emu.colors.light_red, emu.pos, url, emu.colors.nc); for _ in 0..4 { emu.stack_pop32(false); @@ -802,7 +802,7 @@ fn InternetCrackUrlW(emu: &mut emu::Emu) { let url = emu.maps.read_wide_string(url_ptr); - println!("{}** {} wininet!InternetCrackUrlW url: `{}` {}", emu.colors.light_red, emu.pos, url, emu.colors.nc); + log::info!("{}** {} wininet!InternetCrackUrlW url: `{}` {}", emu.colors.light_red, emu.pos, url, emu.colors.nc); for _ in 0..4 { emu.stack_pop32(false); diff --git a/src/emu/winapi32/ws2_32.rs b/src/emu/winapi32/ws2_32.rs index 4b14d9e..3cd71f2 100644 --- a/src/emu/winapi32/ws2_32.rs +++ b/src/emu/winapi32/ws2_32.rs @@ -34,7 +34,7 @@ pub fn gateway(addr: u32, emu: &mut emu::Emu) -> String { 0x7748cc3f => WsaConnect(emu), */ _ => { - println!("calling unimplemented ws2_32 API 0x{:x} {}", addr, api); + log::info!("calling unimplemented ws2_32 API 0x{:x} {}", addr, api); return api; } } @@ -48,7 +48,7 @@ lazy_static! { } fn WsaStartup(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} ws2_32!WsaStartup {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -60,7 +60,7 @@ fn WsaStartup(emu: &mut emu::Emu) { } fn WsaSocketA(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} ws2_32!WsaSocketA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -73,7 +73,7 @@ fn WsaSocketA(emu: &mut emu::Emu) { } fn socket(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} ws2_32!socket {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -95,7 +95,7 @@ fn WsaHtons(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 8) .expect("ws2_32!WsaHtons cannot read out_port"); - println!( + log::info!( "{}** {} ws2_32!WsaHtons {} {}", emu.colors.light_red, emu.pos, host_port, emu.colors.nc ); @@ -115,7 +115,7 @@ fn htons(emu: &mut emu::Emu) { None => 0, }; - println!( + log::info!( "{}** {} ws2_32!htons port: {} {}", emu.colors.light_red, emu.pos, port, emu.colors.nc ); @@ -130,7 +130,7 @@ fn inet_addr(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("ws2_32!inet_addr: error reading addr"); - println!( + log::info!( "{}** {} ws2_32!inet_addr {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -170,7 +170,7 @@ fn connect(emu: &mut emu::Emu) { (ip & 0xff0000) >> 16, (ip & 0xff000000) >> 24 ); - println!( + log::info!( "{}** {} ws2_32!connect family: {} {}:{} {}", emu.colors.light_red, emu.pos, family, sip, port, emu.colors.nc ); @@ -182,16 +182,16 @@ fn connect(emu: &mut emu::Emu) { if emu.cfg.endpoint { /* if endpoint::sock_connect(sip.as_str(), port) { - println!("\tconnected to the endpoint."); + log::info!("\tconnected to the endpoint."); } else { - println!("\tcannot connect. dont use -e"); + log::info!("\tcannot connect. dont use -e"); }*/ emu.regs.rax = 0; } else { // offline mode if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -217,7 +217,7 @@ fn recv(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 12) .expect("ws2_32!recv: error reading flags") as u64; - println!( + log::info!( "{}** {} ws2_32!recv buff: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, buff, len, emu.colors.nc ); @@ -227,7 +227,7 @@ fn recv(emu: &mut emu::Emu) { } if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; return; } @@ -239,7 +239,7 @@ fn recv(emu: &mut emu::Emu) { emu.maps.write_buffer(buff, &rbuff); - println!("\nreceived {} bytes from the endpoint.", n); + log::info!("\nreceived {} bytes from the endpoint.", n); emu.regs.rax = n as u64; */ } else { @@ -286,13 +286,13 @@ fn send(emu: &mut emu::Emu) { emu.stack_pop32(false); } - println!( + log::info!( "{}** {} ws2_32!send {{{}}} {}", emu.colors.light_red, emu.pos, bytes, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 0; return; } @@ -301,7 +301,7 @@ fn send(emu: &mut emu::Emu) { /* let buffer = emu.maps.read_buffer(buff, len as usize); let n = endpoint::sock_send(&buffer); - println!("\tsent {} bytes.", n); + log::info!("\tsent {} bytes.", n); emu.regs.rax = n as u64; */ } else { @@ -350,7 +350,7 @@ fn bind(emu: &mut emu::Emu) { (ip & 0xff000000) >> 24 ); - println!( + log::info!( "{}** {} ws2_32!bind family: {} {}:{} {}", emu.colors.light_red, emu.pos, @@ -365,7 +365,7 @@ fn bind(emu: &mut emu::Emu) { } if !helper::socket_exist(sock) { - println!("\tbad socket."); + log::info!("\tbad socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -382,7 +382,7 @@ fn listen(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp() + 4) .expect("ws2_32!send: error reading num of connections") as u64; - println!( + log::info!( "{}** {} ws2_32!listen connections: {} {}", emu.colors.light_red, emu.pos, connections, emu.colors.nc ); @@ -392,7 +392,7 @@ fn listen(emu: &mut emu::Emu) { } if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -419,7 +419,7 @@ fn accept(emu: &mut emu::Emu) { let bytes = emu.maps.read_string_of_bytes(saddr, len as usize); - println!( + log::info!( "{}** {} ws2_32!accept connections: {} {}", emu.colors.light_red, emu.pos, bytes, emu.colors.nc ); @@ -429,7 +429,7 @@ fn accept(emu: &mut emu::Emu) { } if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -442,7 +442,7 @@ fn closesocket(emu: &mut emu::Emu) { .read_dword(emu.regs.get_esp()) .expect("ws2_32!send: error reading sock") as u64; - println!( + log::info!( "{}** {} ws2_32!closesocket {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -485,7 +485,7 @@ fn setsockopt(emu: &mut emu::Emu) { None => 0, }; - println!( + log::info!( "{}** {} ws2_32!setsockopt lvl: {} opt: {} val: {} {}", emu.colors.light_red, emu.pos, level, optname, val, emu.colors.nc ); @@ -495,7 +495,7 @@ fn setsockopt(emu: &mut emu::Emu) { } if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -526,7 +526,7 @@ fn getsockopt(emu: &mut emu::Emu) { emu.maps.write_dword(optval, 1); - println!( + log::info!( "{}** {} ws2_32!getsockopt lvl: {} opt: {} {}", emu.colors.light_red, emu.pos, level, optname, emu.colors.nc ); @@ -536,7 +536,7 @@ fn getsockopt(emu: &mut emu::Emu) { } if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -567,7 +567,7 @@ fn WsaAccept(emu: &mut emu::Emu) { let bytes = emu.maps.read_string_of_bytes(saddr, len as usize); - println!( + log::info!( "{}** {} ws2_32!WsaAccept connections: {} callback: {} {}", emu.colors.light_red, emu.pos, bytes, callback, emu.colors.nc ); @@ -577,7 +577,7 @@ fn WsaAccept(emu: &mut emu::Emu) { } if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; diff --git a/src/emu/winapi64.rs b/src/emu/winapi64.rs index a542199..f99f582 100644 --- a/src/emu/winapi64.rs +++ b/src/emu/winapi64.rs @@ -35,7 +35,7 @@ pub fn gateway(addr: u64, name: String, emu: &mut emu::Emu) { }; if unimplemented_api.len() > 0 { - println!( + log::info!( "{}({}, {}, {}, {}) (unimplemented)", unimplemented_api, emu.regs.rcx, emu.regs.rdx, emu.regs.r8, emu.regs.r9 ); diff --git a/src/emu/winapi64/advapi32.rs b/src/emu/winapi64/advapi32.rs index 0af0623..afa8a0d 100644 --- a/src/emu/winapi64/advapi32.rs +++ b/src/emu/winapi64/advapi32.rs @@ -12,7 +12,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { "RegCloseKey" => RegCloseKey(emu), _ => { - println!( + log::info!( "calling unimplemented advapi32 API 0x{:x} {}", addr, apiname ); @@ -58,7 +58,7 @@ fn RegOpenKeyExA(emu: &mut emu::Emu) { let subkey = emu.maps.read_string(subkey_ptr); - println!( + log::info!( "{}** {} advapi32!RegOpenKeyExA {} {}", emu.colors.light_red, emu.pos, subkey, emu.colors.nc ); @@ -71,7 +71,7 @@ fn RegOpenKeyExA(emu: &mut emu::Emu) { fn RegCloseKey(emu: &mut emu::Emu) { let hkey = emu.regs.rcx; - println!( + log::info!( "{}** {} advapi32!RegCloseKey {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -97,7 +97,7 @@ fn RegQueryValueExA(emu: &mut emu::Emu) { let value = emu.maps.read_string(value_ptr); - println!( + log::info!( "{}** {} advapi32!RegQueryValueExA {} {}", emu.colors.light_red, emu.pos, value, emu.colors.nc ); diff --git a/src/emu/winapi64/comctl64.rs b/src/emu/winapi64/comctl64.rs index d60b13e..dc3053e 100644 --- a/src/emu/winapi64/comctl64.rs +++ b/src/emu/winapi64/comctl64.rs @@ -4,7 +4,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { let apiname = emu::winapi64::kernel32::guess_api_name(emu, addr); match apiname.as_str() { _ => { - println!("calling unimplemented comctl32 API 0x{:x} {}", addr, apiname); + log::info!("calling unimplemented comctl32 API 0x{:x} {}", addr, apiname); return apiname; } } diff --git a/src/emu/winapi64/dnsapi.rs b/src/emu/winapi64/dnsapi.rs index 79c1f61..704150c 100644 --- a/src/emu/winapi64/dnsapi.rs +++ b/src/emu/winapi64/dnsapi.rs @@ -6,7 +6,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { /*0x77733553 => StartServiceCtrlDispatcherA(emu), 0x776fa965 => StartServiceCtrlDispatcherW(emu),*/ _ => { - println!("calling unimplemented winhttp API 0x{:x} {}", addr, apiname); + log::info!("calling unimplemented winhttp API 0x{:x} {}", addr, apiname); return apiname; } } diff --git a/src/emu/winapi64/kernel32.rs b/src/emu/winapi64/kernel32.rs index 0fdab81..4c9a4b1 100644 --- a/src/emu/winapi64/kernel32.rs +++ b/src/emu/winapi64/kernel32.rs @@ -136,7 +136,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { "lstrcpy" => lstrcpy(emu), _ => { - println!( + log::info!( "calling unimplemented kernel32 64bits API 0x{:x} {}", addr, api ); @@ -168,7 +168,7 @@ pub fn dump_module_iat(emu: &mut emu::Emu, module: &str) { } let ordinal = flink.get_function_ordinal(emu, i); - println!( + log::info!( "0x{:x} {}!{}", ordinal.func_va, &flink.mod_name, &ordinal.func_name ); @@ -233,7 +233,7 @@ pub fn resolve_api_name(emu: &mut emu::Emu, name: &str) -> u64 { } flink.next(emu); - //println!("flink: 0x{:x} first_ptr: 0x{:x}", flink.get_ptr(), first_ptr); + //log::info!("flink: 0x{:x} first_ptr: 0x{:x}", flink.get_ptr(), first_ptr); if flink.get_ptr() == first_ptr { break; @@ -308,7 +308,7 @@ pub fn guess_api_name(emu: &mut emu::Emu, addr: u64) -> String { } pub fn load_library(emu: &mut emu::Emu, libname: &str) -> u64 { - // println!("kern32!load_library: {}", libname); + // log::info!("kern32!load_library: {}", libname); let mut dll = libname.to_string().to_lowercase(); @@ -330,7 +330,7 @@ pub fn load_library(emu: &mut emu::Emu, libname: &str) -> u64 { // already linked /* if emu.cfg.verbose > 0 { - println!("dll {} already linked.", dll); + log::info!("dll {} already linked.", dll); }*/ return base; } @@ -342,7 +342,7 @@ pub fn load_library(emu: &mut emu::Emu, libname: &str) -> u64 { return base as u64; } else { if emu.cfg.verbose > 0 { - println!("dll {} not found.", dll_path); + log::info!("dll {} not found.", dll_path); } return 0; } @@ -356,7 +356,7 @@ fn LoadLibraryA(emu: &mut emu::Emu) { emu.regs.rax = load_library(emu, &dll); - println!( + log::info!( "{}** {} kernel32!LoadLibraryA '{}' =0x{:x} {}", emu.colors.light_red, emu.pos, dll, emu.regs.rax, emu.colors.nc ); @@ -368,7 +368,7 @@ fn LoadLibraryW(emu: &mut emu::Emu) { emu.regs.rax = load_library(emu, &dll); - println!( + log::info!( "{}** {} kernel32!LoadLibraryA '{}' =0x{:x} {}", emu.colors.light_red, emu.pos, dll, emu.regs.rax, emu.colors.nc ); @@ -380,7 +380,7 @@ fn LoadLibraryExA(emu: &mut emu::Emu) { emu.regs.rax = load_library(emu, &dll); - println!( + log::info!( "{}** {} kernel32!LoadLibraryExA '{}' =0x{:x} {}", emu.colors.light_red, emu.pos, dll, emu.regs.rax, emu.colors.nc ); @@ -392,7 +392,7 @@ fn LoadLibraryExW(emu: &mut emu::Emu) { emu.regs.rax = load_library(emu, &dll); - println!( + log::info!( "{}** {} kernel32!LoadLibraryExW '{}' =0x{:x} {}", emu.colors.light_red, emu.pos, dll, emu.regs.rax, emu.colors.nc ); @@ -416,11 +416,11 @@ fn GetProcAddress(emu: &mut emu::Emu) { } let ordinal = flink.get_function_ordinal(emu, i); - // println!("func name {}!{}", flink.mod_name, ordinal.func_name); + // log::info!("func name {}!{}", flink.mod_name, ordinal.func_name); if ordinal.func_name.to_lowercase() == func { emu.regs.rax = ordinal.func_va; - println!( + log::info!( "{}** {} kernel32!GetProcAddress `{}!{}` =0x{:x} {}", emu.colors.light_red, emu.pos, @@ -441,7 +441,7 @@ fn GetProcAddress(emu: &mut emu::Emu) { } emu.regs.rax = 0; if emu.cfg.verbose >= 1 { - println!("kernel32!GetProcAddress error searching {}", func); + log::info!("kernel32!GetProcAddress error searching {}", func); } } @@ -449,7 +449,7 @@ fn WinExec(emu: &mut emu::Emu) { let cmdline_ptr = emu.regs.rcx; let cmdline = emu.maps.read_string(cmdline_ptr); - println!( + log::info!( "{}** {} kernel32!WinExec '{}' {}", emu.colors.light_red, emu.pos, cmdline, emu.colors.nc ); @@ -459,7 +459,7 @@ fn WinExec(emu: &mut emu::Emu) { fn GetVersion(emu: &mut emu::Emu) { emu.regs.rax = emu::constants::VERSION; - println!( + log::info!( "{}** {} kernel32!GetVersion =0x{:x} {}", emu.colors.light_red, emu.pos, emu.regs.rax, emu.colors.nc ); @@ -468,7 +468,7 @@ fn GetVersion(emu: &mut emu::Emu) { fn GetVersionExW(emu: &mut emu::Emu) { let version_info_ptr = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!GetVersionExW 0x{:x} {}", emu.colors.light_red, emu.pos, version_info_ptr, emu.colors.nc ); @@ -482,7 +482,7 @@ fn GetVersionExW(emu: &mut emu::Emu) { fn GetVersionExA(emu: &mut emu::Emu) { let version_info_ptr = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!GetVersionExA 0x{:x} {}", emu.colors.light_red, emu.pos, version_info_ptr, emu.colors.nc ); @@ -497,7 +497,7 @@ fn CreateToolhelp32Snapshot(emu: &mut emu::Emu) { let flags = emu.regs.rcx; let pid = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!CreateToolhelp32Snapshot flags: {:x} pid: {} {}", emu.colors.light_red, emu.pos, flags, pid, emu.colors.nc ); @@ -510,7 +510,7 @@ fn Process32First(emu: &mut emu::Emu) { let handle = emu.regs.rcx; let lppe = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!Process32First hndl: {:x} lppe: 0x{:x} {}", emu.colors.light_red, emu.pos, handle, lppe, emu.colors.nc ); @@ -545,7 +545,7 @@ fn Process32Next(emu: &mut emu::Emu) { let handle = emu.regs.rcx; let lppe = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!Process32Next hndl: {:x} lppe: 0x{:x} {}", emu.colors.light_red, emu.pos, handle, lppe, emu.colors.nc ); @@ -568,13 +568,13 @@ fn LStrCmpI(emu: &mut emu::Emu) { let s2 = emu.maps.read_string(sptr2); if s1 == s2 { - println!( + log::info!( "{}** {} kernel32!lstrcmpi `{}` == `{}` {}", emu.colors.light_red, emu.pos, s1, s2, emu.colors.nc ); emu.regs.rax = 0; } else { - println!( + log::info!( "{}** {} kernel32!lstrcmpi `{}` != `{}` {}", emu.colors.light_red, emu.pos, s1, s2, emu.colors.nc ); @@ -590,13 +590,13 @@ fn LStrCmpIW(emu: &mut emu::Emu) { let s2 = emu.maps.read_wide_string(sptr2); if s1 == s2 { - println!( + log::info!( "{}** {} kernel32!lstrcmpiW `{}` == `{}` {}", emu.colors.light_red, emu.pos, s1, s2, emu.colors.nc ); emu.regs.rax = 0; } else { - println!( + log::info!( "{}** {} kernel32!lstrcmpiW `{}` != `{}` {}", emu.colors.light_red, emu.pos, s1, s2, emu.colors.nc ); @@ -605,7 +605,7 @@ fn LStrCmpIW(emu: &mut emu::Emu) { } fn AreFileApiIsAnsi(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!AreFileApiIsAnsi {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -618,7 +618,7 @@ fn BeginUpdateResourceA(emu: &mut emu::Emu) { let filename = emu.maps.read_string(pFileName); - println!( + log::info!( "{}** {} kernel32!BeginUpdateResourceA `{}` {} {}", emu.colors.light_red, emu.pos, filename, bDeleteExistingResources, emu.colors.nc ); @@ -631,7 +631,7 @@ fn OpenProcess(emu: &mut emu::Emu) { let inherit = emu.regs.rdx; let pid = emu.regs.r8; - println!( + log::info!( "{}** {} kernel32!OpenProcess pid: {} {}", emu.colors.light_red, emu.pos, pid, emu.colors.nc ); @@ -647,7 +647,7 @@ fn VirtualAlloc(emu: &mut emu::Emu) { let prot = emu.regs.r9; if size == 0 { - println!( + log::info!( "{}** {} kernel32!VirtualAlloc addr: 0x{:x} sz: {} = 0 {}", emu.colors.light_red, emu.pos, addr, size, emu.colors.nc ); @@ -658,7 +658,7 @@ fn VirtualAlloc(emu: &mut emu::Emu) { size )); - println!( + log::info!( "{}** {} kernel32!VirtualAlloc addr: 0x{:x} sz: {} = 0x{:x} {}", emu.colors.light_red, emu.pos, addr, size, base, emu.colors.nc ); @@ -684,7 +684,7 @@ fn VirtualAllocEx(emu: &mut emu::Emu) { .alloc(size) .expect("kernel32!VirtualAllocEx out of memory"); - println!( + log::info!( "{}** {} kernel32!VirtualAllocEx hproc: 0x{:x} addr: 0x{:x} sz: {} = 0x{:x} {}", emu.colors.light_red, emu.pos, proc_hndl, addr, size, base, emu.colors.nc ); @@ -704,28 +704,28 @@ fn WriteProcessMemory(emu: &mut emu::Emu) { .read_qword(emu.regs.rsp) .expect("kernel32!WriteProcessMemory cannot read written_ptr"); - println!( + log::info!( "{}** {} kernel32!WriteProcessMemory hproc: 0x{:x} from: 0x{:x } to: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, proc_hndl, buff, addr, size, emu.colors.nc ); if emu.maps.memcpy(buff, addr, size as usize) { emu.regs.rax = 1; - println!( + log::info!( "{}\twritten succesfully{}", emu.colors.light_red, emu.colors.nc ); if written_ptr != 0 && !emu.maps.write_qword(written_ptr, size) { - println!("kernel32!WriteProcessMemory cannot write on written_ptr"); + log::info!("kernel32!WriteProcessMemory cannot write on written_ptr"); } } else { emu.regs.rax = 0; - println!( + log::info!( "{}\tcouldnt write all the bytes{}", emu.colors.light_red, emu.colors.nc ); if written_ptr != 0 && !emu.maps.write_qword(written_ptr, 0) { - println!("kernel32!WriteProcessMemory cannot write on written_ptr"); + log::info!("kernel32!WriteProcessMemory cannot write on written_ptr"); } } } @@ -734,7 +734,7 @@ fn Thread32First(emu: &mut emu::Emu) { let hndl = emu.regs.rcx; let entry = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!Thread32First {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -747,7 +747,7 @@ fn Thread32Next(emu: &mut emu::Emu) { let hndl = emu.regs.rcx; let entry = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!Thread32Next {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -760,7 +760,7 @@ fn OpenThread(emu: &mut emu::Emu) { let inherit = emu.regs.rdx; let tid = emu.regs.r8; - println!( + log::info!( "{}** {} kernel32!OpenThread tid: {} {}", emu.colors.light_red, emu.pos, tid, emu.colors.nc ); @@ -772,7 +772,7 @@ fn OpenThread(emu: &mut emu::Emu) { fn GetSystemTimeAsFileTime(emu: &mut emu::Emu) { let sys_time_ptr = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!GetSystemTimeAsFileTime {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -781,7 +781,7 @@ fn GetSystemTimeAsFileTime(emu: &mut emu::Emu) { } fn GetCurrentThreadId(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetCurrentThreadId {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -790,7 +790,7 @@ fn GetCurrentThreadId(emu: &mut emu::Emu) { } fn GetCurrentProcessId(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetCurrentProcessId {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -803,7 +803,7 @@ fn QueryPerformanceCounter(emu: &mut emu::Emu) { emu.maps.write_dword(counter_ptr, 0x1); - println!( + log::info!( "{}** {} kernel32!QueryPerformanceCounter {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -814,7 +814,7 @@ fn QueryPerformanceCounter(emu: &mut emu::Emu) { fn GetProcessHeap(emu: &mut emu::Emu) { emu.regs.rax = helper::handler_create("heap"); - println!( + log::info!( "{}** {} kernel32!GetProcessHeap ={} {}", emu.colors.light_red, emu.pos, emu.regs.rax, emu.colors.nc ); @@ -832,7 +832,7 @@ fn HeapAlloc(emu: &mut emu::Emu) { emu.maps.create_map(format!("alloc_{:x}", emu.regs.rax).as_str(), emu.regs.rax, size).expect("kernel32!HeapAlloc out of memory"); - println!( + log::info!( "{}** {} kernel32!HeapAlloc flags: 0x{:x} size: {} =0x{:x} {}", emu.colors.light_red, emu.pos, flags, size, emu.regs.rax, emu.colors.nc ); @@ -849,7 +849,7 @@ fn CreateEventA(emu: &mut emu::Emu) { name = emu.maps.read_string(name_ptr); } - println!( + log::info!( "{}** {} kernel32!CreateEventA attr: 0x{:x} manual_reset: {} init_state: {} name: {} {}", emu.colors.light_red, emu.pos, attributes, bManualReset, bInitialState, name, emu.colors.nc ); @@ -876,13 +876,13 @@ fn CreateThread(emu: &mut emu::Emu) { emu.maps.write_dword(tid_ptr, 0x123); } - println!( + log::info!( "{}** {} kernel32!CreateThread code: 0x{:x} param: 0x{:x} {}", emu.colors.light_red, emu.pos, code, param, emu.colors.nc ); if flags == constants::CREATE_SUSPENDED { - println!("\tcreated suspended!"); + log::info!("\tcreated suspended!"); } let con = console::Console::new(); @@ -901,7 +901,7 @@ fn CreateThread(emu: &mut emu::Emu) { // alloc a stack vs reusing stack. return; } else { - println!("cannot emulate the thread, the function pointer is not mapped."); + log::info!("cannot emulate the thread, the function pointer is not mapped."); } } @@ -911,7 +911,7 @@ fn CreateThread(emu: &mut emu::Emu) { fn Sleep(emu: &mut emu::Emu) { let millis = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!Sleep millis: {} {}", emu.colors.light_red, emu.pos, millis, emu.colors.nc ); @@ -923,7 +923,7 @@ fn LocalAlloc(emu: &mut emu::Emu) { let flags = emu.regs.rcx; let bytes = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!LocalAlloc flags: {:x} sz: {} {}", emu.colors.light_red, emu.pos, flags, bytes, emu.colors.nc ); @@ -943,7 +943,7 @@ fn CreateProcessA(emu: &mut emu::Emu) { let appname = emu.maps.read_string(appname_ptr); let cmdline = emu.maps.read_string(cmdline_ptr); - println!( + log::info!( "{}** {} kernel32!CreateProcessA {} {} {}", emu.colors.light_red, emu.pos, appname, cmdline, emu.colors.nc ); @@ -957,7 +957,7 @@ fn CreateProcessW(emu: &mut emu::Emu) { let appname = emu.maps.read_wide_string(appname_ptr); let cmdline = emu.maps.read_wide_string(cmdline_ptr); - println!( + log::info!( "{}** {} kernel32!CreateProcessW {} {} {}", emu.colors.light_red, emu.pos, appname, cmdline, emu.colors.nc ); @@ -983,7 +983,7 @@ fn CreateRemoteThread(emu: &mut emu::Emu) { .read_qword(emu.regs.rsp + 16) .expect("kernel32!CreateRemoteThread cannot read the tid"); - println!( + log::info!( "{}** {} kernel32!CreateRemoteThread hproc: 0x{:x} addr: 0x{:x} {}", emu.colors.light_red, emu.pos, proc_hndl, addr, emu.colors.nc ); @@ -1016,7 +1016,7 @@ fn CreateNamedPipeA(emu: &mut emu::Emu) { let name = emu.maps.read_string(name_ptr); - println!( + log::info!( "{}** {} kernel32!CreateNamedPipeA name:{} in: 0x{:x} out: 0x{:x} {}", emu.colors.light_red, emu.pos, name, in_buff_sz, out_buff_sz, emu.colors.nc ); @@ -1048,7 +1048,7 @@ fn CreateNamedPipeW(emu: &mut emu::Emu) { let name = emu.maps.read_wide_string(name_ptr); - println!( + log::info!( "{}** {} kernel32!CreateNamedPipeA name:{} in: 0x{:x} out: 0x{:x} {}", emu.colors.light_red, emu.pos, name, in_buff_sz, out_buff_sz, emu.colors.nc ); @@ -1060,13 +1060,13 @@ fn ConnectNamedPipe(emu: &mut emu::Emu) { let handle = emu.regs.rcx; let overlapped = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!ConnectNamedPipe hndl: 0x{:x} {}", emu.colors.light_red, emu.pos, handle, emu.colors.nc ); if !helper::handler_exist(handle) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } emu.regs.rax = 1; @@ -1075,7 +1075,7 @@ fn ConnectNamedPipe(emu: &mut emu::Emu) { fn DisconnectNamedPipe(emu: &mut emu::Emu) { let handle = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!DisconnectNamedPipe hndl: 0x{:x} {}", emu.colors.light_red, emu.pos, handle, emu.colors.nc ); @@ -1115,13 +1115,13 @@ fn ReadFile(emu: &mut emu::Emu) { //TODO: write some random bytes to the buffer //emu.maps.write_spaced_bytes(buff, "00 00 00 01".to_string()); - println!( + log::info!( "{}** {} kernel32!ReadFile hndl: 0x{:x} buff: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, file_hndl, buff, size, emu.colors.nc ); if !helper::handler_exist(file_hndl) { - println!("\tinvalid handle.") + log::info!("\tinvalid handle.") } } @@ -1140,13 +1140,13 @@ fn WriteFile(emu: &mut emu::Emu) { emu.maps.write_qword(bytes_written, size); - println!( + log::info!( "{}** {} kernel32!WriteFile hndl: 0x{:x} buff: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, file_hndl, buff, size, emu.colors.nc ); if !helper::handler_exist(file_hndl) { - println!("\tinvalid handle.") + log::info!("\tinvalid handle.") } emu.regs.rax = 1; @@ -1155,13 +1155,13 @@ fn WriteFile(emu: &mut emu::Emu) { fn CloseHandle(emu: &mut emu::Emu) { let handle = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!CloseHandle 0x{:X} {}", emu.colors.light_red, emu.pos, handle, emu.colors.nc ); if !helper::handler_close(handle) { - println!("\tinvalid handle.") + log::info!("\tinvalid handle.") } emu.regs.rax = 1; } @@ -1169,7 +1169,7 @@ fn CloseHandle(emu: &mut emu::Emu) { fn ExitProcess(emu: &mut emu::Emu) { let code = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!ExitProcess code: {} {}", emu.colors.light_red, emu.pos, code, emu.colors.nc ); @@ -1180,7 +1180,7 @@ fn TerminateProcess(emu: &mut emu::Emu) { let hndl = emu.regs.rcx; let code = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!TerminateProcess hndl: {} code: {} {}", emu.colors.light_red, emu.pos, hndl, code, emu.colors.nc ); @@ -1191,7 +1191,7 @@ fn WaitForSingleObject(emu: &mut emu::Emu) { let hndl = emu.regs.rcx; let millis = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!WaitForSingleObject hndl: {} millis: {} {}", emu.colors.light_red, emu.pos, hndl, millis, emu.colors.nc ); @@ -1206,7 +1206,7 @@ fn GetThreadContext(emu: &mut emu::Emu) { let ctx = context64::Context64::new(&emu.regs); ctx.save(ctx_ptr, &mut emu.maps); - println!( + log::info!( "{}** {} kernel32!GetThreadContext {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1224,7 +1224,7 @@ fn ReadProcessMemory(emu: &mut emu::Emu) { .read_qword(emu.regs.rsp) .expect("kernel32!ReadProcessMemory cannot read bytes"); - println!( + log::info!( "{}** {} kernel32!ReadProcessMemory hndl: {} from: 0x{:x} to: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, hndl, addr, buff, size, emu.colors.nc ); @@ -1240,7 +1240,7 @@ fn GetCurrentDirectoryA(emu: &mut emu::Emu) { let buff_ptr = emu.regs.rdx; emu.maps.write_string(buff_ptr, "c:\\\x00"); - println!( + log::info!( "{}** {} kernel32!GetCurrentDirectoryA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1254,7 +1254,7 @@ fn GetCurrentDirectoryW(emu: &mut emu::Emu) { emu.maps .write_string(buff_ptr, "c\x00:\x00\\\x00\x00\x00\x00\x00"); - println!( + log::info!( "{}** {} kernel32!GetCurrentDirectoryW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1270,7 +1270,7 @@ fn VirtualProtect(emu: &mut emu::Emu) { emu.maps.write_qword(old_prot_ptr, new_prot); - println!( + log::info!( "{}** {} kernel32!VirtualProtect addr: 0x{:x} sz: {} prot: {} {}", emu.colors.light_red, emu.pos, addr, size, new_prot, emu.colors.nc ); @@ -1288,7 +1288,7 @@ fn VirtualProtectEx(emu: &mut emu::Emu) { .read_qword(emu.regs.rsp) .expect("kernel32!VirtualProtectEx cannot read old_prot"); - println!( + log::info!( "{}** {} kernel32!VirtualProtectEx hproc: {} addr: 0x{:x} sz: {} prot: {} {}", emu.colors.light_red, emu.pos, hproc, addr, size, new_prot, emu.colors.nc ); @@ -1299,7 +1299,7 @@ fn VirtualProtectEx(emu: &mut emu::Emu) { fn ResumeThread(emu: &mut emu::Emu) { let hndl = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!ResumeThread hndl: {} {}", emu.colors.light_red, emu.pos, hndl, emu.colors.nc ); @@ -1314,7 +1314,7 @@ fn GetFullPathNameA(emu: &mut emu::Emu) { let path = emu.regs.r9; let filename = emu.maps.read_string(file_ptr); - println!( + log::info!( "{}** {} kernel32!GetFullPathNameA file: {} {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -1329,7 +1329,7 @@ fn GetFullPathNameW(emu: &mut emu::Emu) { let path = emu.regs.r9; let filename = emu.maps.read_wide_string(file_ptr); - println!( + log::info!( "{}** {} kernel32!GetFullPathNameW file: {} {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -1342,7 +1342,7 @@ fn SystemTimeToTzSpecificLocalTime(emu: &mut emu::Emu) { let ut_ptr = emu.regs.rcx; let lt_ptr = emu.regs.r8; - println!( + log::info!( "{}** {} kernel32!SystemTimeToTzSpecificLocalTime {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1351,7 +1351,7 @@ fn SystemTimeToTzSpecificLocalTime(emu: &mut emu::Emu) { } fn GetLogicalDrives(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetLogicalDrives {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1365,7 +1365,7 @@ fn ExpandEnvironmentStringsA(emu: &mut emu::Emu) { let src = emu.maps.read_string(src_ptr); - println!( + log::info!( "{}** {} kernel32!ExpandEnvironmentStringsA `{}` {}", emu.colors.light_red, emu.pos, src, emu.colors.nc ); @@ -1380,7 +1380,7 @@ fn ExpandEnvironmentStringsW(emu: &mut emu::Emu) { let src = emu.maps.read_wide_string(src_ptr); - println!( + log::info!( "{}** {} kernel32!ExpandEnvironmentStringsW `{}` {}", emu.colors.light_red, emu.pos, src, emu.colors.nc ); @@ -1392,7 +1392,7 @@ fn GetFileAttributesA(emu: &mut emu::Emu) { let filename_ptr = emu.regs.rcx; let filename = emu.maps.read_string(filename_ptr); - println!( + log::info!( "{}** {} kernel32!GetFileAttributesA file: {} {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -1403,7 +1403,7 @@ fn GetFileAttributesW(emu: &mut emu::Emu) { let filename_ptr = emu.regs.rcx; let filename = emu.maps.read_wide_string(filename_ptr); - println!( + log::info!( "{}** {} kernel32!GetFileAttributesW file: {} {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -1414,7 +1414,7 @@ fn FileTimeToSystemTime(emu: &mut emu::Emu) { let file_time = emu.regs.rcx; let sys_time_ptr = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!FileTimeToSystemTime {} ", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1426,7 +1426,7 @@ fn FindFirstFileA(emu: &mut emu::Emu) { let find_data = emu.regs.rdx; let file = emu.maps.read_string(file_ptr); - println!( + log::info!( "{}** {} kernel32!FindFirstFileA file: {} {}", emu.colors.light_red, emu.pos, file, emu.colors.nc ); @@ -1438,7 +1438,7 @@ fn FindFirstFileW(emu: &mut emu::Emu) { let find_data = emu.regs.rdx; let file = emu.maps.read_wide_string(file_ptr); - println!( + log::info!( "{}** {} kernel32!FindFirstFileW file: {} {}", emu.colors.light_red, emu.pos, file, emu.colors.nc ); @@ -1449,7 +1449,7 @@ fn FindNextFileA(emu: &mut emu::Emu) { let hndl = emu.regs.rcx; let find_data = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!FindNextFileA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1461,7 +1461,7 @@ fn FindNextFileW(emu: &mut emu::Emu) { let hndl = emu.regs.rcx; let find_data = emu.regs.rdx; - println!( + log::info!( "{}** {} kernel32!FindNextFileW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1477,7 +1477,7 @@ fn CopyFileA(emu: &mut emu::Emu) { let src = emu.maps.read_string(src_ptr); let dst = emu.maps.read_string(dst_ptr); - println!( + log::info!( "{}** {} kernel32!CopyFileA `{}` to `{}` {}", emu.colors.light_red, emu.pos, src, dst, emu.colors.nc ); @@ -1493,7 +1493,7 @@ fn CopyFileW(emu: &mut emu::Emu) { let src = emu.maps.read_wide_string(src_ptr); let dst = emu.maps.read_wide_string(dst_ptr); - println!( + log::info!( "{}** {} kernel32!CopyFileW `{}` to `{}` {}", emu.colors.light_red, emu.pos, src, dst, emu.colors.nc ); @@ -1504,7 +1504,7 @@ fn CopyFileW(emu: &mut emu::Emu) { fn FindClose(emu: &mut emu::Emu) { let hndl = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!FindClose {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1519,7 +1519,7 @@ fn MoveFileA(emu: &mut emu::Emu) { let src = emu.maps.read_string(src_ptr); let dst = emu.maps.read_string(dst_ptr); - println!( + log::info!( "{}** {} kernel32!MoveFileA `{}` to `{}` {}", emu.colors.light_red, emu.pos, src, dst, emu.colors.nc ); @@ -1533,7 +1533,7 @@ fn MoveFileW(emu: &mut emu::Emu) { let src = emu.maps.read_wide_string(src_ptr); let dst = emu.maps.read_wide_string(dst_ptr); - println!( + log::info!( "{}** {} kernel32!MoveFileW `{}` to `{}` {}", emu.colors.light_red, emu.pos, src, dst, emu.colors.nc ); @@ -1563,20 +1563,20 @@ fn MapViewOfFile(emu: &mut emu::Emu) { let mem = emu.maps.create_map("file_map", addr, size).expect("kernel32!MapViewOfFile cannot create map"); let loaded = mem.load_chunk(&emu.filename, off, size as usize); - println!( + log::info!( "{}** {} kernel32!MapViewOfFile hndl: {} off: {} sz: {} ={} {}", emu.colors.light_red, emu.pos, hndl, off, size, addr, emu.colors.nc ); if off > 0 { - println!("the non-zero offset is not implemented for now"); + log::info!("the non-zero offset is not implemented for now"); } emu.regs.rax = addr; } fn GetTickCount(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetTickCount {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1588,7 +1588,7 @@ fn InitializeCriticalSectionAndSpinCount(emu: &mut emu::Emu) { let crit_sect = emu.regs.rcx; let spin_count = emu.regs.rdx; - println!("{}** {} kernel32!InitializeCriticalSectionAndSpinCount crit_sect: 0x{:x} spin_count: {} {}", emu.colors.light_red, + log::info!("{}** {} kernel32!InitializeCriticalSectionAndSpinCount crit_sect: 0x{:x} spin_count: {} {}", emu.colors.light_red, emu.pos, crit_sect, spin_count, emu.colors.nc); emu.regs.rax = 1; @@ -1602,7 +1602,7 @@ fn GetProcessAffinityMask(emu: &mut emu::Emu) { emu.maps.write_dword(proc_affinity_mask_ptr, 0x1337); emu.maps.write_dword(sys_affinity_mask_ptr, 0x1337); - println!( + log::info!( "{}** {} kernel32!GetProcessAffinityMask {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1611,7 +1611,7 @@ fn GetProcessAffinityMask(emu: &mut emu::Emu) { } fn IsDebuggerPresent(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!IsDebuggerPresent {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1621,7 +1621,7 @@ fn IsDebuggerPresent(emu: &mut emu::Emu) { fn SetUnhandledExceptionFilter(emu: &mut emu::Emu) { let callback = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!SetUnhandledExceptionFilter callback: 0x{:x} {}", emu.colors.light_red, emu.pos, callback, emu.colors.nc ); @@ -1633,7 +1633,7 @@ fn SetUnhandledExceptionFilter(emu: &mut emu::Emu) { fn UnhandledExceptionFilter(emu: &mut emu::Emu) { let exception_info = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!UnhandledExceptionFilter exception_info: 0x{:x} {}", emu.colors.light_red, emu.pos, exception_info, emu.colors.nc ); @@ -1642,7 +1642,7 @@ fn UnhandledExceptionFilter(emu: &mut emu::Emu) { } fn GetCurrentProcess(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} kernel32!GetCurrentProcess {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1663,7 +1663,7 @@ fn VirtualAllocExNuma(emu: &mut emu::Emu) { .read_qword(emu.regs.rsp + 8) .expect("kernel32!VirtualAllocExNuma cannot read the nndPreferred"); - println!( + log::info!( "{}** {} kernel32!VirtualAllocExNuma hproc: 0x{:x} addr: 0x{:x} {}", emu.colors.light_red, emu.pos, proc_hndl, addr, emu.colors.nc ); @@ -1679,7 +1679,7 @@ fn VirtualAllocExNuma(emu: &mut emu::Emu) { fn GetUserDefaultLangId(emu: &mut emu::Emu) { emu.regs.rax = 0x000000000000ffff; - println!( + log::info!( "{}** {} kernel32!GetUserDefaultLangID =0x{:x} {}", emu.colors.light_red, emu.pos, emu.regs.rax as u16, emu.colors.nc ); @@ -1692,7 +1692,7 @@ fn GetComputerNameA(emu: &mut emu::Emu) { emu.maps.write_dword(size_ptr, 6); emu.maps.write_string(buff_ptr, "medusa"); - println!( + log::info!( "{}** {} kernel32!GetComputerNameA 'medusa' {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1707,7 +1707,7 @@ fn GetComputerNameW(emu: &mut emu::Emu) { emu.maps.write_dword(size_ptr, 12); emu.maps.write_wide_string(buff_ptr, "medusa"); - println!( + log::info!( "{}** {} kernel32!GetComputerNameW 'medusa' {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1722,7 +1722,7 @@ fn CreateMutexA(emu: &mut emu::Emu) { let name = emu.maps.read_string(name_ptr); - println!( + log::info!( "{}** {} kernel32!CreateMutexA '{}' {}", emu.colors.light_red, emu.pos, name, emu.colors.nc ); @@ -1738,7 +1738,7 @@ fn CreateMutexW(emu: &mut emu::Emu) { let name = emu.maps.read_wide_string(name_ptr); - println!( + log::info!( "{}** {} kernel32!CreateMutexA '{}' {}", emu.colors.light_red, emu.pos, name, emu.colors.nc ); @@ -1750,7 +1750,7 @@ fn CreateMutexW(emu: &mut emu::Emu) { fn GetLastError(emu: &mut emu::Emu) { let err = LAST_ERROR.lock().unwrap(); emu.regs.rax = *err; - println!( + log::info!( "{}** {} kernel32!GetLastError ={} {}", emu.colors.light_red, emu.pos, emu.regs.rax, emu.colors.nc ); @@ -1776,7 +1776,7 @@ fn CreateFileMappingA(emu: &mut emu::Emu) { } emu.regs.rax = helper::handler_create(&name); - println!( + log::info!( "{}** {} kernel32!CreateFileMappingA '{}' ={} {}", emu.colors.light_red, emu.pos, @@ -1806,7 +1806,7 @@ fn CreateFileMappingW(emu: &mut emu::Emu) { } emu.regs.rax = helper::handler_create(&name); - println!( + log::info!( "{}** {} kernel32!CreateFileMappingW '{}' ={} {}", emu.colors.light_red, emu.pos, @@ -1819,7 +1819,7 @@ fn CreateFileMappingW(emu: &mut emu::Emu) { fn GetSystemTime(emu: &mut emu::Emu) { let out_time = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!GetSystemTime ptr: 0x{:x}' {}", emu.colors.light_red, emu.pos, out_time, emu.colors.nc ); @@ -1835,7 +1835,7 @@ fn lstrcatA(emu: &mut emu::Emu) { let mut str1 = emu.maps.read_string(str1_ptr); let str2 = emu.maps.read_string(str2_ptr); - println!( + log::info!( "{}** {} kernel32!lstrcatA '{}'+'{}' {}", emu.colors.light_red, emu.pos, str1, str2, emu.colors.nc ); @@ -1853,7 +1853,7 @@ fn lstrcatW(emu: &mut emu::Emu) { let mut str1 = emu.maps.read_wide_string(str1_ptr); let str2 = emu.maps.read_wide_string(str2_ptr); - println!( + log::info!( "{}** {} kernel32!lstrcatW '{}'+'{}' {}", emu.colors.light_red, emu.pos, str1, str2, emu.colors.nc ); @@ -1867,7 +1867,7 @@ fn lstrcatW(emu: &mut emu::Emu) { fn SetErrorMode(emu: &mut emu::Emu) { let mode = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!SetErrorMode 0x{:x} {}", emu.colors.light_red, emu.pos, mode, emu.colors.nc ); @@ -1881,7 +1881,7 @@ fn GetSystemDirectoryA(emu: &mut emu::Emu) { emu.maps.write_string(out_buff_ptr, "C:\\Windows\\"); - println!( + log::info!( "{}** {} kernel32!GetSystemDirectoryW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1895,7 +1895,7 @@ fn GetSystemDirectoryW(emu: &mut emu::Emu) { emu.maps.write_wide_string(out_buff_ptr, "C:\\Windows\\"); - println!( + log::info!( "{}** {} kernel32!GetSystemDirectoryW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1906,7 +1906,7 @@ fn GetSystemDirectoryW(emu: &mut emu::Emu) { fn GetStartupInfoA(emu: &mut emu::Emu) { let startup_info_ptr = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!GetStartupInfoA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1919,7 +1919,7 @@ fn GetStartupInfoA(emu: &mut emu::Emu) { fn GetStartupInfoW(emu: &mut emu::Emu) { let startup_info_ptr = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!GetStartupInfoW {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -1937,7 +1937,7 @@ fn FlsGetValue(emu: &mut emu::Emu) { emu.regs.rax = emu.fls[idx as usize] as u64; } - println!( + log::info!( "{}** {} kernel32!FlsGetValue idx: {} =0x{:x} {}", emu.colors.light_red, emu.pos, @@ -1994,7 +1994,7 @@ fn IsProcessorFeaturePresent(emu: &mut emu::Emu) { _ => "unknown feature", }; - println!( + log::info!( "{}** {} kernel32!IsProcessorFeaturePresent feature: {} {} {}", emu.colors.light_red, emu.pos, feature, msg, emu.colors.nc ); @@ -2004,7 +2004,7 @@ fn IsProcessorFeaturePresent(emu: &mut emu::Emu) { fn InitializeCriticalSection(emu: &mut emu::Emu) { let ptr_crit_sect = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!InitializeCriticalSection ptr: 0x{:x} {}", emu.colors.light_red, emu.pos, ptr_crit_sect, emu.colors.nc ); @@ -2017,7 +2017,7 @@ fn InitializeCriticalSectionEx(emu: &mut emu::Emu) { let spin_count = emu.regs.rdx; let flags = emu.regs.r9; - println!( + log::info!( "{}** {} kernel32!InitializeCriticalSectionEx ptr: 0x{:x} {}", emu.colors.light_red, emu.pos, ptr_crit_sect, emu.colors.nc ); @@ -2028,7 +2028,7 @@ fn InitializeCriticalSectionEx(emu: &mut emu::Emu) { fn FlsAlloc(emu: &mut emu::Emu) { let callback = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!FlsAlloc callback: 0x{:x} {}", emu.colors.light_red, emu.pos, callback, emu.colors.nc ); @@ -2040,7 +2040,7 @@ fn FlsSetValue(emu: &mut emu::Emu) { let idx = emu.regs.rcx; let val = emu.regs.rdx as u32; - println!( + log::info!( "{}** {} kernel32!FlsSetValue idx: {} val: {} {}", emu.colors.light_red, emu.pos, idx, val, emu.colors.nc ); @@ -2060,7 +2060,7 @@ fn FlsSetValue(emu: &mut emu::Emu) { fn SetLastError(emu: &mut emu::Emu) { let err_code = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!SetLastError err: {} {}", emu.colors.light_red, emu.pos, err_code, emu.colors.nc ); @@ -2074,7 +2074,7 @@ fn lstrlenA(emu: &mut emu::Emu) { let s = emu.maps.read_string(s_ptr); let len = s.len() as u64; - println!( + log::info!( "{}** {} kernel32!lstrlen '{}' ={} {}", emu.colors.light_red, emu.pos, s, len, emu.colors.nc ); @@ -2088,7 +2088,7 @@ fn lstrlenW(emu: &mut emu::Emu) { let s = emu.maps.read_wide_string(s_ptr); let len = s.len() as u64; - println!( + log::info!( "{}** {} kernel32!lstrlen '{}' ={} {}", emu.colors.light_red, emu.pos, s, len, emu.colors.nc ); @@ -2117,7 +2117,7 @@ fn MultiByteToWideChar(emu: &mut emu::Emu) { wide.push_str("\x00"); } - println!( + log::info!( "{}** {} kernel32!MultiByteToWideChar '{}' {}", emu.colors.light_red, emu.pos, utf8, emu.colors.nc ); @@ -2129,7 +2129,7 @@ fn MultiByteToWideChar(emu: &mut emu::Emu) { fn GetSystemInfo(emu: &mut emu::Emu) { let out_sysinfo = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!GetSystemInfo sysinfo: 0x{:x} {}", emu.colors.light_red, emu.pos, out_sysinfo, emu.colors.nc ); @@ -2143,7 +2143,7 @@ fn HeapFree(emu: &mut emu::Emu) { let flags = emu.regs.rdx; let mem = emu.regs.r8; - println!( + log::info!( "{}** {} kernel32!HeapFree mem: 0x{:x} {}", emu.colors.light_red, emu.pos, mem, emu.colors.nc ); @@ -2154,7 +2154,7 @@ fn HeapFree(emu: &mut emu::Emu) { fn EncodePointer(emu: &mut emu::Emu) { let ptr = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!EncodePointer ptr: 0x{:x} {}", emu.colors.light_red, emu.pos, ptr, emu.colors.nc ); @@ -2165,7 +2165,7 @@ fn EncodePointer(emu: &mut emu::Emu) { fn DecodePointer(emu: &mut emu::Emu) { let ptr = emu.regs.rcx; - println!( + log::info!( "{}** {} kernel32!DecodePointer ptr: 0x{:x} {}", emu.colors.light_red, emu.pos, ptr, emu.colors.nc ); @@ -2178,7 +2178,7 @@ fn HeapCreate(emu: &mut emu::Emu) { let initSZ = emu.regs.rdx; let maxSZ = emu.regs.r8; - println!( + log::info!( "{}** {} kernel32!HeapCreate maxSZ:{} {}", emu.colors.light_red, emu.pos, maxSZ, emu.colors.nc ); @@ -2199,7 +2199,7 @@ fn lstrcpyn(emu: &mut emu::Emu) { emu.maps.memset(out_str1, 0, len); emu.maps.write_string(out_str1, &s); - println!( + log::info!( "{}** {} kernel32!lstrcpyn {} {}", emu.colors.light_red, emu.pos, s, emu.colors.nc ); @@ -2219,7 +2219,7 @@ fn GetModuleFileNameA(emu: &mut emu::Emu) { emu.regs.rax = 0; } - println!( + log::info!( "{}** {} kernel32!GetModuleFileNameA hndl:{:x} {}", emu.colors.light_red, emu.pos, hndl, emu.colors.nc ); @@ -2245,7 +2245,7 @@ fn GetLocalTime(emu: &mut emu::Emu) { emu.maps.write_bytes_slice(ptr, &buffer); - println!( + log::info!( "{}** {} kernel32!GetLocalTime {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2258,7 +2258,7 @@ fn SystemTimeToFileTime(emu: &mut emu::Emu) { let now = structures::SystemTime::now(); now.save(out_ptr, &mut emu.maps); - println!( + log::info!( "{}** {} kernel32!SystemTimeToFileTime {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -2270,7 +2270,7 @@ fn GetNativeSystemInfo(emu: &mut emu::Emu) { let mut sysinfo = emu::structures::SystemInfo32::new(); sysinfo.save(ptr_sysinfo, &mut emu.maps); - println!( + log::info!( "{}** {} kernel32!GetNativeSysteminfo 0x{:x} {}", emu.colors.light_red, emu.pos, ptr_sysinfo, emu.colors.nc ); @@ -2284,7 +2284,7 @@ fn lstrcpyW(emu: &mut emu::Emu) { emu.maps.write_wide_string(dst, &s); emu.maps.write_byte(dst + (s.len() as u64 * 2), 0); - println!( + log::info!( "{}** {} kernel32!lstrcpyW 0x{:x} 0x{:x} {} {}", emu.colors.light_red, emu.pos, dst, src, &s, emu.colors.nc ); @@ -2304,7 +2304,7 @@ fn lstrcpy(emu: &mut emu::Emu) { emu.maps.write_string(dst, &s); emu.maps.write_byte(dst + (s.len() as u64), 0); - println!( + log::info!( "{}** {} kernel32!lstrcpy 0x{:x} 0x{:x} {} {}", emu.colors.light_red, emu.pos, dst, src, &s, emu.colors.nc ); @@ -2322,7 +2322,7 @@ pub fn FindActCtxSectionStringW(emu: &mut emu::Emu) { let string_name = emu.maps.read_wide_string(emu.regs.r8); let string_value = emu.maps.read_wide_string(emu.regs.r9); - println!( + log::info!( "{}** {} kernel32!FindActCtxSectionStringW section_name: {} string_name: {} string_value: {} {}", emu.colors.light_red, emu.pos, section_name, string_name, string_value, emu.colors.nc ); diff --git a/src/emu/winapi64/kernelbase.rs b/src/emu/winapi64/kernelbase.rs index f953b15..629c5e5 100644 --- a/src/emu/winapi64/kernelbase.rs +++ b/src/emu/winapi64/kernelbase.rs @@ -11,7 +11,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { "GetTokenInformation" => GetTokenInformation(emu), _ => { - println!( + log::info!( "calling unimplemented kernelbase API 0x{:x} {}", addr, apiname ); @@ -27,7 +27,7 @@ pub fn PathCombineA(emu: &mut emu::Emu) { let path1 = emu.maps.read_string(emu.regs.rdx); let path2 = emu.maps.read_string(emu.regs.r8); - println!( + log::info!( "{}** {} kernelbase!PathCombineA path1: {} path2: {} {}", emu.colors.light_red, emu.pos, path1, path2, emu.colors.nc ); @@ -42,7 +42,7 @@ pub fn PathCombineA(emu: &mut emu::Emu) { pub fn IsCharAlphaNumericA(emu: &mut emu::Emu) { let c = emu.regs.rcx as u8 as char; - println!( + log::info!( "{}** {} kernelbase!IsCharAlphaNumericA char: {} {}", emu.colors.light_red, emu.pos, c, emu.colors.nc ); @@ -57,7 +57,7 @@ pub fn GetTokenInformation(emu: &mut emu::Emu) { let token_information_length = emu.regs.r9; let return_length = emu.maps.read_qword(emu.regs.rsp); - println!( + log::info!( "{}** {} kernelbase!GetTokenInformation token_information_class: 0x{:x} {}", emu.colors.light_red, emu.pos, token_information_class, emu.colors.nc ); diff --git a/src/emu/winapi64/ntdll.rs b/src/emu/winapi64/ntdll.rs index e26212c..d3a9f7e 100644 --- a/src/emu/winapi64/ntdll.rs +++ b/src/emu/winapi64/ntdll.rs @@ -44,7 +44,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { "NtTerminateThread" => NtTerminateThread(emu), _ => { - println!("calling unimplemented ntdll API 0x{:x} {}", addr, apiname); + log::info!("calling unimplemented ntdll API 0x{:x} {}", addr, apiname); return apiname; } } @@ -96,7 +96,7 @@ fn NtAllocateVirtualMemory(emu: &mut emu::Emu) { alloc_addr = addr; } - println!( + log::info!( "{}** {} ntdll!NtAllocateVirtualMemory addr: 0x{:x} sz: {} alloc: 0x{:x} {}", emu.colors.light_red, emu.pos, addr, size, alloc_addr, emu.colors.nc ); @@ -116,7 +116,7 @@ fn stricmp(emu: &mut emu::Emu) { let str1 = emu.maps.read_string(str1ptr); let str2 = emu.maps.read_string(str2ptr); - println!( + log::info!( "{}** {} ntdll!stricmp '{}'=='{}'? {}", emu.colors.light_red, emu.pos, str1, str2, emu.colors.nc ); @@ -132,23 +132,23 @@ fn NtQueryVirtualMemory(emu: &mut emu::Emu) { let handle = emu.regs.rcx; let addr = emu.regs.rdx; - println!( + log::info!( "{}** {} ntdll!NtQueryVirtualMemory addr: 0x{:x} {}", emu.colors.light_red, emu.pos, addr, emu.colors.nc ); if handle != 0xffffffff { - println!("\tusing handle of remote process {:x}", handle); + log::info!("\tusing handle of remote process {:x}", handle); if !helper::handler_exist(handle) { - println!("\nhandler doesnt exist."); + log::info!("\nhandler doesnt exist."); } } let out_meminfo_ptr = emu.regs.r9; if !emu.maps.is_mapped(addr) { - println!( + log::info!( "/!\\ ntdll!NtQueryVirtualMemory: querying non maped addr: 0x{:x}", addr ); @@ -181,7 +181,7 @@ fn LdrLoadDll(emu: &mut emu::Emu) { let libaddr_ptr = emu.regs.r9; let libname = emu.maps.read_wide_string(libname_ptr); - println!( + log::info!( "{}** {} ntdll!LdrLoadDll lib: {} {}", emu.colors.light_red, emu.pos, libname, emu.colors.nc ); @@ -204,7 +204,7 @@ fn RtlAddVectoredExceptionHandler(emu: &mut emu::Emu) { let p1 = emu.regs.rcx; let fptr = emu.regs.rdx; - println!( + log::info!( "{}** {} ntdll!RtlAddVectoredExceptionHandler {} callback: 0x{:x} {}", emu.colors.light_red, emu.pos, p1, fptr, emu.colors.nc ); @@ -217,7 +217,7 @@ fn RtlRemoveVectoredExceptionHandler(emu: &mut emu::Emu) { let p1 = emu.regs.rcx; let fptr = emu.regs.rdx; - println!( + log::info!( "{}** {} ntdll!RtlRemoveVectoredExceptionHandler {} callback: 0x{:x} {}", emu.colors.light_red, emu.pos, p1, fptr, emu.colors.nc ); @@ -234,7 +234,7 @@ fn NtGetContextThread(emu: &mut emu::Emu) { .read_qword(ctx_ptr) .expect("ntdll_NtGetContextThread: error reading context ptr"); - println!( + log::info!( "{}** {} ntdll_NtGetContextThread ctx: {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -246,7 +246,7 @@ fn NtGetContextThread(emu: &mut emu::Emu) { } fn RtlExitUserThread(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} ntdll!RtlExitUserThread {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -264,7 +264,7 @@ fn ZwQueueApcThread(emu: &mut emu::Emu) { .read_qword(emu.regs.rsp) .expect("kernel32!ZwQueueApcThread cannot read arg2"); - println!( + log::info!( "{}** {} ntdll!ZwQueueApcThread hndl: {} routine: {} ctx: {} arg1: {} arg2: {} {}", emu.colors.light_red, emu.pos, @@ -307,7 +307,7 @@ fn RtlAllocateHeap(emu: &mut emu::Emu) { emu.maps.create_map(&map_name, alloc_addr, size).expect("ntdll!RtlAllocateHeap cannot create map"); //} - println!( + log::info!( "{}** {} ntdll!RtlAllocateHeap hndl: {:x} sz: {} =addr: 0x{:x} {}", emu.colors.light_red, emu.pos, handle, size, alloc_addr, emu.colors.nc ); @@ -320,14 +320,14 @@ fn RtlQueueWorkItem(emu: &mut emu::Emu) { let ctx = emu.regs.rdx; let flags = emu.regs.r8; - println!( + log::info!( "{}** {} ntdll!RtlQueueWorkItem fptr: 0x{:x} ctx: 0x{:x} flags: {} {}", emu.colors.light_red, emu.pos, fptr, ctx, flags, emu.colors.nc ); if fptr > constants::LIBS_BARRIER64 { let name = kernel32::guess_api_name(emu, fptr); - println!("api: {} ", name); + log::info!("api: {} ", name); } emu.regs.rax = constants::STATUS_SUCCESS; @@ -338,7 +338,7 @@ fn NtWaitForSingleObject(emu: &mut emu::Emu) { let bAlert = emu.regs.rdx; let timeout = emu.regs.r8; - println!( + log::info!( "{}** {} ntdll!NtWaitForSingleObject hndl: 0x{:x} timeout: {} {}", emu.colors.light_red, emu.pos, handle, timeout, emu.colors.nc ); @@ -354,7 +354,7 @@ fn sscanf(emu: &mut emu::Emu) { let buffer = emu.maps.read_string(buffer_ptr); let fmt = emu.maps.read_string(fmt_ptr); - println!( + log::info!( "{}** {} ntdll!sscanf out_buff: `{}` fmt: `{}` {}", emu.colors.light_red, emu.pos, buffer, fmt, emu.colors.nc ); @@ -373,7 +373,7 @@ fn sscanf(emu: &mut emu::Emu) { } fn NtGetTickCount(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} ntdll!NtGetTickCount {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -385,7 +385,7 @@ fn NtQueryPerformanceCounter(emu: &mut emu::Emu) { let perf_counter_ptr = emu.regs.rcx; let perf_freq_ptr = emu.regs.rdx; - println!( + log::info!( "{}** {} ntdll!NtQueryPerformanceCounter {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -398,7 +398,7 @@ fn RtlGetProcessHeaps(emu: &mut emu::Emu) { let num_of_heaps = emu.regs.rcx; let out_process_heaps = emu.regs.rcx; - println!( + log::info!( "{}** {} ntdll!RtlGetProcessHeaps num: {} out: 0x{:x} {}", emu.colors.light_red, emu.pos, num_of_heaps, out_process_heaps, emu.colors.nc ); @@ -441,11 +441,11 @@ fn RtlDosPathNameToNtPathName_U(emu: &mut emu::Emu) { ); } else { if emu.cfg.verbose >= 1 { - println!( + log::info!( "/!\\ ntdll!RtlDosPathNameToNtPathName_U denied dest buffer on {} map", dst_map_name ); - println!( + log::info!( "memcpy1 0x{:x} <- 0x{:x} sz: {}", dos_path_unicode_ptr, dos_path_name_ptr, @@ -482,7 +482,7 @@ fn RtlDosPathNameToNtPathName_U(emu: &mut emu::Emu) { } None => { if emu.cfg.verbose >= 1 { - println!("/!\\ ntdll!RtlDosPathNameToNtPathName_U low memory"); + log::info!("/!\\ ntdll!RtlDosPathNameToNtPathName_U low memory"); } } }; @@ -530,7 +530,7 @@ fn NtCreateFile(emu: &mut emu::Emu) { .expect("ntdll!NtCreateFile error reading oattrib +8") as u64; let filename = emu.maps.read_wide_string(obj_name_ptr); - println!( + log::info!( "{}** {} ntdll!NtCreateFile {} {}", emu.colors.light_red, emu.pos, filename, emu.colors.nc ); @@ -548,7 +548,7 @@ fn RtlFreeHeap(emu: &mut emu::Emu) { let flags = emu.regs.rdx; let base_addr = emu.regs.r8; - println!( + log::info!( "{}** {} ntdll!RtlFreeHeap 0x{} {}", emu.colors.light_red, emu.pos, base_addr, emu.colors.nc ); @@ -560,7 +560,7 @@ fn RtlFreeHeap(emu: &mut emu::Emu) { .unwrap_or_else(|| String::new()); if name == "" { if emu.cfg.verbose >= 1 { - println!("map not allocated, so cannot free it."); + log::info!("map not allocated, so cannot free it."); } emu.regs.rax = 0; return; @@ -572,7 +572,7 @@ fn RtlFreeHeap(emu: &mut emu::Emu) { } else { emu.regs.rax = 0; if emu.cfg.verbose >= 1 { - println!("trying to free a systems map {}", name); + log::info!("trying to free a systems map {}", name); } } } @@ -587,7 +587,7 @@ fn NtQueryInformationFile(emu: &mut emu::Emu) { .read_qword(emu.regs.rsp) .expect("ntdll!NtQueryInformationFile cannot read fileinfoctls param"); - println!( + log::info!( "{}** {} ntdll!NtQueryInformationFile {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -623,7 +623,7 @@ fn NtReadFile(emu: &mut emu::Emu) { let file = helper::handler_get_uri(file_hndl); - println!( + log::info!( "{}** {} ntdll!NtReadFile {} buff: 0x{:x} sz: {} off_var: 0x{:x} {}", emu.colors.light_red, emu.pos, file, buff, len, off, emu.colors.nc ); @@ -637,7 +637,7 @@ fn NtClose(emu: &mut emu::Emu) { let uri = helper::handler_get_uri(hndl); - println!( + log::info!( "{}** {} ntdll!NtClose hndl: 0x{:x} uri: {} {}", emu.colors.light_red, emu.pos, hndl, uri, emu.colors.nc ); @@ -653,7 +653,7 @@ fn RtlInitializeCriticalSectionAndSpinCount(emu: &mut emu::Emu) { let crit_sect = emu.regs.rcx; let spin_count = emu.regs.rdx; - println!( + log::info!( "{}** {} ntdll!RtlInitializeCriticalSectionAndSpinCount {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -671,7 +671,7 @@ fn NtProtectVirtualMemory(emu: &mut emu::Emu) { .read_qword(emu.regs.rsp) .expect("ntdll!NtProtectVirtualMemory error reading old prot param"); - println!( + log::info!( "{}** {} ntdll!NtProtectVirtualMemory sz: {} {} {}", emu.colors.light_red, emu.pos, sz, prot, emu.colors.nc ); @@ -682,7 +682,7 @@ fn NtProtectVirtualMemory(emu: &mut emu::Emu) { fn RtlEnterCriticalSection(emu: &mut emu::Emu) { let hndl = emu.regs.rcx; - println!( + log::info!( "{}** {} ntdll!RtlEnterCriticalSection {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -693,7 +693,7 @@ fn RtlEnterCriticalSection(emu: &mut emu::Emu) { fn RtlGetVersion(emu: &mut emu::Emu) { let versioninfo_ptr = emu.regs.rcx; - println!( + log::info!( "{}** {} ntdll!RtlGetVersion {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -709,7 +709,7 @@ fn RtlInitializeCriticalSectionEx(emu: &mut emu::Emu) { let spin_count = emu.regs.rdx; let flags = emu.regs.r8; - println!( + log::info!( "{}** {} ntdll!RtlInitializeCriticalSectionEx {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -722,7 +722,7 @@ fn memset(emu: &mut emu::Emu) { let byte = emu.regs.rdx; let count = emu.regs.r8; - println!( + log::info!( "{}** {} ntdll!memset ptr: 0x{:x} byte: {} count: {} {}", emu.colors.light_red, emu.pos, ptr, byte, count, emu.colors.nc ); @@ -735,7 +735,7 @@ fn memset(emu: &mut emu::Emu) { fn RtlSetUnhandledExceptionFilter(emu: &mut emu::Emu) { let filter = emu.regs.rcx; - println!( + log::info!( "{}** {} ntdll!RtlSetUnhandledExceptionFilter filter: 0x{:x} {}", emu.colors.light_red, emu.pos, filter, emu.colors.nc ); @@ -752,7 +752,7 @@ fn RtlCopyMemory(emu: &mut emu::Emu) { emu.maps.memcpy(dst, src, sz); let s = emu.maps.read_string(src); - println!( + log::info!( "{}** {} ntdll!RtlCopyMemory {} {}", emu.colors.light_red, emu.pos, s, emu.colors.nc ); @@ -772,7 +772,7 @@ fn RtlReAllocateHeap(emu: &mut emu::Emu) { None => 0, }; - println!( + log::info!( "{}** {} ntdll!RtlReAllocateHeap hndl: {:x} sz: {} {}", emu.colors.light_red, emu.pos, hndl, sz, emu.colors.nc ); @@ -783,7 +783,7 @@ fn NtFlushInstructionCache(emu: &mut emu::Emu) { let addr = emu.regs.rdx; let sz = emu.regs.r8; - println!( + log::info!( "{}** {} ntdll!NtFlushInstructionCache hndl: {:x} 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, proc_hndl, addr, sz, emu.colors.nc ); @@ -804,7 +804,7 @@ fn LdrGetDllHandleEx(emu: &mut emu::Emu) { let dll_name = emu.maps.read_wide_string(dll_name_ptr); - println!( + log::info!( "{}** {} ntdll!LdrGetDllHandleEx {} {}", emu.colors.light_red, emu.pos, dll_name, emu.colors.nc ); @@ -821,7 +821,7 @@ fn NtTerminateThread(emu: &mut emu::Emu) { let handle = emu.regs.rcx; let exit_status = emu.regs.rdx; - println!( + log::info!( "{}** {} ntdll!NtTerminateThread {:x} {} {}", emu.colors.light_red, emu.pos, handle, exit_status, emu.colors.nc ); diff --git a/src/emu/winapi64/shell32.rs b/src/emu/winapi64/shell32.rs index 83ecd7a..6fd6f1f 100644 --- a/src/emu/winapi64/shell32.rs +++ b/src/emu/winapi64/shell32.rs @@ -5,7 +5,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { match apiname.as_str() { "RealShellExecuteA" => RealShellExecuteA(emu), _ => { - println!("calling unimplemented shell32 API 0x{:x} {}", addr, apiname); + log::info!("calling unimplemented shell32 API 0x{:x} {}", addr, apiname); return apiname; } } @@ -29,7 +29,7 @@ fn RealShellExecuteA(emu: &mut emu::Emu) { let file = emu.maps.read_string(file_ptr); let params = emu.maps.read_string(params_ptr); - println!( + log::info!( "{}** {} shell32!RealShellExecuteA {} {} {}", emu.colors.light_red, emu.pos, file, params, emu.colors.nc ); diff --git a/src/emu/winapi64/shlwapi.rs b/src/emu/winapi64/shlwapi.rs index dd73c8b..7560caa 100644 --- a/src/emu/winapi64/shlwapi.rs +++ b/src/emu/winapi64/shlwapi.rs @@ -9,7 +9,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { "PathFindSuffixArrayA" => PathFindSuffixArrayA(emu), _ => { - println!( + log::info!( "calling unimplemented shlwapi API 0x{:x} {}", addr, apiname ); @@ -24,7 +24,7 @@ pub fn PathIsContentTypeW(emu: &mut emu::Emu) { let path = emu.maps.read_wide_string(emu.regs.rcx); let content_type = emu.maps.read_wide_string(emu.regs.rdx); - println!( + log::info!( "{}** {} shlwapi!PathIsContentTypeW path: {} content-type: {} {}", emu.colors.light_red, emu.pos, path, content_type, emu.colors.nc ); @@ -36,7 +36,7 @@ pub fn PathFindSuffixArrayA(emu: &mut emu::Emu) { let path = emu.maps.read_string(emu.regs.rcx); let suffixes = emu.maps.read_string(emu.regs.rdx); - println!( + log::info!( "{}** {} shlwapi!PathFindSuffixArrayA path: {} suffixes: {} {}", emu.colors.light_red, emu.pos, path, suffixes, emu.colors.nc ); diff --git a/src/emu/winapi64/user32.rs b/src/emu/winapi64/user32.rs index 5c3474e..c02c14b 100644 --- a/src/emu/winapi64/user32.rs +++ b/src/emu/winapi64/user32.rs @@ -7,7 +7,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { "GetDesktopWindow" => GetDesktopWindow(emu), _ => { - println!("calling unimplemented user32 API 0x{:x} {}", addr, apiname); + log::info!("calling unimplemented user32 API 0x{:x} {}", addr, apiname); return apiname; } } @@ -20,7 +20,7 @@ fn MessageBoxA(emu: &mut emu::Emu) { let msg = emu.maps.read_string(msgptr); let title = emu.maps.read_string(titleptr); - println!( + log::info!( "{}** {} user32!MessageBoxA {} {} {}", emu.colors.light_red, emu.pos, title, msg, emu.colors.nc ); @@ -29,7 +29,7 @@ fn MessageBoxA(emu: &mut emu::Emu) { } fn GetDesktopWindow(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} user32!GetDesktopWindow {}", emu.colors.light_red, emu.pos, emu.colors.nc ); diff --git a/src/emu/winapi64/winhttp.rs b/src/emu/winapi64/winhttp.rs index be6e4a7..08b5843 100644 --- a/src/emu/winapi64/winhttp.rs +++ b/src/emu/winapi64/winhttp.rs @@ -6,7 +6,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { /*"StartServiceCtrlDispatcherA" => StartServiceCtrlDispatcherA(emu), "StartServiceCtrlDispatcherW" => StartServiceCtrlDispatcherW(emu),*/ _ => { - println!("calling unimplemented winhttp API 0x{:x} {}", addr, apiname); + log::info!("calling unimplemented winhttp API 0x{:x} {}", addr, apiname); return apiname; } } diff --git a/src/emu/winapi64/wininet.rs b/src/emu/winapi64/wininet.rs index 84ec6dd..65df00a 100644 --- a/src/emu/winapi64/wininet.rs +++ b/src/emu/winapi64/wininet.rs @@ -23,7 +23,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { "InternetReadFileExW" => InternetReadFileExW(emu), "InternetErrorDlg" => InternetErrorDlg(emu), _ => { - println!("calling unimplemented wininet API 0x{:x} {}", addr, apiname); + log::info!("calling unimplemented wininet API 0x{:x} {}", addr, apiname); return apiname; } } @@ -59,7 +59,7 @@ pub fn InternetOpenA(emu: &mut emu::Emu) { proxy_bypass = emu.maps.read_string(proxybypass_ptr); } - println!( + log::info!( "{}** {} wininet!InternetOpenA uagent: {} proxy: {} {} {}", emu.colors.light_red, emu.pos, uagent, proxy, proxy_bypass, emu.colors.nc ); @@ -100,7 +100,7 @@ pub fn InternetOpenW(emu: &mut emu::Emu) { proxy_bypass = emu.maps.read_wide_string(proxybypass_ptr); } - println!( + log::info!( "{}** {} wininet!InternetOpenW uagent: {} proxy: {} {} {}", emu.colors.light_red, emu.pos, uagent, proxy, proxy_bypass, emu.colors.nc ); @@ -152,13 +152,13 @@ pub fn InternetConnectA(emu: &mut emu::Emu) { passw = emu.maps.read_string(passw_ptr); } - println!( + log::info!( "{}** {} wininet!InternetConnectA host: {} port: {} login: {} passw: {} {}", emu.colors.light_red, emu.pos, server, port, login, passw, emu.colors.nc ); if !helper::handler_exist(internet_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } /* @@ -206,13 +206,13 @@ pub fn InternetConnectW(emu: &mut emu::Emu) { passw = emu.maps.read_wide_string(passw_ptr); } - println!( + log::info!( "{}** {} wininet!InternetConnectW host: {} port: {} login: {} passw: {} {}", emu.colors.light_red, emu.pos, server, port, login, passw, emu.colors.nc ); if !helper::handler_exist(internet_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } /* @@ -268,17 +268,17 @@ fn HttpOpenRequestA(emu: &mut emu::Emu) { access = emu.maps.read_string(access_ptr); } - println!( + log::info!( "{}** {} wininet!HttpOpenRequestA method: {} path: {} ver: {} ref: {} access: {} {}", emu.colors.light_red, emu.pos, method, path, version, referrer, access, emu.colors.nc ); if !helper::handler_exist(conn_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } if flags & constants::INTERNET_FLAG_SECURE == 1 { - println!("\tssl communication."); + log::info!("\tssl communication."); } /* @@ -346,13 +346,13 @@ fn HttpOpenRequestW(emu: &mut emu::Emu) { access = emu.maps.read_wide_string(access_ptr); } - println!( + log::info!( "{}** {} wininet!HttpOpenRequestW method: {} path: {} ver: {} ref: {} access: {} {}", emu.colors.light_red, emu.pos, method, path, version, referrer, access, emu.colors.nc ); if !helper::handler_exist(conn_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } /* @@ -389,13 +389,13 @@ fn InternetSetOptionA(emu: &mut emu::Emu) { } let sbuff = emu.maps.read_string(buffer); - println!( + log::info!( "{}** {} wininet!InternetSetOptionA option: 0x{:x} buff: {{{}}} {} {}", emu.colors.light_red, emu.pos, option, buffer_content, sbuff, emu.colors.nc ); if !helper::handler_exist(inet_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } emu.regs.rax = 1; // true @@ -413,13 +413,13 @@ fn InternetSetOptionW(emu: &mut emu::Emu) { } let sbuff = emu.maps.read_wide_string(buffer); - println!( + log::info!( "{}** {} wininet!InternetSetOptionW option: 0x{:x} buff: {{{}}} {} {}", emu.colors.light_red, emu.pos, option, buffer_content, sbuff, emu.colors.nc ); if !helper::handler_exist(inet_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } emu.regs.rax = 1; // true @@ -438,13 +438,13 @@ fn HttpSendRequestA(emu: &mut emu::Emu) { let hdrs = emu.maps.read_string(hdrs_ptr); let opt = emu.maps.read_string(opt_ptr); - println!( + log::info!( "{}** {} wininet!HttpSendRequestA hdrs: {} opt: {} {}", emu.colors.light_red, emu.pos, hdrs, opt, emu.colors.nc ); if !helper::handler_exist(req_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } /* @@ -469,13 +469,13 @@ fn HttpSendRequestW(emu: &mut emu::Emu) { let hdrs = emu.maps.read_wide_string(hdrs_ptr); let opt = emu.maps.read_wide_string(opt_ptr); - println!( + log::info!( "{}** {} wininet!HttpSendRequestW hdrs: {} opt: {} {}", emu.colors.light_red, emu.pos, hdrs, opt, emu.colors.nc ); if !helper::handler_exist(req_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } /* @@ -490,7 +490,7 @@ fn HttpSendRequestW(emu: &mut emu::Emu) { fn InternetErrorDlg(emu: &mut emu::Emu) { let err = emu.regs.rcx; - println!( + log::info!( "{}** {} wininet!InternetErrorDlg err: {} {}", emu.colors.light_red, emu.pos, err, emu.colors.nc ); @@ -504,13 +504,13 @@ fn InternetReadFile(emu: &mut emu::Emu) { let bytes_to_read = emu.regs.r8; let bytes_read_ptr = emu.regs.r9; - println!( + log::info!( "{}** {} wininet!InternetReadFile sz: {} buff: 0x{:x} {}", emu.colors.light_red, emu.pos, bytes_to_read, buff_ptr, emu.colors.nc ); if !helper::handler_exist(file_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } if emu.cfg.endpoint { @@ -540,13 +540,13 @@ fn InternetReadFileExA(emu: &mut emu::Emu) { let flags = emu.regs.r8; let ctx = emu.regs.r9; - println!( + log::info!( "{}** {} wininet!InternetReadFileExA buff: 0x{:x} {}", emu.colors.light_red, emu.pos, buff_ptr, emu.colors.nc ); if !helper::handler_exist(file_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } emu.regs.rax = 1; // true @@ -558,13 +558,13 @@ fn InternetReadFileExW(emu: &mut emu::Emu) { let flags = emu.regs.r8; let ctx = emu.regs.r9; - println!( + log::info!( "{}** {} wininet!InternetReadFileExW buff: 0x{:x} {}", emu.colors.light_red, emu.pos, buff_ptr, emu.colors.nc ); if !helper::handler_exist(file_hndl) { - println!("\tinvalid handle."); + log::info!("\tinvalid handle."); } emu.regs.rax = 1; // true diff --git a/src/emu/winapi64/ws2_32.rs b/src/emu/winapi64/ws2_32.rs index 7c5e928..626ba17 100644 --- a/src/emu/winapi64/ws2_32.rs +++ b/src/emu/winapi64/ws2_32.rs @@ -35,7 +35,7 @@ pub fn gateway(addr: u64, emu: &mut emu::Emu) -> String { "WsaConnect" => WsaConnect(emu), */ _ => { - println!("calling unimplemented ws2_32 API 0x{:x} {}", addr, apiname); + log::info!("calling unimplemented ws2_32 API 0x{:x} {}", addr, apiname); return apiname; } } @@ -49,7 +49,7 @@ lazy_static! { } fn WsaStartup(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} ws2_32!WsaStartup {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -58,7 +58,7 @@ fn WsaStartup(emu: &mut emu::Emu) { } fn WsaSocketA(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} ws2_32!WsaSocketA {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -67,7 +67,7 @@ fn WsaSocketA(emu: &mut emu::Emu) { } fn socket(emu: &mut emu::Emu) { - println!( + log::info!( "{}** {} ws2_32!socket {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -79,7 +79,7 @@ fn WsaHtons(emu: &mut emu::Emu) { let host_port = emu.regs.rdx; let out_port = emu.regs.r8; - println!( + log::info!( "{}** {} ws2_32!WsaHtons {} {}", emu.colors.light_red, emu.pos, host_port, emu.colors.nc ); @@ -91,7 +91,7 @@ fn WsaHtons(emu: &mut emu::Emu) { fn htons(emu: &mut emu::Emu) { let port: u16 = emu.regs.rcx as u16; - println!( + log::info!( "{}** {} ws2_32!htons port: {} {}", emu.colors.light_red, emu.pos, port, emu.colors.nc ); @@ -104,7 +104,7 @@ fn inet_addr(emu: &mut emu::Emu) { //TODO: derreferece addr - println!( + log::info!( "{}** {} ws2_32!inet_addr {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -137,7 +137,7 @@ fn connect(emu: &mut emu::Emu) { (ip & 0xff0000) >> 16, (ip & 0xff000000) >> 24 ); - println!( + log::info!( "{}** {} ws2_32!connect family: {} {}:{} {}", emu.colors.light_red, emu.pos, family, sip, port, emu.colors.nc ); @@ -145,16 +145,16 @@ fn connect(emu: &mut emu::Emu) { if emu.cfg.endpoint { /* if endpoint::sock_connect(sip.as_str(), port) { - println!("\tconnected to the endpoint."); + log::info!("\tconnected to the endpoint."); } else { - println!("\tcannot connect. dont use -e"); + log::info!("\tcannot connect. dont use -e"); }*/ emu.regs.rax = 0; } else { // offline mode if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -168,13 +168,13 @@ fn recv(emu: &mut emu::Emu) { let mut len = emu.regs.r8; let flags = emu.regs.r9; - println!( + log::info!( "{}** {} ws2_32!recv buff: 0x{:x} sz: {} {}", emu.colors.light_red, emu.pos, buff, len, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; return; } @@ -186,7 +186,7 @@ fn recv(emu: &mut emu::Emu) { emu.maps.write_buffer(buff, &rbuff); - println!("\nreceived {} bytes from the endpoint.", n); + log::info!("\nreceived {} bytes from the endpoint.", n); emu.regs.rax = n as u64; */ } else { @@ -217,13 +217,13 @@ fn send(emu: &mut emu::Emu) { let bytes = emu.maps.read_string_of_bytes(buff, len as usize); - println!( + log::info!( "{}** {} ws2_32!send {{{}}} {}", emu.colors.light_red, emu.pos, bytes, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 0; return; } @@ -232,7 +232,7 @@ fn send(emu: &mut emu::Emu) { /* let buffer = emu.maps.read_buffer(buff, len as usize); let n = endpoint::sock_send(&buffer); - println!("\tsent {} bytes.", n); + log::info!("\tsent {} bytes.", n); emu.regs.rax = n as u64; */ } else { @@ -272,7 +272,7 @@ fn bind(emu: &mut emu::Emu) { (ip & 0xff000000) >> 24 ); - println!( + log::info!( "{}** {} ws2_32!bind family: {} {}:{} {}", emu.colors.light_red, emu.pos, @@ -283,7 +283,7 @@ fn bind(emu: &mut emu::Emu) { ); if !helper::socket_exist(sock) { - println!("\tbad socket."); + log::info!("\tbad socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -294,13 +294,13 @@ fn listen(emu: &mut emu::Emu) { let sock = emu.regs.rcx; let connections = emu.regs.rdx; - println!( + log::info!( "{}** {} ws2_32!listen connections: {} {}", emu.colors.light_red, emu.pos, connections, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -315,13 +315,13 @@ fn accept(emu: &mut emu::Emu) { let bytes = emu.maps.read_string_of_bytes(saddr, len as usize); - println!( + log::info!( "{}** {} ws2_32!accept connections: {} {}", emu.colors.light_red, emu.pos, bytes, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -331,7 +331,7 @@ fn accept(emu: &mut emu::Emu) { fn closesocket(emu: &mut emu::Emu) { let sock = emu.regs.rcx; - println!( + log::info!( "{}** {} ws2_32!closesocket {}", emu.colors.light_red, emu.pos, emu.colors.nc ); @@ -361,13 +361,13 @@ fn setsockopt(emu: &mut emu::Emu) { None => 0, }; - println!( + log::info!( "{}** {} ws2_32!setsockopt lvl: {} opt: {} val: {} {}", emu.colors.light_red, emu.pos, level, optname, val, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -386,13 +386,13 @@ fn getsockopt(emu: &mut emu::Emu) { emu.maps.write_dword(optval, 1); - println!( + log::info!( "{}** {} ws2_32!getsockopt lvl: {} opt: {} {}", emu.colors.light_red, emu.pos, level, optname, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -411,13 +411,13 @@ fn WsaAccept(emu: &mut emu::Emu) { let bytes = emu.maps.read_string_of_bytes(saddr, len as usize); - println!( + log::info!( "{}** {} ws2_32!WsaAccept connections: {} callback: {} {}", emu.colors.light_red, emu.pos, bytes, callback, emu.colors.nc ); if !helper::socket_exist(sock) { - println!("\tinvalid socket."); + log::info!("\tinvalid socket."); emu.regs.rax = 1; } else { emu.regs.rax = 0; @@ -432,7 +432,7 @@ fn GetSockName(emu: &mut emu::Emu) { emu.maps.write_dword(sockaddr_ptr, 0); emu.maps.write_dword(namelen_ptr, 4); - println!( + log::info!( "{}** {} ws2_32!GetSockName sock: {} {}", emu.colors.light_red, emu.pos, sock, emu.colors.nc ); @@ -444,7 +444,7 @@ fn gethostbyname(emu: &mut emu::Emu) { let domain_name_ptr = emu.regs.rcx; let domain_name = emu.maps.read_string(domain_name_ptr); - println!( + log::info!( "{}** {} ws2_32!gethostbyname `{}` {}", emu.colors.light_red, emu.pos, domain_name, emu.colors.nc ); From 036ef6ae34093005dcf0e5c8c53d5b13fea42029 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 16:27:58 -0500 Subject: [PATCH 30/49] mem_trace = debug level? --- src/emu.rs | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index 9097316..3df4534 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -1112,7 +1112,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", + log::debug!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, self.regs.get_esp(), value, name); } @@ -1173,7 +1173,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, self.regs.rsp, value, name); + log::debug!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, self.regs.rsp, value, name); } self.regs.rsp = self.regs.rsp - 8; @@ -1277,7 +1277,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(read_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", + log::debug!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, self.regs.get_esp(), value, name); // Record the write to register @@ -1292,7 +1292,7 @@ impl Emu { name: "register".to_string(), }; self.memory_operations.push(write_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = 'register'", + log::debug!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = 'register'", self.pos, self.regs.rip, 32, self.regs.get_esp(), value); } @@ -1357,7 +1357,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(read_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", + log::debug!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, self.regs.rsp, value, name); // Record the write to register @@ -1372,7 +1372,7 @@ impl Emu { name: "register".to_string(), }; self.memory_operations.push(write_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = 'register'", + log::debug!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = 'register'", self.pos, self.regs.rip, 64, self.regs.rsp, value); } @@ -1567,7 +1567,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, addr, v, name); + log::debug!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 64, addr, v, name); } return Some(v); } @@ -1591,7 +1591,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, addr, v, name); + log::debug!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, addr, v, name); } return Some(v.into()); } @@ -1615,7 +1615,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 16, addr, v, name); + log::debug!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 16, addr, v, name); } return Some(v.into()); } @@ -1639,7 +1639,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 8, addr, v, name); + log::debug!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 8, addr, v, name); } return Some(v.into()); } @@ -1695,7 +1695,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, addr, value, name); + log::debug!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, 32, addr, value, name); } let ret = match bits { @@ -3649,7 +3649,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, sz, mem_addr, value, name); + log::debug!("\tmem_trace: pos = {} rip = {:x} op = read bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, sz, mem_addr, value, name); } if mem_addr == self.bp.get_mem_read() { @@ -3827,7 +3827,7 @@ impl Emu { name: name.clone(), }; self.memory_operations.push(memory_operation); - log::info!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, sz, mem_addr, value2, name); + log::debug!("\tmem_trace: pos = {} rip = {:x} op = write bits = {} address = 0x{:x} value = 0x{:x} name = '{}'", self.pos, self.regs.rip, sz, mem_addr, value2, name); } /* @@ -4147,7 +4147,7 @@ impl Emu { pub fn show_instruction_taken(&self, color: &str, ins: &Instruction) { if self.cfg.verbose >= 2 { - log::info!( + log::debug!( "{}{} 0x{:x}: {} taken {}", color, self.pos, @@ -4160,7 +4160,7 @@ impl Emu { pub fn show_instruction_not_taken(&self, color: &str, ins: &Instruction) { if self.cfg.verbose >= 2 { - log::info!( + log::debug!( "{}{} 0x{:x}: {} not taken {}", color, self.pos, From de1f04c6be0166f2c0b92ebf9746572fab030497 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Sun, 22 Dec 2024 16:55:43 -0500 Subject: [PATCH 31/49] fix sbb? --- src/emu.rs | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index 3df4534..bff7023 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -5087,36 +5087,31 @@ impl Emu { Mnemonic::Sbb => { self.show_instruction(&self.colors.cyan, &ins); - + assert!(ins.op_count() == 2); - - let cf: u64; - if self.flags.f_cf { - cf = 1; - } else { - cf = 0; - } - + + let cf: u64 = if self.flags.f_cf { 1 } else { 0 }; + let value0 = match self.get_operand_value(&ins, 0, true) { Some(v) => v, None => return false, }; - + let value1 = match self.get_operand_value(&ins, 1, true) { Some(v) => v, None => return false, }; - + let res: u64; let sz = self.get_operand_sz(&ins, 1); match sz { - 64 => res = self.flags.sub64(value0, value1 + cf), - 32 => res = self.flags.sub32(value0, value1 + cf), - 16 => res = self.flags.sub16(value0, value1 + cf), - 8 => res = self.flags.sub8(value0, value1 + cf), + 64 => res = self.flags.sub64(value0, value1.wrapping_add(cf)), + 32 => res = self.flags.sub32(value0, value1.wrapping_add(cf)), + 16 => res = self.flags.sub16(value0, value1.wrapping_add(cf)), + 8 => res = self.flags.sub8(value0, value1.wrapping_add(cf)), _ => panic!("weird size"), } - + if !self.set_operand_value(&ins, 0, res) { return false; } From 09ae1bf8ebccad34f2029859c6d380a12af8004a Mon Sep 17 00:00:00 2001 From: sha0coder Date: Mon, 23 Dec 2024 12:45:23 +0100 Subject: [PATCH 32/49] msvcrt malloc(0) behavior --- src/emu.rs | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index bff7023..fb7872b 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -415,6 +415,7 @@ impl Emu { pub fn init(&mut self, clear_registers: bool, clear_flags: bool) { self.pos = 0; + if !atty::is(Stream::Stdout) { self.cfg.nocolors = true; self.colors.disable(); @@ -431,6 +432,7 @@ impl Emu { } //self.regs.rand(); + if self.cfg.is_64bits { self.regs.rip = self.cfg.entry_point; self.maps.is_64bits = true; @@ -463,6 +465,7 @@ impl Emu { self.banzai.add(api, params); } } + //self.init_tests(); } @@ -682,7 +685,11 @@ impl Emu { if pe32.opt.image_base >= constants::LIBS32_MIN as u32 { base = self.maps.alloc(pe32.mem_size() as u64 + 0xff).expect("out of memory") as u32; } else { - base = pe32.opt.image_base; + if self.maps.overlaps(pe32.opt.image_base as u64, pe32.mem_size() as u64) { + base = self.maps.alloc(pe32.mem_size() as u64 + 0xff).expect("out of memory") as u32; + } else { + base = pe32.opt.image_base; + } } // system library @@ -816,7 +823,11 @@ impl Emu { if pe64.opt.image_base >= constants::LIBS64_MIN as u64 { base = self.maps.alloc(pe64.size()+0xff).expect("out of memory"); } else { - base = pe64.opt.image_base; + if self.maps.overlaps(pe64.opt.image_base, pe64.size()) { + base = self.maps.alloc(pe64.size()+0xff).expect("out of memory"); + } else { + base = pe64.opt.image_base; + } } // system library From fe2e44e2257d3fea521c23c794ab7f0cbd9d1d08 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Mon, 23 Dec 2024 13:43:07 +0100 Subject: [PATCH 33/49] dump and dump_2 with println instead log --- src/emu/maps.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/emu/maps.rs b/src/emu/maps.rs index 91e934c..3145768 100644 --- a/src/emu/maps.rs +++ b/src/emu/maps.rs @@ -571,7 +571,7 @@ impl Maps { Err(n) => " -utf8err- ".to_string(), }; - log::info!(" {}", s); + println!(" {}", s); } } @@ -586,7 +586,7 @@ impl Maps { count += 1; print!("{:02x} ", b); if count >= amount { - log::info!(""); + println!(""); return; } } @@ -597,7 +597,7 @@ impl Maps { Err(n) => " -utf8err- ".to_string(), }; - log::info!(" {}", s); + println!(" {}", s); } } From 88bf02cffcb60f2f9bb3f42c8e7fea0670ac60f6 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Mon, 23 Dec 2024 17:38:02 +0100 Subject: [PATCH 34/49] update version --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 574955e..71e3c83 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libscemu" -version = "0.19.1" +version = "0.19.2" edition = "2018" authors = ["sha0coder"] license = "MIT" From 937ae0b9b454a616f948f625c85c9e64e75cb01d Mon Sep 17 00:00:00 2001 From: sha0coder Date: Mon, 23 Dec 2024 17:40:00 +0100 Subject: [PATCH 35/49] update readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 66f5a92..d048f74 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ use libscemu::emu32; fn main() { let mut emu = emu32(); emu.set_maps_folder("/tmp/maps32/"); - emu.init(); + emu.init(false, false); ``` Load your shellcode or PE binary and run the emulator. From 6b6e0f1608d457dacd6a81a72515be3ae60d85d2 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Tue, 24 Dec 2024 18:35:53 +0100 Subject: [PATCH 36/49] rep repne repnz system rebuilt --- src/emu.rs | 1669 ++++++++++++++++------------------------------------ 1 file changed, 520 insertions(+), 1149 deletions(-) diff --git a/src/emu.rs b/src/emu.rs index fb7872b..ed0afe1 100644 --- a/src/emu.rs +++ b/src/emu.rs @@ -151,6 +151,7 @@ pub struct Emu { pub last_instruction_size: usize, pub pe64: Option, pub pe32: Option, + rep: Option, } impl Emu { @@ -205,6 +206,7 @@ impl Emu { instruction: None, instruction_bytes: vec![], memory_operations: vec![], + rep: None, } } @@ -4158,7 +4160,7 @@ impl Emu { pub fn show_instruction_taken(&self, color: &str, ins: &Instruction) { if self.cfg.verbose >= 2 { - log::debug!( + log::info!( "{}{} 0x{:x}: {} taken {}", color, self.pos, @@ -4171,7 +4173,7 @@ impl Emu { pub fn show_instruction_not_taken(&self, color: &str, ins: &Instruction) { if self.cfg.verbose >= 2 { - log::debug!( + log::info!( "{}{} 0x{:x}: {} not taken {}", color, self.pos, @@ -4537,21 +4539,31 @@ impl Emu { Decoder::with_ip(32, &block, self.regs.get_eip(), DecoderOptions::NONE); } - while decoder.can_decode() { - let ins = decoder.decode(); - let sz = ins.len(); - let addr = ins.ip(); - let position = decoder.position(); - let instruction_bytes = block[position-sz..position].to_vec(); + let mut ins:Instruction = Instruction::default(); + let mut sz:usize = 0; + let mut addr:u64 = 0; + //let mut position:usize = 0; + //let mut instruction_bytes:Vec = Vec::new(); + - if !end_addr.is_none() && Some(addr) == end_addr { - return Ok(self.regs.rip); + self.rep = None; + while decoder.can_decode() { + if self.rep.is_none() { + ins = decoder.decode(); + sz = ins.len(); + addr = ins.ip(); + //position = decoder.position(); + //instruction_bytes = block[position-sz..position].to_vec(); + + if !end_addr.is_none() && Some(addr) == end_addr { + return Ok(self.regs.rip); + } } self.out.clear(); formatter.format(&ins, &mut self.out); self.instruction = Some(ins); - self.instruction_bytes = instruction_bytes; + //self.instruction_bytes = instruction_bytes; self.memory_operations.clear(); self.pos += 1; @@ -4575,34 +4587,36 @@ impl Emu { } // prevent infinite loop - if addr == prev_addr { - // || addr == prev_prev_addr { - repeat_counter += 1; - } - //prev_prev_addr = prev_addr; - prev_addr = addr; - if repeat_counter == 100 { - log::info!("infinite loop! opcode: {}", ins.op_code().op_code_string()); - return Err(ScemuError::new("inifinite loop found")); - } - - if self.cfg.loops { - // loop detector - looped.push(addr); - let mut count: u32 = 0; - for a in looped.iter() { - if addr == *a { - count += 1; + if self.rep.is_none() { + if addr == prev_addr { + // || addr == prev_prev_addr { + repeat_counter += 1; + } + //prev_prev_addr = prev_addr; + prev_addr = addr; + if repeat_counter == 100 { + log::info!("infinite loop! opcode: {}", ins.op_code().op_code_string()); + return Err(ScemuError::new("inifinite loop found")); + } + + if self.cfg.loops { + // loop detector + looped.push(addr); + let mut count: u32 = 0; + for a in looped.iter() { + if addr == *a { + count += 1; + } } + if count > 2 { + log::info!(" loop: {} interations", count); + } + /* + if count > self.loop_limit { + panic!("/!\\ iteration limit reached"); + }*/ + //TODO: if more than x addresses remove the bottom ones } - if count > 2 { - log::info!(" loop: {} interations", count); - } - /* - if count > self.loop_limit { - panic!("/!\\ iteration limit reached"); - }*/ - //TODO: if more than x addresses remove the bottom ones } if self.cfg.trace_file.is_some() { @@ -4627,7 +4641,43 @@ impl Emu { None => (), } + if ins.has_rep_prefix() || ins.has_repe_prefix() || ins.has_repne_prefix() { + if self.rep.is_none() { + self.rep = Some(0); + } + + // if rcx is 0 in first rep step, skip instruction. + if self.regs.rcx == 0 { + self.rep = None; + if self.cfg.is_64bits { + self.regs.rip += sz as u64; + } else { + self.regs.set_eip(self.regs.get_eip() + sz as u64); + } + continue; + } + } + + /*************************************/ let emulation_ok = self.emulate_instruction(&ins, sz, false); + /*************************************/ + + if let Some(rep_count) = self.rep { + if self.regs.rcx > 0 { + self.regs.rcx -= 1; + if self.regs.rcx == 0 { + self.rep = None; + } else { + self.rep = Some(rep_count + 1); + } + } + if ins.has_repe_prefix() && !self.flags.f_zf { + self.rep = None; + } + if ins.has_repne_prefix() && self.flags.f_zf { + self.rep = None; + } + } match self.hook.hook_on_post_instruction { Some(hook_fn) => hook_fn(self, self.regs.rip, &ins, sz, emulation_ok), @@ -4656,11 +4706,13 @@ impl Emu { break; } - if self.cfg.is_64bits { - self.regs.rip += sz as u64; - } else { - self.regs.set_eip(self.regs.get_eip() + sz as u64); - } + if self.rep.is_none() { + if self.cfg.is_64bits { + self.regs.rip += sz as u64; + } else { + self.regs.set_eip(self.regs.get_eip() + sz as u64); + } + } if self.force_break { self.force_break = false; @@ -6744,293 +6796,129 @@ impl Emu { } Mnemonic::Movsb => { - if self.cfg.is_64bits { - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if !first_iteration { - self.pos += 1; - } - - let val = match self.maps.read_byte(self.regs.rsi) { - Some(v) => v, - None => { - log::info!("cannot read memory on rsi"); - return false; - } - }; - if !self.maps.write_byte(self.regs.rdi, val) { - log::info!("cannot write memoryh on rdi"); - return false; - } - - if !self.flags.f_df { - self.regs.rsi += 1; - self.regs.rdi += 1; - } else { - self.regs.rsi -= 1; - self.regs.rdi -= 1; - } - - self.regs.rcx -= 1; - if self.regs.rcx == 0 { - return true; - } - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } - } - } else { + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { self.show_instruction(&self.colors.light_cyan, &ins); - - let val = self - .maps - .read_byte(self.regs.rsi) - .expect("cannot read memory"); - self.maps.write_byte(self.regs.rdi, val); - if !self.flags.f_df { - self.regs.rsi += 1; - self.regs.rdi += 1; - } else { - self.regs.rsi -= 1; - self.regs.rdi -= 1; - } } } else { - // 32bits - - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if !first_iteration { - self.pos += 1; - } - - let val = match self.maps.read_byte(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read memory on esi"); - return false; - } - }; - if !self.maps.write_byte(self.regs.get_edi(), val) { - log::info!("cannot write memory on edi"); - return false; - } + self.show_instruction(&self.colors.light_cyan, &ins); + } - if !self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() + 1); - self.regs.set_edi(self.regs.get_edi() + 1); - } else { - self.regs.set_esi(self.regs.get_esi() - 1); - self.regs.set_edi(self.regs.get_edi() - 1); - } + if self.cfg.is_64bits { - self.regs.set_ecx(self.regs.get_ecx() - 1); - if self.regs.get_ecx() == 0 { - return true; - } - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } + let val = match self.maps.read_byte(self.regs.rsi) { + Some(v) => v, + None => { + log::info!("cannot read memory on rsi"); + return false; } - } else { - self.show_instruction(&self.colors.light_cyan, &ins); + }; + if !self.maps.write_byte(self.regs.rdi, val) { + log::info!("cannot write memoryh on rdi"); + return false; + } - let val = match self.maps.read_byte(self.regs.get_esi()) { - Some(v) => v, - None => return false, - }; + if !self.flags.f_df { + self.regs.rsi += 1; + self.regs.rdi += 1; + } else { + self.regs.rsi -= 1; + self.regs.rdi -= 1; + } - self.maps.write_byte(self.regs.get_edi(), val); - if !self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() + 1); - self.regs.set_edi(self.regs.get_edi() + 1); - } else { - self.regs.set_esi(self.regs.get_esi() - 1); - self.regs.set_edi(self.regs.get_edi() - 1); + } else { + let val = match self.maps.read_byte(self.regs.get_esi()) { + Some(v) => v, + None => { + log::info!("cannot read memory on esi"); + return false; } + }; + if !self.maps.write_byte(self.regs.get_edi(), val) { + log::info!("cannot write memory on edi"); + return false; + } + + if !self.flags.f_df { + self.regs.set_esi(self.regs.get_esi() + 1); + self.regs.set_edi(self.regs.get_edi() + 1); + } else { + self.regs.set_esi(self.regs.get_esi() - 1); + self.regs.set_edi(self.regs.get_edi() - 1); } } } Mnemonic::Movsw => { - if self.cfg.is_64bits { - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if !first_iteration { - self.pos += 1; - } - - let val = self - .maps - .read_word(self.regs.rsi) - .expect("cannot read memory"); - self.maps.write_word(self.regs.rdi, val); + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); + } + } else { + self.show_instruction(&self.colors.light_cyan, &ins); + } - if !self.flags.f_df { - self.regs.rsi += 2; - self.regs.rdi += 2; - } else { - self.regs.rsi -= 2; - self.regs.rdi -= 2; - } + if self.cfg.is_64bits { + let val = self + .maps + .read_word(self.regs.rsi) + .expect("cannot read memory"); + self.maps.write_word(self.regs.rdi, val); - self.regs.rcx -= 1; - if self.regs.rcx == 0 { - return true; - } - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } - } + if !self.flags.f_df { + self.regs.rsi += 2; + self.regs.rdi += 2; } else { - self.show_instruction(&self.colors.light_cyan, &ins); - let val = self - .maps - .read_word(self.regs.rsi) - .expect("cannot read memory"); - self.maps.write_word(self.regs.rdi, val); - if !self.flags.f_df { - self.regs.rsi += 2; - self.regs.rdi += 2; - } else { - self.regs.rsi -= 2; - self.regs.rdi -= 2; - } + self.regs.rsi -= 2; + self.regs.rdi -= 2; } } else { // 32bits + let val = self + .maps + .read_word(self.regs.get_esi()) + .expect("cannot read memory"); + self.maps.write_word(self.regs.get_edi(), val); - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if !first_iteration { - self.pos += 1; - } - - let val = self - .maps - .read_word(self.regs.get_esi()) - .expect("cannot read memory"); - self.maps.write_word(self.regs.get_edi(), val); - - if !self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() + 2); - self.regs.set_edi(self.regs.get_edi() + 2); - } else { - self.regs.set_esi(self.regs.get_esi() - 2); - self.regs.set_edi(self.regs.get_edi() - 2); - } - - self.regs.set_ecx(self.regs.get_ecx() - 1); - if self.regs.get_ecx() == 0 { - return true; - } - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } - } + if !self.flags.f_df { + self.regs.set_esi(self.regs.get_esi() + 2); + self.regs.set_edi(self.regs.get_edi() + 2); } else { - self.show_instruction(&self.colors.light_cyan, &ins); - let val = match self.maps.read_word(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read memory on esi"); - return false; - } - }; - self.maps.write_word(self.regs.get_edi(), val); - if !self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() + 2); - self.regs.set_edi(self.regs.get_edi() + 2); - } else { - self.regs.set_esi(self.regs.get_esi() - 2); - self.regs.set_edi(self.regs.get_edi() - 2); - } + self.regs.set_esi(self.regs.get_esi() - 2); + self.regs.set_edi(self.regs.get_edi() - 2); } } } Mnemonic::Movsq => { - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if self.regs.rcx == 0 { - return true; - } - if !first_iteration { - self.pos += 1; - } - - let val = self - .maps - .read_qword(self.regs.rsi) - .expect("cannot read memory"); - self.maps.write_qword(self.regs.rdi, val); - - if !self.flags.f_df { - self.regs.rsi += 8; - self.regs.rdi += 8; - } else { - self.regs.rsi -= 8; - self.regs.rdi -= 8; - } - - self.regs.rcx -= 1; - if self.regs.rcx == 0 { - return true; - } - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); } } else { self.show_instruction(&self.colors.light_cyan, &ins); - let val = self - .maps + } + self.pos += 1; + + assert!(self.cfg.is_64bits); + + let val = self + .maps .read_qword(self.regs.rsi) .expect("cannot read memory"); - self.maps.write_qword(self.regs.rdi, val); - if !self.flags.f_df { - self.regs.rsi += 8; - self.regs.rdi += 8; - } else { - self.regs.rsi -= 8; - self.regs.rdi -= 8; - } + if !self.flags.f_df { + self.regs.rsi += 8; + self.regs.rdi += 8; + } else { + self.regs.rsi -= 8; + self.regs.rdi -= 8; } } Mnemonic::Movsd => { + if ins.op_count() == 2 && (self.get_operand_sz(&ins, 0) == 128 || self.get_operand_sz(&ins, 1) == 128) { @@ -7048,121 +6936,52 @@ impl Emu { dst = (dst & 0xffffffff_ffffffff_00000000_00000000) | src; self.set_operand_xmm_value_128(&ins, 0, dst); + } else { - if self.cfg.is_64bits { - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if self.regs.rcx == 0 { - return true; - } - if !first_iteration { - self.pos += 1; - } + // legacy mode of movsd - let val = self - .maps - .read_dword(self.regs.rsi) - .expect("cannot read memory"); + if self.rep.is_some() { + if self.rep.unwrap() == 0 { + self.show_instruction(&self.colors.light_cyan, &ins); + } + } else { + self.show_instruction(&self.colors.light_cyan, &ins); + } - self.maps.write_dword(self.regs.rdi, val); + if self.cfg.is_64bits { + let val = self + .maps + .read_dword(self.regs.rsi) + .expect("cannot read memory"); - if !self.flags.f_df { - self.regs.rsi += 4; - self.regs.rdi += 4; - } else { - self.regs.rsi -= 4; - self.regs.rdi -= 4; - } + self.maps.write_dword(self.regs.rdi, val); - self.regs.rcx -= 1; - if self.regs.rcx == 0 { - return true; - } - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } - } + if !self.flags.f_df { + self.regs.rsi += 4; + self.regs.rdi += 4; } else { - self.show_instruction(&self.colors.light_cyan, &ins); - let val = self - .maps - .read_dword(self.regs.rsi) - .expect("cannot read memory"); - self.maps.write_dword(self.regs.rdi, val); - if !self.flags.f_df { - self.regs.rsi += 4; - self.regs.rdi += 4; - } else { - self.regs.rsi -= 4; - self.regs.rdi -= 4; - } + self.regs.rsi -= 4; + self.regs.rdi -= 4; } + } else { // 32bits - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if self.regs.get_ecx() == 0 { - return true; - } - if !first_iteration { - self.pos += 1; - } - - let val = match self.maps.read_dword(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read memory at esi"); - return false; - } - }; - self.maps.write_dword(self.regs.get_edi(), val); - - if !self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() + 4); - self.regs.set_edi(self.regs.get_edi() + 4); - } else { - self.regs.set_esi(self.regs.get_esi() - 4); - self.regs.set_edi(self.regs.get_edi() - 4); - } - - self.regs.set_ecx(self.regs.get_ecx() - 1); - if self.regs.get_ecx() == 0 { - return true; - } - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } - } - } else { - self.show_instruction(&self.colors.light_cyan, &ins); - let val = match self.maps.read_dword(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read memory"); - return false; - } - }; - self.maps.write_dword(self.regs.get_edi(), val); - if !self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() + 4); - self.regs.set_edi(self.regs.get_edi() + 4); - } else { - self.regs.set_esi(self.regs.get_esi() - 4); - self.regs.set_edi(self.regs.get_edi() - 4); + let val = match self.maps.read_dword(self.regs.get_esi()) { + Some(v) => v, + None => { + log::info!("cannot read memory at esi"); + return false; } + }; + self.maps.write_dword(self.regs.get_edi(), val); + + if !self.flags.f_df { + self.regs.set_esi(self.regs.get_esi() + 4); + self.regs.set_edi(self.regs.get_edi() + 4); + } else { + self.regs.set_esi(self.regs.get_esi() - 4); + self.regs.set_edi(self.regs.get_edi() - 4); } } } @@ -7644,72 +7463,38 @@ impl Emu { } Mnemonic::Stosb => { - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if !first_iteration { - self.pos += 1; - } - - if self.regs.rcx == 0 { - return true; - } - - if self.cfg.is_64bits { - if !self - .maps - .write_byte(self.regs.rdi, self.regs.get_al() as u8) - { - return false; - } - if self.flags.f_df { - self.regs.rdi -= 1; - } else { - self.regs.rdi += 1; - } - } else { - // 32bits - if !self - .maps - .write_byte(self.regs.get_edi(), self.regs.get_al() as u8) - { - return false; - } - if self.flags.f_df { - self.regs.set_edi(self.regs.get_edi() - 1); - } else { - self.regs.set_edi(self.regs.get_edi() + 1); - } - } + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); + } + } else { + self.show_instruction(&self.colors.light_cyan, &ins); + } - self.regs.rcx -= 1; - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } + if self.cfg.is_64bits { + if !self + .maps + .write_byte(self.regs.rdi, self.regs.get_al() as u8) + { + return false; + } + if self.flags.f_df { + self.regs.rdi -= 1; + } else { + self.regs.rdi += 1; } } else { - if self.cfg.is_64bits { - self.maps - .write_byte(self.regs.rdi, self.regs.get_al() as u8); - if self.flags.f_df { - self.regs.rdi -= 1; - } else { - self.regs.rdi += 1; - } + // 32bits + if !self + .maps + .write_byte(self.regs.get_edi(), self.regs.get_al() as u8) + { + return false; + } + if self.flags.f_df { + self.regs.set_edi(self.regs.get_edi() - 1); } else { - // 32bits - self.maps - .write_byte(self.regs.get_edi(), self.regs.get_al() as u8); - if self.flags.f_df { - self.regs.set_edi(self.regs.get_edi() - 1); - } else { - self.regs.set_edi(self.regs.get_edi() + 1); - } + self.regs.set_edi(self.regs.get_edi() + 1); } } } @@ -7740,130 +7525,71 @@ impl Emu { } Mnemonic::Stosd => { - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if !first_iteration { - self.pos += 1; - } - - if self.regs.rcx == 0 { - return true; - } - - if self.cfg.is_64bits { - if !self - .maps - .write_dword(self.regs.rdi, self.regs.get_eax() as u32) - { - return false; - } - if self.flags.f_df { - self.regs.rdi -= 4; - } else { - self.regs.rdi += 4; - } - } else { - // 32bits - if !self - .maps - .write_dword(self.regs.get_edi(), self.regs.get_eax() as u32) - { - return false; - } - - if self.flags.f_df { - self.regs.set_edi(self.regs.get_edi() - 4); - } else { - self.regs.set_edi(self.regs.get_edi() + 4); - } - } - - self.regs.rcx -= 1; - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); } } else { self.show_instruction(&self.colors.light_cyan, &ins); - if self.cfg.is_64bits { - self.maps - .write_dword(self.regs.rdi, self.regs.get_eax() as u32); + } - if self.flags.f_df { - self.regs.rdi -= 4; - } else { - self.regs.rdi += 4; - } + if self.cfg.is_64bits { + if !self + .maps + .write_dword(self.regs.rdi, self.regs.get_eax() as u32) + { + return false; + } + if self.flags.f_df { + self.regs.rdi -= 4; } else { - // 32bits - self.maps - .write_dword(self.regs.get_edi(), self.regs.get_eax() as u32); + self.regs.rdi += 4; + } + } else { + // 32bits + if !self + .maps + .write_dword(self.regs.get_edi(), self.regs.get_eax() as u32) + { + return false; + } - if self.flags.f_df { - self.regs.set_edi(self.regs.get_edi() - 4); - } else { - self.regs.set_edi(self.regs.get_edi() + 4); - } + if self.flags.f_df { + self.regs.set_edi(self.regs.get_edi() - 4); + } else { + self.regs.set_edi(self.regs.get_edi() + 4); } } } Mnemonic::Stosq => { - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if !first_iteration { - // this is for the diff2.py diffing with gdb that - // unrolls the reps - if self.cfg.verbose > 2 { - log::info!("\t{} rip: 0x{:x}", self.pos, self.regs.rip); - } - } - - self.maps.write_qword(self.regs.rdi, self.regs.rax); - - if self.flags.f_df { - self.regs.rdi -= 8; - } else { - self.regs.rdi += 8; - } + assert!(self.cfg.is_64bits); - self.regs.rcx -= 1; - if self.regs.rcx == 0 { - return true; - } - - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } - self.pos += 1; + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); } } else { self.show_instruction(&self.colors.light_cyan, &ins); + } - self.maps.write_qword(self.regs.rdi, self.regs.rax); + self.maps.write_qword(self.regs.rdi, self.regs.rax); - if self.flags.f_df { - self.regs.rdi -= 8; - } else { - self.regs.rdi += 8; - } + if self.flags.f_df { + self.regs.rdi -= 8; + } else { + self.regs.rdi += 8; } } Mnemonic::Scasb => { - self.show_instruction(&self.colors.light_cyan, &ins); + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); + } + } else { + self.show_instruction(&self.colors.light_cyan, &ins); + } let value0: u64 = match self.maps.read_byte(self.regs.rdi) { Some(value) => value.into(), @@ -7892,7 +7618,13 @@ impl Emu { } Mnemonic::Scasw => { - self.show_instruction(&self.colors.light_cyan, &ins); + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); + } + } else { + self.show_instruction(&self.colors.light_cyan, &ins); + } let value0 = match self.get_operand_value(&ins, 0, true) { Some(v) => v, @@ -7918,7 +7650,13 @@ impl Emu { } Mnemonic::Scasd => { - self.show_instruction(&self.colors.light_cyan, &ins); + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); + } + } else { + self.show_instruction(&self.colors.light_cyan, &ins); + } let value0 = match self.get_operand_value(&ins, 0, true) { Some(v) => v, @@ -7944,7 +7682,13 @@ impl Emu { } Mnemonic::Scasq => { - self.show_instruction(&self.colors.light_cyan, &ins); + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); + } + } else { + self.show_instruction(&self.colors.light_cyan, &ins); + } let value0 = match self.get_operand_value(&ins, 0, true) { Some(v) => v, @@ -8140,648 +7884,275 @@ impl Emu { } Mnemonic::Cmpsq => { - let mut value0: u64; - let mut value1: u64; + let value0: u64; + let value1: u64; - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if !first_iteration { - self.pos += 1; - } + assert!(self.cfg.is_64bits); - if self.cfg.is_64bits { - value0 = match self.maps.read_qword(self.regs.rsi) { - Some(v) => v, - None => { - log::info!("cannot read rsi"); - return false; - } - }; - value1 = match self.maps.read_qword(self.regs.rdi) { - Some(v) => v, - None => { - log::info!("cannot read rdi"); - return false; - } - }; + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); + } + } else { + self.show_instruction(&self.colors.light_cyan, &ins); + } - if self.flags.f_df { - self.regs.rsi -= 8; - self.regs.rdi -= 8; - } else { - self.regs.rsi += 8; - self.regs.rdi += 8; - } - } else { - // 32bits - value0 = match self.maps.read_qword(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read esi"); - return false; - } - }; - value1 = match self.maps.read_qword(self.regs.get_edi()) { - Some(v) => v, - None => { - log::info!("cannot read edi"); - return false; - } - }; + value0 = match self.maps.read_qword(self.regs.rsi) { + Some(v) => v, + None => { + log::info!("cannot read rsi"); + return false; + } + }; + value1 = match self.maps.read_qword(self.regs.rdi) { + Some(v) => v, + None => { + log::info!("cannot read rdi"); + return false; + } + }; - if self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() - 8); - self.regs.set_edi(self.regs.get_edi() - 8); - } else { - self.regs.set_esi(self.regs.get_esi() + 8); - self.regs.set_edi(self.regs.get_edi() + 8); - } - } + if self.flags.f_df { + self.regs.rsi -= 8; + self.regs.rdi -= 8; + } else { + self.regs.rsi += 8; + self.regs.rdi += 8; + } - self.flags.sub64(value0, value1); + self.flags.sub64(value0, value1); - if value0 > value1 { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); - } - return false; - } else if value0 < value1 { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); - } - return false; - } else { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); - } - } + if self.cfg.verbose >= 2 { + if value0 > value1 { + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + } else if value0 < value1 { + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + } else { + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); + } + } + } - self.regs.rcx -= 1; - if self.regs.rcx == 0 { - return true; - } + Mnemonic::Cmpsd => { + let value0: u32; + let value1: u32; - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); } } else { - // not rep + self.show_instruction(&self.colors.light_cyan, &ins); + } - self.show_instruction(&self.colors.orange, &ins); + if self.cfg.is_64bits { + value0 = match self.maps.read_dword(self.regs.rsi) { + Some(v) => v, + None => { + log::info!("cannot read rsi"); + return false; + } + }; + value1 = match self.maps.read_dword(self.regs.rdi) { + Some(v) => v, + None => { + log::info!("cannot read rdi"); + return false; + } + }; - if self.cfg.is_64bits { - value0 = match self.maps.read_qword(self.regs.rsi) { - Some(v) => v, - None => { - log::info!("cannot read rsi"); - return false; - } - }; - value1 = match self.maps.read_qword(self.regs.rdi) { - Some(v) => v, - None => { - log::info!("cannot read rdi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.rsi -= 8; - self.regs.rdi -= 8; - } else { - self.regs.rsi += 8; - self.regs.rdi += 8; - } + if self.flags.f_df { + self.regs.rsi -= 4; + self.regs.rdi -= 4; } else { - // 32bits - value0 = match self.maps.read_qword(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read esi"); - return false; - } - }; - value1 = match self.maps.read_qword(self.regs.get_edi()) { - Some(v) => v, - None => { - log::info!("cannot read edi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() - 8); - self.regs.set_edi(self.regs.get_edi() - 8); - } else { - self.regs.set_esi(self.regs.get_esi() + 8); - self.regs.set_edi(self.regs.get_edi() + 8); - } - } - - self.flags.sub64(value0, value1); - - if self.cfg.verbose >= 2 { - if value0 > value1 { - log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); - } else if value0 < value1 { - log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); - } else { - log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); - } + self.regs.rsi += 4; + self.regs.rdi += 4; } - } - } - - Mnemonic::Cmpsd => { - let mut value0: u32; - let mut value1: u32; - - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if !first_iteration { - self.pos += 1; - } - - if self.cfg.is_64bits { - value0 = match self.maps.read_dword(self.regs.rsi) { - Some(v) => v, - None => { - log::info!("cannot read rsi"); - return false; - } - }; - value1 = match self.maps.read_dword(self.regs.rdi) { - Some(v) => v, - None => { - log::info!("cannot read rdi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.rsi -= 4; - self.regs.rdi -= 4; - } else { - self.regs.rsi += 4; - self.regs.rdi += 4; - } - } else { - // 32bits - value0 = match self.maps.read_dword(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read esi"); - return false; - } - }; - value1 = match self.maps.read_dword(self.regs.get_edi()) { - Some(v) => v, - None => { - log::info!("cannot read edi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() - 4); - self.regs.set_edi(self.regs.get_edi() - 4); - } else { - self.regs.set_esi(self.regs.get_esi() + 4); - self.regs.set_edi(self.regs.get_edi() + 4); - } - } - - self.flags.sub32(value0 as u64, value1 as u64); - - if value0 > value1 { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); - } - return false; - } else if value0 < value1 { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); - } + } else { + // 32bits + value0 = match self.maps.read_dword(self.regs.get_esi()) { + Some(v) => v, + None => { + log::info!("cannot read esi"); return false; - } else { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); - } } - - self.regs.rcx -= 1; - if self.regs.rcx == 0 { - return true; - } - - first_iteration = false; - if rep_step { - self.force_reload = true; - break; + }; + value1 = match self.maps.read_dword(self.regs.get_edi()) { + Some(v) => v, + None => { + log::info!("cannot read edi"); + return false; } - } - } else { - // no rep - - self.show_instruction(&self.colors.light_cyan, &ins); - - if self.cfg.is_64bits { - value0 = match self.maps.read_dword(self.regs.rsi) { - Some(v) => v, - None => { - log::info!("cannot read rsi"); - return false; - } - }; - value1 = match self.maps.read_dword(self.regs.rdi) { - Some(v) => v, - None => { - log::info!("cannot read rdi"); - return false; - } - }; + }; - if self.flags.f_df { - self.regs.rsi -= 4; - self.regs.rdi -= 4; - } else { - self.regs.rsi += 4; - self.regs.rdi += 4; - } + if self.flags.f_df { + self.regs.set_esi(self.regs.get_esi() - 4); + self.regs.set_edi(self.regs.get_edi() - 4); } else { - // 32bits - value0 = match self.maps.read_dword(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read esi"); - return false; - } - }; - value1 = match self.maps.read_dword(self.regs.get_edi()) { - Some(v) => v, - None => { - log::info!("cannot read edi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() - 4); - self.regs.set_edi(self.regs.get_edi() - 4); - } else { - self.regs.set_esi(self.regs.get_esi() + 4); - self.regs.set_edi(self.regs.get_edi() + 4); - } + self.regs.set_esi(self.regs.get_esi() + 4); + self.regs.set_edi(self.regs.get_edi() + 4); } + } - self.flags.sub32(value0 as u64, value1 as u64); + self.flags.sub32(value0 as u64, value1 as u64); - if self.cfg.verbose >= 2 { - if value0 > value1 { - log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); - } else if value0 < value1 { - log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); - } else { - log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); - } + if self.cfg.verbose >= 2 { + if value0 > value1 { + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + } else if value0 < value1 { + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + } else { + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } } } Mnemonic::Cmpsw => { - let mut value0: u16; - let mut value1: u16; + let value0: u16; + let value1: u16; - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if !first_iteration { - self.pos += 1; - } - - if self.cfg.is_64bits { - value0 = match self.maps.read_word(self.regs.rsi) { - Some(v) => v, - None => { - log::info!("cannot read rsi"); - return false; - } - }; - value1 = match self.maps.read_word(self.regs.rdi) { - Some(v) => v, - None => { - log::info!("cannot read rdi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.rsi -= 1; - self.regs.rdi -= 1; - } else { - self.regs.rsi += 1; - self.regs.rdi += 1; - } - } else { - // 32bits - value0 = match self.maps.read_word(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read esi"); - return false; - } - }; - value1 = match self.maps.read_word(self.regs.get_edi()) { - Some(v) => v, - None => { - log::info!("cannot read edi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() - 2); - self.regs.set_edi(self.regs.get_edi() - 2); - } else { - self.regs.set_esi(self.regs.get_esi() + 2); - self.regs.set_edi(self.regs.get_edi() + 2); - } - } - - self.flags.sub16(value0 as u64, value1 as u64); + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); + } + } else { + self.show_instruction(&self.colors.light_cyan, &ins); + } - if value0 > value1 { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); - } - break; - } else if value0 < value1 { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); - } - break; - } else { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); - } + if self.cfg.is_64bits { + value0 = match self.maps.read_word(self.regs.rsi) { + Some(v) => v, + None => { + log::info!("cannot read rsi"); + return false; } - - self.regs.rcx -= 1; - if self.regs.rcx == 0 { - return true; + }; + value1 = match self.maps.read_word(self.regs.rdi) { + Some(v) => v, + None => { + log::info!("cannot read rdi"); + return false; } + }; - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } + if self.flags.f_df { + self.regs.rsi -= 2; + self.regs.rdi -= 2; + } else { + self.regs.rsi += 2; + self.regs.rdi += 2; } } else { - // no rep - - self.show_instruction(&self.colors.light_cyan, &ins); - - if self.cfg.is_64bits { - value0 = match self.maps.read_word(self.regs.rsi) { - Some(v) => v, - None => { - log::info!("cannot read rsi"); - return false; - } - }; - value1 = match self.maps.read_word(self.regs.rdi) { - Some(v) => v, - None => { - log::info!("cannot read rdi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.rsi -= 1; - self.regs.rdi -= 1; - } else { - self.regs.rsi += 1; - self.regs.rdi += 1; + // 32bits + value0 = match self.maps.read_word(self.regs.get_esi()) { + Some(v) => v, + None => { + log::info!("cannot read esi"); + return false; } - } else { - // 32bits - value0 = match self.maps.read_word(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read esi"); - return false; - } - }; - value1 = match self.maps.read_word(self.regs.get_edi()) { - Some(v) => v, - None => { - log::info!("cannot read edi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() - 2); - self.regs.set_edi(self.regs.get_edi() - 2); - } else { - self.regs.set_esi(self.regs.get_esi() + 2); - self.regs.set_edi(self.regs.get_edi() + 2); + }; + value1 = match self.maps.read_word(self.regs.get_edi()) { + Some(v) => v, + None => { + log::info!("cannot read edi"); + return false; } + }; + + if self.flags.f_df { + self.regs.set_esi(self.regs.get_esi() - 2); + self.regs.set_edi(self.regs.get_edi() - 2); + } else { + self.regs.set_esi(self.regs.get_esi() + 2); + self.regs.set_edi(self.regs.get_edi() + 2); } + } - self.flags.sub16(value0 as u64, value1 as u64); + self.flags.sub16(value0 as u64, value1 as u64); - if self.cfg.verbose >= 2 { - if value0 > value1 { - log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); - } else if value0 < value1 { - log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); - } else { - log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); - } + if self.cfg.verbose >= 2 { + if value0 > value1 { + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + } else if value0 < value1 { + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + } else { + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } } } Mnemonic::Cmpsb => { - let mut value0: u8; - let mut value1: u8; - - if ins.has_rep_prefix() { - let mut first_iteration = true; - loop { - if first_iteration || self.cfg.verbose >= 3 { - self.show_instruction(&self.colors.light_cyan, &ins); - } - if !first_iteration { - self.pos += 1; - } - - if self.cfg.is_64bits { - value0 = match self.maps.read_byte(self.regs.rsi) { - Some(v) => v, - None => { - log::info!("cannot read rsi"); - return false; - } - }; - value1 = match self.maps.read_byte(self.regs.rdi) { - Some(v) => v, - None => { - log::info!("cannot read rdi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.rsi -= 1; - self.regs.rdi -= 1; - } else { - self.regs.rsi += 1; - self.regs.rdi += 1; - } - } else { - // 32bits - value0 = match self.maps.read_byte(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read esi"); - return false; - } - }; - value1 = match self.maps.read_byte(self.regs.get_edi()) { - Some(v) => v, - None => { - log::info!("cannot read edi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() - 1); - self.regs.set_edi(self.regs.get_edi() - 1); - } else { - self.regs.set_esi(self.regs.get_esi() + 1); - self.regs.set_edi(self.regs.get_edi() + 1); - } - } // end 32bits + let value0: u8; + let value1: u8; - self.flags.sub8(value0 as u64, value1 as u64); + if self.rep.is_some() { + if self.rep.unwrap() == 0 || self.cfg.verbose >= 3 { + self.show_instruction(&self.colors.light_cyan, &ins); + } + } else { + self.show_instruction(&self.colors.light_cyan, &ins); + } - if value0 > value1 { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); - } - assert!(self.flags.f_zf == false); - break; - //return false; - } else if value0 < value1 { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); - } - assert!(self.flags.f_zf == false); - break; - //return false; - } else { - if self.cfg.verbose >= 2 { - log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); - } - assert!(self.flags.f_zf == true); + if self.cfg.is_64bits { + value0 = match self.maps.read_byte(self.regs.rsi) { + Some(v) => v, + None => { + log::info!("cannot read rsi"); + return false; } - - self.regs.rcx -= 1; - if self.regs.rcx == 0 { - return true; + }; + value1 = match self.maps.read_byte(self.regs.rdi) { + Some(v) => v, + None => { + log::info!("cannot read rdi"); + return false; } + }; - first_iteration = false; - if rep_step { - self.force_reload = true; - break; - } - } // end rep loop + if self.flags.f_df { + self.regs.rsi -= 1; + self.regs.rdi -= 1; + } else { + self.regs.rsi += 1; + self.regs.rdi += 1; + } } else { - // no rep - - self.show_instruction(&self.colors.light_cyan, &ins); - - if self.cfg.is_64bits { - value0 = match self.maps.read_byte(self.regs.rsi) { - Some(v) => v, - None => { - log::info!("cannot read rsi"); - return false; - } - }; - value1 = match self.maps.read_byte(self.regs.rdi) { - Some(v) => v, - None => { - log::info!("cannot read rdi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.rsi -= 1; - self.regs.rdi -= 1; - } else { - self.regs.rsi += 1; - self.regs.rdi += 1; + // 32bits + value0 = match self.maps.read_byte(self.regs.get_esi()) { + Some(v) => v, + None => { + log::info!("cannot read esi"); + return false; } - } else { - // 32bits - value0 = match self.maps.read_byte(self.regs.get_esi()) { - Some(v) => v, - None => { - log::info!("cannot read esi"); - return false; - } - }; - value1 = match self.maps.read_byte(self.regs.get_edi()) { - Some(v) => v, - None => { - log::info!("cannot read edi"); - return false; - } - }; - - if self.flags.f_df { - self.regs.set_esi(self.regs.get_esi() - 1); - self.regs.set_edi(self.regs.get_edi() - 1); - } else { - self.regs.set_esi(self.regs.get_esi() + 1); - self.regs.set_edi(self.regs.get_edi() + 1); + }; + value1 = match self.maps.read_byte(self.regs.get_edi()) { + Some(v) => v, + None => { + log::info!("cannot read edi"); + return false; } + }; + + if self.flags.f_df { + self.regs.set_esi(self.regs.get_esi() - 1); + self.regs.set_edi(self.regs.get_edi() - 1); + } else { + self.regs.set_esi(self.regs.get_esi() + 1); + self.regs.set_edi(self.regs.get_edi() + 1); } + } // end 32bits - self.flags.sub8(value0 as u64, value1 as u64); + self.flags.sub8(value0 as u64, value1 as u64); - if self.cfg.verbose >= 2 { - if value0 > value1 { - log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); - } else if value0 < value1 { - log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); - } else { - log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); - } + if self.cfg.verbose >= 2 { + if value0 > value1 { + log::info!("\tcmp: 0x{:x} > 0x{:x}", value0, value1); + } else if value0 < value1 { + log::info!("\tcmp: 0x{:x} < 0x{:x}", value0, value1); + } else { + log::info!("\tcmp: 0x{:x} == 0x{:x}", value0, value1); } - } + } } //branches: https://web.itu.edu.tr/kesgin/mul06/intel/instr/jxx.html From cdf854b5ef0798caf0d64ffc6e24dda4a259a630 Mon Sep 17 00:00:00 2001 From: sha0coder Date: Wed, 25 Dec 2024 12:47:54 +0100 Subject: [PATCH 37/49] update version --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 71e3c83..33e767f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libscemu" -version = "0.19.2" +version = "0.19.3" edition = "2018" authors = ["sha0coder"] license = "MIT" From 25df7f699b2662a30086aed0410faf1ab07b1248 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Wed, 25 Dec 2024 15:31:37 -0500 Subject: [PATCH 38/49] move emu to mod and fix rep vs repe --- Cargo.toml | 1 - src/config.rs | 2 ++ src/{emu.rs => emu/mod.rs} | 30 +++++++++++++++++++++++++----- 3 files changed, 27 insertions(+), 6 deletions(-) rename src/{emu.rs => emu/mod.rs} (99%) diff --git a/Cargo.toml b/Cargo.toml index 33e767f..99e0a7c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,6 @@ documentation = "https://docs.rs/libscemu/0.4.15/libscemu/" repository = "https://github.com/sha0coder/libscemu" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - [dependencies] iced-x86 = "1.19.0" uint = "0.9.5" diff --git a/src/config.rs b/src/config.rs index cf98027..6f048f0 100644 --- a/src/config.rs +++ b/src/config.rs @@ -18,6 +18,7 @@ pub struct Config { pub console2: bool, pub console_addr: u64, pub entry_point: u64, + pub exit_position: u64, pub code_base_addr: u64, pub is_64bits: bool, // 64bits mode pub stack_trace: bool, @@ -50,6 +51,7 @@ impl Config { console2: false, console_addr: 0, entry_point: 0x3c0000, + exit_position: 0, code_base_addr: 0x3c0000, is_64bits: false, stack_trace: false, diff --git a/src/emu.rs b/src/emu/mod.rs similarity index 99% rename from src/emu.rs rename to src/emu/mod.rs index ed0afe1..7338df4 100644 --- a/src/emu.rs +++ b/src/emu/mod.rs @@ -4671,11 +4671,31 @@ impl Emu { self.rep = Some(rep_count + 1); } } - if ins.has_repe_prefix() && !self.flags.f_zf { - self.rep = None; - } - if ins.has_repne_prefix() && self.flags.f_zf { - self.rep = None; + + let is_string_movement = matches!( + ins.mnemonic(), + Mnemonic::Movsb | Mnemonic::Movsw | Mnemonic::Movsd | Mnemonic::Movsq | + Mnemonic::Stosb | Mnemonic::Stosw | Mnemonic::Stosd | Mnemonic::Stosq | + Mnemonic::Lodsb | Mnemonic::Lodsw | Mnemonic::Lodsd | Mnemonic::Lodsq + ); + + let is_string_comparison = matches!( + ins.mnemonic(), + Mnemonic::Cmpsb | Mnemonic::Cmpsw | Mnemonic::Cmpsd | Mnemonic::Cmpsq | + Mnemonic::Scasb | Mnemonic::Scasw | Mnemonic::Scasd | Mnemonic::Scasq + ); + + if is_string_movement { + + } else if is_string_comparison { + if ins.has_repe_prefix() && !self.flags.f_zf { + self.rep = None; + } + if ins.has_repne_prefix() && self.flags.f_zf { + self.rep = None; + } + } else { + unimplemented!("string instruction not supported"); } } From f075c3c998e35a582df989e225e1e8837f4c7aa9 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Wed, 25 Dec 2024 15:33:12 -0500 Subject: [PATCH 39/49] comment --- src/emu/mod.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/emu/mod.rs b/src/emu/mod.rs index 7338df4..7fd7c33 100644 --- a/src/emu/mod.rs +++ b/src/emu/mod.rs @@ -4672,21 +4672,20 @@ impl Emu { } } + // repe and repe are the same on x86 (0xf3) so you have to check if it is movement or comparison let is_string_movement = matches!( ins.mnemonic(), Mnemonic::Movsb | Mnemonic::Movsw | Mnemonic::Movsd | Mnemonic::Movsq | Mnemonic::Stosb | Mnemonic::Stosw | Mnemonic::Stosd | Mnemonic::Stosq | Mnemonic::Lodsb | Mnemonic::Lodsw | Mnemonic::Lodsd | Mnemonic::Lodsq ); - let is_string_comparison = matches!( ins.mnemonic(), Mnemonic::Cmpsb | Mnemonic::Cmpsw | Mnemonic::Cmpsd | Mnemonic::Cmpsq | Mnemonic::Scasb | Mnemonic::Scasw | Mnemonic::Scasd | Mnemonic::Scasq ); - if is_string_movement { - + // do not clear rep if it is a string movement } else if is_string_comparison { if ins.has_repe_prefix() && !self.flags.f_zf { self.rep = None; From 9bfd59734f49ab99d05e3c8fd3d80ea94abdb45b Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Wed, 25 Dec 2024 15:36:12 -0500 Subject: [PATCH 40/49] add exit logic --- src/emu/mod.rs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/emu/mod.rs b/src/emu/mod.rs index 7fd7c33..e2ac8aa 100644 --- a/src/emu/mod.rs +++ b/src/emu/mod.rs @@ -417,7 +417,6 @@ impl Emu { pub fn init(&mut self, clear_registers: bool, clear_flags: bool) { self.pos = 0; - if !atty::is(Stream::Stdout) { self.cfg.nocolors = true; self.colors.disable(); @@ -4422,6 +4421,12 @@ impl Emu { pub fn step(&mut self) -> bool { self.pos += 1; + // exit + if self.cfg.exit_position != 0 && self.pos == self.cfg.exit_position { + log::info!("exit position reached"); + std::process::exit(0); + } + // code let code = match self.maps.get_mem_by_addr(self.regs.rip) { Some(c) => c, @@ -4437,8 +4442,8 @@ impl Emu { // block let block = code.read_from(self.regs.rip).to_vec(); // reduce code block for more speed - // - // decoder + + // decoder let mut decoder; if self.cfg.is_64bits { decoder = Decoder::with_ip(64, &block, self.regs.rip, DecoderOptions::NONE); From 74df5efc132c62dc4080d9c0f4c45f7dfae77860 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Wed, 25 Dec 2024 15:40:53 -0500 Subject: [PATCH 41/49] add exit logic --- src/emu/mod.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/emu/mod.rs b/src/emu/mod.rs index e2ac8aa..d88d9ec 100644 --- a/src/emu/mod.rs +++ b/src/emu/mod.rs @@ -4550,7 +4550,6 @@ impl Emu { //let mut position:usize = 0; //let mut instruction_bytes:Vec = Vec::new(); - self.rep = None; while decoder.can_decode() { if self.rep.is_none() { @@ -4572,6 +4571,11 @@ impl Emu { self.memory_operations.clear(); self.pos += 1; + if self.cfg.exit_position != 0 && self.pos == self.cfg.exit_position { + log::info!("exit position reached"); + std::process::exit(0); + } + if self.exp == self.pos || self.pos == self.bp.get_instruction() || self.bp.get_bp() == addr From 970d5a45633435a4c2348f66ebc3de7856a2f0b1 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Wed, 25 Dec 2024 15:58:24 -0500 Subject: [PATCH 42/49] add8 change? --- src/emu/flags.rs | 29 +++++++++++++++++++---------- src/emu/mod.rs | 44 +++++++++++++++++++++++--------------------- 2 files changed, 42 insertions(+), 31 deletions(-) diff --git a/src/emu/flags.rs b/src/emu/flags.rs index 1239ccc..44c74e5 100644 --- a/src/emu/flags.rs +++ b/src/emu/flags.rs @@ -396,17 +396,26 @@ impl Flags { } pub fn add8(&mut self, value1: u64, value2: u64) -> u64 { - let unsigned: u16 = value1 as u8 as u16 + value2 as u8 as u16; - - self.f_sf = (unsigned as i8) < 0; - self.f_zf = (unsigned & 0xff) == 0; - self.calc_pf(unsigned as u8); - let (result, carry) = (value2 as u8).overflowing_add(value1 as u8); - let (_, overflow) = (value2 as u8 as i8).overflowing_add(value1 as u8 as i8); - self.f_of = overflow; - self.f_cf = carry; + // First add the values as u8s + let first_result = (value1 as u8).wrapping_add(value2 as u8); + // Then add carry into that result + let result = first_result; + + // Check carry from first addition + let (_, first_carry) = (value2 as u8).overflowing_add(value1 as u8); + // Check carry from carry addition + self.f_cf = first_carry; + + // Similar for overflow - we need to check both steps + let (_, first_overflow) = (value2 as u8 as i8).overflowing_add(value1 as u8 as i8); + self.f_of = first_overflow; + + // Rest of flags based on final result + self.f_sf = (result as i8) < 0; + self.f_zf = result == 0; + self.calc_pf(result); self.calc_af(value1, value2, result as u64, 8); - + result as u64 } diff --git a/src/emu/mod.rs b/src/emu/mod.rs index d88d9ec..a8f4f5b 100644 --- a/src/emu/mod.rs +++ b/src/emu/mod.rs @@ -5142,35 +5142,37 @@ impl Emu { Mnemonic::Adc => { self.show_instruction(&self.colors.cyan, &ins); - + assert!(ins.op_count() == 2); - - let cf: u64; - if self.flags.f_cf { - cf = 1 - } else { - cf = 0; - } - - let value0 = match self.get_operand_value(&ins, 0, true) { + + // Get current carry flag value + let cf = if self.flags.f_cf { 1 } else { 0 }; + + // Get the size first to ensure consistent handling + let size = self.get_operand_sz(&ins, 1); + + // Get destination value (first operand) + let dest = match self.get_operand_value(&ins, 0, true) { Some(v) => v, None => return false, }; - - let value1 = match self.get_operand_value(&ins, 1, true) { + + // Get source value (second operand) + let src = match self.get_operand_value(&ins, 1, true) { Some(v) => v, None => return false, }; - - let res: u64; - match self.get_operand_sz(&ins, 1) { - 64 => res = self.flags.add64(value0, value1 + cf), - 32 => res = self.flags.add32(value0, value1 + cf), - 16 => res = self.flags.add16(value0, value1 + cf), - 8 => res = self.flags.add8(value0, value1 + cf), + + // Do the addition with carry + let res = match size { + 64 => self.flags.add64(dest, src + cf), + 32 => self.flags.add32(dest, src + cf), + 16 => self.flags.add16(dest, src + cf), + 8 => self.flags.add8(dest, src + cf), _ => unreachable!("weird size"), - } - + }; + + // Set the result if !self.set_operand_value(&ins, 0, res) { return false; } From 3a8dd4b7f3aa6f6686a3ae4c428ed764d838f9df Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Wed, 25 Dec 2024 16:07:33 -0500 Subject: [PATCH 43/49] needs to be a separate flag? --- src/emu/flags.rs | 25 ++++++++++++------------- src/emu/mod.rs | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 25 deletions(-) diff --git a/src/emu/flags.rs b/src/emu/flags.rs index 44c74e5..d2eff67 100644 --- a/src/emu/flags.rs +++ b/src/emu/flags.rs @@ -395,20 +395,19 @@ impl Flags { result as u64 } - pub fn add8(&mut self, value1: u64, value2: u64) -> u64 { - // First add the values as u8s - let first_result = (value1 as u8).wrapping_add(value2 as u8); - // Then add carry into that result - let result = first_result; - - // Check carry from first addition - let (_, first_carry) = (value2 as u8).overflowing_add(value1 as u8); - // Check carry from carry addition - self.f_cf = first_carry; + pub fn add8(&mut self, value1: u64, value2: u64, input_cf: bool) -> u64 { + // Do full addition including carry + let result = (value1 as u8).wrapping_add(value2 as u8).wrapping_add(if input_cf { 1 } else { 0 }); + + // Check carry by doing additions step by step + let (temp, first_carry) = (value2 as u8).overflowing_add(value1 as u8); + let (_, second_carry) = temp.overflowing_add(if input_cf { 1 } else { 0 }); + self.f_cf = first_carry || second_carry; - // Similar for overflow - we need to check both steps - let (_, first_overflow) = (value2 as u8 as i8).overflowing_add(value1 as u8 as i8); - self.f_of = first_overflow; + // Similar for overflow + let (temp_s, first_overflow) = (value2 as u8 as i8).overflowing_add(value1 as u8 as i8); + let (_, second_overflow) = temp_s.overflowing_add(if input_cf { 1 } else { 0 }); + self.f_of = first_overflow || second_overflow; // Rest of flags based on final result self.f_sf = (result as i8) < 0; diff --git a/src/emu/mod.rs b/src/emu/mod.rs index a8f4f5b..eb18cc9 100644 --- a/src/emu/mod.rs +++ b/src/emu/mod.rs @@ -5128,10 +5128,10 @@ impl Emu { }; let res: u64 = match self.get_operand_sz(&ins, 1) { - 64 => self.flags.add64(value0, value1), - 32 => self.flags.add32(value0, value1), - 16 => self.flags.add16(value0, value1), - 8 => self.flags.add8(value0, value1), + 64 => self.flags.add64(value0, value1), // TODO: cf as separate argument + 32 => self.flags.add32(value0, value1), // TODO: cf as separate argument + 16 => self.flags.add16(value0, value1), // TODO: cf as separate argument + 8 => self.flags.add8(value0, value1, self.flags.f_cf), _ => unreachable!("weird size"), }; @@ -5165,10 +5165,10 @@ impl Emu { // Do the addition with carry let res = match size { - 64 => self.flags.add64(dest, src + cf), - 32 => self.flags.add32(dest, src + cf), - 16 => self.flags.add16(dest, src + cf), - 8 => self.flags.add8(dest, src + cf), + 64 => self.flags.add64(dest, src + cf), // TODO: cf as separate argument + 32 => self.flags.add32(dest, src + cf), // TODO: cf as separate argument + 16 => self.flags.add16(dest, src + cf), // TODO: cf as separate argument + 8 => self.flags.add8(dest, src, self.flags.f_cf), _ => unreachable!("weird size"), }; @@ -6588,10 +6588,10 @@ impl Emu { } let res: u64 = match self.get_operand_sz(&ins, 1) { - 64 => self.flags.add64(value0, value1), - 32 => self.flags.add32(value0, value1), - 16 => self.flags.add16(value0, value1), - 8 => self.flags.add8(value0, value1), + 64 => self.flags.add64(value0, value1), // TODO: cf as separate argument + 32 => self.flags.add32(value0, value1), // TODO: cf as separate argument + 16 => self.flags.add16(value0, value1), // TODO: cf as separate argument + 8 => self.flags.add8(value0, value1, self.flags.f_cf), _ => unreachable!("weird size"), }; From eebe094b391f391ece9d5a9b969570671f5dcb27 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Wed, 25 Dec 2024 16:40:26 -0500 Subject: [PATCH 44/49] add8 adc did not work --- src/emu/flags.rs | 30 +++++++++--------------- src/emu/mod.rs | 60 +++++++++++++++++++++++------------------------- 2 files changed, 40 insertions(+), 50 deletions(-) diff --git a/src/emu/flags.rs b/src/emu/flags.rs index d2eff67..1239ccc 100644 --- a/src/emu/flags.rs +++ b/src/emu/flags.rs @@ -395,26 +395,18 @@ impl Flags { result as u64 } - pub fn add8(&mut self, value1: u64, value2: u64, input_cf: bool) -> u64 { - // Do full addition including carry - let result = (value1 as u8).wrapping_add(value2 as u8).wrapping_add(if input_cf { 1 } else { 0 }); - - // Check carry by doing additions step by step - let (temp, first_carry) = (value2 as u8).overflowing_add(value1 as u8); - let (_, second_carry) = temp.overflowing_add(if input_cf { 1 } else { 0 }); - self.f_cf = first_carry || second_carry; - - // Similar for overflow - let (temp_s, first_overflow) = (value2 as u8 as i8).overflowing_add(value1 as u8 as i8); - let (_, second_overflow) = temp_s.overflowing_add(if input_cf { 1 } else { 0 }); - self.f_of = first_overflow || second_overflow; - - // Rest of flags based on final result - self.f_sf = (result as i8) < 0; - self.f_zf = result == 0; - self.calc_pf(result); + pub fn add8(&mut self, value1: u64, value2: u64) -> u64 { + let unsigned: u16 = value1 as u8 as u16 + value2 as u8 as u16; + + self.f_sf = (unsigned as i8) < 0; + self.f_zf = (unsigned & 0xff) == 0; + self.calc_pf(unsigned as u8); + let (result, carry) = (value2 as u8).overflowing_add(value1 as u8); + let (_, overflow) = (value2 as u8 as i8).overflowing_add(value1 as u8 as i8); + self.f_of = overflow; + self.f_cf = carry; self.calc_af(value1, value2, result as u64, 8); - + result as u64 } diff --git a/src/emu/mod.rs b/src/emu/mod.rs index eb18cc9..d88d9ec 100644 --- a/src/emu/mod.rs +++ b/src/emu/mod.rs @@ -5128,10 +5128,10 @@ impl Emu { }; let res: u64 = match self.get_operand_sz(&ins, 1) { - 64 => self.flags.add64(value0, value1), // TODO: cf as separate argument - 32 => self.flags.add32(value0, value1), // TODO: cf as separate argument - 16 => self.flags.add16(value0, value1), // TODO: cf as separate argument - 8 => self.flags.add8(value0, value1, self.flags.f_cf), + 64 => self.flags.add64(value0, value1), + 32 => self.flags.add32(value0, value1), + 16 => self.flags.add16(value0, value1), + 8 => self.flags.add8(value0, value1), _ => unreachable!("weird size"), }; @@ -5142,37 +5142,35 @@ impl Emu { Mnemonic::Adc => { self.show_instruction(&self.colors.cyan, &ins); - + assert!(ins.op_count() == 2); - - // Get current carry flag value - let cf = if self.flags.f_cf { 1 } else { 0 }; - - // Get the size first to ensure consistent handling - let size = self.get_operand_sz(&ins, 1); - - // Get destination value (first operand) - let dest = match self.get_operand_value(&ins, 0, true) { + + let cf: u64; + if self.flags.f_cf { + cf = 1 + } else { + cf = 0; + } + + let value0 = match self.get_operand_value(&ins, 0, true) { Some(v) => v, None => return false, }; - - // Get source value (second operand) - let src = match self.get_operand_value(&ins, 1, true) { + + let value1 = match self.get_operand_value(&ins, 1, true) { Some(v) => v, None => return false, }; - - // Do the addition with carry - let res = match size { - 64 => self.flags.add64(dest, src + cf), // TODO: cf as separate argument - 32 => self.flags.add32(dest, src + cf), // TODO: cf as separate argument - 16 => self.flags.add16(dest, src + cf), // TODO: cf as separate argument - 8 => self.flags.add8(dest, src, self.flags.f_cf), + + let res: u64; + match self.get_operand_sz(&ins, 1) { + 64 => res = self.flags.add64(value0, value1 + cf), + 32 => res = self.flags.add32(value0, value1 + cf), + 16 => res = self.flags.add16(value0, value1 + cf), + 8 => res = self.flags.add8(value0, value1 + cf), _ => unreachable!("weird size"), - }; - - // Set the result + } + if !self.set_operand_value(&ins, 0, res) { return false; } @@ -6588,10 +6586,10 @@ impl Emu { } let res: u64 = match self.get_operand_sz(&ins, 1) { - 64 => self.flags.add64(value0, value1), // TODO: cf as separate argument - 32 => self.flags.add32(value0, value1), // TODO: cf as separate argument - 16 => self.flags.add16(value0, value1), // TODO: cf as separate argument - 8 => self.flags.add8(value0, value1, self.flags.f_cf), + 64 => self.flags.add64(value0, value1), + 32 => self.flags.add32(value0, value1), + 16 => self.flags.add16(value0, value1), + 8 => self.flags.add8(value0, value1), _ => unreachable!("weird size"), }; From 8e902af69a71439c3be2d4375251dbafb6d1074a Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Wed, 25 Dec 2024 17:22:22 -0500 Subject: [PATCH 45/49] adc change? --- src/emu/mod.rs | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/src/emu/mod.rs b/src/emu/mod.rs index d88d9ec..dfdb11f 100644 --- a/src/emu/mod.rs +++ b/src/emu/mod.rs @@ -5162,15 +5162,21 @@ impl Emu { None => return false, }; + let rflags = self.flags.dump(); + log::info!("DEBUG: adc value0: 0x{:x}, value1: 0x{:x}, cf: 0x{:x}, rflags: 0x{:x}", value0, value1, cf, rflags); + let res: u64; match self.get_operand_sz(&ins, 1) { - 64 => res = self.flags.add64(value0, value1 + cf), - 32 => res = self.flags.add32(value0, value1 + cf), - 16 => res = self.flags.add16(value0, value1 + cf), - 8 => res = self.flags.add8(value0, value1 + cf), + 64 => res = self.flags.add64(value0, value1.wrapping_add(cf)), + 32 => res = self.flags.add32(value0, (value1 & 0xffffffff).wrapping_add(cf)), + 16 => res = self.flags.add16(value0, (value1 & 0xffff).wrapping_add(cf)), + 8 => res = self.flags.add8(value0, (value1 & 0xff).wrapping_add(cf)), _ => unreachable!("weird size"), } + let rflags = self.flags.dump(); + log::info!("DEBUG: adc res: 0x{:x}, rflags: 0x{:x}", res, rflags); + if !self.set_operand_value(&ins, 0, res) { return false; } @@ -5197,9 +5203,9 @@ impl Emu { let sz = self.get_operand_sz(&ins, 1); match sz { 64 => res = self.flags.sub64(value0, value1.wrapping_add(cf)), - 32 => res = self.flags.sub32(value0, value1.wrapping_add(cf)), - 16 => res = self.flags.sub16(value0, value1.wrapping_add(cf)), - 8 => res = self.flags.sub8(value0, value1.wrapping_add(cf)), + 32 => res = self.flags.sub32(value0, (value1 & 0xffffffff).wrapping_add(cf)), + 16 => res = self.flags.sub16(value0, (value1 & 0xffff).wrapping_add(cf)), + 8 => res = self.flags.sub8(value0, (value1 & 0xff).wrapping_add(cf)), _ => panic!("weird size"), } From 38f5df8bdee39400830b36d54d6ff0415cafb217 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Thu, 26 Dec 2024 11:44:37 -0500 Subject: [PATCH 46/49] fix add8 --- src/emu/flags.rs | 246 ++++++++++++++++++++++++++++++++-------------- src/emu/mod.rs | 75 +++++--------- src/emu/regs64.rs | 2 +- 3 files changed, 198 insertions(+), 125 deletions(-) diff --git a/src/emu/flags.rs b/src/emu/flags.rs index 1239ccc..42aeac2 100644 --- a/src/emu/flags.rs +++ b/src/emu/flags.rs @@ -86,14 +86,6 @@ impl Flags { } } - pub fn diff(rip: u64, pos: u64, a: Flags, b: Flags) -> String { - let mut output = String::new(); - if a.dump() != b.dump() { - output = format!("rflags: {:x} -> {:x}; ", a.dump(), b.dump()); - } - output - } - pub fn clear(&mut self) { self.f_cf = false; self.f_pf = false; @@ -139,6 +131,83 @@ impl Flags { log::info!("---"); } + pub fn diff(a: Flags, b: Flags) -> String { + let mut output = String::new(); + // f_cf + if a.f_cf != b.f_cf { + output = format!("{}{}: {} -> {} ", output, "cf", a.f_cf, b.f_cf); + } + // f_pf + if a.f_pf != b.f_pf { + output = format!("{}{}: {} -> {} ", output, "pf", a.f_pf, b.f_pf); + } + // f_af + if a.f_af != b.f_af { + output = format!("{}{}: {} -> {} ", output, "af", a.f_af, b.f_af); + } + // f_zf + if a.f_zf != b.f_zf { + output = format!("{}{}: {} -> {} ", output, "zf", a.f_zf, b.f_zf); + } + // f_sf + if a.f_sf != b.f_sf { + output = format!("{}{}: {} -> {} ", output, "sf", a.f_sf, b.f_sf); + } + // f_tf + if a.f_tf != b.f_tf { + output = format!("{}{}: {} -> {} ", output, "tf", a.f_tf, b.f_tf); + } + // f_if + if a.f_if != b.f_if { + output = format!("{}{}: {} -> {} ", output, "if", a.f_if, b.f_if); + } + // f_df + if a.f_df != b.f_df { + output = format!("{}{}: {} -> {} ", output, "df", a.f_df, b.f_df); + } + // f_of + if a.f_of != b.f_of { + output = format!("{}{}: {} -> {} ", output, "of", a.f_of, b.f_of); + } + // f_iopl1 + if a.f_iopl1 != b.f_iopl1 { + output = format!("{}{}: {} -> {} ", output, "iopl1", a.f_iopl1, b.f_iopl1); + } + // f_iopl2 + if a.f_iopl2 != b.f_iopl2 { + output = format!("{}{}: {} -> {} ", output, "iopl2", a.f_iopl2, b.f_iopl2); + } + // f_nt + if a.f_nt != b.f_nt { + output = format!("{}{}: {} -> {} ", output, "nt", a.f_nt, b.f_nt); + } + // f_rf + if a.f_rf != b.f_rf { + output = format!("{}{}: {} -> {} ", output, "rf", a.f_rf, b.f_rf); + } + // f_vm + if a.f_vm != b.f_vm { + output = format!("{}{}: {} -> {} ", output, "vm", a.f_vm, b.f_vm); + } + // f_ac + if a.f_ac != b.f_ac { + output = format!("{}{}: {} -> {} ", output, "ac", a.f_ac, b.f_ac); + } + // f_vif + if a.f_vif != b.f_vif { + output = format!("{}{}: {} -> {} ", output, "vif", a.f_vif, b.f_vif); + } + // f_vip + if a.f_vip != b.f_vip { + output = format!("{}{}: {} -> {} ", output, "vip", a.f_vip, b.f_vip); + } + // f_id + if a.f_id != b.f_id { + output = format!("{}{}: {} -> {} ", output, "id", a.f_id, b.f_id); + } + output + } + pub fn dump(&self) -> u32 { let mut flags: u32 = 0; @@ -336,77 +405,106 @@ impl Flags { //self.f_af = (value1 & 0x0f) + (value2 & 0x0f) > 0x09; } - - - pub fn add64(&mut self, value1: u64, value2: u64) -> u64 { - let unsigned: u128 = value1 as u128 + value2 as u128; - - self.f_sf = (unsigned as i64) < 0; - self.f_zf = (unsigned & 0xffffffff_ffffffff) == 0; - //self.f_pf = (unsigned & 0xff) % 2 == 0; - self.calc_pf(unsigned as u8); - let (result, carry) = (value2).overflowing_add(value1); - let (_, overflow) = (value2 as i64).overflowing_add(value1 as i64); - self.f_of = overflow; - self.f_cf = carry; - self.calc_af(value1, value2, result, 64); + pub fn add64(&mut self, value1: u64, value2: u64, cf: bool, include_carry: bool) -> u64 { + let v1 = value1; + let v2 = value2; + let c = if include_carry { cf as u64 } else { 0 }; - /* - let low_nibble_value1 = value1 & 0xf; - let low_nibble_value2 = value2 & 0xf; - self.f_af = (low_nibble_value1 > 0x7) && (low_nibble_value2 > 0x7); - */ - + let result = v1.wrapping_add(v2).wrapping_add(c); + let sum = v1 as u128 + v2 as u128 + c as u128; + + self.f_cf = sum > 0xFFFFFFFFFFFFFFFF; + self.f_sf = (result as i64) < 0; + self.f_zf = result == 0; + self.calc_pf(result as u8); + + let sign1 = (v1 >> 63) & 1; + let sign2 = (v2 >> 63) & 1; + let signr = (result >> 63) & 1; + self.f_of = (sign1 == sign2) && (sign1 != signr); + + self.calc_af(v1, v2, result, 64); result } - - pub fn add32(&mut self, value1: u64, value2: u64) -> u64 { - let unsigned: u64 = value1 + value2; - - self.f_sf = (unsigned as i32) < 0; - self.f_zf = (unsigned & 0xffffffff) == 0; - //self.f_pf = (unsigned & 0xff) % 2 == 0; - self.calc_pf(unsigned as u8); - let (result, carry) = (value2 as u32).overflowing_add(value1 as u32); - let (_, overflow) = (value2 as u32 as i32).overflowing_add(value1 as u32 as i32); - self.f_of = overflow; - self.f_cf = carry; - self.calc_af(value1, value2, result as u64, 32); - + + pub fn add32(&mut self, value1: u32, value2: u32, cf: bool, include_carry: bool) -> u64 { + let result = if include_carry { + value1.wrapping_add(value2).wrapping_add(cf as u32) + } else { + value1.wrapping_add(value2) + }; + + let sum = if include_carry { + value1 as u64 + value2 as u64 + cf as u64 + } else { + value1 as u64 + value2 as u64 + }; + + self.f_cf = sum > 0xFFFFFFFF; + self.f_sf = (result as i32) < 0; + self.f_zf = result == 0; + self.calc_pf(result as u8); + + let sign1 = (value1 >> 31) & 1; + let sign2 = (value2 >> 31) & 1; + let signr = (result >> 31) & 1; + self.f_of = (sign1 == sign2) && (sign1 != signr); + + self.calc_af(value1 as u64, value2 as u64, result as u64, 32); result as u64 - } - - pub fn add16(&mut self, value1: u64, value2: u64) -> u64 { - if value1 > 0xffff || value2 > 0xffff { - panic!("add16 with a bigger precision"); - } - - let unsigned: u32 = value1 as u32 + value2 as u32; - - self.f_sf = (unsigned as i16) < 0; - self.f_zf = (unsigned & 0xffff) == 0; - self.calc_pf(unsigned as u8); - let (result, carry) = (value2 as u16).overflowing_add(value1 as u16); - let (_, overflow) = (value2 as u16 as i16).overflowing_add(value1 as u16 as i16); - self.f_of = overflow; - self.f_cf = carry; - self.calc_af(value1, value2, result as u64, 16); - + } + + pub fn add16(&mut self, value1: u16, value2: u16, cf: bool, include_carry: bool) -> u64 { + let result = if include_carry { + value1.wrapping_add(value2).wrapping_add(cf as u16) + } else { + value1.wrapping_add(value2) + }; + + let sum = if include_carry { + value1 as u32 + value2 as u32 + cf as u32 + } else { + value1 as u32 + value2 as u32 + }; + + self.f_cf = sum > 0xFFFF; + self.f_sf = (result as i16) < 0; + self.f_zf = result == 0; + self.calc_pf(result as u8); + + let sign1 = (value1 >> 15) & 1; + let sign2 = (value2 >> 15) & 1; + let signr = (result >> 15) & 1; + self.f_of = (sign1 == sign2) && (sign1 != signr); + + self.calc_af(value1 as u64, value2 as u64, result as u64, 16); result as u64 - } - - pub fn add8(&mut self, value1: u64, value2: u64) -> u64 { - let unsigned: u16 = value1 as u8 as u16 + value2 as u8 as u16; - - self.f_sf = (unsigned as i8) < 0; - self.f_zf = (unsigned & 0xff) == 0; - self.calc_pf(unsigned as u8); - let (result, carry) = (value2 as u8).overflowing_add(value1 as u8); - let (_, overflow) = (value2 as u8 as i8).overflowing_add(value1 as u8 as i8); - self.f_of = overflow; - self.f_cf = carry; - self.calc_af(value1, value2, result as u64, 8); - + } + + pub fn add8(&mut self, value1: u8, value2: u8, cf: bool, include_carry: bool) -> u64 { + let result = if include_carry { + value1.wrapping_add(value2).wrapping_add(cf as u8) + } else { + value1.wrapping_add(value2) + }; + + let sum = if include_carry { + value1 as u16 + value2 as u16 + cf as u16 + } else { + value1 as u16 + value2 as u16 + }; + + self.f_cf = sum > 0xFF; + self.f_sf = (result as i8) < 0; + self.f_zf = result == 0; + self.calc_pf(result as u8); + + let sign1 = (value1 >> 7) & 1; + let sign2 = (value2 >> 7) & 1; + let signr = (result >> 7) & 1; + self.f_of = (sign1 == sign2) && (sign1 != signr); + + self.calc_af(value1 as u64, value2 as u64, result as u64, 8); result as u64 } diff --git a/src/emu/mod.rs b/src/emu/mod.rs index dfdb11f..ca5e312 100644 --- a/src/emu/mod.rs +++ b/src/emu/mod.rs @@ -4264,35 +4264,16 @@ impl Emu { } pub fn write_to_trace_file(&mut self) { - // 00,00007FFBEF4E5FF0,EB 08,jmp 7FFBEF4E5FFA,rax: 7FFBEF4E5FF0-> 7FFBEF4E5FF0 rbx: 7FFE0385-> 7FFE0385 rcx: 7FFBEE4B0000-> 7FFBEE4B0000 rdx: 1-> 1 rsp: 98EB5DDFF8-> 98EB5DDFF8 rbp: 98EB5DE338-> 98EB5DE338 rsi: 1-> 1 rdi: 7FFE0384-> 7FFE0384 r8: 0-> 0 r9: 0-> 0 r10: A440AE23305F3A70-> A440AE23305F3A70 r11: 98EB5DE068-> 98EB5DE068 r12: 7FFBEF4E5FF0-> 7FFBEF4E5FF0 r13: 1FC18C72DC0-> 1FC18C72DC0 r14: 7FFBEE4B0000-> 7FFBEE4B0000 r15: 0-> 0 rflags: 344-> 246,,OptionalHeader.AddressOfEntryPoint - // 01,00007FFBEF4E5FFA,50,push rax,rsp: 98EB5DDFF8-> 98EB5DDFF0,00000098EB5DDFF0: 7FFC65FF8B8F-> 7FFBEF4E5FF0,rax:GetMsgProc+102D07D let index = self.pos - 1; let instruction = self.instruction.unwrap(); let instruction_bytes = &self.instruction_bytes; + let mut comments = String::new(); + // dump all registers on first, only differences on next let mut registers = String::new(); if index == 0 { - /* - rax: 7FFBEF4E5FF0->7FFBEF4E5FF0 - rbx: 7FFE0385->7FFE0385 - rcx: 7FFBEE4B0000->7FFBEE4B0000 - rdx: 1->1 - rsp: 98EB5DDFF8->98EB5DDFF8 - rbp: 98EB5DE338->98EB5DE338 - rsi: 1->1 - rdi: 7FFE0384->7FFE0384 - r8: 0->0 - r9: 0->0 - r10: A440AE23305F3A70->A440AE23305F3A70 - r11: 98EB5DE068->98EB5DE068 - r12: 7FFBEF4E5FF0->7FFBEF4E5FF0 - r13: 1FC18C72DC0->1FC18C72DC0 - r14: 7FFBEE4B0000->7FFBEE4B0000 - r15: 0->0 - rflags: 344->246 - */ registers = format!("{} rax: {:x}-> {:x}", registers, self.pre_op_regs.rax, self.post_op_regs.rax); registers = format!("{} rbx: {:x}-> {:x}", registers, self.pre_op_regs.rbx, self.post_op_regs.rbx); registers = format!("{} rcx: {:x}-> {:x}", registers, self.pre_op_regs.rcx, self.post_op_regs.rcx); @@ -4311,28 +4292,28 @@ impl Emu { registers = format!("{} r15: {:x}-> {:x}", registers, self.pre_op_regs.r15, self.post_op_regs.r15); } else { registers = Regs64::diff( - self.pre_op_regs.rip, - self.pos - 1, self.pre_op_regs, self.post_op_regs, ); } let mut flags = String::new(); + // dump all flags on first, only differences on next if index == 0 { flags = format!("rflags: {:x}-> {:x}", self.pre_op_flags.dump(), self.post_op_flags.dump()); } else { if self.pre_op_flags.dump() != self.post_op_flags.dump() { flags = format!("rflags: {:x}-> {:x}", self.pre_op_flags.dump(), self.post_op_flags.dump()); + comments = format!("{} {}", comments, Flags::diff(self.pre_op_flags, self.post_op_flags)); } } + // dump all write memory operations let mut memory = String::new(); for memory_op in self.memory_operations.iter() { if memory_op.op == "read" { continue; } - // 00000098EB5DDFF0: 7FFC65FF8B8F-> 7FFBEF4E5FF0 memory = format!("{} {:016X}: {:X}-> {:X}", memory, memory_op.address, memory_op.old_value, memory_op.new_value); } @@ -4346,7 +4327,7 @@ impl Emu { disassembly = self.out, registers = format!("{} {}", registers, flags), memory = memory, - comments = "" + comments = comments ).expect("failed to write to trace file"); } @@ -5128,10 +5109,10 @@ impl Emu { }; let res: u64 = match self.get_operand_sz(&ins, 1) { - 64 => self.flags.add64(value0, value1), - 32 => self.flags.add32(value0, value1), - 16 => self.flags.add16(value0, value1), - 8 => self.flags.add8(value0, value1), + 64 => self.flags.add64(value0, value1, self.flags.f_cf, false), + 32 => self.flags.add32((value0 & 0xffffffff) as u32, (value1 & 0xffffffff) as u32, self.flags.f_cf, false), + 16 => self.flags.add16((value0 & 0xffff) as u16, (value1 & 0xffff) as u16, self.flags.f_cf, false), + 8 => self.flags.add8((value0 & 0xff) as u8, (value1 & 0xff) as u8, self.flags.f_cf, false), _ => unreachable!("weird size"), }; @@ -5145,12 +5126,7 @@ impl Emu { assert!(ins.op_count() == 2); - let cf: u64; - if self.flags.f_cf { - cf = 1 - } else { - cf = 0; - } + let cf = self.flags.f_cf as u64; let value0 = match self.get_operand_value(&ins, 0, true) { Some(v) => v, @@ -5162,20 +5138,19 @@ impl Emu { None => return false, }; - let rflags = self.flags.dump(); - log::info!("DEBUG: adc value0: 0x{:x}, value1: 0x{:x}, cf: 0x{:x}, rflags: 0x{:x}", value0, value1, cf, rflags); + let in_rflags = self.flags.clone(); + log::info!("DEBUG: in: adc value0: 0x{:x}, value1: 0x{:x}, cf: 0x{:x}, rflags: 0x{:x}", value0, value1, cf, in_rflags.dump()); - let res: u64; - match self.get_operand_sz(&ins, 1) { - 64 => res = self.flags.add64(value0, value1.wrapping_add(cf)), - 32 => res = self.flags.add32(value0, (value1 & 0xffffffff).wrapping_add(cf)), - 16 => res = self.flags.add16(value0, (value1 & 0xffff).wrapping_add(cf)), - 8 => res = self.flags.add8(value0, (value1 & 0xff).wrapping_add(cf)), + let res = match self.get_operand_sz(&ins, 1) { + 64 => self.flags.add64(value0, value1, self.flags.f_cf, true), + 32 => self.flags.add32((value0 & 0xffffffff) as u32, (value1 & 0xffffffff) as u32, self.flags.f_cf, true), + 16 => self.flags.add16((value0 & 0xffff) as u16, (value1 & 0xffff) as u16, self.flags.f_cf, true), + 8 => self.flags.add8((value0 & 0xff) as u8, (value1 & 0xff) as u8, self.flags.f_cf, true), _ => unreachable!("weird size"), - } + }; - let rflags = self.flags.dump(); - log::info!("DEBUG: adc res: 0x{:x}, rflags: 0x{:x}", res, rflags); + let out_rflags = self.flags.clone(); + log::info!("DEBUG: out: adc res: 0x{:x}, rflags: 0x{:x} diff: {}", res, out_rflags.dump(), Flags::diff(in_rflags, out_rflags)); if !self.set_operand_value(&ins, 0, res) { return false; @@ -6592,10 +6567,10 @@ impl Emu { } let res: u64 = match self.get_operand_sz(&ins, 1) { - 64 => self.flags.add64(value0, value1), - 32 => self.flags.add32(value0, value1), - 16 => self.flags.add16(value0, value1), - 8 => self.flags.add8(value0, value1), + 64 => self.flags.add64(value0, value1, self.flags.f_cf, false), + 32 => self.flags.add32((value0 & 0xffffffff) as u32, (value1 & 0xffffffff) as u32, self.flags.f_cf, false), + 16 => self.flags.add16((value0 & 0xffff) as u16, (value1 & 0xffff) as u16, self.flags.f_cf, false), + 8 => self.flags.add8((value0 & 0xff) as u8, (value1 & 0xff) as u8, self.flags.f_cf, false), _ => unreachable!("weird size"), }; diff --git a/src/emu/regs64.rs b/src/emu/regs64.rs index 495e0f5..4bc2e30 100644 --- a/src/emu/regs64.rs +++ b/src/emu/regs64.rs @@ -268,7 +268,7 @@ impl Regs64 { } } - pub fn diff(rip: u64, pos: u64, a: Regs64, b: Regs64) -> String { + pub fn diff(a: Regs64, b: Regs64) -> String { let mut output = String::new(); if a.dr0 != b.dr0 { output = format!("{}{}: {:x} -> {:x} ", output, "dr0", a.dr0, b.dr0); From 1c06b4de7886c4f5f6e43bb3839ed606816abfcb Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Thu, 26 Dec 2024 12:20:17 -0500 Subject: [PATCH 47/49] lint --- src/emu/constants.rs | 1 - src/emu/mod.rs | 9 +-------- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/src/emu/constants.rs b/src/emu/constants.rs index d9d2a17..6eff7a4 100644 --- a/src/emu/constants.rs +++ b/src/emu/constants.rs @@ -12,7 +12,6 @@ pub const LIBS32_MAX: u64 = 0x7FFFFFFF; pub const LIBS64_MIN: u64 = 0x7FF000000000; pub const LIBS64_MAX: u64 = 0x7FFFFFFFFFFF; - pub const STATUS_SUCCESS: u64 = 0x00000000; pub const STATUS_ACCESS_DENIED: u64 = 0xC0000022; pub const STATUS_INVALID_HANDLE: u64 = 0xC0000008; diff --git a/src/emu/mod.rs b/src/emu/mod.rs index ca5e312..30540d6 100644 --- a/src/emu/mod.rs +++ b/src/emu/mod.rs @@ -818,7 +818,6 @@ impl Emu { // base is setted by image base (if overlapps, alloc) } else { - // user's program if set_entry { if pe64.opt.image_base >= constants::LIBS64_MIN as u64 { @@ -3312,7 +3311,7 @@ impl Emu { } } else { if self.seh == 0 { - log::info!("exception without any SEH handler nor vector configured."); + log::info!("exception without any SEH handler nor vector configured. pos = {}", self.pos); if self.cfg.console_enabled { self.spawn_console(); } @@ -5138,9 +5137,6 @@ impl Emu { None => return false, }; - let in_rflags = self.flags.clone(); - log::info!("DEBUG: in: adc value0: 0x{:x}, value1: 0x{:x}, cf: 0x{:x}, rflags: 0x{:x}", value0, value1, cf, in_rflags.dump()); - let res = match self.get_operand_sz(&ins, 1) { 64 => self.flags.add64(value0, value1, self.flags.f_cf, true), 32 => self.flags.add32((value0 & 0xffffffff) as u32, (value1 & 0xffffffff) as u32, self.flags.f_cf, true), @@ -5149,9 +5145,6 @@ impl Emu { _ => unreachable!("weird size"), }; - let out_rflags = self.flags.clone(); - log::info!("DEBUG: out: adc res: 0x{:x}, rflags: 0x{:x} diff: {}", res, out_rflags.dump(), Flags::diff(in_rflags, out_rflags)); - if !self.set_operand_value(&ins, 0, res) { return false; } From 236e76e86788ffc61c04b6b9ac40a77c69302852 Mon Sep 17 00:00:00 2001 From: Brandon Ros Date: Thu, 26 Dec 2024 12:20:29 -0500 Subject: [PATCH 48/49] gateway logs --- src/emu/winapi32.rs | 2 ++ src/emu/winapi64.rs | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/emu/winapi32.rs b/src/emu/winapi32.rs index f0e21c4..500f056 100644 --- a/src/emu/winapi32.rs +++ b/src/emu/winapi32.rs @@ -19,6 +19,8 @@ mod wincrt; use crate::emu; pub fn gateway(addr: u32, name: String, emu: &mut emu::Emu) { + log::info!("winapi32::gateway called with addr: 0x{:x}, name: {}", addr, name); + emu.regs.sanitize32(); let unimplemented_api = match name.as_str() { "kernel32.text" => kernel32::gateway(addr, emu), diff --git a/src/emu/winapi64.rs b/src/emu/winapi64.rs index f99f582..31e24f1 100644 --- a/src/emu/winapi64.rs +++ b/src/emu/winapi64.rs @@ -14,6 +14,8 @@ mod kernelbase; use crate::emu; pub fn gateway(addr: u64, name: String, emu: &mut emu::Emu) { + log::info!("winapi64::gateway called with addr: 0x{:x}, name: {}", addr, name); + let unimplemented_api = match name.as_str() { "kernel32.text" => kernel32::gateway(addr, emu), "kernel32.rdata" => kernel32::gateway(addr, emu), From ccb8b003b473848ab3266837fe70b20ae87f99cd Mon Sep 17 00:00:00 2001 From: sha0coder Date: Fri, 27 Dec 2024 12:08:32 +0100 Subject: [PATCH 49/49] readme update, ready for archive --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index d048f74..2a4c7f9 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,11 @@ # SCEMU the lib +This repo has been archived, now libscemu, pyscemu and scemu become 1 repo: +https://github.com/sha0coder/mwemu + + + ## Usage