unspeaker/vestal
1
0
Fork 0
mirror of https://codeberg.org/unspeaker/vestal.git synced 2025-12-06 12:56:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

filter out lib calls

Browse source
This commit is contained in:
🪞👃🪞 2025-02-20 02:14:00 +02:00
parent e5baca6c31
commit 48da19f7d5
1 changed files with 31 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

43
crates/vestal/src/main.rs
View file

@ -56,33 +56,42 @@ impl Vestal {
ep_off); ep_off);
if dll_path.as_ref() == path { if dll_path.as_ref() == path {
let buf = dll.get_buffer(); let buf = dll.get_buffer();
//println!("{:?}\n", &buf[0..128]);
//println!("{:?}\n", &buf[0x000c8900..0x000c8900+128].hex_dump());
//println!("{:?}", &buf[0x000c9500..0x000c9500+128].hex_dump());
let section = dll.get_section_by_name(".text")?; let section = dll.get_section_by_name(".text")?;
let section_ptr = section.pointer_to_raw_data.0 as usize; let section_ptr = section.pointer_to_raw_data.0 as usize;
let section_len = section.size_of_raw_data as usize; let section_len = section.size_of_raw_data as usize;
//println!("{section:?}");
//println!("{:?}\n", &buf[section_ptr..section_ptr+128].hex_dump());
//println!("{:?}", &buf[ep_off.0 as usize..ep_off.0 as usize+128].hex_dump());
let section_data = &buf[section_ptr..section_ptr+section_len]; let section_data = &buf[section_ptr..section_ptr+section_len];
println!("0x{:x}", section_data.len());
let mut decoder = iced_x86::Decoder::with_ip(64, section_data, 0, 0); let mut decoder = iced_x86::Decoder::with_ip(64, section_data, 0, 0);
while decoder.can_decode() { while decoder.can_decode() {
let position = decoder.position(); let position = decoder.position();
let instruction = decoder.decode(); let instruction = decoder.decode();
let opcodes = &section_data[position..position+instruction.len()].iter().map(|x|format!("{x:>02x}")).collect::<Vec<_>>().join(" "); let opcodes = &section_data[position..position+instruction.len()];
//println!("0x{position:08x} {opcodes:32} {instruction}"); //println!("0x{position:08x} {opcodes:32} {instruction}");
if instruction.is_call_far() { if (instruction.flow_control() == iced_x86::FlowControl::IndirectBranch
|| instruction.flow_control() == iced_x86::FlowControl::IndirectCall)
&& instruction.op0_kind() == iced_x86::OpKind::Memory {
match opcodes[0] {
0xff => match opcodes[1] {
0x10 | 0x12 | 0x13 | 0x50 | 0x52 | 0x53 | 0x55 | 0x56 | 0x57 |
0x60 | 0x90 | 0x92 | 0x93 | 0x94 | 0x97 => continue,
_ => {},
},
0x41 | 0x42 | 0x43 | 0x49 => match opcodes[1] {
0xff => continue,
_ => {},
},
0x48 => match opcodes[2] {
0x20 | 0x60 | 0x62 | 0xa0 | 0xa2 => continue,
_ => {},
},
_ => {}
}
let offset = (position + section_ptr) as u32;
println!("0x{:08x} (0x{:08x}) {:32} {instruction}",
position + section_ptr,
dll.offset_to_rva(Offset(offset))?.0,
opcodes.iter().map(|x|format!("{x:>02x}")).collect::<Vec<_>>().join(" "));
//println!("0x{:08x} {}", decoder.position(), instruction); //println!("0x{:08x} {}", decoder.position(), instruction);
} else if instruction.is_call_far_indirect() { //return Ok(())
//println!("0x{:08x} {}", decoder.position(), instruction);
} else if instruction.is_call_near() {
//println!("0x{:08x} {}", decoder.position(), instruction);
} else if instruction.is_call_near_indirect() {
println!("0x{:08x} {opcodes:32} {instruction}", position+section_ptr);
//println!("0x{:08x} {}", decoder.position(), instruction);
return Ok(())
} }
} }
} }