RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c ADDED

@@ -0,0 +1,128 @@
+typedef uintptr_t VALUE;
+static VALUE const_WindowsHeap;
+VALUE rb_ary_new(void);
+VALUE rb_ary_push(VALUE, VALUE);
+extern VALUE *rb_cObject __attribute__((import));
+VALUE rb_const_get(VALUE, VALUE);
+void rb_define_method(VALUE, char*, VALUE(*)(), int);
+VALUE rb_funcall(VALUE recv, unsigned int id, int nargs, ...);
+VALUE rb_intern(char*);
+VALUE rb_iv_get(VALUE, char*);
+VALUE rb_hash_aset(VALUE, VALUE, VALUE);
+VALUE rb_hash_aref(VALUE, VALUE);
+VALUE rb_uint2inum(VALUE);
+VALUE rb_num2ulong(VALUE);
+char *rb_string_value_ptr(VALUE*);
+VALUE rb_gc_enable(void);
+VALUE rb_gc_disable(void);
+#include "winheap.h"
+#define INT2FIX(i) (((i) << 1) | 1)
+static VALUE m_WindowsHeap23scan_heap_segment(VALUE self, VALUE vfirst, VALUE vlen)
+{
+	char *heapcpy;
+	struct _HEAP_ENTRY *he;
+	VALUE chunks;
+	VALUE first = rb_num2ulong(vfirst);
+	VALUE len = vlen >> 1;
+	VALUE off;
+	VALUE page;
+	VALUE sz;
+	chunks = rb_iv_get(self, "@chunks");
+	page = rb_funcall(self, rb_intern("pagecache"), 2, vfirst, INT2FIX(len));
+	heapcpy = rb_string_value_ptr(&page);
+	rb_gc_disable();
+	off = 0;
+	while (off < len) {
+		he = heapcpy + off;
+		if (he->Flags & 1) {
+			sz = (VALUE)he->Size*8;
+			if (sz > he->UnusedBytes)
+				sz -= he->UnusedBytes;
+			else
+				sz = 0;
+			rb_hash_aset(chunks, rb_uint2inum(first+off+sizeof(*he)), INT2FIX(sz));
+		}
+		off += he->Size*8;
+	}
+	rb_gc_enable();
+	return 4;
+}
+static VALUE m_WindowsHeap23scan_heap_segment_xr(VALUE self, VALUE vfirst, VALUE vlen)
+{
+	char *heapcpy;
+	struct _HEAP_ENTRY *he;
+	VALUE chunks;
+	VALUE first = rb_num2ulong(vfirst);
+	VALUE len = vlen >> 1;
+	VALUE off;
+	VALUE page;
+	VALUE xrchunksto = rb_iv_get(self, "@xrchunksto");
+	VALUE xrchunksfrom = rb_iv_get(self, "@xrchunksfrom");
+	chunks = rb_iv_get(self, "@chunks");
+	page = rb_funcall(self, rb_intern("pagecache"), 2, vfirst, INT2FIX(len));
+	heapcpy = rb_string_value_ptr(&page);
+	rb_gc_disable();
+	off = 0;
+	VALUE *ptr0, base, cklen;
+	while (off < len) {
+		he = heapcpy + off;
+		// address of the chunk
+		base = first + off + sizeof(*he);
+		if ((he->Flags & 1) &&
+		    (((cklen = rb_hash_aref(chunks, rb_uint2inum(base)))|4) != 4)) {
+			cklen /= 2*sizeof(void*);	// /2 == FIX2INT
+			// pointer to the data for the chunk in our copy of the heap from pagecache
+			ptr0 = (VALUE*)(heapcpy + off + sizeof(*he));
+			VALUE tabto = 0;
+			VALUE tabfrom;
+			while (cklen--) {
+				VALUE p = *ptr0++;
+				//if (p == base)	// ignore self-references
+				//	continue;
+				if ((rb_hash_aref(chunks, rb_uint2inum(p))|4) != 4) {
+					if (!tabto) {
+						tabto = rb_ary_new();
+						rb_hash_aset(xrchunksto, rb_uint2inum(base), tabto);
+					}
+					rb_ary_push(tabto, rb_uint2inum(p));
+					tabfrom = rb_hash_aref(xrchunksfrom, rb_uint2inum(p));
+					if ((tabfrom|4) == 4) {
+						tabfrom = rb_ary_new();
+						rb_hash_aset(xrchunksfrom, rb_uint2inum(p), tabfrom);
+					}
+					rb_ary_push(tabfrom, rb_uint2inum(base));
+				}
+			}
+		}
+		if (!he->Size)
+			break;
+		off += he->Size*8;
+	}
+	rb_gc_enable();
+	return 4;
+}
+static void do_init_once(void)
+{
+	const_WindowsHeap = rb_const_get(*rb_cObject, rb_intern("Metasm"));
+	const_WindowsHeap = rb_const_get(const_WindowsHeap, rb_intern("WindowsHeap"));
+	rb_define_method(const_WindowsHeap, "scan_heap_segment", m_WindowsHeap23scan_heap_segment, 2);
+	rb_define_method(const_WindowsHeap, "scan_heap_segment_xr", m_WindowsHeap23scan_heap_segment_xr, 2);
+}
+int Init_compiled_heapscan_win __attribute__((export))(void)
+{
+	do_init_once();
+	return 0;
+}

data/samples/dbg-plugins/heapscan/graphheap.rb ADDED

@@ -0,0 +1,616 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+module ::Metasm
+module Gui
+class GraphHeapWidget < GraphViewWidget
+	attr_accessor :heap, :addr_struct, :snapped
+	# addr_struct = 0x234 => AllocCStruct
+	def set_color_arrow(b1, b2)
+		if b1 == @caret_box or b2 == @caret_box
+			draw_color :arrow_hl
+		else
+			draw_color :arrow_cond
+		end
+	end
+	def setup_contextmenu(b, m)
+		addsubmenu(m, '_follow pointer') {
+			next if not lm = b[:line_member][@caret_y]
+			addr = b[:line_struct][@caret_y][lm]
+			next if not @heap.chunks[addr]
+			if lm.kind_of?(::Integer)
+				t = b[:line_struct][@caret_y].struct.type
+			else
+				t = lm.type
+			end
+			if t.pointer? and t.pointed.untypedef.kind_of? C::Union
+				@heap.chunk_struct[addr] ||= t.pointed.untypedef
+			end
+			st = @heap.chunk_struct[addr] || create_struct(addr)
+			ed = @dasm.get_edata_at(addr)
+			@addr_struct[addr] = @heap.cp.decode_c_struct(st.name, ed.data, ed.ptr)
+			gui_update
+		}
+		addsubmenu(m, '_hide box') {
+			@selected_boxes.each { |sb|
+				@addr_struct.delete sb.id if @addr_struct.length > 1
+			}
+			@curcontext.root_addrs = struct_find_roots(@addr_struct.keys.first)
+			gui_update
+		}
+		super(b, m)
+	end
+	def keypress(k)
+		case k
+		when ?u
+			# update display (refresh struct member values)
+			@parent_widget.parent_widget.console.commands['refresh'][]
+			gui_update
+		when ?t
+			# change struct field type
+			if @selected_boxes.length > 1
+				# mass-retype chunks
+				st = @addr_struct[@selected_boxes[0].id].struct
+				inputbox("replacement struct for selected chunks", :text => st.name) { |n|
+					next if not nst = @heap.cp.toplevel.struct[n]
+					@selected_boxes.each { |sb|
+						as = @addr_struct[sb.id]
+						@heap.chunk_struct[sb.id] = nst
+						@addr_struct[sb.id] = @heap.cp.decode_c_struct(n, as.str, as.stroff)
+					}
+					gui_update
+				}
+			elsif b = @caret_box
+				if @caret_y == 0
+					as = @addr_struct[b.id]
+					st = as.struct
+					inputbox("replacement struct for #{st.name}", :text => st.name) { |n|
+						next if not nst = @heap.cp.toplevel.struct[n]
+						@heap.chunk_struct[b.id] = nst
+						@addr_struct[b.id] = @heap.cp.decode_c_struct(n, as.str, as.stroff)
+						gui_update
+					}
+				elsif m = b[:line_member][@caret_y]
+					if m.kind_of?(Integer)
+						# XXX Array, need to find the outer struct
+						mn = b[:line_text_col][@caret_y].map { |l, c| l }.join[/(\S*)\[/, 1]
+						ar = b[:line_struct][@caret_y]
+						st = b[:line_struct][0...@caret_y].reverse.compact.find { |st_| st_.struct.kind_of?(C::Struct) and st_[mn].struct == ar.struct }
+						raise '?' if not st
+						st = st.struct
+						m = st.fldlist[mn]
+					else
+						st = b[:line_struct][@caret_y].struct
+					end
+					inputbox("new type for #{m.name}", :text => m.dump_def(@heap.cp.toplevel)[0].join(' ')) { |nn|
+						nil while @heap.cp.readtok
+						@heap.cp.lexer.feed nn
+						if not v = C::Variable.parse_type(@heap.cp, @heap.cp.toplevel, true)
+							nil while @heap.cp.readtok
+							raise 'bad type'
+						end
+						v.parse_declarator(@heap.cp, @heap.cp.toplevel)
+						nt = v.type
+						nsz = @heap.cp.sizeof(nt)
+						osz = @heap.cp.sizeof(m)
+						if nsz > osz and st.kind_of?(C::Struct)
+							idx = st.members.index(m)
+							# eat next members
+							while nsz > osz
+								break if idx+1 >= st.members.length
+								sz = @heap.cp.sizeof(st.members.delete_at(idx+1))
+								osz += sz
+							end
+						end
+						if nsz < osz and st.kind_of?(C::Struct)
+							idx = st.members.index(m)
+							pos = st.offsetof(@heap.cp, m)
+							# fill gap with bytes
+							idx += 1
+							while nsz < osz
+								st.members[idx, 0] = [C::Variable.new(('unk_%x' % (pos+nsz)), C::BaseType.new(:__int8, :unsigned))]
+								idx += 1
+								nsz += 1
+							end
+						end
+						m.type = nt
+						st.update_member_cache(@heap.cp)
+						gui_update
+					}
+				end
+			end
+		when ?n
+			# rename struct field
+			if b = @caret_box
+				if @caret_y == 0
+					st = @addr_struct[b.id].struct
+					inputbox("new name for #{st.name}", :text => st.name) { |nn|
+						raise "struct #{nn} already exists (try 't')" if @heap.cp.toplevel.struct[nn]
+						@heap.cp.toplevel.struct[nn] = @heap.cp.toplevel.struct.delete(st.name)
+						st.name = nn
+						gui_update
+					}
+				elsif m = b[:line_member][@caret_y]
+					if m.kind_of?(Integer)
+						mn = b[:line_text_col][@caret_y].map { |l, c| l }.join[/(\S*)\[/, 1]
+						ar = b[:line_struct][@caret_y]
+						st = b[:line_struct][0...@caret_y].reverse.compact.find { |st_| st_.struct.kind_of?(C::Struct) and st_[mn].struct == ar.struct }
+						raise '?' if not st
+						st = st.struct
+						m = st.fldlist[mn]
+					else
+						st = b[:line_struct][@caret_y].struct
+					end
+					inputbox("new name for #{m.name}", :text => m.name) { |nn|
+						m.name = nn
+						st.update_member_cache(@heap.cp)
+						gui_update
+					}
+				end
+			end
+		when ?e
+			# edit struct field value under the cursor
+			if b = @caret_box
+				# TODO b[:struct][line], b.[:member][line] (int for Arrays)
+				st = b[:line_struct][@caret_y]
+				mb = b[:line_member][@caret_y]
+				if st and mb
+					if mb.kind_of?(C::Variable) and mb.type.kind_of?(C::Array) and mb.type.type.kind_of?(C::BaseType) and mb.type.type.name == :char
+						defval = st[mb].to_array.pack('C*').gsub(/\0*$/, '').gsub(/[^\x20-\x7e]/, '.')
+						string = true
+					else
+						defval = st[mb]
+						string = false
+					end
+					inputbox("new value for #{mb.respond_to?(:name) ? mb.name : mb}", :text => defval.to_s) { |nn|
+						if string
+							am = st[mb]
+							(nn.unpack('C*') + [0]).each_with_index { |b_, i| am[i] = b_ }
+						else
+							st[mb] = Expression.parse_string(nn).reduce
+						end
+						gui_update
+					}
+				end
+			end
+		when ?x
+			# show heap xrefs to the hilighted chunk
+			if b = @caret_box
+				list = [['address', 'size']]
+				@heap.xrchunksfrom[b.id].to_a.each { |a|
+					list << [Expression[a], Expression[@heap.chunks[a]]]
+				}
+				if list.length == 1
+					messagebox "no xref to #{Expression[b.id]}"
+				else
+					listwindow("heap xrefs to #{Expression[b.id]}", list) { |i| @parent_widget.focus_addr(i[0], nil, true) }
+				end
+			end
+		when ?I
+			# insert new field in struct
+			if b = @caret_box
+				if m = b[:line_member][@caret_y]
+					if m.kind_of?(Integer)
+						# XXX Array, need to find the outer struct
+						mn = b[:line_text_col][@caret_y].map { |l, c| l }.join[/(\S*)\[/, 1]
+						ar = b[:line_struct][@caret_y]
+						st = b[:line_struct][0...@caret_y].reverse.compact.find { |st_| st_.struct.kind_of?(C::Struct) and st_[mn].struct == ar.struct }
+						raise '?' if not st
+						st = st.struct
+						m = st.fldlist[mn]
+					else
+						st = b[:line_struct][@caret_y].struct
+					end
+					inputbox("new type to insert before #{m.name}", :text => m.dump_def(@heap.cp.toplevel)[0].join(' ')) { |nn|
+						nil while @heap.cp.readtok
+						@heap.cp.lexer.feed nn
+						if not v = C::Variable.parse_type(@heap.cp, @heap.cp.toplevel, true)
+							nil while @heap.cp.readtok
+							raise 'bad type'
+						end
+						v.parse_declarator(@heap.cp, @heap.cp.toplevel)
+						nt = v.type
+						idx = st.members.index(m)
+						pos = st.offsetof(@heap.cp, m)
+						name = oname = v.name || ('unk_%x_new' % pos)
+						cntr = 0
+						while st.members.find { |m_| m_.name == name }
+							name = oname + "_#{cntr+=1}"
+						end
+						st.members[idx, 0] = [C::Variable.new(name, nt)]
+						st.update_member_cache(@heap.cp)
+						gui_update
+					}
+				end
+			end
+		when ?S
+			# delete structure field
+			if b = @caret_box
+				if m = b[:line_member][@caret_y]
+					if m.kind_of?(Integer)
+						# XXX Array, need to find the outer struct
+						mn = b[:line_text_col][@caret_y].map { |l, c| l }.join[/(\S*)\[/, 1]
+						ar = b[:line_struct][@caret_y]
+						st = b[:line_struct][0...@caret_y].reverse.compact.find { |st_| st_.struct.kind_of?(C::Struct) and st_[mn].struct == ar.struct }
+						raise '?' if not st
+						st = st.struct
+						m = st.fldlist[mn]
+					else
+						st = b[:line_struct][@caret_y].struct
+					end
+					inputbox("delete #{m.name} ?") { |nn|
+						idx = st.members.index(m)
+						st.members.delete_at(idx)
+						st.update_member_cache(@heap.cp)
+						gui_update
+					}
+				end
+			end
+		when ?+
+			# append blocks linked from the currently shown blocks to the display
+			@addr_struct.keys.each { |ak|
+				@heap.xrchunksto[ak].to_a.each { |nt|
+					next if @addr_struct[nt]
+					# TODO check if the pointer is a some_struct*
+					st = @heap.chunk_struct[nt] || create_struct(nt)
+					ed = @dasm.get_edata_at(nt)
+					@addr_struct[nt] = @heap.cp.decode_c_struct(st.name, ed.data, ed.ptr)
+				}
+			}
+			gui_update
+		when ?-
+			# remove graph leaves in an attempt to undo ?+
+			unk = @addr_struct.keys.find_all { |ak|
+				(@heap.xrchunksto[ak].to_a & @addr_struct.keys).empty?
+			}
+			unk.each { |ak| @addr_struct.delete ak if @addr_struct.length > 1 }
+			gui_update
+		else return super(k)
+		end
+		true
+	end
+	# create the graph objects in ctx
+	def build_ctx(ctx)
+		# create boxes
+		todo = ctx.root_addrs.dup & @addr_struct.keys
+		todo << @addr_struct.keys.first if todo.empty?
+		done = []
+		while a = todo.shift
+			next if done.include? a
+			done << a
+			ctx.new_box a, :line_text_col => [], :line_address => [], :line_struct => [], :line_member => []
+			todo.concat @heap.xrchunksto[a].to_a & @addr_struct.keys
+		end
+		# link boxes
+		if (@heap.xrchunksto[ctx.box.first.id].to_a & @addr_struct.keys).length == ctx.box.length - 1
+			ot = ctx.box[0].id
+			ctx.box[1..-1].each { |b_|
+				ctx.link_boxes(ot, b_.id)
+			}
+		else
+			ctx.box.each { |b|
+				@heap.xrchunksto[b.id].to_a.each { |t|
+					ctx.link_boxes(b.id, t) if @addr_struct[t]
+				}
+			}
+		end
+		if snapped
+			@datadiff = {}
+		end
+		# calc box dimensions/text
+		ctx.box.each { |b|
+			colstr = []
+			curaddr = b.id
+			curst = @addr_struct[b.id]
+			curmb = nil
+			margin = ''
+			start_addr = curaddr
+			if snapped
+				ghosts = snapped[curaddr]
+			end
+			line = 0
+			render = lambda { |str, col| colstr << [str, col] }
+			nl = lambda {
+				b[:line_address][line] = curaddr
+				b[:line_text_col][line] = colstr
+				b[:line_struct][line] = curst
+				b[:line_member][line] = curmb
+				colstr = []
+				line += 1
+			}
+			render_val = lambda { |v|
+				if v.kind_of?(::Integer)
+					if v > 0x100
+						render['0x%X' % v, :text]
+					elsif v < -0x100
+						render['-0x%X' % -v, :text]
+					else
+						render[v.to_s, :text]
+					end
+				elsif not v
+					render['NULL', :text]
+				else
+					render[v.to_s, :text]
+				end
+			}
+			render_st = nil
+			render_st_ar = lambda { |ast, m|
+				elemt = m.type.untypedef.type.untypedef
+				if elemt.kind_of?(C::BaseType) and elemt.name == :char
+					render[margin, :text]
+					render["#{m.type.type.to_s[1...-1]} #{m.name}[#{m.type.length}] = #{ast[m].to_array.pack('C*').sub(/\0.*$/m, '').inspect}", :text]
+					nl[]
+					curaddr += ast.cp.sizeof(m)
+				else
+					t = m.type.type.to_s[1...-1]
+					tsz = ast.cp.sizeof(m.type.type)
+					fust = curst
+					fumb = curmb
+					curst = ast[m]
+					ast[m].to_array.each_with_index { |v, i|
+						curmb = i
+						render[margin, :text]
+						if elemt.kind_of?(C::Union)
+							if m.type.untypedef.type.kind_of?(C::Union)
+								render[elemt.kind_of?(C::Struct) ? 'struct ' : 'union ', :text]
+								render["#{elemt.name} ", :text] if elemt.name
+							else # typedef
+								render["#{elemt.to_s[1...-1]} ", :text]
+							end
+							render_st[v]
+							render[" #{m.name}[#{i}]", :text]
+						else
+							render["#{t} #{m.name}[#{i}] = ", :text]
+							render_val[v]
+							@datadiff[curaddr] = true if ghosts and ghosts.all? { |g| g[curaddr-start_addr, tsz] == ghosts[0][curaddr-start_addr, tsz] } and ghosts[0][curaddr-start_addr, tsz] != ast.str[curaddr, tsz].to_str
+						end
+						render[';', :text]
+						nl[]
+						curaddr += tsz
+					}
+					curst = fust
+					curmb = fumb
+				end
+			}
+			render_st = lambda { |ast|
+				st_addr = curaddr
+				oldst = curst
+				oldmb = curmb
+				oldmargin = margin
+				render['{', :text]
+				nl[]
+				margin += '    '
+				curst = ast
+				ast.struct.members.each { |m|
+					curmb = m
+					curaddr = st_addr + ast.struct.offsetof(@heap.cp, m)
+					if bo = ast.struct.bitoffsetof(@heap.cp, m)
+						# float curaddr to make ghost hilight work on bitfields
+						curaddr += (1+bo[0])/1000.0
+					end
+					if m.type.untypedef.kind_of?(C::Array)
+						render_st_ar[ast, m]
+					elsif m.type.untypedef.kind_of?(C::Union)
+						render[margin, :text]
+						if m.type.kind_of?(C::Union)
+							render[m.type.kind_of?(C::Struct) ? 'struct ' : 'union ', :text]
+							render["#{m.type.name} ", :text] if m.type.name
+						else # typedef
+							render["#{m.type.to_s[1...-1]} ", :text]
+						end
+						oca = curaddr
+						render_st[ast[m]]
+						nca = curaddr
+						curaddr = oca
+						render[" #{m.name if m.name};", :text]
+						nl[]
+						curaddr = nca
+					else
+						render[margin, :text]
+						render["#{m.type.to_s[1...-1]} ", :text]
+						render["#{m.name} = ", :text]
+						render_val[ast[m]]
+						tsz = ast.cp.sizeof(m)
+						# TODO bit-level multighosting
+						if ghosts and ghosts.all? { |g| g[curaddr.to_i-start_addr, tsz] == ghosts[0][curaddr.to_i-start_addr, tsz] } and ghosts[0][curaddr.to_i-start_addr, tsz] != ast.str[curaddr.to_i, tsz].to_str
+							if bo
+								ft = C::BaseType.new((bo[0] + bo[1] > 32) ? :__int64 : :__int32)
+								v1 = @heap.cp.decode_c_value(ghosts[0][curaddr.to_i-start_addr, tsz], ft, 0)
+								v2 = @heap.cp.decode_c_value(ast.str[curaddr.to_i, tsz], ft, 0)
+								@datadiff[curaddr] = true if (v1 >> bo[0]) & ((1 << bo[1])-1) != (v2 >> bo[0]) & ((1 << bo[1])-1)
+							else
+								@datadiff[curaddr] = true
+							end
+						end
+						render[';', :text]
+						if m.type.kind_of?(C::Pointer) and m.type.type.kind_of?(C::BaseType) and m.type.type.name == :char
+							if s = @dasm.decode_strz(ast[m], 32)
+								render["    // #{s.inspect}", :comment]
+							end
+						end
+						nl[]
+						curaddr += tsz
+						curaddr = curaddr.to_i if bo
+					end
+				}
+				margin = oldmargin
+				curst = oldst
+				curmb = oldmb
+				render[margin, :text]
+				render['}', :text]
+			}
+			ast = @addr_struct[curaddr]
+			render["struct #{ast.struct.name} *#{'0x%X' % curaddr} = ", :text]
+			render_st[ast]
+			render[';', :text]
+			nl[]
+			b.w = b[:line_text_col].map { |strc| strc.map { |s, c| s }.join.length }.max.to_i * @font_width + 2
+			b.w += 1 if b.w % 2 == 0
+			b.h = line * @font_height
+		}
+	end
+	def struct_find_roots(addr)
+		addr = @addr_struct.keys.find { |a| addr >= a and addr < a+@addr_struct[a].sizeof } if not @addr_struct[addr]
+		todo = [addr]
+		done = []
+		roots = []
+		default_root = nil
+		while a = todo.shift
+			if done.include?(a) # cycle
+				default_root ||= a
+				next
+			end
+			done << a
+			newf = @heap.xrchunksfrom[a].to_a & @addr_struct.keys
+			if newf.empty?
+				roots << a
+			else
+				todo.concat newf
+			end
+		end
+		roots << default_root if roots.empty? and default_root
+		roots
+	end
+	def focus_addr(addr, fu=nil)
+		return if @parent_widget and not addr = @parent_widget.normalize(addr)
+		# move window / change curcontext
+		if b = @curcontext.box.find { |b_| b_[:line_address].index(addr) }
+			@caret_box, @caret_x, @caret_y = b, 0, b[:line_address].rindex(addr)
+			@curcontext.view_x += (width/2 / @zoom - width/2)
+			@curcontext.view_y += (height/2 / @zoom - height/2)
+			@zoom = 1.0
+			focus_xy(b.x, b.y + @caret_y*@font_height)
+			update_caret
+		elsif addr_struct and (@addr_struct[addr] or @addr_struct.find { |a, s| addr >= a and addr < a+s.sizeof })
+			@curcontext = Graph.new 'testic'
+			@curcontext.root_addrs = struct_find_roots(addr)
+			@want_focus_addr = addr
+			gui_update
+		elsif @heap.chunks[addr]
+			@want_focus_addr = addr
+			do_focus_addr(addr)
+		else
+			return
+		end
+		true
+	end
+	def do_focus_addr(addr)
+		st = @heap.chunk_struct[addr] || create_struct(addr)
+		ed = @dasm.get_edata_at(addr)
+		@addr_struct = { addr => @heap.cp.decode_c_struct(st.name, ed.data, ed.ptr) }
+		gui_update
+	end
+	# create the struct chunk_<addr>, register it in @heap.chunk_struct
+	def create_struct(addr)
+		raise "no chunk here" if not @heap.chunks[addr]
+		ptsz = @dasm.cpu.size/8
+		# check if this is a c++ object with RTTI info
+		vptr = @dasm.decode_dword(addr)
+		rtti = @dasm.decode_dword(vptr-ptsz)
+		case OS.shortname
+		when 'winos'
+			typeinfo = @dasm.decode_dword(rtti+3*ptsz) if rtti
+			if typeinfo and s = @dasm.decode_strz(typeinfo+3*ptsz)
+				rtti_name = s[/^(.*)@@$/, 1]	# remove trailing @@
+			end
+		when 'linos'
+			typeinfo = @dasm.decode_dword(rtti+ptsz) if rtti
+			if typeinfo and s = @dasm.decode_strz(typeinfo)
+				rtti_name = s[/^[0-9]+(.*)$/, 1]	# remove leading number
+			end
+		end
+		if rtti_name and st = @heap.cp.toplevel.struct[rtti_name]
+			return @heap.chunk_struct[addr] = st
+		end
+		st = C::Struct.new
+		st.name = rtti_name || "chunk_#{'%x' % addr}"
+		st.members = []
+		li = 0
+		(@heap.chunks[addr] / ptsz).times { |i|
+			n = 'unk_%x' % (ptsz*i)
+			v = @dasm.decode_dword(addr+ptsz*i)
+			if i == 0 and rtti_name
+				t = C::Pointer.new(C::Pointer.new(C::BaseType.new(:void)))
+				n = 'vtable'
+			elsif @heap.chunks[v]
+				t = C::Pointer.new(C::BaseType.new(:void))
+			else
+				t = C::BaseType.new("__int#{ptsz*8}".to_sym, :unsigned)
+			end
+			st.members << C::Variable.new(n, t)
+			li = i+1
+		}
+		(@heap.chunks[addr] % ptsz).times { |i|
+			n = 'unk_%x' % (ptsz*li+i)
+			t = C::BaseType.new(:char, :unsigned)
+			st.members << C::Variable.new(n, t)
+		}
+		@heap.cp.toplevel.struct[st.name] = st
+		@heap.chunk_struct[addr] = st
+	end
+	def snap
+		if not snapped
+			@datadiff = {}
+			ocb = @parent_widget.bg_color_callback
+			@parent_widget.bg_color_callback = lambda { |a|
+				if @datadiff[a]
+					'f88'
+				elsif ocb
+					ocb[a]
+				end
+			}
+		end
+		@snapped = {}
+		@addr_struct.each { |a, ast|
+			@snapped[a] = [ast.str[ast.stroff, ast.sizeof].to_str]
+		}
+	end
+	def snap_add
+		return snap if not snapped
+		@addr_struct.each { |a, ast|
+			(@snapped[a] ||= []) << ast.str[ast.stroff, ast.sizeof].to_str
+		}
+	end
+	def get_cursor_pos
+		[super, addr_struct]
+	end
+	def set_cursor_pos(p)
+		s, @addr_struct = p
+		super(s)
+	end
+end
+end
+end