RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

data/samples/dbg-plugins/heapscan/winheap.h ADDED

@@ -0,0 +1,174 @@
+typedef void VOID;
+typedef unsigned __int8  UINT8;
+typedef unsigned __int16 UINT16;
+typedef __int32 LONG32;
+typedef unsigned __int32 ULONG32;
+typedef unsigned __int64 UINT64;
+// pseudo struct, for the PEB heap list
+struct HEAPTABLE {
+	struct _HEAP *list[16];
+};
+struct _LIST_ENTRY {
+	struct _LIST_ENTRY *FLink;
+	struct _LIST_ENTRY *BLink;
+};
+union _SLIST_HEADER {
+	struct _LIST_ENTRY le;
+};
+typedef struct _HEAP_ENTRY             // 7 elements, 0x8 bytes (sizeof)
+{
+//              union                              // 2 elements, 0x4 bytes (sizeof)
+//              {
+//                  struct                         // 2 elements, 0x4 bytes (sizeof)
+//                  {
+/*0x000*/             UINT16       Size;
+/*0x002*/             UINT16       PreviousSize;
+//                  };
+///*0x000*/         VOID*        SubSegmentCode;
+//              };
+/*0x004*/     UINT8        SmallTagIndex;
+/*0x005*/     UINT8        Flags;
+/*0x006*/     UINT8        UnusedBytes;
+/*0x007*/     UINT8        SegmentIndex;
+}HEAP_ENTRY, *PHEAP_ENTRY;
+typedef struct _HEAP                                         // 36 elements, 0x588 bytes (sizeof)
+{
+/*0x000*/     struct _HEAP_ENTRY Entry;                                // 7 elements, 0x8 bytes (sizeof)
+/*0x008*/     ULONG32      Signature;
+/*0x00C*/     ULONG32      Flags;
+/*0x010*/     ULONG32      ForceFlags;
+/*0x014*/     ULONG32      VirtualMemoryThreshold;
+/*0x018*/     ULONG32      SegmentReserve;
+/*0x01C*/     ULONG32      SegmentCommit;
+/*0x020*/     ULONG32      DeCommitFreeBlockThreshold;
+/*0x024*/     ULONG32      DeCommitTotalFreeThreshold;
+/*0x028*/     ULONG32      TotalFreeSize;
+/*0x02C*/     ULONG32      MaximumAllocationSize;
+/*0x030*/     UINT16       ProcessHeapsListIndex;
+/*0x032*/     UINT16       HeaderValidateLength;
+/*0x034*/     VOID*        HeaderValidateCopy;
+/*0x038*/     UINT16       NextAvailableTagIndex;
+/*0x03A*/     UINT16       MaximumTagIndex;
+/*0x03C*/     struct _HEAP_TAG_ENTRY* TagEntries;
+/*0x040*/     struct _HEAP_UCR_SEGMENT* UCRSegments;
+/*0x044*/     struct _HEAP_UNCOMMMTTED_RANGE* UnusedUnCommittedRanges;
+/*0x048*/     ULONG32      AlignRound;
+/*0x04C*/     ULONG32      AlignMask;
+/*0x050*/     struct _LIST_ENTRY VirtualAllocdBlocks;                  // 2 elements, 0x8 bytes (sizeof)
+/*0x058*/     struct _HEAP_SEGMENT* Segments[64];
+	union                                                    // 2 elements, 0x10 bytes (sizeof)
+	{
+/*0x158*/         ULONG32      FreeListsInUseUlong[4];
+/*0x158*/         UINT8        FreeListsInUseBytes[16];
+	}u;
+	union                                                    // 2 elements, 0x2 bytes (sizeof)
+	{
+/*0x168*/         UINT16       FreeListsInUseTerminate;
+/*0x168*/         UINT16       DecommitCount;
+	}u2;
+/*0x16A*/     UINT16       AllocatorBackTraceIndex;
+/*0x16C*/     ULONG32      NonDedicatedListLength;
+/*0x170*/     VOID*        LargeBlocksIndex;
+/*0x174*/     struct _HEAP_PSEUDO_TAG_ENTRY* PseudoTagEntries;
+/*0x178*/     struct _LIST_ENTRY FreeLists[128];
+/*0x578*/     struct _HEAP_LOCK* LockVariable;
+///*0x57C*/     FUNCT_0049_0C5F_CommitRoutine* CommitRoutine;
+/*0x57C*/     VOID* CommitRoutine;
+/*0x580*/     VOID*        FrontEndHeap;
+/*0x584*/     UINT16       FrontHeapLockCount;
+/*0x586*/     UINT8        FrontEndHeapType;
+/*0x587*/     UINT8        LastSegmentIndex;
+}HEAP, *PHEAP;
+typedef struct _HEAP_UNCOMMMTTED_RANGE    // 4 elements, 0x10 bytes (sizeof)
+{
+/*0x000*/     struct _HEAP_UNCOMMMTTED_RANGE* Next;
+/*0x004*/     ULONG32      Address;
+/*0x008*/     ULONG32      Size;
+/*0x00C*/     ULONG32      filler;
+}HEAP_UNCOMMMTTED_RANGE, *PHEAP_UNCOMMMTTED_RANGE;
+typedef struct _HEAP_ENTRY_EXTRA                  // 4 elements, 0x8 bytes (sizeof)
+{
+	union                                         // 2 elements, 0x8 bytes (sizeof)
+	{
+		struct                                    // 3 elements, 0x8 bytes (sizeof)
+		{
+/*0x000*/             UINT16       AllocatorBackTraceIndex;
+/*0x002*/             UINT16       TagIndex;
+/*0x004*/             ULONG32      Settable;
+		};
+/*0x000*/         UINT64       ZeroInit;
+	};
+}HEAP_ENTRY_EXTRA, *PHEAP_ENTRY_EXTRA;
+typedef struct _HEAP_VIRTUAL_ALLOC_ENTRY // 5 elements, 0x20 bytes (sizeof)
+{
+/*0x000*/     struct _LIST_ENTRY Entry;            // 2 elements, 0x8 bytes (sizeof)
+/*0x008*/     struct _HEAP_ENTRY_EXTRA ExtraStuff; // 4 elements, 0x8 bytes (sizeof)
+/*0x010*/     ULONG32      CommitSize;
+/*0x014*/     ULONG32      ReserveSize;
+/*0x018*/     struct _HEAP_ENTRY BusyBlock;        // 7 elements, 0x8 bytes (sizeof)
+}HEAP_VIRTUAL_ALLOC_ENTRY, *PHEAP_VIRTUAL_ALLOC_ENTRY;
+typedef struct _HEAP_FREE_ENTRY        // 8 elements, 0x10 bytes (sizeof)
+{
+	union                              // 2 elements, 0x4 bytes (sizeof)
+	{
+		struct                         // 2 elements, 0x4 bytes (sizeof)
+		{
+/*0x000*/             UINT16       Size;
+/*0x002*/             UINT16       PreviousSize;
+		};
+/*0x000*/         VOID*        SubSegmentCode;
+	};
+/*0x004*/     UINT8        SmallTagIndex;
+/*0x005*/     UINT8        Flags;
+/*0x006*/     UINT8        UnusedBytes;
+/*0x007*/     UINT8        SegmentIndex;
+/*0x008*/     struct _LIST_ENTRY FreeList;       // 2 elements, 0x8 bytes (sizeof)
+}HEAP_FREE_ENTRY, *PHEAP_FREE_ENTRY;
+typedef struct _HEAP_LOOKASIDE       // 10 elements, 0x30 bytes (sizeof)
+{
+/*0x000*/     union _SLIST_HEADER ListHead;    // 4 elements, 0x8 bytes (sizeof)
+/*0x008*/     UINT16       Depth;
+/*0x00A*/     UINT16       MaximumDepth;
+/*0x00C*/     ULONG32      TotalAllocates;
+/*0x010*/     ULONG32      AllocateMisses;
+/*0x014*/     ULONG32      TotalFrees;
+/*0x018*/     ULONG32      FreeMisses;
+/*0x01C*/     ULONG32      LastTotalAllocates;
+/*0x020*/     ULONG32      LastAllocateMisses;
+/*0x024*/     ULONG32      Counters[2];
+/*0x02C*/     UINT8        _PADDING0_[0x4];
+}HEAP_LOOKASIDE, *PHEAP_LOOKASIDE;
+struct FRONTEND1 {
+	struct _HEAP_LOOKASIDE l[128];
+};
+typedef struct _HEAP_SEGMENT                           // 15 elements, 0x3C bytes (sizeof)
+{
+/*0x000*/     struct _HEAP_ENTRY Entry;                          // 7 elements, 0x8 bytes (sizeof)
+/*0x008*/     ULONG32      Signature;
+/*0x00C*/     ULONG32      Flags;
+/*0x010*/     struct _HEAP* Heap;
+/*0x014*/     ULONG32      LargestUnCommittedRange;
+/*0x018*/     VOID*        BaseAddress;
+/*0x01C*/     ULONG32      NumberOfPages;
+/*0x020*/     struct _HEAP_ENTRY* FirstEntry;
+/*0x024*/     struct _HEAP_ENTRY* LastValidEntry;
+/*0x028*/     ULONG32      NumberOfUnCommittedPages;
+/*0x02C*/     ULONG32      NumberOfUnCommittedRanges;
+/*0x030*/     struct _HEAP_UNCOMMMTTED_RANGE* UnCommittedRanges;
+/*0x034*/     UINT16       AllocatorBackTraceIndex;
+/*0x036*/     UINT16       Reserved;
+/*0x038*/     struct _HEAP_ENTRY* LastEntryInSegment;
+}HEAP_SEGMENT, *PHEAP_SEGMENT;

data/samples/dbg-plugins/heapscan/winheap7.h ADDED

@@ -0,0 +1,307 @@
+typedef void VOID;
+typedef unsigned __int8  UINT8;
+typedef unsigned __int16 UINT16, WCHAR;
+typedef __int32 LONG32;
+typedef unsigned __int32 ULONG32;
+typedef __int64 INT64;
+typedef unsigned __int64 UINT64;
+struct HEAPTABLE {
+	struct _HEAP *list[16];
+};
+struct _LIST_ENTRY {
+	struct _LIST_ENTRY *FLink;
+	struct _LIST_ENTRY *BLink;
+};
+typedef struct _SLIST_HEADER {
+	struct _SLIST_HEADER *Next;
+	UINT16       Depth;
+	UINT16       Sequence;
+} SLIST_HEADER, *PSLIST_HEADER;
+struct _SINGLE_LIST_ENTRY {
+	struct _SINGLE_LIST_ENTRY *Next;
+};
+typedef struct _HEAP_ENTRY {
+	VOID*        PreviousBlockPrivateData;
+	UINT16       Size;
+	UINT8        Flags;
+	UINT8        SmallTagIndex;
+	UINT16       PreviousSize;
+	union
+	{
+		UINT8        SegmentOffset;
+		UINT8        LFHFlags;
+	};
+	UINT8        UnusedBytes;
+} HEAP_ENTRY, *PHEAP_ENTRY;
+typedef struct _HEAP_COUNTERS
+{
+	ULONG32      TotalMemoryReserved;
+	ULONG32      TotalMemoryCommitted;
+	ULONG32      TotalMemoryLargeUCR;
+	ULONG32      TotalSizeInVirtualBlocks;
+	ULONG32      TotalSegments;
+	ULONG32      TotalUCRs;
+	ULONG32      CommittOps;
+	ULONG32      DeCommitOps;
+	ULONG32      LockAcquires;
+	ULONG32      LockCollisions;
+	ULONG32      CommitRate;
+	ULONG32      DecommittRate;
+	ULONG32      CommitFailures;
+	ULONG32      InBlockCommitFailures;
+	ULONG32      CompactHeapCalls;
+	ULONG32      CompactedUCRs;
+	ULONG32      AllocAndFreeOps;
+	ULONG32      InBlockDeccommits;
+	ULONG32      InBlockDeccomitSize;
+	ULONG32      HighWatermarkSize;
+	ULONG32      LastPolledSize;
+} HEAP_COUNTERS, *PHEAP_COUNTERS;
+typedef struct _HEAP_TUNING_PARAMETERS
+{
+	ULONG32      CommittThresholdShift;
+	ULONG32      MaxPreCommittThreshold;
+} HEAP_TUNING_PARAMETERS, *PHEAP_TUNING_PARAMETERS;
+typedef struct _HEAP_SEGMENT
+{
+	struct _HEAP_ENTRY Entry;
+	ULONG32      SegmentSignature;
+	ULONG32      SegmentFlags;
+	struct _LIST_ENTRY SegmentListEntry;
+	struct _HEAP* Heap;
+	VOID*        BaseAddress;
+	ULONG32      NumberOfPages;
+	struct _HEAP_ENTRY* FirstEntry;
+	struct _HEAP_ENTRY* LastValidEntry;
+	ULONG32      NumberOfUnCommittedPages;
+	ULONG32      NumberOfUnCommittedRanges;
+	UINT16       SegmentAllocatorBackTraceIndex;
+	UINT16       Reserved;
+	struct _LIST_ENTRY UCRSegmentList;
+} HEAP_SEGMENT, *PHEAP_SEGMENT;
+typedef struct _HEAP
+{
+	struct _HEAP_SEGMENT Segment;
+	ULONG32      Flags;
+	ULONG32      ForceFlags;
+	ULONG32      CompatibilityFlags;
+	ULONG32      EncodeFlagMask;
+	struct _HEAP_ENTRY Encoding;
+	ULONG32      PointerKey;
+	ULONG32      Interceptor;
+	ULONG32      VirtualMemoryThreshold;
+	ULONG32      Signature;
+	ULONG32      SegmentReserve;
+	ULONG32      SegmentCommit;
+	ULONG32      DeCommitFreeBlockThreshold;
+	ULONG32      DeCommitTotalFreeThreshold;
+	ULONG32      TotalFreeSize;
+	ULONG32      MaximumAllocationSize;
+	UINT16       ProcessHeapsListIndex;
+	UINT16       HeaderValidateLength;
+	VOID*        HeaderValidateCopy;
+	UINT16       NextAvailableTagIndex;
+	UINT16       MaximumTagIndex;
+	struct _HEAP_TAG_ENTRY* TagEntries;
+	struct _LIST_ENTRY UCRList;
+	ULONG32      AlignRound;
+	ULONG32      AlignMask;
+	struct _LIST_ENTRY VirtualAllocdBlocks;
+	struct _LIST_ENTRY SegmentList;
+	UINT16       AllocatorBackTraceIndex;
+	UINT8        _PADDING0_[0x2];
+	ULONG32      NonDedicatedListLength;
+	VOID*        BlocksIndex;
+	VOID*        UCRIndex;
+	struct _HEAP_PSEUDO_TAG_ENTRY* PseudoTagEntries;
+	struct _LIST_ENTRY FreeLists;
+	struct _HEAP_LOCK* LockVariable;
+	VOID* CommitRoutine;
+	VOID*        FrontEndHeap;
+	UINT16       FrontHeapLockCount;
+	UINT8        FrontEndHeapType;
+	UINT8        _PADDING1_[0x1];
+	struct _HEAP_COUNTERS Counters;
+	struct _HEAP_TUNING_PARAMETERS TuningParameters;
+} HEAP, *PHEAP;
+typedef struct _HEAP_ENTRY_EXTRA
+{
+	union
+	{
+		struct
+		{
+			UINT16       AllocatorBackTraceIndex;
+			UINT16       TagIndex;
+			ULONG32      Settable;
+		};
+		UINT64       ZeroInit;
+	};
+} HEAP_ENTRY_EXTRA, *PHEAP_ENTRY_EXTRA;
+typedef struct _HEAP_FREE_ENTRY
+{
+	struct _HEAP_ENTRY Entry;
+	struct _LIST_ENTRY FreeList;
+} HEAP_FREE_ENTRY, *PHEAP_FREE_ENTRY;
+typedef struct _HEAP_LIST_LOOKUP
+{
+	struct _HEAP_LIST_LOOKUP* ExtendedLookup;
+	ULONG32      ArraySize;
+	ULONG32      ExtraItem;
+	ULONG32      ItemCount;
+	ULONG32      OutOfRangeItems;
+	ULONG32      BaseIndex;
+	struct _LIST_ENTRY* ListHead;
+	ULONG32*     ListsInUseUlong;
+	struct _LIST_ENTRY** ListHints;
+} HEAP_LIST_LOOKUP, *PHEAP_LIST_LOOKUP;
+typedef struct _HEAP_LOOKASIDE
+{
+	struct _SLIST_HEADER ListHead;
+	UINT16       Depth;
+	UINT16       MaximumDepth;
+	ULONG32      TotalAllocates;
+	ULONG32      AllocateMisses;
+	ULONG32      TotalFrees;
+	ULONG32      FreeMisses;
+	ULONG32      LastTotalAllocates;
+	ULONG32      LastAllocateMisses;
+	ULONG32      Counters[2];
+	UINT8        _PADDING0_[0x4];
+} HEAP_LOOKASIDE, *PHEAP_LOOKASIDE;
+typedef struct _INTERLOCK_SEQ
+{
+	union
+	{
+		struct
+		{
+			UINT16       Depth;
+			UINT16       FreeEntryOffset;
+			UINT8        _PADDING0_[0x4];
+		};
+		struct
+		{
+			ULONG32      OffsetAndDepth;
+			ULONG32      Sequence;
+		};
+		INT64        Exchg;
+	};
+}INTERLOCK_SEQ, *PINTERLOCK_SEQ;
+typedef struct _HEAP_TAG_ENTRY
+{
+	ULONG32      Allocs;
+	ULONG32      Frees;
+	ULONG32      Size;
+	UINT16       TagIndex;
+	UINT16       CreatorBackTraceIndex;
+	WCHAR        TagName[24];
+} HEAP_TAG_ENTRY, *PHEAP_TAG_ENTRY;
+typedef struct _HEAP_UCR_DESCRIPTOR
+{
+	struct _LIST_ENTRY ListEntry;
+	struct _LIST_ENTRY SegmentEntry;
+	VOID*        Address;
+	ULONG32      Size;
+} HEAP_UCR_DESCRIPTOR, *PHEAP_UCR_DESCRIPTOR;
+typedef struct _HEAP_USERDATA_HEADER
+{
+	union
+	{
+		struct _SINGLE_LIST_ENTRY SFreeListEntry;
+		struct _HEAP_SUBSEGMENT* SubSegment;
+	};
+	VOID*        Reserved;
+	ULONG32      SizeIndex;
+	ULONG32      Signature;
+} HEAP_USERDATA_HEADER, *PHEAP_USERDATA_HEADER;
+typedef struct _HEAP_VIRTUAL_ALLOC_ENTRY
+{
+	struct _LIST_ENTRY Entry;
+	struct _HEAP_ENTRY_EXTRA ExtraStuff;
+	ULONG32      CommitSize;
+	ULONG32      ReserveSize;
+	struct _HEAP_ENTRY BusyBlock;
+} HEAP_VIRTUAL_ALLOC_ENTRY, *PHEAP_VIRTUAL_ALLOC_ENTRY;
+struct _USER_MEMORY_CACHE_ENTRY {
+	ULONG32 Foo[4];
+};
+struct _HEAP_BUCKET {
+	ULONG32 Foo;
+};
+struct _HEAP_BUCKET_COUNTERS {
+	ULONG32 Foo[2];
+};
+typedef struct _HEAP_LOCAL_SEGMENT_INFO
+{
+	struct _HEAP_SUBSEGMENT* Hint;
+	struct _HEAP_SUBSEGMENT* ActiveSubsegment;
+	struct _HEAP_SUBSEGMENT* CachedItems[16];
+	struct _SLIST_HEADER SListHeader;
+	struct _HEAP_BUCKET_COUNTERS Counters;
+	struct _HEAP_LOCAL_DATA* LocalData;
+	ULONG32 LastOpSequence;
+	UINT16 BucketIndex;
+	UINT16 LastUsed;
+	ULONG32 Pad;
+} HEAP_LOCAL_SEGMENT_INFO, *PHEAP_LOCAL_SEGMENT_INFO;
+typedef struct _HEAP_LOCAL_DATA {
+	struct _SLIST_HEADER DeletedSubSegments;
+	struct _LFH_BLOCK_ZONE* CrtZone;
+	struct _LFH_HEAP* LowFragHeap;
+	ULONG32 Sequence;
+	struct _HEAP_LOCAL_SEGMENT_INFO SegmentInfo[128];
+} HEAP_LOCAL_DATA;
+typedef struct _HEAP_SUBSEGMENT
+{
+	struct _HEAP_LOCAL_SEGMENT_INFO* LocalInfo;
+	struct _HEAP_USERDATA_HEADER* UserBlocks;
+	struct _INTERLOCK_SEQ AggregateExchg;
+	UINT16       BlockSize;
+	UINT16       Flags;
+	UINT16       BlockCount;
+	UINT8        SizeIndex;
+	UINT8        AffinityIndex;
+	struct _SINGLE_LIST_ENTRY SFreeListEntry;
+	ULONG32      Lock;
+} HEAP_SUBSEGMENT, *PHEAP_SUBSEGMENT;
+typedef struct _LFH_HEAP
+{
+	ULONG32 Lock[6];
+	struct _LIST_ENTRY SubSegmentZones;
+	ULONG32 ZoneBlockSize;
+	VOID* Heap;
+	ULONG32 SegmentChange;
+	ULONG32 SegmentCreate;
+	ULONG32 SegmentInsertInFree;
+	ULONG32 SegmentDelete;
+	ULONG32 CacheAllocs;
+	ULONG32 CacheFrees;
+	ULONG32 SizeInCache;
+	ULONG32 RunInfo[3];
+	struct _USER_MEMORY_CACHE_ENTRY UserBlockCache[12];
+	struct _HEAP_BUCKET Buckets[128];
+	struct _HEAP_LOCAL_DATA LocalData[1];
+} LFH_HEAP;