RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

data/samples/dbg-plugins/heapscan/winheap.h ADDED

@@ -0,0 +1,174 @@
+typedef void VOID;
+typedef unsigned __int8  UINT8;
+typedef unsigned __int16 UINT16;
+typedef __int32 LONG32;
+typedef unsigned __int32 ULONG32;
+typedef unsigned __int64 UINT64;
+// pseudo struct, for the PEB heap list
+struct HEAPTABLE {
+	struct _HEAP *list[16];
+};
+struct _LIST_ENTRY {
+	struct _LIST_ENTRY *FLink;
+	struct _LIST_ENTRY *BLink;
+};
+union _SLIST_HEADER {
+	struct _LIST_ENTRY le;
+};
+typedef struct _HEAP_ENTRY             // 7 elements, 0x8 bytes (sizeof)
+{
+//              union                              // 2 elements, 0x4 bytes (sizeof)
+//              {
+//                  struct                         // 2 elements, 0x4 bytes (sizeof)
+//                  {
+/*0x000*/             UINT16       Size;
+/*0x002*/             UINT16       PreviousSize;
+//                  };
+///*0x000*/         VOID*        SubSegmentCode;
+//              };
+/*0x004*/     UINT8        SmallTagIndex;
+/*0x005*/     UINT8        Flags;
+/*0x006*/     UINT8        UnusedBytes;
+/*0x007*/     UINT8        SegmentIndex;
+}HEAP_ENTRY, *PHEAP_ENTRY;
+typedef struct _HEAP                                         // 36 elements, 0x588 bytes (sizeof)
+{
+/*0x000*/     struct _HEAP_ENTRY Entry;                                // 7 elements, 0x8 bytes (sizeof)
+/*0x008*/     ULONG32      Signature;
+/*0x00C*/     ULONG32      Flags;
+/*0x010*/     ULONG32      ForceFlags;
+/*0x014*/     ULONG32      VirtualMemoryThreshold;
+/*0x018*/     ULONG32      SegmentReserve;
+/*0x01C*/     ULONG32      SegmentCommit;
+/*0x020*/     ULONG32      DeCommitFreeBlockThreshold;
+/*0x024*/     ULONG32      DeCommitTotalFreeThreshold;
+/*0x028*/     ULONG32      TotalFreeSize;
+/*0x02C*/     ULONG32      MaximumAllocationSize;
+/*0x030*/     UINT16       ProcessHeapsListIndex;
+/*0x032*/     UINT16       HeaderValidateLength;
+/*0x034*/     VOID*        HeaderValidateCopy;
+/*0x038*/     UINT16       NextAvailableTagIndex;
+/*0x03A*/     UINT16       MaximumTagIndex;
+/*0x03C*/     struct _HEAP_TAG_ENTRY* TagEntries;
+/*0x040*/     struct _HEAP_UCR_SEGMENT* UCRSegments;
+/*0x044*/     struct _HEAP_UNCOMMMTTED_RANGE* UnusedUnCommittedRanges;
+/*0x048*/     ULONG32      AlignRound;
+/*0x04C*/     ULONG32      AlignMask;
+/*0x050*/     struct _LIST_ENTRY VirtualAllocdBlocks;                  // 2 elements, 0x8 bytes (sizeof)
+/*0x058*/     struct _HEAP_SEGMENT* Segments[64];
+	union                                                    // 2 elements, 0x10 bytes (sizeof)
+	{
+/*0x158*/         ULONG32      FreeListsInUseUlong[4];
+/*0x158*/         UINT8        FreeListsInUseBytes[16];
+	}u;
+	union                                                    // 2 elements, 0x2 bytes (sizeof)
+	{
+/*0x168*/         UINT16       FreeListsInUseTerminate;
+/*0x168*/         UINT16       DecommitCount;
+	}u2;
+/*0x16A*/     UINT16       AllocatorBackTraceIndex;
+/*0x16C*/     ULONG32      NonDedicatedListLength;
+/*0x170*/     VOID*        LargeBlocksIndex;
+/*0x174*/     struct _HEAP_PSEUDO_TAG_ENTRY* PseudoTagEntries;
+/*0x178*/     struct _LIST_ENTRY FreeLists[128];
+/*0x578*/     struct _HEAP_LOCK* LockVariable;
+///*0x57C*/     FUNCT_0049_0C5F_CommitRoutine* CommitRoutine;
+/*0x57C*/     VOID* CommitRoutine;
+/*0x580*/     VOID*        FrontEndHeap;
+/*0x584*/     UINT16       FrontHeapLockCount;
+/*0x586*/     UINT8        FrontEndHeapType;
+/*0x587*/     UINT8        LastSegmentIndex;
+}HEAP, *PHEAP;
+typedef struct _HEAP_UNCOMMMTTED_RANGE    // 4 elements, 0x10 bytes (sizeof)
+{
+/*0x000*/     struct _HEAP_UNCOMMMTTED_RANGE* Next;
+/*0x004*/     ULONG32      Address;
+/*0x008*/     ULONG32      Size;
+/*0x00C*/     ULONG32      filler;
+}HEAP_UNCOMMMTTED_RANGE, *PHEAP_UNCOMMMTTED_RANGE;
+typedef struct _HEAP_ENTRY_EXTRA                  // 4 elements, 0x8 bytes (sizeof)
+{
+	union                                         // 2 elements, 0x8 bytes (sizeof)
+	{
+		struct                                    // 3 elements, 0x8 bytes (sizeof)
+		{
+/*0x000*/             UINT16       AllocatorBackTraceIndex;
+/*0x002*/             UINT16       TagIndex;
+/*0x004*/             ULONG32      Settable;
+		};
+/*0x000*/         UINT64       ZeroInit;
+	};
+}HEAP_ENTRY_EXTRA, *PHEAP_ENTRY_EXTRA;
+typedef struct _HEAP_VIRTUAL_ALLOC_ENTRY // 5 elements, 0x20 bytes (sizeof)
+{
+/*0x000*/     struct _LIST_ENTRY Entry;            // 2 elements, 0x8 bytes (sizeof)
+/*0x008*/     struct _HEAP_ENTRY_EXTRA ExtraStuff; // 4 elements, 0x8 bytes (sizeof)
+/*0x010*/     ULONG32      CommitSize;
+/*0x014*/     ULONG32      ReserveSize;
+/*0x018*/     struct _HEAP_ENTRY BusyBlock;        // 7 elements, 0x8 bytes (sizeof)
+}HEAP_VIRTUAL_ALLOC_ENTRY, *PHEAP_VIRTUAL_ALLOC_ENTRY;
+typedef struct _HEAP_FREE_ENTRY        // 8 elements, 0x10 bytes (sizeof)
+{
+	union                              // 2 elements, 0x4 bytes (sizeof)
+	{
+		struct                         // 2 elements, 0x4 bytes (sizeof)
+		{
+/*0x000*/             UINT16       Size;
+/*0x002*/             UINT16       PreviousSize;
+		};
+/*0x000*/         VOID*        SubSegmentCode;
+	};
+/*0x004*/     UINT8        SmallTagIndex;
+/*0x005*/     UINT8        Flags;
+/*0x006*/     UINT8        UnusedBytes;
+/*0x007*/     UINT8        SegmentIndex;
+/*0x008*/     struct _LIST_ENTRY FreeList;       // 2 elements, 0x8 bytes (sizeof)
+}HEAP_FREE_ENTRY, *PHEAP_FREE_ENTRY;
+typedef struct _HEAP_LOOKASIDE       // 10 elements, 0x30 bytes (sizeof)
+{
+/*0x000*/     union _SLIST_HEADER ListHead;    // 4 elements, 0x8 bytes (sizeof)
+/*0x008*/     UINT16       Depth;
+/*0x00A*/     UINT16       MaximumDepth;
+/*0x00C*/     ULONG32      TotalAllocates;
+/*0x010*/     ULONG32      AllocateMisses;
+/*0x014*/     ULONG32      TotalFrees;
+/*0x018*/     ULONG32      FreeMisses;
+/*0x01C*/     ULONG32      LastTotalAllocates;
+/*0x020*/     ULONG32      LastAllocateMisses;
+/*0x024*/     ULONG32      Counters[2];
+/*0x02C*/     UINT8        _PADDING0_[0x4];
+}HEAP_LOOKASIDE, *PHEAP_LOOKASIDE;
+struct FRONTEND1 {
+	struct _HEAP_LOOKASIDE l[128];
+};
+typedef struct _HEAP_SEGMENT                           // 15 elements, 0x3C bytes (sizeof)
+{
+/*0x000*/     struct _HEAP_ENTRY Entry;                          // 7 elements, 0x8 bytes (sizeof)
+/*0x008*/     ULONG32      Signature;
+/*0x00C*/     ULONG32      Flags;
+/*0x010*/     struct _HEAP* Heap;
+/*0x014*/     ULONG32      LargestUnCommittedRange;
+/*0x018*/     VOID*        BaseAddress;
+/*0x01C*/     ULONG32      NumberOfPages;
+/*0x020*/     struct _HEAP_ENTRY* FirstEntry;
+/*0x024*/     struct _HEAP_ENTRY* LastValidEntry;
+/*0x028*/     ULONG32      NumberOfUnCommittedPages;
+/*0x02C*/     ULONG32      NumberOfUnCommittedRanges;
+/*0x030*/     struct _HEAP_UNCOMMMTTED_RANGE* UnCommittedRanges;
+/*0x034*/     UINT16       AllocatorBackTraceIndex;
+/*0x036*/     UINT16       Reserved;
+/*0x038*/     struct _HEAP_ENTRY* LastEntryInSegment;
+}HEAP_SEGMENT, *PHEAP_SEGMENT;

data/samples/dbg-plugins/heapscan/winheap7.h ADDED

@@ -0,0 +1,307 @@
+typedef void VOID;
+typedef unsigned __int8  UINT8;
+typedef unsigned __int16 UINT16, WCHAR;
+typedef __int32 LONG32;
+typedef unsigned __int32 ULONG32;
+typedef __int64 INT64;
+typedef unsigned __int64 UINT64;
+struct HEAPTABLE {
+	struct _HEAP *list[16];
+};
+struct _LIST_ENTRY {
+	struct _LIST_ENTRY *FLink;
+	struct _LIST_ENTRY *BLink;
+};
+typedef struct _SLIST_HEADER {
+	struct _SLIST_HEADER *Next;
+	UINT16       Depth;
+	UINT16       Sequence;
+} SLIST_HEADER, *PSLIST_HEADER;
+struct _SINGLE_LIST_ENTRY {
+	struct _SINGLE_LIST_ENTRY *Next;
+};
+typedef struct _HEAP_ENTRY {
+	VOID*        PreviousBlockPrivateData;
+	UINT16       Size;
+	UINT8        Flags;
+	UINT8        SmallTagIndex;
+	UINT16       PreviousSize;
+	union
+	{
+		UINT8        SegmentOffset;
+		UINT8        LFHFlags;
+	};
+	UINT8        UnusedBytes;
+} HEAP_ENTRY, *PHEAP_ENTRY;
+typedef struct _HEAP_COUNTERS
+{
+	ULONG32      TotalMemoryReserved;
+	ULONG32      TotalMemoryCommitted;
+	ULONG32      TotalMemoryLargeUCR;
+	ULONG32      TotalSizeInVirtualBlocks;
+	ULONG32      TotalSegments;
+	ULONG32      TotalUCRs;
+	ULONG32      CommittOps;
+	ULONG32      DeCommitOps;
+	ULONG32      LockAcquires;
+	ULONG32      LockCollisions;
+	ULONG32      CommitRate;
+	ULONG32      DecommittRate;
+	ULONG32      CommitFailures;
+	ULONG32      InBlockCommitFailures;
+	ULONG32      CompactHeapCalls;
+	ULONG32      CompactedUCRs;
+	ULONG32      AllocAndFreeOps;
+	ULONG32      InBlockDeccommits;
+	ULONG32      InBlockDeccomitSize;
+	ULONG32      HighWatermarkSize;
+	ULONG32      LastPolledSize;
+} HEAP_COUNTERS, *PHEAP_COUNTERS;
+typedef struct _HEAP_TUNING_PARAMETERS
+{
+	ULONG32      CommittThresholdShift;
+	ULONG32      MaxPreCommittThreshold;
+} HEAP_TUNING_PARAMETERS, *PHEAP_TUNING_PARAMETERS;
+typedef struct _HEAP_SEGMENT
+{
+	struct _HEAP_ENTRY Entry;
+	ULONG32      SegmentSignature;
+	ULONG32      SegmentFlags;
+	struct _LIST_ENTRY SegmentListEntry;
+	struct _HEAP* Heap;
+	VOID*        BaseAddress;
+	ULONG32      NumberOfPages;
+	struct _HEAP_ENTRY* FirstEntry;
+	struct _HEAP_ENTRY* LastValidEntry;
+	ULONG32      NumberOfUnCommittedPages;
+	ULONG32      NumberOfUnCommittedRanges;
+	UINT16       SegmentAllocatorBackTraceIndex;
+	UINT16       Reserved;
+	struct _LIST_ENTRY UCRSegmentList;
+} HEAP_SEGMENT, *PHEAP_SEGMENT;
+typedef struct _HEAP
+{
+	struct _HEAP_SEGMENT Segment;
+	ULONG32      Flags;
+	ULONG32      ForceFlags;
+	ULONG32      CompatibilityFlags;
+	ULONG32      EncodeFlagMask;
+	struct _HEAP_ENTRY Encoding;
+	ULONG32      PointerKey;
+	ULONG32      Interceptor;
+	ULONG32      VirtualMemoryThreshold;
+	ULONG32      Signature;
+	ULONG32      SegmentReserve;
+	ULONG32      SegmentCommit;
+	ULONG32      DeCommitFreeBlockThreshold;
+	ULONG32      DeCommitTotalFreeThreshold;
+	ULONG32      TotalFreeSize;
+	ULONG32      MaximumAllocationSize;
+	UINT16       ProcessHeapsListIndex;
+	UINT16       HeaderValidateLength;
+	VOID*        HeaderValidateCopy;
+	UINT16       NextAvailableTagIndex;
+	UINT16       MaximumTagIndex;
+	struct _HEAP_TAG_ENTRY* TagEntries;
+	struct _LIST_ENTRY UCRList;
+	ULONG32      AlignRound;
+	ULONG32      AlignMask;
+	struct _LIST_ENTRY VirtualAllocdBlocks;
+	struct _LIST_ENTRY SegmentList;
+	UINT16       AllocatorBackTraceIndex;
+	UINT8        _PADDING0_[0x2];
+	ULONG32      NonDedicatedListLength;
+	VOID*        BlocksIndex;
+	VOID*        UCRIndex;
+	struct _HEAP_PSEUDO_TAG_ENTRY* PseudoTagEntries;
+	struct _LIST_ENTRY FreeLists;
+	struct _HEAP_LOCK* LockVariable;
+	VOID* CommitRoutine;
+	VOID*        FrontEndHeap;
+	UINT16       FrontHeapLockCount;
+	UINT8        FrontEndHeapType;
+	UINT8        _PADDING1_[0x1];
+	struct _HEAP_COUNTERS Counters;
+	struct _HEAP_TUNING_PARAMETERS TuningParameters;
+} HEAP, *PHEAP;
+typedef struct _HEAP_ENTRY_EXTRA
+{
+	union
+	{
+		struct
+		{
+			UINT16       AllocatorBackTraceIndex;
+			UINT16       TagIndex;
+			ULONG32      Settable;
+		};
+		UINT64       ZeroInit;
+	};
+} HEAP_ENTRY_EXTRA, *PHEAP_ENTRY_EXTRA;
+typedef struct _HEAP_FREE_ENTRY
+{
+	struct _HEAP_ENTRY Entry;
+	struct _LIST_ENTRY FreeList;
+} HEAP_FREE_ENTRY, *PHEAP_FREE_ENTRY;
+typedef struct _HEAP_LIST_LOOKUP
+{
+	struct _HEAP_LIST_LOOKUP* ExtendedLookup;
+	ULONG32      ArraySize;
+	ULONG32      ExtraItem;
+	ULONG32      ItemCount;
+	ULONG32      OutOfRangeItems;
+	ULONG32      BaseIndex;
+	struct _LIST_ENTRY* ListHead;
+	ULONG32*     ListsInUseUlong;
+	struct _LIST_ENTRY** ListHints;
+} HEAP_LIST_LOOKUP, *PHEAP_LIST_LOOKUP;
+typedef struct _HEAP_LOOKASIDE
+{
+	struct _SLIST_HEADER ListHead;
+	UINT16       Depth;
+	UINT16       MaximumDepth;
+	ULONG32      TotalAllocates;
+	ULONG32      AllocateMisses;
+	ULONG32      TotalFrees;
+	ULONG32      FreeMisses;
+	ULONG32      LastTotalAllocates;
+	ULONG32      LastAllocateMisses;
+	ULONG32      Counters[2];
+	UINT8        _PADDING0_[0x4];
+} HEAP_LOOKASIDE, *PHEAP_LOOKASIDE;
+typedef struct _INTERLOCK_SEQ
+{
+	union
+	{
+		struct
+		{
+			UINT16       Depth;
+			UINT16       FreeEntryOffset;
+			UINT8        _PADDING0_[0x4];
+		};
+		struct
+		{
+			ULONG32      OffsetAndDepth;
+			ULONG32      Sequence;
+		};
+		INT64        Exchg;
+	};
+}INTERLOCK_SEQ, *PINTERLOCK_SEQ;
+typedef struct _HEAP_TAG_ENTRY
+{
+	ULONG32      Allocs;
+	ULONG32      Frees;
+	ULONG32      Size;
+	UINT16       TagIndex;
+	UINT16       CreatorBackTraceIndex;
+	WCHAR        TagName[24];
+} HEAP_TAG_ENTRY, *PHEAP_TAG_ENTRY;
+typedef struct _HEAP_UCR_DESCRIPTOR
+{
+	struct _LIST_ENTRY ListEntry;
+	struct _LIST_ENTRY SegmentEntry;
+	VOID*        Address;
+	ULONG32      Size;
+} HEAP_UCR_DESCRIPTOR, *PHEAP_UCR_DESCRIPTOR;
+typedef struct _HEAP_USERDATA_HEADER
+{
+	union
+	{
+		struct _SINGLE_LIST_ENTRY SFreeListEntry;
+		struct _HEAP_SUBSEGMENT* SubSegment;
+	};
+	VOID*        Reserved;
+	ULONG32      SizeIndex;
+	ULONG32      Signature;
+} HEAP_USERDATA_HEADER, *PHEAP_USERDATA_HEADER;
+typedef struct _HEAP_VIRTUAL_ALLOC_ENTRY
+{
+	struct _LIST_ENTRY Entry;
+	struct _HEAP_ENTRY_EXTRA ExtraStuff;
+	ULONG32      CommitSize;
+	ULONG32      ReserveSize;
+	struct _HEAP_ENTRY BusyBlock;
+} HEAP_VIRTUAL_ALLOC_ENTRY, *PHEAP_VIRTUAL_ALLOC_ENTRY;
+struct _USER_MEMORY_CACHE_ENTRY {
+	ULONG32 Foo[4];
+};
+struct _HEAP_BUCKET {
+	ULONG32 Foo;
+};
+struct _HEAP_BUCKET_COUNTERS {
+	ULONG32 Foo[2];
+};
+typedef struct _HEAP_LOCAL_SEGMENT_INFO
+{
+	struct _HEAP_SUBSEGMENT* Hint;
+	struct _HEAP_SUBSEGMENT* ActiveSubsegment;
+	struct _HEAP_SUBSEGMENT* CachedItems[16];
+	struct _SLIST_HEADER SListHeader;
+	struct _HEAP_BUCKET_COUNTERS Counters;
+	struct _HEAP_LOCAL_DATA* LocalData;
+	ULONG32 LastOpSequence;
+	UINT16 BucketIndex;
+	UINT16 LastUsed;
+	ULONG32 Pad;
+} HEAP_LOCAL_SEGMENT_INFO, *PHEAP_LOCAL_SEGMENT_INFO;
+typedef struct _HEAP_LOCAL_DATA {
+	struct _SLIST_HEADER DeletedSubSegments;
+	struct _LFH_BLOCK_ZONE* CrtZone;
+	struct _LFH_HEAP* LowFragHeap;
+	ULONG32 Sequence;
+	struct _HEAP_LOCAL_SEGMENT_INFO SegmentInfo[128];
+} HEAP_LOCAL_DATA;
+typedef struct _HEAP_SUBSEGMENT
+{
+	struct _HEAP_LOCAL_SEGMENT_INFO* LocalInfo;
+	struct _HEAP_USERDATA_HEADER* UserBlocks;
+	struct _INTERLOCK_SEQ AggregateExchg;
+	UINT16       BlockSize;
+	UINT16       Flags;
+	UINT16       BlockCount;
+	UINT8        SizeIndex;
+	UINT8        AffinityIndex;
+	struct _SINGLE_LIST_ENTRY SFreeListEntry;
+	ULONG32      Lock;
+} HEAP_SUBSEGMENT, *PHEAP_SUBSEGMENT;
+typedef struct _LFH_HEAP
+{
+	ULONG32 Lock[6];
+	struct _LIST_ENTRY SubSegmentZones;
+	ULONG32 ZoneBlockSize;
+	VOID* Heap;
+	ULONG32 SegmentChange;
+	ULONG32 SegmentCreate;
+	ULONG32 SegmentInsertInFree;
+	ULONG32 SegmentDelete;
+	ULONG32 CacheAllocs;
+	ULONG32 CacheFrees;
+	ULONG32 SizeInCache;
+	ULONG32 RunInfo[3];
+	struct _USER_MEMORY_CACHE_ENTRY UserBlockCache[12];
+	struct _HEAP_BUCKET Buckets[128];
+	struct _HEAP_LOCAL_DATA LocalData[1];
+} LFH_HEAP;