From fc1c61f5af4e34ed1a813cfdcbe4b9f1b585763c Mon Sep 17 00:00:00 2001 From: notaz Date: Mon, 10 Mar 2014 01:55:46 +0200 Subject: [PATCH] plugin: detect lea offsets --- plugin/Makefile | 2 +- plugin/saveasm.cpp | 29 ++++++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/plugin/Makefile b/plugin/Makefile index aa48e8c..fc6a947 100644 --- a/plugin/Makefile +++ b/plugin/Makefile @@ -1,4 +1,4 @@ -CROSS_COMPILE ?= i586-mingw32msvc- +CROSS_COMPILE = i586-mingw32msvc- CC = $(CROSS_COMPILE)gcc CXX = $(CROSS_COMPILE)g++ IDASDK = $(wildcard idasdk*) diff --git a/plugin/saveasm.cpp b/plugin/saveasm.cpp index 5f704ef..0732e09 100644 --- a/plugin/saveasm.cpp +++ b/plugin/saveasm.cpp @@ -1,3 +1,11 @@ +/* + * ia32rtools + * (C) notaz, 2013,2014 + * + * This work is licensed under the terms of 3-clause BSD license. + * See COPYING file in the top-level directory. + */ + #define NO_OBSOLETE_FUNCS #include #include @@ -8,6 +16,7 @@ #include #include #include +#include #include #include @@ -248,8 +257,8 @@ static void idaapi run(int /*arg*/) } } } - // detect code alignment else if (cmd.itype == NN_lea) { + // detect code alignment if (cmd.Operands[0].reg == cmd.Operands[1].reg && cmd.Operands[1].type == o_displ && cmd.Operands[1].addr == 0) @@ -264,6 +273,24 @@ static void idaapi run(int /*arg*/) doAlign(ea, tmp_ea - ea, n); } } + else if (!isDefArg1(ea_flags) + && cmd.Operands[1].type == o_mem // why o_mem? + && cmd.Operands[1].dtyp == dt_dword) + { + if (inf.minEA <= cmd.Operands[1].addr + && cmd.Operands[1].addr < inf.maxEA) + { + // lea to segments, like ds:58D6A8h[edx*8] + msg("%x: lea offset to %x\n", ea, cmd.Operands[1].addr); + op_offset(ea, 1, REF_OFF32); + } + else + { + // ds:0[eax*8] -> [eax*8+0] + msg("%x: dropping ds: for %x\n", ea, cmd.Operands[1].addr); + op_hex(ea, 1); + } + } } // find non-local branches -- 2.39.2