Add dirty dirty IDA map file parsing code - soon to be integrated when I can figure out the IDebugSymbols object

git-svn-id: file:///home/svn/framework3/trunk@6016 4d416f70-5f16-0410-b530-b9f4589650da

external/source/byakugan/byakugan.def

@@ -8,6 +8,7 @@ EXPORTS
 	jutsu
 	tenketsu
 	mushishi
+	symport
 
     DebugExtensionNotify
     DebugExtensionInitialize

external/source/byakugan/exts.cpp

@@ -3,6 +3,7 @@
 #include "jutsu.h"
 #include "tenketsu.h"
 #include "mushishi.h"
+#include "symPort.h"
 
 char *registers[] = {
     "eax",
@@ -86,6 +87,25 @@ HRESULT CALLBACK mushishi(PDEBUG_CLIENT4 Client, PCSTR args) {
 	return (S_OK);
 }
 
+HRESULT CALLBACK symport(PDEBUG_CLIENT4 Client, PCSTR args) {
+    char    *command;
+    
+    INIT_API();
+
+    command = strtok((char *)args, " ");
+    if (command != NULL) {
+        if (!_stricmp(command, "test")) {
+			addMapFile("calc", "C:\\Users\\lgrenier\\calc.map");
+			//addMapFile();
+            return (S_OK);
+        }
+    }
+    dprintf("[symPort] Proper commands are: 'test'\n");
+
+    EXIT_API();
+    return (S_OK);
+}
+
 HRESULT CALLBACK jutsu(PDEBUG_CLIENT4 Client, PCSTR args) {
     char    *command, *bufName, *bufPatt, *bindPort;
 
@@ -169,7 +189,17 @@ HRESULT CALLBACK tenketsu(PDEBUG_CLIENT4 Client, PCSTR args) {
 		tenkHelp();
 		return (S_OK);
 	}
-    else if (!_stricmp(command, "listHeaps")) {
+    else if (!_stricmp(command, "validate")) {
+        heapName = strtok(NULL, " ");
+        if (heapName == NULL) {
+            dprintf("[Byakugan] Please provide a heap handle.\n");
+            return (S_OK);
+        }
+        heapHandle = (PVOID) strtoul(heapName, NULL, 16);
+		tenkValidate(heapHandle);
+		return (S_OK);
+	}
+	else if (!_stricmp(command, "listHeaps")) {
 		tenkListHeaps();
 		return (S_OK);
 	}

external/source/byakugan/jutsu.cpp

@@ -465,9 +465,7 @@ ULONG64 searchMemory(unsigned char * byteBuffer, unsigned long length){
 #endif
 			return (0);
 	}
-	if (!(addressHit >= disassemblyBuffer && addressHit <= (disassemblyBuffer+0x1000)))
-		return (addressHit);
-	return (0);
+	return (addressHit);
 }
 
 BOOL checkExecutability(ULONG64 checkAddress){

external/source/byakugan/setup.bat

@@ -13,3 +13,4 @@ build -cZMg
  cd ..
 
 copy /Y i386\byakugan.dll C:\windbg\
+copy /Y injectsu\i386\injectsu.dll C:\windbg\

external/source/byakugan/sources

@@ -32,4 +32,5 @@ SOURCES= byakugan.cpp       \
 		 heapModeler.cpp	\
          byakugan.rc		\
 		 mushishi.cpp		\
+		 symPort.cpp		\
 		 stdwindbg.cpp

external/source/byakugan/tenketsu.cpp

@@ -298,6 +298,7 @@ void tenkHelp() {
 	dprintf("\t<no command>\t- Load tenketsu heap visualization libraries and hooks\n");
 	dprintf("\tlistHeaps\t- List all currently tracked heaps and their information\n");
 	dprintf("\tlistChunks <heap base>\t- List all chunks associated with a givend heap\n");
+	dprintf("\tvalidate <heap base> - check the chunk chain and find corrupted chunk headers\n");
 }
 
 void tenkListHeaps() {
@@ -316,6 +317,65 @@ void tenkListHeaps() {
 	}
 }
 
+void tenkValidate(PVOID heapHandle) {
+	struct HPool            *heap;
+    struct DestroyStruct    dStruct;
+    struct HeapChunk        *curChunk;
+	ULONG					chunkPtr;
+    ULONG                   i, nextIndex;
+	BOOL					screwed = FALSE;
+
+	heap = getHeap(&heapModel, heapHandle);
+
+	i = heap->inUseHead;
+	while (i != NULLNODE) {
+		if (CHUNK(i).free) {
+			// CHUNK(i).nextInUse must be equal to the next ptr
+			if(!ReadMemory((ULONG64)(CHUNK(i).addr)+4, (PVOID) &chunkPtr, 4, NULL)) {
+				dprintf("[T] Unable to read memory at address 0x%08x\n!");
+				return;
+			}
+
+			// Find next free chunk - continue if there are no more
+			nextIndex = CHUNK(i).nextInUse;
+			while (nextIndex != NULLNODE && !(CHUNK(nextIndex).free))
+				nextIndex = CHUNK(nextIndex).nextInUse;
+			if (nextIndex == NULLNODE) {
+				i = CHUNK(i).nextInUse;
+				continue;
+			}
+
+			// Validate next free chunk
+			if (CHUNK(nextIndex).addr != (PVOID) chunkPtr) {
+				dprintf("[T] Corruped next pointer for chunk at 0x%08x\n", CHUNK(i).addr);
+				dprintf(">\tGot: 0x%08x\tExpected: 0x%08x\n", chunkPtr, CHUNK(nextIndex).addr);
+				screwed = TRUE;
+			}
+			
+			// next free chunk prev, must equal CHUNK(i).addr
+			if(!ReadMemory((ULONG64)CHUNK(nextIndex).addr, (PVOID) &chunkPtr, 4, NULL)) {
+                dprintf("[T] Unable to read memory at address 0x%08x\n!");
+                return; 
+            }
+			if ((PVOID) chunkPtr != CHUNK(i).addr) {
+                dprintf("[T] Corruped prev pointer for chunk at 0x%08x\n", CHUNK(nextIndex).addr);
+                dprintf(">\tGot: 0x%08x\tExpected: 0x%08x\n", chunkPtr, CHUNK(i).addr);
+				screwed = TRUE;
+			}
+		
+		
+		} else {
+		}
+		i = CHUNK(i).nextInUse;
+	}
+	
+	dprintf("[T] Validation complete: ");
+	if (!screwed)
+		dprintf("all known free chunks are correct\n");
+	else
+		dprintf("errors found\n");
+}
+
 void tenkListChunks(PVOID heapHandle) {
 	struct HPool			*heap;
 	struct DestroyStruct	dStruct;

external/source/byakugan/tenketsu.h

@@ -24,6 +24,7 @@ int hookRtlHeap(void);
 int tenkListener(void);
 void tenkListHeaps(void);
 void tenkListChunks(PVOID);
+void tenkValidate(PVOID);
 void tenkHelp(void);
 DWORD WINAPI tenkBackChannel(LPVOID);
 HRESULT CALLBACK showHeap(void);