Changes to module analysis

- Used current selected disasm line for module analysis instead of cip
- Modified some typing in plugin entries
- Some code refactoring
- Modified command "xanal/xanalremove exe" to "xanal/xanalremove module"
- Closes #31

xAnalyzer/plugin.cpp

@@ -136,7 +136,7 @@ PLUG_EXPORT void CBMENUENTRY(CBTYPE cbType, PLUG_CB_MENUENTRY* info)
 		// COMMANDS MENUS
 		// ------------------------------------------------------------------------
 		case MENU_ANALYZE_DISASM:
-			DbgCmdExec("xanal exe");
+			DbgCmdExec("xanal module");
 			break;
 		case MENU_ANALYZE_DISASM_FUNCT:
 			DbgCmdExec("xanal function");
@@ -151,7 +151,7 @@ PLUG_EXPORT void CBMENUENTRY(CBTYPE cbType, PLUG_CB_MENUENTRY* info)
 			DbgCmdExec("xanalremove function");
 			break;
 		case MENU_REM_ANALYSIS_DISASM:
-			DbgCmdExec("xanalremove exe");
+			DbgCmdExec("xanalremove module");
 			break;
 		default:
 			break;
@@ -255,13 +255,13 @@ void pluginSetup()
 
 	// disasm window menu
 	_plugin_menuseticon(hMenuDisasm, &menu_icon);
-	_plugin_menuaddentry(hMenuDisasm, MENU_ANALYZE_DISASM_SELEC, "&Analyze Selection");
-	_plugin_menuaddentry(hMenuDisasm, MENU_ANALYZE_DISASM_FUNCT, "&Analyze Function");
-	_plugin_menuaddentry(hMenuDisasm, MENU_ANALYZE_DISASM, "&Analyze Executable");
+	_plugin_menuaddentry(hMenuDisasm, MENU_ANALYZE_DISASM_SELEC, "&Analyze selection");
+	_plugin_menuaddentry(hMenuDisasm, MENU_ANALYZE_DISASM_FUNCT, "&Analyze function");
+	_plugin_menuaddentry(hMenuDisasm, MENU_ANALYZE_DISASM, "&Analyze module");
 	_plugin_menuaddseparator(hMenuDisasm);
 	_plugin_menuaddentry(hMenuDisasm, MENU_REM_ANALYSIS_DISASM_SELEC, "&Remove analysis from selection");
 	_plugin_menuaddentry(hMenuDisasm, MENU_REM_ANALYSIS_DISASM_FUNCT, "&Remove analysis from function");
-	_plugin_menuaddentry(hMenuDisasm, MENU_REM_ANALYSIS_DISASM, "&Remove analysis from executable");
+	_plugin_menuaddentry(hMenuDisasm, MENU_REM_ANALYSIS_DISASM, "&Remove analysis from module");
 
 	// entries icons
 	_plugin_menuentryseticon(pluginHandle, MENU_ANALYZE_DISASM_SELEC, &anal_select_icon);

xAnalyzer/plugin.h

@@ -5,7 +5,7 @@
 //plugin data
 #define PLUGIN_NAME "xAnalyzer"
 #define PLUGIN_VERSION 2
-#define PLUGIN_VERSION_STR "2.5.1"
+#define PLUGIN_VERSION_STR "2.5.2"
 
 enum
 {

xAnalyzer/pluginmain.cpp

@@ -2,7 +2,8 @@
 #include "plugin.h"
 
 // Variables
-const char *szprojectnameInfo = "\n" PLUGIN_NAME " " PLUGIN_VERSION_STR" Plugin by ThunderCls 2018\n"
+const char *szprojectnameInfo = "\n" PLUGIN_NAME " " PLUGIN_VERSION_STR
+								" Plugin by ThunderCls 2018\n"
 								"Extended analysis for static code\n"
 								"-> For latest release, issues, etc....\n"
 								"-> For help type command \"xanal help\"\n"

xAnalyzer/xanalyzer.cpp

@@ -90,13 +90,14 @@ void OnBreakpoint(PLUG_CB_BREAKPOINT* bpInfo)
 	Module::InfoFromAddr(bpInfo->breakpoint->addr, &mi);
 	// if we hit the EP with a dbg one-shot EP BP
 	if (bpInfo->breakpoint->type == bp_normal &&
-		mi.entry == bpInfo->breakpoint->addr &&		
+		mi.entry == bpInfo->breakpoint->addr &&	
+		GetModuleEntryPoint(mi.name) == bpInfo->breakpoint->addr ||
 		strcmp(bpInfo->breakpoint->name, "entry breakpoint") == 0)
 	{
 		if (conf.auto_analysis)
 		{
 			if (!FileDbExists())
-				DbgCmdExec("xanal exe");
+				DbgCmdExec("xanal module");
 			else
 			{
 				GuiAddLogMessage("[xAnalyzer]: Analysis retrieved from data base\r\n");
@@ -139,7 +140,7 @@ bool cbExtendedAnalysis(int argc, char* argv[])
 		 return true;
 	 }
 
-	 if (strcmp(argv[1], "exe") == 0) // cmd "xanal exe"
+	 if (strcmp(argv[1], "module") == 0) // cmd "xanal module"
 	 {
 		 completeAnal = true;
 		 DoExtendedAnalysis();
@@ -183,7 +184,7 @@ bool cbExtendedAnalysisRemove(int argc, char* argv[])
 		return true;
 	}
 
-	if (strcmp(argv[1], "exe") == 0) // cmd "xanalremove exe"
+	if (strcmp(argv[1], "module") == 0) // cmd "xanalremove module"
 	{
 		completeAnal = true;
 		RemoveAnalysis();
@@ -556,10 +557,10 @@ void DbgGetEntryExitPoints(duint *lpdwEntry, duint *lpdwExit)
 
 	if (completeAnal)
 	{
-		// Analyze entire executable
+		// Analyze entire module section
 		// -----------------------------------------------------
 		Module::ModuleSectionInfo *modInfo = new Module::ModuleSectionInfo;
-		entry = GetContextData(UE_CIP);
+		entry = Disassembly::SelectionGetStart();
 		Module::NameFromAddr(entry, modname);
 
 		if (conf.extended_analysis)
@@ -635,25 +636,38 @@ void GetRegularAnalysisRange(duint *lpdwEntry, duint *lpdwExit, char *modname)
 {
 	duint baseaddress;
 	duint dwModSize;
+
+	duint ep = GetModuleEntryPoint(modname);
+	if (ep == 0)
+		return;
+
+	baseaddress = DbgMemFindBaseAddr(ep, &dwModSize);
+
+	*lpdwEntry = ep;
+	*lpdwExit = (dwModSize + baseaddress) - 0x2D;
+}
+
+// ------------------------------------------------------------------------------------
+// Gets a module EP
+// ------------------------------------------------------------------------------------
+duint GetModuleEntryPoint(char *modname)
+{
 	HMODULE base;
-	HMODULE hModule;
-	HANDLE hProcess;
-	MODULEINFO modinfo;
+	MODULEINFO modinfo = {0};
 	PROCESS_INFORMATION *pi;
 
 	// Process only STARTING in the Entrypoint to end of code section
 	char modbasename[MAX_MODULE_SIZE] = "";
 
 	base = (HMODULE)DbgModBaseFromName(modname);
 	pi = TitanGetProcessInformation();
-	hProcess = pi->hProcess;
-	GetModuleBaseName(hProcess, base, modbasename, MAX_MODULE_SIZE);
-	hModule = GetModuleHandle(modbasename);
-	GetModuleInformation(hProcess, hModule, &modinfo, sizeof(MODULEINFO));
-	baseaddress = DbgMemFindBaseAddr((duint)modinfo.EntryPoint, &dwModSize);
+	if (pi == NULL)
+		return 0;
 
-	*lpdwEntry = (duint)modinfo.EntryPoint;
-	*lpdwExit = (dwModSize + baseaddress) - 0x2D;
+	GetModuleBaseName(pi->hProcess, base, modbasename, MAX_MODULE_SIZE);
+	GetModuleInformation(pi->hProcess, GetModuleHandle(modbasename), &modinfo, sizeof(MODULEINFO));
+
+	return (duint)modinfo.EntryPoint;
 }
 
 // ------------------------------------------------------------------------------------
@@ -714,7 +728,7 @@ void GetAnalysisBoundaries()
 	char modname[MAX_MODULE_SIZE] = "";
 
 	Module::ModuleSectionInfo *modInfo = new Module::ModuleSectionInfo;
-	entry = GetContextData(UE_CIP);
+	entry = Disassembly::SelectionGetStart();
 	Module::NameFromAddr(entry, modname);
 	mEntryPoint = Module::EntryFromAddr(entry); // gets the EP
 	GetExtendedAnalysisRange(&mSectionLowerLimit, &lpdwExit, entry, modname, modInfo); // gets the first address of code section
@@ -2708,10 +2722,10 @@ void DisplayHelp()
 							 "--------------------------------\r\n"
 							 "xanal selection : Performs a selection analysis\r\n"
 							 "xanal function : Performs a function analysis\r\n"
-							 "xanal exe : Performs an entire executable analysis\r\n"
+							 "xanal module : Performs an entire module code section analysis\r\n"
 							 "xanalremove selection : Removes a previous selection analysis\r\n"
 							 "xanalremove function : Removes a previous function analysis\r\n"
-							 "xanalremove exe : Removes a previous entire executable analysis\r\n"
+							 "xanalremove module : Removes a previous module code section analysis\r\n"
 							 "xanal help : Brings up this help text\r\n\n";
 
 	GuiAddLogMessage(pluginHelp);

xAnalyzer/xanalyzer.h

@@ -69,6 +69,7 @@ void GetExtendedAnalysisRange(duint *lpdwEntry, duint *lpdwExit, duint entry, ch
 void GetRegularAnalysisRange(duint *lpdwEntry, duint *lpdwExit, char *modname);
 void GetFunctionAnalysisRange(duint *lpdwEntry, duint *lpdwExit, duint selectedAddr);
 void GetAnalysisBoundaries();
+duint GetModuleEntryPoint(char *modname);
 bool Strip_x64dbg_calls(LPSTR lpszCallText);
 void StripDbgCommentAddress(char *szComment);
 string StripFunctNameFromInst(char *instruction);