added bookmarks

added comments
fixed a bug which lead to a lost commandline when restarting as admin

qtNanomite/clsDebugger/clsDebugger.cpp

@@ -1078,25 +1078,37 @@ HANDLE clsDebugger::GetProcessHandleByPID(DWORD PID)
 
 bool clsDebugger::IsOffsetEIP(quint64 Offset)
 {
+//#ifdef _AMD64_
+//	BOOL bIsWOW64 = false;
+//	if(clsAPIImport::pIsWow64Process)
+//		clsAPIImport::pIsWow64Process(pThis->GetCurrentProcessHandle(),&bIsWOW64);
+//
+//	if(bIsWOW64)
+//	{
+//		if(pThis->wowProcessContext.Eip == Offset)
+//			return true;
+//	}
+//	else
+//	{
+//		if(pThis->ProcessContext.Rip == Offset)
+//			return true;
+//	}
+//#else
+//	if(pThis->ProcessContext.Eip == Offset)
+//		return true;
+//#endif	
+
 #ifdef _AMD64_
-	BOOL bIsWOW64 = false;
-	if(clsAPIImport::pIsWow64Process)
-		clsAPIImport::pIsWow64Process(pThis->GetCurrentProcessHandle(),&bIsWOW64);
+	if(pThis->wowProcessContext.Eip == Offset)
+		return true;
 
-	if(bIsWOW64)
-	{
-		if(pThis->wowProcessContext.Eip == Offset)
-			return true;
-	}
-	else
-	{
-		if(pThis->ProcessContext.Rip == Offset)
-			return true;
-	}
+	if(pThis->ProcessContext.Rip == Offset)
+		return true;
 #else
 	if(pThis->ProcessContext.Eip == Offset)
 		return true;
-#endif	
+#endif
+
 	return false;
 }
 

qtNanomite/main.cpp

@@ -80,7 +80,7 @@ int main(int argc, char *argv[])
 			TCHAR fileName[MAX_PATH];
 			if(GetModuleFileNameW(NULL,fileName, MAX_PATH) > 0)
 			{
-				if((int)ShellExecute(NULL,L"runas", fileName, NULL, NULL, SW_SHOW) > 32)
+				if((int)ShellExecute(NULL,L"runas", fileName, GetCommandLineW(), NULL, SW_SHOW) > 32)
 				{
 					TerminateProcess(GetCurrentProcess(),0);
 				}

qtNanomite/qtDLGBookmark.cpp

@@ -0,0 +1,199 @@
+/*
+ * 	This file is part of Nanomite.
+ *
+ *    Nanomite is free software: you can redistribute it and/or modify
+ *    it under the terms of the GNU General Public License as published by
+ *    the Free Software Foundation, either version 3 of the License, or
+ *    (at your option) any later version.
+ *
+ *    Nanomite is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU General Public License for more details.
+ *
+ *    You should have received a copy of the GNU General Public License
+ *    along with Nanomite.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#include "qtDLGBookmark.h"
+#include "qtDLGNanomite.h"
+
+#include "clsMemManager.h"
+#include "clsHelperClass.h"
+
+#include <QShortcut>
+
+qtDLGBookmark *qtDLGBookmark::pThis = NULL;
+
+qtDLGBookmark::qtDLGBookmark(QWidget *parent, Qt::WFlags flags) :
+	QWidget(parent, flags)
+{
+	pThis = this;
+
+	setupUi(this);
+	setLayout(verticalLayout);
+
+	// Init List
+	tblBookmark->horizontalHeader()->resizeSection(0,150);
+	tblBookmark->horizontalHeader()->resizeSection(1,125);
+	tblBookmark->horizontalHeader()->setFixedHeight(21);
+
+	connect(new QShortcut(QKeySequence("F5"), this), SIGNAL(activated()), this, SLOT(UpdateDisplay()));
+	connect(new QShortcut(QKeySequence(QKeySequence::Delete), this), SIGNAL(activated()), this, SLOT(RemoveSelectedBookmark()));
+	connect(tblBookmark,SIGNAL(itemDoubleClicked(QTableWidgetItem *)),this,SLOT(SendToDisassembler(QTableWidgetItem *)));
+	connect(tblBookmark,SIGNAL(cellChanged(int,int)),this,SLOT(CellDataChanged(int,int)));
+}
+
+qtDLGBookmark::~qtDLGBookmark()
+{
+	pThis = NULL;
+}
+
+void qtDLGBookmark::UpdateDisplay()
+{
+	tblBookmark->blockSignals(true);
+
+	tblBookmark->setRowCount(0);
+
+	for(int i = 0; i < m_bookmarkData.size(); i++)
+	{
+		tblBookmark->insertRow(i);
+
+		tblBookmark->setItem(i, 0, new QTableWidgetItem(m_bookmarkData.at(i).bookmarkModule));
+		tblBookmark->setItem(i, 1, new QTableWidgetItem(QString("%1").arg(m_bookmarkData.at(i).bookmarkOffset, 16, 16, QChar('0'))));
+		tblBookmark->setItem(i, 2, new QTableWidgetItem(m_bookmarkData.at(i).bookmarkComment));
+	}
+
+	tblBookmark->blockSignals(false);
+}
+
+void qtDLGBookmark::RemoveSelectedBookmark()
+{
+	if(tblBookmark->selectedItems().count() <= 0) return;
+
+	BookmarkRemove(tblBookmark->item(tblBookmark->selectedItems()[0]->row(), 1)->text().toULongLong(0,16));
+}
+
+void qtDLGBookmark::UpdateBookmarks(QString fileName, int processID)
+{
+	for(int i = 0; i < m_bookmarkData.size(); i++)
+	{
+		if(fileName.contains(m_bookmarkData.at(i).bookmarkModule))
+		{
+			m_bookmarkData[i].bookmarkPID = processID;
+			break;
+		}
+	}
+}
+
+void qtDLGBookmark::BookmarkClear()
+{
+	if(pThis == NULL) return;
+
+	pThis->m_bookmarkData.clear();
+	pThis->UpdateDisplay();
+}
+
+void qtDLGBookmark::SendToDisassembler(QTableWidgetItem *pItem)
+{
+	emit ShowInDisassembler(tblBookmark->item(pItem->row(), 1)->text().toULongLong(0, 16));
+}
+
+void qtDLGBookmark::CellDataChanged(int row, int column)
+{
+	if(column != 2)
+	{
+		UpdateDisplay();
+		return;
+	}
+
+	QString changedModule = tblBookmark->item(row, 0)->text();
+	quint64 changedOffset = tblBookmark->item(row, 1)->text().toULongLong(0, 16);
+
+	for(int i = 0; i < m_bookmarkData.size(); i++)
+	{
+		if(m_bookmarkData.at(i).bookmarkOffset == changedOffset && m_bookmarkData.at(i).bookmarkModule.contains(changedModule))
+		{
+			m_bookmarkData[i].bookmarkComment = tblBookmark->item(row, 2)->text();
+
+			CleanIfOffsetLoaded(changedOffset);
+
+			break;
+		}
+	}
+}
+
+void qtDLGBookmark::CleanIfOffsetLoaded(quint64 bookmarkOffset)
+{
+	if(qtDLGNanomite::GetInstance()->coreDisAs->SectionDisAs.contains(QString("%1").arg(bookmarkOffset, 16, 16, QChar('0')).toUpper()))
+	{
+		qtDLGNanomite::GetInstance()->coreDisAs->SectionDisAs.clear();
+		emit pThis->ShowInDisassembler(bookmarkOffset);
+	}
+}
+
+bool qtDLGBookmark::BookmarkAdd(int processID, quint64 bookmarkOffset, QString bookmarkComment)
+{
+	if(pThis == NULL) return false;
+
+	QList<BookmarkData> *pBookmarkList = &pThis->m_bookmarkData;
+
+	for(int i = 0; i < pBookmarkList->size(); i++)
+	{
+		if(pBookmarkList->at(i).bookmarkOffset == bookmarkOffset && pBookmarkList->at(i).bookmarkPID == processID)
+			return false;
+	}
+
+	BookmarkData newBookmark;
+	newBookmark.bookmarkComment = bookmarkComment;
+	newBookmark.bookmarkOffset = bookmarkOffset;
+	newBookmark.bookmarkPID = processID;
+
+	TCHAR moduleName[MAX_PATH * sizeof(TCHAR)];
+	clsHelperClass::CalcOffsetForModule(moduleName, bookmarkOffset, processID);
+
+	newBookmark.bookmarkModule = QString::fromWCharArray(moduleName); 
+
+	pBookmarkList->append(newBookmark);
+	pThis->UpdateDisplay();
+	pThis->CleanIfOffsetLoaded(bookmarkOffset);
+
+	return true;
+}
+
+bool qtDLGBookmark::BookmarkRemove(quint64 bookmarkOffset)
+{
+	if(pThis == NULL) return false;
+
+	QList<BookmarkData> *pBookmarkList = &pThis->m_bookmarkData;
+
+	for(int i = 0; i < pBookmarkList->size(); i++)
+	{
+		if(pBookmarkList->at(i).bookmarkOffset == bookmarkOffset)
+		{
+			pBookmarkList->removeAt(i);
+
+			pThis->UpdateDisplay();
+			pThis->CleanIfOffsetLoaded(bookmarkOffset);
+			return true;
+		}
+	}
+
+	return false;
+}
+
+QString qtDLGBookmark::BookmarkGetComment(int processID, quint64 bookmarkOffset)
+{
+	if(pThis == NULL) return false;
+
+	QList<BookmarkData> *pBookmarkList = &pThis->m_bookmarkData;
+
+	for(int i = 0; i < pBookmarkList->size(); i++)
+	{
+		if(pBookmarkList->at(i).bookmarkOffset == bookmarkOffset && pBookmarkList->at(i).bookmarkPID == processID)
+		{
+			return pBookmarkList->at(i).bookmarkComment;
+		}
+	}
+
+	return QString("");
+}

qtNanomite/qtDLGBookmark.h

@@ -0,0 +1,67 @@
+/*
+ * 	This file is part of Nanomite.
+ *
+ *    Nanomite is free software: you can redistribute it and/or modify
+ *    it under the terms of the GNU General Public License as published by
+ *    the Free Software Foundation, either version 3 of the License, or
+ *    (at your option) any later version.
+ *
+ *    Nanomite is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU General Public License for more details.
+ *
+ *    You should have received a copy of the GNU General Public License
+ *    along with Nanomite.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef QTDLGBOOKMARK_H
+#define QTDLGBOOKMARK_H
+
+#include "ui_qtDLGBookmark.h"
+
+#include <QList>
+
+struct BookmarkData
+{
+	int		bookmarkPID;
+	quint64 bookmarkOffset;
+	QString	bookmarkComment;
+	QString bookmarkModule;
+};
+
+class qtDLGBookmark : public QWidget, public Ui_qtDLGBookmarkClass
+{
+	Q_OBJECT
+
+public:
+	qtDLGBookmark(QWidget *parent = 0, Qt::WFlags flags = 0);
+	~qtDLGBookmark();
+
+	static bool BookmarkAdd(int processID, quint64 bookmarkOffset, QString bookmarkComment = "");
+	static bool BookmarkRemove(quint64 bookmarkOffset);
+
+	static QString BookmarkGetComment(int processID, quint64 bookmarkOffset);
+
+	static void BookmarkClear();
+
+signals:
+	void ShowInDisassembler(quint64 bookmarkOffset);
+
+public slots:
+	void UpdateBookmarks(QString fileName, int processID);
+
+private:
+	static qtDLGBookmark *pThis;
+
+	QList<BookmarkData> m_bookmarkData;
+
+	void CleanIfOffsetLoaded(quint64 bookmarkOffset);
+
+private slots:
+	void CellDataChanged(int,int);
+	void SendToDisassembler(QTableWidgetItem *);
+	void RemoveSelectedBookmark();
+	void UpdateDisplay();
+};
+
+#endif