Browse Source

Move dereference to own struct

This makes it possible to chain dereferences in the future
master
phire 3 months ago
parent
commit
78902a82b8
  1. 29
      main.go
  2. 9
      rules.json

29
main.go

@ -9,13 +9,16 @@ import (
)
type Rule struct {
Pattern string
Replacement string
Dereference bool
DereferenceNBytes int `json:"dereference_nbytes"`
DereferenceOffsetAfter int `json:"dereference_offset_after"`
DereferenceType string `json:"dereference_type"`
Offset int
Pattern string
Replacement string
Dereference *Dereference
Offset int
}
type Dereference struct {
NBytes int `json:"nbytes"`
OffsetAfter int `json:"offset_after"`
Type string `json:"type"`
}
func to_int(ch byte) byte {
@ -49,20 +52,20 @@ func patchBuffer(buffer []byte, rules []Rule) error {
if k == len(rule.Pattern) {
fmt.Printf("Patching rule %d (%s) at 0x%x\n", n, rule.Pattern, i)
t := i
if rule.Dereference {
if rule.Dereference != nil {
var x int
for u := 0; u < rule.DereferenceNBytes; u++ {
for u := 0; u < rule.Dereference.NBytes; u++ {
x += int(buffer[t+u+rule.Offset]) << (8 * u)
}
if rule.DereferenceType == "rel" {
if rule.Dereference.Type == "rel" {
if x&(1<<31) != 0 {
x ^= (1 << 32) - 1
x *= -1
x -= 1
}
t += x + rule.DereferenceOffsetAfter
} else if rule.DereferenceType == "abs" {
t = x + rule.DereferenceOffsetAfter
t += x + rule.Dereference.OffsetAfter
} else if rule.Dereference.Type == "abs" {
t = x + rule.Dereference.OffsetAfter
}
}
for k = 0; k < len(rule.Replacement); k++ {

9
rules.json

@ -2,10 +2,11 @@
{
"pattern": "E8 ? ? ? ? 2A ? ? ? ? 72 31",
"offset": 1,
"dereference": true,
"dereference_nbytes": 4,
"dereference_offset_after": 5,
"dereference_type": "rel",
"dereference": {
"nbytes": 4,
"offset_after": 5,
"type": "rel"
},
"replacement": "48 C7 C0 19 01 00 00 C3"
},
{

Loading…
Cancel
Save