生成frida代码、X64dbg断点虚表

5ab473bd · pc-ls · ninecents · 31da7dcf · 5ab473bd · 5ab473bd
4 changed file
--- a/src/i18n/locales/en/allMy.i18n.json5
+++ b/src/i18n/locales/en/allMy.i18n.json5
 {
    "convert": "Convert",
+    "stringEscape": "stringEscape",
+    "codeGenFrida": "codeGenFrida",
+    "codeGenX64dbgIdaVtable": "X64dbgIdaVtable",
 }
--- a/src/i18n/locales/zh_CN/allMy.i18n.json5
+++ b/src/i18n/locales/zh_CN/allMy.i18n.json5
 {
    "convert": "转换",
+    "stringEscape": "字符串转义",
+    "codeGenFrida": "生成frida代码",
+    "codeGenX64dbgIdaVtable": "X64dbg断点虚表",
 }
--- a/src/views/tool/text.vue
+++ b/src/views/tool/text.vue
@@ -103,6 +103,12 @@
                    </DropdownMenu>
                </Dropdown>
            </FormItem>
+            <FormItem>
+                <Button :size="buttonSize" type="primary" @click="handleStringEscape()">
+                    {{ $t('stringEscape') }}
+                    <!-- <Icon type="ios-arrow-down"></Icon> -->
+                </Button>
+            </FormItem>
        </option-block>
        <Modal v-model="statShow" :styles="{top: '20px'}" width="700" footer-hide>
            <Tabs value="stat">
@@ -202,6 +208,10 @@ export default {
                this.handle('replace', this.replace.search.split(/\r?\n/), this.replace.replace.split(/\r?\n/))
            }
            this.replace.show = false
+        },
+        handleStringEscape() {
+            console.log(this.current.content);
+            this.current.content = this.current.content.replace(/\\/g, `\\\\`);
        }
    },
    data() {

--- a/src/views/yeahmao/code_gen/codeGenJson.vue
+++ b/src/views/yeahmao/code_gen/codeGenJson.vue
@@ -6,6 +6,8 @@
                <ButtonGroup>
                    <Button type="primary" @click="codeGenJson()">{{ $t('allMy_convert') }}</Button>
                    <Button type="primary" @click="winError()"> winerror.h </Button>
+                    <Button type="primary" @click="codeGenFrida()">{{ $t('allMy_codeGenFrida') }}</Button>
+                    <Button type="primary" @click="codeGenX64dbgIdaVtable()">{{ $t('allMy_codeGenX64dbgIdaVtable') }}</Button>
                    <!-- <Button type="primary" @click="handle('str')">Hex -> String</Button> -->
                </ButtonGroup>
            </FormItem>
@@ -109,10 +111,82 @@ export default {
          this.current.output = JSON.stringify(objJson);
          console.log(Object.keys(objJson).length);
        },
+        codeGenFrida_item(func, params) {
+          var js = `/*\n` + this.current.input.replace('\n\n', '\n') + `\n*/
+Interceptor.attach(Module.getExportByName('ntdll.dll', '`+ func + `'), {
+  onEnter(args) {
+`
+    // var lpExistingFileName = args[0];
+    // var lpNewFileName = args[1];
+    var lst_params = [];
+    params.map( (val, index) => {
+      var pType = val[1];
+      var pName = val[2];
+      js += `    var ` + pName + ` = args[` + index + `];\n`
+      lst_params.push(pName);
+    });
+    // console.log(lpExistingFileName, lpNewFileName, bFailIfExists)
+    js += `    console.log('>>> ` + func + ' >>> ' + lst_params.join(' ') + ` = ', ` + lst_params.toString() +`);`
+          js += `
+  },
+  onLeave(retval) {
+    console.log('>>> ` + func + ` >>> retval = ', retval);
+  }
+});
+`
+          return js;
+        },
+        codeGenFrida() {
+          /*
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtGetContextThread(
+	_In_ HANDLE ThreadHandle,
+	_Inout_ PCONTEXT ThreadContext
+	);
+          */
+          var r = /\n(.*)\(([\s\S]*)\);/mg;
+          var input = this.current.input;
+          var a = r.exec(input);
+          if (a) {
+            var func = a[1];
+            var params = a[2];
+            params = params.split(',').map(v=>{return v.trim().split(' ')})
+            console.log(func, params);
+            this.current.output = this.codeGenFrida_item(func, params);
+          }
+        },
        resize(height) {
            this.inputHeight = Math.min(320, Math.ceil(height / 2))
            this.outputHeight = height - this.inputHeight
            // this.outputHeight = 180
+        },
+        // .rdata:007FB580                 dd offset sub_4D8780
+        // .rdata:007FB584                 dd offset sub_4D8E20
+        //        ==> 
+        // SetBPX leigod.exe:$0xD8780;SetBPX leigod.exe:$0xD8E20;
+        codeGenX64dbgIdaVtable() {
+          var r = /dd offset sub_(\S{6})/mg;
+          var input = this.current.input;
+          var a = r.exec(input);
+          // if (a) {
+          //   var addr = a[1];
+          //   var addr_int = parseInt(addr, 16);
+          //   var addr_v = '0x' + Number(addr_int-0x400000).toString(16);
+          //   console.log(addr, addr_int, addr_v);
+          // }
+          var out = '';
+          while ((a = r.exec(this.current.input))) {  //循环执行匹配操作
+            var addr = a[1];
+            var addr_int = parseInt(addr, 16);
+            var addr_v = '0x' + Number(addr_int-0x400000).toString(16);
+            out += 'SetBPX leigod.exe:$' + addr_v + ';   '
+          }
+          this.current.output = out;
        }
    },
 }