Closed GoogleCodeExporter closed 8 years ago
Ok, slightly newer version, this time hopefully with a working dt command. I
haven't managed to test the list traversal, and run through the remaining code
to make sure it meets the style guidelines, but definitely getting closer. I
also found a couple of issues which present themselves during the use of dt,
but I've fixed them in r570.
Original comment by mike.auty@gmail.com
on 22 Dec 2010 at 2:26
Attachments:
Ok, well, since no complaints, I've committed this to contrib in r588. I'll
leave this open for bugs/issues, please test it and let me know if there's any
problems.
Original comment by mike.auty@gmail.com
on 12 Jan 2011 at 2:26
No problems so far - working very nicely, but I've only been using cc, db, and
dd. At some point we should update the distorm dependency to distorm3
(http://code.google.com/p/distorm/). I can make this change though, because I
just converted all the malware plugins from using pydasm to distorm3, so it
should be a quick copy and paste job.
Original comment by michael.hale@gmail.com
on 13 Jan 2011 at 5:51
Just jotting down some notes here to myself so I don't forget. db outputs
addresses in caps but dd uses lowercase. We should keep them consistent:
>>> dd(0x00bde820)
00bde820 00bde778 00bde8ac 004644d0 0000018d
00bde830 00000000 00000003 000002c8 0045b230
00bde840 00000020 00000004 000001c5 00000000
00bde850 00000000 00000000 00000000 00000002
00bde860 00000001 00000000 00467158 00000000
00bde870 00000000 0045b100 00000000 00000003
00bde880 00bde8c8 00000000 00000000 00000000
00bde890 0000009a 0045bd58 0045bd58 00000004
>>> db(0x00bde820)
00BDE820 78 E7 BD 00 AC E8 BD 00 D0 44 46 00 8D 01 00 00 x........DF.....
00BDE830 00 00 00 00 03 00 00 00 C8 02 00 00 30 B2 45 00 ............0.E.
00BDE840 20 00 00 00 04 00 00 00 C5 01 00 00 00 00 00 00 ...............
00BDE850 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 ................
00BDE860 01 00 00 00 00 00 00 00 58 71 46 00 00 00 00 00 ........XqF.....
00BDE870 00 00 00 00 00 B1 45 00 00 00 00 00 03 00 00 00 ......E.........
00BDE880 C8 E8 BD 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00BDE890 9A 00 00 00 58 BD 45 00 58 BD 45 00 04 00 00 00 ....X.E.X.E.....
Original comment by michael.hale@gmail.com
on 13 Jan 2011 at 9:35
Ok, I've converted them to lowercase, and also converted the remaining %
formatting into .format() formatting. All checked in in commit r589. 5:)
Original comment by mike.auty@gmail.com
on 14 Jan 2011 at 12:52
What's up. Thanks for those changes. I attached a modified copy of r589 with
the following mods:
Fixed a bug in dt() when an address is supplied (obj vs objct).
Updated disasm engine from distorm to distorm3.
Fixed a bug in dis() where it said processs instead of process.
I'd commit myself but there are a few other files I've modified for VAD stuff
and I don't want to commit those just yet. Is there an easy way to commit
certain files and not others (like exclude some by name)? I couldn't find a way
that doesn't involve a ridiculous command involving grep, egrep, xargs, and
awk...
Original comment by michael.hale@gmail.com
on 14 Jan 2011 at 4:28
Attachments:
Thanks, I've committed the patch. 5:)
Subversion doesn't have a staging area unfortunately, so it's either all the
changes you make or none of them. One method would be to get subversion to
produce a patch, then modify it until it just contains the changes you want,
then apply it to another subversion check out, but that's a bit cumbersome.
I tend to use git to handle my subversion check out (git svn clone, edit, git
commit, git svn dcommit, remote changes, git svn rebase), and that luckily
comes with a staging area so you can specify what you do and don't want to
commit (and you can stash temporary changes relatively easily). I imagine
mercurial has similar facilities, so one of those might make handling commits
easier. 5:)
Original comment by mike.auty@gmail.com
on 14 Jan 2011 at 12:31
Ok, so after some much appreciated testing from MHL, this version seems ok, so
I'm going to close this issue. If there's any additional features required for
volshell, please open separate bugs for them...
Original comment by mike.auty@gmail.com
on 14 Jan 2011 at 10:34
Original issue reported on code.google.com by
mike.auty@gmail.com
on 3 Dec 2010 at 4:22Attachments: