Skip to content

Commit 45c0d90

Browse files
committed
feat: moved VB decompiler in 'compilers' analyzer module, minor fixes
1 parent 96873f0 commit 45c0d90

14 files changed

Lines changed: 94 additions & 885 deletions

mz/CMakeLists.txt

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,9 +34,6 @@ target_sources(${PROJECT_NAME}
3434
pe/dirs/exports.c
3535
pe/dirs/imports.c
3636
pe/dirs/resources.c
37-
pe/vb/components.c
38-
pe/vb/decompiler.c
39-
pe/vb/format.c
4037
pe/classifier.c
4138
pe/format.c
4239
pe/pe.c

mz/pe/classifier.c

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,24 @@ static const char* const PE_CLASSIFY_STRING[] = {
1818
[PE_CLASS_VISUAL_STUDIO_2013] = "Visual Studio 2013",
1919
[PE_CLASS_VISUAL_STUDIO_2015] = "Visual Studio 2015",
2020
[PE_CLASS_VISUAL_STUDIO_2017] = "Visual Studio 2017",
21+
[PE_CLASS_MFC_4_X] = "Visual C++ 4.x or 6 (MFC 4.x)",
22+
[PE_CLASS_MFC_7] = "Visual C++ 2002 (MFC 7)",
23+
[PE_CLASS_MFC_7_1] = "Visual C++ 2003 (MFC 7.1)",
24+
[PE_CLASS_MFC_8] = "Visual C++ 2005 (MFC 8)",
25+
[PE_CLASS_MFC_9] = "Visual C++ 2008 (MFC 9)",
26+
[PE_CLASS_MFC_10] = "Visual C++ 2010 (MFC 10)",
27+
[PE_CLASS_MFC_11] = "Visual C++ 2012 (MFC 11)",
28+
[PE_CLASS_MFC_12] = "Visual C++ 2013 (MFC 12)",
29+
[PE_CLASS_MFC_14] = "Visual C++ >= 2015 (MFC 14)",
30+
[PE_CLASS_MFC_4_X_UNICODE] = "Visual C++ 4.x or 6 (MFC 4.x, Unicode)",
31+
[PE_CLASS_MFC_7_UNICODE] = "Visual C++ 2002 (MFC 7, Unicode)",
32+
[PE_CLASS_MFC_7_1_UNICODE] = "Visual C++ 2003 (MFC 7.1, Unicode)",
33+
[PE_CLASS_MFC_8_UNICODE] = "Visual C++ 2005 (MFC 8, Unicode)",
34+
[PE_CLASS_MFC_9_UNICODE] = "Visual C++ 2008 (MFC 9, Unicode)",
35+
[PE_CLASS_MFC_10_UNICODE] = "Visual C++ 2010 (MFC 10, Unicode)",
36+
[PE_CLASS_MFC_11_UNICODE] = "Visual C++ 2012 (MFC 11, Unicode)",
37+
[PE_CLASS_MFC_12_UNICODE] = "Visual C++ 2013 (MFC 12, Unicode)",
38+
[PE_CLASS_MFC_14_UNICODE] = "Visual C++ >= 2015 (MFC 14, Unicode)",
2139
[PE_CLASS_DOTNET_1] = ".NET 1.x",
2240
[PE_CLASS_DOTNET_2_X] = ".NET >= 2.x",
2341
[PE_CLASS_BORLAND_DELPHI] = "Borland Delphi",
@@ -54,6 +72,33 @@ static PEClassification _pe_classify_imports(const PEFormat* pe,
5472

5573
if(rd_stristr(mod, "libstdc++") == mod) return PE_CLASS_MINGW;
5674

75+
if(!rd_stricmp(mod, "mfc40.dll")) return PE_CLASS_MFC_4_X;
76+
if(!rd_stricmp(mod, "mfc40u.dll")) return PE_CLASS_MFC_4_X_UNICODE;
77+
78+
if(!rd_stricmp(mod, "mfc70.dll")) return PE_CLASS_MFC_7;
79+
if(!rd_stricmp(mod, "mfc70u.dll")) return PE_CLASS_MFC_7_UNICODE;
80+
81+
if(!rd_stricmp(mod, "mfc71.dll")) return PE_CLASS_MFC_7_1;
82+
if(!rd_stricmp(mod, "mfc71u.dll")) return PE_CLASS_MFC_7_1_UNICODE;
83+
84+
if(!rd_stricmp(mod, "mfc80.dll")) return PE_CLASS_MFC_8;
85+
if(!rd_stricmp(mod, "mfc80u.dll")) return PE_CLASS_MFC_8_UNICODE;
86+
87+
if(!rd_stricmp(mod, "mfc90.dll")) return PE_CLASS_MFC_9;
88+
if(!rd_stricmp(mod, "mfc90u.dll")) return PE_CLASS_MFC_9_UNICODE;
89+
90+
if(!rd_stricmp(mod, "mfc100.dll")) return PE_CLASS_MFC_10;
91+
if(!rd_stricmp(mod, "mfc100u.dll")) return PE_CLASS_MFC_10_UNICODE;
92+
93+
if(!rd_stricmp(mod, "mfc110.dll")) return PE_CLASS_MFC_11;
94+
if(!rd_stricmp(mod, "mfc110u.dll")) return PE_CLASS_MFC_11_UNICODE;
95+
96+
if(!rd_stricmp(mod, "mfc120.dll")) return PE_CLASS_MFC_12;
97+
if(!rd_stricmp(mod, "mfc120u.dll")) return PE_CLASS_MFC_12_UNICODE;
98+
99+
if(!rd_stricmp(mod, "mfc140.dll")) return PE_CLASS_MFC_14;
100+
if(!rd_stricmp(mod, "mfc140u.dll")) return PE_CLASS_MFC_14_UNICODE;
101+
57102
if(!rd_stricmp(mod, "msvcp40.dll")) return PE_CLASS_VISUAL_STUDIO_4;
58103
if(!rd_stricmp(mod, "msvcp50.dll")) return PE_CLASS_VISUAL_STUDIO_5;
59104

@@ -82,6 +127,7 @@ static PEClassification _pe_classify_imports(const PEFormat* pe,
82127
return PE_CLASS_VISUAL_STUDIO_2013;
83128

84129
if(!rd_stricmp(mod, "msvcp140.dll") ||
130+
!rd_stricmp(mod, "msvcp140d.dll") ||
85131
!rd_stricmp(mod, "vcruntime140.dll"))
86132
return PE_CLASS_VISUAL_STUDIO_2015;
87133

mz/pe/classifier.h

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,24 @@ typedef enum {
1919
PE_CLASS_VISUAL_STUDIO_2013,
2020
PE_CLASS_VISUAL_STUDIO_2015,
2121
PE_CLASS_VISUAL_STUDIO_2017,
22+
PE_CLASS_MFC_4_X,
23+
PE_CLASS_MFC_7,
24+
PE_CLASS_MFC_7_1,
25+
PE_CLASS_MFC_8,
26+
PE_CLASS_MFC_9,
27+
PE_CLASS_MFC_10,
28+
PE_CLASS_MFC_11,
29+
PE_CLASS_MFC_12,
30+
PE_CLASS_MFC_14,
31+
PE_CLASS_MFC_4_X_UNICODE,
32+
PE_CLASS_MFC_7_UNICODE,
33+
PE_CLASS_MFC_7_1_UNICODE,
34+
PE_CLASS_MFC_8_UNICODE,
35+
PE_CLASS_MFC_9_UNICODE,
36+
PE_CLASS_MFC_10_UNICODE,
37+
PE_CLASS_MFC_11_UNICODE,
38+
PE_CLASS_MFC_12_UNICODE,
39+
PE_CLASS_MFC_14_UNICODE,
2240
PE_CLASS_DOTNET_1,
2341
PE_CLASS_DOTNET_2_X,
2442
PE_CLASS_BORLAND_DELPHI,
@@ -36,3 +54,20 @@ typedef struct PEFormat PEFormat;
3654

3755
PEClassification pe_classify(const PEFormat* pe, RDContext* ctx);
3856
void pe_classify_print(PEClassification c);
57+
58+
static inline bool pe_classification_is_visual_studio(PEClassification c) {
59+
return c >= PE_CLASS_VISUAL_STUDIO_4 && c <= PE_CLASS_VISUAL_STUDIO_2017;
60+
}
61+
62+
static inline bool pe_classification_is_mfc(PEClassification c) {
63+
return c >= PE_CLASS_MFC_4_X && c <= PE_CLASS_MFC_14_UNICODE;
64+
}
65+
66+
static inline bool pe_classification_is_visual_basic(PEClassification c) {
67+
return c == PE_CLASS_VISUAL_BASIC_5 || c == PE_CLASS_VISUAL_BASIC_6;
68+
}
69+
70+
static inline bool pe_classification_is_unicode(PEClassification c) {
71+
if(pe_classification_is_visual_basic(c)) return true;
72+
return c >= PE_CLASS_MFC_4_X_UNICODE && c <= PE_CLASS_MFC_14_UNICODE;
73+
}

mz/pe/dirs/exceptions.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,9 @@ bool pe_read_exceptions(RDContext* ctx, PEFormat* pe) {
3636
if(!pe_from_rva(pe, entry.BeginAddress, &func_va)) continue;
3737

3838
func_va = pe_norm(ctx, pe, func_va);
39-
rd_library_function(ctx, func_va, rd_format("exc_%" PRIx64, func_va));
39+
40+
rd_placeholder_function(ctx, func_va,
41+
rd_format("exc_%" PRIx64, func_va));
4042
}
4143

4244
return true;

mz/pe/dirs/imports.c

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -58,9 +58,6 @@ static void _pe_read_thunks(RDContext* ctx, const PEFormat* pe, RDReader* r,
5858
RDAddress ft_va) {
5959
rd_reader_seek(r, ft_va);
6060

61-
// VB uses wide strings
62-
if(rd_stristr(module, "msvbvm") == module) rd_set_scan_char16(ctx, true);
63-
6461
while(true) {
6562
PEThunk oft_thunk, ft_thunk;
6663
if(!_pe_read_thunk(oft_va, r, pe, &oft_thunk)) break;

mz/pe/pe.c

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
#include "pe/dirs/exports.h"
77
#include "pe/dirs/imports.h"
88
#include "pe/dirs/resources.h"
9-
#include "pe/vb/decompiler.h"
9+
#include <inttypes.h>
1010
#include <string.h>
1111

1212
static bool pe_parse(RDLoader* ldr, const RDLoaderRequest* req) {
@@ -176,16 +176,18 @@ static bool pe_load(RDLoader* ldr, RDContext* ctx) {
176176
if(pe_from_rva(pe, pe->entrypoint, &ep))
177177
rd_set_entry_point(ctx, pe_norm(ctx, pe, ep), NULL);
178178

179+
rd_log(RD_LOG_INFO, PE_PLUGIN_ID, "Image Base: %" PRIx64, pe->imagebase);
180+
179181
pe->classification = pe_classify(pe, ctx);
180182

181-
switch(pe->classification) {
182-
case PE_CLASS_VISUAL_BASIC_5:
183-
case PE_CLASS_VISUAL_BASIC_6:
184-
rd_analyzer_enable(ctx, PE_VB_DECOMPILER_ID);
185-
break;
183+
if(pe_classification_is_visual_basic(pe->classification))
184+
rd_analyzer_enable(ctx, "compiler_vb");
185+
else if(pe_classification_is_visual_studio(pe->classification) ||
186+
pe_classification_is_mfc(pe->classification))
187+
rd_analyzer_enable(ctx, "compiler_rtti_msvc");
186188

187-
default: break;
188-
}
189+
if(pe_classification_is_unicode(pe->classification))
190+
rd_set_scan_char16(ctx, true);
189191

190192
pe_classify_print(pe->classification);
191193
return true;

mz/pe/vb/components.c

Lines changed: 0 additions & 24 deletions
This file was deleted.

mz/pe/vb/components.h

Lines changed: 0 additions & 11 deletions
This file was deleted.

0 commit comments

Comments
 (0)