API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 16th, 2020
165
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.92 KB | None | 0 0
raw download clone embed print report
  1. unction cbFindIntegrityCheckChange(sender)
  2. --gui stuff - FLY HACK
  3. control_setEnabled(frmSESettings_cbRewatch, checkbox_getState(frmSESettings_cbFindIntegrityCheck)==cbChecked)
  4. control_setEnabled(frmSESettings_edtTime, checkbox_getState(frmSESettings_cbFindIntegrityCheck)==cbChecked)
  5. control_setEnabled(frmSESettings_lblMilliseconds, checkbox_getState(frmSESettings_cbFindIntegrityCheck)==cbChecked)
  6. end
  7.  
  8. function btnApplyClick(sender)
  9. stealthedit_FindIntegrity=checkbox_getState(frmSESettings_cbFindIntegrityCheck)==cbChecked
  10. stealthedit_Rewatch=checkbox_getState(frmSESettings_cbRewatch)==cbChecked
  11. stealthedit_RewatchTimer=tonumber(control_getCaption(frmSESettings_edtTime))
  12. end
  13.  
  14.  
  15. createFormFromFile(stealtheditpath..'sesettings.FRM')
  16. createFormFromFile(stealtheditpath..'results.FRM')
  17.  
  18.  
  19. function ShowSEWindow()
  20. if stealthedit_FindIntegrity==true then
  21. form_show(frmResults)
  22. end
  23. end
  24.  
  25. stealthedit_FindIntegrity=false --this variablename is queried by the stealthedit plugin to determine if the memory should be guarded on stealthedit (don't change it)
  26. --set to true if you wish it on by default. Also add this then:
  27. --checkbox_setState(frmSESettings_cbFindIntegrityCheck, cbChecked)
  28.  
  29. stealthedit_Rewatch=false
  30. stealthedit_RewatchTimer=100
  31.  
  32.  
  33.  
  34. function onreguard(sender)
  35. timer_setEnabled(sender, false)
  36. reguard()
  37. end
  38.  
  39.  
  40. se_events={}
  41.  
  42. function IntegrityUpdate(rax, rbx, rcx, rdx, rsi, rdi, rbp, rsp, rip, r8, r9, r10, r11, r12, r13, r14, r15, stackcopy, stacksize)
  43. --A page that was guarded has been accessed (and made unguarded)
  44. if (control_getVisible(frmResults)==false) then
  45. ShowSEWindow()
  46. end
  47.  
  48. --check if this rip address is already in the list, and if not, add it
  49.  
  50.  
  51. if (se_events[rip]==nil) then
  52. --new, add it (don't add/update any other ones with this rip, those don't come with a stackcopy/stacksize)
  53. se_events[rip]={rax=rax, rbx=rbx, rcx=rcx, rdx=rdx, rsi=rsi, rdi=rdi, rbp=rbp, rsp=rsp, rip=rip, r8=r8, r9=r9, r10=r10, r11=r11, r12=r12, r13=r13, r14=r14, r15=r15, stackcopy=stackcopy, stacksize=stacksize}
  54. local items=listbox_getItems(frmResults_lbAddresses)
  55. strings_add(items, string.format('%08X', rip))
  56.  
  57. if listbox_getItemIndex(frmResults_lbAddresses)==-1 then
  58. listbox_setItemIndex(frmResults_lbAddresses,0)
  59. end
  60. end
  61.  
  62.  
  63.  
  64. if (stealthedit_Rewatch) then
  65. if (reguardtimer==nil) then
  66. reguardtimer=createTimer(nil, false)
  67. timer_onTimer(reguardtimer, onreguard)
  68. end
  69.  
  70. timer_setInterval(reguardtimer, stealthedit_RewatchTimer)
  71. timer_setEnabled(reguardtimer, true)
  72. end
  73. end
  74.  
  75.  
  76. function lbAddressesSelectionChange(sender, user)
  77. -- showMessage('selection changed')
  78. -- frmResults_lbAddresses
  79. -- frmResults_mData
  80. local is64bit=targetIs64Bit()
  81. local items=listbox_getItems(frmResults_lbAddresses)
  82. local itemindex=listbox_getItemIndex(frmResults_lbAddresses)
  83. local event=se_events[tonumber('0x'..strings_getString(items, itemindex))]
  84.  
  85. edit_clear(frmResults_mData)
  86.  
  87. if is64bit then
  88. prefix='R'
  89. else
  90. prefix='E'
  91. end
  92.  
  93.  
  94. memo_append(frmResults_mData,prefix..'AX = '..string.format('%08X',event.rax))
  95. memo_append(frmResults_mData,prefix..'BX = '..string.format('%08X',event.rbx))
  96. memo_append(frmResults_mData,prefix..'CX = '..string.format('%08X',event.rcx))
  97. memo_append(frmResults_mData,prefix..'DX = '..string.format('%08X',event.rdx))
  98. memo_append(frmResults_mData,prefix..'SI = '..string.format('%08X',event.rsi))
  99. memo_append(frmResults_mData,prefix..'DI = '..string.format('%08X',event.rdi))
  100. memo_append(frmResults_mData,prefix..'BP = '..string.format('%08X',event.rbp))
  101. memo_append(frmResults_mData,prefix..'SP = '..string.format('%08X',event.rsp))
  102. memo_append(frmResults_mData,prefix..'IP = '..string.format('%08X',event.rip))
  103.  
  104. if is64bit then
  105. memo_append(frmResults_mData,' R8 = '..string.format('%08X',event.r8))
  106. memo_append(frmResults_mData,' R9 = '..string.format('%08X',event.r9))
  107. memo_append(frmResults_mData,'R10 = '..string.format('%08X',event.r10))
  108. memo_append(frmResults_mData,'R11 = '..string.format('%08X',event.r11))
  109. memo_append(frmResults_mData,'R12 = '..string.format('%08X',event.r12))
  110. memo_append(frmResults_mData,'R13 = '..string.format('%08X',event.r13))
  111. memo_append(frmResults_mData,'R14 = '..string.format('%08X',event.r14))
  112. memo_append(frmResults_mData,'R15 = '..string.format('%08X',event.r15))
  113. end
  114.  
  115. memo_append(frmResults_mData,'')
  116. memo_append(frmResults_mData,'Stack copy = '..string.format('%08X',event.stackcopy))
  117. memo_append(frmResults_mData,'Stack size = '..string.format('%08X',event.stacksize))
  118. end
  119.  
  120. function lbAddressesDblClick(sender)
  121. local items=listbox_getItems(frmResults_lbAddresses)
  122. local itemindex=listbox_getItemIndex(frmResults_lbAddresses)
  123. local address=tonumber('0x'..strings_getString(items, itemindex))
  124. local mb=getMemoryViewForm()
  125. local dv=memoryview_getDisassemblerView(mb)
  126. disassemblerview_setSelectedAddress(dv, address)
  127. form_show(mb)
  128. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!