Initial import of the memDiff jutsu

git-svn-id: file:///home/svn/framework3/trunk@6156 4d416f70-5f16-0410-b530-b9f4589650da

external/source/byakugan/exts.cpp

@@ -105,7 +105,7 @@ HRESULT CALLBACK symport(PDEBUG_CLIENT4 Client, PCSTR args) {
 }
 
 HRESULT CALLBACK jutsu(PDEBUG_CLIENT4 Client, PCSTR args) {
-    char    *command, *bufName, *bufPatt, *bindPort, *bufSize;
+    char    *command, *bufName, *bufPatt, *bindPort, *bufSize, *bufType, *bufAddr;
 
     INIT_API();
     
@@ -115,6 +115,21 @@ HRESULT CALLBACK jutsu(PDEBUG_CLIENT4 Client, PCSTR args) {
 			helpJutsu();
 			return (S_OK);
 		}
+		if (!_stricmp(command, "memDiff")) {
+			bufType = strtok(NULL, " ");
+			bufSize = strtok(NULL, " ");
+			bufPatt = strtok(NULL, " ");
+			bufAddr	= strtok(NULL, " ");
+			if (!bufAddr) {
+				dprintf("[J] Format: memDiff <type> <size> <value> <address>\n");
+				dprintf("Valid Types:\n\thex: Value is any hex characters\n");
+				dprintf("\tfile: Buffer is read in from file at path <value>\n");
+				dprintf("\tbuf: Buffer is taken from known tracked Buffers\n");
+				return (S_OK);
+			}
+			memDiffJutsu(bufType, strtoul(bufSize, NULL, 10), 
+						bufPatt, strtoul(bufAddr, NULL, 0x10));
+		}
 		if (!_stricmp(command, "trackVal")) {
 			bufName = strtok(NULL, " ");
 			bufSize = strtok(NULL, " ");
@@ -125,7 +140,8 @@ HRESULT CALLBACK jutsu(PDEBUG_CLIENT4 Client, PCSTR args) {
 			} else if (bufSize == NULL) {
 				listTrackedValByName(bufName);
 			} else
-				trackValJutsu(bufName, strtoul(bufSize, NULL, 10), strtoul(bufPatt, NULL, 0x10));
+				trackValJutsu(bufName, strtoul(bufSize, NULL, 10), 
+						strtoul(bufPatt, NULL, 0x10));
 		}
 		if (!_stricmp(command, "searchOpcode")) {
 			char	*instructions;

external/source/byakugan/jutsu.cpp

@@ -4,6 +4,7 @@
 #include "byakugan.h"
 #include "jutsu.h"
 #include "msfpattern.h"
+#include "stdwindbg.h"
 
 struct requestQueue	jutsuRequests;
 struct trackedBuf	*trackedBufList = NULL;
@@ -35,18 +36,128 @@ void helpJutsu(void) {
 }
 
 void memDiffJutsu(char *inputType, DWORD size, char *input, ULONG64 address) {
-	DWORD	i;
+	DWORD	i, j, valResult, numBadChars = 0;
 	BOOL	upperFlag, lowerFlag, nullFlag;
-	char	*badChars;
+	char	*pureBuf = NULL, findValExpression[64] = {'\x00'};
+	char	lineExpected[16], lineActual[16];
+	
+	struct trackedBuf *curr = trackedBufList;
+	struct corruption *badChars;
+
+	// Valid inputs: ASCII, hex, file, buf
+	if (!_stricmp(inputType, "ASCII")) {
+		pureBuf = input;
+	} else if (!_stricmp(inputType, "hex")) {
+		if (size != parseHexInput(input, size, &pureBuf)) {
+			dprintf("[J] Failed to parse %d bytes from hex input.\n", size);
+			return;
+		}
+	} else if (!_stricmp(inputType, "file")) {
+		if (size != readBinaryFile(input, size, &pureBuf)) {
+			dprintf("[J] Failed to read %d bytes from %s.\n", size, input);
+			return;
+		}
+	} else if (!_stricmp(inputType, "buf")) {
+		// Grab the buf by name from the trackedBufList
+     
+    	while (curr != NULL) {
+        	if(!_stricmp(input, curr->bufName)) {
+				pureBuf = curr->bufPatt;
+            	break;
+			}
+        	curr = curr->next;
+    	}
+		if (pureBuf == NULL) {
+			dprintf("[J] Unable to find buffer: %s\n", input);
+			return;
+		}	
+	} else {
+		dprintf("[J] The valid input types are buf, hex, and file.\n");
+		return;
+	}
 
 	upperFlag = lowerFlag = nullFlag = FALSE;
-	badChars = (char *) malloc(size);
-	
+	badChars = (struct corruption *) malloc(size * sizeof (struct corruption));
+
+	dprintf("\t\t\tACTUAL\t\t\t\t\t\t\t\tEXPECTED\n");
 	for (i = 0; i < size; i++) {
-		// Diff the two locations
-		// Store badchars, and bad offsets
-		// Take note of upper / lower / null exclusions
+		// Get byte at the important memory location
+		StringCchPrintf(findValExpression, sizeof(findValExpression), 
+				"poi(0x%08x)", address + i);
+		valResult = (GetExpression(findValExpression) & 0xFF);
+		
+		lineExpected[i%16] = pureBuf[i];
+		lineActual[i%16] = valResult;
+
+		if (pureBuf[i] != valResult) {
+			badChars[numBadChars].value = pureBuf[i];
+			badChars[numBadChars].offset = i;
+			badChars[numBadChars].seenAgain = FALSE;
+			badChars[numBadChars].seenBefore = FALSE;
+			for (j = 0; j < numBadChars; j++) {
+				if (badChars[j].value == badChars[numBadChars].value) {
+					badChars[numBadChars].seenBefore = TRUE;
+				}
+			}
+			numBadChars++;
+		} else {
+			for (j = 0; j < numBadChars; j++)
+				if (valResult == badChars[j].value)
+					badChars[j].seenAgain = TRUE;
+		}
+
+
+		if (i % 16 == 15 || i == size-1) {
+			// Print the actual characters with differences in bold
+			for (j = 0; j < 16; j++) {
+				// Diff the two locations
+				if (lineActual[j] != lineExpected[j]) {
+					// Store badchars, and bad offsets
+					// Print this character in bold!
+					StringCchPrintf(findValExpression, sizeof(findValExpression), 
+					".printf /D \"<b><red>%02x</red></b> \"", lineActual[j]);
+					g_ExtControl->Execute(DEBUG_OUTCTL_THIS_CLIENT, findValExpression, 
+										DEBUG_EXECUTE_NOT_LOGGED);
+
+				} else {
+					dprintf("%02x ", lineActual[j]);
+				}
+
+				// Take note of upper / lower / null exclusions
+			}
+			dprintf("\t");
+
+			// Now print the Expected characters
+			for (j = 0; j < 16; j++) { 
+				dprintf("%02x ", lineExpected[j]);
+			}
+			dprintf("\n");
+		}
 	}
+
+	// Display bad chars
+	i = 0;
+	if (numBadChars) {
+		dprintf("\n[J] Bytes replaced: ");
+		while (i < numBadChars) {
+			if (!badChars[i].seenAgain && !badChars[i].seenBefore)
+				dprintf("0x%02x ", badChars[i].value);
+			i++;
+		}
+		i = 0;
+		dprintf("\n[J] Offset corruption occurs at: ");
+        while (i < numBadChars) {
+            if (badChars[i].seenAgain) 
+                dprintf("%02x ", badChars[i].offset);
+            i++;
+        }
+		dprintf("\n");
+	}
+	
+	// Unless pureBuf came from a tracked buffer, free the memory
+	if (_stricmp(inputType, "buf"))
+		free(pureBuf);
+	free(badChars);
 }
 
 void listTrackedVals() {

external/source/byakugan/jutsu.h

@@ -71,6 +71,13 @@ struct valInstance {
     struct valInstance *next;
 };
 
+struct corruption {
+	DWORD				offset;
+	BYTE				value;
+	BOOL				seenAgain;
+	BOOL				seenBefore;
+};
+
 
 void    helpJutsu(void);
 void    bindJutsu(char *);
@@ -89,6 +96,7 @@ void	listTrackedValByName(char *name);
 ULONG64 allocateMemoryBlock(unsigned long); 
 ULONG64 searchMemory(unsigned char * byteBuffer, unsigned long length);
 DWORD   findAllVals(unsigned char *byteBuffer, BYTE size, struct valInstance **instance);
+void	memDiffJutsu(char *inputType, DWORD size, char *input, ULONG64 address);
 
 // Handlers
 void	executeJutsu(struct request *);

external/source/byakugan/stdwindbg.cpp

@@ -284,3 +284,10 @@ PDEBUG_BREAKPOINT detectReadByAddr(ULONG64 funcAddr64, char *detectionName) {
     return (bp);
 }
 
+DWORD parseHexInput(char *hexInput, DWORD size, char **output) {
+	return (0);
+}
+
+DWORD readBinaryFile(char *path, DWORD size, char **output) {
+	return (0);
+}

external/source/byakugan/stdwindbg.h

@@ -11,6 +11,8 @@ BOOL detectCallByName(char *, char *);
 PDEBUG_BREAKPOINT detectExecByAddr(ULONG64, char *);
 PDEBUG_BREAKPOINT detectReadByAddr(ULONG64, char *);
 PDEBUG_BREAKPOINT detectWriteByAddr(ULONG64, char *);
+DWORD parseHexInput(char *, DWORD, char **);
+DWORD readBinaryFile(char *, DWORD, char **);
 
 class detectionCallBack : public IDebugEventCallbacks {
     public: