added symbol names for addresses in disassembly view

zodiacon · Feb 11, 2023 · 58b494f · 58b494f
1 parent 048914d
commit 58b494f
Show file tree

Hide file tree

Showing 7 changed files with 196 additions and 136 deletions.
diff --git a/TotalPE/ExportsView.cpp b/TotalPE/ExportsView.cpp
@@ -150,7 +150,7 @@ LRESULT CExportsView::OnDissassemble(WORD, WORD, HWND, BOOL&) const {
 	auto code = m_PE.GetSpan(offset, size);
 
 	ULONGLONG imageBase = m_PE->GetFileInfo()->IsPE64 ? m_PE->GetNTHeader()->NTHdr64.OptionalHeader.ImageBase : m_PE->GetNTHeader()->NTHdr32.OptionalHeader.ImageBase;
-	Frame()->CreateAssemblyView(code, offset + imageBase, exp.FuncRVA,
+	Frame()->CreateAssemblyView(code, exp.FuncRVA + imageBase, exp.FuncRVA,
 		exp.Name.c_str(), TreeItemType::DirectoryExports);
 
 	return 0;

diff --git a/TotalPE/PEStrings.cpp b/TotalPE/PEStrings.cpp
@@ -3,6 +3,7 @@
 #include <atltime.h>
 #include <DbgHelp.h>
 #include "..\External\Capstone\capstone.h"
+#include <DiaHelper.h>
 
 #pragma comment(lib, "dbghelp")
 
@@ -190,10 +191,27 @@ std::wstring PEStrings::ResourceTypeToString(WORD id) {
 	return id >= _countof(types) ? L"" : types[id];
 }
 
-CStringA PEStrings::FormatInstruction(const cs_insn& inst) {
-	CStringA text;
-	text.Format("%llX %-10s %-40s ;", inst.address, inst.mnemonic, inst.op_str);
-//	text.Format("%-10s %-40s ;", inst.mnemonic, inst.op_str);
+CStringA PEStrings::FormatInstruction(const cs_insn& inst, DiaSession const& symbols) {
+	CStringA text, extra;
+	static PCSTR branches[] = { "call", "je", "jmp", "jne", "js" };
+	for (auto& br : branches)
+		if (_stricmp(inst.mnemonic, br) == 0) {
+			long disp;
+			auto address = strtoll(inst.op_str, nullptr, 16);
+			if (address != 0 && address != LLONG_MAX && address != LLONG_MIN) {
+				auto sym = symbols.GetSymbolByVA(address, SymbolTag::Null, &disp);
+				if (sym) {
+					extra = sym.Name().c_str();
+					if (!extra.IsEmpty() && disp)
+						extra += std::format(" + 0x{:X}", disp).c_str();
+				}
+			}
+			break;
+		}
+
+	if (!extra.IsEmpty())
+		extra = std::format("{} ({})", inst.op_str, (PCSTR)extra).c_str();
+	text.Format("%llX %-10s %-55s;", inst.address, inst.mnemonic, !extra.IsEmpty() ? (PCSTR)extra : inst.op_str);
 	for (int i = 0; i < inst.size; i++)
 		text += std::format(" {:02X}", inst.bytes[i]).c_str();
 	return text;

diff --git a/TotalPE/PEStrings.h b/TotalPE/PEStrings.h
@@ -3,6 +3,7 @@
 struct cs_insn;
 enum class SymbolTag;
 enum class LocationKind;
+class DiaSession;
 
 enum class DllCharacteristics : unsigned short {
 	None = 0,
@@ -32,7 +33,7 @@ struct PEStrings abstract final {
 	static std::wstring ToHex(ULONGLONG value);
 	static std::wstring ToMemorySize(ULONGLONG size);
 	static std::wstring ResourceTypeToString(WORD id);
-	static CStringA FormatInstruction(const cs_insn& inst);
+	static CStringA FormatInstruction(const cs_insn& inst, DiaSession const& symbols);
 	static std::wstring ManagedTypeAttributesToString(CorTypeAttr attr);
 	//static std::wstring MemberAttributesToString(const ManagedMember& member);
 	static std::wstring MethodAttributesToString(CorMethodAttr attr);

diff --git a/TotalPE/ScintillaView.cpp b/TotalPE/ScintillaView.cpp
@@ -128,7 +128,7 @@ bool CScintillaView::SetAsmCode(std::span<const std::byte> code, uint64_t addres
 	cs_insn inst{};
 	CStringA text;
 	while (cs_disasm_iter(handle, &bytes, &size, &address, &inst)) {
-		text += PEStrings::FormatInstruction(inst) + L"\r\n";
+		text += PEStrings::FormatInstruction(inst, Frame()->GetSymbols()) + L"\r\n";
 		if (_strcmpi(inst.mnemonic, "ret") == 0)
 			break;
 	}
@@ -252,7 +252,7 @@ LRESULT CScintillaView::OnDisassembleAtEnd(WORD, WORD, HWND, BOOL&) {
 	cs_insn inst{};
 	CStringA text;
 	while (cs_disasm_iter(handle, &bytes, &size, &address, &inst)) {
-		text += PEStrings::FormatInstruction(inst) + L"\r\n";
+		text += PEStrings::FormatInstruction(inst, Frame()->GetSymbols()) + L"\r\n";
 		if (_strcmpi(inst.mnemonic, "ret") == 0)
 			break;
 	}

diff --git a/TotalPE/StructView.cpp b/TotalPE/StructView.cpp
@@ -27,14 +27,12 @@ LRESULT CStructView::OnCreate(UINT, WPARAM, LPARAM, BOOL&) {
 
     m_TL.Create(m_Splitter, rcDefault, nullptr, WS_CHILD | WS_VISIBLE | WS_CLIPCHILDREN |
         LVS_REPORT | LVS_SHAREIMAGELISTS | LVS_NOSORTHEADER);
-    m_TL.SetExtendedListViewStyle(LVS_EX_DOUBLEBUFFER | LVS_EX_FULLROWSELECT);
+    m_TL.SetExtendedListViewStyle(LVS_EX_DOUBLEBUFFER | LVS_EX_FULLROWSELECT | LVS_EX_INFOTIP);
     m_TL.SetImageList(Frame()->GetImageList(), LVSIL_SMALL);
-//    m_TL.SetIcons(AtlLoadIconImage(IDI_EXPANDED, 0, 16, 16), AtlLoadIconImage(IDI_COLLAPSED, 0, 16, 16));
     m_TL.InsertColumn(0, L"Member", LVCFMT_LEFT, 250);
     m_TL.InsertColumn(1, L"Offset", LVCFMT_RIGHT, 60);
     m_TL.InsertColumn(2, L"Type", 0, 180);
-    m_TL.InsertColumn(3, L"Value", 0, 150);
-    m_TL.InsertColumn(4, L"Details", 0, 150);
+    m_TL.InsertColumn(3, L"Value", LVCFMT_RIGHT, 150);
 
     m_HexView.Create(m_Splitter, rcDefault, nullptr, WS_CHILD | WS_VISIBLE);
     m_HexView.SetStatic(true);