xzre_code: add find_call_instruction

smx-smx · Aug 3, 2024 · 5a735d2 · 5a735d2
1 parent f57aa3d
commit 5a735d2
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 1 deletion.
diff --git a/xzre.h b/xzre.h
@@ -302,7 +302,8 @@ typedef struct {
 #define XZDASM_OPC(op) (op - 0x80)
 
 enum X86_OPCODE {
-	X86_OPCODE_LEA = 0x8D
+	X86_OPCODE_LEA = 0x8D,
+	X86_OPCODE_CALL = 0xE8
 };
 
 typedef int BOOL;

diff --git a/xzre_code/CMakeLists.txt b/xzre_code/CMakeLists.txt
@@ -6,6 +6,7 @@ add_library(xzre_code
 	elf_parse.c
 	elf_symbol_get_addr.c
 	get_lzma_allocator.c
+	find_call_instruction.c
 	find_lea_instruction.c
 	find_string_reference.c
 	is_endbr64_instruction.c

diff --git a/xzre_code/find_call_instruction.c b/xzre_code/find_call_instruction.c
@@ -0,0 +1,29 @@
+/**
+ * Copyright (C) 2024 Stefano Moioli <[email protected]>
+ **/
+#include "xzre.h"
+
+BOOL find_call_instruction(u8 *code_start, u8 *code_end, u8 *call_target, dasm_ctx_t *dctx){
+	if(!secret_data_append_from_address(NULL, (secret_data_shift_cursor_t){ 0x81 }, 4, 7)){
+		return FALSE;
+	}
+	dasm_ctx_t ctx = {0};
+	if(!dctx){
+		dctx = &ctx;
+	}
+
+	while(code_start < code_end){
+		if(x86_dasm(dctx, code_start, code_end)){
+			if(XZDASM_OPC(dctx->opcode) == X86_OPCODE_CALL
+				&& (!call_target || &dctx->instruction[dctx->operand + dctx->instruction_size] == call_target)
+			){
+				return TRUE;
+			}
+			code_start += dctx->instruction_size;
+		} else {
+			code_start += 1;
+		}
+	}
+	return FALSE;
+}
+