zoukankan      html  css  js  c++  java
  • 代码还原,IDA中使用的宏

    在IDA7.0中的定义文件拷贝的.

    如果想使用,直接去IDA的plugins插件目录下.包含它的 **defs.h""
    如下:

    /*
    
       This file contains definitions used by the Hex-Rays decompiler output.
       It has type definitions and convenience macros to make the
       output more readable.
    
       Copyright (c) 2007-2017 Hex-Rays
    
    */
    
    #ifndef HEXRAYS_DEFS_H
    #define HEXRAYS_DEFS_H
    
    #if defined(__GNUC__)
      typedef          long long ll;
      typedef unsigned long long ull;
      #define __int64 long long
      #define __int32 int
      #define __int16 short
      #define __int8  char
      #define MAKELL(num) num ## LL
      #define FMT_64 "ll"
    #elif defined(_MSC_VER)
      typedef          __int64 ll;
      typedef unsigned __int64 ull;
      #define MAKELL(num) num ## i64
      #define FMT_64 "I64"
    #elif defined (__BORLANDC__)
      typedef          __int64 ll;
      typedef unsigned __int64 ull;
      #define MAKELL(num) num ## i64
      #define FMT_64 "L"
    #else
      #error "unknown compiler"
    #endif
    typedef unsigned int uint;
    typedef unsigned char uchar;
    typedef unsigned short ushort;
    typedef unsigned long ulong;
    
    typedef          char   int8;
    typedef   signed char   sint8;
    typedef unsigned char   uint8;
    typedef          short  int16;
    typedef   signed short  sint16;
    typedef unsigned short  uint16;
    typedef          int    int32;
    typedef   signed int    sint32;
    typedef unsigned int    uint32;
    typedef ll              int64;
    typedef ll              sint64;
    typedef ull             uint64;
    
    // Partially defined types. They are used when the decompiler does not know
    // anything about the type except its size.
    #define _BYTE  uint8
    #define _WORD  uint16
    #define _DWORD uint32
    #define _QWORD uint64
    #if !defined(_MSC_VER)
    #define _LONGLONG __int128
    #endif
    
    // Non-standard boolean types. They are used when the decompiler can not use
    // the standard "bool" type because of the size mistmatch but the possible
    // values are only 0 and 1. See also 'BOOL' type below.
    typedef int8 _BOOL1;
    typedef int16 _BOOL2;
    typedef int32 _BOOL4;
    
    #ifndef _WINDOWS_
    typedef int8 BYTE;
    typedef int16 WORD;
    typedef int32 DWORD;
    typedef int32 LONG;
    typedef int BOOL;       // uppercase BOOL is usually 4 bytes
    #endif
    typedef int64 QWORD;
    #ifndef __cplusplus
    typedef int bool;       // we want to use bool in our C programs
    #endif
    
    #define __pure          // pure function: always returns the same value, has no
                            // side effects
    
    // Non-returning function
    #if defined(__GNUC__)
    #define __noreturn  __attribute__((noreturn))
    #else
    #define __noreturn  __declspec(noreturn)
    #endif
    
    
    #ifndef NULL
    #define NULL 0
    #endif
    
    // Some convenience macros to make partial accesses nicer
    #define LAST_IND(x,part_type)    (sizeof(x)/sizeof(part_type) - 1)
    #if defined(__BYTE_ORDER) && __BYTE_ORDER == __BIG_ENDIAN
    #  define LOW_IND(x,part_type)   LAST_IND(x,part_type)
    #  define HIGH_IND(x,part_type)  0
    #else
    #  define HIGH_IND(x,part_type)  LAST_IND(x,part_type)
    #  define LOW_IND(x,part_type)   0
    #endif
    // first unsigned macros:
    #define BYTEn(x, n)   (*((_BYTE*)&(x)+n))
    #define WORDn(x, n)   (*((_WORD*)&(x)+n))
    #define DWORDn(x, n)  (*((_DWORD*)&(x)+n))
    
    #define LOBYTE(x)  BYTEn(x,LOW_IND(x,_BYTE))
    #define LOWORD(x)  WORDn(x,LOW_IND(x,_WORD))
    #define LODWORD(x) DWORDn(x,LOW_IND(x,_DWORD))
    #define HIBYTE(x)  BYTEn(x,HIGH_IND(x,_BYTE))
    #define HIWORD(x)  WORDn(x,HIGH_IND(x,_WORD))
    #define HIDWORD(x) DWORDn(x,HIGH_IND(x,_DWORD))
    #define BYTE1(x)   BYTEn(x,  1)         // byte 1 (counting from 0)
    #define BYTE2(x)   BYTEn(x,  2)
    #define BYTE3(x)   BYTEn(x,  3)
    #define BYTE4(x)   BYTEn(x,  4)
    #define BYTE5(x)   BYTEn(x,  5)
    #define BYTE6(x)   BYTEn(x,  6)
    #define BYTE7(x)   BYTEn(x,  7)
    #define BYTE8(x)   BYTEn(x,  8)
    #define BYTE9(x)   BYTEn(x,  9)
    #define BYTE10(x)  BYTEn(x, 10)
    #define BYTE11(x)  BYTEn(x, 11)
    #define BYTE12(x)  BYTEn(x, 12)
    #define BYTE13(x)  BYTEn(x, 13)
    #define BYTE14(x)  BYTEn(x, 14)
    #define BYTE15(x)  BYTEn(x, 15)
    #define WORD1(x)   WORDn(x,  1)
    #define WORD2(x)   WORDn(x,  2)         // third word of the object, unsigned
    #define WORD3(x)   WORDn(x,  3)
    #define WORD4(x)   WORDn(x,  4)
    #define WORD5(x)   WORDn(x,  5)
    #define WORD6(x)   WORDn(x,  6)
    #define WORD7(x)   WORDn(x,  7)
    
    // now signed macros (the same but with sign extension)
    #define SBYTEn(x, n)   (*((int8*)&(x)+n))
    #define SWORDn(x, n)   (*((int16*)&(x)+n))
    #define SDWORDn(x, n)  (*((int32*)&(x)+n))
    
    #define SLOBYTE(x)  SBYTEn(x,LOW_IND(x,int8))
    #define SLOWORD(x)  SWORDn(x,LOW_IND(x,int16))
    #define SLODWORD(x) SDWORDn(x,LOW_IND(x,int32))
    #define SHIBYTE(x)  SBYTEn(x,HIGH_IND(x,int8))
    #define SHIWORD(x)  SWORDn(x,HIGH_IND(x,int16))
    #define SHIDWORD(x) SDWORDn(x,HIGH_IND(x,int32))
    #define SBYTE1(x)   SBYTEn(x,  1)
    #define SBYTE2(x)   SBYTEn(x,  2)
    #define SBYTE3(x)   SBYTEn(x,  3)
    #define SBYTE4(x)   SBYTEn(x,  4)
    #define SBYTE5(x)   SBYTEn(x,  5)
    #define SBYTE6(x)   SBYTEn(x,  6)
    #define SBYTE7(x)   SBYTEn(x,  7)
    #define SBYTE8(x)   SBYTEn(x,  8)
    #define SBYTE9(x)   SBYTEn(x,  9)
    #define SBYTE10(x)  SBYTEn(x, 10)
    #define SBYTE11(x)  SBYTEn(x, 11)
    #define SBYTE12(x)  SBYTEn(x, 12)
    #define SBYTE13(x)  SBYTEn(x, 13)
    #define SBYTE14(x)  SBYTEn(x, 14)
    #define SBYTE15(x)  SBYTEn(x, 15)
    #define SWORD1(x)   SWORDn(x,  1)
    #define SWORD2(x)   SWORDn(x,  2)
    #define SWORD3(x)   SWORDn(x,  3)
    #define SWORD4(x)   SWORDn(x,  4)
    #define SWORD5(x)   SWORDn(x,  5)
    #define SWORD6(x)   SWORDn(x,  6)
    #define SWORD7(x)   SWORDn(x,  7)
    
    
    // Helper functions to represent some assembly instructions.
    
    #ifdef __cplusplus
    
    // compile time assertion
    #define __CASSERT_N0__(l) COMPILE_TIME_ASSERT_ ## l
    #define __CASSERT_N1__(l) __CASSERT_N0__(l)
    #define CASSERT(cnd) typedef char __CASSERT_N1__(__LINE__) [(cnd) ? 1 : -1]
    
    // check that unsigned multiplication does not overflow
    template<class T> bool is_mul_ok(T count, T elsize)
    {
      CASSERT((T)(-1) > 0); // make sure T is unsigned
      if ( elsize  == 0 || count == 0 )
        return true;
      return count <= ((T)(-1)) / elsize;
    }
    
    // multiplication that saturates (yields the biggest value) instead of overflowing
    // such a construct is useful in "operator new[]"
    template<class T> bool saturated_mul(T count, T elsize)
    {
      return is_mul_ok(count, elsize) ? count * elsize : T(-1);
    }
    
    #include <stddef.h> // for size_t
    
    // memcpy() with determined behavoir: it always copies
    // from the start to the end of the buffer
    // note: it copies byte by byte, so it is not equivalent to, for example, rep movsd
    inline void *qmemcpy(void *dst, const void *src, size_t cnt)
    {
      char *out = (char *)dst;
      const char *in = (const char *)src;
      while ( cnt > 0 )
      {
        *out++ = *in++;
        --cnt;
      }
      return dst;
    }
    
    // Generate a reference to pair of operands
    template<class T>  int16 __PAIR__( int8  high, T low) { return ((( int16)high) << sizeof(high)*8) | uint8(low); }
    template<class T>  int32 __PAIR__( int16 high, T low) { return ((( int32)high) << sizeof(high)*8) | uint16(low); }
    template<class T>  int64 __PAIR__( int32 high, T low) { return ((( int64)high) << sizeof(high)*8) | uint32(low); }
    template<class T> uint16 __PAIR__(uint8  high, T low) { return (((uint16)high) << sizeof(high)*8) | uint8(low); }
    template<class T> uint32 __PAIR__(uint16 high, T low) { return (((uint32)high) << sizeof(high)*8) | uint16(low); }
    template<class T> uint64 __PAIR__(uint32 high, T low) { return (((uint64)high) << sizeof(high)*8) | uint32(low); }
    
    // rotate left
    template<class T> T __ROL__(T value, int count)
    {
      const uint nbits = sizeof(T) * 8;
    
      if ( count > 0 )
      {
        count %= nbits;
        T high = value >> (nbits - count);
        if ( T(-1) < 0 ) // signed value
          high &= ~((T(-1) << count));
        value <<= count;
        value |= high;
      }
      else
      {
        count = -count % nbits;
        T low = value << (nbits - count);
        value >>= count;
        value |= low;
      }
      return value;
    }
    
    inline uint8  __ROL1__(uint8  value, int count) { return __ROL__((uint8)value, count); }
    inline uint16 __ROL2__(uint16 value, int count) { return __ROL__((uint16)value, count); }
    inline uint32 __ROL4__(uint32 value, int count) { return __ROL__((uint32)value, count); }
    inline uint64 __ROL8__(uint64 value, int count) { return __ROL__((uint64)value, count); }
    inline uint8  __ROR1__(uint8  value, int count) { return __ROL__((uint8)value, -count); }
    inline uint16 __ROR2__(uint16 value, int count) { return __ROL__((uint16)value, -count); }
    inline uint32 __ROR4__(uint32 value, int count) { return __ROL__((uint32)value, -count); }
    inline uint64 __ROR8__(uint64 value, int count) { return __ROL__((uint64)value, -count); }
    
    // carry flag of left shift
    template<class T> int8 __MKCSHL__(T value, uint count)
    {
      const uint nbits = sizeof(T) * 8;
      count %= nbits;
    
      return (value >> (nbits-count)) & 1;
    }
    
    // carry flag of right shift
    template<class T> int8 __MKCSHR__(T value, uint count)
    {
      return (value >> (count-1)) & 1;
    }
    
    // sign flag
    template<class T> int8 __SETS__(T x)
    {
      if ( sizeof(T) == 1 )
        return int8(x) < 0;
      if ( sizeof(T) == 2 )
        return int16(x) < 0;
      if ( sizeof(T) == 4 )
        return int32(x) < 0;
      return int64(x) < 0;
    }
    
    // overflow flag of subtraction (x-y)
    template<class T, class U> int8 __OFSUB__(T x, U y)
    {
      if ( sizeof(T) < sizeof(U) )
      {
        U x2 = x;
        int8 sx = __SETS__(x2);
        return (sx ^ __SETS__(y)) & (sx ^ __SETS__(x2-y));
      }
      else
      {
        T y2 = y;
        int8 sx = __SETS__(x);
        return (sx ^ __SETS__(y2)) & (sx ^ __SETS__(x-y2));
      }
    }
    
    // overflow flag of addition (x+y)
    template<class T, class U> int8 __OFADD__(T x, U y)
    {
      if ( sizeof(T) < sizeof(U) )
      {
        U x2 = x;
        int8 sx = __SETS__(x2);
        return ((1 ^ sx) ^ __SETS__(y)) & (sx ^ __SETS__(x2+y));
      }
      else
      {
        T y2 = y;
        int8 sx = __SETS__(x);
        return ((1 ^ sx) ^ __SETS__(y2)) & (sx ^ __SETS__(x+y2));
      }
    }
    
    // carry flag of subtraction (x-y)
    template<class T, class U> int8 __CFSUB__(T x, U y)
    {
      int size = sizeof(T) > sizeof(U) ? sizeof(T) : sizeof(U);
      if ( size == 1 )
        return uint8(x) < uint8(y);
      if ( size == 2 )
        return uint16(x) < uint16(y);
      if ( size == 4 )
        return uint32(x) < uint32(y);
      return uint64(x) < uint64(y);
    }
    
    // carry flag of addition (x+y)
    template<class T, class U> int8 __CFADD__(T x, U y)
    {
      int size = sizeof(T) > sizeof(U) ? sizeof(T) : sizeof(U);
      if ( size == 1 )
        return uint8(x) > uint8(x+y);
      if ( size == 2 )
        return uint16(x) > uint16(x+y);
      if ( size == 4 )
        return uint32(x) > uint32(x+y);
      return uint64(x) > uint64(x+y);
    }
    
    #else
    // The following definition is not quite correct because it always returns
    // uint64. The above C++ functions are good, though.
    #define __PAIR__(high, low) (((uint64)(high)<<sizeof(high)*8) | low)
    // For C, we just provide macros, they are not quite correct.
    #define __ROL__(x, y) __rotl__(x, y)      // Rotate left
    #define __ROR__(x, y) __rotr__(x, y)      // Rotate right
    #define __CFSHL__(x, y) invalid_operation // Generate carry flag for (x<<y)
    #define __CFSHR__(x, y) invalid_operation // Generate carry flag for (x>>y)
    #define __CFADD__(x, y) invalid_operation // Generate carry flag for (x+y)
    #define __CFSUB__(x, y) invalid_operation // Generate carry flag for (x-y)
    #define __OFADD__(x, y) invalid_operation // Generate overflow flag for (x+y)
    #define __OFSUB__(x, y) invalid_operation // Generate overflow flag for (x-y)
    #endif
    
    // No definition for rcl/rcr because the carry flag is unknown
    #define __RCL__(x, y)    invalid_operation // Rotate left thru carry
    #define __RCR__(x, y)    invalid_operation // Rotate right thru carry
    #define __MKCRCL__(x, y) invalid_operation // Generate carry flag for a RCL
    #define __MKCRCR__(x, y) invalid_operation // Generate carry flag for a RCR
    #define __SETP__(x, y)   invalid_operation // Generate parity flag for (x-y)
    
    // In the decompilation listing there are some objects declarared as _UNKNOWN
    // because we could not determine their types. Since the C compiler does not
    // accept void item declarations, we replace them by anything of our choice,
    // for example a char:
    
    #define _UNKNOWN char
    
    #ifdef _MSC_VER
    #define snprintf _snprintf
    #define vsnprintf _vsnprintf
    #endif
    
    #endif // HEXRAYS_DEFS_H
    
    
  • 相关阅读:
    使用MSXML2::IXMLDOMDocument2Ptr每次都要CreateInstance和load(xmlfile)吗?
    .Net程序安装打包的一些经验贡献
    感慨SQL2005中的数据挖掘算法
    COM客户端没法激活托管代码生成的COM Server的原因
    预感~=命中注定
    创业经理10大必备素质
    全局缓存管理工具
    XML DOM的结构概念图解哪里是Element,哪里是Attribute,哪里是Text
    用GetVolumeInformation得到的不是硬盘的序列号,不要再抄这样的错误好吗?
    站在生活的背后
  • 原文地址:https://www.cnblogs.com/iBinary/p/10906398.html
Copyright © 2011-2022 走看看