Skip to content

Instantly share code, notes, and snippets.

@mrexodia
Last active November 20, 2022 21:31
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save mrexodia/e949ab26d5986a5fc1fa4944ac68147a to your computer and use it in GitHub Desktop.
x64dbg type system
ClearTypes
AddStruct ST
AppendMember char, a
AppendMember int, y
SizeofType ST
VisitType ST
AddType "unsigned int", DWORD
SizeofType DWORD
AddStruct _FILETIME
AppendMember DWORD, dwLoDateTime
AppendMember DWORD, dwHighDateTime
AddType _FILETIME*, LPFILETIME
SizeofType _FILETIME
AddUnion UT
AppendMember char, a
AppendMember short, b
AppendMember int, c
AppendMember "long long", d
SizeofType UT
VisitType UT
AddStruct BLUB
AppendMember short, c
AppendMember int, d, 2
AddStruct TEST
AppendMember int, a
AppendMember char, b
AppendMember BLUB, e
AppendMember int, f
SizeofType TEST
VisitType TEST
AddStruct POINTEE
AppendMember int, n
AppendMember TEST, t
AddStruct POINTER
AppendMember int, x
AppendMember POINTEE*, p
AppendMember int, y
VisitType POINTER, 0, 1
AddStruct LIST_ENTRY
AppendMember int, x
AppendMember LIST_ENTRY*, next
AppendMember int, y
VisitType LIST_ENTRY, 0, 4
AddStruct STRINGTEST
AppendMember "const char*", str
AppendMember "const wchar_t*", wstr
VisitType STRINGTEST
AddFunction strcasecmp, int, cdecl
AppendArg "const char*", s1
AppendArg "const char*", s2
typedef uint8_t BYTE;
typedef uint16_t WORD;
typedef uint32_t DWORD;
struct FLOATING_SAVE_AREA
{
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
BYTE RegisterArea[80]; //[SIZE_OF_80387_REGISTERS];
DWORD Spare0;
};
struct CONTEXT
{
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a threads context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
DWORD ContextFlags;
//
// This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
// set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
// included in CONTEXT_FULL.
//
DWORD Dr0;
DWORD Dr1;
DWORD Dr2;
DWORD Dr3;
DWORD Dr6;
DWORD Dr7;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
//
FLOATING_SAVE_AREA FloatSave;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_SEGMENTS.
//
DWORD SegGs;
DWORD SegFs;
DWORD SegEs;
DWORD SegDs;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_INTEGER.
//
DWORD Edi;
DWORD Esi;
DWORD Ebx;
DWORD Edx;
DWORD Ecx;
DWORD Eax;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_CONTROL.
//
DWORD Ebp;
DWORD Eip;
DWORD SegCs; // MUST BE SANITIZED
DWORD EFlags; // MUST BE SANITIZED
DWORD Esp;
DWORD SegSs;
//
// This section is specified/returned if the ContextFlags word
// contains the flag CONTEXT_EXTENDED_REGISTERS.
// The format and contexts are processor specific
//
BYTE ExtendedRegisters[512]; //[MAXIMUM_SUPPORTED_EXTENSION];
};
struct ST;
char a;
int y;
sizeof(ST) = 5
struct ST {
char a;
int y;
} visit;
typedef DWORD unsigned int;
sizeof(DWORD) = 4
struct _FILETIME;
DWORD dwLoDateTime;
DWORD dwHighDateTime;
typedef LPFILETIME _FILETIME*;
sizeof(_FILETIME) = 8
union UT;
char a;
short b;
int c;
long long d;
sizeof(UT) = 8
union UT {
char a;
short b;
int c;
long long d;
} visit;
struct BLUB;
short c;
int d[2];
struct TEST;
int a;
char b;
BLUB e;
int f;
sizeof(TEST) = 19
struct TEST {
int a;
char b;
struct BLUB {
short c;
int[2] {
int d[0];
int d[1];
} d;
} e;
int f;
} visit;
struct POINTEE;
int n;
TEST t;
struct POINTER;
int x;
POINTEE* p;
int y;
struct POINTER {
int x;
POINTEE* p; {
struct POINTEE {
int n;
struct TEST {
int a;
char b;
struct BLUB {
short c;
int[2] {
int d[0];
int d[1];
} d;
} e;
int f;
} t;
} *p;
} p;
int y;
} visit;
struct LIST_ENTRY;
int x;
LIST_ENTRY* next;
int y;
struct LIST_ENTRY {
int x;
LIST_ENTRY* next; {
struct LIST_ENTRY {
int x;
LIST_ENTRY* next; {
struct LIST_ENTRY {
int x;
LIST_ENTRY* next; {
struct LIST_ENTRY {
int x;
LIST_ENTRY* next; {
struct LIST_ENTRY {
int x;
LIST_ENTRY* next;
int y;
} *next;
} next;
int y;
} *next;
} next;
int y;
} *next;
} next;
int y;
} *next;
} next;
int y;
} visit;
struct STRINGTEST;
const char* str;
const wchar_t* wstr;
struct STRINGTEST {
const char* str;
const wchar_t* wstr;
} visit;
int strcasecmp();
const char* s1;
const char* s2;
struct ST
{
char a;
int y;
};
typedef unsigned int DWORD;
struct _FILETIME
{
DWORD dwLoDateTime;
DWORD dwHighDateTime;
};
typedef _FILETIME* LPFILETIME;
union UT
{
char a;
short b;
int c;
long long d;
};
struct BLUB
{
short c;
int d[2];
};
struct TEST
{
int a;
char b;
BLUB e;
int f;
};;;;
struct POINTEE
{
int n;
TEST t;
};;
struct POINTER
{
int x;
POINTEE* p;
int y;
};
struct LIST_ENTRY
{
int x;
LIST_ENTRY* next;;;;
int y;
};
struct STRINGTEST
{
const char* str;
const wchar_t* wstr;
};
{
"types": [
{
"type": "unsigned int",
"name": "DWORD"
},
{
"type": "_FILETIME*",
"name": "LPFILETIME"
}
],
"structs": [
{
"name": "ST",
"members": [
{
"type": "char",
"name": "a",
"arrsize": 0,
"offset": -1
},
{
"type": "int",
"name": "y",
"arrsize": 0,
"offset": -1
}
]
},
{
"name": "_FILETIME",
"members": [
{
"type": "DWORD",
"name": "dwLoDateTime"
},
{
"type": "DWORD",
"name": "dwHighDateTime"
}
]
},
{
"name": "BLUB",
"members": [
{
"type": "short",
"name": "c"
},
{
"type": "int",
"name": "d",
"arrsize": 2
}
]
},
{
"name": "TEST",
"members": [
{
"type": "int",
"name": "a"
},
{
"type": "char",
"name": "b"
},
{
"type": "BLUB",
"name": "e"
},
{
"type": "int",
"name": "f"
}
]
},
{
"name": "POINTEE",
"members": [
{
"type": "int",
"name": "n"
},
{
"type": "TEST",
"name": "t"
}
]
},
{
"name": "POINTER",
"members": [
{
"type": "int",
"name": "x"
},
{
"type": "POINTEE*",
"name": "next"
},
{
"type": "int",
"name": "y"
}
]
},
{
"name": "LIST_ENTRY",
"members": [
{
"type": "int",
"name": "x"
},
{
"type": "LIST_ENTRY*",
"name": "next"
},
{
"type": "int",
"name": "y"
}
]
},
{
"name": "STRINGTEST",
"members": [
{
"type": "const char*",
"name": "str"
},
{
"type": "const wchar_t*",
"name": "wstr"
}
]
}
],
"unions": [
{
"name": "UT",
"members": [
{
"type": "char",
"name": "a"
},
{
"type": "short",
"name": "b"
},
{
"type": "int",
"name": "c"
},
{
"type": "long long",
"name": "d"
}
]
}
],
"functions": [
{
"rettype": "int",
"callconv": "cdecl",
"noreturn": false,
"name": "strcasecmp",
"arguments": [
{
"type": "const char*",
"name": "s1"
},
{
"type": "const char*",
"name": "s2"
}
]
}
]
}
@utkonos
Copy link

utkonos commented May 1, 2020

In the types.json file above, the keys offfset should be offset.

@mrexodia
Copy link
Author

mrexodia commented May 2, 2020

Thank you, I fixed it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment