2023年11月9日 星期四

delphi rtti reflection get self procedure name getfunctionname EIP

 https://stackoverflow.com/questions/1301254/how-to-get-current-methods-name-in-delphi-7

 https://www.eurekalog.com/help/eurekalog/index.php?debug_information_page_code.php

 https://github.com/synopse/mORMot/blob/master/SynLog.pas

https://synopse.info/files/html/Synopse%20mORMot%20Framework%20SAD%201.18.html#TITL_16 

https://stackoverflow.com/questions/46749517/delphi-how-to-get-the-calling-function-or-function-i-am-in

 http://help.madshi.net/madStackTraceUnit.htm
http://help.madshi.net/madStackTraceRef.htm

https://synopse.info/fossil/finfo?name=SynCommons.pas


/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

The unit TestFramework.pas of the DUnit test code that comes with Delphi has a function CallerAddr which (in Delphi 2005) is implemented like this:

function CallerAddr: Pointer; {$IFNDEF CLR} assembler; {$ENDIF}
{$IFDEF CLR}
begin
  Result := nil;
 end;
{$ELSE}
const
  CallerIP = $4;
asm
   mov   eax, ebp
   call  IsBadPointer
   test  eax,eax
   jne   @@Error

   mov   eax, [ebp].CallerIP
   sub   eax, 5   // 5 bytes for call

   push  eax
   call  IsBadPointer
   test  eax,eax
   pop   eax
   je    @@Finish

@@Error:
   xor eax, eax
@@Finish:
end;
{$ENDIF}

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////


get current method's name
 

JclDebug.pas

function FileByLevel(const Level: Integer = 0): string;
function ModuleByLevel(const Level: Integer = 0): string;
function ProcByLevel(const Level: Integer = 0): string;
function LineByLevel(const Level: Integer = 0): Integer;
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
GetEIP
 

uses System.Classes, System.SysUtils, System.Rtti;
 
procedure GetEIP(); stdcall;
 
function GetCurrentFuncName(const frm: TObject): string;
implementation
 
var
g_CurrentFuncEIP: NativeUInt;
 
procedure GetEIP(); stdcall;
asm
{$IFDEF WIN32}
POP EAX;
MOV g_CurrentFuncEIP,EAX;
PUSH EAX;
{$ELSE}
POP RAX;
MOV g_CurrentFuncEIP,RAX;
PUSH RAX;
{$ENDIF}
end;
 
function cmpint(List: TStringList; Index1, Index2: Integer): Integer;
begin
Index1 := StrToIntDef(List[Index1], 0);
Index2 := StrToIntDef(List[Index2], 0);
Result := Index1 - Index2;
end;
 
function CheckEIP(const intEIP: Cardinal; const frm: TObject): string;
type
PMethodInfo = ^TMethodInfo;
TMethodInfo = record
strAddress: ShortString;
strFunName: ShortString;
end;
var
rc      : TRttiContext;
rt      : TRttiType;
rm      : TRttiMethod;
sl      : TStringList;
pmi     : PMethodInfo;
intIndex: Integer;
III     : Integer;
begin
rc := TRttiContext.Create;
sl := TStringList.Create;
try
sl.Sorted := False;
rt        := rc.GetType(frm.ClassInfo);
for rm in rt.GetMethods do
begin
pmi             := AllocMem(SizeOf(TMethodInfo));
pmi^.strAddress := ShortString(Format('%d', [Cardinal(rm.CodeAddress)]));
pmi^.strFunName := ShortString(Format('%s', [rm.ToString]));
sl.AddObject(String(pmi.strAddress), TObject(pmi));
end;
{ 加到列表中 }
sl.Append(IntToStr(intEIP));
{ 按整數排序 }
sl.CustomSort(cmpint);
{ 檢索剛加入的在什麼位置 }
intIndex := sl.IndexOf(IntToStr(intEIP));
{ 返回函式名稱 }
if intIndex = 0 then
Result := string(PMethodInfo(sl.Objects[intIndex   1])^.strFunName)
else
Result := string(PMethodInfo(sl.Objects[intIndex - 1])^.strFunName);
{ 釋放記憶體 }
for III := 0 to sl.Count - 1 do
begin
FreeMem(PMethodInfo(sl.Objects[III]));
end;
finally
sl.Free;
rc.Free;
end;
end;
 
function GetCurrentFuncName(const frm: TObject): string;
begin
Result := CheckEIP(g_CurrentFuncEIP, frm);
end;
end.

呼叫方法:

uses untGetFuncName;

procedure TForm1.btn1Click(Sender: TObject);
begin
  GetEIP;
  btn1.Caption := GetCurrentFuncName(Self);

end;


System.TObject.MethodAddress
https://docwiki.embarcadero.com/Libraries/Alexandria/en/System.TObject.MethodAddress
https://github.com/ibv/LDAP-Admin/blob/master/Source/Script.pas
https://github.com/Kryuski/pas2js-for-delphi/blob/master/packages/rtl/system.pas
https://github.com/ying32/duilib-for-Delphi/blob/master/DDuilib/DuiBase.pas
https://github.com/padcom/delcos/blob/master/components/dunit/src/TestFramework.pas
https://docwiki.embarcadero.com/Libraries/Alexandria/en/System.TMethod
https://docwiki.embarcadero.com/CodeExamples/Alexandria/en/Event_RTTI_Invocation_(Delphi)


https://docwiki.embarcadero.com/Libraries/Sydney/en/System.TObject
https://www.thoughtco.com/create-delphi-form-from-a-string-1057672
https://flylib.com/books/en/2.37.1/core_library_classes.html
https://stackoverflow.com/questions/45635147/dynamically-created-object-providing-its-classname-as-a-string-do-not-call-its
https://www.freepascal.org/docs-html/rtl/system/tobject.html
https://blog.xuite.net/peterlee.tw/twblog/211753269


如何得知 exe dll 執行檔 呼叫了 哪些 dll 動態連結檔

/////////////////////////////////////////////////////////////////////////////////////

"getEIP" ASM

var
  EIP: Cardinal;
 
procedure GetEIP(); stdcall;
asm
  pop eax;
  mov EIP,eax;
  push eax;
end;
 
procedure TForm1.Button1Click(Sender: TObject);
begin
  GetEIP();
  ShowMessage('Button1Click, 0x' + IntToHex(EIP, 8));
end;
 
/////////////////////////////////////////////////////////////////////////////////////
Code:   
#include <iostream>
#include <windows.h>

using std::cout;
using std::cin;

#define getEIP(ev) __asm {   \
   __asm call get_eip        \
   __asm sub eax, 5          \
   __asm mov ev, eax         \
}

int main(int argc, char** args) {
   void* eipval;
   getEIP(eipval);
   cout << eipval;
   cin.sync();
   cin.ignore();
   return EXIT_SUCCESS;
   __asm {
      get_eip:
         mov eax, [esp]
         ret
   }
}
https://www.cheatengine.org/forum/viewtopic.php?t=420349&sid=750f1b2e11f1da14391ddc3b00bd02e5
[C++, inline ASM] Getting the value of EIP
/////////////////////////////////////////////////////////////////////////////////////
https://chromium.googlesource.com/experimental/chromium/src/+/59.0.3071.128/third_party/x86inc/x86inc.asm?autodive=0%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F
chromium / experimental / chromium / src / 59.0.3071.128 / . / third_party / x86inc / x86inc.asm
https://github.com/adobe/chromium/blob/master/media/base/simd/x86inc.asm
blob: 7c57f8feb68f47dbfd843f4176e8e43a4460bfe3 [file] [log] [blame]
; Chromium extensions
; LOAD_SYM %1 (reg), %2 (sym)
; Copies the address to a local symbol to the specified register.
%macro LOAD_SYM 2
%ifdef PIC
  call      %%geteip
  add       %1, %2 - $
  jmp       %%end
%%geteip:
  mov       %1, [rsp]
  ret
%%end:
%else
  lea       %1, [%2]
%endif
/////////////////////////////////////////////////////////////////////////////////////
https://github.com/electronicarts/EAThread/blob/master/include/eathread/eathread_callstack.h
https://github.com/rajneshrat/ratos/blob/master/process.c
https://github.com/ntddk/geteip/blob/master/geteip.c

kernel32.dll IsDebuggerPresent
https://learn.microsoft.com/en-us/windows/win32/api/debugapi/nf-debugapi-isdebuggerpresent
        Win32 API Debugapi.h
IsDebuggerPresent function (debugapi.h)

How get EIP from x86 inline assembly by gcc

ShellCode EIP shellcode查找EIP & RIP shellcode是一段用於利用軟體漏洞而執行的代碼
/////////////////////////////////////////////////////////////////////////////////////
 


標籤:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)