GetEIP Instruction Pointer Value Practical Reverse Engineering Solutions jumping dummy function parameter argument

 Practical Reverse Engineering Practice  

http://rioshen.logdown.com/posts/220416-practical-reverse-engineering-practice

https://bin.re/blog/practical-reverse-engineering-solutions-page-17/

https://link.springer.com/chapter/10.1007/978-981-19-0336-6_5

Reverse Engineering | SpringerLink

    Version 1 – Based on RET
    Version 2 – Based on JMP
    Version 3 – Based on CALL

https://www.nikj.fr/walkthroughs/prr_ex1/

Practical Reverse Engineering - Ex 1 •
 Tutorial - Setup Remote Kernel Debugging Oct 4, 2021 Setup Remote Kernel Debugging for Kernel Driver development ... ➦
Tutorial - Unpack Self Injection Packer Apr 15, 2021 Malware authors try to hide themselves from antivirus and make analysis harder for analysist. One technique they use is call packing, it means to make the code more obfuscated and unreable. In this post, we'll look at one specific kind of unpacking technique that you can use to finally start the analysis of the real payload. This technique is call Self-Injection. ... ➦ 

 

Reverse  EIP function name   breakpoint  GetProcAddress

https://medium.com/@nebdar/malware-basics-manually-unpacking-5-malware-samples-with-x32-64dbg-pma-labs-4c9b540b5456

Malware Basics: Manually unpacking 5 malware samples with x32-64dbg (PMA labs) | by Chloe Security System | Medium

https://github.com/mikesiko/PracticalMalwareAnalysis-Labs

Finding OEP: We can use OllyDbg or x64-dbg to find the original entry point which is the first instruction before the program was packed, We need to find the tail jump, which is the instruction that jumps from the unpacking stub to the OEP.

"_IMPORT_DESCRIPTOR_KERNEL32" "kernel32.dll" "ADVAPI32"

 OllyDbg OllyDmp plugin

kernel32 advapi32 gdi32 user32 explorer

 IApiTracingDataCollector  Win32 

https://monoinfinito.wordpress.com/series/exception-handling-in-c/

C++ exception handling internals

https://stackoverflow.com/questions/71540648/how-to-get-rtti-from-member-function-pointers

ABI reference c++ CXX ABI

https://github.com/itanium-cxx-abi/cxx-abi

https://itanium-cxx-abi.github.io/cxx-abi/abi.html

Application Binary Interface (ABI) for C++ programs

    Acknowledgements
    Chapter 1: Introduction
        1.1 Definitions
        1.2 Limits
        1.3 Namespace and Header
        1.4 Scope of This ABI
        1.5 Base Documents
    Chapter 2: Data Layout
        2.1 General
        2.2 POD Data Types
        2.3 Member Pointers
        2.4 Non-POD Class Types
        2.5 Virtual Table Layout
        2.6 Virtual Tables During Object Construction
        2.7 Array Operator new Cookies
        2.8 Initialization Guard Variables
        2.9 Run-Time Type Information (RTTI)
    Chapter 3: Code Emission and APIs
        3.1 Functions
        3.2 Virtual Calls
        3.3 Construction and Destruction APIs
        3.4 Demangler API
    Chapter 4: Exception Handling
    Chapter 5: Linkage and Object Files
        5.1 External Names (a.k.a. Mangling)
        5.2 Vague Linkage
        5.3 Unwind Table Location
    Appendix R: Revision History

delphi debug tools External debugging tools EurekaLog CodeSite SmartInspect Log4Delphi TraceFormat SmartInspect TSynLog

 delphi debug tools External debugging tools

    Raize CodeSite.
    Memproof.
    FastMM4.
    GpProfile.
    madExcept.
    JCL Debug(project jedi)

EurekaLog

Debugging | Delphi Programming - Fandom

 https://www.peganza.com/delphi-and-outputdebugstring.html

https://docwiki.embarcadero.com/RADStudio/Alexandria/en/Enabling_logging_for_the_RAD_Studio_debuggers

https://sourceforge.net/projects/tracetool/
https://www.codeproject.com/Articles/5498/TraceTool-The-Swiss-Army-Knife-of-Trace
https://www.gurock.com/smartinspect/
https://code.google.com/archive/redirect/a/code.google.com/p/delphi-code-coverage?movedTo=http:%2F%2Fsourceforge.net%2Fprojects%2Fdelphicodecoverage%2F

CodeSite loggers raize.com/DevTools/CodeSite/
    CodeSite
    SmartInspect
    Log4Delphi
    TraceFormat
SmartInspect
http://blog.synopse.info/post/2011/04/14/Enhanced-logging-in-SynCommons
TSynLog
https://blog.synopse.info/post/2011/08/20/Enhanced-Log-viewer

        Win32 API Debugapi.h
        OutputDebugStringA 函式 (debugapi.h)
        Sysinternals 下載  DebugView v4.90

https://blogs.embarcadero.com/advanced-debugging-and-application-logging-system-for-windows-developers/

https://log4delphi.sourceforge.net/userguide.html
Log4Delphi

https://torry.net/developer-tools/debug-tools/bug-tracking/

MARCO CANTÙ'S DELPHI POWER BOOK MARCO CANTÙ'S Debugging Delphi Programs

EurekaLog
EurekaLog is an advanced debugging tool for Delphi applications
https://github.com/RRUZ/delphi-dev-shell-tools/blob/master/DelphiDevShellTools.dpr
 

10 Essential SQL Commands for Beginners

 10 Essential SQL Commands for Beginners

Learn the 10 most important SQL commands that every beginner should know. These commands will help you to select, insert, update, and delete data from a database.

https://morioh.com/a/37a75da972b5/10-essential-sql-commands-for-beginners

A Much Easier to Use ListView - CodeProject

 
Stats
Revisions (25)
C#2.0
WinForms
A Much Easier to Use ListView
Phillip Piper
Rate me:
4.95/5 (754 votes)
8 Nov 2015
GPL3
110 min read 10.9M   1.9K   2.9K
.NET ListView maxed out on caffeine, guarana and steroids.

 https://www.autoitscript.com/forum/topic/138962-guictrllistview-subitem-icons-cropped/

 https://github.com/dotnet/winforms/issues/2623

https://www.codeproject.com/Articles/16009/A-Much-Easier-to-Use-ListView-2

Multithreading - The Delphi Way

 http://web.archive.org/web/20120423060358/http://www.eonclash.com/tutorials/multithreading/martinharvey1.1/toc.html

http://www.eonclash.com/tutorials/multithreading/martinharvey1.1/toc.html 

https://www.seti.net/engineering/threads/threads.php

© Martin Harvey 2000.
Multithreading - The Delphi Way.
Martin Harvey.
Version 1.0

    Introduction.
    Dedications.
    Recommended Reading.
    Navigation hints.

    Chapter 1. What are threads? Why use them?
    Chapter 2. Creating a thread in Delphi.
    Chapter 3. Basic synchronization.
    Chapter 4. Simple thread destruction.
    Chapter 5. More thread destruction. Deadlock.
    Chapter 6. More synchronization: Critical sections and mutexes.
    Chapter 7. Mutex programming guidelines. Concurrency control.
    Chapter 8. Delphi thread safe classes and Priorities.
    Chapter 9. Semaphores. Data flow scheduling. The producer - consumer relationship.
    Chapter 10. I/O and data flow: from blocking to asynchronous and back.
    Chapter 11. Synchronizers and Events.
    Chapter 12. Miscellanea. Chapter 13. Threads with BDE, Exceptions and DLLs
    Chapter 13. Threads with BDE,Exceptions and DLLs
    Chapter 14. A real world problem, and its solution.

delphi rtti reflection LiveBindings

 delphi rtti reflection 

 https://docwiki.embarcadero.com/RADStudio/Sydney/en/Delphi_RTTI_and_C%2B%2BBuilder

https://csvelocity.wordpress.com/2020/01/08/delphi-rtti-and-the-linker/

http://theclub.com.br/restrito/revistas/201005/rtti1005.aspx

https://docwiki.embarcadero.com/RADStudio/Alexandria/en/LiveBindings_in_RAD_Studio

 https://stackoverflow.com/questions/24559016/delphi-use-reflection-in-a-class-procedure-for-the-getting-dynamic-class-type

TRttiContext(Record) TRttiType TRttiMethod
TRttiField  TRttiProperty
uses
   Sysutils,Classes,Variants,Math;
procedure TForm1.Reflection(obj: TObject);
var
   Context:TRttiContext;
   objType:TRttiType;
   objField:TRttiField;
   objProperty:TRttiProperty;
   objMethod:TRttiMethod;
begin
   Memo1.Lines.Clear;
   objType:=Context.GetType(obj.ClassType);
   //Listando os Campos do objeto
   Memo1.Lines.Add('Campos:');
   for objField in objType.GetFields do
   begin
      Memo1.Lines.Add(objField.Name+' Tipo: '+objField.FieldType.ToString+' Valor: '+objField.GetValue(obj).ToString);
   end;
   // Listando as propriedades do objeto
   Memo1.Lines.Add('');
   Memo1.Lines.Add('Propriedades:');
   for objProperty in objType.GetProperties do
   begin
      Memo1.Lines.Add(objProperty.Name+'Tipo:'+objProperty.PropertyType.ToString+  ‘Valor: '+objProperty.GetValue(obj).ToString);
   end;
   // Listando os métodos do objeto
   Memo1.Lines.Add('');
   Memo1.Lines.Add('Métodos:');
   for objMethod in objType.GetMethods do
   begin
      if not(objMethod.Name<>'GetImc')then // Buscamos apenas por esse método
         Memo1.Lines.Add(objMethod.Name);
   end;
end;

procedure TForm1.Button1Click(Sender: TObject);
var
   objPessoa:Tpessoa;
begin
   objPessoa:=Tpessoa.Create;
   objPessoa.Nome:=EDTNOME.Text;
   objPessoa.Peso:=StrToInt(EDTPESO.Text);
   objPessoa.Altura:=StrToInt(EDTALTURA.Text);
   objPessoa.Idade:=StrToInt(EDTIDADE.Text);
   objPessoa.GetImc;
   Reflection(objPessoa);
end;

delphi rtti reflection get self procedure name getfunctionname EIP

 https://stackoverflow.com/questions/1301254/how-to-get-current-methods-name-in-delphi-7

 https://www.eurekalog.com/help/eurekalog/index.php?debug_information_page_code.php

 https://github.com/synopse/mORMot/blob/master/SynLog.pas

https://synopse.info/files/html/Synopse%20mORMot%20Framework%20SAD%201.18.html#TITL_16 

https://stackoverflow.com/questions/46749517/delphi-how-to-get-the-calling-function-or-function-i-am-in

 http://help.madshi.net/madStackTraceUnit.htm
http://help.madshi.net/madStackTraceRef.htm

https://synopse.info/fossil/finfo?name=SynCommons.pas

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

The unit TestFramework.pas of the DUnit test code that comes with Delphi has a function CallerAddr which (in Delphi 2005) is implemented like this:

function CallerAddr: Pointer; {$IFNDEF CLR} assembler; {$ENDIF}
{$IFDEF CLR}
begin
  Result := nil;
 end;
{$ELSE}
const
  CallerIP = $4;
asm
   mov   eax, ebp
   call  IsBadPointer
   test  eax,eax
   jne   @@Error

   mov   eax, [ebp].CallerIP
   sub   eax, 5   // 5 bytes for call

   push  eax
   call  IsBadPointer
   test  eax,eax
   pop   eax
   je    @@Finish

@@Error:
   xor eax, eax
@@Finish:
end;
{$ENDIF}

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

get current method's name
 

JclDebug.pas

function FileByLevel(const Level: Integer = 0): string;
function ModuleByLevel(const Level: Integer = 0): string;
function ProcByLevel(const Level: Integer = 0): string;
function LineByLevel(const Level: Integer = 0): Integer;
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
GetEIP
 

uses System.Classes, System.SysUtils, System.Rtti;
 
procedure GetEIP(); stdcall;
 
function GetCurrentFuncName(const frm: TObject): string;
implementation
 
var
g_CurrentFuncEIP: NativeUInt;
 
procedure GetEIP(); stdcall;
asm
{$IFDEF WIN32}
POP EAX;
MOV g_CurrentFuncEIP,EAX;
PUSH EAX;
{$ELSE}
POP RAX;
MOV g_CurrentFuncEIP,RAX;
PUSH RAX;
{$ENDIF}
end;
 
function cmpint(List: TStringList; Index1, Index2: Integer): Integer;
begin
Index1 := StrToIntDef(List[Index1], 0);
Index2 := StrToIntDef(List[Index2], 0);
Result := Index1 - Index2;
end;
 
function CheckEIP(const intEIP: Cardinal; const frm: TObject): string;
type
PMethodInfo = ^TMethodInfo;
TMethodInfo = record
strAddress: ShortString;
strFunName: ShortString;
end;
var
rc      : TRttiContext;
rt      : TRttiType;
rm      : TRttiMethod;
sl      : TStringList;
pmi     : PMethodInfo;
intIndex: Integer;
III     : Integer;
begin
rc := TRttiContext.Create;
sl := TStringList.Create;
try
sl.Sorted := False;
rt        := rc.GetType(frm.ClassInfo);
for rm in rt.GetMethods do
begin
pmi             := AllocMem(SizeOf(TMethodInfo));
pmi^.strAddress := ShortString(Format('%d', [Cardinal(rm.CodeAddress)]));
pmi^.strFunName := ShortString(Format('%s', [rm.ToString]));
sl.AddObject(String(pmi.strAddress), TObject(pmi));
end;
{ 加到列表中 }
sl.Append(IntToStr(intEIP));
{ 按整數排序 }
sl.CustomSort(cmpint);
{ 檢索剛加入的在什麼位置 }
intIndex := sl.IndexOf(IntToStr(intEIP));
{ 返回函式名稱 }
if intIndex = 0 then
Result := string(PMethodInfo(sl.Objects[intIndex   1])^.strFunName)
else
Result := string(PMethodInfo(sl.Objects[intIndex - 1])^.strFunName);
{ 釋放記憶體 }
for III := 0 to sl.Count - 1 do
begin
FreeMem(PMethodInfo(sl.Objects[III]));
end;
finally
sl.Free;
rc.Free;
end;
end;
 
function GetCurrentFuncName(const frm: TObject): string;
begin
Result := CheckEIP(g_CurrentFuncEIP, frm);
end;
end.

呼叫方法：

uses untGetFuncName;

procedure TForm1.btn1Click(Sender: TObject);
begin
  GetEIP;
  btn1.Caption := GetCurrentFuncName(Self);

end;


System.TObject.MethodAddress
https://docwiki.embarcadero.com/Libraries/Alexandria/en/System.TObject.MethodAddress
https://github.com/ibv/LDAP-Admin/blob/master/Source/Script.pas
https://github.com/Kryuski/pas2js-for-delphi/blob/master/packages/rtl/system.pas
https://github.com/ying32/duilib-for-Delphi/blob/master/DDuilib/DuiBase.pas
https://github.com/padcom/delcos/blob/master/components/dunit/src/TestFramework.pas
https://docwiki.embarcadero.com/Libraries/Alexandria/en/System.TMethod
https://docwiki.embarcadero.com/CodeExamples/Alexandria/en/Event_RTTI_Invocation_(Delphi)


https://docwiki.embarcadero.com/Libraries/Sydney/en/System.TObject
https://www.thoughtco.com/create-delphi-form-from-a-string-1057672
https://flylib.com/books/en/2.37.1/core_library_classes.html
https://stackoverflow.com/questions/45635147/dynamically-created-object-providing-its-classname-as-a-string-do-not-call-its
https://www.freepascal.org/docs-html/rtl/system/tobject.html
https://blog.xuite.net/peterlee.tw/twblog/211753269


如何得知 exe dll 執行檔 呼叫了 哪些 dll 動態連結檔

/////////////////////////////////////////////////////////////////////////////////////

"getEIP" ASM

var
  EIP: Cardinal;
 
procedure GetEIP(); stdcall;
asm
  pop eax;
  mov EIP,eax;
  push eax;
end;
 
procedure TForm1.Button1Click(Sender: TObject);
begin
  GetEIP();
  ShowMessage('Button1Click, 0x' + IntToHex(EIP, 8));
end;
 
/////////////////////////////////////////////////////////////////////////////////////
Code:   
#include <iostream>
#include <windows.h>

using std::cout;
using std::cin;

#define getEIP(ev) __asm {   \
   __asm call get_eip        \
   __asm sub eax, 5          \
   __asm mov ev, eax         \
}

int main(int argc, char** args) {
   void* eipval;
   getEIP(eipval);
   cout << eipval;
   cin.sync();
   cin.ignore();
   return EXIT_SUCCESS;
   __asm {
      get_eip:
         mov eax, [esp]
         ret
   }
}
https://www.cheatengine.org/forum/viewtopic.php?t=420349&sid=750f1b2e11f1da14391ddc3b00bd02e5
[C++, inline ASM] Getting the value of EIP
/////////////////////////////////////////////////////////////////////////////////////
https://chromium.googlesource.com/experimental/chromium/src/+/59.0.3071.128/third_party/x86inc/x86inc.asm?autodive=0%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F
chromium / experimental / chromium / src / 59.0.3071.128 / . / third_party / x86inc / x86inc.asm
https://github.com/adobe/chromium/blob/master/media/base/simd/x86inc.asm
blob: 7c57f8feb68f47dbfd843f4176e8e43a4460bfe3 [file] [log] [blame]
; Chromium extensions
; LOAD_SYM %1 (reg), %2 (sym)
; Copies the address to a local symbol to the specified register.
%macro LOAD_SYM 2
%ifdef PIC
  call      %%geteip
  add       %1, %2 - $
  jmp       %%end
%%geteip:
  mov       %1, [rsp]
  ret
%%end:
%else
  lea       %1, [%2]
%endif
/////////////////////////////////////////////////////////////////////////////////////
https://github.com/electronicarts/EAThread/blob/master/include/eathread/eathread_callstack.h
https://github.com/rajneshrat/ratos/blob/master/process.c
https://github.com/ntddk/geteip/blob/master/geteip.c

kernel32.dll IsDebuggerPresent
https://learn.microsoft.com/en-us/windows/win32/api/debugapi/nf-debugapi-isdebuggerpresent
        Win32 API Debugapi.h
IsDebuggerPresent function (debugapi.h)

How get EIP from x86 inline assembly by gcc

ShellCode EIP shellcode查找EIP & RIP shellcode是一段用於利用軟體漏洞而執行的代碼
/////////////////////////////////////////////////////////////////////////////////////
 

Physics NVIDIA

 NVIDIA Announces Modulus: A Framework for Developing ...
  Learn how NVIDIA Modulus blends physics and AI to deliver higher fidelity models, enabling more sophisticated and interactive digital twin ...
NVIDIA Modulus. NVIDIA Modulus is an open-source framework for building, training, and fine-tuning Physics-ML models with a simple Python interface.
A Framework for Developing Physics ML Models for Digital ...
NVIDIA Developer Forums
 Originally published at: NVIDIA Announces Modulus: A Framework for Developing Physics ML Models for Digital Twins | NVIDIA Technical Blog
Building Scientifically Accurate Digital Twins Using ...
NVIDIA Developer
 Modulus 22.03, the cutting-edge framework for developing physics-based machine learning models, offers developers key capabilities such as novel ...


TouchDesigner
derivative.ca
https://derivative.ca
Derivative is a software company that offers TouchDesigner, a visual development platform.

  https://developer.nvidia.com/blog/nvidia-announces-modulus-a-framework-for-developing-physics-ml-models-for-digital-twins/
NVIDIA Announces Modulus: A Framework for Developing Physics ML Models for Digital Twins | NVIDIA Technical Blog


physx flex flow designer

java3d physics engine simulation lab library

physx flex simulation physics universal scene description

production mes cost chart analyze downtime reasons ERP

 Manufacturing Execution Systems Software | Bitscape Store

cool vortex tube cool dehumidify cool vortex tube cooler dehumidifier

 
Cooling and dehumidification using vortex tube
ScienceDirect
  The Ranque-Hilsch vortex tube (RHVT) is a small interesting extraordinary mechanical device used as refrigeration machine.

Cooling and dehumidification using vortex tube
ScienceDirect
 The Ranque-Hilsch vortex tube (RHVT) is a small interesting extraordinary mechanical device used as refrigeration machine. An experimental

marketplace source code sell ソースコードを売買するための B2B向けマーケットプレイス

 marketplace source code sell  Buy and Sell Code, Applications, Plugins, Templates ...

description taxonomy hierarchy diagram flowchart source code to diagram a curated awesome open source alternatives hierarchy robot vision

 description taxonomy hierarchy diagram flowchart source code to diagram
a curated awesome open source alternatives hierarchy
awesome similar alternatives competitors
logic coding flow describe diagrams intelligence state stack hierarchy state
business rule language
use ai code performance optimization python to c++
ai code snippet copilot autocomplete

 https://github.com/sindresorhus/awesome#databases

ai kinematic geometric parameters robot
mechanism motion linkage mechanism kinematic verification

tracking multiple objects or rectangles in video
computer vision production assembly line
camera calibration robot eye hand
computer vision ai models nvidia multi camera system. tracker integration

radio hierarchy block communications

mathematical equ latex gnu octave markup language mathml

awesome-drones github quadcopter librepilot ardupilot paparazzi
bridge transducer signal conditioner