module Ragweed; end module Ragweed::Wraposx module EFlags CARRY = 0x1 X0 = 0x2 PARITY = 0x4 X1 = 0x8 ADJUST = 0x10 X2 = 0x20 ZERO = 0x40 SIGN = 0x80 TRAP = 0x100 INTERRUPT = 0x200 DIRECTION = 0x400 OVERFLOW = 0x800 IOPL1 = 0x1000 IOPL2 = 0x2000 NESTEDTASK = 0x4000 X3 = 0x8000 RESUME = 0x10000 V86MODE = 0x20000 ALIGNCHECK = 0x40000 VINT = 0x80000 VINTPENDING = 0x100000 CPUID = 0x200000 end end class Ragweed::Wraposx::ThreadContext include Ragweed (FIELDS = [ [:eax, "I"], [:ebx, "I"], [:ecx, "I"], [:edx, "I"], [:edi, "I"], [:esi, "I"], [:ebp, "I"], [:esp, "I"], [:ss, "I"], [:eflags, "I"], [:eip, "I"], [:cs, "I"], [:ds, "I"], [:es, "I"], [:fs, "I"], [:gs, "I"]]).each {|x| attr_accessor x[0]} FIELDTYPES = FIELDS.map {|x| x[1]}.join("") def initialize(str=nil) refresh(str) if str end #(re)loads the data fields from str def refresh(str) if str str.unpack(FIELDTYPES).each_with_index do |val, i| instance_variable_set "@#{ FIELDS[i][0] }".intern, val end end end def to_s FIELDS.map {|f| send(f[0])}.pack(FIELDTYPES) end def self.get(h) Wraposx::thread_suspend(h) r = self.new(Wraposx::thread_get_state_raw(h)) Wraposx::thread_resume(h) return r end def get(h) Wraposx::thread_suspend(h) r = refresh(Wraposx::thread_get_state_raw(h)) Wraposx::thread_resume(h) return r end def set(h) Wraposx::thread_suspend(h) r = Wraposx::thread_set_state_raw(h, self.to_s) Wraposx::thread_resume(h) return end def inspect body = lambda do FIELDS.map do |f| "#{f[0]}=#{send(f[0]).to_s(16)}" end.join(", ") end "#" end def dump(&block) maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end } maybe_dis = lambda {|a| begin; "\n" + block.call(a, 16).distorm.map {|i| " " + i.mnem}.join("\n"); rescue; ""; end } string =<