From 41b1830e70b8c48f59aea4c55b96e8de2080ecd6 Mon Sep 17 00:00:00 2001
From: Pinwhell <60289470+pinwhell@users.noreply.github.com>
Date: Sun, 9 Apr 2023 08:11:53 -0700
Subject: [PATCH] Added Capability of Combining Results

---
 OffsetHunter/HardcodedOffsetInfo.cpp |  6 ++---
 OffsetHunter/IOffset.cpp             | 17 +++++++++++++
 OffsetHunter/IOffset.h               |  6 ++++-
 OffsetHunter/OffsetClassifier.cpp    |  5 +++-
 OffsetHunter/OffsetInfo.cpp          | 38 +++++++++++++++++++++++++++-
 OffsetHunter/OffsetInfo.h            |  2 ++
 OffsetHunter/SingleDumpTarget.cpp    | 24 ++++++++++++++++++
 OffsetHunter/SingleDumpTarget.h      |  4 +++
 8 files changed, 95 insertions(+), 7 deletions(-)

diff --git a/OffsetHunter/HardcodedOffsetInfo.cpp b/OffsetHunter/HardcodedOffsetInfo.cpp
index 38f2156..8868aa4 100644
--- a/OffsetHunter/HardcodedOffsetInfo.cpp
+++ b/OffsetHunter/HardcodedOffsetInfo.cpp
@@ -10,12 +10,10 @@ bool HardcodedOffsetInfo::Init()
 
 void HardcodedOffsetInfo::ComputeOffset()
 {
-    if (JSON_ASSERT(mOffsetInfo.getMetadata(), "value") == false)
-        return;
-
     uintptr_t value = mOffsetInfo.getMetadata().get<uintptr_t>("value", 0);
+    size_t disp = mOffsetInfo.getMetadata().get<uintptr_t>("disp", 0);
 
-    mOffsetInfo.setFinalOffset(value);
+    mOffsetInfo.setFinalOffset(value + disp);
 
     return;
 }
diff --git a/OffsetHunter/IOffset.cpp b/OffsetHunter/IOffset.cpp
index 9e614b1..0a808e5 100644
--- a/OffsetHunter/IOffset.cpp
+++ b/OffsetHunter/IOffset.cpp
@@ -12,6 +12,8 @@ bool IOffset::Init()
 	if (mOffsetInfo.Init() == false)
 		return false;
 
+	mParent->LinkOffsetWithName(mOffsetInfo.getName(), this);
+
 	return true;
 }
 
@@ -96,5 +98,20 @@ ObfuscationManager* IOffset::getObfuscationManager()
 	return mTargetMgr->getObfuscationManager();
 }
 
+OffsetInfo* IOffset::getOffsetInfo()
+{
+	return &mOffsetInfo;
+}
+
+void IOffset::OnParentTargetFinish()
+{
+	mOffsetInfo.OnParentTargetFinish();
+}
+
 void IOffset::ComputeJsonResult()
 {}
+
+bool IOffset::WasComputed()
+{
+	return mOffsetInfo.WasComputed();
+}
diff --git a/OffsetHunter/IOffset.h b/OffsetHunter/IOffset.h
index 3bb0d1b..80dc9d6 100644
--- a/OffsetHunter/IOffset.h
+++ b/OffsetHunter/IOffset.h
@@ -53,7 +53,11 @@ class IOffset : public IChild<SingleDumpTarget>
 	ICapstoneHelper* getCapstoneHelper();
 	JsonValueWrapper* getResultJson();
 	ObfuscationManager* getObfuscationManager();
-	
+	OffsetInfo* getOffsetInfo();
+
+	virtual void OnParentTargetFinish();
 	virtual void ComputeJsonResult();
+
+	bool WasComputed();
 };
 
diff --git a/OffsetHunter/OffsetClassifier.cpp b/OffsetHunter/OffsetClassifier.cpp
index d8f4bea..75f233e 100644
--- a/OffsetHunter/OffsetClassifier.cpp
+++ b/OffsetHunter/OffsetClassifier.cpp
@@ -9,8 +9,11 @@ void OffsetClassifier::Classify(JsonValueWrapper& metadata, std::unique_ptr<IOff
     std::unordered_map<std::string, std::vector<std::string>> signatureTypes;
 
     bool bContainsValue = JSON_ASSERT(metadata, "value");
+    bool bContainsCombine = JSON_ASSERT(metadata, "combine");
+    bool bContainsPattern = JSON_ASSERT(metadata, "pattern");
 
-    if (bContainsValue == true)
+    if (bContainsValue == true ||
+        bContainsCombine && bContainsPattern == false)
         outOffset = std::move(std::make_unique<HardcodedOffsetInfo>());
     else 
         outOffset = std::move(std::make_unique<FutureOffset>());
diff --git a/OffsetHunter/OffsetInfo.cpp b/OffsetHunter/OffsetInfo.cpp
index 0365081..a4257af 100644
--- a/OffsetHunter/OffsetInfo.cpp
+++ b/OffsetHunter/OffsetInfo.cpp
@@ -90,7 +90,7 @@ const std::string& OffsetInfo::getComment()
 
 uint64_t OffsetInfo::getFinalOffset()
 {
-	return mFinalOffset;
+	return mFinalOffset == ERR_INVALID_OFFSET ? 0 : mFinalOffset;
 }
 
 uint64_t OffsetInfo::getFinalObfOffset()
@@ -174,3 +174,39 @@ ObfuscationManager* OffsetInfo::getObfuscationManager()
 {
 	return mParent->getObfuscationManager();
 }
+
+void OffsetInfo::OnParentTargetFinish()
+{
+	if (JSON_ASSERT(mMetadata, "combine") == false)
+		return;
+
+	JsonValueWrapper combineWithNames = mMetadata["combine"];
+
+	if (combineWithNames.isArray() == false)
+		return;
+
+	for (uint32_t i = 0; i < combineWithNames.size(); i++)
+	{
+		std::string combiningWith = combineWithNames[i].asString();
+		IOffset* curr = mParent->getParent()->getOffsetByName(combiningWith);
+
+		if (curr == nullptr)
+		{
+			printf("\"%s\" trying to combine with a non existing offset \"%s\"\n", mUIdentifier.c_str(), combiningWith.c_str());
+			continue;
+		}
+
+		if (curr->WasComputed() == false)
+		{
+			printf("\"%s\" trying to combine with a non computed offset \"%s\"\n", mUIdentifier.c_str(), combiningWith.c_str());
+			continue;
+		}
+
+		setFinalOffset(getFinalOffset() + curr->getOffsetInfo()->getFinalOffset());
+	}
+}
+
+bool OffsetInfo::WasComputed()
+{
+	return mFinalOffset != ERR_INVALID_OFFSET;
+}
diff --git a/OffsetHunter/OffsetInfo.h b/OffsetHunter/OffsetInfo.h
index bba2c29..bb22d1f 100644
--- a/OffsetHunter/OffsetInfo.h
+++ b/OffsetHunter/OffsetInfo.h
@@ -58,5 +58,7 @@ class OffsetInfo : public IChild<IOffset>
 
 	std::string getUidentifier();
 	ObfuscationManager* getObfuscationManager();
+	void OnParentTargetFinish();
+	bool WasComputed();
 };
 
diff --git a/OffsetHunter/SingleDumpTarget.cpp b/OffsetHunter/SingleDumpTarget.cpp
index 9a79970..72c982e 100644
--- a/OffsetHunter/SingleDumpTarget.cpp
+++ b/OffsetHunter/SingleDumpTarget.cpp
@@ -142,6 +142,14 @@ void SingleDumpTarget::ComputeAll()
 {
 	for (auto& kv : mOffsets)
 		kv.second->ComputeOffset();
+
+	DispatchFinishEventAll();
+}
+
+void SingleDumpTarget::DispatchFinishEventAll()
+{
+	for (auto& kv : mOffsets)
+		kv.second->OnParentTargetFinish();
 }
 
 std::string SingleDumpTarget::getCategoryName()
@@ -210,6 +218,22 @@ JsonValueWrapper* SingleDumpTarget::getResultJson()
 	return mParent->getResultJson();
 }
 
+IOffset* SingleDumpTarget::getOffsetByName(const std::string& name)
+{
+	for (auto& kv : mOffsetsByName)
+	{
+		if (kv.first == name)
+			return kv.second;
+	}
+
+	return nullptr;
+}
+
+void SingleDumpTarget::LinkOffsetWithName(const std::string& name, IOffset* off)
+{
+	mOffsetsByName[name] = off;
+}
+
 void SingleDumpTarget::ComputeJsonResult()
 {
 	for (auto& currOff : mOffsets)
diff --git a/OffsetHunter/SingleDumpTarget.h b/OffsetHunter/SingleDumpTarget.h
index cee7442..1597ef1 100644
--- a/OffsetHunter/SingleDumpTarget.h
+++ b/OffsetHunter/SingleDumpTarget.h
@@ -18,6 +18,7 @@ class SingleDumpTarget : public IDumpTarget, public IChild<DumpTargetGroup>
 	std::string mCategoryName;
 	std::string mCategoryObjName; // by default "m" + mCategoryName
 	std::unordered_map<IOffset*, std::unique_ptr<IOffset>> mOffsets;
+	std::unordered_map<std::string, IOffset*> mOffsetsByName;
 	ICapstoneHelper* mCapstoneHelper;
 	std::string mTargetMetadataPath;
 	JsonValueWrapper mTargetMetadataRoot;
@@ -41,6 +42,7 @@ class SingleDumpTarget : public IDumpTarget, public IChild<DumpTargetGroup>
 	void RemoveOffset(IOffset* offset);
 
 	void ComputeAll();
+	void DispatchFinishEventAll();
 
 	std::string getCategoryName();
 
@@ -56,6 +58,8 @@ class SingleDumpTarget : public IDumpTarget, public IChild<DumpTargetGroup>
 	HeaderFileManager* getHppWriter();
 	ICapstoneHelper* getCapstoneHelper();
 	JsonValueWrapper* getResultJson();
+	IOffset* getOffsetByName(const std::string& name);
+	void LinkOffsetWithName(const std::string& name, IOffset* off);
 
 	void ComputeJsonResult();
 };