diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/decompilers/bytecode/InstructionPrinter.java b/src/main/java/the/bytecode/club/bytecodeviewer/decompilers/bytecode/InstructionPrinter.java index 99e30f6e..f3f27ca7 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/decompilers/bytecode/InstructionPrinter.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/decompilers/bytecode/InstructionPrinter.java @@ -69,6 +69,8 @@ public class InstructionPrinter { protected List matchedInsns; protected Map labels; + private boolean firstLabel = false; + private ArrayList info = new ArrayList<>(); public InstructionPrinter(MethodNode m, TypeAndName[] args) { this.args = args; @@ -99,64 +101,17 @@ public class InstructionPrinter { * @return The print as an ArrayList */ public ArrayList createPrint() { - ArrayList info = new ArrayList<>(); + firstLabel = false; + info.clear(); ListIterator it = mNode.instructions.iterator(); - boolean firstLabel = false; while (it.hasNext()) { AbstractInsnNode ain = (AbstractInsnNode) it.next(); - String line = ""; - if (ain instanceof VarInsnNode) { - line = printVarInsnNode((VarInsnNode) ain); - } else if (ain instanceof IntInsnNode) { - line = printIntInsnNode((IntInsnNode) ain); - } else if (ain instanceof FieldInsnNode) { - line = printFieldInsnNode((FieldInsnNode) ain); - } else if (ain instanceof MethodInsnNode) { - line = printMethodInsnNode((MethodInsnNode) ain); - } else if (ain instanceof LdcInsnNode) { - line = printLdcInsnNode((LdcInsnNode) ain); - } else if (ain instanceof InsnNode) { - line = printInsnNode((InsnNode) ain); - } else if (ain instanceof JumpInsnNode) { - line = printJumpInsnNode((JumpInsnNode) ain); - } else if (ain instanceof LineNumberNode) { - line = printLineNumberNode(); - } else if (ain instanceof LabelNode) { - if (firstLabel - && BytecodeViewer.viewer.appendBracketsToLabels - .isSelected()) - info.add("}"); - - line = printLabelnode((LabelNode) ain); - - if (BytecodeViewer.viewer.appendBracketsToLabels.isSelected()) { - if (!firstLabel) - firstLabel = true; - line += " {"; - } - } else if (ain instanceof TypeInsnNode) { - line = printTypeInsnNode((TypeInsnNode) ain); - } else if (ain instanceof FrameNode) { - line = printFrameNode((FrameNode) ain); - } else if (ain instanceof IincInsnNode) { - line = printIincInsnNode((IincInsnNode) ain); - } else if (ain instanceof TableSwitchInsnNode) { - line = printTableSwitchInsnNode((TableSwitchInsnNode) ain); - } else if (ain instanceof LookupSwitchInsnNode) { - line = printLookupSwitchInsnNode((LookupSwitchInsnNode) ain); - } else if (ain instanceof InvokeDynamicInsnNode) { - line = printInvokeDynamicInsNode((InvokeDynamicInsnNode) ain); - } else if (ain instanceof MultiANewArrayInsnNode) { - line = printMultiANewArrayInsNode((MultiANewArrayInsnNode) ain); - } else { - line += "UNADDED OPCODE: " + nameOpcode(ain.getOpcode()) + " " - + ain; - } + String line = printInstruction(ain); if (!line.isEmpty()) { if (match) if (matchedInsns.contains(ain)) line = " -> " + line; - + info.add(line); } } @@ -165,6 +120,60 @@ public class InstructionPrinter { info.add("}"); return info; } + + public String printInstruction(AbstractInsnNode ain) + { + String line = ""; + if (ain instanceof VarInsnNode) { + line = printVarInsnNode((VarInsnNode) ain); + } else if (ain instanceof IntInsnNode) { + line = printIntInsnNode((IntInsnNode) ain); + } else if (ain instanceof FieldInsnNode) { + line = printFieldInsnNode((FieldInsnNode) ain); + } else if (ain instanceof MethodInsnNode) { + line = printMethodInsnNode((MethodInsnNode) ain); + } else if (ain instanceof LdcInsnNode) { + line = printLdcInsnNode((LdcInsnNode) ain); + } else if (ain instanceof InsnNode) { + line = printInsnNode((InsnNode) ain); + } else if (ain instanceof JumpInsnNode) { + line = printJumpInsnNode((JumpInsnNode) ain); + } else if (ain instanceof LineNumberNode) { + line = printLineNumberNode(); + } else if (ain instanceof LabelNode) { + if (firstLabel + && BytecodeViewer.viewer.appendBracketsToLabels + .isSelected()) + info.add("}"); + + line = printLabelnode((LabelNode) ain); + + if (BytecodeViewer.viewer.appendBracketsToLabels.isSelected()) { + if (!firstLabel) + firstLabel = true; + line += " {"; + } + } else if (ain instanceof TypeInsnNode) { + line = printTypeInsnNode((TypeInsnNode) ain); + } else if (ain instanceof FrameNode) { + line = printFrameNode((FrameNode) ain); + } else if (ain instanceof IincInsnNode) { + line = printIincInsnNode((IincInsnNode) ain); + } else if (ain instanceof TableSwitchInsnNode) { + line = printTableSwitchInsnNode((TableSwitchInsnNode) ain); + } else if (ain instanceof LookupSwitchInsnNode) { + line = printLookupSwitchInsnNode((LookupSwitchInsnNode) ain); + } else if (ain instanceof InvokeDynamicInsnNode) { + line = printInvokeDynamicInsNode((InvokeDynamicInsnNode) ain); + } else if (ain instanceof MultiANewArrayInsnNode) { + line = printMultiANewArrayInsNode((MultiANewArrayInsnNode) ain); + } else { + line += "UNADDED OPCODE: " + nameOpcode(ain.getOpcode()) + " " + + ain; + } + + return line; + } protected String printVarInsnNode(VarInsnNode vin) { StringBuilder sb = new StringBuilder(); diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareCodeScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareCodeScanner.java index 27024963..f1e4d957 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareCodeScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareCodeScanner.java @@ -2,6 +2,7 @@ package the.bytecode.club.bytecodeviewer.malwarescanner; import org.objectweb.asm.tree.*; import the.bytecode.club.bytecodeviewer.BytecodeViewer; +import the.bytecode.club.bytecodeviewer.decompilers.bytecode.InstructionPrinter; import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString; /** @@ -12,6 +13,7 @@ import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString; */ public abstract class MalwareCodeScanner implements CodeScanner { + private final InstructionPrinter instructionPrinter = new InstructionPrinter(null, null); public MalwareScanModule module; public abstract void scanFieldString(MalwareScan scan, ClassNode cn, FieldNode field, SearchableString string); @@ -79,6 +81,11 @@ public abstract class MalwareCodeScanner implements CodeScanner return cn.name + "." + method.name + "(" + method.desc + ")"; } + public String instructionToString(AbstractInsnNode instruction) + { + return instructionPrinter.printInstruction(instruction).trim(); + } + public String header() { String header = String.format("%30s", (module.getReadableName() + " ->\t")); diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/AWTRobotScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/AWTRobotScanner.java index 74c70f52..1385d03e 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/AWTRobotScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/AWTRobotScanner.java @@ -38,7 +38,7 @@ public class AWTRobotScanner extends MalwareCodeScanner { final MethodInsnNode min = (MethodInsnNode) instruction; if (min.owner.startsWith("java/awt/Robot")) - foundMethod(scan, methodToString(cn, method) + nl); + foundMethod(scan, instructionToString(instruction) + " at " + methodToString(cn, method) + nl); } } } \ No newline at end of file diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaIOScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaIOScanner.java index f40dbeae..792751fe 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaIOScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaIOScanner.java @@ -26,7 +26,7 @@ public class JavaIOScanner extends MalwareCodeScanner { final MethodInsnNode min = (MethodInsnNode) instruction; if (min.owner.startsWith("java/io")) - foundMethod(scan, methodToString(cn, method) + nl); + foundMethod(scan, instructionToString(instruction) + " at " + methodToString(cn, method) + nl); } } } \ No newline at end of file diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaNetScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaNetScanner.java index 5f786386..7a194ef7 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaNetScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaNetScanner.java @@ -27,7 +27,7 @@ public class JavaNetScanner extends MalwareCodeScanner { final MethodInsnNode min = (MethodInsnNode) instruction; if (min.owner.startsWith("java/net")) - foundMethod(scan, methodToString(cn, method) + nl); + foundMethod(scan, instructionToString(instruction) + " at " + methodToString(cn, method) + nl); } } } \ No newline at end of file diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaRuntimeScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaRuntimeScanner.java index 948b87f5..18f9b427 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaRuntimeScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaRuntimeScanner.java @@ -38,7 +38,7 @@ public class JavaRuntimeScanner extends MalwareCodeScanner { final MethodInsnNode min = (MethodInsnNode) instruction; if (min.owner.startsWith("java/lang/Runtime")) - foundMethod(scan, methodToString(cn, method) + nl); + foundMethod(scan, instructionToString(instruction) + " at " + methodToString(cn, method) + nl); } } } \ No newline at end of file diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/ReflectionScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/ReflectionScanner.java index dae795dd..e7cfe14b 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/ReflectionScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/ReflectionScanner.java @@ -29,7 +29,7 @@ public class ReflectionScanner extends MalwareCodeScanner { final MethodInsnNode min = (MethodInsnNode) instruction; if (min.owner.startsWith("java/lang/reflect")) - foundMethod(scan, methodToString(cn, method) + nl); + foundMethod(scan, instructionToString(instruction) + " at " + methodToString(cn, method) + nl); } } } \ No newline at end of file