Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class CSDWin32 : public CX86Debugger
- {
- ALT::TString<char,0,8> m_ProcessFileName;
- std::map<unsigned long, HANDLE> m_ThreadIdMap;
- unsigned long m_dwThreadId;
- HANDLE m_hDbgThread;
- HANDLE m_hProcess;
- unsigned long m_dwCurentProcessId;
- CONTEXT m_Context;
- unsigned long m_ExceptionAddress;
- HANDLE m_hDbgEvent;
- bool m_bSuspend;
- bool m_Terminate;
- bool m_Attached;
- unsigned long m_StepCount;
- public:
- CSDWin32();
- virtual ~CSDWin32();
- bool InsertHandle(unsigned long dwThreadId, HANDLE hThread);
- bool RemoveHandle(unsigned long dwThreadId);
- bool DebugException(unsigned int Type);
- bool ReadPE(unsigned long BaseAddress, PE_HEAD *pPEHead);
- unsigned int ProcessDebugEvent(DEBUG_EVENT *pEvent);
- static unsigned int ThreadProc(void *pData);
- virtual void Release();
- virtual bool Open(const char *Name);
- virtual bool Close();
- virtual unsigned long WriteMemory(unsigned long Address, void *Buffer, unsigned long Size);
- virtual unsigned long ReadMemory(unsigned long Address, void *Buffer, unsigned long Size);
- bool SaveRegisters(unsigned long dwThreadId);
- bool UpdateRegisters(unsigned long dwThreadId);
- bool StepBack();
- virtual bool SaveRegisters();
- virtual bool UpdateRegisters();
- virtual bool SetHWCodeBreakPoint(const BREAK_POINT & BP);
- virtual bool ClearHWCodeBreakPoint(const BREAK_POINT & BP);
- virtual bool SetHWDataBreakPoint(const BREAK_POINT & BP);
- virtual bool ClearHWDataBreakPoint(const BREAK_POINT & BP);
- virtual bool SetSingleStep();
- virtual bool RemoveSingleStep();
- virtual bool ContinueDebug(int);
- virtual void GetX86RegPtr(X86_CPU_REG_PTR *pCPURegPtr);
- virtual void GetX86RegPtr(X86_CPU_REG_PTR *pCPURegPtr, int nCPU);
- virtual bool GetSegBase(unsigned long Base, unsigned long *pAddress, unsigned long *pBits);
- };
- export void GetFileFilter(char *Filter);
- export void GetInfo(char *pInfo);
- export void *CreateDebugger(CSyserUI *pSyserUI)
- ///////
- CSDWin32::CSDWin32()
- {
- m_dwCurentProcessId = GetCurrentProcess();
- m_bSuspend = false;
- m_Terminate = false;
- m_hProcess = 0;
- m_pEIP = &m_Context._Eip;
- }
- CSDWin32::~CSDWin32()
- {
- }
- bool CSDWin32::Open(const char *Name)
- {
- if (!(gpLocalFileIO->IsFileExist(Name) && TStrNICmp(Name, "\\PID:", 5))
- return 0;
- if (!CDebugger::Open(Name))
- return 0;
- unsigned long ThreadId;
- m_ProcessFileName.Set(Name);
- m_hDbgEvent = CreateEventA(0, 0, 0, 0);
- m_hDbgThread = CreateThread(0, 0,
- (LPTHREAD_START_ROUTINE)CSDWin32::ThreadProc, this, 0, (LPDWORD)&ThreadId);
- if (!m_hDbgThread)
- {
- CloseHandle(m_hDbgEvent);
- CDebugger::Close();
- return false;
- }
- WaitForSingleObject(m_hDbgEvent, 0xFFFFFFFF);
- if (!m_dwProcessId)
- {
- CloseHandle(m_hDbgEvent);
- CDebugger::Close();
- return false;
- }
- return true;
- }
- bool CSDWin32::Close()
- {
- if (!m_hProcess)
- return CDebugger::Close();
- CloseHandle(m_hProcess);
- m_hProcess = OpenProcess(1, 0, m_dwProcessId);
- if (!TerminateProcess(m_hProcess, 0))
- return false;
- CloseHandle(m_hProcess);
- m_hProcess = 0;
- m_Terminate = true;
- ContinueDebug(1);
- CloseHandle(m_hDbgEvent);
- return CDebugger::Close();
- }
- void CSDWin32::Release()
- {
- CDebugger::Release();
- delete this;
- }
- bool CSDWin32::InsertHandle(unsigned long dwThreadId, HANDLE hThread)
- {
- std::pair<std::map<unsigned long, HANDLE>::iterator, bool> ret =
- m_ThreadIdMap.insert(std::pair<unsigned long, HANDLE>(dwThreadId,0));
- if (ret.second == false)
- return false;
- return DuplicateHandle(m_dwCurentProcessId, hThreadId, m_dwCurentProcessId,
- &ret.first->second, 0x5A, 0, 0) != 0;
- // PROCESS_DUP_HANDLE //0x40
- // PROCESS_VM_READ //0x10
- // PROCESS_VM_OPERATION //0x08
- // PROCESS_CREATE_THREAD //0x02
- }
- bool CSDWin32::RemoveHandle(unsigned long dwThreadId)
- {
- return m_ThreadIdMap.erase(dwThreadId) != 0;
- }
- void CSDWin32::DebugException(unsigned int Type)
- {
- m_pDebugInterface->OnDebugException(Type);
- }
- bool CSDWin32::SaveRegisters(unsigned long dwThreadId)
- {
- std::map<unsigned long, HANDLE>::iterator It = m_ThreadIdMap.find(dwThreadId);
- if (It == m_ThreadIdMap.end())
- return false;
- m_Context.ContextFlags = CONTEXT_i386 | //0x10000
- CONTEXT_DEBUG_REGISTERS | //0x00010
- CONTEXT_EXTENDED_REGISTERS | //0x00020
- CONTEXT_SEGMENTS | //0x00004
- CONTEXT_INTEGER | //0x00002
- CONTEXT_CONTROL; //0x00001 //0x1003F;
- return GetThreadContext(It->second, &m_Context) != 0;
- }
- bool CSDWin32::UpdateRegisters(unsigned long dwThreadId)
- {
- std::map<unsigned long, HANDLE>::iterator It = m_ThreadIdMap.find(dwThreadId);
- if (It == m_ThreadIdMap.end())
- return false;
- m_Context.ContextFlags = CONTEXT_i386 | //0x10000
- CONTEXT_CONTROL | //0x00001
- CONTEXT_INTEGER | //0x00002
- CONTEXT_SEGMENTS | //0x00004
- CONTEXT_DEBUG_REGISTERS; //0x00010 //0x10017;
- return SetThreadContext(It->second, &m_Context) != 0;
- }
- bool CSDWin32::StepBack()
- {
- if (!SaveRegisters(dwTheadId))
- return false;
- --m_Context._Eip;
- return UpdateRegisters(dwTheadId) != 0;
- }
- unsigned long CSDWin32::WriteMemory(unsigned long Address, void *Buffer, unsigned long Size)
- {
- unsigned int WRSize = 0;
- if (!WriteProcessMemory(m_hProcess, Address, Buffer, Size, (SIZE_T *)&WRSize))
- return 0;
- return WRSize;
- }
- unsigned long CSDWin32::ReadMemory(unsigned long Address, void *Buffer, unsigned long Size)
- {
- unsigned int RDSize = 0;
- if (!ReadProcessMemory(m_hProcess, Address, Buffer, Size, (SIZE_T *)&RDSize))
- return 0;
- return RDSize;
- }
- bool CSDWin32::SetHWCodeBreakPoint(const BREAK_POINT & BP)
- {
- return SetLowCodeBreakPoint(BP);
- }
- bool CSDWin32::ClearHWCodeBreakPoint(const BREAK_POINT & BP)
- {
- return ClearLowCodeBreakPoint(BP);
- }
- bool CSDWin32::SetHWDataBreakPoint(const BREAK_POINT & BP)
- {
- return SetLowDataBreakPoint(BP, &m_Context.Dr0, &m_Context.Dr7);
- }
- bool CSDWin32::ClearHWDataBreakPoint(const BREAK_POINT & BP)
- {
- return ClearLowDataBreakPoint(BP, &m_Context.Dr0, &m_Context.Dr7);
- }
- bool CSDWin32::SetSingleStep()
- {
- CONTEXT regs;
- std::map<unsigned long, HANDLE>::iterator It = m_ThreadIdMap.begin();
- for (; It != m_ThreadIdMap.end(); ++It)
- {
- regs.ContextFlags = 0x10007;
- if (GetThreadContext(It->second, ®s))
- {
- regs.EFlags |= 0x100;
- regs.ContextFlags = 0x10007;
- if (!SetThreadContext(It->second, ®s))
- {
- //TODO
- }
- }
- }
- return true;
- }
- bool CSDWin32::RemoveSingleStep()
- {
- CONTEXT regs;
- std::map<unsigned long, HANDLE>::iterator It = m_ThreadIdMap.begin();
- for (; It != m_ThreadIdMap.end(); ++It)
- {
- regs.ContextFlags = 0x10007;
- if (GetThreadContext(It->second, ®s))
- {
- regs.EFlags &= ~0x100;
- regs.ContextFlags = 0x10007;
- if (!SetThreadContext(It->second, ®s))
- {
- //TODO
- }
- }
- }
- return true;
- }
- bool CSDWin32::SaveRegisters()
- {
- return SaveRegisters(m_dwThreadId);
- }
- bool CSDWin32::UpdateRegisters()
- {
- return UpdateRegisters(m_dwThreadId);
- }
- bool CSDWin32::ContinueDebug(int);
- {
- return ResumeThread(m_hDbgThread) != 0;
- }
- void CSDWin32::GetX86RegPtr(X86_CPU_REG_PTR *pCPURegPtr, int nCPU)
- {
- GetX86RegPtr(pCPURegPtr);
- }
- void CSDWin32::GetX86RegPtr(X86_CPU_REG_PTR *pCPURegPtr)
- {
- pCPURegPtr->pCS = &m_Context.SegCs;
- pCPURegPtr->pDS = &m_Context.SegDs;
- pCPURegPtr->pES = &m_Context.SegEs;
- pCPURegPtr->pFS = &m_Context.SegFs;
- pCPURegPtr->pGS = &m_Context.SegGs;
- pCPURegPtr->pSS = &m_Context.SegSs;
- pCPURegPtr->pEAX = &m_Context.Eax;
- pCPURegPtr->pEBX = &m_Context.Ebx;
- pCPURegPtr->pECX = &m_Context.Ecx;
- pCPURegPtr->pEDX = &m_Context.Edx;
- pCPURegPtr->pESI = &m_Context.Esi;
- pCPURegPtr->pEDI = &m_Context.Edi;
- pCPURegPtr->pEBP = &m_Context.Ebp;
- pCPURegPtr->pESP = &m_Context.Esp;
- pCPURegPtr->pEFL = &m_Context.EFlags;
- pCPURegPtr->pEIP = &m_Context.Eip;
- pCPURegPtr->pDR0 = &m_Context.Dr0;
- pCPURegPtr->pDR1 = &m_Context.Dr1;
- pCPURegPtr->pDR2 = &m_Context.Dr2;
- pCPURegPtr->pDR3 = &m_Context.Dr3;
- pCPURegPtr->pDR4 = 0;
- pCPURegPtr->pDR5 = 0;
- pCPURegPtr->pDR6 = &m_Context.Dr6;
- pCPURegPtr->pDR7 = &m_Context.Dr7;
- }
- bool CSDWin32::GetSegBase(unsigned long Selector, unsigned long *pAddress, unsigned long *pBits);
- {
- LDT_ENTRY ldt_entry;
- std::map<unsigned long, HANDLE>::iterator It = m_ThreadIdMap.find(dwThreadId);
- if (It == m_ThreadIdMap.end())
- return false;
- unsigned int Result = GetThreadSelectorEntry(It->second, Selector, &ldt_entry);
- if (Result)
- {
- if (pAddress)
- {
- *pAddress = ldt_entry.HighWord.Bytes.BaseHi << 24;
- *pAddress |= ldt_entry.HighWord.Bytes.BaseMid << 16;
- *pAddress |= ldt_entry.BaseLow;
- }
- if (pBits) //???
- *pBits = ((unsigned __int32)ldt_entry.HighWord.Bits._bf0 >> 16) & 0xF;
- }
- return Result == 1;
- }
- bool CSDWin32::ReadPE(unsigned long BaseAddress, PE_HEAD *pPEHead)
- {
- unsigned int Offset;
- memset(pPEHead, 0, sizeof(PE_HEAD));
- if (ReadMemory(BaseAddress + 0x3C, &Offset, 4) != 4)
- return false;
- if (ReadMemory(Offset + BaseAddress, pPEHead, sizeof(PE_HEAD)) != sizeof(PE_HEAD))
- return false;
- return pPEHead->Signature == 0x4550;
- }
- unsigned int CSDWin32::ThreadProc(void *pData)
- {
- CSDWin32 *p = (CSDWin32*)pData;
- unsigned long continueStatus;
- continueStatus = 0;
- p->m_Terminate = 0;
- p->m_dwProcessId = 0;
- if (TStrStr(p->m_ProcessFileName.cstr(), "\\PID:"))
- {
- sscanf(p->m_ProcessFileName.cstr(), "\\PID:%08X", p->m_dwProcessId);
- if (!DebugActiveProcess(p->m_dwProcessId))
- {
- SetEvent(p->m_hDbgEvent);
- return 0;
- }
- p->m_hProcess = OpenProcess(0x1FFFFF, 0, p->m_dwProcessId);
- if (!p->m_hProcess)
- {
- p->m_dwProcessId = 0;
- SetEvent(p->m_hDbgEvent);
- return 0;
- }
- p->m_Attached = 1;
- } else
- {
- _STARTUPINFOA startup_info;
- memset(&startup_info, 0, sizeof(_STARTUPINFOA));
- startup_info.cb = sizeof(_STARTUPINFOA);
- PROCESS_INFORMATION process_info;
- if (!CreateProcessA(p->m_ProcessFileName.cstr(), 0, 0, 0, 1, 0x21, 0, 0, &startup_info, &process_info))
- {
- SetEvent(p->m_hDbgEvent);
- return 0;
- }
- p->m_dwProcessId = process_info.dwProcessId;
- p->m_hProcess = process_info.hProcess;
- p->m_Attached = 0;
- }
- p->m_MainModuleName.Set(TGetFileName(p->m_ProcessFileName.cstr()));
- p->m_bSuspend = 0;
- memset(&m_Context, 0, sizeof(CONTEXT));
- PE_HEAD pe_head;
- char AnsiBuffer[264];
- char DirName[264];
- short UnicodeBuffer[262];
- DEBUG_EVENT dbg_event;
- while (!p->m_Terminate && WaitForDebugEvent(&dbg_event, 0xFFFFFFFF))
- {
- unsigned int continueStatus = DBG_CONTINUE;
- switch (dbg_event.dwDebugEventCode)
- {
- case EXCEPTION_DEBUG_EVENT:
- continueStatus = p->ProcessDebug(&dbg_event);
- break;
- case CREATE_THREAD_DEBUG_EVENT:
- p->InsertHandle(dbg_event.dwThreadId, dbg_event.u.CreateThread.hThread);
- break;
- case CREATE_PROCESS_DEBUG_EVENT:
- p->m_StepCount = 0;
- p->InsertHandle(dbg_event.dwThreadId, dbg_event.u.CreateProcessInfo.hThread);
- if (!p->m_Attached)
- p->CodeGetBP(dbg_event.u.CreateProcessInfo.lpStartAddress, 0x200, 1);
- p->ReadPE(dbg_event.u.CreateProcessInfo.lpBaseOfImage, &pe_head);
- p->m_pDebugInterface->LoadModule(p, p->m_ProcessFileName.cstr(),
- dbg_ev.u.CreateProcessInfo.lpBaseOfImage,
- pe_head.SizeOfImage,
- pe_head.CheckSum,
- pe_head.TimeDateStamp);
- break;
- case EXIT_THREAD_DEBUG_EVENT:
- p->RemoveHandle(dbg_event.dwThreadId);
- break;
- case EXIT_PROCESS_DEBUG_EVENT:
- p->CodeDelAllBP(0, 0);
- sprintf(AnsiBuffer, "Debug Event : Process Terminated , Exit Code = %d (0x%X) !\n",
- dbg_event.u.ExitProcess.dwExitCode,
- dbg_event.u.ExitProcess.dwExitCode);
- p->m_pDebugInterface->DisplayMsg(AnsiBuffer);
- p->m_pDebugInterface->OnExit(1);
- p->m_Terminate = false;
- break;
- case LOAD_DLL_DEBUG_EVENT: //6:
- if (dbg_event.u.LoadDll.lpImageName)
- {
- AddressName = 0;
- AnsiBuffer[0] = 0;
- p->ReadMemory(dbg_event.u.LoadDll.lpImageName, &AddressName, 4);
- if (AddressName)
- {
- if (dbg_event.u.LoadDll.fUnicode)
- {
- UnicodeBuffer = 0;
- p->ReadMemory(AddressName, &UnicodeBuffer, 520);
- WideCharToMultiByte(0, 0, (LPCWSTR)&UnicodeBuffer, -1, AnsiBuffer, 260, 0, 0);
- } else
- {
- p->ReadMemory(AddressName, AnsiBuffer, 260);
- }
- }
- if (TGetFileName(AnsiBuffer) == AnsiBuffer)
- {
- GetSystemDirectoryA(DirName, 260);
- TStrCat(DirName, "\\");
- TStrCat(DirName, AnsiBuffer);
- TStrCpy(AnsiBuffer, DirName);
- }
- p->ReadPE(dbg_event.u.LoadDll.lpBaseOfDll, &pe_head);
- if (dbg_event.u.LoadDll.lpBaseOfDll && AnsiBuffer[0])
- p->m_pDebugInterface->LoadModule(p, AnsiBuffer,
- dbg_event.u.LoadDll.lpBaseOfDll,
- pe_head.SizeOfImage,
- pe_head.TimeDateStamp,
- pe_head.CheckSum);
- }
- break;
- default:
- break;
- }
- ContinueDebugEvent(dbg_event.dwProcessId, dbg_event.dwThreadId, continueStatus);
- }
- p->m_hProcess = 0;
- SetEvent(p->m_hDbgEvent);
- return 1;
- }
- unsigned int CSDWin32::ProcessDebugEvent(DEBUG_EVENT *pEvent)
- {
- DWORD ExceptionCode;
- BREAK_POINT *BreakPoint;
- PE_HEAD pe_head;
- char Buffer[260];
- unsigned int continueStatus;
- char flag;
- ExceptionCode = pEvent->u.Exception.ExceptionRecord.ExceptionCode;
- if (ExceptionCode == STATUS_BREAKPOINT)
- {
- continueStatus = DBG_CONTINUE;
- if (++m_StepCount == 1)
- {
- if (m_Attached)
- {
- m_dwThreadId = pEvent->dwThreadId;
- SaveRegisters(m_dwThreadId);
- DebugExeption(0);
- m_bSuspend = true;
- SetEvent(m_hDbgEvent);
- SuspendThread(m_hDbgThread);
- m_bSuspend = false;
- HANDLE hModules = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, m_dwProcessId);
- if (hModules == -1)
- return 0;
- MODULEENTRY32 mod;
- mod.dwSize = sizeof(MODULEENTRY32);
- if (Module32First(hModules, &mod))
- {
- do {
- ReadPE(mod.modBaseAddr, &pe_head);
- m_pDebugInterface->LoadModule(
- this,
- mod.szExePath,
- mod.modBaseAddr,
- mod.modBaseSize,
- pe_head.TimeDateStamp,
- pe_head.CheckSum);
- } while (Module32Next(hModules, &mod));
- }
- CloseHandle(hModules);
- }
- } else
- {
- m_dwThreadId = pEvent->dwThreadId;
- BreakPoint = CodeFindBP(pEvent->u.LoadDll.nDebugInfoSize, 0, 0);
- if (BreakPoint && BreakPoint->State == BP_STATE_ENABLE)
- {
- StepBack(pEvent->dwThreadId);
- if (WriteMemory(m_Context._Eip, (char *)&BreakPoint->CCBackup, 1))
- BreakPoint->State = BP_STATE_RECOV;
- if (m_pDebugInterface->TestCondition(BreakPoint->Condition.cstr()))
- {
- m_pDebugInterface->ParseManyCmd(BreakPoint->Command.cstr());
- if ( !(BreakPoint->Access & 0x200) )
- {
- m_pDebugInterface->GetDebugger(); //???
- flag = 1;
- }
- if (m_pDebugInterface->Continue())
- {
- CodeDelAllBP(0x200, 0);
- DebugExeption(1);
- m_bSuspend = true;
- if (m_StepCount == 2)
- SetEvent(m_hDbgEvent);
- SuspendThread(m_hDbgThread);
- m_bSuspend = false;
- }
- }
- if (CheckAllRecoveryCodeBP())
- SetSingleStep();
- }
- }
- } else
- if (ExceptionCode == STATUS_SINGLE_STEP)
- {
- continueStatus = DBG_CONTINUE;
- m_dwThreadId = pEvent->dwThreadId;
- SaveRegisters(pEvent->dwThreadId);
- EnableAllRecoveryCodeBP();
- flag = 0;
- BreakPoint = CodeFindBP(m_Context.Eip, 0, 0);
- if (BreakPoint && BreakPoint->State == BP_STATE_ENABLE)
- {
- if (WriteMemory(m_Context.Eip, (char *)&BreakPoint->CCBackup, 1))
- BreakPoint->State = BP_STATE_RECOV;
- if (m_pDebugInterface->TestCondition(BreakPoint->Condition.cstr()))
- {
- m_pDebugInterface->ParseManyCmd(BreakPoint->Command.cstr());
- if ( !(BreakPoint->Access & 0x200) )
- {
- m_pDebugInterface->GetDebugger(); //???
- flag = 1;
- }
- }
- }
- if (m_pDebugInterface->m_State && m_pDebugInterface->Continue())
- {
- flag = 1;
- } else
- if (DataGetBPList(0, 0, 0) > 0)
- {
- flag = 1;
- }
- if (flag)
- {
- CodeDelAllBP(0x200, 0);
- DebugExeption(1);
- m_bSuspend = true;
- SuspendThread(m_hDbgThread);
- m_bSuspend = false;
- }
- if (CheckAllRecoveryCodeBP())
- SetSingleStep();
- } else
- if (ExceptionCode == DBG_CONTROL_C || ExceptionCode == DBG_CONTROL_BREAK)
- {
- continueStatus = DBG_CONTINUE;
- m_dwThreadId = pEvent->dwThreadId;
- SaveRegisters(pEvent->dwThreadId);
- DebugExeption(5);
- m_bSuspend = true;
- SuspendThread(m_hDbgThread);
- m_bSuspend = false;
- } else
- if (ExceptionCode == 0xC0000005) //ACCESS VIOLATION
- {
- continueStatus = DBG_CONTINUE;
- m_dwThreadId = pEvent->dwThreadId;
- SaveRegisters(pEvent->dwThreadId);
- m_ExceptionAddress = pEvent->u.Exception.ExceptionRecord.ExceptionAddress;
- sprintf(Buffer, "Debug Event : Access Violation , Address = %08X !\n", m_ExceptionAddress);
- m_pDebugInterface->DisplayMsg(Buffer);
- DebugExeption(4);
- m_bSuspend = true;
- SuspendThread(m_hDbgThread);
- SaveRegisters(pEvent->dwThreadId);
- m_bSuspend = false;
- } else
- {
- continueStatus = DBG_EXCEPTION_NOT_HANDLED;
- m_dwThreadId = pEvent->dwThreadId;
- SaveRegisters(pEvent->dwThreadId);
- DebugExeption(0);
- m_bSuspend = true;
- SuspendThread(m_hDbgThread);
- SaveRegisters(pEvent->dwThreadId);
- m_bSuspend = false;
- }
- return continueStatus;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
