From 31cbdc957b1cd4a2e7df40ebe4ecfc2cd8ffef2b Mon Sep 17 00:00:00 2001 From: mrexodia Date: Sat, 4 Feb 2017 06:06:45 +0100 Subject: [PATCH] comments on the memory breakpoint handling code --- GleeBug/Debugger.Loop.Exception.cpp | 15 ++++++++++++--- MyDebugger/MyDebugger.h | 2 +- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/GleeBug/Debugger.Loop.Exception.cpp b/GleeBug/Debugger.Loop.Exception.cpp index 82f72fa..1b70f64 100644 --- a/GleeBug/Debugger.Loop.Exception.cpp +++ b/GleeBug/Debugger.Loop.Exception.cpp @@ -173,14 +173,17 @@ namespace GleeBug void Debugger::exceptionGuardPage(const EXCEPTION_RECORD & exceptionRecord, bool firstChance) { char error[128] = ""; - auto exceptionAddress = ptr(exceptionRecord.ExceptionAddress); + auto exceptionAddress = ptr(exceptionRecord.ExceptionInformation[1]); + //check if the exception address is directly in the range of a memory breakpoint auto foundRange = mProcess->memoryBreakpointRanges.find(Range(exceptionAddress, exceptionAddress)); if (foundRange == mProcess->memoryBreakpointRanges.end()) { + //if not in range, check if a memory breakpoint is in the accessed page auto foundPage = mProcess->memoryBreakpointPages.find(exceptionAddress & ~(PAGE_SIZE - 1)); if (foundPage != mProcess->memoryBreakpointPages.end()) { + //if the page contains a memory breakpoint we have to restore the old protection to correctly resume the debuggee const auto & page = foundPage->second; //TODO: single step and page protection changes if (!mProcess->MemProtect(foundPage->first, PAGE_SIZE, foundPage->second.NewProtect)) @@ -192,6 +195,7 @@ namespace GleeBug return; } + //find the breakpoint associated with the hit breakpoint range auto foundInfo = mProcess->breakpoints.find({ BreakpointType::Memory, foundRange->first }); if (foundInfo == mProcess->breakpoints.end()) { @@ -200,12 +204,17 @@ namespace GleeBug return; } + //check if the memory breakpoint is disabled (meaning we shouldn't intercept the exception) + //TODO: think about what happens with multiple breakpoints in one page where only one is disabled const auto info = foundInfo->second; if (!info.enabled) return; - //TODO: memory breakpoint code - //exceptionRecord. + printf("memory breakpoint: 0x%p (size: %d)\n", info.address, info.internal.memory.size); + + //TODO: check if the right type is accessed (ExceptionInformation[0]) + //TODO: execute the user callback (if present) + //TODO: single step and restore page protection } void Debugger::exceptionAccessViolation(const EXCEPTION_RECORD & exceptionRecord, bool firstChance) diff --git a/MyDebugger/MyDebugger.h b/MyDebugger/MyDebugger.h index 623e999..c3be501 100644 --- a/MyDebugger/MyDebugger.h +++ b/MyDebugger/MyDebugger.h @@ -24,7 +24,7 @@ protected: auto addr = mRegisters->Esi(); #endif //_WIN64 printf("Addr: 0x%p\n", addr); - if (mProcess->SetMemoryBreakpoint(addr, 0x1000, this, &MyDebugger::cbMemoryBreakpoint, MemoryType::Execute)) + if (mProcess->SetMemoryBreakpoint(addr, 0x1000, this, &MyDebugger::cbMemoryBreakpoint, MemoryType::Access)) puts("Memory breakpoint set!"); else puts("Failed to set memory breakpoint...");