x64dbg
/
GleeBug
mirror of https://github.com/x64dbg/GleeBug
1
0
Fork 0
Code Releases Activity

comments on the memory breakpoint handling code

This commit is contained in:
mrexodia 2017-02-04 06:06:45 +01:00
parent ed6c2b1f33
commit 31cbdc957b
No known key found for this signature in database
GPG Key ID: FC89E0AAA0C1AAD8
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
GleeBug/Debugger.Loop.Exception.cpp
View File

@ -173,14 +173,17 @@ namespace GleeBug
void Debugger::exceptionGuardPage(const EXCEPTION_RECORD & exceptionRecord, bool firstChance) void Debugger::exceptionGuardPage(const EXCEPTION_RECORD & exceptionRecord, bool firstChance)
{ {
char error[128] = ""; char error[128] = "";
auto exceptionAddress = ptr(exceptionRecord.ExceptionAddress); auto exceptionAddress = ptr(exceptionRecord.ExceptionInformation[1]);
//check if the exception address is directly in the range of a memory breakpoint
auto foundRange = mProcess->memoryBreakpointRanges.find(Range(exceptionAddress, exceptionAddress)); auto foundRange = mProcess->memoryBreakpointRanges.find(Range(exceptionAddress, exceptionAddress));
if (foundRange == mProcess->memoryBreakpointRanges.end()) if (foundRange == mProcess->memoryBreakpointRanges.end())
{ {
//if not in range, check if a memory breakpoint is in the accessed page
auto foundPage = mProcess->memoryBreakpointPages.find(exceptionAddress & ~(PAGE_SIZE - 1)); auto foundPage = mProcess->memoryBreakpointPages.find(exceptionAddress & ~(PAGE_SIZE - 1));
if (foundPage != mProcess->memoryBreakpointPages.end()) if (foundPage != mProcess->memoryBreakpointPages.end())
{ {
//if the page contains a memory breakpoint we have to restore the old protection to correctly resume the debuggee
const auto & page = foundPage->second; const auto & page = foundPage->second;
//TODO: single step and page protection changes //TODO: single step and page protection changes
if (!mProcess->MemProtect(foundPage->first, PAGE_SIZE, foundPage->second.NewProtect)) if (!mProcess->MemProtect(foundPage->first, PAGE_SIZE, foundPage->second.NewProtect))
@ -192,6 +195,7 @@ namespace GleeBug
return; return;
} }
//find the breakpoint associated with the hit breakpoint range
auto foundInfo = mProcess->breakpoints.find({ BreakpointType::Memory, foundRange->first }); auto foundInfo = mProcess->breakpoints.find({ BreakpointType::Memory, foundRange->first });
if (foundInfo == mProcess->breakpoints.end()) if (foundInfo == mProcess->breakpoints.end())
{ {
@ -200,12 +204,17 @@ namespace GleeBug
return; return;
} }
//check if the memory breakpoint is disabled (meaning we shouldn't intercept the exception)
//TODO: think about what happens with multiple breakpoints in one page where only one is disabled
const auto info = foundInfo->second; const auto info = foundInfo->second;
if (!info.enabled) if (!info.enabled)
return; return;
//TODO: memory breakpoint code printf("memory breakpoint: 0x%p (size: %d)\n", info.address, info.internal.memory.size);
//exceptionRecord.
//TODO: check if the right type is accessed (ExceptionInformation[0])
//TODO: execute the user callback (if present)
//TODO: single step and restore page protection
} }
void Debugger::exceptionAccessViolation(const EXCEPTION_RECORD & exceptionRecord, bool firstChance) void Debugger::exceptionAccessViolation(const EXCEPTION_RECORD & exceptionRecord, bool firstChance)

2
MyDebugger/MyDebugger.h
View File

@ -24,7 +24,7 @@ protected:
auto addr = mRegisters->Esi(); auto addr = mRegisters->Esi();
#endif //_WIN64 #endif //_WIN64
printf("Addr: 0x%p\n", addr); printf("Addr: 0x%p\n", addr);
if (mProcess->SetMemoryBreakpoint(addr, 0x1000, this, &MyDebugger::cbMemoryBreakpoint, MemoryType::Execute)) if (mProcess->SetMemoryBreakpoint(addr, 0x1000, this, &MyDebugger::cbMemoryBreakpoint, MemoryType::Access))
puts("Memory breakpoint set!"); puts("Memory breakpoint set!");
else else
puts("Failed to set memory breakpoint..."); puts("Failed to set memory breakpoint...");