From 56fe293287e2d435ff55a4a94df6a24290cbb672 Mon Sep 17 00:00:00 2001 From: mrexodia Date: Wed, 4 Jan 2017 03:07:52 +0100 Subject: [PATCH] implemented attach functionality --- GleeBug/Debugger.Loop.Exception.cpp | 4 ++++ GleeBug/Debugger.Loop.Process.cpp | 9 +++++++++ GleeBug/Debugger.cpp | 20 +++++++++++++++++--- GleeBug/Debugger.h | 14 ++++++++++++++ 4 files changed, 44 insertions(+), 3 deletions(-) diff --git a/GleeBug/Debugger.Loop.Exception.cpp b/GleeBug/Debugger.Loop.Exception.cpp index 4c5a0bd..79f5429 100644 --- a/GleeBug/Debugger.Loop.Exception.cpp +++ b/GleeBug/Debugger.Loop.Exception.cpp @@ -10,6 +10,10 @@ namespace GleeBug mProcess->systemBreakpoint = true; mContinueStatus = DBG_CONTINUE; + //call the attach callback if appropriate + if(mAttachedToProcess && mProcess->dwProcessId == mMainProcess.dwProcessId) + cbAttachBreakpoint(); + //call the callback cbSystemBreakpoint(); } diff --git a/GleeBug/Debugger.Loop.Process.cpp b/GleeBug/Debugger.Loop.Process.cpp index da18173..cb278ea 100644 --- a/GleeBug/Debugger.Loop.Process.cpp +++ b/GleeBug/Debugger.Loop.Process.cpp @@ -4,6 +4,15 @@ namespace GleeBug { void Debugger::createProcessEvent(const CREATE_PROCESS_DEBUG_INFO & createProcess) { + //initial attach housekeeping + if(mAttachedToProcess && !mMainProcess.dwProcessId) + { + mMainProcess.hProcess = createProcess.hProcess; + mMainProcess.hThread = createProcess.hThread; + mMainProcess.dwProcessId = mDebugEvent.dwProcessId; + mMainProcess.dwThreadId = mDebugEvent.dwThreadId; + } + //process housekeeping mProcesses.insert({ mDebugEvent.dwProcessId, Process(createProcess.hProcess, diff --git a/GleeBug/Debugger.cpp b/GleeBug/Debugger.cpp index 2efcff1..facf5c7 100644 --- a/GleeBug/Debugger.cpp +++ b/GleeBug/Debugger.cpp @@ -15,8 +15,8 @@ namespace GleeBug const wchar_t* szCommandLine, const wchar_t* szCurrentDirectory) { - STARTUPINFOW si; - memset(&si, 0, sizeof(si)); + memset(&mMainStartupInfo, 0, sizeof(mMainStartupInfo)); + memset(&mMainProcess, 0, sizeof(mMainProcess)); const wchar_t* szFileNameCreateProcess; wchar_t* szCommandLineCreateProcess; wchar_t* szCreateWithCmdLine = nullptr; @@ -42,14 +42,28 @@ namespace GleeBug DEBUG_PROCESS | CREATE_NEW_CONSOLE, nullptr, szCurrentDirectory, - &si, + &mMainStartupInfo, &mMainProcess); delete[] szCreateWithCmdLine; + mAttachedToProcess = false; return result; } + bool Debugger::Attach(DWORD processId) + { + //don't allow attaching when still debugging + if(mIsDebugging) + return false; + if(!DebugActiveProcess(processId)) + return false; + mAttachedToProcess = true; + memset(&mMainStartupInfo, 0, sizeof(mMainStartupInfo)); + memset(&mMainProcess, 0, sizeof(mMainProcess)); + return true; + } + bool Debugger::Stop() const { return !!TerminateProcess(mMainProcess.hProcess, 0); diff --git a/GleeBug/Debugger.h b/GleeBug/Debugger.h index 3f6480f..de0b4ef 100644 --- a/GleeBug/Debugger.h +++ b/GleeBug/Debugger.h @@ -35,6 +35,13 @@ namespace GleeBug const wchar_t* szCommandLine, const wchar_t* szCurrentDirectory); + /** + \brief Attach to a debuggee. + \param processId Process to attach to. + \return true if the debuggee was attached to successfully, false otherwise. + */ + bool Attach(DWORD processId); + /** \brief Stops the debuggee (terminate the process) \return true if the debuggee was stopped correctly, false otherwise. @@ -161,6 +168,11 @@ namespace GleeBug */ virtual void cbUnhandledException(const EXCEPTION_RECORD & exceptionRecord, bool firstChance) {}; + /** + \brief Attach breakpoint callback. Called just before cbSystemBreakpoint, only for the process that was attached to. Provide an implementation to use this callback. + */ + virtual void cbAttachBreakpoint() {}; + /** \brief System breakpoint callback. Called after the event is internally processed. Provide an implementation to use this callback. */ @@ -260,6 +272,7 @@ namespace GleeBug virtual void exceptionHardwareBreakpoint(ptr exceptionAddress); protected: //variables + STARTUPINFOW mMainStartupInfo; PROCESS_INFORMATION mMainProcess; uint32 mContinueStatus = DBG_EXCEPTION_NOT_HANDLED; bool mBreakDebugger = false; @@ -269,6 +282,7 @@ namespace GleeBug bool mIsDebugging = false; bool mDetach = false; bool mDetachAndBreak = false; + bool mAttachedToProcess = false; Capstone mCapstone; /**