From a3529f8b27c5ef8f05f7dd02ba7eda0490eedede Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Sat, 28 Mar 2015 02:27:10 +0100 Subject: [PATCH] dll housekeeping done --- GleeBug/Debugger.Dll.h | 15 +++++++++++- GleeBug/Debugger.Global.h | 26 ++++++++++++++++++++ GleeBug/Debugger.Loop.cpp | 42 ++++++++++++++++++++++++++++----- GleeBug/Debugger.Process.h | 4 +++- GleeBug/Debugger.Thread.h | 2 +- GleeBug/Debugger.h | 14 +++++------ GleeBug/GleeBug.vcxproj | 15 ++++++++++-- GleeBug/GleeBug.vcxproj.filters | 9 +++---- GleeBug/_global.cpp | 1 - GleeBug/_global.h | 11 --------- MyDebugger/MyDebugger.h | 26 +++++++------------- 11 files changed, 112 insertions(+), 53 deletions(-) create mode 100644 GleeBug/Debugger.Global.h delete mode 100644 GleeBug/_global.cpp delete mode 100644 GleeBug/_global.h diff --git a/GleeBug/Debugger.Dll.h b/GleeBug/Debugger.Dll.h index 6c8e2bb..0b79313 100644 --- a/GleeBug/Debugger.Dll.h +++ b/GleeBug/Debugger.Dll.h @@ -1,7 +1,7 @@ #ifndef _DEBUGGER_DLL_H #define _DEBUGGER_DLL_H -#include "_global.h" +#include "Debugger.Global.h" namespace GleeBug { @@ -10,8 +10,21 @@ namespace GleeBug */ struct DllInfo { + ULONG_PTR lpBaseOfDll; + DWORD sizeOfImage; + ULONG_PTR entryPoint; + DllInfo() {} + + DllInfo(LPVOID lpBaseOfDll, DWORD sizeOfImage, LPVOID entryPoint) + { + this->lpBaseOfDll = (ULONG_PTR)lpBaseOfDll; + this->sizeOfImage = sizeOfImage; + this->entryPoint = (ULONG_PTR)entryPoint; + } }; + + typedef std::map DllMap; }; #endif //_DEBUGGER_DLL_H \ No newline at end of file diff --git a/GleeBug/Debugger.Global.h b/GleeBug/Debugger.Global.h new file mode 100644 index 0000000..8aaa312 --- /dev/null +++ b/GleeBug/Debugger.Global.h @@ -0,0 +1,26 @@ +#ifndef _DEBUGGER_GLOBAL_H +#define _DEBUGGER_GLOBAL_H + +#include +#include +#include +#include +#include + +#include +#include + +namespace GleeBug +{ + typedef std::pair Range; + + struct RangeCompare + { + inline bool operator()(const Range & a, const Range & b) const //a before b? + { + return a.second < b.first; + } + }; +}; + +#endif //_DEBUGGER_GLOBAL_H \ No newline at end of file diff --git a/GleeBug/Debugger.Loop.cpp b/GleeBug/Debugger.Loop.cpp index 39c56d0..cdded68 100644 --- a/GleeBug/Debugger.Loop.cpp +++ b/GleeBug/Debugger.Loop.cpp @@ -16,7 +16,10 @@ namespace GleeBug _curProcess->curThread = &_curProcess->threads[process.dwMainThreadId]; //call the callback - cbCreateProcessEvent(createProcess); + cbCreateProcessEvent(createProcess, *_curProcess); + + //close the file handle + CloseHandle(createProcess.hFile); } void Debugger::exitProcessEvent(const EXIT_PROCESS_DEBUG_INFO & exitProcess) @@ -26,7 +29,7 @@ namespace GleeBug _breakDebugger = true; //call the callback - cbExitProcessEvent(exitProcess); + cbExitProcessEvent(exitProcess, *_curProcess); //process housekeeping _processes.erase(_debugEvent.dwProcessId); @@ -45,13 +48,13 @@ namespace GleeBug _curProcess->curThread = &_curProcess->threads[thread.dwThreadId]; //call the callback - cbCreateThreadEvent(createThread); + cbCreateThreadEvent(createThread, *_curProcess->curThread); } void Debugger::exitThreadEvent(const EXIT_THREAD_DEBUG_INFO & exitThread) { //call the callback - cbExitThreadEvent(exitThread); + cbExitThreadEvent(exitThread, *_curProcess->curThread); //thread housekeeping _curProcess->threads.erase(_debugEvent.dwThreadId); @@ -62,12 +65,36 @@ namespace GleeBug void Debugger::loadDllEvent(const LOAD_DLL_DEBUG_INFO & loadDll) { - cbLoadDllEvent(loadDll); + //DLL housekeeping + MODULEINFO modinfo; + memset(&modinfo, 0, sizeof(MODULEINFO)); + GetModuleInformation(_curProcess->hProcess, + (HMODULE)loadDll.lpBaseOfDll, + &modinfo, + sizeof(MODULEINFO)); + DllInfo dll(loadDll.lpBaseOfDll, modinfo.SizeOfImage, modinfo.EntryPoint); + _curProcess->dlls.insert({ Range(dll.lpBaseOfDll, dll.lpBaseOfDll + dll.sizeOfImage - 1), dll }); + + //call the callback + cbLoadDllEvent(loadDll, dll); + + //close the file handle + CloseHandle(loadDll.hFile); } void Debugger::unloadDllEvent(const UNLOAD_DLL_DEBUG_INFO & unloadDll) { - cbUnloadDllEvent(unloadDll); + //call the callback + ULONG_PTR lpBaseOfDll = (ULONG_PTR)unloadDll.lpBaseOfDll; + auto dll = _curProcess->dlls.find(Range(lpBaseOfDll, lpBaseOfDll)); + if (dll != _curProcess->dlls.end()) + cbUnloadDllEvent(unloadDll, dll->second); + else + cbUnloadDllEvent(unloadDll, DllInfo(unloadDll.lpBaseOfDll, 0, 0)); + + //DLL housekeeping + if (dll != _curProcess->dlls.end()) + _curProcess->dlls.erase(dll); } void Debugger::exceptionEvent(const EXCEPTION_DEBUG_INFO & exceptionInfo) @@ -140,5 +167,8 @@ namespace GleeBug if (!ContinueDebugEvent(_debugEvent.dwProcessId, _debugEvent.dwThreadId, _continueStatus)) break; } + + _processes.clear(); + _curProcess = nullptr; } }; \ No newline at end of file diff --git a/GleeBug/Debugger.Process.h b/GleeBug/Debugger.Process.h index baadca8..df5616f 100644 --- a/GleeBug/Debugger.Process.h +++ b/GleeBug/Debugger.Process.h @@ -1,8 +1,9 @@ #ifndef _DEBUGGER_PROCESS_H #define _DEBUGGER_PROCESS_H -#include "_global.h" +#include "Debugger.Global.h" #include "Debugger.Thread.h" +#include "Debugger.Dll.h" namespace GleeBug { @@ -18,6 +19,7 @@ namespace GleeBug ThreadMap threads; ThreadInfo* curThread; + DllMap dlls; ProcessInfo() {} //fixes a 'no default constructor available' error diff --git a/GleeBug/Debugger.Thread.h b/GleeBug/Debugger.Thread.h index 7dddb53..7bb15c2 100644 --- a/GleeBug/Debugger.Thread.h +++ b/GleeBug/Debugger.Thread.h @@ -1,7 +1,7 @@ #ifndef _DEBUGGER_THREADS_H #define _DEBUGGER_THREADS_H -#include "_global.h" +#include "Debugger.Global.h" namespace GleeBug { diff --git a/GleeBug/Debugger.h b/GleeBug/Debugger.h index c004c2f..027e534 100644 --- a/GleeBug/Debugger.h +++ b/GleeBug/Debugger.h @@ -1,7 +1,7 @@ #ifndef _DEBUGGER_H #define _DEBUGGER_H -#include "_global.h" +#include "Debugger.Global.h" #include "Debugger.Process.h" namespace GleeBug @@ -50,37 +50,37 @@ namespace GleeBug \brief Process creation debug event callback. Provide an implementation to use this callback. \param createProcess Information about the process created. */ - virtual void cbCreateProcessEvent(const CREATE_PROCESS_DEBUG_INFO & createProcess) {}; + virtual void cbCreateProcessEvent(const CREATE_PROCESS_DEBUG_INFO & createProcess, const ProcessInfo & process) {}; /** \brief Process termination debug event callback. Provide an implementation to use this callback. \param exitProcess Information about the process terminated. */ - virtual void cbExitProcessEvent(const EXIT_PROCESS_DEBUG_INFO & exitProcess) {}; + virtual void cbExitProcessEvent(const EXIT_PROCESS_DEBUG_INFO & exitProcess, const ProcessInfo & process) {}; /** \brief Thread creation debug event callback. Provide an implementation to use this callback. \param createThread Information about the thread created. */ - virtual void cbCreateThreadEvent(const CREATE_THREAD_DEBUG_INFO & createThread) {}; + virtual void cbCreateThreadEvent(const CREATE_THREAD_DEBUG_INFO & createThread, const ThreadInfo & thread) {}; /** \brief Thread termination debug event callback. Provide an implementation to use this callback. \param exitThread Information about the thread terminated. */ - virtual void cbExitThreadEvent(const EXIT_THREAD_DEBUG_INFO & exitThread) {}; + virtual void cbExitThreadEvent(const EXIT_THREAD_DEBUG_INFO & exitThread, const ThreadInfo & thread) {}; /** \brief DLL load debug event callback. Provide an implementation to use this callback. \param loadDll Information about the DLL loaded. */ - virtual void cbLoadDllEvent(const LOAD_DLL_DEBUG_INFO & loadDll) {}; + virtual void cbLoadDllEvent(const LOAD_DLL_DEBUG_INFO & loadDll, const DllInfo & dll) {}; /** \brief DLL unload debug event callback. Provide an implementation to use this callback. \param unloadDll Information about the DLL unloaded. */ - virtual void cbUnloadDllEvent(const UNLOAD_DLL_DEBUG_INFO & unloadDll) {}; + virtual void cbUnloadDllEvent(const UNLOAD_DLL_DEBUG_INFO & unloadDll, const DllInfo & dll) {}; /** \brief Exception debug event callback. Provide an implementation to use this callback. diff --git a/GleeBug/GleeBug.vcxproj b/GleeBug/GleeBug.vcxproj index 5ec4e44..23e52aa 100644 --- a/GleeBug/GleeBug.vcxproj +++ b/GleeBug/GleeBug.vcxproj @@ -91,6 +91,9 @@ true + + psapi.lib;%(AdditionalDependencies) + @@ -102,6 +105,9 @@ true + + psapi.lib;%(AdditionalDependencies) + @@ -117,6 +123,9 @@ true true + + psapi.lib;%(AdditionalDependencies) + @@ -132,18 +141,20 @@ true true + + psapi.lib;%(AdditionalDependencies) + - - + diff --git a/GleeBug/GleeBug.vcxproj.filters b/GleeBug/GleeBug.vcxproj.filters index 307fe2d..8d837a2 100644 --- a/GleeBug/GleeBug.vcxproj.filters +++ b/GleeBug/GleeBug.vcxproj.filters @@ -15,9 +15,6 @@ - - Source Files - Source Files @@ -26,9 +23,6 @@ - - Header Files - Header Files @@ -41,5 +35,8 @@ Header Files + + Header Files + \ No newline at end of file diff --git a/GleeBug/_global.cpp b/GleeBug/_global.cpp deleted file mode 100644 index fc065f4..0000000 --- a/GleeBug/_global.cpp +++ /dev/null @@ -1 +0,0 @@ -#include "_global.h" \ No newline at end of file diff --git a/GleeBug/_global.h b/GleeBug/_global.h deleted file mode 100644 index ef4de98..0000000 --- a/GleeBug/_global.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef _GLOBAL_H -#define _GLOBAL_H - -#include -#include -#include -#include -#include -#include - -#endif //_GLOBAL_H \ No newline at end of file diff --git a/MyDebugger/MyDebugger.h b/MyDebugger/MyDebugger.h index 86b18ee..764907f 100644 --- a/MyDebugger/MyDebugger.h +++ b/MyDebugger/MyDebugger.h @@ -3,45 +3,37 @@ #include "../GleeBug/Debugger.h" -class MyDebugger : public GleeBug::Debugger +using namespace GleeBug; + +class MyDebugger : public Debugger { protected: - virtual void cbCreateProcessEvent(const CREATE_PROCESS_DEBUG_INFO & createProcess) + virtual void cbCreateProcessEvent(const CREATE_PROCESS_DEBUG_INFO & createProcess, const ProcessInfo & process) { printf("Process %d created with entry 0x%p\n", _debugEvent.dwProcessId, createProcess.lpStartAddress); }; - virtual void cbExitProcessEvent(const EXIT_PROCESS_DEBUG_INFO & exitProcess) + virtual void cbExitProcessEvent(const EXIT_PROCESS_DEBUG_INFO & exitProcess, const ProcessInfo & process) { printf("Process %d terminated with exit code 0x%08X\n", _debugEvent.dwProcessId, exitProcess.dwExitCode); } - virtual void cbCreateThreadEvent(const CREATE_THREAD_DEBUG_INFO & createThread) + virtual void cbCreateThreadEvent(const CREATE_THREAD_DEBUG_INFO & createThread, const ThreadInfo & thread) { printf("Thread %d created with entry 0x%p\n", _debugEvent.dwThreadId, createThread.lpStartAddress); }; - virtual void cbException_single_spep(EXCEPTION_RECORD & except_inf) - { - printf("a single step occurred at location 0x%X", except_inf.ExceptionAddress); - }; - - virtual void cbExcpetion_breakpoint(EXCEPTION_RECORD & except_inf) - { - printf("a breakpoint occurred at location 0x%X", except_inf.ExceptionAddress); - }; - - virtual void cbExitThreadEvent(const EXIT_THREAD_DEBUG_INFO & exitThread) + virtual void cbExitThreadEvent(const EXIT_THREAD_DEBUG_INFO & exitThread, const ThreadInfo & thread) { printf("Thread %d terminated with exit code 0x%08X\n", _debugEvent.dwThreadId, exitThread.dwExitCode); }; - virtual void cbLoadDllEvent(const LOAD_DLL_DEBUG_INFO & loadDll) + virtual void cbLoadDllEvent(const LOAD_DLL_DEBUG_INFO & loadDll, const DllInfo & dll) { printf("DLL loaded at 0x%p\n", loadDll.lpBaseOfDll); }; - virtual void cbUnloadDllEvent(const UNLOAD_DLL_DEBUG_INFO & unloadDll) + virtual void cbUnloadDllEvent(const UNLOAD_DLL_DEBUG_INFO & unloadDll, const DllInfo & dll) { printf("DLL 0x%p unloaded\n", unloadDll.lpBaseOfDll); };