From c46552c873f78ea2fa072335f7b3339f86157ba6 Mon Sep 17 00:00:00 2001 From: strongbit Date: Sun, 29 Mar 2015 16:48:33 +0100 Subject: [PATCH 1/2] Added Some of the breakpoint code. It is not finished yet, and I am not sure the code would compile --- GleeBug/Debugger.Breakpoint.Types.h | 11 ++++ GleeBug/Debugger.Breakpoints.h | 97 +++++++++++++++++++++++++++++ GleeBug/Debugger.Global.h | 3 +- GleeBug/Debugger.cpp | 11 ++++ GleeBug/Debugger.h | 7 +++ GleeBug/GleeBug.vcxproj | 2 + GleeBug/GleeBug.vcxproj.filters | 6 ++ MyDebugger/main.cpp | 4 +- 8 files changed, 138 insertions(+), 3 deletions(-) create mode 100644 GleeBug/Debugger.Breakpoint.Types.h create mode 100644 GleeBug/Debugger.Breakpoints.h diff --git a/GleeBug/Debugger.Breakpoint.Types.h b/GleeBug/Debugger.Breakpoint.Types.h new file mode 100644 index 0000000..76f78bf --- /dev/null +++ b/GleeBug/Debugger.Breakpoint.Types.h @@ -0,0 +1,11 @@ +#ifndef DEBUGGER_BREAKPOINT_TYPES +#define DEBUGGER_BREAKPOINT_TYPES + +/* +Needs more work here. +*/ + +#define SOFT_BP 0xcc + + +#endif \ No newline at end of file diff --git a/GleeBug/Debugger.Breakpoints.h b/GleeBug/Debugger.Breakpoints.h new file mode 100644 index 0000000..558a4ee --- /dev/null +++ b/GleeBug/Debugger.Breakpoints.h @@ -0,0 +1,97 @@ +#ifndef DEBUGGER_BREAKPOINTS_H +#define DEBUGGER_BREAKPOINTS_H + +#include "Debugger.Global.h" + + +/* +Incomplete Job. I'll Continue Later. +*/ +namespace GleeBug{ + + + typedef std::tuple breakpoint; + typedef std::unordered_map bpmap; + + struct BreakPointManager{ + + bpmap breakpoints; + + BreakPointManager(){ + breakpoints = bpmap{}; + } + + bool AddBp(LPPROCESS_INFORMATION procinfo, LPVOID addr, uint32_t type){ + + uint8_t bp_type; + SIZE_T nbytes_written = 0; + + breakpoint bp( procinfo->dwProcessId, addr, type ); + + switch (type) + { + case SOFT_BP: + bp_type = 0xcc; + break; + default: + return false; + } + + if (ReadProcessMemory(procinfo->hProcess, addr, &bp_type, 1, &nbytes_written) == 0) + { + return false; + } + + if (nbytes_written != 1){ + return false; + } + breakpoints[bp] = bp_type; + + + if (WriteProcessMemory(procinfo->hProcess, addr, &bp_type, 1, &nbytes_written) == 0) + { + return false; + } + + if (nbytes_written != 1){ + return false; + } + return true; + } + + bool RemoveBp(LPPROCESS_INFORMATION proc_info, breakpoint bp){ + uint8_t original_instruction; + SIZE_T nbytes_written = 0; + try + { + original_instruction = breakpoints[bp]; + } + catch (const std::out_of_range& oor){ + return false; + } + if (WriteProcessMemory(proc_info->hProcess, std::get<1>(bp), &std::get<2>(bp), 1, &nbytes_written) == 0) + { + return false; + } + if (nbytes_written != 1){ + return false; + } + return true; + } + + bool DeleteBp(LPPROCESS_INFORMATION proc_info, breakpoint bp){ + bool success; + + success = RemoveBp(proc_info, bp); + breakpoints.erase(bp); + return success; + } + + bool DisableAll() + { + + } + }; + +} +#endif \ No newline at end of file diff --git a/GleeBug/Debugger.Global.h b/GleeBug/Debugger.Global.h index 8aaa312..cc89903 100644 --- a/GleeBug/Debugger.Global.h +++ b/GleeBug/Debugger.Global.h @@ -6,9 +6,10 @@ #include #include #include - +#include #include #include +#include "Debugger.Breakpoint.Types.h" namespace GleeBug { diff --git a/GleeBug/Debugger.cpp b/GleeBug/Debugger.cpp index 339d6c3..27ff345 100644 --- a/GleeBug/Debugger.cpp +++ b/GleeBug/Debugger.cpp @@ -11,6 +11,8 @@ namespace GleeBug const wchar_t* szCommandLine, const wchar_t* szCurrentDirectory) { + _breakPoints = BreakPointManager(); + STARTUPINFOW si; memset(&si, 0, sizeof(si)); const wchar_t* szFileNameCreateProcess; @@ -49,4 +51,13 @@ namespace GleeBug { return !!DebugActiveProcessStop(_mainProcess.dwProcessId); } + + bool Debugger::SetBreakPointMainProcess(LPVOID address, uint32_t bp_type){ + return _breakPoints.AddBp(&_mainProcess, address, bp_type); + } + + bool Debugger::DelBreakPointMainProcess(LPVOID address, uint32_t bp_type){ + breakpoint temp(_mainProcess.dwProcessId, address, bp_type); + return _breakPoints.DeleteBp(&_mainProcess, temp); + } }; \ No newline at end of file diff --git a/GleeBug/Debugger.h b/GleeBug/Debugger.h index c8327ae..9c097db 100644 --- a/GleeBug/Debugger.h +++ b/GleeBug/Debugger.h @@ -3,6 +3,7 @@ #include "Debugger.Global.h" #include "Debugger.Process.h" +#include "Debugger.Breakpoints.h" namespace GleeBug { @@ -45,6 +46,11 @@ namespace GleeBug */ void Start(); + /* + adds a brakpoint on the main process being debugger; + */ + bool SetBreakPointMainProcess(LPVOID address, uint32_t bp_type); + bool DelBreakPointMainProcess(LPVOID address, uint32_t bp_type); protected: //debug event callbacks /** \brief Process creation debug event callback. Provide an implementation to use this callback. @@ -184,6 +190,7 @@ namespace GleeBug virtual void exceptionSingleStep(const EXCEPTION_RECORD & exceptionRecord, const bool firstChance); protected: //variables + BreakPointManager _breakPoints; PROCESS_INFORMATION _mainProcess; DWORD _continueStatus; bool _breakDebugger; diff --git a/GleeBug/GleeBug.vcxproj b/GleeBug/GleeBug.vcxproj index ef28bcf..9e779e5 100644 --- a/GleeBug/GleeBug.vcxproj +++ b/GleeBug/GleeBug.vcxproj @@ -159,6 +159,8 @@ + + diff --git a/GleeBug/GleeBug.vcxproj.filters b/GleeBug/GleeBug.vcxproj.filters index 3c4e522..7134884 100644 --- a/GleeBug/GleeBug.vcxproj.filters +++ b/GleeBug/GleeBug.vcxproj.filters @@ -65,5 +65,11 @@ Header Files + + Header Files + + + Header Files + \ No newline at end of file diff --git a/MyDebugger/main.cpp b/MyDebugger/main.cpp index e3398b4..b77adc0 100644 --- a/MyDebugger/main.cpp +++ b/MyDebugger/main.cpp @@ -6,10 +6,10 @@ int main() #ifdef _WIN64 wchar_t szFilePath[256] = L"c:\\test64.exe"; #else //x86 - wchar_t szFilePath[256] = L"c:\\test32.exe"; + wchar_t szFilePath[256] = L"C:\\Users\\JOAO\\Favorites\\Desktop\\crackmes\\chakravyuha\\_sol\\CHAKRAVYUHA.exe"; #endif //_WIN64 wchar_t szCommandLine[256] = L""; - wchar_t szCurrentDir[256] = L"c:\\"; + wchar_t szCurrentDir[256] = L"C:\\Users\\JOAO\\Favorites\\Desktop\\crackmes\\chakravyuha\\_sol\\"; MyDebugger dbg; if (dbg.Init(szFilePath, szCommandLine, szCurrentDir)) { From 7fab49188c2a75ce9ed3622d900bff36876c0c19 Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Sun, 5 Apr 2015 03:24:44 +0200 Subject: [PATCH 2/2] Revert "Added Some of the breakpoint code. It is not finished yet, and I am not sure the code would compile" This reverts commit c46552c873f78ea2fa072335f7b3339f86157ba6. --- GleeBug/Debugger.Breakpoint.Types.h | 11 ---- GleeBug/Debugger.Breakpoints.h | 97 ----------------------------- GleeBug/Debugger.Global.h | 3 +- GleeBug/Debugger.cpp | 11 ---- GleeBug/Debugger.h | 7 --- GleeBug/GleeBug.vcxproj | 2 - GleeBug/GleeBug.vcxproj.filters | 6 -- MyDebugger/main.cpp | 4 +- 8 files changed, 3 insertions(+), 138 deletions(-) delete mode 100644 GleeBug/Debugger.Breakpoint.Types.h delete mode 100644 GleeBug/Debugger.Breakpoints.h diff --git a/GleeBug/Debugger.Breakpoint.Types.h b/GleeBug/Debugger.Breakpoint.Types.h deleted file mode 100644 index 76f78bf..0000000 --- a/GleeBug/Debugger.Breakpoint.Types.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef DEBUGGER_BREAKPOINT_TYPES -#define DEBUGGER_BREAKPOINT_TYPES - -/* -Needs more work here. -*/ - -#define SOFT_BP 0xcc - - -#endif \ No newline at end of file diff --git a/GleeBug/Debugger.Breakpoints.h b/GleeBug/Debugger.Breakpoints.h deleted file mode 100644 index 558a4ee..0000000 --- a/GleeBug/Debugger.Breakpoints.h +++ /dev/null @@ -1,97 +0,0 @@ -#ifndef DEBUGGER_BREAKPOINTS_H -#define DEBUGGER_BREAKPOINTS_H - -#include "Debugger.Global.h" - - -/* -Incomplete Job. I'll Continue Later. -*/ -namespace GleeBug{ - - - typedef std::tuple breakpoint; - typedef std::unordered_map bpmap; - - struct BreakPointManager{ - - bpmap breakpoints; - - BreakPointManager(){ - breakpoints = bpmap{}; - } - - bool AddBp(LPPROCESS_INFORMATION procinfo, LPVOID addr, uint32_t type){ - - uint8_t bp_type; - SIZE_T nbytes_written = 0; - - breakpoint bp( procinfo->dwProcessId, addr, type ); - - switch (type) - { - case SOFT_BP: - bp_type = 0xcc; - break; - default: - return false; - } - - if (ReadProcessMemory(procinfo->hProcess, addr, &bp_type, 1, &nbytes_written) == 0) - { - return false; - } - - if (nbytes_written != 1){ - return false; - } - breakpoints[bp] = bp_type; - - - if (WriteProcessMemory(procinfo->hProcess, addr, &bp_type, 1, &nbytes_written) == 0) - { - return false; - } - - if (nbytes_written != 1){ - return false; - } - return true; - } - - bool RemoveBp(LPPROCESS_INFORMATION proc_info, breakpoint bp){ - uint8_t original_instruction; - SIZE_T nbytes_written = 0; - try - { - original_instruction = breakpoints[bp]; - } - catch (const std::out_of_range& oor){ - return false; - } - if (WriteProcessMemory(proc_info->hProcess, std::get<1>(bp), &std::get<2>(bp), 1, &nbytes_written) == 0) - { - return false; - } - if (nbytes_written != 1){ - return false; - } - return true; - } - - bool DeleteBp(LPPROCESS_INFORMATION proc_info, breakpoint bp){ - bool success; - - success = RemoveBp(proc_info, bp); - breakpoints.erase(bp); - return success; - } - - bool DisableAll() - { - - } - }; - -} -#endif \ No newline at end of file diff --git a/GleeBug/Debugger.Global.h b/GleeBug/Debugger.Global.h index cc89903..8aaa312 100644 --- a/GleeBug/Debugger.Global.h +++ b/GleeBug/Debugger.Global.h @@ -6,10 +6,9 @@ #include #include #include -#include + #include #include -#include "Debugger.Breakpoint.Types.h" namespace GleeBug { diff --git a/GleeBug/Debugger.cpp b/GleeBug/Debugger.cpp index 27ff345..339d6c3 100644 --- a/GleeBug/Debugger.cpp +++ b/GleeBug/Debugger.cpp @@ -11,8 +11,6 @@ namespace GleeBug const wchar_t* szCommandLine, const wchar_t* szCurrentDirectory) { - _breakPoints = BreakPointManager(); - STARTUPINFOW si; memset(&si, 0, sizeof(si)); const wchar_t* szFileNameCreateProcess; @@ -51,13 +49,4 @@ namespace GleeBug { return !!DebugActiveProcessStop(_mainProcess.dwProcessId); } - - bool Debugger::SetBreakPointMainProcess(LPVOID address, uint32_t bp_type){ - return _breakPoints.AddBp(&_mainProcess, address, bp_type); - } - - bool Debugger::DelBreakPointMainProcess(LPVOID address, uint32_t bp_type){ - breakpoint temp(_mainProcess.dwProcessId, address, bp_type); - return _breakPoints.DeleteBp(&_mainProcess, temp); - } }; \ No newline at end of file diff --git a/GleeBug/Debugger.h b/GleeBug/Debugger.h index 9c097db..c8327ae 100644 --- a/GleeBug/Debugger.h +++ b/GleeBug/Debugger.h @@ -3,7 +3,6 @@ #include "Debugger.Global.h" #include "Debugger.Process.h" -#include "Debugger.Breakpoints.h" namespace GleeBug { @@ -46,11 +45,6 @@ namespace GleeBug */ void Start(); - /* - adds a brakpoint on the main process being debugger; - */ - bool SetBreakPointMainProcess(LPVOID address, uint32_t bp_type); - bool DelBreakPointMainProcess(LPVOID address, uint32_t bp_type); protected: //debug event callbacks /** \brief Process creation debug event callback. Provide an implementation to use this callback. @@ -190,7 +184,6 @@ namespace GleeBug virtual void exceptionSingleStep(const EXCEPTION_RECORD & exceptionRecord, const bool firstChance); protected: //variables - BreakPointManager _breakPoints; PROCESS_INFORMATION _mainProcess; DWORD _continueStatus; bool _breakDebugger; diff --git a/GleeBug/GleeBug.vcxproj b/GleeBug/GleeBug.vcxproj index 9e779e5..ef28bcf 100644 --- a/GleeBug/GleeBug.vcxproj +++ b/GleeBug/GleeBug.vcxproj @@ -159,8 +159,6 @@ - - diff --git a/GleeBug/GleeBug.vcxproj.filters b/GleeBug/GleeBug.vcxproj.filters index 7134884..3c4e522 100644 --- a/GleeBug/GleeBug.vcxproj.filters +++ b/GleeBug/GleeBug.vcxproj.filters @@ -65,11 +65,5 @@ Header Files - - Header Files - - - Header Files - \ No newline at end of file diff --git a/MyDebugger/main.cpp b/MyDebugger/main.cpp index b77adc0..e3398b4 100644 --- a/MyDebugger/main.cpp +++ b/MyDebugger/main.cpp @@ -6,10 +6,10 @@ int main() #ifdef _WIN64 wchar_t szFilePath[256] = L"c:\\test64.exe"; #else //x86 - wchar_t szFilePath[256] = L"C:\\Users\\JOAO\\Favorites\\Desktop\\crackmes\\chakravyuha\\_sol\\CHAKRAVYUHA.exe"; + wchar_t szFilePath[256] = L"c:\\test32.exe"; #endif //_WIN64 wchar_t szCommandLine[256] = L""; - wchar_t szCurrentDir[256] = L"C:\\Users\\JOAO\\Favorites\\Desktop\\crackmes\\chakravyuha\\_sol\\"; + wchar_t szCurrentDir[256] = L"c:\\"; MyDebugger dbg; if (dbg.Init(szFilePath, szCommandLine, szCurrentDir)) {