mirror of https://github.com/x64dbg/TitanEngine
switch statements in DebugLoop function
This commit is contained in:
parent
07291f2710
commit
0590511f5d
|
|
@ -10451,9 +10451,26 @@ __declspec(dllexport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR Fil
|
||||||
}
|
}
|
||||||
return(false);
|
return(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool isAtleastVista()
|
||||||
|
{
|
||||||
|
static bool isAtleastVista=false;
|
||||||
|
static bool isSet=false;
|
||||||
|
if(isSet)
|
||||||
|
return isAtleastVista;
|
||||||
|
OSVERSIONINFO versionInfo= {0};
|
||||||
|
versionInfo.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
|
||||||
|
GetVersionEx(&versionInfo);
|
||||||
|
isAtleastVista=versionInfo.dwMajorVersion >= 6;
|
||||||
|
isSet=true;
|
||||||
|
return isAtleastVista;
|
||||||
|
}
|
||||||
|
|
||||||
// Global.Engine.Hider.functions:
|
// Global.Engine.Hider.functions:
|
||||||
bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
|
bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
|
||||||
{
|
{
|
||||||
|
static ULONG OldHeapFlags=0;
|
||||||
|
static ULONG OldForceFlag=0;
|
||||||
ULONG_PTR AddressOfPEB = NULL;
|
ULONG_PTR AddressOfPEB = NULL;
|
||||||
ULONG_PTR ueNumberOfBytesRead = NULL;
|
ULONG_PTR ueNumberOfBytesRead = NULL;
|
||||||
BYTE patchCheckRemoteDebuggerPresent[5] = {0x33, 0xC0, 0xC2, 0x08, 0x00};
|
BYTE patchCheckRemoteDebuggerPresent[5] = {0x33, 0xC0, 0xC2, 0x08, 0x00};
|
||||||
|
|
@ -10472,6 +10489,9 @@ bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
|
||||||
{
|
{
|
||||||
myPEB.BeingDebugged = false;
|
myPEB.BeingDebugged = false;
|
||||||
myPEB.NtGlobalFlag = NULL;
|
myPEB.NtGlobalFlag = NULL;
|
||||||
|
//Fix heap flags: https://github.com/eschweiler/ProReversing
|
||||||
|
BYTE* Heap=(BYTE*)myPEB.ProcessHeap;
|
||||||
|
|
||||||
if(WriteProcessMemory(hProcess, (void*)AddressOfPEB, (void*)&myPEB, sizeof NTPEB, &ueNumberOfBytesRead))
|
if(WriteProcessMemory(hProcess, (void*)AddressOfPEB, (void*)&myPEB, sizeof NTPEB, &ueNumberOfBytesRead))
|
||||||
{
|
{
|
||||||
if(PatchAPILevel == UE_HIDE_BASIC)
|
if(PatchAPILevel == UE_HIDE_BASIC)
|
||||||
|
|
@ -12434,7 +12454,7 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
|
||||||
RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer);
|
RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer);
|
||||||
if(szCommandLine == NULL)
|
if(szCommandLine == NULL)
|
||||||
{
|
{
|
||||||
if(CreateProcessW(szFileName, NULL, NULL, NULL, false, DEBUG_PROCESS+DEBUG_ONLY_THIS_PROCESS+DebugConsoleFlag+CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
|
if(CreateProcessW(szFileName, NULL, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
|
||||||
{
|
{
|
||||||
engineAttachedToProcess = false;
|
engineAttachedToProcess = false;
|
||||||
engineAttachedProcessCallBack = NULL;
|
engineAttachedProcessCallBack = NULL;
|
||||||
|
|
@ -12450,7 +12470,7 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine);
|
wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine);
|
||||||
if(CreateProcessW(NULL, szCreateWithCmdLine, NULL, NULL, false, DEBUG_PROCESS+DEBUG_ONLY_THIS_PROCESS+DebugConsoleFlag+CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
|
if(CreateProcessW(NULL, szCreateWithCmdLine, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
|
||||||
{
|
{
|
||||||
engineAttachedToProcess = false;
|
engineAttachedToProcess = false;
|
||||||
engineAttachedProcessCallBack = NULL;
|
engineAttachedProcessCallBack = NULL;
|
||||||
|
|
@ -16296,7 +16316,11 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(DBGEvent.dwDebugEventCode == CREATE_PROCESS_DEBUG_EVENT) //debuggee is created
|
|
||||||
|
//Debug event
|
||||||
|
switch(DBGEvent.dwDebugEventCode)
|
||||||
|
{
|
||||||
|
case CREATE_PROCESS_DEBUG_EVENT:
|
||||||
{
|
{
|
||||||
if(DBGFileHandle == NULL) //we didn't set the handle yet
|
if(DBGFileHandle == NULL) //we didn't set the handle yet
|
||||||
{
|
{
|
||||||
|
|
@ -16407,8 +16431,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
else if(DBGEvent.dwDebugEventCode == EXIT_PROCESS_DEBUG_EVENT)
|
case EXIT_PROCESS_DEBUG_EVENT:
|
||||||
{
|
{
|
||||||
ProcessExitCode = DBGEvent.u.ExitProcess.dwExitCode;
|
ProcessExitCode = DBGEvent.u.ExitProcess.dwExitCode;
|
||||||
DBGCode = DBG_CONTINUE;
|
DBGCode = DBG_CONTINUE;
|
||||||
|
|
@ -16429,8 +16454,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
else if(DBGEvent.dwDebugEventCode == CREATE_THREAD_DEBUG_EVENT)
|
case CREATE_THREAD_DEBUG_EVENT:
|
||||||
{
|
{
|
||||||
//maintain thread list
|
//maintain thread list
|
||||||
if(hListThread == NULL)
|
if(hListThread == NULL)
|
||||||
|
|
@ -16468,8 +16494,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
else if(DBGEvent.dwDebugEventCode == EXIT_THREAD_DEBUG_EVENT)
|
case EXIT_THREAD_DEBUG_EVENT:
|
||||||
{
|
{
|
||||||
//custom handler
|
//custom handler
|
||||||
if(DBGCustomHandler->chExitThread != NULL)
|
if(DBGCustomHandler->chExitThread != NULL)
|
||||||
|
|
@ -16512,8 +16539,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
hListThreadPtr->ThreadStartAddress = NULL;
|
hListThreadPtr->ThreadStartAddress = NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
else if(DBGEvent.dwDebugEventCode == LOAD_DLL_DEBUG_EVENT)
|
case LOAD_DLL_DEBUG_EVENT:
|
||||||
{
|
{
|
||||||
//maintain library list
|
//maintain library list
|
||||||
if(hListLibrary == NULL)
|
if(hListLibrary == NULL)
|
||||||
|
|
@ -16627,8 +16655,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
else if(DBGEvent.dwDebugEventCode == UNLOAD_DLL_DEBUG_EVENT)
|
case UNLOAD_DLL_DEBUG_EVENT:
|
||||||
{
|
{
|
||||||
//unload DLL callback
|
//unload DLL callback
|
||||||
if(DBGCustomHandler->chUnloadDll != NULL)
|
if(DBGCustomHandler->chUnloadDll != NULL)
|
||||||
|
|
@ -16706,8 +16735,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
else if(DBGEvent.dwDebugEventCode == OUTPUT_DEBUG_STRING_EVENT)
|
case OUTPUT_DEBUG_STRING_EVENT:
|
||||||
{
|
{
|
||||||
//debug string callback
|
//debug string callback
|
||||||
if(DBGCustomHandler->chOutputDebugString != NULL)
|
if(DBGCustomHandler->chOutputDebugString != NULL)
|
||||||
|
|
@ -16723,9 +16753,11 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
else if(DBGEvent.dwDebugEventCode == EXCEPTION_DEBUG_EVENT)
|
case EXCEPTION_DEBUG_EVENT:
|
||||||
{
|
{
|
||||||
|
printf("Exception: 0x%X\n", DBGEvent.u.Exception.ExceptionRecord.ExceptionCode);
|
||||||
//NOTE: useless callback?
|
//NOTE: useless callback?
|
||||||
if(DBGCustomHandler->chEverythingElse != NULL)
|
if(DBGCustomHandler->chEverythingElse != NULL)
|
||||||
{
|
{
|
||||||
|
|
@ -16755,8 +16787,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
|
|
||||||
//handle different exception codes
|
//handle different exception codes
|
||||||
|
|
||||||
//NOTE: breakpoint exception
|
switch(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode)
|
||||||
if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_BREAKPOINT)
|
{
|
||||||
|
case STATUS_BREAKPOINT:
|
||||||
{
|
{
|
||||||
MaximumBreakPoints = 0;
|
MaximumBreakPoints = 0;
|
||||||
for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++)
|
for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++)
|
||||||
|
|
@ -16990,7 +17023,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
if(engineAutoHideFromDebugger)
|
if(engineAutoHideFromDebugger)
|
||||||
{
|
{
|
||||||
HideDebugger(dbgProcessInformation.hProcess, UE_HIDE_BASIC);
|
HideDebugger(dbgProcessInformation.hProcess, UE_HIDE_PEBONLY);
|
||||||
}
|
}
|
||||||
if(DebugExeFileEntryPointCallBack != NULL) //set entry breakpoint
|
if(DebugExeFileEntryPointCallBack != NULL) //set entry breakpoint
|
||||||
{
|
{
|
||||||
|
|
@ -17025,8 +17058,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//NOTE: single step exception
|
break;
|
||||||
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_SINGLE_STEP)
|
|
||||||
|
case STATUS_SINGLE_STEP:
|
||||||
{
|
{
|
||||||
if(ResetBPX == true || ResetHwBPX == true || ResetMemBPX == true) //restore breakpoints (internal step)
|
if(ResetBPX == true || ResetHwBPX == true || ResetMemBPX == true) //restore breakpoints (internal step)
|
||||||
{
|
{
|
||||||
|
|
@ -17301,8 +17335,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//NOTE: guard page exception
|
break;
|
||||||
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_GUARD_PAGE_VIOLATION)
|
|
||||||
|
case STATUS_GUARD_PAGE_VIOLATION:
|
||||||
{
|
{
|
||||||
MemoryBpxFound = false;
|
MemoryBpxFound = false;
|
||||||
MaximumBreakPoints = 0;
|
MaximumBreakPoints = 0;
|
||||||
|
|
@ -17513,8 +17548,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//NOTE: access violation exception
|
break;
|
||||||
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_ACCESS_VIOLATION)
|
|
||||||
|
case STATUS_ACCESS_VIOLATION:
|
||||||
{
|
{
|
||||||
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
||||||
if(DBGCustomHandler->chAccessViolation != NULL)
|
if(DBGCustomHandler->chAccessViolation != NULL)
|
||||||
|
|
@ -17530,8 +17566,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//NOTE: illegal instruction exception
|
break;
|
||||||
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_ILLEGAL_INSTRUCTION)
|
|
||||||
|
case STATUS_ILLEGAL_INSTRUCTION:
|
||||||
{
|
{
|
||||||
//UD2 breakpoint
|
//UD2 breakpoint
|
||||||
MaximumBreakPoints = 0;
|
MaximumBreakPoints = 0;
|
||||||
|
|
@ -17746,8 +17783,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//NOTE: uncontinuable exception
|
break;
|
||||||
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_NONCONTINUABLE_EXCEPTION)
|
|
||||||
|
case STATUS_NONCONTINUABLE_EXCEPTION;
|
||||||
{
|
{
|
||||||
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
||||||
if(DBGCustomHandler->chNonContinuableException != NULL)
|
if(DBGCustomHandler->chNonContinuableException != NULL)
|
||||||
|
|
@ -17763,8 +17801,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//NOTE: array bounds exception
|
break;
|
||||||
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_ARRAY_BOUNDS_EXCEEDED)
|
|
||||||
|
case STATUS_ARRAY_BOUNDS_EXCEEDED:
|
||||||
{
|
{
|
||||||
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
||||||
if(DBGCustomHandler->chArrayBoundsException != NULL)
|
if(DBGCustomHandler->chArrayBoundsException != NULL)
|
||||||
|
|
@ -17780,8 +17819,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//NOTE: float denormal operand exception
|
break;
|
||||||
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_FLOAT_DENORMAL_OPERAND)
|
|
||||||
|
case STATUS_FLOAT_DENORMAL_OPERAND:
|
||||||
{
|
{
|
||||||
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
||||||
if(DBGCustomHandler->chFloatDenormalOperand != NULL)
|
if(DBGCustomHandler->chFloatDenormalOperand != NULL)
|
||||||
|
|
@ -17797,8 +17837,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//NOTE: float devide by zero exception
|
break;
|
||||||
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_FLOAT_DIVIDE_BY_ZERO)
|
|
||||||
|
case STATUS_FLOAT_DIVIDE_BY_ZERO:
|
||||||
{
|
{
|
||||||
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
||||||
if(DBGCustomHandler->chFloatDevideByZero != NULL)
|
if(DBGCustomHandler->chFloatDevideByZero != NULL)
|
||||||
|
|
@ -17814,8 +17855,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//NOTE: devide by zero exception
|
break;
|
||||||
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_INTEGER_DIVIDE_BY_ZERO)
|
|
||||||
|
case STATUS_INTEGER_DIVIDE_BY_ZERO:
|
||||||
{
|
{
|
||||||
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
||||||
if(DBGCustomHandler->chIntegerDevideByZero != NULL)
|
if(DBGCustomHandler->chIntegerDevideByZero != NULL)
|
||||||
|
|
@ -17831,8 +17873,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//NOTE: integer overflow exception
|
break;
|
||||||
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_INTEGER_OVERFLOW)
|
|
||||||
|
case STATUS_INTEGER_OVERFLOW:
|
||||||
{
|
{
|
||||||
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
||||||
if(DBGCustomHandler->chIntegerOverflow != NULL)
|
if(DBGCustomHandler->chIntegerOverflow != NULL)
|
||||||
|
|
@ -17848,8 +17891,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//NOTE: privileged instruction exception
|
break;
|
||||||
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_PRIVILEGED_INSTRUCTION)
|
|
||||||
|
case STATUS_PRIVILEGED_INSTRUCTION:
|
||||||
{
|
{
|
||||||
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
|
||||||
if(DBGCustomHandler->chPrivilegedInstruction != NULL)
|
if(DBGCustomHandler->chPrivilegedInstruction != NULL)
|
||||||
|
|
@ -17865,6 +17909,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
//general unhandled exception callback
|
//general unhandled exception callback
|
||||||
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED)
|
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED)
|
||||||
|
|
@ -17897,6 +17943,14 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
case RIP_EVENT:
|
||||||
|
{
|
||||||
|
//TODO: RIP event
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if(engineResumeProcessIfNoThreadIsActive)
|
if(engineResumeProcessIfNoThreadIsActive)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -328,6 +328,7 @@ typedef struct HOOK_ENTRY
|
||||||
#define UE_ACCESS_WRITE 1
|
#define UE_ACCESS_WRITE 1
|
||||||
#define UE_ACCESS_ALL 2
|
#define UE_ACCESS_ALL 2
|
||||||
|
|
||||||
|
#define UE_HIDE_PEBONLY 0
|
||||||
#define UE_HIDE_BASIC 1
|
#define UE_HIDE_BASIC 1
|
||||||
|
|
||||||
#define UE_PLUGIN_CALL_REASON_PREDEBUG 1
|
#define UE_PLUGIN_CALL_REASON_PREDEBUG 1
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue