x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

some cleanups in TitanEngine.Debugger.Context (wip)

This commit is contained in:
Mr. eXoDia 2014-12-08 15:30:51 +01:00
parent 2dedd37950
commit 6f6bae27a6
7 changed files with 334 additions and 370 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
SDK/C/TitanEngine.h
View File

@ -840,6 +840,7 @@ __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, voi
__declspec(dllexport) void TITCALL Getx87FPURegisters(x87FPURegister_t x87FPURegisters[8], TITAN_ENGINE_CONTEXT_t* titcontext); __declspec(dllexport) void TITCALL Getx87FPURegisters(x87FPURegister_t x87FPURegisters[8], TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) void TITCALL GetMMXRegisters(uint64_t mmx[8], TITAN_ENGINE_CONTEXT_t* titcontext); __declspec(dllexport) void TITCALL GetMMXRegisters(uint64_t mmx[8], TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext); __declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) bool TITCALL SetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister); __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister);
__declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister); __declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister);
__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); __declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);

232
TitanEngine/Global.Engine.Context.cpp Normal file
View File

@ -0,0 +1,232 @@
#include "stdafx.h"
#include "definitions.h"
#include "Global.Engine.Context.h"
PGETENABLEDXSTATEFEATURES _GetEnabledXStateFeatures = NULL;
PINITIALIZECONTEXT _InitializeContext = NULL;
PGETXSTATEFEATURESMASK _GetXStateFeaturesMask = NULL;
LOCATEXSTATEFEATURE _LocateXStateFeature = NULL;
SETXSTATEFEATURESMASK _SetXStateFeaturesMask = NULL;
bool _SetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext, bool AVX_PRIORITY)
{
CONTEXT DBGContext;
memset(&DBGContext, 0, sizeof(DBGContext));
DBGContext.ContextFlags = CONTEXT_ALL | CONTEXT_FLOATING_POINT | CONTEXT_EXTENDED_REGISTERS;
if(!GetThreadContext(hActiveThread, &DBGContext))
{
ResumeThread(hActiveThread);
return false;
}
DBGContext.EFlags = (DWORD)titcontext->eflags;
DBGContext.Dr0 = titcontext->dr0;
DBGContext.Dr1 = titcontext->dr1;
DBGContext.Dr2 = titcontext->dr2;
DBGContext.Dr3 = titcontext->dr3;
DBGContext.Dr6 = titcontext->dr6;
DBGContext.Dr7 = titcontext->dr7;
DBGContext.SegGs = titcontext->gs;
DBGContext.SegFs = titcontext->fs;
DBGContext.SegEs = titcontext->es;
DBGContext.SegDs = titcontext->ds;
DBGContext.SegCs = titcontext->cs;
DBGContext.SegSs = titcontext->ss;
#ifdef _WIN64 //x64
DBGContext.Rax = titcontext->cax;
DBGContext.Rbx = titcontext->cbx;
DBGContext.Rcx = titcontext->ccx;
DBGContext.Rdx = titcontext->cdx;
DBGContext.Rdi = titcontext->cdi;
DBGContext.Rsi = titcontext->csi;
DBGContext.Rbp = titcontext->cbp;
DBGContext.Rsp = titcontext->csp;
DBGContext.Rip = titcontext->cip;
DBGContext.R8 = titcontext->r8;
DBGContext.R9 = titcontext->r9;
DBGContext.R10 = titcontext->r10;
DBGContext.R11 = titcontext->r11;
DBGContext.R12 = titcontext->r12;
DBGContext.R13 = titcontext->r13;
DBGContext.R14 = titcontext->r14;
DBGContext.R15 = titcontext->r15;
DBGContext.FltSave.ControlWord = titcontext->x87fpu.ControlWord;
DBGContext.FltSave.StatusWord = titcontext->x87fpu.StatusWord;
memcpy(& (DBGContext.FltSave.TagWord), & (titcontext->x87fpu.TagWord), sizeof(titcontext->x87fpu.TagWord));
#ifdef _WIN64
#define WIN64_CASTDWORDTOWORD (WORD)
#else
#define WIN64_CASTDWORDTOWORD (DWORD)
#endif
DBGContext.FltSave.ErrorSelector = WIN64_CASTDWORDTOWORD titcontext->x87fpu.ErrorSelector;
DBGContext.FltSave.ErrorOffset = titcontext->x87fpu.ErrorOffset;
DBGContext.FltSave.DataSelector = WIN64_CASTDWORDTOWORD titcontext->x87fpu.DataSelector;
DBGContext.FltSave.DataOffset = titcontext->x87fpu.DataOffset;
// Skip titcontext->x87fpu.Cr0NpxState
DBGContext.FltSave.MxCsr = titcontext->MxCsr;
for(int i = 0; i < 8; i++)
memcpy(& DBGContext.FltSave.FloatRegisters[i], &(titcontext->RegisterArea[i * 10]), 10);
for(int i = 0; i < 16; i++)
memcpy(& (DBGContext.FltSave.XmmRegisters[i]), & (titcontext->XmmRegisters[i]), 16);
#else //x86
DBGContext.Eax = titcontext->cax;
DBGContext.Ebx = titcontext->cbx;
DBGContext.Ecx = titcontext->ccx;
DBGContext.Edx = titcontext->cdx;
DBGContext.Edi = titcontext->cdi;
DBGContext.Esi = titcontext->csi;
DBGContext.Ebp = titcontext->cbp;
DBGContext.Esp = titcontext->csp;
DBGContext.Eip = titcontext->cip;
DBGContext.FloatSave.ControlWord = titcontext->x87fpu.ControlWord;
DBGContext.FloatSave.StatusWord = titcontext->x87fpu.StatusWord;
DBGContext.FloatSave.TagWord = titcontext->x87fpu.TagWord;
DBGContext.FloatSave.ErrorSelector = titcontext->x87fpu.ErrorSelector;
DBGContext.FloatSave.ErrorOffset = titcontext->x87fpu.ErrorOffset;
DBGContext.FloatSave.DataSelector = titcontext->x87fpu.DataSelector;
DBGContext.FloatSave.DataOffset = titcontext->x87fpu.DataOffset;
DBGContext.FloatSave.Cr0NpxState = titcontext->x87fpu.Cr0NpxState;
memcpy(DBGContext.FloatSave.RegisterArea, titcontext->RegisterArea, 80);
// MXCSR ExtendedRegisters[24]
memcpy(& (DBGContext.ExtendedRegisters[24]), & titcontext->MxCsr, sizeof(titcontext->MxCsr));
// for x86 copy the 8 Xmm Registers from ExtendedRegisters[(10+n)*16]; (n is the index of the xmm register) to the XMM register
for(int i = 0; i < 8; i++)
memcpy(& DBGContext.ExtendedRegisters[(10 + i) * 16], &(titcontext->XmmRegisters[i]), 16);
#endif
bool returnf = SetThreadContext(hActiveThread, & DBGContext) ? true : false;
if(AVX_PRIORITY)
SetAVXContext(hActiveThread, titcontext);
return returnf;
}
bool _GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext)
{
CONTEXT DBGContext;
memset(&DBGContext, 0, sizeof(CONTEXT));
memset(titcontext, 0, sizeof(TITAN_ENGINE_CONTEXT_t));
DBGContext.ContextFlags = CONTEXT_ALL | CONTEXT_FLOATING_POINT | CONTEXT_EXTENDED_REGISTERS;
if(!GetThreadContext(hActiveThread, &DBGContext))
return false;
titcontext->eflags = DBGContext.EFlags;
titcontext->dr0 = DBGContext.Dr0;
titcontext->dr1 = DBGContext.Dr1;
titcontext->dr2 = DBGContext.Dr2;
titcontext->dr3 = DBGContext.Dr3;
titcontext->dr6 = DBGContext.Dr6;
titcontext->dr7 = DBGContext.Dr7;
titcontext->gs = (unsigned short) DBGContext.SegGs;
titcontext->fs = (unsigned short) DBGContext.SegFs;
titcontext->es = (unsigned short) DBGContext.SegEs;
titcontext->ds = (unsigned short) DBGContext.SegDs;
titcontext->cs = (unsigned short) DBGContext.SegCs;
titcontext->ss = (unsigned short) DBGContext.SegSs;
#ifdef _WIN64 //x64
titcontext->cax = DBGContext.Rax;
titcontext->cbx = DBGContext.Rbx;
titcontext->ccx = DBGContext.Rcx;
titcontext->cdx = DBGContext.Rdx;
titcontext->cdi = DBGContext.Rdi;
titcontext->csi = DBGContext.Rsi;
titcontext->cbp = DBGContext.Rbp;
titcontext->csp = DBGContext.Rsp;
titcontext->cip = DBGContext.Rip;
titcontext->r8 = DBGContext.R8;
titcontext->r9 = DBGContext.R9;
titcontext->r10 = DBGContext.R10;
titcontext->r11 = DBGContext.R11;
titcontext->r12 = DBGContext.R12;
titcontext->r13 = DBGContext.R13;
titcontext->r14 = DBGContext.R14;
titcontext->r15 = DBGContext.R15;
titcontext->x87fpu.ControlWord = DBGContext.FltSave.ControlWord;
titcontext->x87fpu.StatusWord = DBGContext.FltSave.StatusWord;
memcpy(& (titcontext->x87fpu.TagWord), & (DBGContext.FltSave.TagWord), sizeof(titcontext->x87fpu.TagWord));
titcontext->x87fpu.ErrorSelector = DBGContext.FltSave.ErrorSelector;
titcontext->x87fpu.ErrorOffset = DBGContext.FltSave.ErrorOffset;
titcontext->x87fpu.DataSelector = DBGContext.FltSave.DataSelector;
titcontext->x87fpu.DataOffset = DBGContext.FltSave.DataOffset;
// Skip titcontext->x87fpu.Cr0NpxState
titcontext->MxCsr = DBGContext.FltSave.MxCsr;
for(int i = 0; i < 8; i++)
memcpy(&(titcontext->RegisterArea[i * 10]), & DBGContext.FltSave.FloatRegisters[i], 10);
for(int i = 0; i < 16; i++)
memcpy(& (titcontext->XmmRegisters[i]), & (DBGContext.FltSave.XmmRegisters[i]), 16);
#else //x86
titcontext->cax = DBGContext.Eax;
titcontext->cbx = DBGContext.Ebx;
titcontext->ccx = DBGContext.Ecx;
titcontext->cdx = DBGContext.Edx;
titcontext->cdi = DBGContext.Edi;
titcontext->csi = DBGContext.Esi;
titcontext->cbp = DBGContext.Ebp;
titcontext->csp = DBGContext.Esp;
titcontext->cip = DBGContext.Eip;
titcontext->x87fpu.ControlWord = (WORD) DBGContext.FloatSave.ControlWord;
titcontext->x87fpu.StatusWord = (WORD) DBGContext.FloatSave.StatusWord;
titcontext->x87fpu.TagWord = (WORD) DBGContext.FloatSave.TagWord;
titcontext->x87fpu.ErrorSelector = DBGContext.FloatSave.ErrorSelector;
titcontext->x87fpu.ErrorOffset = DBGContext.FloatSave.ErrorOffset;
titcontext->x87fpu.DataSelector = DBGContext.FloatSave.DataSelector;
titcontext->x87fpu.DataOffset = DBGContext.FloatSave.DataOffset;
titcontext->x87fpu.Cr0NpxState = DBGContext.FloatSave.Cr0NpxState;
memcpy(titcontext->RegisterArea, DBGContext.FloatSave.RegisterArea, 80);
// MXCSR ExtendedRegisters[24]
memcpy(& (titcontext->MxCsr), & (DBGContext.ExtendedRegisters[24]), sizeof(titcontext->MxCsr));
// for x86 copy the 8 Xmm Registers from ExtendedRegisters[(10+n)*16]; (n is the index of the xmm register) to the XMM register
for(int i = 0; i < 8; i++)
memcpy(&(titcontext->XmmRegisters[i]), & DBGContext.ExtendedRegisters[(10 + i) * 16], 16);
#endif
GetAVXContext(hActiveThread, titcontext);
return true;
}
bool InitXState()
{
static bool init = false;
if(!init)
{
init = true;
HMODULE kernel32 = GetModuleHandleW(L"kernel32.dll");
if(kernel32 != NULL)
{
_GetEnabledXStateFeatures = (PGETENABLEDXSTATEFEATURES)GetProcAddress(kernel32, "GetEnabledXStateFeatures");
_InitializeContext = (PINITIALIZECONTEXT)GetProcAddress(kernel32, "InitializeContext");
_GetXStateFeaturesMask = (PGETXSTATEFEATURESMASK)GetProcAddress(kernel32, "GetXStateFeaturesMask");
_LocateXStateFeature = (LOCATEXSTATEFEATURE)GetProcAddress(kernel32, "LocateXStateFeature");
_SetXStateFeaturesMask = (SETXSTATEFEATURESMASK)GetProcAddress(kernel32, "SetXStateFeaturesMask");
}
}
return (_GetEnabledXStateFeatures == NULL ||
_InitializeContext == NULL ||
_GetXStateFeaturesMask == NULL ||
_LocateXStateFeature == NULL ||
_SetXStateFeaturesMask == NULL);
}

31
TitanEngine/Global.Engine.Context.h Normal file
View File

@ -0,0 +1,31 @@
#ifndef _GLOBAL_ENGINE_CONTEXT_H
#define _GLOBAL_ENGINE_CONTEXT_H
#undef CONTEXT_XSTATE
#if defined(_M_X64)
#define CONTEXT_XSTATE (0x00100040)
#else
#define CONTEXT_XSTATE (0x00010040)
#endif
#define XSTATE_AVX (XSTATE_GSSE)
#define XSTATE_MASK_AVX (XSTATE_MASK_GSSE)
typedef DWORD64(WINAPI* PGETENABLEDXSTATEFEATURES)();
typedef BOOL (WINAPI* PINITIALIZECONTEXT)(PVOID Buffer, DWORD ContextFlags, PCONTEXT* Context, PDWORD ContextLength);
typedef BOOL (WINAPI* PGETXSTATEFEATURESMASK)(PCONTEXT Context, PDWORD64 FeatureMask);
typedef PVOID(WINAPI* LOCATEXSTATEFEATURE)(PCONTEXT Context, DWORD FeatureId, PDWORD Length);
typedef BOOL (WINAPI* SETXSTATEFEATURESMASK)(PCONTEXT Context, DWORD64 FeatureMask);
extern PGETENABLEDXSTATEFEATURES _GetEnabledXStateFeatures;
extern PINITIALIZECONTEXT _InitializeContext;
extern PGETXSTATEFEATURESMASK _GetXStateFeaturesMask;
extern LOCATEXSTATEFEATURE _LocateXStateFeature;
extern SETXSTATEFEATURESMASK _SetXStateFeaturesMask;
bool _SetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext, bool AVX_PRIORITY);
bool _GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext);
bool InitXState(void);
#endif //_GLOBAL_ENGINE_CONTEXT_H

407
TitanEngine/TitanEngine.Debugger.Context.cpp
View File

@ -4,6 +4,7 @@
#include "Global.Engine.h" #include "Global.Engine.h"
#include "Global.Handle.h" #include "Global.Handle.h"
#include "Global.Engine.Threading.h" #include "Global.Engine.Threading.h"
#include "Global.Engine.Context.h"
__declspec(dllexport) void TITCALL GetMMXRegisters(uint64_t mmx[8], TITAN_ENGINE_CONTEXT_t* titcontext) __declspec(dllexport) void TITCALL GetMMXRegisters(uint64_t mmx[8], TITAN_ENGINE_CONTEXT_t* titcontext)
{ {
@ -17,7 +18,6 @@ __declspec(dllexport) void TITCALL GetMMXRegisters(uint64_t mmx[8], TITAN_ENGINE
__declspec(dllexport) void TITCALL Getx87FPURegisters(x87FPURegister_t x87FPURegisters[8], TITAN_ENGINE_CONTEXT_t* titcontext) __declspec(dllexport) void TITCALL Getx87FPURegisters(x87FPURegister_t x87FPURegisters[8], TITAN_ENGINE_CONTEXT_t* titcontext)
{ {
/* /*
GET Actual TOP register from StatusWord to order the FPUx87registers like in the FPU internal order. GET Actual TOP register from StatusWord to order the FPUx87registers like in the FPU internal order.
The TOP field (bits 13-11) is where the FPU keeps track of which of its 80-bit registers is at the TOP. The TOP field (bits 13-11) is where the FPU keeps track of which of its 80-bit registers is at the TOP.
@ -28,9 +28,8 @@ __declspec(dllexport) void TITCALL Getx87FPURegisters(x87FPURegister_t x87FPUReg
int STInTopStack = GetSTInTOPStackFromStatusWord(titcontext->x87fpu.StatusWord); int STInTopStack = GetSTInTOPStackFromStatusWord(titcontext->x87fpu.StatusWord);
DWORD x87r0_position = Getx87r0PositionInRegisterArea(STInTopStack); DWORD x87r0_position = Getx87r0PositionInRegisterArea(STInTopStack);
int i;
for(i = 0; i < 8; i++) for(int i = 0; i < 8; i++)
{ {
memcpy(x87FPURegisters[i].data, GetRegisterAreaOf87register(titcontext->RegisterArea, x87r0_position, i), 10); memcpy(x87FPURegisters[i].data, GetRegisterAreaOf87register(titcontext->RegisterArea, x87r0_position, i), 10);
x87FPURegisters[i].st_value = GetSTValueFromIndex(x87r0_position, i); x87FPURegisters[i].st_value = GetSTValueFromIndex(x87r0_position, i);
@ -65,116 +64,6 @@ __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, voi
return false; return false;
} }
__declspec(dllexport) bool TITCALL _SetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext, bool AVX_PRIORITY)
{
CONTEXT DBGContext;
int i;
bool returnf;
memset(&DBGContext, 0, sizeof(DBGContext));
DBGContext.ContextFlags = CONTEXT_ALL | CONTEXT_FLOATING_POINT | CONTEXT_EXTENDED_REGISTERS;
if(!GetThreadContext(hActiveThread, &DBGContext))
{
ResumeThread(hActiveThread);
return false;
}
DBGContext.EFlags = (DWORD)titcontext->eflags;
DBGContext.Dr0 = titcontext->dr0;
DBGContext.Dr1 = titcontext->dr1;
DBGContext.Dr2 = titcontext->dr2;
DBGContext.Dr3 = titcontext->dr3;
DBGContext.Dr6 = titcontext->dr6;
DBGContext.Dr7 = titcontext->dr7;
DBGContext.SegGs = titcontext->gs;
DBGContext.SegFs = titcontext->fs;
DBGContext.SegEs = titcontext->es;
DBGContext.SegDs = titcontext->ds;
DBGContext.SegCs = titcontext->cs;
DBGContext.SegSs = titcontext->ss;
#ifdef _WIN64 //x64
DBGContext.Rax = titcontext->cax;
DBGContext.Rbx = titcontext->cbx;
DBGContext.Rcx = titcontext->ccx;
DBGContext.Rdx = titcontext->cdx;
DBGContext.Rdi = titcontext->cdi;
DBGContext.Rsi = titcontext->csi;
DBGContext.Rbp = titcontext->cbp;
DBGContext.Rsp = titcontext->csp;
DBGContext.Rip = titcontext->cip;
DBGContext.R8 = titcontext->r8;
DBGContext.R9 = titcontext->r9;
DBGContext.R10 = titcontext->r10;
DBGContext.R11 = titcontext->r11;
DBGContext.R12 = titcontext->r12;
DBGContext.R13 = titcontext->r13;
DBGContext.R14 = titcontext->r14;
DBGContext.R15 = titcontext->r15;
DBGContext.FltSave.ControlWord = titcontext->x87fpu.ControlWord;
DBGContext.FltSave.StatusWord = titcontext->x87fpu.StatusWord;
memcpy(& (DBGContext.FltSave.TagWord), & (titcontext->x87fpu.TagWord), sizeof(titcontext->x87fpu.TagWord));
#ifdef _WIN64
#define WIN64_CASTDWORDTOWORD (WORD)
#else
#define WIN64_CASTDWORDTOWORD (DWORD)
#endif
DBGContext.FltSave.ErrorSelector = WIN64_CASTDWORDTOWORD titcontext->x87fpu.ErrorSelector;
DBGContext.FltSave.ErrorOffset = titcontext->x87fpu.ErrorOffset;
DBGContext.FltSave.DataSelector = WIN64_CASTDWORDTOWORD titcontext->x87fpu.DataSelector;
DBGContext.FltSave.DataOffset = titcontext->x87fpu.DataOffset;
// Skip titcontext->x87fpu.Cr0NpxState
DBGContext.FltSave.MxCsr = titcontext->MxCsr;
for(i = 0; i < 8; i++)
memcpy(& DBGContext.FltSave.FloatRegisters[i], &(titcontext->RegisterArea[i * 10]), 10);
for(i = 0; i < 16; i++)
memcpy(& (DBGContext.FltSave.XmmRegisters[i]), & (titcontext->XmmRegisters[i]), 16);
#else //x86
DBGContext.Eax = titcontext->cax;
DBGContext.Ebx = titcontext->cbx;
DBGContext.Ecx = titcontext->ccx;
DBGContext.Edx = titcontext->cdx;
DBGContext.Edi = titcontext->cdi;
DBGContext.Esi = titcontext->csi;
DBGContext.Ebp = titcontext->cbp;
DBGContext.Esp = titcontext->csp;
DBGContext.Eip = titcontext->cip;
DBGContext.FloatSave.ControlWord = titcontext->x87fpu.ControlWord;
DBGContext.FloatSave.StatusWord = titcontext->x87fpu.StatusWord;
DBGContext.FloatSave.TagWord = titcontext->x87fpu.TagWord;
DBGContext.FloatSave.ErrorSelector = titcontext->x87fpu.ErrorSelector;
DBGContext.FloatSave.ErrorOffset = titcontext->x87fpu.ErrorOffset;
DBGContext.FloatSave.DataSelector = titcontext->x87fpu.DataSelector;
DBGContext.FloatSave.DataOffset = titcontext->x87fpu.DataOffset;
DBGContext.FloatSave.Cr0NpxState = titcontext->x87fpu.Cr0NpxState;
memcpy(DBGContext.FloatSave.RegisterArea, titcontext->RegisterArea, 80);
// MXCSR ExtendedRegisters[24]
memcpy(& (DBGContext.ExtendedRegisters[24]), & titcontext->MxCsr, sizeof(titcontext->MxCsr));
// for x86 copy the 8 Xmm Registers from ExtendedRegisters[(10+n)*16]; (n is the index of the xmm register) to the XMM register
for(i = 0; i < 8; i++)
memcpy(& DBGContext.ExtendedRegisters[(10 + i) * 16], &(titcontext->XmmRegisters[i]), 16);
#endif
returnf = SetThreadContext(hActiveThread, & DBGContext) ? true : false;
if(AVX_PRIORITY)
SetAVXContext(hActiveThread, titcontext);
return returnf;
}
__declspec(dllexport) bool TITCALL SetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext) __declspec(dllexport) bool TITCALL SetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext)
{ {
bool returnf; bool returnf;
@ -189,102 +78,6 @@ __declspec(dllexport) bool TITCALL SetFullContextDataEx(HANDLE hActiveThread, TI
return returnf; return returnf;
} }
__declspec(dllexport) bool TITCALL _GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext)
{
CONTEXT DBGContext;
int i;
memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL | CONTEXT_FLOATING_POINT | CONTEXT_EXTENDED_REGISTERS;
if(!GetThreadContext(hActiveThread, &DBGContext))
return false;
titcontext->eflags = DBGContext.EFlags;
titcontext->dr0 = DBGContext.Dr0;
titcontext->dr1 = DBGContext.Dr1;
titcontext->dr2 = DBGContext.Dr2;
titcontext->dr3 = DBGContext.Dr3;
titcontext->dr6 = DBGContext.Dr6;
titcontext->dr7 = DBGContext.Dr7;
titcontext->gs = (unsigned short) DBGContext.SegGs;
titcontext->fs = (unsigned short) DBGContext.SegFs;
titcontext->es = (unsigned short) DBGContext.SegEs;
titcontext->ds = (unsigned short) DBGContext.SegDs;
titcontext->cs = (unsigned short) DBGContext.SegCs;
titcontext->ss = (unsigned short) DBGContext.SegSs;
#ifdef _WIN64 //x64
titcontext->cax = DBGContext.Rax;
titcontext->cbx = DBGContext.Rbx;
titcontext->ccx = DBGContext.Rcx;
titcontext->cdx = DBGContext.Rdx;
titcontext->cdi = DBGContext.Rdi;
titcontext->csi = DBGContext.Rsi;
titcontext->cbp = DBGContext.Rbp;
titcontext->csp = DBGContext.Rsp;
titcontext->cip = DBGContext.Rip;
titcontext->r8 = DBGContext.R8;
titcontext->r9 = DBGContext.R9;
titcontext->r10 = DBGContext.R10;
titcontext->r11 = DBGContext.R11;
titcontext->r12 = DBGContext.R12;
titcontext->r13 = DBGContext.R13;
titcontext->r14 = DBGContext.R14;
titcontext->r15 = DBGContext.R15;
titcontext->x87fpu.ControlWord = DBGContext.FltSave.ControlWord;
titcontext->x87fpu.StatusWord = DBGContext.FltSave.StatusWord;
memcpy(& (titcontext->x87fpu.TagWord), & (DBGContext.FltSave.TagWord), sizeof(titcontext->x87fpu.TagWord));
titcontext->x87fpu.ErrorSelector = DBGContext.FltSave.ErrorSelector;
titcontext->x87fpu.ErrorOffset = DBGContext.FltSave.ErrorOffset;
titcontext->x87fpu.DataSelector = DBGContext.FltSave.DataSelector;
titcontext->x87fpu.DataOffset = DBGContext.FltSave.DataOffset;
// Skip titcontext->x87fpu.Cr0NpxState
titcontext->MxCsr = DBGContext.FltSave.MxCsr;
for(i = 0; i < 8; i++)
memcpy(&(titcontext->RegisterArea[i * 10]), & DBGContext.FltSave.FloatRegisters[i], 10);
for(i = 0; i < 16; i++)
memcpy(& (titcontext->XmmRegisters[i]), & (DBGContext.FltSave.XmmRegisters[i]), 16);
#else //x86
titcontext->cax = DBGContext.Eax;
titcontext->cbx = DBGContext.Ebx;
titcontext->ccx = DBGContext.Ecx;
titcontext->cdx = DBGContext.Edx;
titcontext->cdi = DBGContext.Edi;
titcontext->csi = DBGContext.Esi;
titcontext->cbp = DBGContext.Ebp;
titcontext->csp = DBGContext.Esp;
titcontext->cip = DBGContext.Eip;
titcontext->x87fpu.ControlWord = (WORD) DBGContext.FloatSave.ControlWord;
titcontext->x87fpu.StatusWord = (WORD) DBGContext.FloatSave.StatusWord;
titcontext->x87fpu.TagWord = (WORD) DBGContext.FloatSave.TagWord;
titcontext->x87fpu.ErrorSelector = DBGContext.FloatSave.ErrorSelector;
titcontext->x87fpu.ErrorOffset = DBGContext.FloatSave.ErrorOffset;
titcontext->x87fpu.DataSelector = DBGContext.FloatSave.DataSelector;
titcontext->x87fpu.DataOffset = DBGContext.FloatSave.DataOffset;
titcontext->x87fpu.Cr0NpxState = DBGContext.FloatSave.Cr0NpxState;
memcpy(titcontext->RegisterArea, DBGContext.FloatSave.RegisterArea, 80);
// MXCSR ExtendedRegisters[24]
memcpy(& (titcontext->MxCsr), & (DBGContext.ExtendedRegisters[24]), sizeof(titcontext->MxCsr));
// for x86 copy the 8 Xmm Registers from ExtendedRegisters[(10+n)*16]; (n is the index of the xmm register) to the XMM register
for(i = 0; i < 8; i++)
memcpy(&(titcontext->XmmRegisters[i]), & DBGContext.ExtendedRegisters[(10 + i) * 16], 16);
#endif
GetAVXContext(hActiveThread, titcontext);
return true;
}
__declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext) __declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext)
{ {
bool returnf; bool returnf;
@ -1131,122 +924,48 @@ __declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_P
return ContextReturn; return ContextReturn;
} }
#undef CONTEXT_XSTATE
#if defined(_M_X64)
#define CONTEXT_XSTATE (0x00100040)
#else
#define CONTEXT_XSTATE (0x00010040)
#endif
#define XSTATE_AVX (XSTATE_GSSE)
#define XSTATE_MASK_AVX (XSTATE_MASK_GSSE)
typedef DWORD64(WINAPI* PGETENABLEDXSTATEFEATURES)();
PGETENABLEDXSTATEFEATURES pfnGetEnabledXStateFeatures = NULL;
typedef BOOL (WINAPI* PINITIALIZECONTEXT)(PVOID Buffer, DWORD ContextFlags, PCONTEXT* Context, PDWORD ContextLength);
PINITIALIZECONTEXT pfnInitializeContext = NULL;
typedef BOOL (WINAPI* PGETXSTATEFEATURESMASK)(PCONTEXT Context, PDWORD64 FeatureMask);
PGETXSTATEFEATURESMASK pfnGetXStateFeaturesMask = NULL;
typedef PVOID(WINAPI* LOCATEXSTATEFEATURE)(PCONTEXT Context, DWORD FeatureId, PDWORD Length);
LOCATEXSTATEFEATURE pfnLocateXStateFeature = NULL;
typedef BOOL (WINAPI* SETXSTATEFEATURESMASK)(PCONTEXT Context, DWORD64 FeatureMask);
SETXSTATEFEATURESMASK pfnSetXStateFeaturesMask = NULL;
bool InitXState(void)
{
bool returnf = false;
static bool init = false;
if(init)
return true;
HMODULE hm = GetModuleHandleA("kernel32.dll");
if(hm == NULL)
{
return returnf;
}
pfnGetEnabledXStateFeatures = (PGETENABLEDXSTATEFEATURES)GetProcAddress(hm, "GetEnabledXStateFeatures");
pfnInitializeContext = (PINITIALIZECONTEXT)GetProcAddress(hm, "InitializeContext");
pfnGetXStateFeaturesMask = (PGETXSTATEFEATURESMASK)GetProcAddress(hm, "GetXStateFeaturesMask");
pfnLocateXStateFeature = (LOCATEXSTATEFEATURE)GetProcAddress(hm, "LocateXStateFeature");
pfnSetXStateFeaturesMask = (SETXSTATEFEATURESMASK)GetProcAddress(hm, "SetXStateFeaturesMask");
if
(
pfnGetEnabledXStateFeatures == NULL
|| pfnInitializeContext == NULL
|| pfnGetXStateFeaturesMask == NULL
|| pfnLocateXStateFeature == NULL
|| pfnSetXStateFeaturesMask == NULL
)
{
return returnf;
}
init = true;
return true;
}
__declspec(dllexport) bool TITCALL SetAVXContext(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext) __declspec(dllexport) bool TITCALL SetAVXContext(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext)
{ {
PVOID Buffer;
PCONTEXT Context;
DWORD ContextSize;
DWORD FeatureLength;
ULONG Index;
BOOL Success;
PM128A Ymm;
PM128A Xmm;
DWORD64 FeatureMask;
bool returnf = false;
if(InitXState() == false) if(InitXState() == false)
return returnf; return false;
FeatureMask = pfnGetEnabledXStateFeatures(); DWORD64 FeatureMask = _GetEnabledXStateFeatures();
if((FeatureMask & XSTATE_MASK_AVX) == 0) if((FeatureMask & XSTATE_MASK_AVX) == 0)
return returnf; return false;
ContextSize = 0; DWORD ContextSize = 0;
Success = pfnInitializeContext(NULL, BOOL Success = _InitializeContext(NULL,
CONTEXT_ALL | CONTEXT_XSTATE, CONTEXT_ALL | CONTEXT_XSTATE,
NULL, NULL,
&ContextSize); &ContextSize);
if((Success == TRUE) || (GetLastError() != ERROR_INSUFFICIENT_BUFFER)) if((Success == TRUE) || (GetLastError() != ERROR_INSUFFICIENT_BUFFER))
return returnf; return false;
Buffer = calloc(1, ContextSize); DynBuf dataBuffer(ContextSize);
PVOID Buffer = dataBuffer.GetPtr();
if(Buffer == NULL) if(Buffer == NULL)
return returnf; return false;
Success = pfnInitializeContext(Buffer, PCONTEXT Context;
Success = _InitializeContext(Buffer,
CONTEXT_ALL | CONTEXT_XSTATE, CONTEXT_ALL | CONTEXT_XSTATE,
&Context, &Context,
&ContextSize); &ContextSize);
if(Success == FALSE) if(Success == FALSE)
goto Cleanup; return false;
Success = pfnSetXStateFeaturesMask(Context, XSTATE_MASK_AVX); if(_SetXStateFeaturesMask(Context, XSTATE_MASK_AVX) == FALSE)
if(Success == FALSE) return false;
goto Cleanup;
Success = pfnGetXStateFeaturesMask(Context, &FeatureMask); if(_GetXStateFeaturesMask(Context, &FeatureMask) == FALSE)
if(Success == FALSE) return false;
goto Cleanup;
Xmm = (PM128A)pfnLocateXStateFeature(Context, XSTATE_LEGACY_SSE, &FeatureLength); DWORD FeatureLength;
PM128A Xmm = (PM128A)_LocateXStateFeature(Context, XSTATE_LEGACY_SSE, &FeatureLength);
if(Xmm != NULL) //If the feature is unsupported by the processor it will return NULL if(Xmm != NULL) //If the feature is unsupported by the processor it will return NULL
{ {
for(Index = 0; Index < FeatureLength / sizeof(* Ymm); Index += 1) for(DWORD Index = 0; Index < FeatureLength / sizeof(* Xmm); Index += 1)
{ {
memcpy memcpy
( (
@ -1256,10 +975,11 @@ __declspec(dllexport) bool TITCALL SetAVXContext(HANDLE hActiveThread, TITAN_ENG
); );
} }
} }
Ymm = (PM128A)pfnLocateXStateFeature(Context, XSTATE_AVX, NULL);
PM128A Ymm = (PM128A)_LocateXStateFeature(Context, XSTATE_AVX, NULL);
if(Ymm != NULL) //If the feature is unsupported by the processor it will return NULL if(Ymm != NULL) //If the feature is unsupported by the processor it will return NULL
{ {
for(Index = 0; Index < FeatureLength / sizeof(* Ymm); Index += 1) for(DWORD Index = 0; Index < FeatureLength / sizeof(* Ymm); Index += 1)
{ {
memcpy memcpy
( (
@ -1270,77 +990,54 @@ __declspec(dllexport) bool TITCALL SetAVXContext(HANDLE hActiveThread, TITAN_ENG
} }
} }
Success = SetThreadContext(hActiveThread, Context); return (SetThreadContext(hActiveThread, Context) == TRUE);
if(Success == FALSE)
goto Cleanup;
returnf = true;
Cleanup:
free(Buffer);
return returnf;
} }
__declspec(dllexport) bool TITCALL GetAVXContext(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext) __declspec(dllexport) bool TITCALL GetAVXContext(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext)
{ {
PVOID Buffer;
PCONTEXT Context;
DWORD ContextSize;
DWORD FeatureLength;
ULONG Index;
BOOL Success;
PM128A Ymm;
PM128A Xmm;
DWORD64 FeatureMask;
bool returnf = false;
if(InitXState() == false) if(InitXState() == false)
return returnf; return false;
FeatureMask = pfnGetEnabledXStateFeatures(); DWORD64 FeatureMask = _GetEnabledXStateFeatures();
if((FeatureMask & XSTATE_MASK_AVX) == 0) if((FeatureMask & XSTATE_MASK_AVX) == 0)
return returnf; return false;
ContextSize = 0; DWORD ContextSize = 0;
Success = pfnInitializeContext(NULL, BOOL Success = _InitializeContext(NULL,
CONTEXT_ALL | CONTEXT_XSTATE, CONTEXT_ALL | CONTEXT_XSTATE,
NULL, NULL,
&ContextSize); &ContextSize);
if((Success == TRUE) || (GetLastError() != ERROR_INSUFFICIENT_BUFFER)) if((Success == TRUE) || (GetLastError() != ERROR_INSUFFICIENT_BUFFER))
return returnf; return false;
Buffer = calloc(1, ContextSize); DynBuf dataBuffer(ContextSize);
PVOID Buffer = dataBuffer.GetPtr();
if(Buffer == NULL) if(Buffer == NULL)
return returnf; return false;
Success = pfnInitializeContext(Buffer, PCONTEXT Context;
Success = _InitializeContext(Buffer,
CONTEXT_ALL | CONTEXT_XSTATE, CONTEXT_ALL | CONTEXT_XSTATE,
&Context, &Context,
&ContextSize); &ContextSize);
if(Success == FALSE) if(Success == FALSE)
goto Cleanup; return false;
Success = pfnSetXStateFeaturesMask(Context, XSTATE_MASK_AVX); if(_SetXStateFeaturesMask(Context, XSTATE_MASK_AVX) == FALSE)
if(Success == FALSE) return false;
goto Cleanup;
Success = GetThreadContext(hActiveThread, Context); if(GetThreadContext(hActiveThread, Context) == FALSE)
if(Success == FALSE) return false;
goto Cleanup;
Success = pfnGetXStateFeaturesMask(Context, &FeatureMask); if(_GetXStateFeaturesMask(Context, &FeatureMask) == FALSE)
if(Success == FALSE) return false;
goto Cleanup;
Xmm = (PM128A)pfnLocateXStateFeature(Context, XSTATE_LEGACY_SSE, &FeatureLength); DWORD FeatureLength;
PM128A Xmm = (PM128A)_LocateXStateFeature(Context, XSTATE_LEGACY_SSE, &FeatureLength);
if(Xmm != NULL) //If the feature is unsupported by the processor it will return NULL if(Xmm != NULL) //If the feature is unsupported by the processor it will return NULL
{ {
for(Index = 0; Index < FeatureLength / sizeof(* Ymm); Index += 1) for(DWORD Index = 0; Index < FeatureLength / sizeof(*Xmm); Index++)
{ {
memcpy memcpy
( (
@ -1351,10 +1048,10 @@ __declspec(dllexport) bool TITCALL GetAVXContext(HANDLE hActiveThread, TITAN_ENG
} }
} }
Ymm = (PM128A)pfnLocateXStateFeature(Context, XSTATE_AVX, &FeatureLength); PM128A Ymm = (PM128A)_LocateXStateFeature(Context, XSTATE_AVX, &FeatureLength);
if(Ymm != NULL) //If the feature is unsupported by the processor it will return NULL if(Ymm != NULL) //If the feature is unsupported by the processor it will return NULL
{ {
for(Index = 0; Index < FeatureLength / sizeof(* Ymm); Index += 1) for(DWORD Index = 0; Index < FeatureLength / sizeof(*Ymm); Index++)
{ {
memcpy memcpy
( (
@ -1365,11 +1062,5 @@ __declspec(dllexport) bool TITCALL GetAVXContext(HANDLE hActiveThread, TITAN_ENG
} }
} }
returnf = true; return true;
Cleanup:
free(Buffer);
return returnf;
} }

2
TitanEngine/TitanEngine.vcxproj
View File

@ -226,6 +226,7 @@
<ItemGroup> <ItemGroup>
<ClCompile Include="Global.Breakpoints.cpp" /> <ClCompile Include="Global.Breakpoints.cpp" />
<ClCompile Include="Global.Debugger.cpp" /> <ClCompile Include="Global.Debugger.cpp" />
<ClCompile Include="Global.Engine.Context.cpp" />
<ClCompile Include="Global.Engine.cpp" /> <ClCompile Include="Global.Engine.cpp" />
<ClCompile Include="Global.Engine.Extension.cpp" /> <ClCompile Include="Global.Engine.Extension.cpp" />
<ClCompile Include="Global.Engine.Hash.cpp" /> <ClCompile Include="Global.Engine.Hash.cpp" />
@ -296,6 +297,7 @@
<ClInclude Include="distorm.h" /> <ClInclude Include="distorm.h" />
<ClInclude Include="Global.Breakpoints.h" /> <ClInclude Include="Global.Breakpoints.h" />
<ClInclude Include="Global.Debugger.h" /> <ClInclude Include="Global.Debugger.h" />
<ClInclude Include="Global.Engine.Context.h" />
<ClInclude Include="Global.Engine.Extension.h" /> <ClInclude Include="Global.Engine.Extension.h" />
<ClInclude Include="Global.Engine.h" /> <ClInclude Include="Global.Engine.h" />
<ClInclude Include="Global.Engine.Hider.h" /> <ClInclude Include="Global.Engine.Hider.h" />

6
TitanEngine/TitanEngine.vcxproj.filters
View File

@ -231,6 +231,9 @@
<ClCompile Include="Global.Helper.cpp"> <ClCompile Include="Global.Helper.cpp">
<Filter>Source Files\TitanEngine</Filter> <Filter>Source Files\TitanEngine</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="Global.Engine.Context.cpp">
<Filter>Source Files\TitanEngine</Filter>
</ClCompile>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="resource.h"> <ClInclude Include="resource.h">
@ -335,6 +338,9 @@
<ClInclude Include="..\SDK\CPP\TitanEngine.hpp"> <ClInclude Include="..\SDK\CPP\TitanEngine.hpp">
<Filter>Header Files\SDK\CPP</Filter> <Filter>Header Files\SDK\CPP</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="Global.Engine.Context.h">
<Filter>Header Files\TitanEngine</Filter>
</ClInclude>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ResourceCompile Include="TitanEngine.rc"> <ResourceCompile Include="TitanEngine.rc">

1
TitanEngine/definitions.h
View File

@ -180,6 +180,7 @@ __declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T
__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory); __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory);
__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);
__declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext); __declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) bool TITCALL SetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) void TITCALL Getx87FPURegisters(x87FPURegister_t x87FPURegisters[8], TITAN_ENGINE_CONTEXT_t* titcontext); __declspec(dllexport) void TITCALL Getx87FPURegisters(x87FPURegister_t x87FPURegisters[8], TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) void TITCALL GetMMXRegisters(uint64_t mmx[8], TITAN_ENGINE_CONTEXT_t* titcontext); __declspec(dllexport) void TITCALL GetMMXRegisters(uint64_t mmx[8], TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister); __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister);