From a7816841068771788d2a8bdbb947ab0985f12d56 Mon Sep 17 00:00:00 2001 From: "mr.exodia" Date: Mon, 3 Mar 2014 21:31:28 +0100 Subject: [PATCH] - moved DebugLoop - moved more breakpoint stuff - moved more - moved more - getting crazy --- TitanEngine/Global.Breakpoints.cpp | 109 +- TitanEngine/Global.Breakpoints.h | 3 + TitanEngine/Global.Debugger.cpp | 31 +- TitanEngine/Global.Debugger.h | 31 +- TitanEngine/Global.Engine.cpp | 3 + TitanEngine/Global.Engine.h | 3 + TitanEngine/Global.Librarian.cpp | 8 + TitanEngine/Global.Librarian.h | 8 + TitanEngine/Global.TLS.cpp | 6 + TitanEngine/Global.TLS.h | 7 + TitanEngine/TitanEngine.Breakpoints.cpp | 371 ++ TitanEngine/TitanEngine.Debugger.Context.cpp | 661 +++ TitanEngine/TitanEngine.Debugger.Data.cpp | 159 + .../TitanEngine.Debugger.DebugLoop.cpp | 1776 +++++++ TitanEngine/TitanEngine.Debugger.Helper.cpp | 822 ++++ TitanEngine/TitanEngine.Debugger.Memory.cpp | 359 ++ TitanEngine/TitanEngine.Debugger.cpp | 24 +- TitanEngine/TitanEngine.cpp | 4280 +---------------- TitanEngine/TitanEngine.vcxproj | 11 + TitanEngine/TitanEngine.vcxproj.filters | 27 + 20 files changed, 4403 insertions(+), 4296 deletions(-) create mode 100644 TitanEngine/Global.Librarian.cpp create mode 100644 TitanEngine/Global.Librarian.h create mode 100644 TitanEngine/Global.TLS.cpp create mode 100644 TitanEngine/Global.TLS.h create mode 100644 TitanEngine/TitanEngine.Debugger.Context.cpp create mode 100644 TitanEngine/TitanEngine.Debugger.Data.cpp create mode 100644 TitanEngine/TitanEngine.Debugger.DebugLoop.cpp create mode 100644 TitanEngine/TitanEngine.Debugger.Helper.cpp create mode 100644 TitanEngine/TitanEngine.Debugger.Memory.cpp diff --git a/TitanEngine/Global.Breakpoints.cpp b/TitanEngine/Global.Breakpoints.cpp index 9e75e32..a56bb1f 100644 --- a/TitanEngine/Global.Breakpoints.cpp +++ b/TitanEngine/Global.Breakpoints.cpp @@ -3,4 +3,111 @@ #include "Global.Breakpoints.h" int BreakPointSetCount = 0; -extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS] = {}; \ No newline at end of file +extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS] = {}; + +ULONG_PTR dr7uint(DR7* dr7) +{ + ULONG_PTR ret=0; + if(BITGET(dr7->HWBP_MODE[0],0)) + BITSET(ret,0); + if(BITGET(dr7->HWBP_MODE[0],1)) + BITSET(ret,1); + if(BITGET(dr7->HWBP_MODE[1],0)) + BITSET(ret,2); + if(BITGET(dr7->HWBP_MODE[1],1)) + BITSET(ret,3); + if(BITGET(dr7->HWBP_MODE[2],0)) + BITSET(ret,4); + if(BITGET(dr7->HWBP_MODE[2],1)) + BITSET(ret,5); + if(BITGET(dr7->HWBP_MODE[3],0)) + BITSET(ret,6); + if(BITGET(dr7->HWBP_MODE[3],1)) + BITSET(ret,7); + if(BITGET(dr7->HWBP_TYPE[0],0)) + BITSET(ret,16); + if(BITGET(dr7->HWBP_TYPE[0],1)) + BITSET(ret,17); + if(BITGET(dr7->HWBP_SIZE[0],0)) + BITSET(ret,18); + if(BITGET(dr7->HWBP_SIZE[0],1)) + BITSET(ret,19); + if(BITGET(dr7->HWBP_TYPE[1],0)) + BITSET(ret,20); + if(BITGET(dr7->HWBP_TYPE[1],1)) + BITSET(ret,21); + if(BITGET(dr7->HWBP_SIZE[1],0)) + BITSET(ret,22); + if(BITGET(dr7->HWBP_SIZE[1],1)) + BITSET(ret,23); + if(BITGET(dr7->HWBP_TYPE[2],0)) + BITSET(ret,24); + if(BITGET(dr7->HWBP_TYPE[2],1)) + BITSET(ret,25); + if(BITGET(dr7->HWBP_SIZE[2],0)) + BITSET(ret,26); + if(BITGET(dr7->HWBP_SIZE[2],1)) + BITSET(ret,27); + if(BITGET(dr7->HWBP_TYPE[3],0)) + BITSET(ret,28); + if(BITGET(dr7->HWBP_TYPE[3],1)) + BITSET(ret,29); + if(BITGET(dr7->HWBP_SIZE[3],0)) + BITSET(ret,30); + if(BITGET(dr7->HWBP_SIZE[3],1)) + BITSET(ret,31); + return ret; +} + +void uintdr7(ULONG_PTR dr7, DR7* ret) +{ + memset(ret, 0, sizeof(DR7)); + if(BITGET(dr7,0)) + BITSET(ret->HWBP_MODE[0],0); + if(BITGET(dr7,1)) + BITSET(ret->HWBP_MODE[0],1); + if(BITGET(dr7,2)) + BITSET(ret->HWBP_MODE[1],0); + if(BITGET(dr7,3)) + BITSET(ret->HWBP_MODE[1],1); + if(BITGET(dr7,4)) + BITSET(ret->HWBP_MODE[2],0); + if(BITGET(dr7,5)) + BITSET(ret->HWBP_MODE[2],1); + if(BITGET(dr7,6)) + BITSET(ret->HWBP_MODE[3],0); + if(BITGET(dr7,7)) + BITSET(ret->HWBP_MODE[3],1); + if(BITGET(dr7,16)) + BITSET(ret->HWBP_TYPE[0],0); + if(BITGET(dr7,17)) + BITSET(ret->HWBP_TYPE[0],1); + if(BITGET(dr7,18)) + BITSET(ret->HWBP_SIZE[0],0); + if(BITGET(dr7,19)) + BITSET(ret->HWBP_SIZE[0],1); + if(BITGET(dr7,20)) + BITSET(ret->HWBP_TYPE[1],0); + if(BITGET(dr7,21)) + BITSET(ret->HWBP_TYPE[1],1); + if(BITGET(dr7,22)) + BITSET(ret->HWBP_SIZE[1],0); + if(BITGET(dr7,23)) + BITSET(ret->HWBP_SIZE[1],1); + if(BITGET(dr7,24)) + BITSET(ret->HWBP_TYPE[2],0); + if(BITGET(dr7,25)) + BITSET(ret->HWBP_TYPE[2],1); + if(BITGET(dr7,26)) + BITSET(ret->HWBP_SIZE[2],0); + if(BITGET(dr7,27)) + BITSET(ret->HWBP_SIZE[2],1); + if(BITGET(dr7,28)) + BITSET(ret->HWBP_TYPE[3],0); + if(BITGET(dr7,29)) + BITSET(ret->HWBP_TYPE[3],1); + if(BITGET(dr7,30)) + BITSET(ret->HWBP_SIZE[3],0); + if(BITGET(dr7,31)) + BITSET(ret->HWBP_SIZE[3],1); +} \ No newline at end of file diff --git a/TitanEngine/Global.Breakpoints.h b/TitanEngine/Global.Breakpoints.h index 561b796..576c695 100644 --- a/TitanEngine/Global.Breakpoints.h +++ b/TitanEngine/Global.Breakpoints.h @@ -4,4 +4,7 @@ extern int BreakPointSetCount; extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS]; +void uintdr7(ULONG_PTR dr7, DR7* ret); +ULONG_PTR dr7uint(DR7* dr7); + #endif //_GLOBAL_BREAKPOINTS_H \ No newline at end of file diff --git a/TitanEngine/Global.Debugger.cpp b/TitanEngine/Global.Debugger.cpp index 2ee01e7..004bb76 100644 --- a/TitanEngine/Global.Debugger.cpp +++ b/TitanEngine/Global.Debugger.cpp @@ -13,15 +13,28 @@ LPVOID DebugModuleEntryPointCallBack; LPVOID DebugExeFileEntryPointCallBack; ULONG_PTR DebugModuleEntryPoint; ULONG_PTR DebugModuleImageBase; - -ULONG_PTR engineAttachedProcessCallBack = NULL; -ULONG_PTR engineReserveModuleBase = NULL; -unsigned long long engineDebuggingMainModuleBase = NULL; -ULONG_PTR engineDebuggingDLLBase = NULL; -bool engineAttachedToProcess = false; -bool engineDebuggingDLL = false; -wchar_t* engineDebuggingDLLFullFileName; -wchar_t* engineDebuggingDLLFileName; +ULONG_PTR DebugAttachedProcessCallBack = NULL; +ULONG_PTR DebugReserveModuleBase = NULL; +ULONG_PTR DebugDebuggingMainModuleBase = NULL; +ULONG_PTR DebugDebuggingDLLBase = NULL; +bool DebugAttachedToProcess = false; +bool DebugDebuggingDLL = false; +wchar_t* DebugDebuggingDLLFullFileName; +wchar_t* DebugDebuggingDLLFileName; +DEBUG_EVENT DBGEvent = {}; +DEBUG_EVENT TerminateDBGEvent = {}; +DWORD ProcessExitCode = 0; +HANDLE DBGFileHandle; +ULONG_PTR tlsCallBackList[100]; +LPVOID hListProcess = 0; +int engineStepCount = INFINITE; +LPVOID engineStepCallBack = NULL; +bool engineStepActive = false; +bool engineProcessIsNowDetached = false; +DWORD DBGCode = DBG_CONTINUE; +bool engineFileIsBeingDebugged = false; +ULONG_PTR engineFakeDLLHandle = NULL; +LPVOID engineAttachedProcessDebugInfo = NULL; // Global.Debugger.functions: long DebugLoopInSecondThread(LPVOID InputParameter) diff --git a/TitanEngine/Global.Debugger.h b/TitanEngine/Global.Debugger.h index 47831f3..b6c7300 100644 --- a/TitanEngine/Global.Debugger.h +++ b/TitanEngine/Global.Debugger.h @@ -11,15 +11,28 @@ extern LPVOID DebugModuleEntryPointCallBack; extern LPVOID DebugExeFileEntryPointCallBack; extern ULONG_PTR DebugModuleEntryPoint; extern ULONG_PTR DebugModuleImageBase; - -extern ULONG_PTR engineAttachedProcessCallBack; -extern bool engineAttachedToProcess; -extern ULONG_PTR engineReserveModuleBase; -extern unsigned long long engineDebuggingMainModuleBase; -extern ULONG_PTR engineDebuggingDLLBase; -extern bool engineDebuggingDLL; -extern wchar_t* engineDebuggingDLLFullFileName; -extern wchar_t* engineDebuggingDLLFileName; +extern ULONG_PTR DebugAttachedProcessCallBack; +extern bool DebugAttachedToProcess; +extern ULONG_PTR DebugReserveModuleBase; +extern ULONG_PTR DebugDebuggingMainModuleBase; +extern ULONG_PTR DebugDebuggingDLLBase; +extern bool DebugDebuggingDLL; +extern wchar_t* DebugDebuggingDLLFullFileName; +extern wchar_t* DebugDebuggingDLLFileName; +extern DEBUG_EVENT DBGEvent; +extern DEBUG_EVENT TerminateDBGEvent; +extern DWORD ProcessExitCode; +extern HANDLE DBGFileHandle; +extern ULONG_PTR tlsCallBackList[100]; +extern LPVOID hListProcess; +extern int engineStepCount; +extern LPVOID engineStepCallBack; +extern bool engineStepActive; +extern bool engineProcessIsNowDetached; +extern DWORD DBGCode; +extern bool engineFileIsBeingDebugged; +extern ULONG_PTR engineFakeDLLHandle; +extern LPVOID engineAttachedProcessDebugInfo; long DebugLoopInSecondThread(LPVOID InputParameter); void DebuggerReset(); diff --git a/TitanEngine/Global.Engine.cpp b/TitanEngine/Global.Engine.cpp index c7c0c5b..b807478 100644 --- a/TitanEngine/Global.Engine.cpp +++ b/TitanEngine/Global.Engine.cpp @@ -15,6 +15,9 @@ bool engineBackupForCriticalFunctions = true; bool engineResumeProcessIfNoThreadIsActive = false; bool engineResetCustomHandler = true; bool engineRemoveConsoleForDebugee = false; +bool enginePassAllExceptions = true; +bool engineExecutePluginCallBack = true; +bool engineAutoHideFromDebugger = false; // hardcoded char engineExtractedFolderName[512]; char engineFoundDLLName[512]; diff --git a/TitanEngine/Global.Engine.h b/TitanEngine/Global.Engine.h index d1fd93c..0a26ef7 100644 --- a/TitanEngine/Global.Engine.h +++ b/TitanEngine/Global.Engine.h @@ -12,6 +12,9 @@ extern bool engineBackupForCriticalFunctions; extern bool engineResumeProcessIfNoThreadIsActive; extern bool engineResetCustomHandler; extern bool engineRemoveConsoleForDebugee; +extern bool enginePassAllExceptions; +extern bool engineExecutePluginCallBack; +extern bool engineAutoHideFromDebugger; extern wchar_t engineSzEngineGarbageFolder[MAX_PATH]; diff --git a/TitanEngine/Global.Librarian.cpp b/TitanEngine/Global.Librarian.cpp new file mode 100644 index 0000000..44a268e --- /dev/null +++ b/TitanEngine/Global.Librarian.cpp @@ -0,0 +1,8 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.Librarian.h" + +// Global.Engine.Librarian: +LIBRARY_ITEM_DATA LibraryInfoData = {}; +LPVOID LibrarianData = VirtualAlloc(NULL, MAX_LIBRARY_BPX * sizeof LIBRARY_BREAK_DATA, MEM_COMMIT, PAGE_READWRITE); +LPVOID hListLibrary = 0; \ No newline at end of file diff --git a/TitanEngine/Global.Librarian.h b/TitanEngine/Global.Librarian.h new file mode 100644 index 0000000..c070991 --- /dev/null +++ b/TitanEngine/Global.Librarian.h @@ -0,0 +1,8 @@ +#ifndef _GLOBAL_LIBRARIAN_H +#define _GLOBAL_LIBRARIAN_H + +extern LIBRARY_ITEM_DATA LibraryInfoData; +extern LPVOID LibrarianData; +extern LPVOID hListLibrary; + +#endif //_GLOBAL_LIBRARIAN_H \ No newline at end of file diff --git a/TitanEngine/Global.TLS.cpp b/TitanEngine/Global.TLS.cpp new file mode 100644 index 0000000..d099d01 --- /dev/null +++ b/TitanEngine/Global.TLS.cpp @@ -0,0 +1,6 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.TLS.h" + +ULONG_PTR engineTLSBreakOnCallBackAddress; +bool engineTLSBreakOnCallBack = false; \ No newline at end of file diff --git a/TitanEngine/Global.TLS.h b/TitanEngine/Global.TLS.h new file mode 100644 index 0000000..11705de --- /dev/null +++ b/TitanEngine/Global.TLS.h @@ -0,0 +1,7 @@ +#ifndef _GLOBAL_TLS_H +#define _GLOBAL_TLS_H + +extern ULONG_PTR engineTLSBreakOnCallBackAddress; +extern bool engineTLSBreakOnCallBack; + +#endif //_GLOBAL_TLS_H \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Breakpoints.cpp b/TitanEngine/TitanEngine.Breakpoints.cpp index 56f1052..e1d4109 100644 --- a/TitanEngine/TitanEngine.Breakpoints.cpp +++ b/TitanEngine/TitanEngine.Breakpoints.cpp @@ -1002,4 +1002,375 @@ __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T { return(false); } +} + +__declspec(dllexport) bool TITCALL GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex) +{ + return(EngineIsThereFreeHardwareBreakSlot(RegisterIndex)); +} + +__declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack) +{ + HWBP_SIZE hwbpSize; + HWBP_MODE hwbpMode; + HWBP_TYPE hwbpType; + int hwbpIndex=-1; + DR7 dr7; + + switch(bpxSize) + { + case UE_HARDWARE_SIZE_1: + hwbpSize=SIZE_1; + break; + case UE_HARDWARE_SIZE_2: + hwbpSize=SIZE_2; + if((bpxAddress%2)!=0) + return false; + break; + case UE_HARDWARE_SIZE_4: + hwbpSize=SIZE_4; + if((bpxAddress%4)!=0) + return false; + break; + case UE_HARDWARE_SIZE_8: + hwbpSize=SIZE_8; + if((bpxAddress%8)!=0) + return false; + break; + default: + return false; + } + + if(!IndexOfRegister) + { + if(!DebugRegister[0].DrxEnabled) + IndexOfRegister = UE_DR0; + else if(!DebugRegister[1].DrxEnabled) + IndexOfRegister = UE_DR1; + else if(!DebugRegister[2].DrxEnabled) + IndexOfRegister = UE_DR2; + else if(!DebugRegister[3].DrxEnabled) + IndexOfRegister = UE_DR3; + else + return false; + } + + switch(IndexOfRegister) + { + case UE_DR0: + hwbpIndex=0; + break; + case UE_DR1: + hwbpIndex=1; + break; + case UE_DR2: + hwbpIndex=2; + break; + case UE_DR3: + hwbpIndex=3; + break; + default: + return false; + } + + uintdr7((ULONG_PTR)GetContextData(UE_DR7), &dr7); + + DebugRegister[hwbpIndex].DrxExecution=false; + + switch(bpxType) + { + case UE_HARDWARE_EXECUTE: + hwbpSize=SIZE_1; + hwbpType=TYPE_EXECUTE; + DebugRegister[hwbpIndex].DrxExecution=true; + break; + case UE_HARDWARE_WRITE: + hwbpType=TYPE_WRITE; + break; + case UE_HARDWARE_READWRITE: + hwbpType=TYPE_READWRITE; + break; + default: + return false; + } + + hwbpMode=MODE_LOCAL; + + dr7.HWBP_MODE[hwbpIndex]=hwbpMode; + dr7.HWBP_SIZE[hwbpIndex]=hwbpSize; + dr7.HWBP_TYPE[hwbpIndex]=hwbpType; + + SetContextData(UE_DR7, dr7uint(&dr7)); //NOTE: MUST SET THIS FIRST FOR X64! + SetContextData(IndexOfRegister, (ULONG_PTR)bpxAddress); + + DebugRegister[hwbpIndex].DrxBreakPointType=bpxType; + DebugRegister[hwbpIndex].DrxBreakPointSize=bpxSize; + DebugRegister[hwbpIndex].DrxEnabled=true; + DebugRegister[hwbpIndex].DrxBreakAddress=(ULONG_PTR)bpxAddress; + DebugRegister[hwbpIndex].DrxCallBack=(ULONG_PTR)bpxCallBack; + + return true; +} + +__declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegister) +{ + + ULONG_PTR HardwareBPX = NULL; + ULONG_PTR bpxAddress = NULL; + + if(IndexOfRegister == UE_DR0) + { + HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); + HardwareBPX = HardwareBPX &~ (1 << 0); + HardwareBPX = HardwareBPX &~ (1 << 1); + SetContextData(UE_DR0, (ULONG_PTR)bpxAddress); + SetContextData(UE_DR7, HardwareBPX); + DebugRegister[0].DrxEnabled = false; + DebugRegister[0].DrxBreakAddress = NULL; + DebugRegister[0].DrxCallBack = NULL; + return(true); + } + else if(IndexOfRegister == UE_DR1) + { + HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); + HardwareBPX = HardwareBPX &~ (1 << 2); + HardwareBPX = HardwareBPX &~ (1 << 3); + SetContextData(UE_DR1, (ULONG_PTR)bpxAddress); + SetContextData(UE_DR7, HardwareBPX); + DebugRegister[1].DrxEnabled = false; + DebugRegister[1].DrxBreakAddress = NULL; + DebugRegister[1].DrxCallBack = NULL; + return(true); + } + else if(IndexOfRegister == UE_DR2) + { + HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); + HardwareBPX = HardwareBPX &~ (1 << 4); + HardwareBPX = HardwareBPX &~ (1 << 5); + SetContextData(UE_DR2, (ULONG_PTR)bpxAddress); + SetContextData(UE_DR7, HardwareBPX); + DebugRegister[2].DrxEnabled = false; + DebugRegister[2].DrxBreakAddress = NULL; + DebugRegister[2].DrxCallBack = NULL; + return(true); + } + else if(IndexOfRegister == UE_DR3) + { + HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); + HardwareBPX = HardwareBPX &~ (1 << 6); + HardwareBPX = HardwareBPX &~ (1 << 7); + SetContextData(UE_DR3, (ULONG_PTR)bpxAddress); + SetContextData(UE_DR7, HardwareBPX); + DebugRegister[3].DrxEnabled = false; + DebugRegister[3].DrxBreakAddress = NULL; + DebugRegister[3].DrxCallBack = NULL; + return(true); + } + else + { + return(false); + } + return(false); +} + +__declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister) +{ + HWBP_SIZE hwbpSize; + HWBP_MODE hwbpMode; + HWBP_TYPE hwbpType; + int hwbpIndex=-1; + DR7 dr7; + + switch(bpxSize) + { + case UE_HARDWARE_SIZE_1: + hwbpSize=SIZE_1; + break; + case UE_HARDWARE_SIZE_2: + hwbpSize=SIZE_2; + if((bpxAddress%2)!=0) + return false; + break; + case UE_HARDWARE_SIZE_4: + hwbpSize=SIZE_4; + if((bpxAddress%4)!=0) + return false; + break; + case UE_HARDWARE_SIZE_8: + hwbpSize=SIZE_8; + if((bpxAddress%8)!=0) + return false; + break; + default: + return false; + } + + if(!IndexOfRegister) + { + if(!DebugRegister[0].DrxEnabled) + IndexOfRegister = UE_DR0; + else if(!DebugRegister[1].DrxEnabled) + IndexOfRegister = UE_DR1; + else if(!DebugRegister[2].DrxEnabled) + IndexOfRegister = UE_DR2; + else if(!DebugRegister[3].DrxEnabled) + IndexOfRegister = UE_DR3; + else + return false; + } + + if(IndexOfSelectedRegister) + *IndexOfSelectedRegister=IndexOfRegister; + + switch(IndexOfRegister) + { + case UE_DR0: + hwbpIndex=0; + break; + case UE_DR1: + hwbpIndex=1; + break; + case UE_DR2: + hwbpIndex=2; + break; + case UE_DR3: + hwbpIndex=3; + break; + default: + return false; + } + + uintdr7((ULONG_PTR)GetContextDataEx(hActiveThread, UE_DR7), &dr7); + + DebugRegister[hwbpIndex].DrxExecution=false; + + switch(bpxType) + { + case UE_HARDWARE_EXECUTE: + hwbpSize=SIZE_1; + hwbpType=TYPE_EXECUTE; + DebugRegister[hwbpIndex].DrxExecution=true; + break; + case UE_HARDWARE_WRITE: + hwbpType=TYPE_WRITE; + break; + case UE_HARDWARE_READWRITE: + hwbpType=TYPE_READWRITE; + break; + default: + return false; + } + + hwbpMode=MODE_LOCAL; + + dr7.HWBP_MODE[hwbpIndex]=hwbpMode; + dr7.HWBP_SIZE[hwbpIndex]=hwbpSize; + dr7.HWBP_TYPE[hwbpIndex]=hwbpType; + + SetContextDataEx(hActiveThread, UE_DR7, dr7uint(&dr7)); + SetContextDataEx(hActiveThread, IndexOfRegister, (ULONG_PTR)bpxAddress); + + DebugRegister[hwbpIndex].DrxBreakPointType=bpxType; + DebugRegister[hwbpIndex].DrxBreakPointSize=bpxSize; + DebugRegister[hwbpIndex].DrxEnabled=true; + DebugRegister[hwbpIndex].DrxBreakAddress=(ULONG_PTR)bpxAddress; + DebugRegister[hwbpIndex].DrxCallBack=(ULONG_PTR)bpxCallBack; + + return true; +} + +__declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption) +{ + + int i = 0; + int CurrentBreakPointSetCount = -1; + + if(RemoveOption == UE_OPTION_REMOVEALL) + { + for(i = BreakPointSetCount - 1; i >= 0; i--) + { + if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT) + { + DeleteBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress); + } + else if(BreakPointBuffer[i].BreakPointType >= UE_MEMORY && BreakPointBuffer[i].BreakPointType <= UE_MEMORY_EXECUTE) + { + RemoveMemoryBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress, BreakPointBuffer[i].BreakPointSize); + } + else if(CurrentBreakPointSetCount == -1 && BreakPointBuffer[i].BreakPointActive != UE_BPXREMOVED) + { + CurrentBreakPointSetCount = BreakPointSetCount; + } + RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); + } + DeleteHardwareBreakPoint(UE_DR0); + DeleteHardwareBreakPoint(UE_DR1); + DeleteHardwareBreakPoint(UE_DR2); + DeleteHardwareBreakPoint(UE_DR3); + BreakPointSetCount = 0; + return(true); + } + else if(RemoveOption == UE_OPTION_DISABLEALL) + { + for(i = BreakPointSetCount - 1; i >= 0; i--) + { + if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT && BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) + { + DisableBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress); + } + else if(BreakPointBuffer[i].BreakPointType >= UE_MEMORY && BreakPointBuffer[i].BreakPointType <= UE_MEMORY_EXECUTE) + { + RemoveMemoryBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress, BreakPointBuffer[i].BreakPointSize); + RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); + } + } + return(true); + } + else if(RemoveOption == UE_OPTION_REMOVEALLDISABLED) + { + for(i = BreakPointSetCount - 1; i >= 0; i--) + { + if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT && BreakPointBuffer[i].BreakPointActive == UE_BPXINACTIVE) + { + DeleteBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress); + } + else if(CurrentBreakPointSetCount == -1 && BreakPointBuffer[i].BreakPointActive != UE_BPXREMOVED) + { + CurrentBreakPointSetCount = BreakPointSetCount; + } + } + if(CurrentBreakPointSetCount == -1) + { + BreakPointSetCount = 0; + } + else + { + BreakPointSetCount = CurrentBreakPointSetCount; + } + return(true); + } + else if(RemoveOption == UE_OPTION_REMOVEALLENABLED) + { + for(i = BreakPointSetCount - 1; i >= 0; i--) + { + if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT && BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) + { + DeleteBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress); + } + else if(CurrentBreakPointSetCount == -1 && BreakPointBuffer[i].BreakPointActive != UE_BPXREMOVED) + { + CurrentBreakPointSetCount = BreakPointSetCount; + } + } + if(CurrentBreakPointSetCount == -1) + { + BreakPointSetCount = 0; + } + else + { + BreakPointSetCount = CurrentBreakPointSetCount; + } + return(true); + } + return(false); } \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Debugger.Context.cpp b/TitanEngine/TitanEngine.Debugger.Context.cpp new file mode 100644 index 0000000..bf5e7d3 --- /dev/null +++ b/TitanEngine/TitanEngine.Debugger.Context.cpp @@ -0,0 +1,661 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.Debugger.h" +#include "Global.Engine.h" +#include "Global.Handle.h" + +static CONTEXT DBGContext = {}; + +__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea) +{ + + if(FPUSaveArea != NULL) + { + RtlZeroMemory(&DBGContext, sizeof CONTEXT); + DBGContext.ContextFlags = CONTEXT_ALL; + if(!GetThreadContext(hActiveThread, &DBGContext)) + return(false); +#if !defined (_WIN64) + RtlMoveMemory(FPUSaveArea, &DBGContext.FloatSave, sizeof FLOATING_SAVE_AREA); +#else + RtlMoveMemory(FPUSaveArea, &DBGContext.FltSave, sizeof XMM_SAVE_AREA32); +#endif + return(true); + } + else + { + return(false); + } +} +__declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister) +{ + RtlZeroMemory(&DBGContext, sizeof CONTEXT); + DBGContext.ContextFlags = CONTEXT_ALL; +#if defined(_WIN64) + GetThreadContext(hActiveThread, &DBGContext); + if(IndexOfRegister == UE_EAX) + { + return((DWORD)DBGContext.Rax); + } + else if(IndexOfRegister == UE_EBX) + { + return((DWORD)DBGContext.Rbx); + } + else if(IndexOfRegister == UE_ECX) + { + return((DWORD)DBGContext.Rcx); + } + else if(IndexOfRegister == UE_EDX) + { + return((DWORD)DBGContext.Rdx); + } + else if(IndexOfRegister == UE_EDI) + { + return((DWORD)DBGContext.Rdi); + } + else if(IndexOfRegister == UE_ESI) + { + return((DWORD)DBGContext.Rsi); + } + else if(IndexOfRegister == UE_EBP) + { + return((DWORD)DBGContext.Rbp); + } + else if(IndexOfRegister == UE_ESP) + { + return((DWORD)DBGContext.Rsp); + } + else if(IndexOfRegister == UE_EIP) + { + return((DWORD)DBGContext.Rip); + } + else if(IndexOfRegister == UE_EFLAGS) + { + return((DWORD)DBGContext.EFlags); + } + else if(IndexOfRegister == UE_RAX) + { + return(DBGContext.Rax); + } + else if(IndexOfRegister == UE_RBX) + { + return(DBGContext.Rbx); + } + else if(IndexOfRegister == UE_RCX) + { + return(DBGContext.Rcx); + } + else if(IndexOfRegister == UE_RDX) + { + return(DBGContext.Rdx); + } + else if(IndexOfRegister == UE_RDI) + { + return(DBGContext.Rdi); + } + else if(IndexOfRegister == UE_RSI) + { + return(DBGContext.Rsi); + } + else if(IndexOfRegister == UE_RBP) + { + return(DBGContext.Rbp); + } + else if(IndexOfRegister == UE_RSP) + { + return(DBGContext.Rsp); + } + else if(IndexOfRegister == UE_RIP) + { + return(DBGContext.Rip); + } + else if(IndexOfRegister == UE_RFLAGS) + { + return(DBGContext.EFlags); + } + else if(IndexOfRegister == UE_DR0) + { + return(DBGContext.Dr0); + } + else if(IndexOfRegister == UE_DR1) + { + return(DBGContext.Dr1); + } + else if(IndexOfRegister == UE_DR2) + { + return(DBGContext.Dr2); + } + else if(IndexOfRegister == UE_DR3) + { + return(DBGContext.Dr3); + } + else if(IndexOfRegister == UE_DR6) + { + return(DBGContext.Dr6); + } + else if(IndexOfRegister == UE_DR7) + { + return(DBGContext.Dr7); + } + else if(IndexOfRegister == UE_R8) + { + return(DBGContext.R8); + } + else if(IndexOfRegister == UE_R9) + { + return(DBGContext.R9); + } + else if(IndexOfRegister == UE_R10) + { + return(DBGContext.R10); + } + else if(IndexOfRegister == UE_R11) + { + return(DBGContext.R11); + } + else if(IndexOfRegister == UE_R12) + { + return(DBGContext.R12); + } + else if(IndexOfRegister == UE_R13) + { + return(DBGContext.R13); + } + else if(IndexOfRegister == UE_R14) + { + return(DBGContext.R14); + } + else if(IndexOfRegister == UE_R15) + { + return(DBGContext.R15); + } + else if(IndexOfRegister == UE_CIP) + { + return(DBGContext.Rip); + } + else if(IndexOfRegister == UE_CSP) + { + return(DBGContext.Rsp); + } + else if(IndexOfRegister == UE_SEG_GS) + { + return(DBGContext.SegGs); + } + else if(IndexOfRegister == UE_SEG_FS) + { + return(DBGContext.SegFs); + } + else if(IndexOfRegister == UE_SEG_ES) + { + return(DBGContext.SegEs); + } + else if(IndexOfRegister == UE_SEG_DS) + { + return(DBGContext.SegDs); + } + else if(IndexOfRegister == UE_SEG_CS) + { + return(DBGContext.SegCs); + } + else if(IndexOfRegister == UE_SEG_SS) + { + return(DBGContext.SegSs); + } +#else + GetThreadContext(hActiveThread, &DBGContext); + if(IndexOfRegister == UE_EAX) + { + return(DBGContext.Eax); + } + else if(IndexOfRegister == UE_EBX) + { + return(DBGContext.Ebx); + } + else if(IndexOfRegister == UE_ECX) + { + return(DBGContext.Ecx); + } + else if(IndexOfRegister == UE_EDX) + { + return(DBGContext.Edx); + } + else if(IndexOfRegister == UE_EDI) + { + return(DBGContext.Edi); + } + else if(IndexOfRegister == UE_ESI) + { + return(DBGContext.Esi); + } + else if(IndexOfRegister == UE_EBP) + { + return(DBGContext.Ebp); + } + else if(IndexOfRegister == UE_ESP) + { + return(DBGContext.Esp); + } + else if(IndexOfRegister == UE_EIP) + { + return(DBGContext.Eip); + } + else if(IndexOfRegister == UE_EFLAGS) + { + return(DBGContext.EFlags); + } + else if(IndexOfRegister == UE_DR0) + { + return(DBGContext.Dr0); + } + else if(IndexOfRegister == UE_DR1) + { + return(DBGContext.Dr1); + } + else if(IndexOfRegister == UE_DR2) + { + return(DBGContext.Dr2); + } + else if(IndexOfRegister == UE_DR3) + { + return(DBGContext.Dr3); + } + else if(IndexOfRegister == UE_DR6) + { + return(DBGContext.Dr6); + } + else if(IndexOfRegister == UE_DR7) + { + return(DBGContext.Dr7); + } + else if(IndexOfRegister == UE_CIP) + { + return(DBGContext.Eip); + } + else if(IndexOfRegister == UE_CSP) + { + return(DBGContext.Esp); + } + else if(IndexOfRegister == UE_SEG_GS) + { + return(DBGContext.SegGs); + } + else if(IndexOfRegister == UE_SEG_FS) + { + return(DBGContext.SegFs); + } + else if(IndexOfRegister == UE_SEG_ES) + { + return(DBGContext.SegEs); + } + else if(IndexOfRegister == UE_SEG_DS) + { + return(DBGContext.SegDs); + } + else if(IndexOfRegister == UE_SEG_CS) + { + return(DBGContext.SegCs); + } + else if(IndexOfRegister == UE_SEG_SS) + { + return(DBGContext.SegSs); + } +#endif + return(NULL); +} +__declspec(dllexport) long long TITCALL GetContextData(DWORD IndexOfRegister) +{ + + HANDLE hActiveThread = 0; + long long ContextReturn; + + hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); + ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister); + EngineCloseHandle(hActiveThread); + return(ContextReturn); +} +__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea) +{ + + if(FPUSaveArea != NULL) + { + RtlZeroMemory(&DBGContext, sizeof CONTEXT); + DBGContext.ContextFlags = CONTEXT_ALL; + if(!GetThreadContext(hActiveThread, &DBGContext)) + return(false); +#if !defined (_WIN64) + RtlMoveMemory(&DBGContext.FloatSave, FPUSaveArea, sizeof FLOATING_SAVE_AREA); +#else + RtlMoveMemory(&DBGContext.FltSave, FPUSaveArea, sizeof XMM_SAVE_AREA32); +#endif + if(SetThreadContext(hActiveThread, &DBGContext)) + { + return(true); + } + } + return(false); +} +__declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue) +{ + SuspendThread(hActiveThread); + RtlZeroMemory(&DBGContext, sizeof CONTEXT); + DBGContext.ContextFlags = CONTEXT_ALL; +#ifdef _WIN64 + if(!GetThreadContext(hActiveThread, &DBGContext)) + { + ResumeThread(hActiveThread); + return(false); + } + if(IndexOfRegister == UE_EAX) + { + NewRegisterValue = DBGContext.Rax - (DWORD)DBGContext.Rax + NewRegisterValue; + DBGContext.Rax = NewRegisterValue; + } + else if(IndexOfRegister == UE_EBX) + { + NewRegisterValue = DBGContext.Rbx - (DWORD)DBGContext.Rbx + NewRegisterValue; + DBGContext.Rbx = NewRegisterValue; + } + else if(IndexOfRegister == UE_ECX) + { + NewRegisterValue = DBGContext.Rcx - (DWORD)DBGContext.Rcx + NewRegisterValue; + DBGContext.Rcx = NewRegisterValue; + } + else if(IndexOfRegister == UE_EDX) + { + NewRegisterValue = DBGContext.Rdx - (DWORD)DBGContext.Rdx + NewRegisterValue; + DBGContext.Rdx = NewRegisterValue; + } + else if(IndexOfRegister == UE_EDI) + { + NewRegisterValue = DBGContext.Rdi - (DWORD)DBGContext.Rdi + NewRegisterValue; + DBGContext.Rdi = NewRegisterValue; + } + else if(IndexOfRegister == UE_ESI) + { + NewRegisterValue = DBGContext.Rsi - (DWORD)DBGContext.Rsi + NewRegisterValue; + DBGContext.Rsi = NewRegisterValue; + } + else if(IndexOfRegister == UE_EBP) + { + NewRegisterValue = DBGContext.Rbp - (DWORD)DBGContext.Rbp + NewRegisterValue; + DBGContext.Rbp = NewRegisterValue; + } + else if(IndexOfRegister == UE_ESP) + { + NewRegisterValue = DBGContext.Rsp - (DWORD)DBGContext.Rsp + NewRegisterValue; + DBGContext.Rsp = NewRegisterValue; + } + else if(IndexOfRegister == UE_EIP) + { + NewRegisterValue = DBGContext.Rip - (DWORD)DBGContext.Rip + NewRegisterValue; + DBGContext.Rip = NewRegisterValue; + } + else if(IndexOfRegister == UE_EFLAGS) + { + DBGContext.EFlags = (DWORD)NewRegisterValue; + } + else if(IndexOfRegister == UE_RAX) + { + DBGContext.Rax = NewRegisterValue; + } + else if(IndexOfRegister == UE_RBX) + { + DBGContext.Rbx = NewRegisterValue; + } + else if(IndexOfRegister == UE_RCX) + { + DBGContext.Rcx = NewRegisterValue; + } + else if(IndexOfRegister == UE_RDX) + { + DBGContext.Rdx = NewRegisterValue; + } + else if(IndexOfRegister == UE_RDI) + { + DBGContext.Rdi = NewRegisterValue; + } + else if(IndexOfRegister == UE_RSI) + { + DBGContext.Rsi = NewRegisterValue; + } + else if(IndexOfRegister == UE_RBP) + { + DBGContext.Rbp = NewRegisterValue; + } + else if(IndexOfRegister == UE_RSP) + { + DBGContext.Rsp = NewRegisterValue; + } + else if(IndexOfRegister == UE_RIP) + { + DBGContext.Rip = NewRegisterValue; + } + else if(IndexOfRegister == UE_RFLAGS) + { + DBGContext.EFlags = (DWORD)NewRegisterValue; + } + else if(IndexOfRegister == UE_DR0) + { + DBGContext.Dr0 = NewRegisterValue; + } + else if(IndexOfRegister == UE_DR1) + { + DBGContext.Dr1 = NewRegisterValue; + } + else if(IndexOfRegister == UE_DR2) + { + DBGContext.Dr2 = NewRegisterValue; + } + else if(IndexOfRegister == UE_DR3) + { + DBGContext.Dr3 = NewRegisterValue; + } + else if(IndexOfRegister == UE_DR6) + { + DBGContext.Dr6 = NewRegisterValue; + } + else if(IndexOfRegister == UE_DR7) + { + DBGContext.Dr7 = NewRegisterValue; + } + else if(IndexOfRegister == UE_R8) + { + DBGContext.R8 = NewRegisterValue; + } + else if(IndexOfRegister == UE_R9) + { + DBGContext.R9 = NewRegisterValue; + } + else if(IndexOfRegister == UE_R10) + { + DBGContext.R10 = NewRegisterValue; + } + else if(IndexOfRegister == UE_R11) + { + DBGContext.R11 = NewRegisterValue; + } + else if(IndexOfRegister == UE_R12) + { + DBGContext.R12 = NewRegisterValue; + } + else if(IndexOfRegister == UE_R13) + { + DBGContext.R13 = NewRegisterValue; + } + else if(IndexOfRegister == UE_R14) + { + DBGContext.R14 = NewRegisterValue; + } + else if(IndexOfRegister == UE_R15) + { + DBGContext.R15 = NewRegisterValue; + } + else if(IndexOfRegister == UE_CIP) + { + DBGContext.Rip = NewRegisterValue; + } + else if(IndexOfRegister == UE_CSP) + { + DBGContext.Rsp = NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_GS) + { + DBGContext.SegGs = (WORD)NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_FS) + { + DBGContext.SegFs = (WORD)NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_ES) + { + DBGContext.SegEs = (WORD)NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_DS) + { + DBGContext.SegDs = (WORD)NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_CS) + { + DBGContext.SegCs = (WORD)NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_SS) + { + DBGContext.SegSs = (WORD)NewRegisterValue; + } + else + { + ResumeThread(hActiveThread); + return(false); + } + if(SetThreadContext(hActiveThread, &DBGContext)) + { + ResumeThread(hActiveThread); + return(true); + } +#else + if(!GetThreadContext(hActiveThread, &DBGContext)) + { + ResumeThread(hActiveThread); + return(false); + } + if(IndexOfRegister == UE_EAX) + { + DBGContext.Eax = NewRegisterValue; + } + else if(IndexOfRegister == UE_EBX) + { + DBGContext.Ebx = NewRegisterValue; + } + else if(IndexOfRegister == UE_ECX) + { + DBGContext.Ecx = NewRegisterValue; + } + else if(IndexOfRegister == UE_EDX) + { + DBGContext.Edx = NewRegisterValue; + } + else if(IndexOfRegister == UE_EDI) + { + DBGContext.Edi = NewRegisterValue; + } + else if(IndexOfRegister == UE_ESI) + { + DBGContext.Esi = NewRegisterValue; + } + else if(IndexOfRegister == UE_EBP) + { + DBGContext.Ebp = NewRegisterValue; + } + else if(IndexOfRegister == UE_ESP) + { + DBGContext.Esp = NewRegisterValue; + } + else if(IndexOfRegister == UE_EIP) + { + DBGContext.Eip = NewRegisterValue; + } + else if(IndexOfRegister == UE_EFLAGS) + { + DBGContext.EFlags = NewRegisterValue; + } + else if(IndexOfRegister == UE_DR0) + { + DBGContext.Dr0 = NewRegisterValue; + } + else if(IndexOfRegister == UE_DR1) + { + DBGContext.Dr1 = NewRegisterValue; + } + else if(IndexOfRegister == UE_DR2) + { + DBGContext.Dr2 = NewRegisterValue; + } + else if(IndexOfRegister == UE_DR3) + { + DBGContext.Dr3 = NewRegisterValue; + } + else if(IndexOfRegister == UE_DR6) + { + DBGContext.Dr6 = NewRegisterValue; + } + else if(IndexOfRegister == UE_DR7) + { + DBGContext.Dr7 = NewRegisterValue; + } + else if(IndexOfRegister == UE_CIP) + { + DBGContext.Eip = NewRegisterValue; + } + else if(IndexOfRegister == UE_CSP) + { + DBGContext.Esp = NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_GS) + { + DBGContext.SegGs = NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_FS) + { + DBGContext.SegFs = NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_ES) + { + DBGContext.SegEs = NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_DS) + { + DBGContext.SegDs = NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_CS) + { + DBGContext.SegCs = NewRegisterValue; + } + else if(IndexOfRegister == UE_SEG_SS) + { + DBGContext.SegSs = NewRegisterValue; + } + else + { + ResumeThread(hActiveThread); + return(false); + } + if(SetThreadContext(hActiveThread, &DBGContext)) + { + ResumeThread(hActiveThread); + return(true); + } +#endif + ResumeThread(hActiveThread); + return(false); +} +__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue) +{ + + HANDLE hActiveThread = 0; + bool ContextReturn; + + hActiveThread = OpenThread(THREAD_ALL_ACCESS, false, DBGEvent.dwThreadId); + ContextReturn = SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue); + EngineCloseHandle(hActiveThread); + return(ContextReturn); +} \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Debugger.Data.cpp b/TitanEngine/TitanEngine.Debugger.Data.cpp new file mode 100644 index 0000000..e55f6cc --- /dev/null +++ b/TitanEngine/TitanEngine.Debugger.Data.cpp @@ -0,0 +1,159 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.Debugger.h" + +//TODO: never changed LOL +static DWORD CurrentExceptionsNumber = 0; + +__declspec(dllexport) void TITCALL ClearExceptionNumber() +{ + CurrentExceptionsNumber = 0; +} +__declspec(dllexport) long TITCALL CurrentExceptionNumber() +{ + return(CurrentExceptionsNumber); +} + +__declspec(dllexport) void* TITCALL GetDebugData() +{ + return(&DBGEvent); +} +__declspec(dllexport) void* TITCALL GetTerminationData() +{ + return(&TerminateDBGEvent); +} +__declspec(dllexport) long TITCALL GetExitCode() +{ + return(ProcessExitCode); +} +__declspec(dllexport) long long TITCALL GetDebuggedDLLBaseAddress() +{ + return((ULONG_PTR)DebugDebuggingDLLBase); +} +__declspec(dllexport) unsigned long long TITCALL GetDebuggedFileBaseAddress() +{ + return (unsigned long long)DebugDebuggingMainModuleBase; +} + +__declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack) +{ + + if(ExceptionId == UE_CH_BREAKPOINT) + { + DBGCustomHandler->chBreakPoint = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_SINGLESTEP) + { + DBGCustomHandler->chSingleStep = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_ACCESSVIOLATION) + { + DBGCustomHandler->chAccessViolation = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_ILLEGALINSTRUCTION) + { + DBGCustomHandler->chIllegalInstruction = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_NONCONTINUABLEEXCEPTION) + { + DBGCustomHandler->chNonContinuableException = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_ARRAYBOUNDSEXCEPTION) + { + DBGCustomHandler->chArrayBoundsException = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_FLOATDENORMALOPERAND) + { + DBGCustomHandler->chFloatDenormalOperand = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_FLOATDEVIDEBYZERO) + { + DBGCustomHandler->chFloatDevideByZero = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_INTEGERDEVIDEBYZERO) + { + DBGCustomHandler->chIntegerDevideByZero = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_INTEGEROVERFLOW) + { + DBGCustomHandler->chIntegerOverflow = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_PRIVILEGEDINSTRUCTION) + { + DBGCustomHandler->chPrivilegedInstruction = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_PAGEGUARD) + { + DBGCustomHandler->chPageGuard = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_EVERYTHINGELSE) + { + DBGCustomHandler->chEverythingElse = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_CREATETHREAD) + { + DBGCustomHandler->chCreateThread = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_EXITTHREAD) + { + DBGCustomHandler->chExitThread = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_CREATEPROCESS) + { + DBGCustomHandler->chCreateProcess = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_EXITPROCESS) + { + DBGCustomHandler->chExitProcess = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_LOADDLL) + { + DBGCustomHandler->chLoadDll = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_UNLOADDLL) + { + DBGCustomHandler->chUnloadDll = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_OUTPUTDEBUGSTRING) + { + DBGCustomHandler->chOutputDebugString = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_AFTEREXCEPTIONPROCESSING) + { + DBGCustomHandler->chAfterException = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_SYSTEMBREAKPOINT) + { + DBGCustomHandler->chSystemBreakpoint = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_UNHANDLEDEXCEPTION) + { + DBGCustomHandler->chUnhandledException = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_RIPEVENT) + { + DBGCustomHandler->chRipEvent = (ULONG_PTR)CallBack; + } + else if(ExceptionId == UE_CH_ALLEVENTS) + { + DBGCustomHandler->chEverythingElse = (ULONG_PTR)CallBack; + DBGCustomHandler->chCreateThread = (ULONG_PTR)CallBack; + DBGCustomHandler->chExitThread = (ULONG_PTR)CallBack; + DBGCustomHandler->chCreateProcess = (ULONG_PTR)CallBack; + DBGCustomHandler->chExitProcess = (ULONG_PTR)CallBack; + DBGCustomHandler->chLoadDll = (ULONG_PTR)CallBack; + DBGCustomHandler->chUnloadDll = (ULONG_PTR)CallBack; + DBGCustomHandler->chOutputDebugString = (ULONG_PTR)CallBack; + DBGCustomHandler->chSystemBreakpoint = (ULONG_PTR)CallBack; + DBGCustomHandler->chRipEvent = (ULONG_PTR)CallBack; + } +} + +__declspec(dllexport) void* TITCALL GetProcessInformation() +{ + return(&dbgProcessInformation); +} +__declspec(dllexport) void* TITCALL GetStartupInformation() +{ + return(&dbgStartupInfo); +} \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp new file mode 100644 index 0000000..f34342d --- /dev/null +++ b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp @@ -0,0 +1,1776 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.Debugger.h" +#include "Global.Handle.h" +#include "Global.Engine.h" +#include "Global.Engine.Extension.h" +#include "Global.Breakpoints.h" +#include "Global.Threader.h" +#include "Global.Librarian.h" +#include "Global.TLS.h" +#include + +#define UE_MODULEx86 0x2000; +#define UE_MODULEx64 0x2000; + +static DWORD engineWaitForDebugEventTimeOut = INFINITE; + +__declspec(dllexport) void TITCALL DebugLoop() +{ + int i = NULL; + int j = NULL; + int k = NULL; + bool FirstBPX = true; + bool ResetBPX = false; + bool BreakDBG = false; + bool ResetHwBPX = false; + bool ResetMemBPX = false; + bool CompareResult = false; + bool SecondChance = false; + ULONG_PTR CmpValue1 = NULL; + ULONG_PTR CmpValue2 = NULL; + bool hListProcessFirst = true; + bool hListThreadFirst = true; + bool hListLibraryFirst = true; + PPROCESS_ITEM_DATA hListProcessPtr = NULL; + PTHREAD_ITEM_DATA hListThreadPtr = NULL; + PLIBRARY_ITEM_DATAW hListLibraryPtr = NULL; + PLIBRARY_ITEM_DATAW hLoadedLibData = NULL; + PLIBRARY_BREAK_DATA ptrLibrarianData = NULL; + typedef void(TITCALL *fCustomBreakPoint)(void); + typedef void(TITCALL *fCustomHandler)(void* SpecialDBG); + typedef void(TITCALL *fFindOEPHandler)(LPPROCESS_INFORMATION fProcessInfo, LPVOID fCallBack); + fCustomHandler myCustomHandler; + fCustomBreakPoint myCustomBreakPoint; + fFindOEPHandler myFindOEPHandler; + ULONG_PTR MemoryBpxCallBack = 0; + SIZE_T ResetBPXSize = 0; + ULONG_PTR ResetBPXAddressTo = 0; + ULONG_PTR ResetMemBPXAddress = 0; + SIZE_T ResetMemBPXSize = 0; + int MaximumBreakPoints = 0; + ULONG_PTR NumberOfBytesReadWritten = 0; + MEMORY_BASIC_INFORMATION MemInfo; + HANDLE hActiveThread; + CONTEXT myDBGContext; + DWORD OldProtect; + DWORD NewProtect; + DWORD DebugRegisterXId = NULL; + HARDWARE_DATA DebugRegisterX; + wchar_t DLLDebugFileName[512]; + char szAnsiLibraryName[MAX_PATH]; + ULONG_PTR DLLPatchAddress; + HANDLE hFileMapping; + LPVOID hFileMappingView; + LPVOID DBGEntryPoint; + bool MemoryBpxFound = false; + wchar_t* szTranslatedNativeName; + + DBGFileHandle = NULL; + DBGCode = DBG_CONTINUE; + engineFakeDLLHandle = NULL; + DebugRegister[0].DrxEnabled = false; + DebugRegister[1].DrxEnabled = false; + DebugRegister[2].DrxEnabled = false; + DebugRegister[3].DrxEnabled = false; + engineProcessIsNowDetached = false; + engineResumeProcessIfNoThreadIsActive = false; + RtlZeroMemory(&DBGEvent, sizeof DEBUG_EVENT); + RtlZeroMemory(&TerminateDBGEvent, sizeof DEBUG_EVENT); + RtlZeroMemory(&DLLDebugFileName, 512); + ExtensionManagerPluginResetCallBack(); + engineFileIsBeingDebugged = true; + if(engineExecutePluginCallBack) + { + ExtensionManagerPluginDebugCallBack(&DBGEvent, UE_PLUGIN_CALL_REASON_PREDEBUG); + } + + while(!BreakDBG) //actual debug loop + { + WaitForDebugEvent(&DBGEvent, engineWaitForDebugEventTimeOut); + if(engineExecutePluginCallBack) + { + ExtensionManagerPluginDebugCallBack(&DBGEvent, UE_PLUGIN_CALL_REASON_EXCEPTION); + } + + //Debug event + switch(DBGEvent.dwDebugEventCode) + { + case CREATE_PROCESS_DEBUG_EVENT: + { + if(DBGFileHandle == NULL) //we didn't set the handle yet + { + DBGEntryPoint = DBGEvent.u.CreateProcessInfo.lpStartAddress; + DBGFileHandle = DBGEvent.u.CreateProcessInfo.hFile; + EngineCloseHandle(DBGFileHandle); //handle is never used inside the code + DebugDebuggingMainModuleBase = (unsigned long long) DBGEvent.u.CreateProcessInfo.lpBaseOfImage; + if(DebugAttachedToProcess) //we attached, set information + { + dbgProcessInformation.hProcess = DBGEvent.u.CreateProcessInfo.hProcess; + dbgProcessInformation.hThread = DBGEvent.u.CreateProcessInfo.hThread; + dbgProcessInformation.dwThreadId = NULL; + if(engineAttachedProcessDebugInfo != NULL) + { + RtlMoveMemory(engineAttachedProcessDebugInfo, &dbgProcessInformation, sizeof PROCESS_INFORMATION); + } + } + if(DebugDebuggingDLL) //the DLL loader just started, set DLL names + { +#if defined(_WIN64) + DLLPatchAddress = (ULONG_PTR)DBGEvent.u.CreateProcessInfo.lpBaseOfImage; + DLLPatchAddress = (ULONG_PTR)DLLPatchAddress + UE_MODULEx64; +#else + DLLPatchAddress = (ULONG_PTR)DBGEvent.u.CreateProcessInfo.lpBaseOfImage; + DLLPatchAddress = (ULONG_PTR)DLLPatchAddress + UE_MODULEx86; +#endif + if(!WriteProcessMemory(DBGEvent.u.CreateProcessInfo.hProcess, (LPVOID)DLLPatchAddress, DebugDebuggingDLLFullFileName, lstrlenW(DebugDebuggingDLLFullFileName) * 2, &NumberOfBytesReadWritten)) + { + StopDebug(); + return; + } + if(DebugReserveModuleBase) //reserve original image base + { + VirtualAllocEx(dbgProcessInformation.hProcess, (void*)DebugReserveModuleBase, 0x1000, MEM_RESERVE, PAGE_READWRITE); //return value nt used, yea just ignore. return value doesnt matter and there is no possible fix when failed :D this is only used to make sure DLL loads on another image base + } + } + if(hListProcess == NULL) + { + hListProcess = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof PROCESS_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE); + } + else + { + if(hListProcessFirst == true) + { + RtlZeroMemory(hListProcess, MAX_DEBUG_DATA * sizeof PROCESS_ITEM_DATA); + } + } + if(hListThread == NULL) + { + hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE); + } + else + { + if(hListThreadFirst == true) + { + RtlZeroMemory(hListThread, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA); + } + } + hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess; + hListProcessPtr->hFile = DBGEvent.u.CreateProcessInfo.hFile; + hListProcessPtr->hProcess = DBGEvent.u.CreateProcessInfo.hProcess; + hListProcessPtr->hThread = DBGEvent.u.CreateProcessInfo.hThread; + hListProcessPtr->dwProcessId = DBGEvent.dwProcessId; + hListProcessPtr->dwThreadId = DBGEvent.dwThreadId; + hListProcessPtr->BaseOfImage = (void*)DBGEvent.u.CreateProcessInfo.lpBaseOfImage; + hListProcessPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress; + hListProcessPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase; + + hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread; + hListThreadPtr->dwThreadId = DBGEvent.dwThreadId; + hListThreadPtr->hThread = DBGEvent.u.CreateProcessInfo.hThread; + hListThreadPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress; + hListThreadPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase; + hListThreadFirst = false; + } + else //we have a valid handle already (which means a child process started) + { + hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess; + while(hListProcessPtr->hProcess != NULL) + { + hListProcessPtr = (PPROCESS_ITEM_DATA)((ULONG_PTR)hListProcessPtr + sizeof PROCESS_ITEM_DATA); + } + if(hListProcessPtr->hProcess == NULL) + { + hListProcessPtr->hFile = DBGEvent.u.CreateProcessInfo.hFile; + hListProcessPtr->hProcess = DBGEvent.u.CreateProcessInfo.hProcess; + hListProcessPtr->hThread = DBGEvent.u.CreateProcessInfo.hThread; + hListProcessPtr->dwProcessId = DBGEvent.dwProcessId; + hListProcessPtr->dwThreadId = DBGEvent.dwThreadId; + hListProcessPtr->BaseOfImage = (void*)DBGEvent.u.CreateProcessInfo.lpBaseOfImage; + hListProcessPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress; + hListProcessPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase; + hListProcessFirst = false; + } + } + + //process created callback + if(DBGCustomHandler->chCreateProcess != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chCreateProcess); + __try + { + myCustomHandler(&DBGEvent.u.CreateProcessInfo); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chCreateProcess = NULL; + } + } + } + break; + + case EXIT_PROCESS_DEBUG_EVENT: + { + ProcessExitCode = DBGEvent.u.ExitProcess.dwExitCode; + DBGCode = DBG_CONTINUE; + if(DBGEvent.dwProcessId == dbgProcessInformation.dwProcessId) //main process closed + BreakDBG = true; + + //exit process handler + if(DBGCustomHandler->chExitProcess != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chExitProcess); + __try + { + myCustomHandler(&DBGEvent.u.ExitProcess); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chExitProcess = NULL; + } + } + } + break; + + case CREATE_THREAD_DEBUG_EVENT: + { + //maintain thread list + if(hListThread == NULL) + { + hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE); + } + hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread; + __try + { + while(hListThreadPtr->hThread != NULL) + { + hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA); + } + hListThreadPtr->dwThreadId = DBGEvent.dwThreadId; + hListThreadPtr->hThread = DBGEvent.u.CreateThread.hThread; + hListThreadPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateThread.lpStartAddress; + hListThreadPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateThread.lpThreadLocalBase; + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + + //custom handler + if(DBGCustomHandler->chCreateThread != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chCreateThread); + __try + { + myCustomHandler(&DBGEvent.u.CreateThread); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chCreateThread = NULL; + } + } + } + break; + + case EXIT_THREAD_DEBUG_EVENT: + { + //custom handler + if(DBGCustomHandler->chExitThread != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chExitThread); + __try + { + myCustomHandler(&DBGEvent.u.ExitThread); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chExitThread = NULL; + } + } + if(engineExitThreadOneShootCallBack != NULL) + { + myCustomHandler = (fCustomHandler)(engineExitThreadOneShootCallBack); + __try + { + myCustomHandler(&DBGEvent.u.ExitThread); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + engineExitThreadOneShootCallBack = NULL; + } + + //maintain thread list + hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread; + while(hListThreadPtr->hThread != NULL && hListThreadPtr->dwThreadId != DBGEvent.dwThreadId) + { + hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA); + } + if(hListThreadPtr->dwThreadId == DBGEvent.dwThreadId) + { + hListThreadPtr->hThread = (HANDLE)-1; + hListThreadPtr->dwThreadId = NULL; + hListThreadPtr->ThreadLocalBase = NULL; + hListThreadPtr->ThreadStartAddress = NULL; + } + } + break; + + case LOAD_DLL_DEBUG_EVENT: + { + //maintain library list + if(hListLibrary == NULL) + { + hListLibrary = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof LIBRARY_ITEM_DATAW, MEM_COMMIT, PAGE_READWRITE); + } + else + { + if(hListLibraryFirst == true) + { + RtlZeroMemory(hListLibrary, MAX_DEBUG_DATA * sizeof LIBRARY_ITEM_DATAW); + } + } + hListLibraryFirst = false; + hListLibraryPtr = (PLIBRARY_ITEM_DATAW)hListLibrary; + while(hListLibraryPtr->hFile != NULL) + { + hListLibraryPtr = (PLIBRARY_ITEM_DATAW)((ULONG_PTR)hListLibraryPtr + sizeof LIBRARY_ITEM_DATAW); + } + hListLibraryPtr->hFile = DBGEvent.u.LoadDll.hFile; + hListLibraryPtr->BaseOfDll = DBGEvent.u.LoadDll.lpBaseOfDll; + hFileMapping = CreateFileMappingA(DBGEvent.u.LoadDll.hFile, NULL, PAGE_READONLY, NULL, GetFileSize(DBGEvent.u.LoadDll.hFile, NULL), NULL); + if(hFileMapping != NULL) + { + hFileMappingView = MapViewOfFile(hFileMapping, FILE_MAP_READ, NULL, NULL, NULL); + if(hFileMappingView != NULL) + { + hListLibraryPtr->hFileMapping = hFileMapping; + hListLibraryPtr->hFileMappingView = hFileMappingView; + if(GetMappedFileNameW(GetCurrentProcess(), hFileMappingView, DLLDebugFileName, sizeof(DLLDebugFileName)/sizeof(DLLDebugFileName[0])) > NULL) + { + i = lstrlenW(DLLDebugFileName); + while(DLLDebugFileName[i] != 0x5C && i >= NULL) + { + i--; + } + if(DebugDebuggingDLL) + { + if(lstrcmpiW(&DLLDebugFileName[i+1], DebugDebuggingDLLFileName) == NULL) + { + SetBPX(DebugModuleEntryPoint + (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll, UE_SINGLESHOOT, DebugModuleEntryPointCallBack); + DebugDebuggingDLLBase = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll; + } + /*else if(lstrcmpiW(&DLLDebugFileName[i+1], DebugDebuggingDLLReserveFileName) == NULL) + { + if((ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll != DebugModuleImageBase) + { + VirtualAllocEx(dbgProcessInformation.hProcess, (void*)DebugModuleImageBase, 0x1000, MEM_RESERVE, PAGE_READWRITE); + } + }*/ + } + if(engineFakeDLLHandle == NULL) + { + if(lstrcmpiW(&DLLDebugFileName[i+1], L"kernel32.dll") == NULL) + { + engineFakeDLLHandle = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll; + } + } + lstrcpyW(hListLibraryPtr->szLibraryName, &DLLDebugFileName[i+1]); + szTranslatedNativeName = (wchar_t*)TranslateNativeNameW(DLLDebugFileName); + lstrcpyW(hListLibraryPtr->szLibraryPath, szTranslatedNativeName); + VirtualFree((void*)szTranslatedNativeName, NULL, MEM_RELEASE); + RtlZeroMemory(szAnsiLibraryName, sizeof szAnsiLibraryName); + WideCharToMultiByte(CP_ACP, NULL, hListLibraryPtr->szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL); + ptrLibrarianData = (PLIBRARY_BREAK_DATA)LibrarianData; + k = NULL; + if(ptrLibrarianData != NULL) + { + while(k < MAX_LIBRARY_BPX) + { + if(ptrLibrarianData->szLibraryName[0] != 0x00) + { + if(lstrcmpiA(ptrLibrarianData->szLibraryName, szAnsiLibraryName) == NULL) + { + if(ptrLibrarianData->bpxType == UE_ON_LIB_LOAD || ptrLibrarianData->bpxType == UE_ON_LIB_ALL) + { + myCustomHandler = (fCustomHandler)(ptrLibrarianData->bpxCallBack); + __try + { + myCustomHandler(&DBGEvent.u.LoadDll); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + LibrarianRemoveBreakPoint(ptrLibrarianData->szLibraryName, ptrLibrarianData->bpxType); + } + if(ptrLibrarianData->bpxSingleShoot) + { + LibrarianRemoveBreakPoint(ptrLibrarianData->szLibraryName, ptrLibrarianData->bpxType); + } + } + } + } + ptrLibrarianData = (PLIBRARY_BREAK_DATA)((ULONG_PTR)ptrLibrarianData + sizeof LIBRARY_BREAK_DATA); + k++; + } + } + } + } + } + //loadDLL callback + if(DBGCustomHandler->chLoadDll != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chLoadDll); + __try + { + myCustomHandler(&DBGEvent.u.LoadDll); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chLoadDll = NULL; + } + } + } + break; + + case UNLOAD_DLL_DEBUG_EVENT: + { + //unload DLL callback + if(DBGCustomHandler->chUnloadDll != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chUnloadDll); + __try + { + myCustomHandler(&DBGEvent.u.UnloadDll); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chUnloadDll = NULL; + } + } + + //maintain library list + k = NULL; + ptrLibrarianData = (PLIBRARY_BREAK_DATA)LibrarianData; + hLoadedLibData = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoEx(DBGEvent.u.UnloadDll.lpBaseOfDll); + if(hLoadedLibData != NULL) + { + RtlZeroMemory(szAnsiLibraryName, sizeof szAnsiLibraryName); + WideCharToMultiByte(CP_ACP, NULL, hLoadedLibData->szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL); + if(ptrLibrarianData != NULL) + { + while(k < MAX_LIBRARY_BPX) + { + if(ptrLibrarianData->szLibraryName[0] != 0x00) + { + if(lstrcmpiA(ptrLibrarianData->szLibraryName, szAnsiLibraryName) == NULL) + { + if(ptrLibrarianData->bpxType == UE_ON_LIB_UNLOAD || ptrLibrarianData->bpxType == UE_ON_LIB_ALL) + { + myCustomHandler = (fCustomHandler)(ptrLibrarianData->bpxCallBack); + __try + { + myCustomHandler(&DBGEvent.u.UnloadDll); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + LibrarianRemoveBreakPoint(ptrLibrarianData->szLibraryName, ptrLibrarianData->bpxType); + } + if(ptrLibrarianData->bpxSingleShoot) + { + LibrarianRemoveBreakPoint(ptrLibrarianData->szLibraryName, ptrLibrarianData->bpxType); + } + } + } + } + ptrLibrarianData = (PLIBRARY_BREAK_DATA)((ULONG_PTR)ptrLibrarianData + sizeof LIBRARY_BREAK_DATA); + k++; + } + } + } + hListLibraryPtr = (PLIBRARY_ITEM_DATAW)hListLibrary; + if(hListLibraryPtr != NULL) + { + while(hListLibraryPtr->hFile != NULL) + { + if(hListLibraryPtr->BaseOfDll == DBGEvent.u.UnloadDll.lpBaseOfDll) + { + if(hListLibraryPtr->hFile != (HANDLE)-1) + { + if(hListLibraryPtr->hFileMappingView != NULL) + { + UnmapViewOfFile(hListLibraryPtr->hFileMappingView); + EngineCloseHandle(hListLibraryPtr->hFileMapping); + } + EngineCloseHandle(hListLibraryPtr->hFile); + RtlZeroMemory(hListLibraryPtr, sizeof LIBRARY_ITEM_DATAW); + hListLibraryPtr->hFile = (HANDLE)-1; + } + } + hListLibraryPtr = (PLIBRARY_ITEM_DATAW)((ULONG_PTR)hListLibraryPtr + sizeof LIBRARY_ITEM_DATAW); + } + } + } + break; + + case OUTPUT_DEBUG_STRING_EVENT: + { + //debug string callback + if(DBGCustomHandler->chOutputDebugString != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chOutputDebugString); + __try + { + myCustomHandler(&DBGEvent.u.DebugString); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chOutputDebugString = NULL; + } + } + //http://maximumcrack.wordpress.com/2009/06/22/outputdebugstring-awesomeness/ (the final advice is incorrect, but still helpful) + DBGCode = DBG_EXCEPTION_NOT_HANDLED; //pass exception to debuggee + } + break; + + case EXCEPTION_DEBUG_EVENT: + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; //let the debuggee handle exceptions per default + + if(DBGCustomHandler->chEverythingElse != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chEverythingElse); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chEverythingElse = NULL; + } + } + if(DBGEvent.u.Exception.dwFirstChance == FALSE) //second chance exception + { + //NOTE: unclear behavious of ->Pass<- all exceptions (not to debuggee, but to debugger) + if(!enginePassAllExceptions) + { + DBGCode = DBG_CONTINUE; + } + else + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; //let debuggee handle the exception + } + RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof DEBUG_EVENT); + } + + //handle different exception codes + switch(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode) + { + case STATUS_BREAKPOINT: + { + MaximumBreakPoints = 0; + for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++) + { + if(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress - (BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1)) + { + break; + } + } + if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && MaximumBreakPoints < MAXIMUM_BREAKPOINTS) + { + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); + if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_SINGLESHOOT) && (BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions == -1 || BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions > 0)) + { + if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &BreakPointBuffer[MaximumBreakPoints].OriginalByte[0], BreakPointBuffer[MaximumBreakPoints].BreakPointSize, &NumberOfBytesReadWritten)) + { + DBGCode = DBG_CONTINUE; + hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); + myDBGContext.ContextFlags = CONTEXT_CONTROL; + GetThreadContext(hActiveThread, &myDBGContext); + if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT) + { + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + } + if(!(myDBGContext.EFlags & 0x10000)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x10000; + } +#if defined(_WIN64) + myDBGContext.Rip = myDBGContext.Rip - BreakPointBuffer[MaximumBreakPoints].BreakPointSize; +#else + myDBGContext.Eip = myDBGContext.Eip - BreakPointBuffer[MaximumBreakPoints].BreakPointSize; +#endif + SetThreadContext(hActiveThread, &myDBGContext); + EngineCloseHandle(hActiveThread); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); + myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].ExecuteCallBack); + if(BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != -1 && BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != 0) + { + BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions--; + } + if(BreakPointBuffer[MaximumBreakPoints].CmpCondition != UE_CMP_NOCONDITION) + { + CompareResult = false; + CmpValue1 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpRegister); + myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].CompareCallBack); + if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_EQUAL) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 == CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_NOTEQUAL) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 != CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATER) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 > CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATEROREQUAL) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 >= CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWER) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 < CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWEROREQUAL) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 <= CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_EQUAL) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 == CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_NOTEQUAL) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 != CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATER) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 > CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATEROREQUAL) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 >= CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWER) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 < CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWEROREQUAL) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 <= CmpValue2) + { + CompareResult = true; + } + } + if(CompareResult) + { + __try + { + myCustomBreakPoint(); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + } + else + { + __try + { + myCustomBreakPoint(); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT) + { + DisableBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress); + ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1; + ResetBPXAddressTo = (ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; + ResetBPX = true; + } + else + { + DeleteBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress); + ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1; + ResetBPXAddressTo = NULL; + ResetBPX = false; + } + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); + DBGCode = DBG_CONTINUE; + } + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); + DBGCode = DBG_EXCEPTION_NOT_HANDLED; + } + } + else //breakpoint not in list + { + if(!FirstBPX) //program generated a breakpoint exception + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; + if(DBGCustomHandler->chBreakPoint != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chBreakPoint); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chBreakPoint = NULL; + } + } + } + else //system breakpoint + { + FirstBPX = false; + DBGCode = DBG_CONTINUE; + if(DebugAttachedToProcess) + { + myCustomBreakPoint = (fCustomBreakPoint)(DebugAttachedProcessCallBack); + __try + { + myCustomBreakPoint(); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + if(engineAutoHideFromDebugger) + { + HideDebugger(dbgProcessInformation.hProcess, UE_HIDE_PEBONLY); + } + if(DebugExeFileEntryPointCallBack != NULL) //set entry breakpoint + { + SetBPX((ULONG_PTR)DBGEntryPoint, UE_SINGLESHOOT, DebugExeFileEntryPointCallBack); + } + if(engineTLSBreakOnCallBack) //set TLS callback breakpoints + { + i = NULL; + while(tlsCallBackList[i] != NULL) + { + SetBPX((ULONG_PTR)tlsCallBackList[i], UE_SINGLESHOOT, (LPVOID)engineTLSBreakOnCallBackAddress); + tlsCallBackList[i] = NULL; + i++; + } + engineTLSBreakOnCallBackAddress = NULL; + engineTLSBreakOnCallBack = false; + } + + //system breakpoint callback + if(DBGCustomHandler->chSystemBreakpoint != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chSystemBreakpoint); + __try + { + myCustomHandler(&DBGEvent); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chSystemBreakpoint = NULL; + } + } + } + } + } + break; + + case STATUS_SINGLE_STEP: + { + if(ResetBPX == true || ResetHwBPX == true || ResetMemBPX == true) //restore breakpoints (internal step) + { + DBGCode = DBG_CONTINUE; + if(ResetBPX) //restore 'normal' breakpoint + { + if(ResetBPXAddressTo + ResetBPXSize != (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress) + { + EnableBPX(ResetBPXAddressTo); + ResetBPXAddressTo = NULL; + ResetBPX = false; + if(engineStepActive) + { + if(engineStepCount == NULL) + { + myCustomBreakPoint = (fCustomBreakPoint)(engineStepCallBack); + __try + { + engineStepActive = false; + engineStepCallBack = NULL; + myCustomBreakPoint(); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + else + { + SingleStep(engineStepCount, engineStepCallBack); + } + } + } + else + { + hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); + myDBGContext.ContextFlags = CONTEXT_CONTROL; + GetThreadContext(hActiveThread, &myDBGContext); + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + EngineCloseHandle(hActiveThread); + } + } + else if(ResetHwBPX) //restore hardware breakpoint + { + ResetHwBPX = false; + SetHardwareBreakPoint(DebugRegisterX.DrxBreakAddress, DebugRegisterXId, DebugRegisterX.DrxBreakPointType, DebugRegisterX.DrxBreakPointSize, (LPVOID)DebugRegisterX.DrxCallBack); + if(engineStepActive) + { + if(engineStepCount == NULL) + { + myCustomBreakPoint = (fCustomBreakPoint)(engineStepCallBack); + __try + { + engineStepActive = false; + engineStepCallBack = NULL; + myCustomBreakPoint(); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + else + { + SingleStep(engineStepCount, engineStepCallBack); + } + } + } + else if(ResetMemBPX) //restore memory breakpoint + { + ResetMemBPX = false; + VirtualQueryEx(dbgProcessInformation.hProcess, (LPCVOID)ResetMemBPXAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + NewProtect = OldProtect | PAGE_GUARD; //guard page protection + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)ResetMemBPXAddress, ResetMemBPXSize, NewProtect, &OldProtect); + if(engineStepActive) + { + if(engineStepCount == NULL) + { + myCustomBreakPoint = (fCustomBreakPoint)(engineStepCallBack); + __try + { + engineStepActive = false; + engineStepCallBack = NULL; + myCustomBreakPoint(); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + else + { + SingleStep(engineStepCount, engineStepCallBack); + } + } + } + } + else //no resetting needed (debugger reached hardware breakpoint or the user stepped) + { + if(engineStepActive) + { + DBGCode = DBG_CONTINUE; + if(engineStepCount == NULL) + { + myCustomBreakPoint = (fCustomBreakPoint)(engineStepCallBack); + __try + { + engineStepActive = false; + engineStepCallBack = NULL; + myCustomBreakPoint(); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + else + { + SingleStep(engineStepCount, engineStepCallBack); + } + } + else //handle hardware breakpoints + { + hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); + myDBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS; + if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr0 || (myDBGContext.Dr6 & 0x1)) + { + if(DebugRegister[0].DrxEnabled) + { + DBGCode = DBG_CONTINUE; + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + myCustomHandler = (fCustomHandler)(DebugRegister[0].DrxCallBack); + __try + { + myCustomHandler((void*)myDBGContext.Dr0); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + RtlZeroMemory(&DebugRegisterX, sizeof HARDWARE_DATA); + RtlMoveMemory(&DebugRegisterX, &DebugRegister[0], sizeof HARDWARE_DATA); + DeleteHardwareBreakPoint(UE_DR0); + DebugRegisterXId = UE_DR0; + ResetHwBPX = true; + } + else + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; + } + } + else if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr1 || (myDBGContext.Dr6 & 0x2)) + { + if(DebugRegister[1].DrxEnabled) + { + DBGCode = DBG_CONTINUE; + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + myCustomHandler = (fCustomHandler)(DebugRegister[1].DrxCallBack); + __try + { + myCustomHandler((void*)myDBGContext.Dr1); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + RtlZeroMemory(&DebugRegisterX, sizeof HARDWARE_DATA); + RtlMoveMemory(&DebugRegisterX, &DebugRegister[1], sizeof HARDWARE_DATA); + DeleteHardwareBreakPoint(UE_DR1); + DebugRegisterXId = UE_DR1; + ResetHwBPX = true; + } + else + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; + } + } + else if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr2 || (myDBGContext.Dr6 & 0x4)) + { + if(DebugRegister[2].DrxEnabled) + { + DBGCode = DBG_CONTINUE; + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + myCustomHandler = (fCustomHandler)(DebugRegister[2].DrxCallBack); + __try + { + myCustomHandler((void*)myDBGContext.Dr2); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + RtlZeroMemory(&DebugRegisterX, sizeof HARDWARE_DATA); + RtlMoveMemory(&DebugRegisterX, &DebugRegister[2], sizeof HARDWARE_DATA); + DeleteHardwareBreakPoint(UE_DR2); + DebugRegisterXId = UE_DR2; + ResetHwBPX = true; + } + else + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; + } + } + else if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr3 || (myDBGContext.Dr6 & 0x8)) + { + if(DebugRegister[3].DrxEnabled) + { + DBGCode = DBG_CONTINUE; + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + myCustomHandler = (fCustomHandler)(DebugRegister[3].DrxCallBack); + __try + { + myCustomHandler((void*)myDBGContext.Dr3); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + RtlZeroMemory(&DebugRegisterX, sizeof HARDWARE_DATA); + RtlMoveMemory(&DebugRegisterX, &DebugRegister[3], sizeof HARDWARE_DATA); + DeleteHardwareBreakPoint(UE_DR3); + DebugRegisterXId = UE_DR3; + ResetHwBPX = true; + } + else + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; + } + } + else //debuggee generated exception + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; + } + EngineCloseHandle(hActiveThread); + } + } + if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) //NOTE: only call the chSingleStep callback when the debuggee generated the exception + { + if(DBGCustomHandler->chSingleStep != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chSingleStep); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chSingleStep = NULL; + } + } + } + } + break; + + case STATUS_GUARD_PAGE_VIOLATION: + { + MemoryBpxFound = false; + MaximumBreakPoints = 0; + ULONG_PTR bpaddr; + for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++) + { + ULONG_PTR addr=BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; + + bpaddr=(ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]; //page accessed + + if(((BreakPointBuffer[MaximumBreakPoints].BreakPointType >= UE_MEMORY) && (BreakPointBuffer[MaximumBreakPoints].BreakPointType <= UE_MEMORY_EXECUTE)) && bpaddr>=addr && bpaddr<(addr+BreakPointBuffer[MaximumBreakPoints].BreakPointSize)) + { + MemoryBpxFound = true; + break; + } + } + if(MaximumBreakPoints < MAXIMUM_BREAKPOINTS || MemoryBpxFound == true) //found memory breakpoint + { + if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE) //memory breakpoint is active + { + hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); + myDBGContext.ContextFlags = CONTEXT_CONTROL; + GetThreadContext(hActiveThread, &myDBGContext); + DBGCode = DBG_CONTINUE; //debugger handled the exception + MemoryBpxCallBack = BreakPointBuffer[MaximumBreakPoints].ExecuteCallBack; + if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY) //READ|WRITE|EXECUTE + { + if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1) + { + RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize); + } + else + { + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; + ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; + ResetMemBPX = true; + } + myCustomHandler = (fCustomHandler)(MemoryBpxCallBack); + __try + { + myCustomHandler((void*)bpaddr); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + else if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY_READ) //READ + { + if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1) //do not restore the memory breakpoint + { + if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 0) //read operation + RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize); + } + else //restore the memory breakpoint + { + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; + ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; + ResetMemBPX = true; + } + if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 0) //read operation + { + myCustomHandler = (fCustomHandler)(MemoryBpxCallBack); + __try + { + myCustomHandler((void*)bpaddr); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + else //no read operation, restore breakpoint + { + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; + ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; + ResetMemBPX = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY_WRITE) //WRITE + { + if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1) //remove breakpoint + { + if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 1) //write operation + RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize); + } + else //restore breakpoint after trap flag + { + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; + ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; + ResetMemBPX = true; + } + if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 1) //write operation + { + myCustomHandler = (fCustomHandler)(MemoryBpxCallBack); + __try + { + myCustomHandler((void*)bpaddr); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + else //no write operation, restore breakpoint + { + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; + ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; + ResetMemBPX = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY_EXECUTE) //EXECUTE + { + if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1) + { + if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 8 && //data execution prevention (DEP) violation + (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]) //exception address == read address + RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize); + } + else + { + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; + ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; + ResetMemBPX = true; + } + if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 8 && //data execution prevention (DEP) violation + (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]) //exception address == read address + { + myCustomHandler = (fCustomHandler)(MemoryBpxCallBack); + __try + { + myCustomHandler((void*)bpaddr); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + else //no execute operation, restore breakpoint + { + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + SetThreadContext(hActiveThread, &myDBGContext); + ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; + ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; + ResetMemBPX = true; + } + } + EngineCloseHandle(hActiveThread); + } + else + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; //debugger did not handle the exception + } + } + else //no memory breakpoint found + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; + } + + //debuggee generated GUARD_PAGE exception + if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) + { + //TODO: restore memory breakpoint? + if(DBGCustomHandler->chPageGuard != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chPageGuard); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chPageGuard = NULL; + } + } + } + } + break; + + case STATUS_ACCESS_VIOLATION: + { + if(DBGCustomHandler->chAccessViolation != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chAccessViolation); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chAccessViolation = NULL; + } + } + } + break; + + case STATUS_ILLEGAL_INSTRUCTION: + { + //UD2 breakpoint + MaximumBreakPoints = 0; + for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++) + { + if(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress) + { + break; + } + } + if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && MaximumBreakPoints < MAXIMUM_BREAKPOINTS) + { + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); + if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_SINGLESHOOT) && (BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions == -1 || BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions > 0)) + { + if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &BreakPointBuffer[MaximumBreakPoints].OriginalByte[0], BreakPointBuffer[MaximumBreakPoints].BreakPointSize, &NumberOfBytesReadWritten)) + { + DBGCode = DBG_CONTINUE; + hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); + myDBGContext.ContextFlags = CONTEXT_CONTROL; + GetThreadContext(hActiveThread, &myDBGContext); + if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT) + { + if(!(myDBGContext.EFlags & 0x100)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; + } + } + if(!(myDBGContext.EFlags & 0x10000)) + { + myDBGContext.EFlags = myDBGContext.EFlags ^ 0x10000; + } + SetThreadContext(hActiveThread, &myDBGContext); + EngineCloseHandle(hActiveThread); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); + myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].ExecuteCallBack); + if(BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != -1 && BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != 0) + { + BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions--; + } + if(BreakPointBuffer[MaximumBreakPoints].CmpCondition != UE_CMP_NOCONDITION) + { + CompareResult = false; + CmpValue1 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpRegister); + myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].CompareCallBack); + if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_EQUAL) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 == CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_NOTEQUAL) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 != CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATER) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 > CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATEROREQUAL) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 >= CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWER) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 < CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWEROREQUAL) + { + CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; + if(CmpValue1 <= CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_EQUAL) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 == CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_NOTEQUAL) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 != CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATER) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 > CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATEROREQUAL) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 >= CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWER) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 < CmpValue2) + { + CompareResult = true; + } + } + else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWEROREQUAL) + { + CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); + if(CmpValue1 <= CmpValue2) + { + CompareResult = true; + } + } + if(CompareResult) + { + __try + { + myCustomBreakPoint(); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + } + else + { + __try + { + myCustomBreakPoint(); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + + } + } + if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT) + { + DisableBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress); + ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1; + ResetBPXAddressTo = (ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; + ResetBPX = true; + } + else + { + DeleteBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress); + ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1; + ResetBPXAddressTo = NULL; + ResetBPX = false; + } + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); + DBGCode = DBG_CONTINUE; + } + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); + DBGCode = DBG_EXCEPTION_NOT_HANDLED; + } + } + else + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; + } + //application-generated exception + if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) + { + if(DBGCustomHandler->chIllegalInstruction != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chIllegalInstruction); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chIllegalInstruction = NULL; + } + } + } + } + break; + + case STATUS_NONCONTINUABLE_EXCEPTION: + { + if(DBGCustomHandler->chNonContinuableException != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chNonContinuableException); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chNonContinuableException = NULL; + } + } + } + break; + + case STATUS_ARRAY_BOUNDS_EXCEEDED: + { + if(DBGCustomHandler->chArrayBoundsException != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chArrayBoundsException); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chArrayBoundsException = NULL; + } + } + } + break; + + case STATUS_FLOAT_DENORMAL_OPERAND: + { + if(DBGCustomHandler->chFloatDenormalOperand != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chFloatDenormalOperand); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chFloatDenormalOperand = NULL; + } + } + } + break; + + case STATUS_FLOAT_DIVIDE_BY_ZERO: + { + if(DBGCustomHandler->chFloatDevideByZero != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chFloatDevideByZero); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chFloatDevideByZero = NULL; + } + } + } + break; + + case STATUS_INTEGER_DIVIDE_BY_ZERO: + { + if(DBGCustomHandler->chIntegerDevideByZero != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chIntegerDevideByZero); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chIntegerDevideByZero = NULL; + } + } + } + break; + + case STATUS_INTEGER_OVERFLOW: + { + if(DBGCustomHandler->chIntegerOverflow != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chIntegerOverflow); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chIntegerOverflow = NULL; + } + } + } + break; + + case STATUS_PRIVILEGED_INSTRUCTION: + { + if(DBGCustomHandler->chPrivilegedInstruction != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chPrivilegedInstruction); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chPrivilegedInstruction = NULL; + } + } + } + break; + } + + //general unhandled exception callback + if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) + { + if(DBGCustomHandler->chUnhandledException != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chUnhandledException); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chUnhandledException = NULL; + } + } + } + + //general after-exception callback (includes debugger exceptions) + if(DBGCustomHandler->chAfterException != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chAfterException); + __try + { + myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chAfterException = NULL; + } + } + } + break; + + case RIP_EVENT: + { + DBGCode = DBG_EXCEPTION_NOT_HANDLED; //fix an anti-debug trick + //system breakpoint callback + if(DBGCustomHandler->chRipEvent != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chRipEvent); + __try + { + myCustomHandler(&DBGEvent); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chSystemBreakpoint = NULL; + } + } + } + break; + } + + if(engineResumeProcessIfNoThreadIsActive) + { + if(!ThreaderIsAnyThreadActive()) + { + ThreaderResumeProcess(); + } + } + if(!ContinueDebugEvent(DBGEvent.dwProcessId, DBGEvent.dwThreadId, DBGCode)) //continue debugging + { + break; + } + } + + if(!SecondChance) //debugger didn't close with a second chance exception (normal exit) + { + RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof DEBUG_EVENT); + } + ForceClose(); + engineFileIsBeingDebugged = false; + if(engineExecutePluginCallBack) + { + ExtensionManagerPluginDebugCallBack(&DBGEvent, UE_PLUGIN_CALL_REASON_POSTDEBUG); + } +} + +__declspec(dllexport) void TITCALL DebugLoopEx(DWORD TimeOut) +{ + SetDebugLoopTimeOut(TimeOut); + DebugLoop(); + SetDebugLoopTimeOut(INFINITE); +} + +__declspec(dllexport) void TITCALL SetDebugLoopTimeOut(DWORD TimeOut) +{ + + if(TimeOut == NULL) + { + TimeOut = INFINITE; + } + engineWaitForDebugEventTimeOut = TimeOut; +} \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Debugger.Helper.cpp b/TitanEngine/TitanEngine.Debugger.Helper.cpp new file mode 100644 index 0000000..7ed2129 --- /dev/null +++ b/TitanEngine/TitanEngine.Debugger.Helper.cpp @@ -0,0 +1,822 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.Debugger.h" + +static char szParameterString[512]; + +__declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize) +{ + + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR ueNumberOfBytesRW = NULL; + DWORD StringReadSize = NULL; + + if(MaximumStringSize == NULL) + { + MaximumStringSize = 512; + } + VirtualQueryEx(hProcess, (LPVOID)StringAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if((int)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)StringAddress) < MaximumStringSize) + { + StringReadSize = (DWORD)((ULONG_PTR)StringAddress - (ULONG_PTR)MemInfo.BaseAddress); + VirtualQueryEx(hProcess, (LPVOID)((ULONG_PTR)StringAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if(MemInfo.State == MEM_COMMIT) + { + StringReadSize = MaximumStringSize; + } + } + else + { + StringReadSize = MaximumStringSize; + } + RtlZeroMemory(StringStorage, MaximumStringSize); + if(ReadProcessMemory(hProcess, (LPVOID)StringAddress, StringStorage, StringReadSize, &ueNumberOfBytesRW)) + { + return(true); + } + else + { + return(false); + } +} +__declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType) +{ + + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR ueNumberOfBytesRW = NULL; + ULONG_PTR StackReadBuffer = NULL; + ULONG_PTR StackFinalBuffer = NULL; + ULONG_PTR StackReadAddress = NULL; + DWORD StackSecondReadSize = NULL; + DWORD StackReadSize = 512; + DWORD StringReadSize = 512; + bool ValueIsPointer = false; + + if(ParameterType == UE_PARAMETER_BYTE) + { + StackReadSize = 1; + } + else if(ParameterType == UE_PARAMETER_WORD) + { + StackReadSize = 2; + } + else if(ParameterType == UE_PARAMETER_DWORD) + { + StackReadSize = 4; + } + else if(ParameterType == UE_PARAMETER_QWORD) + { + StackReadSize = 8; + } + else + { + if(ParameterType >= UE_PARAMETER_PTR_BYTE && ParameterType <= UE_PARAMETER_UNICODE) + { + ValueIsPointer = true; + } + if(ParameterType == UE_PARAMETER_PTR_BYTE) + { + StackSecondReadSize = 1; + } + else if(ParameterType == UE_PARAMETER_PTR_WORD) + { + StackSecondReadSize = 2; + } + else if(ParameterType == UE_PARAMETER_PTR_DWORD) + { + StackSecondReadSize = 4; + } + else if(ParameterType == UE_PARAMETER_PTR_QWORD) + { + StackSecondReadSize = 8; + } + else + { + StackSecondReadSize = 0; + } + StackReadSize = sizeof ULONG_PTR; + } + if(FunctionType >= UE_FUNCTION_STDCALL && FunctionType <= UE_FUNCTION_CCALL_CALL && FunctionType != UE_FUNCTION_FASTCALL_RET) + { + StackReadAddress = (ULONG_PTR)GetContextData(UE_CSP); + if(FunctionType != UE_FUNCTION_FASTCALL_CALL) + { + StackReadAddress = StackReadAddress + (ParameterNumber * sizeof ULONG_PTR); + if(FunctionType >= UE_FUNCTION_STDCALL_CALL) + { + StackReadAddress = StackReadAddress - sizeof ULONG_PTR; + } + } + else + { + if(ParameterNumber <= 4) + { + if(!ValueIsPointer) + { + if(ParameterNumber == 1) + { + return((ULONG_PTR)GetContextData(UE_RCX)); + } + else if(ParameterNumber == 2) + { + return((ULONG_PTR)GetContextData(UE_RDX)); + } + else if(ParameterNumber == 3) + { + return((ULONG_PTR)GetContextData(UE_R8)); + } + else if(ParameterNumber == 4) + { + return((ULONG_PTR)GetContextData(UE_R9)); + } + } + else + { + if(ParameterNumber == 1) + { + StackReadAddress = (ULONG_PTR)GetContextData(UE_RCX); + } + else if(ParameterNumber == 2) + { + StackReadAddress = (ULONG_PTR)GetContextData(UE_RDX); + } + else if(ParameterNumber == 3) + { + StackReadAddress = (ULONG_PTR)GetContextData(UE_R8); + } + else if(ParameterNumber == 4) + { + StackReadAddress = (ULONG_PTR)GetContextData(UE_R9); + } + } + } + else + { + StackReadAddress = StackReadAddress + 0x20 + ((ParameterNumber - 4) * sizeof ULONG_PTR) - sizeof ULONG_PTR; + } + } + if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof ULONG_PTR, &ueNumberOfBytesRW)) + { + if(!ValueIsPointer) + { + RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof ULONG_PTR - StackReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof ULONG_PTR - StackReadSize), StackReadSize); + } + else + { + StackReadAddress = StackReadBuffer; + if(StackSecondReadSize > NULL) + { + if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof ULONG_PTR, &ueNumberOfBytesRW)) + { + RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof ULONG_PTR - StackSecondReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof ULONG_PTR - StackSecondReadSize), StackSecondReadSize); + } + else + { + return(-1); + } + } + else + { + VirtualQueryEx(hProcess, (LPVOID)StackReadAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - StackReadAddress < 512) + { + StringReadSize = (DWORD)((ULONG_PTR)StackReadAddress - (ULONG_PTR)MemInfo.BaseAddress); + VirtualQueryEx(hProcess, (LPVOID)(StackReadAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if(MemInfo.State == MEM_COMMIT) + { + StringReadSize = 512; + } + } + RtlZeroMemory(&szParameterString, 512); + if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &szParameterString, StringReadSize, &ueNumberOfBytesRW)) + { + return((ULONG_PTR)&szParameterString); + } + else + { + return(-1); + } + } + } + return(StackFinalBuffer); + } + else + { + return(-1); + } + } + return(-1); +} +__declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps) +{ + + LPVOID ReadMemory; + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR ueNumberOfBytesRead = NULL; + PMEMORY_CMP_HANDLER CompareMemory; + ULONG_PTR TargetedAddress = NULL; + DWORD CurrentInstructionSize; + int ReadMemData = NULL; + BYTE ReadByteData = NULL; + + if(hProcess != NULL) + { + VirtualQueryEx(hProcess, (LPVOID)InstructionAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if(MemInfo.RegionSize > NULL) + { + ReadMemory = VirtualAlloc(NULL, MAXIMUM_INSTRUCTION_SIZE, MEM_COMMIT, PAGE_READWRITE); + if(!ReadMemory) + return 0; + if(ReadProcessMemory(hProcess, (LPVOID)InstructionAddress, ReadMemory, MAXIMUM_INSTRUCTION_SIZE, &ueNumberOfBytesRead)) + { + CompareMemory = (PMEMORY_CMP_HANDLER)ReadMemory; + CurrentInstructionSize = StaticLengthDisassemble(ReadMemory); + if(CompareMemory->DataByte[0] == 0xE9 && CurrentInstructionSize == 5) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 4); + TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0xEB && CurrentInstructionSize == 2) + { + RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1); + if(ReadByteData > 0x7F) + { + ReadByteData = 0xFF - ReadByteData; + ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; + } + else + { + ReadMemData = ReadByteData; + } + TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0xE3 && CurrentInstructionSize == 2) + { + RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1); + if(ReadByteData > 0x7F) + { + ReadByteData = 0xFF - ReadByteData; + ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; + } + else + { + ReadMemData = ReadByteData; + } + TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] >= 0x71 && CompareMemory->DataByte[0] <= 0x7F && CurrentInstructionSize == 2) + { + RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1); + if(ReadByteData > 0x7F) + { + ReadByteData = 0xFF - ReadByteData; + ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; + } + TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] >= 0xE0 && CompareMemory->DataByte[0] <= 0xE2 && CurrentInstructionSize == 2) + { + RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1); + if(ReadByteData > 0x7F) + { + ReadByteData = 0xFF - ReadByteData; + ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; + } + else + { + ReadMemData = ReadByteData; + } + TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 6) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4); + TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 2); + TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0xE8 && CurrentInstructionSize == 5 && JustJumps == false) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 4); + TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x25 && CurrentInstructionSize == 6) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4); + TargetedAddress = ReadMemData; + if(sizeof HANDLE == 8) + { + TargetedAddress = TargetedAddress + InstructionAddress; + } + } + else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x15 && CurrentInstructionSize == 6 && JustJumps == false) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4); + TargetedAddress = ReadMemData; + if(sizeof HANDLE == 8) + { + TargetedAddress = TargetedAddress + InstructionAddress; + } + } + else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 1); + TargetedAddress = ReadMemData; + if(CompareMemory->DataByte[1] == 0x60) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EAX); + } + else if(CompareMemory->DataByte[1] == 0x61) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ECX); + } + else if(CompareMemory->DataByte[1] == 0x62) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDX); + } + else if(CompareMemory->DataByte[1] == 0x63) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBX); + } + else if(CompareMemory->DataByte[1] == 0x65) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBP); + } + else if(CompareMemory->DataByte[1] == 0x66) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ESI); + } + else if(CompareMemory->DataByte[1] == 0x67) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDI); + } + ReadProcessMemory(hProcess, (LPVOID)TargetedAddress, &TargetedAddress, 4, &ueNumberOfBytesRead); + } + } + VirtualFree(ReadMemory, NULL, MEM_RELEASE); + return((ULONG_PTR)TargetedAddress); + } + return(NULL); + } + else + { + CompareMemory = (PMEMORY_CMP_HANDLER)InstructionAddress; + CurrentInstructionSize = StaticLengthDisassemble((LPVOID)InstructionAddress); + if(CompareMemory->DataByte[0] == 0xE9 && CurrentInstructionSize == 5) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 4); + TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0xEB && CurrentInstructionSize == 2) + { + RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1); + if(ReadByteData > 0x7F) + { + ReadByteData = 0xFF - ReadByteData; + ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; + } + else + { + ReadMemData = ReadByteData; + } + TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0xE3 && CurrentInstructionSize == 2) + { + RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1); + if(ReadByteData > 0x7F) + { + ReadByteData = 0xFF - ReadByteData; + ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; + } + else + { + ReadMemData = ReadByteData; + } + TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] >= 0x71 && CompareMemory->DataByte[0] <= 0x7F && CurrentInstructionSize == 2) + { + RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1); + if(ReadByteData > 0x7F) + { + ReadByteData = 0xFF - ReadByteData; + ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; + } + TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] >= 0xE0 && CompareMemory->DataByte[0] <= 0xE2 && CurrentInstructionSize == 2) + { + RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1); + if(ReadByteData > 0x7F) + { + ReadByteData = 0xFF - ReadByteData; + ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; + } + else + { + ReadMemData = ReadByteData; + } + TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 6) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4); + TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 2); + TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0xE8 && CurrentInstructionSize == 5 && JustJumps == false) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 4); + TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; + } + else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x25 && CurrentInstructionSize == 6) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4); + TargetedAddress = ReadMemData; + if(sizeof HANDLE == 8) + { + TargetedAddress = TargetedAddress + InstructionAddress; + } + } + else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x15 && CurrentInstructionSize == 6 && JustJumps == false) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4); + TargetedAddress = ReadMemData; + if(sizeof HANDLE == 8) + { + TargetedAddress = TargetedAddress + InstructionAddress; + } + } + else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3) + { + RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 1); + TargetedAddress = ReadMemData; + if(CompareMemory->DataByte[1] == 0x60) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EAX); + } + else if(CompareMemory->DataByte[1] == 0x61) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ECX); + } + else if(CompareMemory->DataByte[1] == 0x62) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDX); + } + else if(CompareMemory->DataByte[1] == 0x63) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBX); + } + else if(CompareMemory->DataByte[1] == 0x65) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBP); + } + else if(CompareMemory->DataByte[1] == 0x66) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ESI); + } + else if(CompareMemory->DataByte[1] == 0x67) + { + TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDI); + } + RtlMoveMemory(&TargetedAddress, (LPVOID)((ULONG_PTR)TargetedAddress), 4); + } + return((ULONG_PTR)TargetedAddress); + } + return(NULL); +} +__declspec(dllexport) long long TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress) +{ + return((ULONG_PTR)GetJumpDestinationEx(hProcess, InstructionAddress, false)); +} +__declspec(dllexport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags) +{ + ULONG_PTR ThreadCIP = NULL; + DWORD ThreadEflags = NULL; + char* DisassembledString; + bool bCF = false; + bool bPF = false; + bool bAF = false; + bool bZF = false; + bool bSF = false; + bool bTF = false; + bool bIF = false; + bool bDF = false; + bool bOF = false; + + if(hProcess != NULL && (hThread || RegFlags)) + { + if(InstructionAddress == NULL) + { + ThreadCIP = (ULONG_PTR)GetContextDataEx(hThread, UE_CIP); + } + else + { + ThreadCIP = InstructionAddress; + } + if(RegFlags == NULL) + { + ThreadEflags = (DWORD)GetContextDataEx(hThread, UE_EFLAGS); + } + else + { + ThreadEflags = (DWORD)RegFlags; + } + DisassembledString = (char*)DisassembleEx(hProcess, (LPVOID)ThreadCIP, true); + if(DisassembledString != NULL) + { + if(ThreadEflags & (1 << 0)) + { + bCF = true; + } + if(ThreadEflags & (1 << 2)) + { + bPF = true; + } + if(ThreadEflags & (1 << 4)) + { + bAF = true; + } + if(ThreadEflags & (1 << 6)) + { + bZF = true; + } + if(ThreadEflags & (1 << 7)) + { + bSF = true; + } + if(ThreadEflags & (1 << 8)) + { + bTF = true; + } + if(ThreadEflags & (1 << 9)) + { + bIF = true; + } + if(ThreadEflags & (1 << 10)) + { + bDF = true; + } + if(ThreadEflags & (1 << 11)) + { + bOF = true; + } + if(lstrcmpiA(DisassembledString, "RET") == NULL) + { + return (true); + } + else if(lstrcmpiA(DisassembledString, "RETF") == NULL) + { + return (true); + } + else if(lstrcmpiA(DisassembledString, "JMP") == NULL) + { + return(true); + } + else if(lstrcmpiA(DisassembledString, "JA") == NULL) + { + if(bCF == false && bZF == false) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JAE") == NULL) + { + if(!bCF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JB") == NULL) + { + if(bCF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JBE") == NULL) + { + if(bCF == true || bZF == true) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JC") == NULL) + { + if(bCF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JCXZ") == NULL) + { + if((WORD)GetContextDataEx(hThread, UE_ECX) == NULL) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JECXZ") == NULL) + { + if((DWORD)GetContextDataEx(hThread, UE_ECX) == NULL) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JRCXZ") == NULL) + { + if((ULONG_PTR)GetContextDataEx(hThread, UE_RCX) == NULL) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JZ") == NULL) + { + if(bZF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNZ") == NULL) + { + if(!bZF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JE") == NULL) + { + if(bZF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNE") == NULL) + { + if(!bZF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JG") == NULL) + { + if(bZF == false && bSF == bOF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JGE") == NULL) + { + if(bSF == bOF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JL") == NULL) + { + if(bSF != bOF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JLE") == NULL) + { + if(bZF == true || bSF != bOF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNA") == NULL) + { + if(bCF == true || bZF == true) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNAE") == NULL) + { + if(bCF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNB") == NULL) + { + if(!bCF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNBE") == NULL) + { + if(bCF == false && bZF == false) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNC") == NULL) + { + if(!bCF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNG") == NULL) + { + if(bZF == true || bSF != bOF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNGE") == NULL) + { + if(bSF != bOF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNL") == NULL) + { + if(bSF == bOF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNLE") == NULL) + { + if(bZF == false && bSF == bOF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNO") == NULL) + { + if(!bOF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNP") == NULL) + { + if(!bPF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JNS") == NULL) + { + if(!bSF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JO") == NULL) + { + if(bOF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JP") == NULL) + { + if(bPF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JPE") == NULL) + { + if(bPF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JPO") == NULL) + { + if(!bPF) + { + return(true); + } + } + else if(lstrcmpiA(DisassembledString, "JS") == NULL) + { + if(bSF) + { + return(true); + } + } + } + } + return(false); +} +__declspec(dllexport) bool TITCALL IsJumpGoingToExecute() +{ + return(IsJumpGoingToExecuteEx(dbgProcessInformation.hProcess, dbgProcessInformation.hThread, NULL, NULL)); +} \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Debugger.Memory.cpp b/TitanEngine/TitanEngine.Debugger.Memory.cpp new file mode 100644 index 0000000..4d5f5e7 --- /dev/null +++ b/TitanEngine/TitanEngine.Debugger.Memory.cpp @@ -0,0 +1,359 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.Debugger.h" +#include + +__declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard) +{ + if(!MemoryToCheck || !PatternToMatch) + return false; + int i = NULL; + BYTE intWildCard = NULL; + LPVOID ueReadBuffer = NULL; + ULONG_PTR ueNumberOfBytesRead = NULL; + MEMORY_BASIC_INFORMATION memoryInformation = {}; + PMEMORY_COMPARE_HANDLER memCmp = (PMEMORY_COMPARE_HANDLER)MemoryToCheck; + PMEMORY_COMPARE_HANDLER memPattern = (PMEMORY_COMPARE_HANDLER)PatternToMatch; + + if(WildCard == NULL) + { + WildCard = &intWildCard; + } + if(SizeOfMemoryToCheck >= SizeOfPatternToMatch) + { + if(hProcess != GetCurrentProcess()) + { + ueReadBuffer = VirtualAlloc(NULL, SizeOfMemoryToCheck, MEM_COMMIT, PAGE_READWRITE); + if(!ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead)) + { + if(ueNumberOfBytesRead == NULL) + { + if(VirtualQueryEx(hProcess, MemoryToCheck, &memoryInformation, sizeof memoryInformation) != NULL) + { + SizeOfMemoryToCheck = (int)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryToCheck); + if(!ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead)) + { + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(NULL); + } + else + { + memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer; + } + } + else + { + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(NULL); + } + } + else + { + memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer; + } + } + else + { + memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer; + } + } + __try + { + while(SizeOfPatternToMatch > NULL) + { + if(memCmp->Array.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard) + { + return(false); + } + SizeOfPatternToMatch--; + i++; + } + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(true); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(false); + } + } + else + { + return(false); + } +} +__declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard) +{ + + if(dbgProcessInformation.hProcess != NULL) + { + return(MatchPatternEx(dbgProcessInformation.hProcess, MemoryToCheck, SizeOfMemoryToCheck, PatternToMatch, SizeOfPatternToMatch, WildCard)); + } + else + { + return(MatchPatternEx(GetCurrentProcess(), MemoryToCheck, SizeOfMemoryToCheck, PatternToMatch, SizeOfPatternToMatch, WildCard)); + } +} +__declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard) +{ + + int i = NULL; + int j = NULL; + ULONG_PTR Return = NULL; + LPVOID ueReadBuffer = NULL; + PUCHAR SearchBuffer = NULL; + PUCHAR CompareBuffer = NULL; + MEMORY_BASIC_INFORMATION memoryInformation = {}; + ULONG_PTR ueNumberOfBytesRead = NULL; + LPVOID currentSearchPosition = NULL; + DWORD currentSizeOfSearch = NULL; + BYTE nWildCard = NULL; + + if(WildCard == NULL) + { + WildCard = &nWildCard; + } + if(hProcess != NULL && MemoryStart != NULL && MemorySize != NULL) + { + if(hProcess != GetCurrentProcess()) + { + ueReadBuffer = VirtualAlloc(NULL, MemorySize, MEM_COMMIT, PAGE_READWRITE); + if(!ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead)) + { + if(ueNumberOfBytesRead == NULL) + { + if(VirtualQueryEx(hProcess, MemoryStart, &memoryInformation, sizeof memoryInformation) != NULL) + { + MemorySize = (DWORD)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryStart); + if(!ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead)) + { + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(NULL); + } + else + { + SearchBuffer = (PUCHAR)ueReadBuffer; + } + } + else + { + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(NULL); + } + } + else + { + SearchBuffer = (PUCHAR)ueReadBuffer; + } + } + else + { + SearchBuffer = (PUCHAR)ueReadBuffer; + } + } + else + { + SearchBuffer = (PUCHAR)MemoryStart; + } + __try + { + CompareBuffer = (PUCHAR)SearchPattern; + for(i = 0; i < (int)MemorySize && Return == NULL; i++) + { + for(j = 0; j < (int)PatternSize; j++) + { + if(CompareBuffer[j] != *(PUCHAR)WildCard && SearchBuffer[i + j] != CompareBuffer[j]) + { + break; + } + } + if(j == (int)PatternSize) + { + Return = (ULONG_PTR)MemoryStart + i; + } + } + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(Return); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(NULL); + } + } + else + { + return(NULL); + } +} + +extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard) +{ + + if(dbgProcessInformation.hProcess != NULL) + { + return(FindEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, SearchPattern, PatternSize, WildCard)); + } + else + { + return(FindEx(GetCurrentProcess(), MemoryStart, MemorySize, SearchPattern, PatternSize, WildCard)); + } +} + +__declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte) +{ + + unsigned int i; + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR ueNumberOfBytesRead; + BYTE defFillByte = 0x90; + DWORD OldProtect; + + if(hProcess != NULL) + { + if(FillByte == NULL) + { + FillByte = &defFillByte; + } + VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + VirtualProtectEx(hProcess, MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect); + for(i = 0; i < MemorySize; i++) + { + WriteProcessMemory(hProcess, MemoryStart, FillByte, 1, &ueNumberOfBytesRead); + MemoryStart = (LPVOID)((ULONG_PTR)MemoryStart + 1); + } + VirtualProtectEx(hProcess, MemoryStart, MemorySize, OldProtect, &OldProtect); + return(true); + } + return(false); +} +__declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte) +{ + + if(dbgProcessInformation.hProcess != NULL) + { + return(FillEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, FillByte)); + } + else + { + return(FillEx(GetCurrentProcess(), MemoryStart, MemorySize, FillByte)); + } +} +__declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) +{ + + unsigned int i,recalcSize; + LPVOID lpMemoryStart = MemoryStart; + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR ueNumberOfBytesRead; + BYTE FillByte = 0x90; + DWORD OldProtect; + + if(hProcess != NULL) + { + VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + VirtualProtectEx(hProcess, MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect); + + if(MemorySize - ReplaceSize != NULL) + { + recalcSize = abs((long)(MemorySize - ReplaceSize)); + if(AppendNOP) + { + WriteProcessMemory(hProcess, MemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead); + lpMemoryStart = (LPVOID)((ULONG_PTR)MemoryStart + ReplaceSize); + for(i = 0; i < recalcSize; i++) + { + WriteProcessMemory(hProcess, lpMemoryStart, &FillByte, 1, &ueNumberOfBytesRead); + lpMemoryStart = (LPVOID)((ULONG_PTR)lpMemoryStart + 1); + } + } + else if(PrependNOP) + { + lpMemoryStart = MemoryStart; + for(i = 0; i < recalcSize; i++) + { + WriteProcessMemory(hProcess, lpMemoryStart, &FillByte, 1, &ueNumberOfBytesRead); + lpMemoryStart = (LPVOID)((ULONG_PTR)lpMemoryStart + 1); + } + WriteProcessMemory(hProcess, lpMemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead); + } + else + { + WriteProcessMemory(hProcess, MemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead); + } + } + else + { + WriteProcessMemory(hProcess, MemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead); + } + VirtualProtectEx(hProcess, MemoryStart, MemorySize, OldProtect, &OldProtect); + return(true); + } + return(false); +} +__declspec(dllexport) bool TITCALL Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) +{ + + if(dbgProcessInformation.hProcess != NULL) + { + return(PatchEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, ReplacePattern, ReplaceSize, AppendNOP, PrependNOP)); + } + else + { + return(PatchEx(GetCurrentProcess(), MemoryStart, MemorySize, ReplacePattern, ReplaceSize, AppendNOP, PrependNOP)); + } +} +__declspec(dllexport) bool TITCALL ReplaceEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard) +{ + + unsigned int i; + ULONG_PTR ueNumberOfBytesRead; + ULONG_PTR CurrentFoundPattern; + LPVOID cMemoryStart = MemoryStart; + DWORD cMemorySize = MemorySize; + LPVOID lpReadMemory = VirtualAlloc(NULL, PatternSize, MEM_COMMIT, PAGE_READWRITE); + + CurrentFoundPattern = (ULONG_PTR)FindEx(hProcess, cMemoryStart, cMemorySize, SearchPattern, PatternSize, WildCard); + NumberOfRepetitions--; + while(CurrentFoundPattern != NULL && NumberOfRepetitions != NULL) + { + if(ReadProcessMemory(hProcess, (LPVOID)CurrentFoundPattern, lpReadMemory, PatternSize, &ueNumberOfBytesRead)) + { + for(i = 0; i < ReplaceSize; i++) + { + if(memcmp((LPVOID)((ULONG_PTR)ReplacePattern + i), WildCard, 1) != NULL) + { + RtlMoveMemory((LPVOID)((ULONG_PTR)lpReadMemory + i), (LPVOID)((ULONG_PTR)ReplacePattern + i), 1); + } + } + PatchEx(hProcess, (LPVOID)CurrentFoundPattern, PatternSize, lpReadMemory, ReplaceSize, true, false); + } + cMemoryStart = (LPVOID)(CurrentFoundPattern + PatternSize); + cMemorySize = (DWORD)((ULONG_PTR)MemoryStart + MemorySize - CurrentFoundPattern); + CurrentFoundPattern = (ULONG_PTR)FindEx(hProcess, cMemoryStart, cMemorySize, SearchPattern, PatternSize, WildCard); + NumberOfRepetitions--; + } + VirtualFree(lpReadMemory, NULL, MEM_RELEASE); + if(NumberOfRepetitions != NULL) + { + return(false); + } + else + { + return(true); + } +} +__declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard) +{ + + if(dbgProcessInformation.hProcess != NULL) + { + return(ReplaceEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, SearchPattern, PatternSize, NumberOfRepetitions, ReplacePattern, ReplaceSize, WildCard)); + } + else + { + return(ReplaceEx(GetCurrentProcess(), MemoryStart, MemorySize, SearchPattern, PatternSize, NumberOfRepetitions, ReplacePattern, ReplaceSize, WildCard)); + } +} \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Debugger.cpp b/TitanEngine/TitanEngine.Debugger.cpp index d6f71cc..68a7c36 100644 --- a/TitanEngine/TitanEngine.Debugger.cpp +++ b/TitanEngine/TitanEngine.Debugger.cpp @@ -59,8 +59,8 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC { if(CreateProcessW(szFileName, NULL, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) { - engineAttachedToProcess = false; - engineAttachedProcessCallBack = NULL; + DebugAttachedToProcess = false; + DebugAttachedProcessCallBack = NULL; RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer); return(&dbgProcessInformation); } @@ -75,8 +75,8 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine); if(CreateProcessW(NULL, szCreateWithCmdLine, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) { - engineAttachedToProcess = false; - engineAttachedProcessCallBack = NULL; + DebugAttachedToProcess = false; + DebugAttachedProcessCallBack = NULL; RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer); return(&dbgProcessInformation); } @@ -137,7 +137,7 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese int i = NULL; int j = NULL; bool ReturnData = false; - engineReserveModuleBase = NULL; + DebugReserveModuleBase = NULL; RtlZeroMemory(&szDebuggerName, sizeof szDebuggerName); if(lstrlenW(szFileName) < 512) @@ -187,7 +187,7 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese #endif if(ReturnData) { - engineDebuggingDLL = true; + DebugDebuggingDLL = true; i = lstrlenW(szFileName); while(szFileName[i] != 0x5C && i >= NULL) { @@ -198,13 +198,13 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese { j--; }*/ - engineDebuggingDLLBase = NULL; - engineDebuggingMainModuleBase = NULL; - engineDebuggingDLLFullFileName = szFileName; - engineDebuggingDLLFileName = &szFileName[i+1]; - //engineDebuggingDLLReserveFileName = &szReserveModuleName[j+1]; + DebugDebuggingDLLBase = NULL; + DebugDebuggingMainModuleBase = NULL; + DebugDebuggingDLLFullFileName = szFileName; + DebugDebuggingDLLFileName = &szFileName[i+1]; + //DebugDebuggingDLLReserveFileName = &szReserveModuleName[j+1]; DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE); - engineReserveModuleBase = DebugModuleImageBase; + DebugReserveModuleBase = DebugModuleImageBase; DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP); DebugModuleEntryPointCallBack = EntryCallBack; /*if(ReserveModuleBase) diff --git a/TitanEngine/TitanEngine.cpp b/TitanEngine/TitanEngine.cpp index 21cd9df..cc4f19d 100644 --- a/TitanEngine/TitanEngine.cpp +++ b/TitanEngine/TitanEngine.cpp @@ -33,6 +33,8 @@ #include "Global.Threader.h" #include "Global.Debugger.h" #include "Global.Breakpoints.h" +#include "Global.Librarian.h" +#include "Global.TLS.h" #define TE_VER_MAJOR 2 #define TE_VER_MIDDLE 1 @@ -44,17 +46,7 @@ // Global.variables: -DWORD DBGCode = DBG_CONTINUE; -DWORD CurrentExceptionsNumber = 0; -DEBUG_EVENT DBGEvent = {}; -DEBUG_EVENT TerminateDBGEvent = {}; -CONTEXT DBGContext = {}; -HANDLE DBGFileHandle; -DWORD ProcessExitCode = 0; -LPVOID hListProcess = 0; - -LPVOID hListLibrary = 0; LPVOID expTableData = NULL; LPVOID expTableDataCWP = NULL; ULONG_PTR expImageBase = 0; @@ -66,11 +58,10 @@ ULONG_PTR expNamePointers[1000]; DWORD expNameHashes[1000]; WORD expOrdinals[1000]; IMAGE_EXPORT_DIRECTORY expExportData; -ULONG_PTR tlsCallBackList[100]; int engineCurrentPlatform = UE_PLATFORM_x86; -ULONG_PTR engineTLSBreakOnCallBackAddress; + bool engineBackupTLSx64 = false; -bool engineTLSBreakOnCallBack = false; + LPVOID engineBackupArrayOfCallBacks = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); DWORD engineBackupNumberOfCallBacks = NULL; DWORD engineBackupTLSAddress = NULL; @@ -78,36 +69,14 @@ IMAGE_TLS_DIRECTORY32 engineBackupTLSDataX86 = {}; IMAGE_TLS_DIRECTORY64 engineBackupTLSDataX64 = {}; -bool enginePassAllExceptions = true; +//wchar_t* DebugDebuggingDLLReserveFileName; - -bool engineExecutePluginCallBack = true; -bool engineFileIsBeingDebugged = false; -DWORD engineWaitForDebugEventTimeOut = INFINITE; -LPVOID engineStepCallBack = NULL; -int engineStepCount = INFINITE; -bool engineStepActive = false; -bool engineProcessIsNowDetached = false; -LPVOID engineAttachedProcessDebugInfo = NULL; -bool engineAutoHideFromDebugger = false; - - -//wchar_t* engineDebuggingDLLReserveFileName; - - -ULONG_PTR engineFakeDLLHandle = NULL; ULONG_PTR engineReservedMemoryLeft[UE_MAX_RESERVED_MEMORY_LEFT]; HANDLE engineReservedMemoryProcess = NULL; -void* engineFindOEPCallBack = NULL; -void* engineFindOEPUserCallBack = NULL; //wchar_t szReserveModuleName[512]; -char szParameterString[512]; -// Global.Engine.Librarian: -LIBRARY_ITEM_DATA LibraryInfoData = {}; -LPVOID LibrarianData = VirtualAlloc(NULL, MAX_LIBRARY_BPX * sizeof LIBRARY_BREAK_DATA, MEM_COMMIT, PAGE_READWRITE); // Global.Engine.TraceOEP: GenericOEPTracerData glbEntryTracerData = {}; // Global.Engine.Dependency: @@ -141,1973 +110,7 @@ void* CwpBuffPatchedEntry; void* buffPatchedEntry; std::vector hookEntry; -// Global.Engine.Constants: -#define UE_MODULEx86 0x2000; -#define UE_MODULEx64 0x2000; -__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea) -{ - - if(FPUSaveArea != NULL) - { - RtlZeroMemory(&DBGContext, sizeof CONTEXT); - DBGContext.ContextFlags = CONTEXT_ALL; - if(!GetThreadContext(hActiveThread, &DBGContext)) - return(false); -#if !defined (_WIN64) - RtlMoveMemory(FPUSaveArea, &DBGContext.FloatSave, sizeof FLOATING_SAVE_AREA); -#else - RtlMoveMemory(FPUSaveArea, &DBGContext.FltSave, sizeof XMM_SAVE_AREA32); -#endif - return(true); - } - else - { - return(false); - } -} -__declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister) -{ - RtlZeroMemory(&DBGContext, sizeof CONTEXT); - DBGContext.ContextFlags = CONTEXT_ALL; -#if defined(_WIN64) - GetThreadContext(hActiveThread, &DBGContext); - if(IndexOfRegister == UE_EAX) - { - return((DWORD)DBGContext.Rax); - } - else if(IndexOfRegister == UE_EBX) - { - return((DWORD)DBGContext.Rbx); - } - else if(IndexOfRegister == UE_ECX) - { - return((DWORD)DBGContext.Rcx); - } - else if(IndexOfRegister == UE_EDX) - { - return((DWORD)DBGContext.Rdx); - } - else if(IndexOfRegister == UE_EDI) - { - return((DWORD)DBGContext.Rdi); - } - else if(IndexOfRegister == UE_ESI) - { - return((DWORD)DBGContext.Rsi); - } - else if(IndexOfRegister == UE_EBP) - { - return((DWORD)DBGContext.Rbp); - } - else if(IndexOfRegister == UE_ESP) - { - return((DWORD)DBGContext.Rsp); - } - else if(IndexOfRegister == UE_EIP) - { - return((DWORD)DBGContext.Rip); - } - else if(IndexOfRegister == UE_EFLAGS) - { - return((DWORD)DBGContext.EFlags); - } - else if(IndexOfRegister == UE_RAX) - { - return(DBGContext.Rax); - } - else if(IndexOfRegister == UE_RBX) - { - return(DBGContext.Rbx); - } - else if(IndexOfRegister == UE_RCX) - { - return(DBGContext.Rcx); - } - else if(IndexOfRegister == UE_RDX) - { - return(DBGContext.Rdx); - } - else if(IndexOfRegister == UE_RDI) - { - return(DBGContext.Rdi); - } - else if(IndexOfRegister == UE_RSI) - { - return(DBGContext.Rsi); - } - else if(IndexOfRegister == UE_RBP) - { - return(DBGContext.Rbp); - } - else if(IndexOfRegister == UE_RSP) - { - return(DBGContext.Rsp); - } - else if(IndexOfRegister == UE_RIP) - { - return(DBGContext.Rip); - } - else if(IndexOfRegister == UE_RFLAGS) - { - return(DBGContext.EFlags); - } - else if(IndexOfRegister == UE_DR0) - { - return(DBGContext.Dr0); - } - else if(IndexOfRegister == UE_DR1) - { - return(DBGContext.Dr1); - } - else if(IndexOfRegister == UE_DR2) - { - return(DBGContext.Dr2); - } - else if(IndexOfRegister == UE_DR3) - { - return(DBGContext.Dr3); - } - else if(IndexOfRegister == UE_DR6) - { - return(DBGContext.Dr6); - } - else if(IndexOfRegister == UE_DR7) - { - return(DBGContext.Dr7); - } - else if(IndexOfRegister == UE_R8) - { - return(DBGContext.R8); - } - else if(IndexOfRegister == UE_R9) - { - return(DBGContext.R9); - } - else if(IndexOfRegister == UE_R10) - { - return(DBGContext.R10); - } - else if(IndexOfRegister == UE_R11) - { - return(DBGContext.R11); - } - else if(IndexOfRegister == UE_R12) - { - return(DBGContext.R12); - } - else if(IndexOfRegister == UE_R13) - { - return(DBGContext.R13); - } - else if(IndexOfRegister == UE_R14) - { - return(DBGContext.R14); - } - else if(IndexOfRegister == UE_R15) - { - return(DBGContext.R15); - } - else if(IndexOfRegister == UE_CIP) - { - return(DBGContext.Rip); - } - else if(IndexOfRegister == UE_CSP) - { - return(DBGContext.Rsp); - } - else if(IndexOfRegister == UE_SEG_GS) - { - return(DBGContext.SegGs); - } - else if(IndexOfRegister == UE_SEG_FS) - { - return(DBGContext.SegFs); - } - else if(IndexOfRegister == UE_SEG_ES) - { - return(DBGContext.SegEs); - } - else if(IndexOfRegister == UE_SEG_DS) - { - return(DBGContext.SegDs); - } - else if(IndexOfRegister == UE_SEG_CS) - { - return(DBGContext.SegCs); - } - else if(IndexOfRegister == UE_SEG_SS) - { - return(DBGContext.SegSs); - } -#else - GetThreadContext(hActiveThread, &DBGContext); - if(IndexOfRegister == UE_EAX) - { - return(DBGContext.Eax); - } - else if(IndexOfRegister == UE_EBX) - { - return(DBGContext.Ebx); - } - else if(IndexOfRegister == UE_ECX) - { - return(DBGContext.Ecx); - } - else if(IndexOfRegister == UE_EDX) - { - return(DBGContext.Edx); - } - else if(IndexOfRegister == UE_EDI) - { - return(DBGContext.Edi); - } - else if(IndexOfRegister == UE_ESI) - { - return(DBGContext.Esi); - } - else if(IndexOfRegister == UE_EBP) - { - return(DBGContext.Ebp); - } - else if(IndexOfRegister == UE_ESP) - { - return(DBGContext.Esp); - } - else if(IndexOfRegister == UE_EIP) - { - return(DBGContext.Eip); - } - else if(IndexOfRegister == UE_EFLAGS) - { - return(DBGContext.EFlags); - } - else if(IndexOfRegister == UE_DR0) - { - return(DBGContext.Dr0); - } - else if(IndexOfRegister == UE_DR1) - { - return(DBGContext.Dr1); - } - else if(IndexOfRegister == UE_DR2) - { - return(DBGContext.Dr2); - } - else if(IndexOfRegister == UE_DR3) - { - return(DBGContext.Dr3); - } - else if(IndexOfRegister == UE_DR6) - { - return(DBGContext.Dr6); - } - else if(IndexOfRegister == UE_DR7) - { - return(DBGContext.Dr7); - } - else if(IndexOfRegister == UE_CIP) - { - return(DBGContext.Eip); - } - else if(IndexOfRegister == UE_CSP) - { - return(DBGContext.Esp); - } - else if(IndexOfRegister == UE_SEG_GS) - { - return(DBGContext.SegGs); - } - else if(IndexOfRegister == UE_SEG_FS) - { - return(DBGContext.SegFs); - } - else if(IndexOfRegister == UE_SEG_ES) - { - return(DBGContext.SegEs); - } - else if(IndexOfRegister == UE_SEG_DS) - { - return(DBGContext.SegDs); - } - else if(IndexOfRegister == UE_SEG_CS) - { - return(DBGContext.SegCs); - } - else if(IndexOfRegister == UE_SEG_SS) - { - return(DBGContext.SegSs); - } -#endif - return(NULL); -} -__declspec(dllexport) long long TITCALL GetContextData(DWORD IndexOfRegister) -{ - - HANDLE hActiveThread = 0; - long long ContextReturn; - - hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); - ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister); - EngineCloseHandle(hActiveThread); - return(ContextReturn); -} -__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea) -{ - - if(FPUSaveArea != NULL) - { - RtlZeroMemory(&DBGContext, sizeof CONTEXT); - DBGContext.ContextFlags = CONTEXT_ALL; - if(!GetThreadContext(hActiveThread, &DBGContext)) - return(false); -#if !defined (_WIN64) - RtlMoveMemory(&DBGContext.FloatSave, FPUSaveArea, sizeof FLOATING_SAVE_AREA); -#else - RtlMoveMemory(&DBGContext.FltSave, FPUSaveArea, sizeof XMM_SAVE_AREA32); -#endif - if(SetThreadContext(hActiveThread, &DBGContext)) - { - return(true); - } - } - return(false); -} -__declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue) -{ - SuspendThread(hActiveThread); - RtlZeroMemory(&DBGContext, sizeof CONTEXT); - DBGContext.ContextFlags = CONTEXT_ALL; -#ifdef _WIN64 - if(!GetThreadContext(hActiveThread, &DBGContext)) - { - ResumeThread(hActiveThread); - return(false); - } - if(IndexOfRegister == UE_EAX) - { - NewRegisterValue = DBGContext.Rax - (DWORD)DBGContext.Rax + NewRegisterValue; - DBGContext.Rax = NewRegisterValue; - } - else if(IndexOfRegister == UE_EBX) - { - NewRegisterValue = DBGContext.Rbx - (DWORD)DBGContext.Rbx + NewRegisterValue; - DBGContext.Rbx = NewRegisterValue; - } - else if(IndexOfRegister == UE_ECX) - { - NewRegisterValue = DBGContext.Rcx - (DWORD)DBGContext.Rcx + NewRegisterValue; - DBGContext.Rcx = NewRegisterValue; - } - else if(IndexOfRegister == UE_EDX) - { - NewRegisterValue = DBGContext.Rdx - (DWORD)DBGContext.Rdx + NewRegisterValue; - DBGContext.Rdx = NewRegisterValue; - } - else if(IndexOfRegister == UE_EDI) - { - NewRegisterValue = DBGContext.Rdi - (DWORD)DBGContext.Rdi + NewRegisterValue; - DBGContext.Rdi = NewRegisterValue; - } - else if(IndexOfRegister == UE_ESI) - { - NewRegisterValue = DBGContext.Rsi - (DWORD)DBGContext.Rsi + NewRegisterValue; - DBGContext.Rsi = NewRegisterValue; - } - else if(IndexOfRegister == UE_EBP) - { - NewRegisterValue = DBGContext.Rbp - (DWORD)DBGContext.Rbp + NewRegisterValue; - DBGContext.Rbp = NewRegisterValue; - } - else if(IndexOfRegister == UE_ESP) - { - NewRegisterValue = DBGContext.Rsp - (DWORD)DBGContext.Rsp + NewRegisterValue; - DBGContext.Rsp = NewRegisterValue; - } - else if(IndexOfRegister == UE_EIP) - { - NewRegisterValue = DBGContext.Rip - (DWORD)DBGContext.Rip + NewRegisterValue; - DBGContext.Rip = NewRegisterValue; - } - else if(IndexOfRegister == UE_EFLAGS) - { - DBGContext.EFlags = (DWORD)NewRegisterValue; - } - else if(IndexOfRegister == UE_RAX) - { - DBGContext.Rax = NewRegisterValue; - } - else if(IndexOfRegister == UE_RBX) - { - DBGContext.Rbx = NewRegisterValue; - } - else if(IndexOfRegister == UE_RCX) - { - DBGContext.Rcx = NewRegisterValue; - } - else if(IndexOfRegister == UE_RDX) - { - DBGContext.Rdx = NewRegisterValue; - } - else if(IndexOfRegister == UE_RDI) - { - DBGContext.Rdi = NewRegisterValue; - } - else if(IndexOfRegister == UE_RSI) - { - DBGContext.Rsi = NewRegisterValue; - } - else if(IndexOfRegister == UE_RBP) - { - DBGContext.Rbp = NewRegisterValue; - } - else if(IndexOfRegister == UE_RSP) - { - DBGContext.Rsp = NewRegisterValue; - } - else if(IndexOfRegister == UE_RIP) - { - DBGContext.Rip = NewRegisterValue; - } - else if(IndexOfRegister == UE_RFLAGS) - { - DBGContext.EFlags = (DWORD)NewRegisterValue; - } - else if(IndexOfRegister == UE_DR0) - { - DBGContext.Dr0 = NewRegisterValue; - } - else if(IndexOfRegister == UE_DR1) - { - DBGContext.Dr1 = NewRegisterValue; - } - else if(IndexOfRegister == UE_DR2) - { - DBGContext.Dr2 = NewRegisterValue; - } - else if(IndexOfRegister == UE_DR3) - { - DBGContext.Dr3 = NewRegisterValue; - } - else if(IndexOfRegister == UE_DR6) - { - DBGContext.Dr6 = NewRegisterValue; - } - else if(IndexOfRegister == UE_DR7) - { - DBGContext.Dr7 = NewRegisterValue; - } - else if(IndexOfRegister == UE_R8) - { - DBGContext.R8 = NewRegisterValue; - } - else if(IndexOfRegister == UE_R9) - { - DBGContext.R9 = NewRegisterValue; - } - else if(IndexOfRegister == UE_R10) - { - DBGContext.R10 = NewRegisterValue; - } - else if(IndexOfRegister == UE_R11) - { - DBGContext.R11 = NewRegisterValue; - } - else if(IndexOfRegister == UE_R12) - { - DBGContext.R12 = NewRegisterValue; - } - else if(IndexOfRegister == UE_R13) - { - DBGContext.R13 = NewRegisterValue; - } - else if(IndexOfRegister == UE_R14) - { - DBGContext.R14 = NewRegisterValue; - } - else if(IndexOfRegister == UE_R15) - { - DBGContext.R15 = NewRegisterValue; - } - else if(IndexOfRegister == UE_CIP) - { - DBGContext.Rip = NewRegisterValue; - } - else if(IndexOfRegister == UE_CSP) - { - DBGContext.Rsp = NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_GS) - { - DBGContext.SegGs = (WORD)NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_FS) - { - DBGContext.SegFs = (WORD)NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_ES) - { - DBGContext.SegEs = (WORD)NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_DS) - { - DBGContext.SegDs = (WORD)NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_CS) - { - DBGContext.SegCs = (WORD)NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_SS) - { - DBGContext.SegSs = (WORD)NewRegisterValue; - } - else - { - ResumeThread(hActiveThread); - return(false); - } - if(SetThreadContext(hActiveThread, &DBGContext)) - { - ResumeThread(hActiveThread); - return(true); - } -#else - if(!GetThreadContext(hActiveThread, &DBGContext)) - { - ResumeThread(hActiveThread); - return(false); - } - if(IndexOfRegister == UE_EAX) - { - DBGContext.Eax = NewRegisterValue; - } - else if(IndexOfRegister == UE_EBX) - { - DBGContext.Ebx = NewRegisterValue; - } - else if(IndexOfRegister == UE_ECX) - { - DBGContext.Ecx = NewRegisterValue; - } - else if(IndexOfRegister == UE_EDX) - { - DBGContext.Edx = NewRegisterValue; - } - else if(IndexOfRegister == UE_EDI) - { - DBGContext.Edi = NewRegisterValue; - } - else if(IndexOfRegister == UE_ESI) - { - DBGContext.Esi = NewRegisterValue; - } - else if(IndexOfRegister == UE_EBP) - { - DBGContext.Ebp = NewRegisterValue; - } - else if(IndexOfRegister == UE_ESP) - { - DBGContext.Esp = NewRegisterValue; - } - else if(IndexOfRegister == UE_EIP) - { - DBGContext.Eip = NewRegisterValue; - } - else if(IndexOfRegister == UE_EFLAGS) - { - DBGContext.EFlags = NewRegisterValue; - } - else if(IndexOfRegister == UE_DR0) - { - DBGContext.Dr0 = NewRegisterValue; - } - else if(IndexOfRegister == UE_DR1) - { - DBGContext.Dr1 = NewRegisterValue; - } - else if(IndexOfRegister == UE_DR2) - { - DBGContext.Dr2 = NewRegisterValue; - } - else if(IndexOfRegister == UE_DR3) - { - DBGContext.Dr3 = NewRegisterValue; - } - else if(IndexOfRegister == UE_DR6) - { - DBGContext.Dr6 = NewRegisterValue; - } - else if(IndexOfRegister == UE_DR7) - { - DBGContext.Dr7 = NewRegisterValue; - } - else if(IndexOfRegister == UE_CIP) - { - DBGContext.Eip = NewRegisterValue; - } - else if(IndexOfRegister == UE_CSP) - { - DBGContext.Esp = NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_GS) - { - DBGContext.SegGs = NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_FS) - { - DBGContext.SegFs = NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_ES) - { - DBGContext.SegEs = NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_DS) - { - DBGContext.SegDs = NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_CS) - { - DBGContext.SegCs = NewRegisterValue; - } - else if(IndexOfRegister == UE_SEG_SS) - { - DBGContext.SegSs = NewRegisterValue; - } - else - { - ResumeThread(hActiveThread); - return(false); - } - if(SetThreadContext(hActiveThread, &DBGContext)) - { - ResumeThread(hActiveThread); - return(true); - } -#endif - ResumeThread(hActiveThread); - return(false); -} -__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue) -{ - - HANDLE hActiveThread = 0; - bool ContextReturn; - - hActiveThread = OpenThread(THREAD_ALL_ACCESS, false, DBGEvent.dwThreadId); - ContextReturn = SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue); - EngineCloseHandle(hActiveThread); - return(ContextReturn); -} -__declspec(dllexport) void TITCALL ClearExceptionNumber() -{ - CurrentExceptionsNumber = 0; -} -__declspec(dllexport) long TITCALL CurrentExceptionNumber() -{ - return(CurrentExceptionsNumber); -} -__declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard) -{ - if(!MemoryToCheck || !PatternToMatch) - return false; - int i = NULL; - BYTE intWildCard = NULL; - LPVOID ueReadBuffer = NULL; - ULONG_PTR ueNumberOfBytesRead = NULL; - MEMORY_BASIC_INFORMATION memoryInformation = {}; - PMEMORY_COMPARE_HANDLER memCmp = (PMEMORY_COMPARE_HANDLER)MemoryToCheck; - PMEMORY_COMPARE_HANDLER memPattern = (PMEMORY_COMPARE_HANDLER)PatternToMatch; - - if(WildCard == NULL) - { - WildCard = &intWildCard; - } - if(SizeOfMemoryToCheck >= SizeOfPatternToMatch) - { - if(hProcess != GetCurrentProcess()) - { - ueReadBuffer = VirtualAlloc(NULL, SizeOfMemoryToCheck, MEM_COMMIT, PAGE_READWRITE); - if(!ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead)) - { - if(ueNumberOfBytesRead == NULL) - { - if(VirtualQueryEx(hProcess, MemoryToCheck, &memoryInformation, sizeof memoryInformation) != NULL) - { - SizeOfMemoryToCheck = (int)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryToCheck); - if(!ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead)) - { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(NULL); - } - else - { - memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer; - } - } - else - { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(NULL); - } - } - else - { - memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer; - } - } - else - { - memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer; - } - } - __try - { - while(SizeOfPatternToMatch > NULL) - { - if(memCmp->Array.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard) - { - return(false); - } - SizeOfPatternToMatch--; - i++; - } - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(true); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(false); - } - } - else - { - return(false); - } -} -__declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard) -{ - - if(dbgProcessInformation.hProcess != NULL) - { - return(MatchPatternEx(dbgProcessInformation.hProcess, MemoryToCheck, SizeOfMemoryToCheck, PatternToMatch, SizeOfPatternToMatch, WildCard)); - } - else - { - return(MatchPatternEx(GetCurrentProcess(), MemoryToCheck, SizeOfMemoryToCheck, PatternToMatch, SizeOfPatternToMatch, WildCard)); - } -} -__declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard) -{ - - int i = NULL; - int j = NULL; - ULONG_PTR Return = NULL; - LPVOID ueReadBuffer = NULL; - PUCHAR SearchBuffer = NULL; - PUCHAR CompareBuffer = NULL; - MEMORY_BASIC_INFORMATION memoryInformation = {}; - ULONG_PTR ueNumberOfBytesRead = NULL; - LPVOID currentSearchPosition = NULL; - DWORD currentSizeOfSearch = NULL; - BYTE nWildCard = NULL; - - if(WildCard == NULL) - { - WildCard = &nWildCard; - } - if(hProcess != NULL && MemoryStart != NULL && MemorySize != NULL) - { - if(hProcess != GetCurrentProcess()) - { - ueReadBuffer = VirtualAlloc(NULL, MemorySize, MEM_COMMIT, PAGE_READWRITE); - if(!ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead)) - { - if(ueNumberOfBytesRead == NULL) - { - if(VirtualQueryEx(hProcess, MemoryStart, &memoryInformation, sizeof memoryInformation) != NULL) - { - MemorySize = (DWORD)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryStart); - if(!ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead)) - { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(NULL); - } - else - { - SearchBuffer = (PUCHAR)ueReadBuffer; - } - } - else - { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(NULL); - } - } - else - { - SearchBuffer = (PUCHAR)ueReadBuffer; - } - } - else - { - SearchBuffer = (PUCHAR)ueReadBuffer; - } - } - else - { - SearchBuffer = (PUCHAR)MemoryStart; - } - __try - { - CompareBuffer = (PUCHAR)SearchPattern; - for(i = 0; i < (int)MemorySize && Return == NULL; i++) - { - for(j = 0; j < (int)PatternSize; j++) - { - if(CompareBuffer[j] != *(PUCHAR)WildCard && SearchBuffer[i + j] != CompareBuffer[j]) - { - break; - } - } - if(j == (int)PatternSize) - { - Return = (ULONG_PTR)MemoryStart + i; - } - } - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(Return); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(NULL); - } - } - else - { - return(NULL); - } -} - -extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard) -{ - - if(dbgProcessInformation.hProcess != NULL) - { - return(FindEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, SearchPattern, PatternSize, WildCard)); - } - else - { - return(FindEx(GetCurrentProcess(), MemoryStart, MemorySize, SearchPattern, PatternSize, WildCard)); - } -} -__declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte) -{ - - unsigned int i; - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR ueNumberOfBytesRead; - BYTE defFillByte = 0x90; - DWORD OldProtect; - - if(hProcess != NULL) - { - if(FillByte == NULL) - { - FillByte = &defFillByte; - } - VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - VirtualProtectEx(hProcess, MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect); - for(i = 0; i < MemorySize; i++) - { - WriteProcessMemory(hProcess, MemoryStart, FillByte, 1, &ueNumberOfBytesRead); - MemoryStart = (LPVOID)((ULONG_PTR)MemoryStart + 1); - } - VirtualProtectEx(hProcess, MemoryStart, MemorySize, OldProtect, &OldProtect); - return(true); - } - return(false); -} -__declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte) -{ - - if(dbgProcessInformation.hProcess != NULL) - { - return(FillEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, FillByte)); - } - else - { - return(FillEx(GetCurrentProcess(), MemoryStart, MemorySize, FillByte)); - } -} -__declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) -{ - - unsigned int i,recalcSize; - LPVOID lpMemoryStart = MemoryStart; - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR ueNumberOfBytesRead; - BYTE FillByte = 0x90; - DWORD OldProtect; - - if(hProcess != NULL) - { - VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - VirtualProtectEx(hProcess, MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect); - - if(MemorySize - ReplaceSize != NULL) - { - recalcSize = abs((long)(MemorySize - ReplaceSize)); - if(AppendNOP) - { - WriteProcessMemory(hProcess, MemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead); - lpMemoryStart = (LPVOID)((ULONG_PTR)MemoryStart + ReplaceSize); - for(i = 0; i < recalcSize; i++) - { - WriteProcessMemory(hProcess, lpMemoryStart, &FillByte, 1, &ueNumberOfBytesRead); - lpMemoryStart = (LPVOID)((ULONG_PTR)lpMemoryStart + 1); - } - } - else if(PrependNOP) - { - lpMemoryStart = MemoryStart; - for(i = 0; i < recalcSize; i++) - { - WriteProcessMemory(hProcess, lpMemoryStart, &FillByte, 1, &ueNumberOfBytesRead); - lpMemoryStart = (LPVOID)((ULONG_PTR)lpMemoryStart + 1); - } - WriteProcessMemory(hProcess, lpMemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead); - } - else - { - WriteProcessMemory(hProcess, MemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead); - } - } - else - { - WriteProcessMemory(hProcess, MemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead); - } - VirtualProtectEx(hProcess, MemoryStart, MemorySize, OldProtect, &OldProtect); - return(true); - } - return(false); -} -__declspec(dllexport) bool TITCALL Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) -{ - - if(dbgProcessInformation.hProcess != NULL) - { - return(PatchEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, ReplacePattern, ReplaceSize, AppendNOP, PrependNOP)); - } - else - { - return(PatchEx(GetCurrentProcess(), MemoryStart, MemorySize, ReplacePattern, ReplaceSize, AppendNOP, PrependNOP)); - } -} -__declspec(dllexport) bool TITCALL ReplaceEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard) -{ - - unsigned int i; - ULONG_PTR ueNumberOfBytesRead; - ULONG_PTR CurrentFoundPattern; - LPVOID cMemoryStart = MemoryStart; - DWORD cMemorySize = MemorySize; - LPVOID lpReadMemory = VirtualAlloc(NULL, PatternSize, MEM_COMMIT, PAGE_READWRITE); - - CurrentFoundPattern = (ULONG_PTR)FindEx(hProcess, cMemoryStart, cMemorySize, SearchPattern, PatternSize, WildCard); - NumberOfRepetitions--; - while(CurrentFoundPattern != NULL && NumberOfRepetitions != NULL) - { - if(ReadProcessMemory(hProcess, (LPVOID)CurrentFoundPattern, lpReadMemory, PatternSize, &ueNumberOfBytesRead)) - { - for(i = 0; i < ReplaceSize; i++) - { - if(memcmp((LPVOID)((ULONG_PTR)ReplacePattern + i), WildCard, 1) != NULL) - { - RtlMoveMemory((LPVOID)((ULONG_PTR)lpReadMemory + i), (LPVOID)((ULONG_PTR)ReplacePattern + i), 1); - } - } - PatchEx(hProcess, (LPVOID)CurrentFoundPattern, PatternSize, lpReadMemory, ReplaceSize, true, false); - } - cMemoryStart = (LPVOID)(CurrentFoundPattern + PatternSize); - cMemorySize = (DWORD)((ULONG_PTR)MemoryStart + MemorySize - CurrentFoundPattern); - CurrentFoundPattern = (ULONG_PTR)FindEx(hProcess, cMemoryStart, cMemorySize, SearchPattern, PatternSize, WildCard); - NumberOfRepetitions--; - } - VirtualFree(lpReadMemory, NULL, MEM_RELEASE); - if(NumberOfRepetitions != NULL) - { - return(false); - } - else - { - return(true); - } -} -__declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard) -{ - - if(dbgProcessInformation.hProcess != NULL) - { - return(ReplaceEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, SearchPattern, PatternSize, NumberOfRepetitions, ReplacePattern, ReplaceSize, WildCard)); - } - else - { - return(ReplaceEx(GetCurrentProcess(), MemoryStart, MemorySize, SearchPattern, PatternSize, NumberOfRepetitions, ReplacePattern, ReplaceSize, WildCard)); - } -} -__declspec(dllexport) void* TITCALL GetDebugData() -{ - return(&DBGEvent); -} -__declspec(dllexport) void* TITCALL GetTerminationData() -{ - return(&TerminateDBGEvent); -} -__declspec(dllexport) long TITCALL GetExitCode() -{ - return(ProcessExitCode); -} -__declspec(dllexport) long long TITCALL GetDebuggedDLLBaseAddress() -{ - return((ULONG_PTR)engineDebuggingDLLBase); -} -__declspec(dllexport) unsigned long long TITCALL GetDebuggedFileBaseAddress() -{ - return (unsigned long long)engineDebuggingMainModuleBase; -} -__declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize) -{ - - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR ueNumberOfBytesRW = NULL; - DWORD StringReadSize = NULL; - - if(MaximumStringSize == NULL) - { - MaximumStringSize = 512; - } - VirtualQueryEx(hProcess, (LPVOID)StringAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if((int)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)StringAddress) < MaximumStringSize) - { - StringReadSize = (DWORD)((ULONG_PTR)StringAddress - (ULONG_PTR)MemInfo.BaseAddress); - VirtualQueryEx(hProcess, (LPVOID)((ULONG_PTR)StringAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if(MemInfo.State == MEM_COMMIT) - { - StringReadSize = MaximumStringSize; - } - } - else - { - StringReadSize = MaximumStringSize; - } - RtlZeroMemory(StringStorage, MaximumStringSize); - if(ReadProcessMemory(hProcess, (LPVOID)StringAddress, StringStorage, StringReadSize, &ueNumberOfBytesRW)) - { - return(true); - } - else - { - return(false); - } -} -__declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType) -{ - - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR ueNumberOfBytesRW = NULL; - ULONG_PTR StackReadBuffer = NULL; - ULONG_PTR StackFinalBuffer = NULL; - ULONG_PTR StackReadAddress = NULL; - DWORD StackSecondReadSize = NULL; - DWORD StackReadSize = 512; - DWORD StringReadSize = 512; - bool ValueIsPointer = false; - - if(ParameterType == UE_PARAMETER_BYTE) - { - StackReadSize = 1; - } - else if(ParameterType == UE_PARAMETER_WORD) - { - StackReadSize = 2; - } - else if(ParameterType == UE_PARAMETER_DWORD) - { - StackReadSize = 4; - } - else if(ParameterType == UE_PARAMETER_QWORD) - { - StackReadSize = 8; - } - else - { - if(ParameterType >= UE_PARAMETER_PTR_BYTE && ParameterType <= UE_PARAMETER_UNICODE) - { - ValueIsPointer = true; - } - if(ParameterType == UE_PARAMETER_PTR_BYTE) - { - StackSecondReadSize = 1; - } - else if(ParameterType == UE_PARAMETER_PTR_WORD) - { - StackSecondReadSize = 2; - } - else if(ParameterType == UE_PARAMETER_PTR_DWORD) - { - StackSecondReadSize = 4; - } - else if(ParameterType == UE_PARAMETER_PTR_QWORD) - { - StackSecondReadSize = 8; - } - else - { - StackSecondReadSize = 0; - } - StackReadSize = sizeof ULONG_PTR; - } - if(FunctionType >= UE_FUNCTION_STDCALL && FunctionType <= UE_FUNCTION_CCALL_CALL && FunctionType != UE_FUNCTION_FASTCALL_RET) - { - StackReadAddress = (ULONG_PTR)GetContextData(UE_CSP); - if(FunctionType != UE_FUNCTION_FASTCALL_CALL) - { - StackReadAddress = StackReadAddress + (ParameterNumber * sizeof ULONG_PTR); - if(FunctionType >= UE_FUNCTION_STDCALL_CALL) - { - StackReadAddress = StackReadAddress - sizeof ULONG_PTR; - } - } - else - { - if(ParameterNumber <= 4) - { - if(!ValueIsPointer) - { - if(ParameterNumber == 1) - { - return((ULONG_PTR)GetContextData(UE_RCX)); - } - else if(ParameterNumber == 2) - { - return((ULONG_PTR)GetContextData(UE_RDX)); - } - else if(ParameterNumber == 3) - { - return((ULONG_PTR)GetContextData(UE_R8)); - } - else if(ParameterNumber == 4) - { - return((ULONG_PTR)GetContextData(UE_R9)); - } - } - else - { - if(ParameterNumber == 1) - { - StackReadAddress = (ULONG_PTR)GetContextData(UE_RCX); - } - else if(ParameterNumber == 2) - { - StackReadAddress = (ULONG_PTR)GetContextData(UE_RDX); - } - else if(ParameterNumber == 3) - { - StackReadAddress = (ULONG_PTR)GetContextData(UE_R8); - } - else if(ParameterNumber == 4) - { - StackReadAddress = (ULONG_PTR)GetContextData(UE_R9); - } - } - } - else - { - StackReadAddress = StackReadAddress + 0x20 + ((ParameterNumber - 4) * sizeof ULONG_PTR) - sizeof ULONG_PTR; - } - } - if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof ULONG_PTR, &ueNumberOfBytesRW)) - { - if(!ValueIsPointer) - { - RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof ULONG_PTR - StackReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof ULONG_PTR - StackReadSize), StackReadSize); - } - else - { - StackReadAddress = StackReadBuffer; - if(StackSecondReadSize > NULL) - { - if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof ULONG_PTR, &ueNumberOfBytesRW)) - { - RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof ULONG_PTR - StackSecondReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof ULONG_PTR - StackSecondReadSize), StackSecondReadSize); - } - else - { - return(-1); - } - } - else - { - VirtualQueryEx(hProcess, (LPVOID)StackReadAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - StackReadAddress < 512) - { - StringReadSize = (DWORD)((ULONG_PTR)StackReadAddress - (ULONG_PTR)MemInfo.BaseAddress); - VirtualQueryEx(hProcess, (LPVOID)(StackReadAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if(MemInfo.State == MEM_COMMIT) - { - StringReadSize = 512; - } - } - RtlZeroMemory(&szParameterString, 512); - if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &szParameterString, StringReadSize, &ueNumberOfBytesRW)) - { - return((ULONG_PTR)&szParameterString); - } - else - { - return(-1); - } - } - } - return(StackFinalBuffer); - } - else - { - return(-1); - } - } - return(-1); -} -__declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps) -{ - - LPVOID ReadMemory; - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR ueNumberOfBytesRead = NULL; - PMEMORY_CMP_HANDLER CompareMemory; - ULONG_PTR TargetedAddress = NULL; - DWORD CurrentInstructionSize; - int ReadMemData = NULL; - BYTE ReadByteData = NULL; - - if(hProcess != NULL) - { - VirtualQueryEx(hProcess, (LPVOID)InstructionAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if(MemInfo.RegionSize > NULL) - { - ReadMemory = VirtualAlloc(NULL, MAXIMUM_INSTRUCTION_SIZE, MEM_COMMIT, PAGE_READWRITE); - if(!ReadMemory) - return 0; - if(ReadProcessMemory(hProcess, (LPVOID)InstructionAddress, ReadMemory, MAXIMUM_INSTRUCTION_SIZE, &ueNumberOfBytesRead)) - { - CompareMemory = (PMEMORY_CMP_HANDLER)ReadMemory; - CurrentInstructionSize = StaticLengthDisassemble(ReadMemory); - if(CompareMemory->DataByte[0] == 0xE9 && CurrentInstructionSize == 5) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 4); - TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0xEB && CurrentInstructionSize == 2) - { - RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1); - if(ReadByteData > 0x7F) - { - ReadByteData = 0xFF - ReadByteData; - ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; - } - else - { - ReadMemData = ReadByteData; - } - TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0xE3 && CurrentInstructionSize == 2) - { - RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1); - if(ReadByteData > 0x7F) - { - ReadByteData = 0xFF - ReadByteData; - ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; - } - else - { - ReadMemData = ReadByteData; - } - TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] >= 0x71 && CompareMemory->DataByte[0] <= 0x7F && CurrentInstructionSize == 2) - { - RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1); - if(ReadByteData > 0x7F) - { - ReadByteData = 0xFF - ReadByteData; - ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; - } - TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] >= 0xE0 && CompareMemory->DataByte[0] <= 0xE2 && CurrentInstructionSize == 2) - { - RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1); - if(ReadByteData > 0x7F) - { - ReadByteData = 0xFF - ReadByteData; - ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; - } - else - { - ReadMemData = ReadByteData; - } - TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 6) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4); - TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 2); - TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0xE8 && CurrentInstructionSize == 5 && JustJumps == false) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 4); - TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x25 && CurrentInstructionSize == 6) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4); - TargetedAddress = ReadMemData; - if(sizeof HANDLE == 8) - { - TargetedAddress = TargetedAddress + InstructionAddress; - } - } - else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x15 && CurrentInstructionSize == 6 && JustJumps == false) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4); - TargetedAddress = ReadMemData; - if(sizeof HANDLE == 8) - { - TargetedAddress = TargetedAddress + InstructionAddress; - } - } - else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 1); - TargetedAddress = ReadMemData; - if(CompareMemory->DataByte[1] == 0x60) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EAX); - } - else if(CompareMemory->DataByte[1] == 0x61) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ECX); - } - else if(CompareMemory->DataByte[1] == 0x62) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDX); - } - else if(CompareMemory->DataByte[1] == 0x63) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBX); - } - else if(CompareMemory->DataByte[1] == 0x65) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBP); - } - else if(CompareMemory->DataByte[1] == 0x66) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ESI); - } - else if(CompareMemory->DataByte[1] == 0x67) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDI); - } - ReadProcessMemory(hProcess, (LPVOID)TargetedAddress, &TargetedAddress, 4, &ueNumberOfBytesRead); - } - } - VirtualFree(ReadMemory, NULL, MEM_RELEASE); - return((ULONG_PTR)TargetedAddress); - } - return(NULL); - } - else - { - CompareMemory = (PMEMORY_CMP_HANDLER)InstructionAddress; - CurrentInstructionSize = StaticLengthDisassemble((LPVOID)InstructionAddress); - if(CompareMemory->DataByte[0] == 0xE9 && CurrentInstructionSize == 5) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 4); - TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0xEB && CurrentInstructionSize == 2) - { - RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1); - if(ReadByteData > 0x7F) - { - ReadByteData = 0xFF - ReadByteData; - ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; - } - else - { - ReadMemData = ReadByteData; - } - TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0xE3 && CurrentInstructionSize == 2) - { - RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1); - if(ReadByteData > 0x7F) - { - ReadByteData = 0xFF - ReadByteData; - ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; - } - else - { - ReadMemData = ReadByteData; - } - TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] >= 0x71 && CompareMemory->DataByte[0] <= 0x7F && CurrentInstructionSize == 2) - { - RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1); - if(ReadByteData > 0x7F) - { - ReadByteData = 0xFF - ReadByteData; - ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; - } - TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] >= 0xE0 && CompareMemory->DataByte[0] <= 0xE2 && CurrentInstructionSize == 2) - { - RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1); - if(ReadByteData > 0x7F) - { - ReadByteData = 0xFF - ReadByteData; - ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1; - } - else - { - ReadMemData = ReadByteData; - } - TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 6) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4); - TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 2); - TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0xE8 && CurrentInstructionSize == 5 && JustJumps == false) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 4); - TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; - } - else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x25 && CurrentInstructionSize == 6) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4); - TargetedAddress = ReadMemData; - if(sizeof HANDLE == 8) - { - TargetedAddress = TargetedAddress + InstructionAddress; - } - } - else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x15 && CurrentInstructionSize == 6 && JustJumps == false) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4); - TargetedAddress = ReadMemData; - if(sizeof HANDLE == 8) - { - TargetedAddress = TargetedAddress + InstructionAddress; - } - } - else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3) - { - RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 1); - TargetedAddress = ReadMemData; - if(CompareMemory->DataByte[1] == 0x60) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EAX); - } - else if(CompareMemory->DataByte[1] == 0x61) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ECX); - } - else if(CompareMemory->DataByte[1] == 0x62) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDX); - } - else if(CompareMemory->DataByte[1] == 0x63) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBX); - } - else if(CompareMemory->DataByte[1] == 0x65) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBP); - } - else if(CompareMemory->DataByte[1] == 0x66) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ESI); - } - else if(CompareMemory->DataByte[1] == 0x67) - { - TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDI); - } - RtlMoveMemory(&TargetedAddress, (LPVOID)((ULONG_PTR)TargetedAddress), 4); - } - return((ULONG_PTR)TargetedAddress); - } - return(NULL); -} -__declspec(dllexport) long long TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress) -{ - return((ULONG_PTR)GetJumpDestinationEx(hProcess, InstructionAddress, false)); -} -__declspec(dllexport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags) -{ - ULONG_PTR ThreadCIP = NULL; - DWORD ThreadEflags = NULL; - char* DisassembledString; - bool bCF = false; - bool bPF = false; - bool bAF = false; - bool bZF = false; - bool bSF = false; - bool bTF = false; - bool bIF = false; - bool bDF = false; - bool bOF = false; - - if(hProcess != NULL && (hThread || RegFlags)) - { - if(InstructionAddress == NULL) - { - ThreadCIP = (ULONG_PTR)GetContextDataEx(hThread, UE_CIP); - } - else - { - ThreadCIP = InstructionAddress; - } - if(RegFlags == NULL) - { - ThreadEflags = (DWORD)GetContextDataEx(hThread, UE_EFLAGS); - } - else - { - ThreadEflags = (DWORD)RegFlags; - } - DisassembledString = (char*)DisassembleEx(hProcess, (LPVOID)ThreadCIP, true); - if(DisassembledString != NULL) - { - if(ThreadEflags & (1 << 0)) - { - bCF = true; - } - if(ThreadEflags & (1 << 2)) - { - bPF = true; - } - if(ThreadEflags & (1 << 4)) - { - bAF = true; - } - if(ThreadEflags & (1 << 6)) - { - bZF = true; - } - if(ThreadEflags & (1 << 7)) - { - bSF = true; - } - if(ThreadEflags & (1 << 8)) - { - bTF = true; - } - if(ThreadEflags & (1 << 9)) - { - bIF = true; - } - if(ThreadEflags & (1 << 10)) - { - bDF = true; - } - if(ThreadEflags & (1 << 11)) - { - bOF = true; - } - if(lstrcmpiA(DisassembledString, "RET") == NULL) - { - return (true); - } - else if(lstrcmpiA(DisassembledString, "RETF") == NULL) - { - return (true); - } - else if(lstrcmpiA(DisassembledString, "JMP") == NULL) - { - return(true); - } - else if(lstrcmpiA(DisassembledString, "JA") == NULL) - { - if(bCF == false && bZF == false) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JAE") == NULL) - { - if(!bCF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JB") == NULL) - { - if(bCF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JBE") == NULL) - { - if(bCF == true || bZF == true) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JC") == NULL) - { - if(bCF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JCXZ") == NULL) - { - if((WORD)GetContextDataEx(hThread, UE_ECX) == NULL) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JECXZ") == NULL) - { - if((DWORD)GetContextDataEx(hThread, UE_ECX) == NULL) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JRCXZ") == NULL) - { - if((ULONG_PTR)GetContextDataEx(hThread, UE_RCX) == NULL) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JZ") == NULL) - { - if(bZF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNZ") == NULL) - { - if(!bZF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JE") == NULL) - { - if(bZF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNE") == NULL) - { - if(!bZF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JG") == NULL) - { - if(bZF == false && bSF == bOF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JGE") == NULL) - { - if(bSF == bOF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JL") == NULL) - { - if(bSF != bOF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JLE") == NULL) - { - if(bZF == true || bSF != bOF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNA") == NULL) - { - if(bCF == true || bZF == true) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNAE") == NULL) - { - if(bCF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNB") == NULL) - { - if(!bCF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNBE") == NULL) - { - if(bCF == false && bZF == false) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNC") == NULL) - { - if(!bCF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNG") == NULL) - { - if(bZF == true || bSF != bOF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNGE") == NULL) - { - if(bSF != bOF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNL") == NULL) - { - if(bSF == bOF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNLE") == NULL) - { - if(bZF == false && bSF == bOF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNO") == NULL) - { - if(!bOF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNP") == NULL) - { - if(!bPF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JNS") == NULL) - { - if(!bSF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JO") == NULL) - { - if(bOF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JP") == NULL) - { - if(bPF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JPE") == NULL) - { - if(bPF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JPO") == NULL) - { - if(!bPF) - { - return(true); - } - } - else if(lstrcmpiA(DisassembledString, "JS") == NULL) - { - if(bSF) - { - return(true); - } - } - } - } - return(false); -} -__declspec(dllexport) bool TITCALL IsJumpGoingToExecute() -{ - return(IsJumpGoingToExecuteEx(dbgProcessInformation.hProcess, dbgProcessInformation.hThread, NULL, NULL)); -} -__declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack) -{ - - if(ExceptionId == UE_CH_BREAKPOINT) - { - DBGCustomHandler->chBreakPoint = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_SINGLESTEP) - { - DBGCustomHandler->chSingleStep = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_ACCESSVIOLATION) - { - DBGCustomHandler->chAccessViolation = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_ILLEGALINSTRUCTION) - { - DBGCustomHandler->chIllegalInstruction = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_NONCONTINUABLEEXCEPTION) - { - DBGCustomHandler->chNonContinuableException = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_ARRAYBOUNDSEXCEPTION) - { - DBGCustomHandler->chArrayBoundsException = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_FLOATDENORMALOPERAND) - { - DBGCustomHandler->chFloatDenormalOperand = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_FLOATDEVIDEBYZERO) - { - DBGCustomHandler->chFloatDevideByZero = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_INTEGERDEVIDEBYZERO) - { - DBGCustomHandler->chIntegerDevideByZero = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_INTEGEROVERFLOW) - { - DBGCustomHandler->chIntegerOverflow = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_PRIVILEGEDINSTRUCTION) - { - DBGCustomHandler->chPrivilegedInstruction = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_PAGEGUARD) - { - DBGCustomHandler->chPageGuard = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_EVERYTHINGELSE) - { - DBGCustomHandler->chEverythingElse = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_CREATETHREAD) - { - DBGCustomHandler->chCreateThread = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_EXITTHREAD) - { - DBGCustomHandler->chExitThread = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_CREATEPROCESS) - { - DBGCustomHandler->chCreateProcess = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_EXITPROCESS) - { - DBGCustomHandler->chExitProcess = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_LOADDLL) - { - DBGCustomHandler->chLoadDll = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_UNLOADDLL) - { - DBGCustomHandler->chUnloadDll = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_OUTPUTDEBUGSTRING) - { - DBGCustomHandler->chOutputDebugString = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_AFTEREXCEPTIONPROCESSING) - { - DBGCustomHandler->chAfterException = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_SYSTEMBREAKPOINT) - { - DBGCustomHandler->chSystemBreakpoint = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_UNHANDLEDEXCEPTION) - { - DBGCustomHandler->chUnhandledException = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_RIPEVENT) - { - DBGCustomHandler->chRipEvent = (ULONG_PTR)CallBack; - } - else if(ExceptionId == UE_CH_ALLEVENTS) - { - DBGCustomHandler->chEverythingElse = (ULONG_PTR)CallBack; - DBGCustomHandler->chCreateThread = (ULONG_PTR)CallBack; - DBGCustomHandler->chExitThread = (ULONG_PTR)CallBack; - DBGCustomHandler->chCreateProcess = (ULONG_PTR)CallBack; - DBGCustomHandler->chExitProcess = (ULONG_PTR)CallBack; - DBGCustomHandler->chLoadDll = (ULONG_PTR)CallBack; - DBGCustomHandler->chUnloadDll = (ULONG_PTR)CallBack; - DBGCustomHandler->chOutputDebugString = (ULONG_PTR)CallBack; - DBGCustomHandler->chSystemBreakpoint = (ULONG_PTR)CallBack; - DBGCustomHandler->chRipEvent = (ULONG_PTR)CallBack; - } -} __declspec(dllexport) void TITCALL ForceClose() { /*wchar_t szTempName[MAX_PATH]; @@ -2200,7 +203,7 @@ __declspec(dllexport) void TITCALL ForceClose() StopDebug(); } RtlZeroMemory(&dbgProcessInformation, sizeof PROCESS_INFORMATION); - /*if(engineDebuggingDLL) + /*if(DebugDebuggingDLL) { RtlZeroMemory(&szTempName, sizeof szTempName); RtlZeroMemory(&szTempFolder, sizeof szTempFolder); @@ -2233,7 +236,7 @@ __declspec(dllexport) void TITCALL ForceClose() } } }*/ - engineDebuggingDLL = false; + DebugDebuggingDLL = false; DebugExeFileEntryPointCallBack = NULL; } __declspec(dllexport) void TITCALL StepInto(LPVOID StepCallBack) @@ -2286,2255 +289,7 @@ __declspec(dllexport) void TITCALL SingleStep(DWORD StepCount, LPVOID StepCallBa engineStepCallBack = StepCallBack; engineStepCount--; } -__declspec(dllexport) bool TITCALL GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex) -{ - return(EngineIsThereFreeHardwareBreakSlot(RegisterIndex)); -} -static ULONG_PTR dr7uint(DR7* dr7) -{ - ULONG_PTR ret=0; - if(BITGET(dr7->HWBP_MODE[0],0)) - BITSET(ret,0); - if(BITGET(dr7->HWBP_MODE[0],1)) - BITSET(ret,1); - if(BITGET(dr7->HWBP_MODE[1],0)) - BITSET(ret,2); - if(BITGET(dr7->HWBP_MODE[1],1)) - BITSET(ret,3); - if(BITGET(dr7->HWBP_MODE[2],0)) - BITSET(ret,4); - if(BITGET(dr7->HWBP_MODE[2],1)) - BITSET(ret,5); - if(BITGET(dr7->HWBP_MODE[3],0)) - BITSET(ret,6); - if(BITGET(dr7->HWBP_MODE[3],1)) - BITSET(ret,7); - if(BITGET(dr7->HWBP_TYPE[0],0)) - BITSET(ret,16); - if(BITGET(dr7->HWBP_TYPE[0],1)) - BITSET(ret,17); - if(BITGET(dr7->HWBP_SIZE[0],0)) - BITSET(ret,18); - if(BITGET(dr7->HWBP_SIZE[0],1)) - BITSET(ret,19); - if(BITGET(dr7->HWBP_TYPE[1],0)) - BITSET(ret,20); - if(BITGET(dr7->HWBP_TYPE[1],1)) - BITSET(ret,21); - if(BITGET(dr7->HWBP_SIZE[1],0)) - BITSET(ret,22); - if(BITGET(dr7->HWBP_SIZE[1],1)) - BITSET(ret,23); - if(BITGET(dr7->HWBP_TYPE[2],0)) - BITSET(ret,24); - if(BITGET(dr7->HWBP_TYPE[2],1)) - BITSET(ret,25); - if(BITGET(dr7->HWBP_SIZE[2],0)) - BITSET(ret,26); - if(BITGET(dr7->HWBP_SIZE[2],1)) - BITSET(ret,27); - if(BITGET(dr7->HWBP_TYPE[3],0)) - BITSET(ret,28); - if(BITGET(dr7->HWBP_TYPE[3],1)) - BITSET(ret,29); - if(BITGET(dr7->HWBP_SIZE[3],0)) - BITSET(ret,30); - if(BITGET(dr7->HWBP_SIZE[3],1)) - BITSET(ret,31); - return ret; -} - -static void uintdr7(ULONG_PTR dr7, DR7* ret) -{ - memset(ret, 0, sizeof(DR7)); - if(BITGET(dr7,0)) - BITSET(ret->HWBP_MODE[0],0); - if(BITGET(dr7,1)) - BITSET(ret->HWBP_MODE[0],1); - if(BITGET(dr7,2)) - BITSET(ret->HWBP_MODE[1],0); - if(BITGET(dr7,3)) - BITSET(ret->HWBP_MODE[1],1); - if(BITGET(dr7,4)) - BITSET(ret->HWBP_MODE[2],0); - if(BITGET(dr7,5)) - BITSET(ret->HWBP_MODE[2],1); - if(BITGET(dr7,6)) - BITSET(ret->HWBP_MODE[3],0); - if(BITGET(dr7,7)) - BITSET(ret->HWBP_MODE[3],1); - if(BITGET(dr7,16)) - BITSET(ret->HWBP_TYPE[0],0); - if(BITGET(dr7,17)) - BITSET(ret->HWBP_TYPE[0],1); - if(BITGET(dr7,18)) - BITSET(ret->HWBP_SIZE[0],0); - if(BITGET(dr7,19)) - BITSET(ret->HWBP_SIZE[0],1); - if(BITGET(dr7,20)) - BITSET(ret->HWBP_TYPE[1],0); - if(BITGET(dr7,21)) - BITSET(ret->HWBP_TYPE[1],1); - if(BITGET(dr7,22)) - BITSET(ret->HWBP_SIZE[1],0); - if(BITGET(dr7,23)) - BITSET(ret->HWBP_SIZE[1],1); - if(BITGET(dr7,24)) - BITSET(ret->HWBP_TYPE[2],0); - if(BITGET(dr7,25)) - BITSET(ret->HWBP_TYPE[2],1); - if(BITGET(dr7,26)) - BITSET(ret->HWBP_SIZE[2],0); - if(BITGET(dr7,27)) - BITSET(ret->HWBP_SIZE[2],1); - if(BITGET(dr7,28)) - BITSET(ret->HWBP_TYPE[3],0); - if(BITGET(dr7,29)) - BITSET(ret->HWBP_TYPE[3],1); - if(BITGET(dr7,30)) - BITSET(ret->HWBP_SIZE[3],0); - if(BITGET(dr7,31)) - BITSET(ret->HWBP_SIZE[3],1); -} - -__declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack) -{ - HWBP_SIZE hwbpSize; - HWBP_MODE hwbpMode; - HWBP_TYPE hwbpType; - int hwbpIndex=-1; - DR7 dr7; - - switch(bpxSize) - { - case UE_HARDWARE_SIZE_1: - hwbpSize=SIZE_1; - break; - case UE_HARDWARE_SIZE_2: - hwbpSize=SIZE_2; - if((bpxAddress%2)!=0) - return false; - break; - case UE_HARDWARE_SIZE_4: - hwbpSize=SIZE_4; - if((bpxAddress%4)!=0) - return false; - break; - case UE_HARDWARE_SIZE_8: - hwbpSize=SIZE_8; - if((bpxAddress%8)!=0) - return false; - break; - default: - return false; - } - - if(!IndexOfRegister) - { - if(!DebugRegister[0].DrxEnabled) - IndexOfRegister = UE_DR0; - else if(!DebugRegister[1].DrxEnabled) - IndexOfRegister = UE_DR1; - else if(!DebugRegister[2].DrxEnabled) - IndexOfRegister = UE_DR2; - else if(!DebugRegister[3].DrxEnabled) - IndexOfRegister = UE_DR3; - else - return false; - } - - switch(IndexOfRegister) - { - case UE_DR0: - hwbpIndex=0; - break; - case UE_DR1: - hwbpIndex=1; - break; - case UE_DR2: - hwbpIndex=2; - break; - case UE_DR3: - hwbpIndex=3; - break; - default: - return false; - } - - uintdr7((ULONG_PTR)GetContextData(UE_DR7), &dr7); - - DebugRegister[hwbpIndex].DrxExecution=false; - - switch(bpxType) - { - case UE_HARDWARE_EXECUTE: - hwbpSize=SIZE_1; - hwbpType=TYPE_EXECUTE; - DebugRegister[hwbpIndex].DrxExecution=true; - break; - case UE_HARDWARE_WRITE: - hwbpType=TYPE_WRITE; - break; - case UE_HARDWARE_READWRITE: - hwbpType=TYPE_READWRITE; - break; - default: - return false; - } - - hwbpMode=MODE_LOCAL; - - dr7.HWBP_MODE[hwbpIndex]=hwbpMode; - dr7.HWBP_SIZE[hwbpIndex]=hwbpSize; - dr7.HWBP_TYPE[hwbpIndex]=hwbpType; - - SetContextData(UE_DR7, dr7uint(&dr7)); //NOTE: MUST SET THIS FIRST FOR X64! - SetContextData(IndexOfRegister, (ULONG_PTR)bpxAddress); - - DebugRegister[hwbpIndex].DrxBreakPointType=bpxType; - DebugRegister[hwbpIndex].DrxBreakPointSize=bpxSize; - DebugRegister[hwbpIndex].DrxEnabled=true; - DebugRegister[hwbpIndex].DrxBreakAddress=(ULONG_PTR)bpxAddress; - DebugRegister[hwbpIndex].DrxCallBack=(ULONG_PTR)bpxCallBack; - - return true; -} - -__declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegister) -{ - - ULONG_PTR HardwareBPX = NULL; - ULONG_PTR bpxAddress = NULL; - - if(IndexOfRegister == UE_DR0) - { - HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); - HardwareBPX = HardwareBPX &~ (1 << 0); - HardwareBPX = HardwareBPX &~ (1 << 1); - SetContextData(UE_DR0, (ULONG_PTR)bpxAddress); - SetContextData(UE_DR7, HardwareBPX); - DebugRegister[0].DrxEnabled = false; - DebugRegister[0].DrxBreakAddress = NULL; - DebugRegister[0].DrxCallBack = NULL; - return(true); - } - else if(IndexOfRegister == UE_DR1) - { - HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); - HardwareBPX = HardwareBPX &~ (1 << 2); - HardwareBPX = HardwareBPX &~ (1 << 3); - SetContextData(UE_DR1, (ULONG_PTR)bpxAddress); - SetContextData(UE_DR7, HardwareBPX); - DebugRegister[1].DrxEnabled = false; - DebugRegister[1].DrxBreakAddress = NULL; - DebugRegister[1].DrxCallBack = NULL; - return(true); - } - else if(IndexOfRegister == UE_DR2) - { - HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); - HardwareBPX = HardwareBPX &~ (1 << 4); - HardwareBPX = HardwareBPX &~ (1 << 5); - SetContextData(UE_DR2, (ULONG_PTR)bpxAddress); - SetContextData(UE_DR7, HardwareBPX); - DebugRegister[2].DrxEnabled = false; - DebugRegister[2].DrxBreakAddress = NULL; - DebugRegister[2].DrxCallBack = NULL; - return(true); - } - else if(IndexOfRegister == UE_DR3) - { - HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); - HardwareBPX = HardwareBPX &~ (1 << 6); - HardwareBPX = HardwareBPX &~ (1 << 7); - SetContextData(UE_DR3, (ULONG_PTR)bpxAddress); - SetContextData(UE_DR7, HardwareBPX); - DebugRegister[3].DrxEnabled = false; - DebugRegister[3].DrxBreakAddress = NULL; - DebugRegister[3].DrxCallBack = NULL; - return(true); - } - else - { - return(false); - } - return(false); -} - -__declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister) -{ - HWBP_SIZE hwbpSize; - HWBP_MODE hwbpMode; - HWBP_TYPE hwbpType; - int hwbpIndex=-1; - DR7 dr7; - - switch(bpxSize) - { - case UE_HARDWARE_SIZE_1: - hwbpSize=SIZE_1; - break; - case UE_HARDWARE_SIZE_2: - hwbpSize=SIZE_2; - if((bpxAddress%2)!=0) - return false; - break; - case UE_HARDWARE_SIZE_4: - hwbpSize=SIZE_4; - if((bpxAddress%4)!=0) - return false; - break; - case UE_HARDWARE_SIZE_8: - hwbpSize=SIZE_8; - if((bpxAddress%8)!=0) - return false; - break; - default: - return false; - } - - if(!IndexOfRegister) - { - if(!DebugRegister[0].DrxEnabled) - IndexOfRegister = UE_DR0; - else if(!DebugRegister[1].DrxEnabled) - IndexOfRegister = UE_DR1; - else if(!DebugRegister[2].DrxEnabled) - IndexOfRegister = UE_DR2; - else if(!DebugRegister[3].DrxEnabled) - IndexOfRegister = UE_DR3; - else - return false; - } - - if(IndexOfSelectedRegister) - *IndexOfSelectedRegister=IndexOfRegister; - - switch(IndexOfRegister) - { - case UE_DR0: - hwbpIndex=0; - break; - case UE_DR1: - hwbpIndex=1; - break; - case UE_DR2: - hwbpIndex=2; - break; - case UE_DR3: - hwbpIndex=3; - break; - default: - return false; - } - - uintdr7((ULONG_PTR)GetContextDataEx(hActiveThread, UE_DR7), &dr7); - - DebugRegister[hwbpIndex].DrxExecution=false; - - switch(bpxType) - { - case UE_HARDWARE_EXECUTE: - hwbpSize=SIZE_1; - hwbpType=TYPE_EXECUTE; - DebugRegister[hwbpIndex].DrxExecution=true; - break; - case UE_HARDWARE_WRITE: - hwbpType=TYPE_WRITE; - break; - case UE_HARDWARE_READWRITE: - hwbpType=TYPE_READWRITE; - break; - default: - return false; - } - - hwbpMode=MODE_LOCAL; - - dr7.HWBP_MODE[hwbpIndex]=hwbpMode; - dr7.HWBP_SIZE[hwbpIndex]=hwbpSize; - dr7.HWBP_TYPE[hwbpIndex]=hwbpType; - - SetContextDataEx(hActiveThread, UE_DR7, dr7uint(&dr7)); - SetContextDataEx(hActiveThread, IndexOfRegister, (ULONG_PTR)bpxAddress); - - DebugRegister[hwbpIndex].DrxBreakPointType=bpxType; - DebugRegister[hwbpIndex].DrxBreakPointSize=bpxSize; - DebugRegister[hwbpIndex].DrxEnabled=true; - DebugRegister[hwbpIndex].DrxBreakAddress=(ULONG_PTR)bpxAddress; - DebugRegister[hwbpIndex].DrxCallBack=(ULONG_PTR)bpxCallBack; - - return true; -} - -__declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption) -{ - - int i = 0; - int CurrentBreakPointSetCount = -1; - - if(RemoveOption == UE_OPTION_REMOVEALL) - { - for(i = BreakPointSetCount - 1; i >= 0; i--) - { - if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT) - { - DeleteBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress); - } - else if(BreakPointBuffer[i].BreakPointType >= UE_MEMORY && BreakPointBuffer[i].BreakPointType <= UE_MEMORY_EXECUTE) - { - RemoveMemoryBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress, BreakPointBuffer[i].BreakPointSize); - } - else if(CurrentBreakPointSetCount == -1 && BreakPointBuffer[i].BreakPointActive != UE_BPXREMOVED) - { - CurrentBreakPointSetCount = BreakPointSetCount; - } - RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); - } - DeleteHardwareBreakPoint(UE_DR0); - DeleteHardwareBreakPoint(UE_DR1); - DeleteHardwareBreakPoint(UE_DR2); - DeleteHardwareBreakPoint(UE_DR3); - BreakPointSetCount = 0; - return(true); - } - else if(RemoveOption == UE_OPTION_DISABLEALL) - { - for(i = BreakPointSetCount - 1; i >= 0; i--) - { - if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT && BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) - { - DisableBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress); - } - else if(BreakPointBuffer[i].BreakPointType >= UE_MEMORY && BreakPointBuffer[i].BreakPointType <= UE_MEMORY_EXECUTE) - { - RemoveMemoryBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress, BreakPointBuffer[i].BreakPointSize); - RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); - } - } - return(true); - } - else if(RemoveOption == UE_OPTION_REMOVEALLDISABLED) - { - for(i = BreakPointSetCount - 1; i >= 0; i--) - { - if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT && BreakPointBuffer[i].BreakPointActive == UE_BPXINACTIVE) - { - DeleteBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress); - } - else if(CurrentBreakPointSetCount == -1 && BreakPointBuffer[i].BreakPointActive != UE_BPXREMOVED) - { - CurrentBreakPointSetCount = BreakPointSetCount; - } - } - if(CurrentBreakPointSetCount == -1) - { - BreakPointSetCount = 0; - } - else - { - BreakPointSetCount = CurrentBreakPointSetCount; - } - return(true); - } - else if(RemoveOption == UE_OPTION_REMOVEALLENABLED) - { - for(i = BreakPointSetCount - 1; i >= 0; i--) - { - if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT && BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) - { - DeleteBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress); - } - else if(CurrentBreakPointSetCount == -1 && BreakPointBuffer[i].BreakPointActive != UE_BPXREMOVED) - { - CurrentBreakPointSetCount = BreakPointSetCount; - } - } - if(CurrentBreakPointSetCount == -1) - { - BreakPointSetCount = 0; - } - else - { - BreakPointSetCount = CurrentBreakPointSetCount; - } - return(true); - } - return(false); -} -__declspec(dllexport) void* TITCALL GetProcessInformation() -{ - return(&dbgProcessInformation); -} -__declspec(dllexport) void* TITCALL GetStartupInformation() -{ - return(&dbgStartupInfo); -} -__declspec(dllexport) void TITCALL DebugLoop() -{ - int i = NULL; - int j = NULL; - int k = NULL; - bool FirstBPX = true; - bool ResetBPX = false; - bool BreakDBG = false; - bool ResetHwBPX = false; - bool ResetMemBPX = false; - bool CompareResult = false; - bool SecondChance = false; - ULONG_PTR CmpValue1 = NULL; - ULONG_PTR CmpValue2 = NULL; - bool hListProcessFirst = true; - bool hListThreadFirst = true; - bool hListLibraryFirst = true; - PPROCESS_ITEM_DATA hListProcessPtr = NULL; - PTHREAD_ITEM_DATA hListThreadPtr = NULL; - PLIBRARY_ITEM_DATAW hListLibraryPtr = NULL; - PLIBRARY_ITEM_DATAW hLoadedLibData = NULL; - PLIBRARY_BREAK_DATA ptrLibrarianData = NULL; - typedef void(TITCALL *fCustomBreakPoint)(void); - typedef void(TITCALL *fCustomHandler)(void* SpecialDBG); - typedef void(TITCALL *fFindOEPHandler)(LPPROCESS_INFORMATION fProcessInfo, LPVOID fCallBack); - fCustomHandler myCustomHandler; - fCustomBreakPoint myCustomBreakPoint; - fFindOEPHandler myFindOEPHandler; - ULONG_PTR MemoryBpxCallBack = 0; - SIZE_T ResetBPXSize = 0; - ULONG_PTR ResetBPXAddressTo = 0; - ULONG_PTR ResetMemBPXAddress = 0; - SIZE_T ResetMemBPXSize = 0; - int MaximumBreakPoints = 0; - ULONG_PTR NumberOfBytesReadWritten = 0; - MEMORY_BASIC_INFORMATION MemInfo; - HANDLE hActiveThread; - CONTEXT myDBGContext; - DWORD OldProtect; - DWORD NewProtect; - DWORD DebugRegisterXId = NULL; - HARDWARE_DATA DebugRegisterX; - wchar_t DLLDebugFileName[512]; - char szAnsiLibraryName[MAX_PATH]; - ULONG_PTR DLLPatchAddress; - HANDLE hFileMapping; - LPVOID hFileMappingView; - LPVOID DBGEntryPoint; - bool MemoryBpxFound = false; - wchar_t* szTranslatedNativeName; - - DBGFileHandle = NULL; - DBGCode = DBG_CONTINUE; - engineFakeDLLHandle = NULL; - DebugRegister[0].DrxEnabled = false; - DebugRegister[1].DrxEnabled = false; - DebugRegister[2].DrxEnabled = false; - DebugRegister[3].DrxEnabled = false; - engineProcessIsNowDetached = false; - engineResumeProcessIfNoThreadIsActive = false; - RtlZeroMemory(&DBGEvent, sizeof DEBUG_EVENT); - RtlZeroMemory(&TerminateDBGEvent, sizeof DEBUG_EVENT); - RtlZeroMemory(&DLLDebugFileName, 512); - ExtensionManagerPluginResetCallBack(); - engineFileIsBeingDebugged = true; - if(engineExecutePluginCallBack) - { - ExtensionManagerPluginDebugCallBack(&DBGEvent, UE_PLUGIN_CALL_REASON_PREDEBUG); - } - - while(!BreakDBG) //actual debug loop - { - WaitForDebugEvent(&DBGEvent, engineWaitForDebugEventTimeOut); - if(engineExecutePluginCallBack) - { - ExtensionManagerPluginDebugCallBack(&DBGEvent, UE_PLUGIN_CALL_REASON_EXCEPTION); - } - if(engineFindOEPCallBack != NULL) - { - myFindOEPHandler = (fFindOEPHandler)engineFindOEPCallBack; - engineFindOEPCallBack = NULL; - __try - { - myFindOEPHandler(&dbgProcessInformation, engineFindOEPUserCallBack); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - - //Debug event - switch(DBGEvent.dwDebugEventCode) - { - case CREATE_PROCESS_DEBUG_EVENT: - { - if(DBGFileHandle == NULL) //we didn't set the handle yet - { - DBGEntryPoint = DBGEvent.u.CreateProcessInfo.lpStartAddress; - DBGFileHandle = DBGEvent.u.CreateProcessInfo.hFile; - EngineCloseHandle(DBGFileHandle); //handle is never used inside the code - engineDebuggingMainModuleBase = (unsigned long long) DBGEvent.u.CreateProcessInfo.lpBaseOfImage; - if(engineAttachedToProcess) //we attached, set information - { - dbgProcessInformation.hProcess = DBGEvent.u.CreateProcessInfo.hProcess; - dbgProcessInformation.hThread = DBGEvent.u.CreateProcessInfo.hThread; - dbgProcessInformation.dwThreadId = NULL; - if(engineAttachedProcessDebugInfo != NULL) - { - RtlMoveMemory(engineAttachedProcessDebugInfo, &dbgProcessInformation, sizeof PROCESS_INFORMATION); - } - } - if(engineDebuggingDLL) //the DLL loader just started, set DLL names - { -#if defined(_WIN64) - DLLPatchAddress = (ULONG_PTR)DBGEvent.u.CreateProcessInfo.lpBaseOfImage; - DLLPatchAddress = (ULONG_PTR)DLLPatchAddress + UE_MODULEx64; -#else - DLLPatchAddress = (ULONG_PTR)DBGEvent.u.CreateProcessInfo.lpBaseOfImage; - DLLPatchAddress = (ULONG_PTR)DLLPatchAddress + UE_MODULEx86; -#endif - if(!WriteProcessMemory(DBGEvent.u.CreateProcessInfo.hProcess, (LPVOID)DLLPatchAddress, engineDebuggingDLLFullFileName, lstrlenW(engineDebuggingDLLFullFileName) * 2, &NumberOfBytesReadWritten)) - { - StopDebug(); - return; - } - if(engineReserveModuleBase) //reserve original image base - { - VirtualAllocEx(dbgProcessInformation.hProcess, (void*)engineReserveModuleBase, 0x1000, MEM_RESERVE, PAGE_READWRITE); //return value nt used, yea just ignore. return value doesnt matter and there is no possible fix when failed :D this is only used to make sure DLL loads on another image base - } - } - if(hListProcess == NULL) - { - hListProcess = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof PROCESS_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE); - } - else - { - if(hListProcessFirst == true) - { - RtlZeroMemory(hListProcess, MAX_DEBUG_DATA * sizeof PROCESS_ITEM_DATA); - } - } - if(hListThread == NULL) - { - hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE); - } - else - { - if(hListThreadFirst == true) - { - RtlZeroMemory(hListThread, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA); - } - } - hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess; - hListProcessPtr->hFile = DBGEvent.u.CreateProcessInfo.hFile; - hListProcessPtr->hProcess = DBGEvent.u.CreateProcessInfo.hProcess; - hListProcessPtr->hThread = DBGEvent.u.CreateProcessInfo.hThread; - hListProcessPtr->dwProcessId = DBGEvent.dwProcessId; - hListProcessPtr->dwThreadId = DBGEvent.dwThreadId; - hListProcessPtr->BaseOfImage = (void*)DBGEvent.u.CreateProcessInfo.lpBaseOfImage; - hListProcessPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress; - hListProcessPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase; - - hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread; - hListThreadPtr->dwThreadId = DBGEvent.dwThreadId; - hListThreadPtr->hThread = DBGEvent.u.CreateProcessInfo.hThread; - hListThreadPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress; - hListThreadPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase; - hListThreadFirst = false; - } - else //we have a valid handle already (which means a child process started) - { - hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess; - while(hListProcessPtr->hProcess != NULL) - { - hListProcessPtr = (PPROCESS_ITEM_DATA)((ULONG_PTR)hListProcessPtr + sizeof PROCESS_ITEM_DATA); - } - if(hListProcessPtr->hProcess == NULL) - { - hListProcessPtr->hFile = DBGEvent.u.CreateProcessInfo.hFile; - hListProcessPtr->hProcess = DBGEvent.u.CreateProcessInfo.hProcess; - hListProcessPtr->hThread = DBGEvent.u.CreateProcessInfo.hThread; - hListProcessPtr->dwProcessId = DBGEvent.dwProcessId; - hListProcessPtr->dwThreadId = DBGEvent.dwThreadId; - hListProcessPtr->BaseOfImage = (void*)DBGEvent.u.CreateProcessInfo.lpBaseOfImage; - hListProcessPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress; - hListProcessPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase; - hListProcessFirst = false; - } - } - - //process created callback - if(DBGCustomHandler->chCreateProcess != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chCreateProcess); - __try - { - myCustomHandler(&DBGEvent.u.CreateProcessInfo); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chCreateProcess = NULL; - } - } - } - break; - - case EXIT_PROCESS_DEBUG_EVENT: - { - ProcessExitCode = DBGEvent.u.ExitProcess.dwExitCode; - DBGCode = DBG_CONTINUE; - if(DBGEvent.dwProcessId == dbgProcessInformation.dwProcessId) //main process closed - BreakDBG = true; - - //exit process handler - if(DBGCustomHandler->chExitProcess != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chExitProcess); - __try - { - myCustomHandler(&DBGEvent.u.ExitProcess); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chExitProcess = NULL; - } - } - } - break; - - case CREATE_THREAD_DEBUG_EVENT: - { - //maintain thread list - if(hListThread == NULL) - { - hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE); - } - hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread; - __try - { - while(hListThreadPtr->hThread != NULL) - { - hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA); - } - hListThreadPtr->dwThreadId = DBGEvent.dwThreadId; - hListThreadPtr->hThread = DBGEvent.u.CreateThread.hThread; - hListThreadPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateThread.lpStartAddress; - hListThreadPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateThread.lpThreadLocalBase; - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - - //custom handler - if(DBGCustomHandler->chCreateThread != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chCreateThread); - __try - { - myCustomHandler(&DBGEvent.u.CreateThread); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chCreateThread = NULL; - } - } - } - break; - - case EXIT_THREAD_DEBUG_EVENT: - { - //custom handler - if(DBGCustomHandler->chExitThread != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chExitThread); - __try - { - myCustomHandler(&DBGEvent.u.ExitThread); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chExitThread = NULL; - } - } - if(engineExitThreadOneShootCallBack != NULL) - { - myCustomHandler = (fCustomHandler)(engineExitThreadOneShootCallBack); - __try - { - myCustomHandler(&DBGEvent.u.ExitThread); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - engineExitThreadOneShootCallBack = NULL; - } - - //maintain thread list - hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread; - while(hListThreadPtr->hThread != NULL && hListThreadPtr->dwThreadId != DBGEvent.dwThreadId) - { - hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA); - } - if(hListThreadPtr->dwThreadId == DBGEvent.dwThreadId) - { - hListThreadPtr->hThread = (HANDLE)-1; - hListThreadPtr->dwThreadId = NULL; - hListThreadPtr->ThreadLocalBase = NULL; - hListThreadPtr->ThreadStartAddress = NULL; - } - } - break; - - case LOAD_DLL_DEBUG_EVENT: - { - //maintain library list - if(hListLibrary == NULL) - { - hListLibrary = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof LIBRARY_ITEM_DATAW, MEM_COMMIT, PAGE_READWRITE); - } - else - { - if(hListLibraryFirst == true) - { - RtlZeroMemory(hListLibrary, MAX_DEBUG_DATA * sizeof LIBRARY_ITEM_DATAW); - } - } - hListLibraryFirst = false; - hListLibraryPtr = (PLIBRARY_ITEM_DATAW)hListLibrary; - while(hListLibraryPtr->hFile != NULL) - { - hListLibraryPtr = (PLIBRARY_ITEM_DATAW)((ULONG_PTR)hListLibraryPtr + sizeof LIBRARY_ITEM_DATAW); - } - hListLibraryPtr->hFile = DBGEvent.u.LoadDll.hFile; - hListLibraryPtr->BaseOfDll = DBGEvent.u.LoadDll.lpBaseOfDll; - hFileMapping = CreateFileMappingA(DBGEvent.u.LoadDll.hFile, NULL, PAGE_READONLY, NULL, GetFileSize(DBGEvent.u.LoadDll.hFile, NULL), NULL); - if(hFileMapping != NULL) - { - hFileMappingView = MapViewOfFile(hFileMapping, FILE_MAP_READ, NULL, NULL, NULL); - if(hFileMappingView != NULL) - { - hListLibraryPtr->hFileMapping = hFileMapping; - hListLibraryPtr->hFileMappingView = hFileMappingView; - if(GetMappedFileNameW(GetCurrentProcess(), hFileMappingView, DLLDebugFileName, sizeof(DLLDebugFileName)/sizeof(DLLDebugFileName[0])) > NULL) - { - i = lstrlenW(DLLDebugFileName); - while(DLLDebugFileName[i] != 0x5C && i >= NULL) - { - i--; - } - if(engineDebuggingDLL) - { - if(lstrcmpiW(&DLLDebugFileName[i+1], engineDebuggingDLLFileName) == NULL) - { - SetBPX(DebugModuleEntryPoint + (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll, UE_SINGLESHOOT, DebugModuleEntryPointCallBack); - engineDebuggingDLLBase = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll; - } - /*else if(lstrcmpiW(&DLLDebugFileName[i+1], engineDebuggingDLLReserveFileName) == NULL) - { - if((ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll != DebugModuleImageBase) - { - VirtualAllocEx(dbgProcessInformation.hProcess, (void*)DebugModuleImageBase, 0x1000, MEM_RESERVE, PAGE_READWRITE); - } - }*/ - } - if(engineFakeDLLHandle == NULL) - { - if(lstrcmpiW(&DLLDebugFileName[i+1], L"kernel32.dll") == NULL) - { - engineFakeDLLHandle = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll; - } - } - lstrcpyW(hListLibraryPtr->szLibraryName, &DLLDebugFileName[i+1]); - szTranslatedNativeName = (wchar_t*)TranslateNativeNameW(DLLDebugFileName); - lstrcpyW(hListLibraryPtr->szLibraryPath, szTranslatedNativeName); - VirtualFree((void*)szTranslatedNativeName, NULL, MEM_RELEASE); - RtlZeroMemory(szAnsiLibraryName, sizeof szAnsiLibraryName); - WideCharToMultiByte(CP_ACP, NULL, hListLibraryPtr->szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL); - ptrLibrarianData = (PLIBRARY_BREAK_DATA)LibrarianData; - k = NULL; - if(ptrLibrarianData != NULL) - { - while(k < MAX_LIBRARY_BPX) - { - if(ptrLibrarianData->szLibraryName[0] != 0x00) - { - if(lstrcmpiA(ptrLibrarianData->szLibraryName, szAnsiLibraryName) == NULL) - { - if(ptrLibrarianData->bpxType == UE_ON_LIB_LOAD || ptrLibrarianData->bpxType == UE_ON_LIB_ALL) - { - myCustomHandler = (fCustomHandler)(ptrLibrarianData->bpxCallBack); - __try - { - myCustomHandler(&DBGEvent.u.LoadDll); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - LibrarianRemoveBreakPoint(ptrLibrarianData->szLibraryName, ptrLibrarianData->bpxType); - } - if(ptrLibrarianData->bpxSingleShoot) - { - LibrarianRemoveBreakPoint(ptrLibrarianData->szLibraryName, ptrLibrarianData->bpxType); - } - } - } - } - ptrLibrarianData = (PLIBRARY_BREAK_DATA)((ULONG_PTR)ptrLibrarianData + sizeof LIBRARY_BREAK_DATA); - k++; - } - } - } - } - } - //loadDLL callback - if(DBGCustomHandler->chLoadDll != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chLoadDll); - __try - { - myCustomHandler(&DBGEvent.u.LoadDll); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chLoadDll = NULL; - } - } - } - break; - - case UNLOAD_DLL_DEBUG_EVENT: - { - //unload DLL callback - if(DBGCustomHandler->chUnloadDll != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chUnloadDll); - __try - { - myCustomHandler(&DBGEvent.u.UnloadDll); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chUnloadDll = NULL; - } - } - - //maintain library list - k = NULL; - ptrLibrarianData = (PLIBRARY_BREAK_DATA)LibrarianData; - hLoadedLibData = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoEx(DBGEvent.u.UnloadDll.lpBaseOfDll); - if(hLoadedLibData != NULL) - { - RtlZeroMemory(szAnsiLibraryName, sizeof szAnsiLibraryName); - WideCharToMultiByte(CP_ACP, NULL, hLoadedLibData->szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL); - if(ptrLibrarianData != NULL) - { - while(k < MAX_LIBRARY_BPX) - { - if(ptrLibrarianData->szLibraryName[0] != 0x00) - { - if(lstrcmpiA(ptrLibrarianData->szLibraryName, szAnsiLibraryName) == NULL) - { - if(ptrLibrarianData->bpxType == UE_ON_LIB_UNLOAD || ptrLibrarianData->bpxType == UE_ON_LIB_ALL) - { - myCustomHandler = (fCustomHandler)(ptrLibrarianData->bpxCallBack); - __try - { - myCustomHandler(&DBGEvent.u.UnloadDll); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - LibrarianRemoveBreakPoint(ptrLibrarianData->szLibraryName, ptrLibrarianData->bpxType); - } - if(ptrLibrarianData->bpxSingleShoot) - { - LibrarianRemoveBreakPoint(ptrLibrarianData->szLibraryName, ptrLibrarianData->bpxType); - } - } - } - } - ptrLibrarianData = (PLIBRARY_BREAK_DATA)((ULONG_PTR)ptrLibrarianData + sizeof LIBRARY_BREAK_DATA); - k++; - } - } - } - hListLibraryPtr = (PLIBRARY_ITEM_DATAW)hListLibrary; - if(hListLibraryPtr != NULL) - { - while(hListLibraryPtr->hFile != NULL) - { - if(hListLibraryPtr->BaseOfDll == DBGEvent.u.UnloadDll.lpBaseOfDll) - { - if(hListLibraryPtr->hFile != (HANDLE)-1) - { - if(hListLibraryPtr->hFileMappingView != NULL) - { - UnmapViewOfFile(hListLibraryPtr->hFileMappingView); - EngineCloseHandle(hListLibraryPtr->hFileMapping); - } - EngineCloseHandle(hListLibraryPtr->hFile); - RtlZeroMemory(hListLibraryPtr, sizeof LIBRARY_ITEM_DATAW); - hListLibraryPtr->hFile = (HANDLE)-1; - } - } - hListLibraryPtr = (PLIBRARY_ITEM_DATAW)((ULONG_PTR)hListLibraryPtr + sizeof LIBRARY_ITEM_DATAW); - } - } - } - break; - - case OUTPUT_DEBUG_STRING_EVENT: - { - //debug string callback - if(DBGCustomHandler->chOutputDebugString != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chOutputDebugString); - __try - { - myCustomHandler(&DBGEvent.u.DebugString); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chOutputDebugString = NULL; - } - } - //http://maximumcrack.wordpress.com/2009/06/22/outputdebugstring-awesomeness/ (the final advice is incorrect, but still helpful) - DBGCode = DBG_EXCEPTION_NOT_HANDLED; //pass exception to debuggee - } - break; - - case EXCEPTION_DEBUG_EVENT: - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; //let the debuggee handle exceptions per default - - if(DBGCustomHandler->chEverythingElse != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chEverythingElse); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chEverythingElse = NULL; - } - } - if(DBGEvent.u.Exception.dwFirstChance == FALSE) //second chance exception - { - //NOTE: unclear behavious of ->Pass<- all exceptions (not to debuggee, but to debugger) - if(!enginePassAllExceptions) - { - DBGCode = DBG_CONTINUE; - } - else - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; //let debuggee handle the exception - } - RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof DEBUG_EVENT); - } - - //handle different exception codes - switch(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode) - { - case STATUS_BREAKPOINT: - { - MaximumBreakPoints = 0; - for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++) - { - if(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress - (BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1)) - { - break; - } - } - if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && MaximumBreakPoints < MAXIMUM_BREAKPOINTS) - { - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); - if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_SINGLESHOOT) && (BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions == -1 || BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions > 0)) - { - if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &BreakPointBuffer[MaximumBreakPoints].OriginalByte[0], BreakPointBuffer[MaximumBreakPoints].BreakPointSize, &NumberOfBytesReadWritten)) - { - DBGCode = DBG_CONTINUE; - hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); - myDBGContext.ContextFlags = CONTEXT_CONTROL; - GetThreadContext(hActiveThread, &myDBGContext); - if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT) - { - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - } - if(!(myDBGContext.EFlags & 0x10000)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x10000; - } -#if defined(_WIN64) - myDBGContext.Rip = myDBGContext.Rip - BreakPointBuffer[MaximumBreakPoints].BreakPointSize; -#else - myDBGContext.Eip = myDBGContext.Eip - BreakPointBuffer[MaximumBreakPoints].BreakPointSize; -#endif - SetThreadContext(hActiveThread, &myDBGContext); - EngineCloseHandle(hActiveThread); - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); - myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].ExecuteCallBack); - if(BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != -1 && BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != 0) - { - BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions--; - } - if(BreakPointBuffer[MaximumBreakPoints].CmpCondition != UE_CMP_NOCONDITION) - { - CompareResult = false; - CmpValue1 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpRegister); - myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].CompareCallBack); - if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_EQUAL) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 == CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_NOTEQUAL) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 != CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATER) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 > CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATEROREQUAL) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 >= CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWER) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 < CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWEROREQUAL) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 <= CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_EQUAL) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 == CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_NOTEQUAL) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 != CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATER) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 > CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATEROREQUAL) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 >= CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWER) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 < CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWEROREQUAL) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 <= CmpValue2) - { - CompareResult = true; - } - } - if(CompareResult) - { - __try - { - myCustomBreakPoint(); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - } - else - { - __try - { - myCustomBreakPoint(); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT) - { - DisableBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress); - ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1; - ResetBPXAddressTo = (ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; - ResetBPX = true; - } - else - { - DeleteBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress); - ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1; - ResetBPXAddressTo = NULL; - ResetBPX = false; - } - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); - DBGCode = DBG_CONTINUE; - } - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); - DBGCode = DBG_EXCEPTION_NOT_HANDLED; - } - } - else //breakpoint not in list - { - if(!FirstBPX) //program generated a breakpoint exception - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; - if(DBGCustomHandler->chBreakPoint != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chBreakPoint); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chBreakPoint = NULL; - } - } - } - else //system breakpoint - { - FirstBPX = false; - DBGCode = DBG_CONTINUE; - if(engineAttachedToProcess) - { - myCustomBreakPoint = (fCustomBreakPoint)(engineAttachedProcessCallBack); - __try - { - myCustomBreakPoint(); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - if(engineAutoHideFromDebugger) - { - HideDebugger(dbgProcessInformation.hProcess, UE_HIDE_PEBONLY); - } - if(DebugExeFileEntryPointCallBack != NULL) //set entry breakpoint - { - SetBPX((ULONG_PTR)DBGEntryPoint, UE_SINGLESHOOT, DebugExeFileEntryPointCallBack); - } - if(engineTLSBreakOnCallBack) //set TLS callback breakpoints - { - i = NULL; - while(tlsCallBackList[i] != NULL) - { - SetBPX((ULONG_PTR)tlsCallBackList[i], UE_SINGLESHOOT, (LPVOID)engineTLSBreakOnCallBackAddress); - tlsCallBackList[i] = NULL; - i++; - } - engineTLSBreakOnCallBackAddress = NULL; - engineTLSBreakOnCallBack = false; - } - - //system breakpoint callback - if(DBGCustomHandler->chSystemBreakpoint != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chSystemBreakpoint); - __try - { - myCustomHandler(&DBGEvent); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chSystemBreakpoint = NULL; - } - } - } - } - } - break; - - case STATUS_SINGLE_STEP: - { - if(ResetBPX == true || ResetHwBPX == true || ResetMemBPX == true) //restore breakpoints (internal step) - { - DBGCode = DBG_CONTINUE; - if(ResetBPX) //restore 'normal' breakpoint - { - if(ResetBPXAddressTo + ResetBPXSize != (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress) - { - EnableBPX(ResetBPXAddressTo); - ResetBPXAddressTo = NULL; - ResetBPX = false; - if(engineStepActive) - { - if(engineStepCount == NULL) - { - myCustomBreakPoint = (fCustomBreakPoint)(engineStepCallBack); - __try - { - engineStepActive = false; - engineStepCallBack = NULL; - myCustomBreakPoint(); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - else - { - SingleStep(engineStepCount, engineStepCallBack); - } - } - } - else - { - hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); - myDBGContext.ContextFlags = CONTEXT_CONTROL; - GetThreadContext(hActiveThread, &myDBGContext); - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - EngineCloseHandle(hActiveThread); - } - } - else if(ResetHwBPX) //restore hardware breakpoint - { - ResetHwBPX = false; - SetHardwareBreakPoint(DebugRegisterX.DrxBreakAddress, DebugRegisterXId, DebugRegisterX.DrxBreakPointType, DebugRegisterX.DrxBreakPointSize, (LPVOID)DebugRegisterX.DrxCallBack); - if(engineStepActive) - { - if(engineStepCount == NULL) - { - myCustomBreakPoint = (fCustomBreakPoint)(engineStepCallBack); - __try - { - engineStepActive = false; - engineStepCallBack = NULL; - myCustomBreakPoint(); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - else - { - SingleStep(engineStepCount, engineStepCallBack); - } - } - } - else if(ResetMemBPX) //restore memory breakpoint - { - ResetMemBPX = false; - VirtualQueryEx(dbgProcessInformation.hProcess, (LPCVOID)ResetMemBPXAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - NewProtect = OldProtect | PAGE_GUARD; //guard page protection - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)ResetMemBPXAddress, ResetMemBPXSize, NewProtect, &OldProtect); - if(engineStepActive) - { - if(engineStepCount == NULL) - { - myCustomBreakPoint = (fCustomBreakPoint)(engineStepCallBack); - __try - { - engineStepActive = false; - engineStepCallBack = NULL; - myCustomBreakPoint(); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - else - { - SingleStep(engineStepCount, engineStepCallBack); - } - } - } - } - else //no resetting needed (debugger reached hardware breakpoint or the user stepped) - { - if(engineStepActive) - { - DBGCode = DBG_CONTINUE; - if(engineStepCount == NULL) - { - myCustomBreakPoint = (fCustomBreakPoint)(engineStepCallBack); - __try - { - engineStepActive = false; - engineStepCallBack = NULL; - myCustomBreakPoint(); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - else - { - SingleStep(engineStepCount, engineStepCallBack); - } - } - else //handle hardware breakpoints - { - hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); - myDBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS; - if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr0 || (myDBGContext.Dr6 & 0x1)) - { - if(DebugRegister[0].DrxEnabled) - { - DBGCode = DBG_CONTINUE; - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - myCustomHandler = (fCustomHandler)(DebugRegister[0].DrxCallBack); - __try - { - myCustomHandler((void*)myDBGContext.Dr0); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - RtlZeroMemory(&DebugRegisterX, sizeof HARDWARE_DATA); - RtlMoveMemory(&DebugRegisterX, &DebugRegister[0], sizeof HARDWARE_DATA); - DeleteHardwareBreakPoint(UE_DR0); - DebugRegisterXId = UE_DR0; - ResetHwBPX = true; - } - else - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; - } - } - else if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr1 || (myDBGContext.Dr6 & 0x2)) - { - if(DebugRegister[1].DrxEnabled) - { - DBGCode = DBG_CONTINUE; - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - myCustomHandler = (fCustomHandler)(DebugRegister[1].DrxCallBack); - __try - { - myCustomHandler((void*)myDBGContext.Dr1); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - RtlZeroMemory(&DebugRegisterX, sizeof HARDWARE_DATA); - RtlMoveMemory(&DebugRegisterX, &DebugRegister[1], sizeof HARDWARE_DATA); - DeleteHardwareBreakPoint(UE_DR1); - DebugRegisterXId = UE_DR1; - ResetHwBPX = true; - } - else - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; - } - } - else if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr2 || (myDBGContext.Dr6 & 0x4)) - { - if(DebugRegister[2].DrxEnabled) - { - DBGCode = DBG_CONTINUE; - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - myCustomHandler = (fCustomHandler)(DebugRegister[2].DrxCallBack); - __try - { - myCustomHandler((void*)myDBGContext.Dr2); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - RtlZeroMemory(&DebugRegisterX, sizeof HARDWARE_DATA); - RtlMoveMemory(&DebugRegisterX, &DebugRegister[2], sizeof HARDWARE_DATA); - DeleteHardwareBreakPoint(UE_DR2); - DebugRegisterXId = UE_DR2; - ResetHwBPX = true; - } - else - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; - } - } - else if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr3 || (myDBGContext.Dr6 & 0x8)) - { - if(DebugRegister[3].DrxEnabled) - { - DBGCode = DBG_CONTINUE; - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - myCustomHandler = (fCustomHandler)(DebugRegister[3].DrxCallBack); - __try - { - myCustomHandler((void*)myDBGContext.Dr3); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - RtlZeroMemory(&DebugRegisterX, sizeof HARDWARE_DATA); - RtlMoveMemory(&DebugRegisterX, &DebugRegister[3], sizeof HARDWARE_DATA); - DeleteHardwareBreakPoint(UE_DR3); - DebugRegisterXId = UE_DR3; - ResetHwBPX = true; - } - else - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; - } - } - else //debuggee generated exception - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; - } - EngineCloseHandle(hActiveThread); - } - } - if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) //NOTE: only call the chSingleStep callback when the debuggee generated the exception - { - if(DBGCustomHandler->chSingleStep != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chSingleStep); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chSingleStep = NULL; - } - } - } - } - break; - - case STATUS_GUARD_PAGE_VIOLATION: - { - MemoryBpxFound = false; - MaximumBreakPoints = 0; - ULONG_PTR bpaddr; - for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++) - { - ULONG_PTR addr=BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; - - bpaddr=(ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]; //page accessed - - if(((BreakPointBuffer[MaximumBreakPoints].BreakPointType >= UE_MEMORY) && (BreakPointBuffer[MaximumBreakPoints].BreakPointType <= UE_MEMORY_EXECUTE)) && bpaddr>=addr && bpaddr<(addr+BreakPointBuffer[MaximumBreakPoints].BreakPointSize)) - { - MemoryBpxFound = true; - break; - } - } - if(MaximumBreakPoints < MAXIMUM_BREAKPOINTS || MemoryBpxFound == true) //found memory breakpoint - { - if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE) //memory breakpoint is active - { - hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); - myDBGContext.ContextFlags = CONTEXT_CONTROL; - GetThreadContext(hActiveThread, &myDBGContext); - DBGCode = DBG_CONTINUE; //debugger handled the exception - MemoryBpxCallBack = BreakPointBuffer[MaximumBreakPoints].ExecuteCallBack; - if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY) //READ|WRITE|EXECUTE - { - if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1) - { - RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize); - } - else - { - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; - ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; - ResetMemBPX = true; - } - myCustomHandler = (fCustomHandler)(MemoryBpxCallBack); - __try - { - myCustomHandler((void*)bpaddr); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - else if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY_READ) //READ - { - if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1) //do not restore the memory breakpoint - { - if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 0) //read operation - RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize); - } - else //restore the memory breakpoint - { - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; - ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; - ResetMemBPX = true; - } - if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 0) //read operation - { - myCustomHandler = (fCustomHandler)(MemoryBpxCallBack); - __try - { - myCustomHandler((void*)bpaddr); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - else //no read operation, restore breakpoint - { - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; - ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; - ResetMemBPX = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY_WRITE) //WRITE - { - if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1) //remove breakpoint - { - if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 1) //write operation - RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize); - } - else //restore breakpoint after trap flag - { - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; - ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; - ResetMemBPX = true; - } - if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 1) //write operation - { - myCustomHandler = (fCustomHandler)(MemoryBpxCallBack); - __try - { - myCustomHandler((void*)bpaddr); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - else //no write operation, restore breakpoint - { - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; - ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; - ResetMemBPX = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY_EXECUTE) //EXECUTE - { - if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1) - { - if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 8 && //data execution prevention (DEP) violation - (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]) //exception address == read address - RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize); - } - else - { - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; - ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; - ResetMemBPX = true; - } - if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 8 && //data execution prevention (DEP) violation - (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]) //exception address == read address - { - myCustomHandler = (fCustomHandler)(MemoryBpxCallBack); - __try - { - myCustomHandler((void*)bpaddr); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - else //no execute operation, restore breakpoint - { - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - SetThreadContext(hActiveThread, &myDBGContext); - ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; - ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize; - ResetMemBPX = true; - } - } - EngineCloseHandle(hActiveThread); - } - else - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; //debugger did not handle the exception - } - } - else //no memory breakpoint found - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; - } - - //debuggee generated GUARD_PAGE exception - if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) - { - //TODO: restore memory breakpoint? - if(DBGCustomHandler->chPageGuard != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chPageGuard); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chPageGuard = NULL; - } - } - } - } - break; - - case STATUS_ACCESS_VIOLATION: - { - if(DBGCustomHandler->chAccessViolation != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chAccessViolation); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chAccessViolation = NULL; - } - } - } - break; - - case STATUS_ILLEGAL_INSTRUCTION: - { - //UD2 breakpoint - MaximumBreakPoints = 0; - for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++) - { - if(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress) - { - break; - } - } - if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && MaximumBreakPoints < MAXIMUM_BREAKPOINTS) - { - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); - if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_SINGLESHOOT) && (BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions == -1 || BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions > 0)) - { - if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &BreakPointBuffer[MaximumBreakPoints].OriginalByte[0], BreakPointBuffer[MaximumBreakPoints].BreakPointSize, &NumberOfBytesReadWritten)) - { - DBGCode = DBG_CONTINUE; - hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); - myDBGContext.ContextFlags = CONTEXT_CONTROL; - GetThreadContext(hActiveThread, &myDBGContext); - if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT) - { - if(!(myDBGContext.EFlags & 0x100)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100; - } - } - if(!(myDBGContext.EFlags & 0x10000)) - { - myDBGContext.EFlags = myDBGContext.EFlags ^ 0x10000; - } - SetThreadContext(hActiveThread, &myDBGContext); - EngineCloseHandle(hActiveThread); - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); - myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].ExecuteCallBack); - if(BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != -1 && BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != 0) - { - BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions--; - } - if(BreakPointBuffer[MaximumBreakPoints].CmpCondition != UE_CMP_NOCONDITION) - { - CompareResult = false; - CmpValue1 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpRegister); - myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].CompareCallBack); - if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_EQUAL) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 == CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_NOTEQUAL) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 != CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATER) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 > CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATEROREQUAL) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 >= CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWER) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 < CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWEROREQUAL) - { - CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue; - if(CmpValue1 <= CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_EQUAL) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 == CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_NOTEQUAL) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 != CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATER) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 > CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATEROREQUAL) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 >= CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWER) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 < CmpValue2) - { - CompareResult = true; - } - } - else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWEROREQUAL) - { - CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue); - if(CmpValue1 <= CmpValue2) - { - CompareResult = true; - } - } - if(CompareResult) - { - __try - { - myCustomBreakPoint(); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - } - else - { - __try - { - myCustomBreakPoint(); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } - } - if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT) - { - DisableBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress); - ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1; - ResetBPXAddressTo = (ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress; - ResetBPX = true; - } - else - { - DeleteBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress); - ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1; - ResetBPXAddressTo = NULL; - ResetBPX = false; - } - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); - DBGCode = DBG_CONTINUE; - } - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); - DBGCode = DBG_EXCEPTION_NOT_HANDLED; - } - } - else - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; - } - //application-generated exception - if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) - { - if(DBGCustomHandler->chIllegalInstruction != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chIllegalInstruction); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chIllegalInstruction = NULL; - } - } - } - } - break; - - case STATUS_NONCONTINUABLE_EXCEPTION: - { - if(DBGCustomHandler->chNonContinuableException != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chNonContinuableException); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chNonContinuableException = NULL; - } - } - } - break; - - case STATUS_ARRAY_BOUNDS_EXCEEDED: - { - if(DBGCustomHandler->chArrayBoundsException != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chArrayBoundsException); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chArrayBoundsException = NULL; - } - } - } - break; - - case STATUS_FLOAT_DENORMAL_OPERAND: - { - if(DBGCustomHandler->chFloatDenormalOperand != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chFloatDenormalOperand); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chFloatDenormalOperand = NULL; - } - } - } - break; - - case STATUS_FLOAT_DIVIDE_BY_ZERO: - { - if(DBGCustomHandler->chFloatDevideByZero != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chFloatDevideByZero); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chFloatDevideByZero = NULL; - } - } - } - break; - - case STATUS_INTEGER_DIVIDE_BY_ZERO: - { - if(DBGCustomHandler->chIntegerDevideByZero != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chIntegerDevideByZero); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chIntegerDevideByZero = NULL; - } - } - } - break; - - case STATUS_INTEGER_OVERFLOW: - { - if(DBGCustomHandler->chIntegerOverflow != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chIntegerOverflow); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chIntegerOverflow = NULL; - } - } - } - break; - - case STATUS_PRIVILEGED_INSTRUCTION: - { - if(DBGCustomHandler->chPrivilegedInstruction != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chPrivilegedInstruction); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chPrivilegedInstruction = NULL; - } - } - } - break; - } - - //general unhandled exception callback - if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) - { - if(DBGCustomHandler->chUnhandledException != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chUnhandledException); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chUnhandledException = NULL; - } - } - } - - //general after-exception callback (includes debugger exceptions) - if(DBGCustomHandler->chAfterException != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chAfterException); - __try - { - myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chAfterException = NULL; - } - } - } - break; - - case RIP_EVENT: - { - DBGCode = DBG_EXCEPTION_NOT_HANDLED; //fix an anti-debug trick - //system breakpoint callback - if(DBGCustomHandler->chRipEvent != NULL) - { - myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chRipEvent); - __try - { - myCustomHandler(&DBGEvent); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - DBGCustomHandler->chSystemBreakpoint = NULL; - } - } - } - break; - } - - if(engineResumeProcessIfNoThreadIsActive) - { - if(!ThreaderIsAnyThreadActive()) - { - ThreaderResumeProcess(); - } - } - if(!ContinueDebugEvent(DBGEvent.dwProcessId, DBGEvent.dwThreadId, DBGCode)) //continue debugging - { - break; - } - } - - if(!SecondChance) //debugger didn't close with a second chance exception (normal exit) - { - RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof DEBUG_EVENT); - } - ForceClose(); - engineFileIsBeingDebugged = false; - if(engineExecutePluginCallBack) - { - ExtensionManagerPluginDebugCallBack(&DBGEvent, UE_PLUGIN_CALL_REASON_POSTDEBUG); - } -} -__declspec(dllexport) void TITCALL SetDebugLoopTimeOut(DWORD TimeOut) -{ - - if(TimeOut == NULL) - { - TimeOut = INFINITE; - } - engineWaitForDebugEventTimeOut = TimeOut; -} __declspec(dllexport) void TITCALL SetNextDbgContinueStatus(DWORD SetDbgCode) { @@ -4547,12 +302,7 @@ __declspec(dllexport) void TITCALL SetNextDbgContinueStatus(DWORD SetDbgCode) DBGCode = DBG_CONTINUE; } } -__declspec(dllexport) void TITCALL DebugLoopEx(DWORD TimeOut) -{ - SetDebugLoopTimeOut(TimeOut); - DebugLoop(); - SetDebugLoopTimeOut(INFINITE); -} + __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack) { @@ -4575,14 +325,14 @@ __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnEx } } BreakPointSetCount = 0; - engineDebuggingDLL = false; - engineAttachedToProcess = true; - engineAttachedProcessCallBack = (ULONG_PTR)CallBack; + DebugDebuggingDLL = false; + DebugAttachedToProcess = true; + DebugAttachedProcessCallBack = (ULONG_PTR)CallBack; engineAttachedProcessDebugInfo = DebugInfo; dbgProcessInformation.dwProcessId = ProcessId; DebugLoop(); - engineAttachedToProcess = false; - engineAttachedProcessCallBack = NULL; + DebugAttachedToProcess = false; + DebugAttachedProcessCallBack = NULL; return(true); } } @@ -4609,7 +359,7 @@ __declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId) engineProcessIsNowDetached = true; Sleep(250); } - engineAttachedToProcess = false; + DebugAttachedToProcess = false; if(FuncReturn) { return(true); @@ -4689,7 +439,7 @@ __declspec(dllexport) void TITCALL AutoDebugEx(char* szFileName, bool ReserveMod } __declspec(dllexport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack) { - engineReserveModuleBase = NULL; + DebugReserveModuleBase = NULL; DWORD ThreadId; DWORD ExitCode = 0; HANDLE hSecondThread; diff --git a/TitanEngine/TitanEngine.vcxproj b/TitanEngine/TitanEngine.vcxproj index 65f6b44..8a5fde7 100644 --- a/TitanEngine/TitanEngine.vcxproj +++ b/TitanEngine/TitanEngine.vcxproj @@ -222,9 +222,11 @@ + + Create Create @@ -234,7 +236,11 @@ + + + + @@ -256,9 +262,11 @@ + + @@ -286,6 +294,9 @@ Document + + Document + diff --git a/TitanEngine/TitanEngine.vcxproj.filters b/TitanEngine/TitanEngine.vcxproj.filters index 8d105be..2906d6e 100644 --- a/TitanEngine/TitanEngine.vcxproj.filters +++ b/TitanEngine/TitanEngine.vcxproj.filters @@ -114,6 +114,27 @@ Source Files\TitanEngine + + Source Files\TitanEngine + + + Source Files\TitanEngine + + + Source Files\TitanEngine + + + Source Files\TitanEngine + + + Source Files\TitanEngine + + + Source Files\TitanEngine + + + Source Files\TitanEngine + @@ -170,6 +191,12 @@ Header Files\TitanEngine + + Header Files\TitanEngine + + + Header Files\TitanEngine +