x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

Merge pull request #14 from shocoman/fix-double-pushfd-bug 

Fix a bug that could change a stack value after stepping into a PUSHF instruction with a singleshoot breakpoint
This commit is contained in:
Duncan Ogilvie 2023-07-08 12:02:41 +02:00 committed by GitHub
parent 882bc1bc30 7a7530cef1
commit b862c2b36f
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -554,12 +554,6 @@ __declspec(dllexport) void TITCALL DebugLoop()
SetThreadContext(hActiveThread, &myDBGContext);
EngineCloseHandle(hActiveThread);
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, OldProtect, &OldProtect);
ULONG_PTR ueCurrentPosition = FoundBreakPoint.BreakPointAddress;
unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF"))
PushfBPX = true;
if(FoundBreakPoint.BreakPointType == UE_SINGLESHOOT)
{
@ -568,6 +562,16 @@ __declspec(dllexport) void TITCALL DebugLoop()
ResetBPXAddressTo = NULL;
ResetBPX = false;
}
else
{
// if the current instruction pushes the flags, erase the trap flag from the stack after its execution
ULONG_PTR ueCurrentPosition = FoundBreakPoint.BreakPointAddress;
unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF"))
PushfBPX = true;
}
//execute callback
myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)FoundBreakPoint.ExecuteCallBack);