x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

fixed some bugs on WOW64 with thread context manipulation

This commit is contained in:
mrexodia 2017-04-28 01:01:17 +02:00
parent 239df37a5e
commit d7e66e5ae4
No known key found for this signature in database
GPG Key ID: FC89E0AAA0C1AAD8
4 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
TitanEngine/TitanEngine.Debugger.Context.cpp
View File

@ -349,7 +349,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D
__declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister) __declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister)
{ {
HANDLE hActiveThread = EngineOpenThread(THREAD_SUSPEND_RESUME | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); HANDLE hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId);
ULONG_PTR ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister); ULONG_PTR ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister);
EngineCloseHandle(hActiveThread); EngineCloseHandle(hActiveThread);
return ContextReturn; return ContextReturn;
@ -918,7 +918,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue) __declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue)
{ {
HANDLE hActiveThread = EngineOpenThread(THREAD_SUSPEND_RESUME | THREAD_SET_CONTEXT | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); HANDLE hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId);
bool ContextReturn = SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue); bool ContextReturn = SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue);
EngineCloseHandle(hActiveThread); EngineCloseHandle(hActiveThread);
return ContextReturn; return ContextReturn;

10
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -453,7 +453,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
{ {
FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0); FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
DBGCode = DBG_CONTINUE; DBGCode = DBG_CONTINUE;
hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT) if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
@ -583,7 +583,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
else else
{ {
hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
myDBGContext.EFlags |= UE_TRAP_FLAG; myDBGContext.EFlags |= UE_TRAP_FLAG;
@ -636,7 +636,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
else //no resetting needed (debugger reached hardware breakpoint or the user stepped) else //no resetting needed (debugger reached hardware breakpoint or the user stepped)
{ {
//handle hardware breakpoints //handle hardware breakpoints
hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS | CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS | CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr0 || (myDBGContext.Dr6 & 0x1)) if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr0 || (myDBGContext.Dr6 & 0x1))
@ -816,7 +816,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
if(bFoundBreakPoint) //found memory breakpoint if(bFoundBreakPoint) //found memory breakpoint
{ {
hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
DBGCode = DBG_CONTINUE; //debugger handled the exception DBGCode = DBG_CONTINUE; //debugger handled the exception
@ -990,7 +990,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
{ {
FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0); FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
DBGCode = DBG_CONTINUE; DBGCode = DBG_CONTINUE;
hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT) if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)

2
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -304,7 +304,7 @@ __declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId)
int threadcount = (int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++) for(int i = 0; i < threadcount; i++)
{ {
HANDLE hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, hListThread.at(i).dwThreadId); HANDLE hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, hListThread.at(i).dwThreadId);
CONTEXT myDBGContext; CONTEXT myDBGContext;
myDBGContext.ContextFlags = CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);

9
TitanEngine/stdafx.h
View File

@ -1114,4 +1114,13 @@ typedef PEB64 PEB_CURRENT;
typedef PEB32 PEB_CURRENT; typedef PEB32 PEB_CURRENT;
#endif #endif
//GetThreadContext:
// - The handle must have THREAD_GET_CONTEXT access to the thread.
// - WOW64: The handle must also have THREAD_QUERY_INFORMATION access.
//SetThreadContext:
// - The handle must have the THREAD_SET_CONTEXT access right to the thread.
//SuspendThread/ResumeThread:
// - The handle must have the THREAD_SUSPEND_RESUME access right.
#define THREAD_GETSETSUSPEND (THREAD_SUSPEND_RESUME | THREAD_SET_CONTEXT | THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION)
#pragma pack(pop) #pragma pack(pop)