x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

Merged in Mattiwatti/titanengine/x64dbg (pull request #13) 

Fix memory/handle waste caused by mapping every loaded DLL into the debugger process

* Don't create a file mapping for every loaded DLL in LOAD_DLL_DEBUG_EVENT that is not freed until the end of the debug session just to query the DLL filename. GetMappedFileNameW takes a process handle, so just use the debuggee's process and DLL base instead

* Fix double free if TranslateNativeNameW() fails
This commit is contained in:
Mattiwatti 2018-03-23 11:25:54 +00:00 committed by Duncan
parent 9b36d32bf6
commit ef020ed39d
1 changed files with 50 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -52,8 +52,6 @@ __declspec(dllexport) void TITCALL DebugLoop()
wchar_t DLLDebugFileName[512]; wchar_t DLLDebugFileName[512];
char szAnsiLibraryName[MAX_PATH]; char szAnsiLibraryName[MAX_PATH];
ULONG_PTR DLLPatchAddress; ULONG_PTR DLLPatchAddress;
HANDLE hFileMapping;
LPVOID hFileMappingView;
LPVOID DBGEntryPoint; LPVOID DBGEntryPoint;
wchar_t* szTranslatedNativeName; wchar_t* szTranslatedNativeName;
@ -258,64 +256,59 @@ __declspec(dllexport) void TITCALL DebugLoop()
LIBRARY_ITEM_DATAW NewLibraryData; LIBRARY_ITEM_DATAW NewLibraryData;
memset(&NewLibraryData, 0, sizeof(LIBRARY_ITEM_DATAW)); memset(&NewLibraryData, 0, sizeof(LIBRARY_ITEM_DATAW));
NewLibraryData.BaseOfDll = DBGEvent.u.LoadDll.lpBaseOfDll; NewLibraryData.BaseOfDll = DBGEvent.u.LoadDll.lpBaseOfDll;
hFileMapping = DBGEvent.u.LoadDll.hFile ? CreateFileMappingA(DBGEvent.u.LoadDll.hFile, NULL, PAGE_READONLY, 0, 0, NULL) : NULL;
if(hFileMapping != NULL)
{
hFileMappingView = MapViewOfFile(hFileMapping, FILE_MAP_READ, NULL, NULL, NULL);
if(hFileMappingView != NULL)
{
NewLibraryData.hFileMapping = hFileMapping;
NewLibraryData.hFileMappingView = hFileMappingView;
if(GetMappedFileNameW(GetCurrentProcess(), hFileMappingView, DLLDebugFileName, sizeof(DLLDebugFileName) / sizeof(DLLDebugFileName[0])) > NULL)
{
int i = lstrlenW(DLLDebugFileName);
while(DLLDebugFileName[i] != '\\' && i)
i--;
if(DebugDebuggingDLL)
{
if(lstrcmpiW(&DLLDebugFileName[i + 1], DebugDebuggingDLLFileName) == NULL)
{
CloseHandle(DebugDLLFileMapping); //close file mapping handle
SetBPX(DebugModuleEntryPoint + (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll, UE_SINGLESHOOT, DebugModuleEntryPointCallBack);
DebugDebuggingDLLBase = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll;
}
/*else if(lstrcmpiW(&DLLDebugFileName[i+1], DebugDebuggingDLLReserveFileName) == NULL)
{
if((ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll != DebugModuleImageBase)
{
VirtualAllocEx(dbgProcessInformation.hProcess, (void*)DebugModuleImageBase, 0x1000, MEM_RESERVE, PAGE_READWRITE);
}
}*/
}
if(engineFakeDLLHandle == NULL)
{
if(_wcsicmp(&DLLDebugFileName[i + 1], L"kernel32.dll") == NULL)
{
engineFakeDLLHandle = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll;
}
}
lstrcpyW(NewLibraryData.szLibraryName, &DLLDebugFileName[i + 1]);
szTranslatedNativeName = (wchar_t*)TranslateNativeNameW(DLLDebugFileName);
lstrcpyW(NewLibraryData.szLibraryPath, szTranslatedNativeName);
VirtualFree((void*)szTranslatedNativeName, NULL, MEM_RELEASE);
RtlZeroMemory(szAnsiLibraryName, sizeof(szAnsiLibraryName));
WideCharToMultiByte(CP_ACP, NULL, NewLibraryData.szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL);
//library breakpoint // Query remote DLL path
for(int i = (int)LibrarianData.size() - 1; i >= 0; i--) if(GetMappedFileNameW(dbgProcessInformation.hProcess, DBGEvent.u.LoadDll.lpBaseOfDll, DLLDebugFileName, sizeof(DLLDebugFileName) / sizeof(wchar_t)))
{
int i = lstrlenW(DLLDebugFileName);
while(DLLDebugFileName[i] != '\\' && i)
i--;
if(DebugDebuggingDLL)
{
if(lstrcmpiW(&DLLDebugFileName[i + 1], DebugDebuggingDLLFileName) == NULL)
{
CloseHandle(DebugDLLFileMapping); //close file mapping handle
SetBPX(DebugModuleEntryPoint + (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll, UE_SINGLESHOOT, DebugModuleEntryPointCallBack);
DebugDebuggingDLLBase = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll;
}
/*else if(lstrcmpiW(&DLLDebugFileName[i+1], DebugDebuggingDLLReserveFileName) == NULL)
{
if((ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll != DebugModuleImageBase)
{ {
ptrLibrarianData = &LibrarianData.at(i); VirtualAllocEx(dbgProcessInformation.hProcess, (void*)DebugModuleImageBase, 0x1000, MEM_RESERVE, PAGE_READWRITE);
if(!_stricmp(ptrLibrarianData->szLibraryName, szAnsiLibraryName)) }
}*/
}
if(engineFakeDLLHandle == NULL)
{
if(_wcsicmp(&DLLDebugFileName[i + 1], L"kernel32.dll") == NULL)
{
engineFakeDLLHandle = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll;
}
}
lstrcpyW(NewLibraryData.szLibraryName, &DLLDebugFileName[i + 1]);
szTranslatedNativeName = (wchar_t*)TranslateNativeNameW(DLLDebugFileName);
if(szTranslatedNativeName != nullptr)
{
lstrcpyW(NewLibraryData.szLibraryPath, szTranslatedNativeName);
VirtualFree((void*)szTranslatedNativeName, NULL, MEM_RELEASE);
}
RtlZeroMemory(szAnsiLibraryName, sizeof(szAnsiLibraryName));
WideCharToMultiByte(CP_ACP, NULL, NewLibraryData.szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL);
//library breakpoint
for(int i = (int)LibrarianData.size() - 1; i >= 0; i--)
{
ptrLibrarianData = &LibrarianData.at(i);
if(!_stricmp(ptrLibrarianData->szLibraryName, szAnsiLibraryName))
{
if(ptrLibrarianData->bpxType == UE_ON_LIB_LOAD || ptrLibrarianData->bpxType == UE_ON_LIB_ALL)
{
myCustomHandler = (fCustomHandler)(ptrLibrarianData->bpxCallBack);
myCustomHandler(&DBGEvent.u.LoadDll);
if(ptrLibrarianData->bpxSingleShoot)
{ {
if(ptrLibrarianData->bpxType == UE_ON_LIB_LOAD || ptrLibrarianData->bpxType == UE_ON_LIB_ALL) LibrarianRemoveBreakPoint(ptrLibrarianData->szLibraryName, ptrLibrarianData->bpxType);
{
myCustomHandler = (fCustomHandler)(ptrLibrarianData->bpxCallBack);
myCustomHandler(&DBGEvent.u.LoadDll);
if(ptrLibrarianData->bpxSingleShoot)
{
LibrarianRemoveBreakPoint(ptrLibrarianData->szLibraryName, ptrLibrarianData->bpxType);
}
}
} }
} }
} }