x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

fixed some more detection problems with PUSHFD/PUSHFQ

This commit is contained in:
Mr. eXoDia 2014-07-25 21:37:57 +02:00
parent 3e061ab773
commit f44b9b0310
1 changed files with 28 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -660,8 +660,6 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(ResetBPX == true || ResetHwBPX == true || ResetMemBPX == true) //restore breakpoints (internal step) if(ResetBPX == true || ResetHwBPX == true || ResetMemBPX == true) //restore breakpoints (internal step)
{ {
DBGCode = DBG_CONTINUE; DBGCode = DBG_CONTINUE;
if(ResetBPX) //restore 'normal' breakpoint
{
if(PushfBPX) //remove trap flag from stack if(PushfBPX) //remove trap flag from stack
{ {
PushfBPX = false; PushfBPX = false;
@ -671,6 +669,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
data &= ~UE_TRAP_FLAG; data &= ~UE_TRAP_FLAG;
WriteProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0); WriteProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0);
} }
if(ResetBPX) //restore 'normal' breakpoint
{
if(ResetBPXAddressTo + ResetBPXSize != (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress) if(ResetBPXAddressTo + ResetBPXSize != (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress)
{ {
EnableBPX(ResetBPXAddressTo); EnableBPX(ResetBPXAddressTo);
@ -791,7 +791,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
else //handle hardware breakpoints else //handle hardware breakpoints
{ {
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS; myDBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS | CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr0 || (myDBGContext.Dr6 & 0x1)) if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr0 || (myDBGContext.Dr6 & 0x1))
{ {
@ -906,6 +906,15 @@ __declspec(dllexport) void TITCALL DebugLoop()
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
} }
EngineCloseHandle(hActiveThread); EngineCloseHandle(hActiveThread);
if(ResetHwBPX) //a hardware breakpoint was reached
{
ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF"))
PushfBPX = true;
}
} }
} }
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) //NOTE: only call the chSingleStep callback when the debuggee generated the exception if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) //NOTE: only call the chSingleStep callback when the debuggee generated the exception
@ -1095,6 +1104,15 @@ __declspec(dllexport) void TITCALL DebugLoop()
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
} }
if(ResetMemBPX) //memory breakpoint hit
{
ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF"))
PushfBPX = true;
}
//debuggee generated GUARD_PAGE exception //debuggee generated GUARD_PAGE exception
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) if(DBGCode==DBG_EXCEPTION_NOT_HANDLED)