DBG+GUI: check if DEP is enabled before warning about operations on non-code pages

2017-02-26 22:42:52 +01:00 · 2017-02-26 22:42:52 +01:00 · 01d46dd036
parent 9a03f959e7
commit 01d46dd036
7 changed files with 36 additions and 21 deletions
--- a/src/dbg/_dbgfunctions.cpp
+++ b/src/dbg/_dbgfunctions.cpp
@ -372,4 +372,5 @@ void dbgfunctionsinit()
    _dbgfunctions.EnumWindows = _enumwindows;
    _dbgfunctions.EnumHeaps = _enumheaps;
    _dbgfunctions.ThreadGetName = ThreadGetName;
+    _dbgfunctions.IsDepEnabled = dbgisdepenabled;
 }
--- a/src/dbg/_dbgfunctions.h
+++ b/src/dbg/_dbgfunctions.h
@ -173,6 +173,7 @@ typedef const char* (*DBGGETDEBUGGEEINITSCRIPT)();
 typedef bool(*HANDLESENUMWINDOWS)(ListOf(WINDOW_INFO) windows);
 typedef bool(*HANDLESENUMHEAPS)(ListOf(HEAPINFO) heaps);
 typedef bool(*THREADGETNAME)(DWORD tid, char* name);
+typedef bool(*ISDEPENABLED)();

 //The list of all the DbgFunctions() return value.
 //WARNING: This list is append only. Do not insert things in the middle or plugins would break.
@ -236,6 +237,7 @@ typedef struct DBGFUNCTIONS_
    HANDLESENUMWINDOWS EnumWindows;
    HANDLESENUMHEAPS EnumHeaps;
    THREADGETNAME ThreadGetName;
+    ISDEPENABLED IsDepEnabled;
 } DBGFUNCTIONS;

 #ifdef BUILD_DBG
--- a/src/dbg/assemble.cpp
+++ b/src/dbg/assemble.cpp
@ -185,24 +185,8 @@ static bool isInstructionPointingToExMemory(duint addr, const unsigned char* des
    if(MemIsCodePage(basicinfo.addr, false))
        return true;

-#ifndef _WIN64
-    DWORD lpFlagsDep;
-    BOOL bPermanentDep;
-
-    // DEP is disabled if lpFlagsDep == 0
-    typedef BOOL(WINAPI * GETPROCESSDEPPOLICY)(
-        _In_  HANDLE  hProcess,
-        _Out_ LPDWORD lpFlags,
-        _Out_ PBOOL   lpPermanent
-    );
-    static auto GPDP = GETPROCESSDEPPOLICY(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetProcessDEPPolicy"));
-
-    // If DEP is disabled it doesn't matter where the memory points because it's executable anyway.
-    if(GPDP && GPDP(fdProcessInfo->hProcess, &lpFlagsDep, &bPermanentDep) && lpFlagsDep == 0)
-        return true;
-#endif //_WIN64
-
-    return false;
+    // Check if DEP is disabled
+    return !dbgisdepenabled();
 }

 bool assembleat(duint addr, const char* instruction, int* size, char* error, bool fillnop)
--- a/src/dbg/debugger.cpp
+++ b/src/dbg/debugger.cpp
@ -2763,3 +2763,29 @@ void StepIntoWow64(LPVOID traceCallBack)
 #endif //_WIN64
    StepInto(traceCallBack);
 }
+
+bool dbgisdepenabled()
+{
+    auto depEnabled = false;
+#ifndef _WIN64
+    typedef BOOL(WINAPI * GETPROCESSDEPPOLICY)(
+        _In_  HANDLE  /*hProcess*/,
+        _Out_ LPDWORD /*lpFlags*/,
+        _Out_ PBOOL   /*lpPermanent*/
+    );
+    static auto GPDP = GETPROCESSDEPPOLICY(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetProcessDEPPolicy"));
+    if(GPDP)
+    {
+        //If you use fdProcessInfo->hProcess GetProcessDEPPolicy will put garbage in bPermanent.
+        auto hProcess = TitanOpenProcess(PROCESS_QUERY_INFORMATION, false, fdProcessInfo->dwProcessId);
+        DWORD lpFlags;
+        BOOL bPermanent;
+        if(GPDP(hProcess, &lpFlags, &bPermanent))
+            depEnabled = lpFlags != 0;
+        CloseHandle(hProcess);
+    }
+#else
+    depEnabled = true;
+#endif //_WIN64
+    return depEnabled;
+}
--- a/src/dbg/debugger.h
+++ b/src/dbg/debugger.h
@ -136,6 +136,7 @@ bool cbSetModuleBreakpoints(const BREAKPOINT* bp);
 EXCEPTION_DEBUG_INFO getLastExceptionInfo();
 bool dbgrestartadmin();
 void StepIntoWow64(void* traceCallBack);
+bool dbgisdepenabled();

 //variables
 extern PROCESS_INFORMATION* fdProcessInfo;
--- a/src/dbg/patches.h
+++ b/src/dbg/patches.h
@ -3,6 +3,7 @@

 #include "_global.h"

+//casted to bridgemain.h:DBGPATCHINFO in _dbgfunctions.cpp
 struct PATCHINFO
 {
    char mod[MAX_MODULE_SIZE];
--- a/src/gui/Src/Gui/CPUDisassembly.cpp
+++ b/src/gui/Src/Gui/CPUDisassembly.cpp
@ -704,7 +704,7 @@ void CPUDisassembly::toggleInt3BPActionSlot()
    }
    else
    {
-        if(!DbgFunctions()->MemIsCodePage(wVA, false))
+        if(DbgFunctions()->IsDepEnabled() && !DbgFunctions()->MemIsCodePage(wVA, false))
        {
            QMessageBox msgyn(QMessageBox::Warning, tr("Current address is not executable"),
                              tr("Setting software breakpoint here may result in crash. Do you really want to continue?"), QMessageBox::Yes | QMessageBox::No, this);
@ -804,7 +804,7 @@ void CPUDisassembly::setNewOriginHereActionSlot()
    if(!DbgIsDebugging())
        return;
    duint wVA = rvaToVa(getInitialSelection());
-    if(!DbgFunctions()->MemIsCodePage(wVA, false))
+    if(DbgFunctions()->IsDepEnabled() && !DbgFunctions()->MemIsCodePage(wVA, false))
    {
        QMessageBox msg(QMessageBox::Warning, tr("Current address is not executable"),
                        tr("Setting new origin here may result in crash. Do you really want to continue?"), QMessageBox::Yes | QMessageBox::No, this);
@ -2042,7 +2042,7 @@ void CPUDisassembly::analyzeModuleSlot()
 void CPUDisassembly::createThreadSlot()
 {
    duint addr = rvaToVa(getSelectionStart());
-    if(!DbgFunctions()->MemIsCodePage(addr, false))
+    if(DbgFunctions()->IsDepEnabled() && !DbgFunctions()->MemIsCodePage(addr, false))
    {
        QMessageBox msg(QMessageBox::Warning, tr("Current address is not executable"),
                        tr("Creating new thread here may result in crash. Do you really want to continue?"), QMessageBox::Yes | QMessageBox::No, this);