x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

Add separate event settings for system module;Add debug engine selection

This commit is contained in:
torusrxxx 2020-10-20 22:58:21 +08:00 committed by Duncan Ogilvie
parent 21cadcc5af
commit 1e1809bb02
4 changed files with 219 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/dbg/debugger.cpp
View File

@ -1695,7 +1695,9 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll)
}
DebugUpdateBreakpointsViewAsync();
if(settingboolget("Events", "TlsCallbacks"))
int party = ModGetParty(duint(base));
if(settingboolget("Events", "TlsCallbacks") && party != mod_system || settingboolget("Events", "TlsCallbacksSystem") && party == mod_system)
{
SHARED_ACQUIRE(LockModules);
auto modInfo = ModInfoFromAddr(duint(base));
@ -1720,7 +1722,7 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll)
auto breakOnDll = dbghandledllbreakpoint(modname, true);
if((breakOnDll || settingboolget("Events", "DllEntry")) && !bAlreadySetEntry)
if((breakOnDll || (settingboolget("Events", "DllEntry") && party != mod_system || settingboolget("Events", "DllEntrySystem") && party == mod_system)) && !bAlreadySetEntry)
{
auto entry = ModEntryFromAddr(duint(base));
if(entry)
@ -1736,7 +1738,8 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll)
cookie.HandleNtdllLoad(bIsAttached);
if(settingboolget("Misc", "TransparentExceptionStepping"))
exceptionDispatchAddr = DbgValFromString("ntdll:KiUserExceptionDispatcher");
if(settingboolget("Events", "NtTerminateProcess")) // Break on NtTerminateProcess
cmddirectexec("bp ntdll.NtTerminateProcess, ss");
//set debug flags
if(dwDebugFlags != 0)
{
@ -1804,7 +1807,7 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll)
{
cbGenericBreakpoint(BPDLL, DLLDebugFileName);
}
else if(settingboolget("Events", "DllLoad"))
else if(settingboolget("Events", "DllLoad") && party != mod_system || settingboolget("Events", "DllLoadSystem") && party == mod_system)
{
//update GUI
DebugUpdateGuiSetStateAsync(GetContextDataEx(hActiveThread, UE_CIP), true);
@ -1830,6 +1833,7 @@ static void cbUnloadDll(UNLOAD_DLL_DEBUG_INFO* UnloadDll)
char modname[256] = "???";
if(ModNameFromAddr((duint)base, modname, true))
BpEnumAll(cbRemoveModuleBreakpoints, modname, duint(base));
int party = ModGetParty(duint(base));
DebugUpdateBreakpointsViewAsync();
dprintf(QT_TRANSLATE_NOOP("DBG", "DLL Unloaded: %p %s\n"), base, modname);
@ -1837,7 +1841,7 @@ static void cbUnloadDll(UNLOAD_DLL_DEBUG_INFO* UnloadDll)
{
cbGenericBreakpoint(BPDLL, modname);
}
else if(settingboolget("Events", "DllUnload"))
else if(settingboolget("Events", "DllUnload") && party != mod_system || settingboolget("Events", "DllUnloadSystem") && party == mod_system)
{
//update GUI
DebugUpdateGuiSetStateAsync(GetContextDataEx(hActiveThread, UE_CIP), true);

101
src/gui/Src/Gui/SettingsDialog.cpp
View File

@ -57,6 +57,8 @@ void SettingsDialog::LoadSettings()
settings.eventTlsCallbacks = true;
settings.eventEntryBreakpoint = true;
settings.eventAttachBreakpoint = true;
settings.eventNtTerminateProcess = true;
settings.engineType = DebugEngineTitanEngine;
settings.engineCalcType = calc_unsigned;
settings.engineBreakpointType = break_int3short;
settings.engineUndecorateSymbolNames = true;
@ -88,24 +90,34 @@ void SettingsDialog::LoadSettings()
//Events tab
GetSettingBool("Events", "SystemBreakpoint", &settings.eventSystemBreakpoint);
GetSettingBool("Events", "NtTerminateProcess", &settings.eventNtTerminateProcess);
GetSettingBool("Events", "TlsCallbacks", &settings.eventTlsCallbacks);
GetSettingBool("Events", "TlsCallbacksSystem", &settings.eventTlsCallbacksSystem);
GetSettingBool("Events", "EntryBreakpoint", &settings.eventEntryBreakpoint);
GetSettingBool("Events", "DllEntry", &settings.eventDllEntry);
GetSettingBool("Events", "DllEntrySystem", &settings.eventDllEntrySystem);
GetSettingBool("Events", "ThreadEntry", &settings.eventThreadEntry);
GetSettingBool("Events", "AttachBreakpoint", &settings.eventAttachBreakpoint);
GetSettingBool("Events", "DllLoad", &settings.eventDllLoad);
GetSettingBool("Events", "DllUnload", &settings.eventDllUnload);
GetSettingBool("Events", "DllLoadSystem", &settings.eventDllLoadSystem);
GetSettingBool("Events", "DllUnloadSystem", &settings.eventDllUnloadSystem);
GetSettingBool("Events", "ThreadStart", &settings.eventThreadStart);
GetSettingBool("Events", "ThreadEnd", &settings.eventThreadEnd);
GetSettingBool("Events", "DebugStrings", &settings.eventDebugStrings);
ui->chkSystemBreakpoint->setCheckState(bool2check(settings.eventSystemBreakpoint));
ui->chkNtTerminateProcess->setCheckState(bool2check(settings.eventNtTerminateProcess));
ui->chkTlsCallbacks->setCheckState(bool2check(settings.eventTlsCallbacks));
ui->chkTlsCallbacksSystem->setCheckState(bool2check(settings.eventTlsCallbacksSystem));
ui->chkEntryBreakpoint->setCheckState(bool2check(settings.eventEntryBreakpoint));
ui->chkDllEntry->setCheckState(bool2check(settings.eventDllEntry));
ui->chkDllEntrySystem->setCheckState(bool2check(settings.eventDllEntrySystem));
ui->chkThreadEntry->setCheckState(bool2check(settings.eventThreadEntry));
ui->chkAttachBreakpoint->setCheckState(bool2check(settings.eventAttachBreakpoint));
ui->chkDllLoad->setCheckState(bool2check(settings.eventDllLoad));
ui->chkDllUnload->setCheckState(bool2check(settings.eventDllUnload));
ui->chkDllLoadSystem->setCheckState(bool2check(settings.eventDllLoadSystem));
ui->chkDllUnloadSystem->setCheckState(bool2check(settings.eventDllUnloadSystem));
ui->chkThreadStart->setCheckState(bool2check(settings.eventThreadStart));
ui->chkThreadEnd->setCheckState(bool2check(settings.eventThreadEnd));
ui->chkDebugStrings->setCheckState(bool2check(settings.eventDebugStrings));
@ -122,6 +134,10 @@ void SettingsDialog::LoadSettings()
break;
}
}
if(BridgeSettingGetUint("Engine", "DebugEngine", &cur))
{
settings.engineType = (DEBUG_ENGINE)cur;
}
if(BridgeSettingGetUint("Engine", "BreakpointType", &cur))
{
switch(cur)
@ -158,6 +174,15 @@ void SettingsDialog::LoadSettings()
ui->radioUnsigned->setChecked(true);
break;
}
switch(settings.engineType)
{
case DebugEngineTitanEngine:
ui->radioTitanEngine->setChecked(true);
break;
case DebugEngineGleeBug:
ui->radioGleeBug->setChecked(true);
break;
}
switch(settings.engineBreakpointType)
{
case break_int3short:
@ -335,19 +360,25 @@ void SettingsDialog::SaveSettings()
{
//Events tab
BridgeSettingSetUint("Events", "SystemBreakpoint", settings.eventSystemBreakpoint);
BridgeSettingSetUint("Events", "NtTerminateProcess", settings.eventNtTerminateProcess);
BridgeSettingSetUint("Events", "TlsCallbacks", settings.eventTlsCallbacks);
BridgeSettingSetUint("Events", "TlsCallbacksSystem", settings.eventTlsCallbacksSystem);
BridgeSettingSetUint("Events", "EntryBreakpoint", settings.eventEntryBreakpoint);
BridgeSettingSetUint("Events", "DllEntry", settings.eventDllEntry);
BridgeSettingSetUint("Events", "DllEntrySystem", settings.eventDllEntrySystem);
BridgeSettingSetUint("Events", "ThreadEntry", settings.eventThreadEntry);
BridgeSettingSetUint("Events", "AttachBreakpoint", settings.eventAttachBreakpoint);
BridgeSettingSetUint("Events", "DllLoad", settings.eventDllLoad);
BridgeSettingSetUint("Events", "DllUnload", settings.eventDllUnload);
BridgeSettingSetUint("Events", "DllLoadSystem", settings.eventDllLoadSystem);
BridgeSettingSetUint("Events", "DllUnloadSystem", settings.eventDllUnloadSystem);
BridgeSettingSetUint("Events", "ThreadStart", settings.eventThreadStart);
BridgeSettingSetUint("Events", "ThreadEnd", settings.eventThreadEnd);
BridgeSettingSetUint("Events", "DebugStrings", settings.eventDebugStrings);
//Engine tab
BridgeSettingSetUint("Engine", "CalculationType", settings.engineCalcType);
BridgeSettingSetUint("Engine", "DebugEngine", settings.engineType);
BridgeSettingSetUint("Engine", "BreakpointType", settings.engineBreakpointType);
BridgeSettingSetUint("Engine", "UndecorateSymbolNames", settings.engineUndecorateSymbolNames);
BridgeSettingSetUint("Engine", "EnableDebugPrivilege", settings.engineEnableDebugPrivilege);
@ -495,58 +526,52 @@ void SettingsDialog::on_btnSave_clicked()
void SettingsDialog::on_chkSystemBreakpoint_stateChanged(int arg1)
{
if(arg1 == Qt::Unchecked)
settings.eventSystemBreakpoint = false;
else
settings.eventSystemBreakpoint = true;
settings.eventSystemBreakpoint = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkNtTerminateProcess_stateChanged(int arg1)
{
settings.eventNtTerminateProcess = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkTlsCallbacks_stateChanged(int arg1)
{
if(arg1 == Qt::Unchecked)
settings.eventTlsCallbacks = false;
else
settings.eventTlsCallbacks = true;
settings.eventTlsCallbacks = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkTlsCallbacksSystem_stateChanged(int arg1)
{
settings.eventTlsCallbacksSystem = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkEntryBreakpoint_stateChanged(int arg1)
{
if(arg1 == Qt::Unchecked)
settings.eventEntryBreakpoint = false;
else
settings.eventEntryBreakpoint = true;
settings.eventEntryBreakpoint = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkDllEntry_stateChanged(int arg1)
{
if(arg1 == Qt::Unchecked)
settings.eventDllEntry = false;
else
settings.eventDllEntry = true;
settings.eventDllEntry = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkDllEntrySystem_stateChanged(int arg1)
{
settings.eventDllEntrySystem = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkThreadEntry_stateChanged(int arg1)
{
if(arg1 == Qt::Unchecked)
settings.eventThreadEntry = false;
else
settings.eventThreadEntry = true;
settings.eventThreadEntry = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkAttachBreakpoint_stateChanged(int arg1)
{
if(arg1 == Qt::Unchecked)
settings.eventAttachBreakpoint = false;
else
settings.eventAttachBreakpoint = true;
settings.eventAttachBreakpoint = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkConfirmBeforeAtt_stateChanged(int arg1)
{
if(arg1 == Qt::Unchecked)
settings.miscSetJITAuto = false;
else
settings.miscSetJITAuto = true;
settings.miscSetJITAuto = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkSetJIT_stateChanged(int arg1)
@ -598,6 +623,16 @@ void SettingsDialog::on_chkDllUnload_stateChanged(int arg1)
settings.eventDllUnload = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkDllLoadSystem_stateChanged(int arg1)
{
settings.eventDllLoadSystem = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkDllUnloadSystem_stateChanged(int arg1)
{
settings.eventDllUnloadSystem = arg1 != Qt::Unchecked;
}
void SettingsDialog::on_chkThreadStart_stateChanged(int arg1)
{
settings.eventThreadStart = arg1 != Qt::Unchecked;
@ -623,6 +658,16 @@ void SettingsDialog::on_radioSigned_clicked()
settings.engineCalcType = calc_signed;
}
void SettingsDialog::on_radioTitanEngine_clicked()
{
settings.engineType = DebugEngineTitanEngine;
}
void SettingsDialog::on_radioGleeBug_clicked()
{
settings.engineType = DebugEngineGleeBug;
}
void SettingsDialog::on_radioInt3Short_clicked()
{
settings.engineBreakpointType = break_int3short;

14
src/gui/Src/Gui/SettingsDialog.h
View File

@ -2,6 +2,7 @@
#define SETTINGSDIALOG_H
#include <QDialog>
#include "Imports.h"
namespace Ui
{
@ -28,19 +29,26 @@ private slots:
void on_btnSave_clicked();
//Event tab
void on_chkSystemBreakpoint_stateChanged(int arg1);
void on_chkNtTerminateProcess_stateChanged(int arg1);
void on_chkTlsCallbacks_stateChanged(int arg1);
void on_chkTlsCallbacksSystem_stateChanged(int arg1);
void on_chkEntryBreakpoint_stateChanged(int arg1);
void on_chkDllEntry_stateChanged(int arg1);
void on_chkDllEntrySystem_stateChanged(int arg1);
void on_chkThreadEntry_stateChanged(int arg1);
void on_chkAttachBreakpoint_stateChanged(int arg1);
void on_chkDllLoad_stateChanged(int arg1);
void on_chkDllUnload_stateChanged(int arg1);
void on_chkDllLoadSystem_stateChanged(int arg1);
void on_chkDllUnloadSystem_stateChanged(int arg1);
void on_chkThreadStart_stateChanged(int arg1);
void on_chkThreadEnd_stateChanged(int arg1);
void on_chkDebugStrings_stateChanged(int arg1);
//Engine tab
void on_radioUnsigned_clicked();
void on_radioSigned_clicked();
void on_radioTitanEngine_clicked();
void on_radioGleeBug_clicked();
void on_radioInt3Short_clicked();
void on_radioInt3Long_clicked();
void on_radioUd2_clicked();
@ -134,18 +142,24 @@ private:
{
//Event Tab
bool eventSystemBreakpoint;
bool eventNtTerminateProcess;
bool eventTlsCallbacks;
bool eventTlsCallbacksSystem;
bool eventEntryBreakpoint;
bool eventDllEntry;
bool eventDllEntrySystem;
bool eventThreadEntry;
bool eventAttachBreakpoint;
bool eventDllLoad;
bool eventDllUnload;
bool eventDllLoadSystem;
bool eventDllUnloadSystem;
bool eventThreadStart;
bool eventThreadEnd;
bool eventDebugStrings;
//Engine Tab
CalcType engineCalcType;
DEBUG_ENGINE engineType;
BreakpointType engineBreakpointType;
bool engineUndecorateSymbolNames;
bool engineEnableDebugPrivilege;

198
src/gui/Src/Gui/SettingsDialog.ui
View File

@ -7,7 +7,7 @@
<x>0</x>
<y>0</y>
<width>381</width>
<height>514</height>
<height>525</height>
</rect>
</property>
<property name="sizePolicy">
@ -40,13 +40,51 @@
<string>Events</string>
</attribute>
<layout class="QGridLayout" name="gridLayout">
<item row="1" column="0">
<widget class="QCheckBox" name="chkSystemBreakpoint">
<item row="1" column="1">
<widget class="QCheckBox" name="chkThreadEntry">
<property name="text">
<string>System Breakpoint*</string>
<string>Thread Entry</string>
</property>
<property name="checked">
<bool>false</bool>
</widget>
</item>
<item row="2" column="1">
<widget class="QCheckBox" name="chkThreadStart">
<property name="text">
<string>Thread Start</string>
</property>
</widget>
</item>
<item row="9" column="0">
<widget class="QCheckBox" name="chkDllLoad">
<property name="text">
<string>DLL Load</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QCheckBox" name="chkThreadEnd">
<property name="text">
<string>Thread End</string>
</property>
</widget>
</item>
<item row="12" column="0">
<spacer name="verticalSpacer_4">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="4" column="1">
<widget class="QCheckBox" name="chkDebugStrings">
<property name="text">
<string>Debug Strings</string>
</property>
</widget>
</item>
@ -57,20 +95,6 @@
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QCheckBox" name="chkDllLoad">
<property name="text">
<string>DLL Load</string>
</property>
</widget>
</item>
<item row="9" column="0">
<widget class="QCheckBox" name="chkAttachBreakpoint">
<property name="text">
<string>Attach Breakpoint</string>
</property>
</widget>
</item>
<item row="8" column="0">
<widget class="QCheckBox" name="chkDllEntry">
<property name="text">
@ -88,14 +112,31 @@
</property>
</widget>
</item>
<item row="2" column="1">
<item row="4" column="0">
<widget class="QCheckBox" name="chkAttachBreakpoint">
<property name="text">
<string>Attach Breakpoint</string>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QCheckBox" name="chkSystemBreakpoint">
<property name="text">
<string>System Breakpoint*</string>
</property>
<property name="checked">
<bool>false</bool>
</property>
</widget>
</item>
<item row="11" column="0">
<widget class="QCheckBox" name="chkDllUnload">
<property name="text">
<string>DLL Unload</string>
</property>
</widget>
</item>
<item row="2" column="0">
<item row="5" column="0">
<widget class="QCheckBox" name="chkTlsCallbacks">
<property name="text">
<string>TLS Callbacks*</string>
@ -105,47 +146,41 @@
</property>
</widget>
</item>
<item row="8" column="1">
<widget class="QCheckBox" name="chkThreadEnd">
<item row="2" column="0">
<widget class="QCheckBox" name="chkNtTerminateProcess">
<property name="text">
<string>Thread End</string>
<string>NtTerminateProcess*</string>
</property>
</widget>
</item>
<item row="10" column="0">
<widget class="QCheckBox" name="chkThreadEntry">
<item row="5" column="1">
<widget class="QCheckBox" name="chkTlsCallbacksSystem">
<property name="text">
<string>Thread Entry</string>
<string>System TLS Callbacks*</string>
</property>
</widget>
</item>
<item row="8" column="1">
<widget class="QCheckBox" name="chkDllEntrySystem">
<property name="text">
<string>System DLL Entry</string>
</property>
</widget>
</item>
<item row="9" column="1">
<widget class="QCheckBox" name="chkDebugStrings">
<widget class="QCheckBox" name="chkDllLoadSystem">
<property name="text">
<string>Debug Strings</string>
<string>System DLL Load</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QCheckBox" name="chkThreadStart">
<item row="11" column="1">
<widget class="QCheckBox" name="chkDllUnloadSystem">
<property name="text">
<string>Thread Start</string>
<string>System DLL Unload</string>
</property>
</widget>
</item>
<item row="11" column="0">
<spacer name="verticalSpacer_4">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
</layout>
</widget>
<widget class="QWidget" name="tabEngine">
@ -166,22 +201,19 @@
</attribute>
<layout class="QVBoxLayout" name="verticalLayout_4">
<item>
<widget class="QGroupBox" name="groupBoxCalculationType">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Minimum">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="title">
<string>Calculation Type</string>
</property>
<layout class="QVBoxLayout" name="verticalLayout_6">
<item>
<layout class="QHBoxLayout" name="layoutCalulationType">
<property name="sizeConstraint">
<enum>QLayout::SetNoConstraint</enum>
</property>
<layout class="QHBoxLayout" name="horizontalLayout">
<item>
<widget class="QGroupBox" name="groupBoxCalculationType">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Minimum">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="title">
<string>Calculation Type</string>
</property>
<layout class="QHBoxLayout" name="horizontalLayout_4">
<item>
<widget class="QRadioButton" name="radioSigned">
<property name="text">
@ -200,9 +232,35 @@
</widget>
</item>
</layout>
</item>
</layout>
</widget>
</widget>
</item>
<item>
<widget class="QGroupBox" name="groupBoxDebugEngine">
<property name="title">
<string>Debug Engine*</string>
</property>
<layout class="QHBoxLayout" name="horizontalLayout_3">
<item>
<widget class="QRadioButton" name="radioTitanEngine">
<property name="text">
<string>TitanEngine</string>
</property>
<property name="checked">
<bool>true</bool>
</property>
</widget>
</item>
<item>
<widget class="QRadioButton" name="radioGleeBug">
<property name="text">
<string>GleeBug</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
</layout>
</item>
<item>
<widget class="QGroupBox" name="groupBoxDefaultBreakpointType">
@ -936,18 +994,8 @@
<tabstops>
<tabstop>tabWidget</tabstop>
<tabstop>chkSystemBreakpoint</tabstop>
<tabstop>chkDllLoad</tabstop>
<tabstop>chkTlsCallbacks</tabstop>
<tabstop>chkDllUnload</tabstop>
<tabstop>chkEntryBreakpoint</tabstop>
<tabstop>chkThreadStart</tabstop>
<tabstop>chkDllEntry</tabstop>
<tabstop>chkThreadEnd</tabstop>
<tabstop>chkAttachBreakpoint</tabstop>
<tabstop>chkDebugStrings</tabstop>
<tabstop>chkThreadEntry</tabstop>
<tabstop>radioSigned</tabstop>
<tabstop>radioUnsigned</tabstop>
<tabstop>radioInt3Short</tabstop>
<tabstop>radioInt3Long</tabstop>
<tabstop>radioUd2</tabstop>