DBG: automatically stop debugging when trying to attach/initialize while still in a session + added Handle class + added DbgFunctions()->GetProcessList

2014-08-05 04:28:48 +02:00 · 2014-08-05 04:28:48 +02:00 · 520d063a79
parent 86cb1a6459
commit 520d063a79
9 changed files with 115 additions and 14 deletions
--- a/x64_dbg_dbg/_dbgfunctions.cpp
+++ b/x64_dbg_dbg/_dbgfunctions.cpp
@ -122,6 +122,23 @@ static bool _getjit(char* jit, bool jit64)
    return true;
 }

+bool _getprocesslist(DBGPROCESSINFO** entries, int* count)
+{
+    std::vector<PROCESSENTRY32> list;
+    if(!dbglistprocesses(&list))
+        return false;
+    *count = (int)list.size();
+    if(!*count)
+        return false;
+    *entries = (DBGPROCESSINFO*)BridgeAlloc(*count * sizeof(DBGPROCESSINFO));
+    for(int i = 0; i < *count; i++)
+    {
+        (*entries)[*count - i - 1].dwProcessId = list.at(i).th32ProcessID;
+        strcpy_s((*entries)[*count - i - 1].szExeFile, list.at(i).szExeFile);
+    }
+    return true;
+}
+
 void dbgfunctionsinit()
 {
    _dbgfunctions.AssembleAtEx = _assembleatex;
@ -146,4 +163,5 @@ void dbgfunctionsinit()
    _dbgfunctions.SymbolDownloadAllSymbols = symdownloadallsymbols;
    _dbgfunctions.GetJit = _getjit;
    _dbgfunctions.GetDefJit = dbggetdefjit;
+    _dbgfunctions.GetProcessList = _getprocesslist;
 }
--- a/x64_dbg_dbg/_dbgfunctions.h
+++ b/x64_dbg_dbg/_dbgfunctions.h
@ -27,6 +27,12 @@ typedef struct
    DBGCALLSTACKENTRY* entries;
 } DBGCALLSTACK;

+typedef struct
+{
+    DWORD dwProcessId;
+    char szExeFile[MAX_PATH];
+} DBGPROCESSINFO;
+
 typedef bool (*ASSEMBLEATEX)(duint addr, const char* instruction, char* error, bool fillnop);
 typedef bool (*SECTIONFROMADDR)(duint addr, char* section);
 typedef bool (*MODNAMEFROMADDR)(duint addr, char* modname, bool extension);
@ -49,6 +55,7 @@ typedef void (*GETCALLSTACK)(DBGCALLSTACK* callstack);
 typedef void (*SYMBOLDOWNLOADALLSYMBOLS)(const char* szSymbolStore);
 typedef bool (*GETJIT)(char* jit, bool x64);
 typedef bool (*GETDEFJIT)(char*);
+typedef bool (*GETPROCESSLIST)(DBGPROCESSINFO** entries, int* count);

 typedef struct DBGFUNCTIONS_
 {
@ -74,6 +81,7 @@ typedef struct DBGFUNCTIONS_
    SYMBOLDOWNLOADALLSYMBOLS SymbolDownloadAllSymbols;
    GETJIT GetJit;
    GETDEFJIT GetDefJit;
+    GETPROCESSLIST GetProcessList;
 } DBGFUNCTIONS;

 #ifdef BUILD_DBG
--- a/x64_dbg_dbg/_global.h
+++ b/x64_dbg_dbg/_global.h
@ -20,6 +20,7 @@
 #include "..\x64_dbg_bridge\bridgemain.h"
 #include "jansson\jansson.h"
 #include "DeviceNameResolver\DeviceNameResolver.h"
+#include "handle.h"

 #ifdef __GNUC__
 #include "dbghelp\dbghelp.h"
--- a/x64_dbg_dbg/debugger.cpp
+++ b/x64_dbg_dbg/debugger.cpp
@ -1588,4 +1588,39 @@ bool dbgsetjit(char* jit_cmd, arch arch_in, arch* arch_out)
    RegCloseKey(hKey);

    return (lRv == ERROR_SUCCESS);
+}
+
+bool dbglistprocesses(std::vector<PROCESSENTRY32>* list)
+{
+    list->clear();
+    Handle hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+    if(!hProcessSnap)
+        return false;
+    PROCESSENTRY32 pe32;
+    pe32.dwSize = sizeof(PROCESSENTRY32);
+    if(!Process32First(hProcessSnap, &pe32))
+        return false;
+    do
+    {
+        if(pe32.th32ProcessID == GetCurrentProcessId())
+            continue;
+        if(!_stricmp(pe32.szExeFile, "System"))
+            continue;
+        if(!_stricmp(pe32.szExeFile, "[System Process]"))
+            continue;
+        Handle hProcess = TitanOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, pe32.th32ProcessID);
+        if(!hProcess)
+            continue;
+        BOOL wow64 = false, mewow64 = false;
+        if(!IsWow64Process(hProcess, &wow64) or !IsWow64Process(GetCurrentProcess(), &mewow64))
+            continue;
+        if((mewow64 and !wow64) or (!mewow64 and wow64))
+            continue;
+        char szExePath[MAX_PATH] = "";
+        if(GetModuleFileNameExA(hProcess, 0, szExePath, sizeof(szExePath)))
+            strcpy_s(pe32.szExeFile, szExePath);
+        list->push_back(pe32);
+    }
+    while(Process32Next(hProcessSnap, &pe32));
+    return true;
 }
--- a/x64_dbg_dbg/debugger.h
+++ b/x64_dbg_dbg/debugger.h
@ -54,6 +54,7 @@ bool dbgcmddel(const char* name);
 bool dbggetjit(char** jit_entry_out, arch arch_in, arch* arch_out);
 bool dbgsetjit(char* jit_cmd, arch arch_in, arch* arch_out);
 bool dbggetdefjit(char* jit_entry);
+bool dbglistprocesses(std::vector<PROCESSENTRY32>* list);

 void cbStep();
 void cbRtrStep();
--- a/x64_dbg_dbg/debugger_commands.cpp
+++ b/x64_dbg_dbg/debugger_commands.cpp
@ -16,10 +16,7 @@ static bool bScyllaLoaded = false;
 CMDRESULT cbDebugInit(int argc, char* argv[])
 {
    if(DbgIsDebugging())
-    {
-        dputs("already debugging!");
-        return STATUS_ERROR;
-    }
+        DbgCmdExecDirect("stop");

    static char arg1[deflen] = "";
    if(!argget(*argv, arg1, 0, false))
@ -858,12 +855,8 @@ CMDRESULT cbDebugAttach(int argc, char* argv[])
        return STATUS_ERROR;
    }
    if(DbgIsDebugging())
-    {
-        //TODO: do stuff
-        dputs("terminate the current session!");
-        return STATUS_ERROR;
-    }
-    HANDLE hProcess = TitanOpenProcess(PROCESS_ALL_ACCESS, false, (DWORD)pid);
+        DbgCmdExecDirect("stop");
+    Handle hProcess = TitanOpenProcess(PROCESS_ALL_ACCESS, false, (DWORD)pid);
    if(!hProcess)
    {
        dprintf("could not open process %X!\n", pid);
@ -873,7 +866,6 @@ CMDRESULT cbDebugAttach(int argc, char* argv[])
    if(!IsWow64Process(hProcess, &wow64) or !IsWow64Process(GetCurrentProcess(), &mewow64))
    {
        dputs("IsWow64Process failed!");
-        CloseHandle(hProcess);
        return STATUS_ERROR;
    }
    if((mewow64 and !wow64) or (!mewow64 and wow64))
@ -883,16 +875,13 @@ CMDRESULT cbDebugAttach(int argc, char* argv[])
 #else
        dputs("Use x64_dbg to debug this process!");
 #endif // _WIN64
-        CloseHandle(hProcess);
        return STATUS_ERROR;
    }
    if(!GetModuleFileNameExA(hProcess, 0, szFileName, sizeof(szFileName)))
    {
        dprintf("could not get module filename %X!\n", pid);
-        CloseHandle(hProcess);
        return STATUS_ERROR;
    }
-    CloseHandle(hProcess);
    CloseHandle(CreateThread(0, 0, threadAttachLoop, (void*)pid, 0, 0));
    return STATUS_CONTINUE;
 }
--- a/x64_dbg_dbg/handle.h
+++ b/x64_dbg_dbg/handle.h
@ -0,0 +1,45 @@
+#ifndef _HANDLE_H
+#define _HANDLE_H
+
+#include <windows.h>
+
+class Handle
+{
+public:
+    Handle(HANDLE h = 0)
+    {
+        mHandle = h;
+    }
+
+    ~Handle()
+    {
+        DWORD dwFlags = 0;
+        if(GetHandleInformation(mHandle, &dwFlags) && !(dwFlags & HANDLE_FLAG_PROTECT_FROM_CLOSE))
+            CloseHandle(mHandle);
+    }
+
+    const HANDLE & operator=(const HANDLE & h)
+    {
+        return mHandle = h;
+    }
+
+    operator HANDLE & ()
+    {
+        return mHandle;
+    }
+
+    bool operator!() const
+    {
+        return (!mHandle || mHandle == INVALID_HANDLE_VALUE);
+    }
+
+    operator bool() const
+    {
+        return !this;
+    }
+
+private:
+    HANDLE mHandle;
+};
+
+#endif //_HANDLE_H
--- a/x64_dbg_dbg/x64_dbg_dbg.vcxproj
+++ b/x64_dbg_dbg/x64_dbg_dbg.vcxproj
@ -61,6 +61,7 @@
    <ClInclude Include="DeviceNameResolver\DeviceNameResolver.h" />
    <ClInclude Include="disasm_fast.h" />
    <ClInclude Include="disasm_helper.h" />
+    <ClInclude Include="handle.h" />
    <ClInclude Include="instruction.h" />
    <ClInclude Include="jansson\jansson.h" />
    <ClInclude Include="jansson\jansson_config.h" />
--- a/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters
+++ b/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters
@ -269,5 +269,8 @@
    <ClInclude Include="debugger_commands.h">
      <Filter>Header Files</Filter>
    </ClInclude>
+    <ClInclude Include="handle.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
  </ItemGroup>
 </Project>