first changecmdline stuff

x64_dbg_dbg/_dbgfunctions.cpp

@@ -112,6 +112,16 @@ static bool _getjitauto(bool* jit_auto)
     return dbggetjitauto(jit_auto, notfound, NULL, NULL);
 }
 
+static bool _getcmdline(char** cmd_line)
+{
+    return dbggetcmdline(cmd_line, NULL);
+}
+
+static bool _setcmdline(char* cmd_line)
+{
+    return dbgsetcmdline(cmd_line, NULL);
+}
+
 static bool _isprocesselevated(void)
 {
     return IsProcessElevated();
@@ -204,4 +214,6 @@ void dbgfunctionsinit()
     _dbgfunctions.SetPageRights = _setpagerights;
     _dbgfunctions.PageRightsToString = _pagerightstostring;
     _dbgfunctions.IsProcessElevated = _isprocesselevated;
+    _dbgfunctions.GetCmdline = _getcmdline;
+    _dbgfunctions.SetCmdline = _setcmdline;
 }

x64_dbg_dbg/_dbgfunctions.h

@@ -61,6 +61,8 @@ typedef bool (*GETPAGERIGHTS)(duint*, char*);
 typedef bool (*SETPAGERIGHTS)(duint*, char*);
 typedef bool (*PAGERIGHTSTOSTRING)(DWORD, char*);
 typedef bool (*ISPROCESSELEVATED)(void);
+typedef bool (*GETCMDLINE)(char**);
+typedef bool (*SETCMDLINE)(char*);
 
 typedef struct DBGFUNCTIONS_
 {
@@ -92,6 +94,8 @@ typedef struct DBGFUNCTIONS_
     SETPAGERIGHTS SetPageRights;
     PAGERIGHTSTOSTRING PageRightsToString;
     ISPROCESSELEVATED IsProcessElevated;
+    GETCMDLINE GetCmdline;
+    SETCMDLINE SetCmdline;
 } DBGFUNCTIONS;
 
 #ifdef BUILD_DBG

x64_dbg_dbg/_global.h

@@ -99,6 +99,7 @@ enum arch
     x64
 };
 
+
 //superglobal variables
 extern HINSTANCE hInst;
 extern char dbbasepath[deflen];

x64_dbg_dbg/debugger.cpp

@@ -1828,4 +1828,188 @@ bool dbglistprocesses(std::vector<PROCESSENTRY32>* list)
     }
     while(Process32Next(hProcessSnap, &pe32));
     return true;
+}
+
+HRESULT AnsiToUnicode(LPCSTR pszA, LPOLESTR* ppszW)
+{
+    ULONG cCharacters;
+    DWORD dwError;
+
+    // If input is null then just return the same.
+    if(NULL == pszA)
+    {
+        *ppszW = NULL;
+        return NOERROR;
+    }
+
+    // Determine number of wide characters to be allocated for the
+    // Unicode string.
+    cCharacters =  strlen(pszA) + 1;
+
+    *ppszW = (LPOLESTR) calloc(1, cCharacters * 2);
+    if(NULL == *ppszW)
+        return E_OUTOFMEMORY;
+
+    // Covert to Unicode.
+    if(0 == MultiByteToWideChar(CP_ACP, 0, pszA, cCharacters,
+                                *ppszW, cCharacters))
+    {
+        dwError = GetLastError();
+        free(*ppszW);
+        *ppszW = NULL;
+        return HRESULT_FROM_WIN32(dwError);
+    }
+
+    return NOERROR;
+}
+
+HRESULT UnicodeToAnsi(LPCOLESTR pszW, LPSTR* ppszA)
+{
+    ULONG cbAnsi, cCharacters;
+    DWORD dwError;
+    // If input is null then just return the same.
+    if(pszW == NULL)
+    {
+        *ppszA = NULL;
+        return NOERROR;
+    }
+    cCharacters = wcslen(pszW) + 1;
+    cbAnsi = cCharacters * 2;
+
+    *ppszA = (LPSTR) calloc(1, cbAnsi);
+    if(NULL == *ppszA)
+        return E_OUTOFMEMORY;
+
+    if(0 == WideCharToMultiByte(CP_ACP, 0, pszW, cCharacters, *ppszA, cbAnsi, NULL, NULL))
+    {
+        dwError = GetLastError();
+        free(*ppszA);
+        *ppszA = NULL;
+        return HRESULT_FROM_WIN32(dwError);
+    }
+    return NOERROR;
+}
+
+bool _getcommandlineaddr(uint* addr, cmdline_error_t* cmd_line_error)
+{
+    SIZE_T size;
+    uint pprocess_parameters;
+
+    cmd_line_error->addr = (uint) GetPEBLocation(fdProcessInfo->hProcess);
+
+    cmd_line_error->addr = (uint) & (((MSDNPEB*) cmd_line_error->addr)->ProcessParameters);
+    if(!memread(fdProcessInfo->hProcess, (const void*) cmd_line_error->addr, & pprocess_parameters, sizeof(pprocess_parameters), & size))
+    {
+        cmd_line_error->type = CMDL_ERR_READ_PEBBASE;
+        return false;
+    }
+
+    * addr = (uint) & (((RTL_USER_PROCESS_PARAMETERS*) pprocess_parameters)->CommandLine);
+
+    return true;
+}
+
+bool dbgsetcmdline(char* cmd_line, cmdline_error_t* cmd_line_error)
+{
+    cmdline_error_t cmd_line_error_aux;
+    UNICODE_STRING new_command_line;
+    SIZE_T size;
+    uint command_line_addr;
+    bool returnf;
+    PWSTR command_linewstr;
+
+    if(cmd_line_error == NULL)
+        cmd_line_error = & cmd_line_error_aux;
+
+    if(!_getcommandlineaddr(& cmd_line_error->addr, cmd_line_error))
+        return false;
+
+    command_line_addr = cmd_line_error->addr;
+
+    new_command_line.Length = (strlen(cmd_line) + 1) * 2;
+    new_command_line.MaximumLength = new_command_line.Length;
+
+    if(AnsiToUnicode(cmd_line, & command_linewstr) != NOERROR)
+    {
+        cmd_line_error->type = CMDL_ERR_CONVERTUNICODE;
+        return false;
+    }
+
+    new_command_line.Buffer = command_linewstr;
+
+    returnf = false;
+
+    uint mem = (uint)memalloc(fdProcessInfo->hProcess, 0, new_command_line.Length, PAGE_READWRITE);
+    if(!mem)
+    {
+
+    }
+    else
+    {
+
+        if(! memwrite(fdProcessInfo->hProcess, (void*) mem, new_command_line.Buffer, new_command_line.Length, & size))
+        {
+
+        }
+        else
+        {
+            new_command_line.Buffer = (PWSTR) mem;
+
+            if(! memwrite(fdProcessInfo->hProcess, (void*) command_line_addr, & new_command_line, sizeof(new_command_line), & size))
+            {
+
+            }
+            else
+                returnf = true;
+        }
+    }
+
+    free(command_linewstr);
+
+    return returnf;
+}
+
+bool dbggetcmdline(char** cmd_line, cmdline_error_t* cmd_line_error)
+{
+    SIZE_T size;
+    UNICODE_STRING CommandLine;
+    PWSTR wstr_cmd;
+    bool returnf;
+    cmdline_error_t cmd_line_error_aux;
+
+    if(cmd_line_error == NULL)
+        cmd_line_error = & cmd_line_error_aux;
+
+    if(!_getcommandlineaddr(& cmd_line_error->addr, cmd_line_error))
+        return false;
+
+    if(!memread(fdProcessInfo->hProcess, (const void*) cmd_line_error->addr, & CommandLine, sizeof(CommandLine), & size))
+    {
+        cmd_line_error->type = CMDL_ERR_READ_PROCPARM_PTR;
+        return false;
+    }
+
+    wstr_cmd = (PWSTR) calloc(1, CommandLine.Length + sizeof(WCHAR));
+    if(wstr_cmd == NULL)
+    {
+        cmd_line_error->type = CMDL_ERR_ALLOC;
+        return false;
+    }
+
+    returnf = false;
+
+    cmd_line_error->addr = (uint) CommandLine.Buffer;
+    if(!memread(fdProcessInfo->hProcess, (const void*) cmd_line_error->addr, wstr_cmd, CommandLine.Length, & size))
+        cmd_line_error->type = CMDL_ERR_READ_PROCPARM_CMDLINE;
+    else
+    {
+        if(UnicodeToAnsi(wstr_cmd, cmd_line) != NOERROR)
+            cmd_line_error->type = CMDL_ERR_CONVERTUNICODE;
+        else
+            returnf = true;
+    }
+
+    free(wstr_cmd);
+
+    return returnf;
 }

x64_dbg_dbg/debugger.h

@@ -5,6 +5,7 @@
 #include "TitanEngine\TitanEngine.h"
 #include "command.h"
 #include "breakpoint.h"
+#include "undocumented.h"
 
 #define ATTACH_CMD_LINE "\" -a %ld -e %ld"
 #define JIT_ENTRY_DEF_SIZE (MAX_PATH + sizeof(ATTACH_CMD_LINE) + 2)
@@ -28,6 +29,22 @@ struct INIT_STRUCT
     char* currentfolder;
 };
 
+typedef enum
+{
+    CMDL_ERR_READ_PEBBASE = 0,
+    CMDL_ERR_READ_PROCPARM_PTR,
+    CMDL_ERR_READ_PROCPARM_CMDLINE,
+    CMDL_ERR_CONVERTUNICODE,
+    CMDL_ERR_ALLOC
+
+} cmdline_error_type_t;
+
+typedef struct
+{
+    cmdline_error_type_t type;
+    uint addr;
+} cmdline_error_t;
+
 struct ExceptionRange
 {
     unsigned int start;
@@ -76,6 +93,9 @@ bool dbggetjitauto(bool*, arch, arch*, readwritejitkey_error_t*);
 bool dbgsetjitauto(bool, arch, arch*, readwritejitkey_error_t*);
 bool dbglistprocesses(std::vector<PROCESSENTRY32>* list);
 bool IsProcessElevated();
+HRESULT UnicodeToAnsi(LPCOLESTR, LPSTR*);
+bool dbggetcmdline(char**, cmdline_error_t*);
+bool dbgsetcmdline(char*, cmdline_error_t*);
 
 void cbStep();
 void cbRtrStep();

x64_dbg_dbg/debugger_commands.cpp

@@ -1746,5 +1746,65 @@ CMDRESULT cbDebugSetPageRights(int argc, char* argv[])
 
     dprintf("New rights of "fhex": %s\n", addr, rights);
 
+    return STATUS_CONTINUE;
+}
+
+CMDRESULT cbDebugGetCmdline(int argc, char* argv[])
+{
+    char* cmd_line;
+    cmdline_error_t cmdline_error;
+
+    if(! dbggetcmdline(& cmd_line, & cmdline_error))
+    {
+        switch(cmdline_error.type)
+        {
+        case CMDL_ERR_ALLOC:
+            dputs(" Error allocating memory for cmdline");
+            break;
+        case CMDL_ERR_CONVERTUNICODE:
+            dputs(" Error converting UNICODE cmdline");
+            break;
+        case CMDL_ERR_READ_PEBBASE:
+            dprintf(" Error reading PEB base addres "fhex"\n", cmdline_error.addr);
+            break;
+        case CMDL_ERR_READ_PROCPARM_CMDLINE:
+            dprintf(" Error reading PEB -> ProcessParameters -> CommandLine UNICODE_STRING "fhex"\n", cmdline_error.addr);
+            break;
+        case CMDL_ERR_READ_PROCPARM_PTR:
+            dprintf(" Error reading PEB -> ProcessParameters pointer address "fhex"\n", cmdline_error.addr);
+            break;
+        default:
+            dputs(" Error getting cmdline");
+            break;
+        }
+
+        return STATUS_ERROR;
+    }
+
+    dprintf("Command line: %s\n", cmd_line);
+
+    free(cmd_line);
+
+    return STATUS_CONTINUE;
+}
+
+
+CMDRESULT cbDebugSetCmdline(int argc, char* argv[])
+{
+    cmdline_error_t cmdline_error;
+
+    if(argc != 2)
+    {
+        dprintf("Error: write the arg1 with the new command line of the process debugged\n");
+        return STATUS_ERROR;
+    }
+
+    if(! dbgsetcmdline(argv[1], & cmdline_error))
+    {
+        return STATUS_ERROR;
+    }
+
+    dprintf("New command line: %s\n", argv[1]);
+
     return STATUS_CONTINUE;
 }

x64_dbg_dbg/debugger_commands.h

@@ -50,6 +50,8 @@ CMDRESULT cbDebugSetJITAuto(int argc, char* argv[]);
 CMDRESULT cbDebugSuspendthread(int argc, char* argv[]);
 CMDRESULT cbDebugKillthread(int argc, char* argv[]);
 CMDRESULT cbDebugSetPriority(int argc, char* argv[]);
+CMDRESULT cbDebugGetCmdline(int argc, char* argv[]);
+CMDRESULT cbDebugSetCmdline(int argc, char* argv[]);
 CMDRESULT cbDebugEnableHardwareBreakpoint(int argc, char* argv[]);
 CMDRESULT cbDebugDisableHardwareBreakpoint(int argc, char* argv[]);
 CMDRESULT cbDebugEnableMemoryBreakpoint(int argc, char* argv[]);

x64_dbg_dbg/undocumented.h

@@ -1,5 +1,7 @@
 #include <windows.h>
 
+#ifndef _UNDOCUMENTED_H
+#define _UNDOCUMENTED_H
 //Thanks to: https://github.com/zer0fl4g/Nanomite
 
 typedef LONG NTSTATUS;
@@ -17,6 +19,7 @@ typedef struct _CLIENT_ID
     HANDLE UniqueThread;
 } CLIENT_ID;
 
+/* FIX IT TO WORK FROM x64 debugger: ADD PVOIDs etc.. */
 typedef struct _PEB
 {
     BYTE InheritedAddressSpace;
@@ -153,3 +156,34 @@ typedef struct _TEB
     PVOID                   StackCommitMax;
     PVOID                   StackReserved;
 } TEB, *PTEB;
+
+typedef struct _RTL_USER_PROCESS_PARAMETERS
+{
+    BYTE           Reserved1[16];
+    PVOID          Reserved2[10];
+    UNICODE_STRING ImagePathName;
+    UNICODE_STRING CommandLine;
+} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
+
+/*
+Workarround: this PEB its like the default PEB struct in MSDN,
+if you use the PEB of this header from the x64debugger you will have problems,
+for example: accessing ProcessParamater.
+*/
+typedef struct _MSDNPEB
+{
+    BYTE                          Reserved1[2];
+    BYTE                          BeingDebugged;
+    BYTE                          Reserved2[1];
+    PVOID                         Reserved3[2];
+    PVOID /*PPEB_LDR_DATA*/                 Ldr;
+    PRTL_USER_PROCESS_PARAMETERS  ProcessParameters;
+    BYTE                          Reserved4[104];
+    PVOID                         Reserved5[52];
+    PVOID /* PPS_POST_PROCESS_INIT_ROUTINE */ PostProcessInitRoutine;
+    BYTE                          Reserved6[128];
+    PVOID                         Reserved7[1];
+    ULONG                         SessionId;
+} MSDNPEB, *PMSDNPEB;
+
+#endif /* _UNDOCUMENTED_H */

x64_dbg_dbg/x64_dbg.cpp

@@ -106,6 +106,8 @@ static void registercommands()
     dbgcmdnew("getjit\1jitget", cbDebugGetJIT, false); //get JIT
     dbgcmdnew("getjitauto\1jitgetauto", cbDebugGetJITAuto, false); //get JIT Auto
     dbgcmdnew("setjitauto\1jitsetauto", cbDebugSetJITAuto, false); //set JIT Auto
+    dbgcmdnew("getcmdline", cbDebugGetCmdline, true); //Get CmdLine
+    dbgcmdnew("setcmdline", cbDebugSetCmdline, true); //Set CmdLine
 
     //breakpoints
     dbgcmdnew("bplist", cbDebugBplist, true); //breakpoint list

x64_dbg_gui/Project/Src/Gui/MainWindow.cpp

@@ -12,6 +12,7 @@
 #include "ShortcutsDialog.h"
 #include "AttachDialog.h"
 #include "LineEditDialog.h"
+#include "changecommandline.h"
 
 MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWindow)
 {
@@ -930,3 +931,20 @@ void MainWindow::detach()
 {
     DbgCmdExec("detach");
 }
+
+void MainWindow::on_actionChange_command_line_triggered()
+{
+    if(!DbgIsDebugging())
+    {
+        QMessageBox msg(QMessageBox::Warning, "ERROR NO DEBUGGING", "THERE IS NOT A DEBUGGING PROCESS");
+        msg.setWindowIcon(QIcon(":/icons/images/compile-warning.png"));
+        msg.setParent(this, Qt::Dialog);
+        msg.setWindowFlags(msg.windowFlags() & (~Qt::WindowContextHelpButtonHint));
+        msg.exec();
+
+        return;
+    }
+    ChangeCommandline change_command_line;
+    change_command_line.exec();
+
+}

x64_dbg_gui/Project/Src/Gui/MainWindow.h

@@ -151,6 +151,8 @@ protected:
     void dragEnterEvent(QDragEnterEvent* pEvent);
     void dropEvent(QDropEvent* pEvent);
 
+private slots:
+    void on_actionChange_command_line_triggered();
 };
 
 #endif // MAINWINDOW_H

x64_dbg_gui/Project/Src/Gui/MainWindow.ui

@@ -81,6 +81,8 @@
     <addaction name="actioneRtr"/>
     <addaction name="separator"/>
     <addaction name="actionCommand"/>
+    <addaction name="separator"/>
+    <addaction name="actionChange_command_line"/>
    </widget>
    <widget class="QMenu" name="menuHelp">
     <property name="title">
@@ -593,6 +595,11 @@
     <string>Detach</string>
    </property>
   </action>
+  <action name="actionChange_command_line">
+   <property name="text">
+    <string>Change command line</string>
+   </property>
+  </action>
  </widget>
  <layoutdefault spacing="6" margin="11"/>
  <resources>

x64_dbg_gui/Project/Src/Gui/changecommandline.cpp

@@ -0,0 +1,44 @@
+#include "changecommandline.h"
+#include "ui_changecommandline.h"
+#include <QMessageBox>
+#include <QIcon>
+
+ChangeCommandline::ChangeCommandline(QWidget* parent) :
+    QDialog(parent),
+    ui(new Ui::ChangeCommandline)
+{
+    ui->setupUi(this);
+    char* cmd_line;
+
+    //set window flags
+    setModal(true);
+    setWindowFlags(Qt::Dialog | Qt::WindowSystemMenuHint | Qt::WindowTitleHint | Qt::MSWindowsFixedSizeDialogHint);
+
+    if(! DbgFunctions()->GetCmdline(& cmd_line))
+        ui->lneditCommandline->setText("Cant get remote command line use getcmdline command for more information");
+    else
+    {
+        ui->lneditCommandline->setText(QString(cmd_line));
+        ui->lneditCommandline->setCursorPosition(0);
+        free(cmd_line);
+    }
+}
+
+ChangeCommandline::~ChangeCommandline()
+{
+    delete ui;
+}
+
+void ChangeCommandline::on_buttonBox_accepted()
+{
+    if(!DbgFunctions()->SetCmdline((char*)ui->lneditCommandline->text().toUtf8().constData()))
+    {
+        QMessageBox msg(QMessageBox::Warning, "ERROR CANT SET COMMAND LINE", "ERROR SETTING COMMAND LINE TRY SETCOMMANDLINE COMMAND");
+        msg.setWindowIcon(QIcon(":/icons/images/compile-warning.png"));
+        msg.setParent(this, Qt::Dialog);
+        msg.setWindowFlags(msg.windowFlags() & (~Qt::WindowContextHelpButtonHint));
+        msg.exec();
+    }
+    else
+        GuiAddStatusBarMessage(QString("New command line: " + ui->lneditCommandline->text() + "\n").toUtf8().constData());
+}

x64_dbg_gui/Project/Src/Gui/changecommandline.h

@@ -0,0 +1,27 @@
+#ifndef CHANGECOMMANDLINE_H
+#define CHANGECOMMANDLINE_H
+
+#include <QDialog>
+#include "NewTypes.h"
+
+namespace Ui
+{
+class ChangeCommandline;
+}
+
+class ChangeCommandline : public QDialog
+{
+    Q_OBJECT
+
+public:
+    explicit ChangeCommandline(QWidget* parent = 0);
+    ~ChangeCommandline();
+
+private slots:
+    void on_buttonBox_accepted();
+
+private:
+    Ui::ChangeCommandline* ui;
+};
+
+#endif // CHANGECOMMANDLINE_H

x64_dbg_gui/Project/Src/Gui/changecommandline.ui

@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
+ <class>ChangeCommandline</class>
+ <widget class="QDialog" name="ChangeCommandline">
+  <property name="geometry">
+   <rect>
+    <x>0</x>
+    <y>0</y>
+    <width>471</width>
+    <height>84</height>
+   </rect>
+  </property>
+  <property name="windowTitle">
+   <string>Change Command Line</string>
+  </property>
+  <widget class="QWidget" name="">
+   <property name="geometry">
+    <rect>
+     <x>10</x>
+     <y>10</y>
+     <width>451</width>
+     <height>70</height>
+    </rect>
+   </property>
+   <layout class="QVBoxLayout" name="verticalLayout">
+    <item>
+     <widget class="QLabel" name="label">
+      <property name="text">
+       <string>New Command Line:</string>
+      </property>
+     </widget>
+    </item>
+    <item>
+     <widget class="QLineEdit" name="lneditCommandline"/>
+    </item>
+    <item>
+     <widget class="QDialogButtonBox" name="buttonBox">
+      <property name="orientation">
+       <enum>Qt::Horizontal</enum>
+      </property>
+      <property name="standardButtons">
+       <set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
+      </property>
+     </widget>
+    </item>
+   </layout>
+  </widget>
+ </widget>
+ <resources/>
+ <connections>
+  <connection>
+   <sender>buttonBox</sender>
+   <signal>accepted()</signal>
+   <receiver>ChangeCommandline</receiver>
+   <slot>accept()</slot>
+   <hints>
+    <hint type="sourcelabel">
+     <x>229</x>
+     <y>70</y>
+    </hint>
+    <hint type="destinationlabel">
+     <x>157</x>
+     <y>83</y>
+    </hint>
+   </hints>
+  </connection>
+  <connection>
+   <sender>buttonBox</sender>
+   <signal>rejected()</signal>
+   <receiver>ChangeCommandline</receiver>
+   <slot>reject()</slot>
+   <hints>
+    <hint type="sourcelabel">
+     <x>297</x>
+     <y>76</y>
+    </hint>
+    <hint type="destinationlabel">
+     <x>286</x>
+     <y>83</y>
+    </hint>
+   </hints>
+  </connection>
+ </connections>
+</ui>

x64_dbg_gui/Project/x64_dbg.pro

@@ -83,7 +83,8 @@ SOURCES += \
     Src/BasicView/ShortcutEdit.cpp \
     Src/Gui/CalculatorDialog.cpp \
     Src/Gui/AttachDialog.cpp \
-    Src/Gui/PageMemoryRights.cpp
+    Src/Gui/PageMemoryRights.cpp \
+    Src/Gui/changecommandline.cpp
 
 
 HEADERS += \
@@ -145,7 +146,8 @@ HEADERS += \
     Src/BasicView/ShortcutEdit.h \
     Src/Gui/CalculatorDialog.h \
     Src/Gui/AttachDialog.h \
-    Src/Gui/PageMemoryRights.h
+    Src/Gui/PageMemoryRights.h \
+    Src/Gui/changecommandline.h
 
 
 INCLUDEPATH += \
@@ -179,7 +181,8 @@ FORMS += \
     Src/Gui/ShortcutsDialog.ui \
     Src/Gui/CalculatorDialog.ui \
     Src/Gui/AttachDialog.ui \
-    Src/Gui/PageMemoryRights.ui
+    Src/Gui/PageMemoryRights.ui \
+    Src/Gui/changecommandline.ui
 
 INCLUDEPATH += $$PWD/Src/Bridge