1
0
Fork 0

DBG: debugged file path resolving

DBG: manually set entry breakpoints
DBG: bpfixmemory inside value.cpp
This commit is contained in:
mr.exodia 2013-12-03 21:02:13 +01:00
parent 43ce38dc21
commit 83068ba147
6 changed files with 80 additions and 53 deletions

View File

@ -17,6 +17,7 @@
#define UE_ACCESS_WRITE 1
#define UE_ACCESS_ALL 2
#define UE_HIDE_PEBONLY 0
#define UE_HIDE_BASIC 1
#define UE_PLUGIN_CALL_REASON_PREDEBUG 1
@ -301,6 +302,12 @@ typedef struct
DWORD NumberOfRvaAndSizes;
} PE64Struct, *PPE64Struct;
#if defined(_WIN64)
typedef PE64Struct PEStruct;
#else
typedef PE32Struct PEStruct;
#endif
typedef struct
{
bool NewDll;

View File

@ -154,3 +154,29 @@ bool PathToDevicePath(const char* path, char* devicepath, size_t devicepath_size
sprintf(devicepath, "%s%s", curDevice, path+2);
return true;
}
bool GetFileNameFromHandle(HANDLE hFile, char* szFileName)
{
if(!GetFileSize(hFile, 0))
return false;
HANDLE hFileMap=CreateFileMappingA(hFile, 0, PAGE_READONLY, 0, 1, 0);
if(!hFileMap)
return false;
void* pFileMap=MapViewOfFile(hFileMap, FILE_MAP_READ, 0, 0, 1);
if(!pFileMap)
{
CloseHandle(hFileMap);
return false;
}
char szMappedName[MAX_PATH]="";
if(GetMappedFileNameA(GetCurrentProcess(), pFileMap, szMappedName, MAX_PATH))
{
DevicePathToPath(szMappedName, szFileName, MAX_PATH);
UnmapViewOfFile(pFileMap);
CloseHandle(hFileMap);
return true;
}
UnmapViewOfFile(pFileMap);
CloseHandle(hFileMap);
return false;
}

View File

@ -108,5 +108,6 @@ bool FileExists(const char* file);
bool DirExists(const char* dir);
bool DevicePathToPath(const char* devicepath, char* path, size_t path_size);
bool PathToDevicePath(const char* path, char* devicepath, size_t devicepath_size);
bool GetFileNameFromHandle(HANDLE hFile, char* szFileName);
#endif // _GLOBAL_H

View File

@ -5,7 +5,7 @@
#include "console.h"
#include "memory.h"
static BREAKPOINT bpall[1000];
static BREAKPOINT bpall[1000]; //TODO: fix this size
static int bpcount=0;
int bpgetlist(BREAKPOINT** list)

View File

@ -9,12 +9,13 @@
#include "_exports.h"
#include "addrinfo.h"
#include "plugin_loader.h"
#include "x64_dbg.h"
static PROCESS_INFORMATION g_pi= {0,0,0,0};
PROCESS_INFORMATION* fdProcessInfo=&g_pi;
static char szFileName[deflen]="";
bool bFileIsDll=false;
uint pDebuggedDllBase=0;
static char szFileName[MAX_PATH]="";
static bool bFileIsDll=false;
static uint pDebuggedBase=0;
static uint pDebuggedEntry=0;
static bool isStepping=false;
static bool isPausedByUser=false;
static bool bScyllaLoaded=false;
@ -22,11 +23,11 @@ static int ecount=0;
//Superglobal variables
char sqlitedb[deflen]="";
PROCESS_INFORMATION* fdProcessInfo=&g_pi;
//static functions
static void cbStep();
static void cbSystemBreakpoint(void* ExceptionData);
static void cbEntryBreakpoint();
static void cbUserBreakpoint();
void dbgdisablebpx()
@ -192,49 +193,20 @@ static void cbMemoryBreakpoint(void* ExceptionAddress)
wait(WAITID_RUN);
}
static void cbEntryBreakpoint()
{
pDebuggedDllBase=GetDebuggedDLLBaseAddress();
dputs("entry point reached!");
DebugUpdateGui(GetContextData(UE_CIP));
GuiSetDebugState(paused);
//lock
lock(WAITID_RUN);
PLUG_CB_PAUSEDEBUG pauseInfo;
pauseInfo.reserved=0;
plugincbcall(CB_PAUSEDEBUG, &pauseInfo);
wait(WAITID_RUN);
}
BOOL
CALLBACK
SymRegisterCallbackProc64(
__in HANDLE hProcess,
__in ULONG ActionCode,
__in_opt ULONG64 CallbackData,
__in_opt ULONG64 UserContext
)
BOOL CALLBACK SymRegisterCallbackProc64(HANDLE hProcess, ULONG ActionCode, ULONG64 CallbackData, ULONG64 UserContext)
{
UNREFERENCED_PARAMETER(hProcess);
UNREFERENCED_PARAMETER(UserContext);
PIMAGEHLP_CBA_EVENT evt;
// If SYMOPT_DEBUG is set, then the symbol handler will pass
// verbose information on its attempt to load symbols.
// This information be delivered as text strings.
switch (ActionCode)
{
case CBA_EVENT:
evt = (PIMAGEHLP_CBA_EVENT)CallbackData;
evt=(PIMAGEHLP_CBA_EVENT)CallbackData;
printf("%s", (PTSTR)evt->desc);
break;
default:
return FALSE;
}
return TRUE;
}
@ -383,6 +355,16 @@ static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo)
if(modnamefromaddr((uint)base, modname, true))
bpenumall(cbSetModuleBreakpoints, modname);
//Set entry breakpoint
if(!bFileIsDll)
{
char command[256]="";
sprintf(command, "bp "fhex",\"entry breakpoint\",ss", CreateProcessInfo->lpStartAddress);
cmddirectexec(dbggetcommandlist(), command);
pDebuggedBase=(uint)CreateProcessInfo->lpBaseOfImage;
//SetBPX((ULONG_PTR)CreateProcessInfo->lpStartAddress, UE_SINGLESHOOT, (void*)cbEntryBreakpoint);
}
//call plugin callback
PLUG_CB_CREATEPROCESS callbackInfo;
callbackInfo.CreateProcessInfo=CreateProcessInfo;
@ -457,6 +439,15 @@ static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll)
if(modnamefromaddr((uint)base, modname, true))
bpenumall(cbSetModuleBreakpoints, modname);
if(bFileIsDll and !stricmp(DLLDebugFileName, szFileName))
{
pDebuggedBase=(uint)base;
char command[256]="";
sprintf(command, "bp "fhex",\"entry breakpoint\",ss", pDebuggedBase+pDebuggedEntry);
cmddirectexec(dbggetcommandlist(), command);
//SetBPX(pDebuggedBase+pDebuggedEntry, UE_SINGLESHOOT, (void*)cbEntryBreakpoint);
}
//TODO: plugin callback
PLUG_CB_LOADDLL callbackInfo;
callbackInfo.LoadDll=LoadDll;
@ -545,10 +536,11 @@ static DWORD WINAPI threadDebugLoop(void* lpParameter)
//initialize
INIT_STRUCT* init=(INIT_STRUCT*)lpParameter;
bFileIsDll=IsFileDLL(init->exe, 0);
pDebuggedEntry=GetPE32Data(init->exe, 0, UE_OEP);
if(bFileIsDll)
fdProcessInfo=(PROCESS_INFORMATION*)InitDLLDebug(init->exe, false, init->commandline, init->currentfolder, (void*)cbEntryBreakpoint);
fdProcessInfo=(PROCESS_INFORMATION*)InitDLLDebug(init->exe, false, init->commandline, init->currentfolder, 0);
else
fdProcessInfo=(PROCESS_INFORMATION*)InitDebugEx(init->exe, init->commandline, init->currentfolder, (void*)cbEntryBreakpoint);
fdProcessInfo=(PROCESS_INFORMATION*)InitDebugEx(init->exe, init->commandline, init->currentfolder, 0);
if(!fdProcessInfo)
{
fdProcessInfo=&g_pi;
@ -581,6 +573,8 @@ static DWORD WINAPI threadDebugLoop(void* lpParameter)
plugincbcall(CB_INITDEBUG, &initInfo);
//run debug loop (returns when process debugging is stopped)
DebugLoop();
//remove entry breakpoint from database
bpdel(pDebuggedBase+pDebuggedEntry, BPNORMAL);
//call plugin callback
PLUG_CB_STOPDEBUG stopInfo;
stopInfo.reserved=0;
@ -616,6 +610,14 @@ CMDRESULT cbDebugInit(int argc, char* argv[])
dputs("file does not exsist!");
return STATUS_ERROR;
}
HANDLE hFile=CreateFileA(arg1, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
if(hFile==INVALID_HANDLE_VALUE)
{
dputs("could not open file!");
return STATUS_ERROR;
}
GetFileNameFromHandle(hFile, arg1); //get full path of the file
CloseHandle(hFile);
char arg2[deflen]="";
argget(*argv, arg2, 1, true);
@ -728,11 +730,6 @@ CMDRESULT cbDebugSetBPX(int argc, char* argv[]) //bp addr [,name [,type]]
dprintf("invalid addr: \"%s\"\n", argaddr);
return STATUS_ERROR;
}
if(addr==(uint)(GetPE32Data(szFileName, 0, UE_OEP)+pDebuggedDllBase))
{
dputs("entry breakpoint will be set automatically");
return STATUS_ERROR;
}
int type=0;
bool singleshoot=false;
if(strstr(argtype, "ss"))
@ -769,7 +766,7 @@ CMDRESULT cbDebugSetBPX(int argc, char* argv[]) //bp addr [,name [,type]]
static bool cbDeleteAllBreakpoints(const BREAKPOINT* bp)
{
if(DeleteBPX(bp->addr) and bpdel(bp->addr, BPNORMAL))
if(bpdel(bp->addr, BPNORMAL) and DeleteBPX(bp->addr))
return true;
dprintf("delete breakpoint failed: "fhex"\n", bp->addr);
return false;
@ -794,7 +791,7 @@ CMDRESULT cbDebugDeleteBPX(int argc, char* argv[])
BREAKPOINT found;
if(bpget(0, BPNORMAL, arg1, &found)) //found a breakpoint with name
{
if(!DeleteBPX(found.addr) or !bpdel(found.addr, BPNORMAL))
if(!bpdel(found.addr, BPNORMAL) or !DeleteBPX(found.addr))
{
dprintf("delete breakpoint failed: "fhex"\n", found.addr);
return STATUS_ERROR;
@ -807,7 +804,7 @@ CMDRESULT cbDebugDeleteBPX(int argc, char* argv[])
dprintf("no such breakpoint \"%s\"\n", arg1);
return STATUS_ERROR;
}
if(!DeleteBPX(found.addr) or !bpdel(found.addr, BPNORMAL))
if(!bpdel(found.addr, BPNORMAL) or !DeleteBPX(found.addr))
{
dprintf("delete breakpoint failed: "fhex"\n", found.addr);
return STATUS_ERROR;
@ -1414,7 +1411,7 @@ DWORD WINAPI scyllaThread(void* lpParam)
return 0;
}
if(bFileIsDll)
ScyllaStartGui(fdProcessInfo->dwProcessId, (HINSTANCE)pDebuggedDllBase);
ScyllaStartGui(fdProcessInfo->dwProcessId, (HINSTANCE)pDebuggedBase);
else
ScyllaStartGui(fdProcessInfo->dwProcessId, 0);
FreeLibrary(hScylla);

View File

@ -1260,12 +1260,8 @@ bool valtostring(const char* string, uint* value, bool silent)
uint temp;
if(!valfromstring(string+add, &temp, 0, 0, false, 0))
return false;
bool isrunning=dbgisrunning();
if(!isrunning)
dbgdisablebpx();
bool wpm=WriteProcessMemory(fdProcessInfo->hProcess, (void*)temp, value, read_size, 0);
if(!isrunning)
dbgenablebpx();
bpfixmemory(temp, (unsigned char*)value, read_size);
if(!wpm)
{
if(!silent)