x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

Memory Rights finish

This commit is contained in:
dreg_fr33project 2014-08-18 08:41:24 +02:00
parent 3f86be63bc
commit a85c7e5b45
11 changed files with 337 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
x64_dbg_dbg/_dbgfunctions.cpp
View File

@ -112,6 +112,21 @@ static bool _getjitauto(bool* jit_auto)
return dbggetjitauto(jit_auto, notfound, NULL, NULL);
}
static bool _getpagerights(uint* addr, char* rights)
{
return dbggetpagerights(addr, rights);
}
static bool _pagerightstostring(DWORD protect, char* rights)
{
return dbgpagerightstostring(protect, rights);
}
static bool _setpagerights(uint* addr, char* rights)
{
return dbgsetpagerights(addr, rights);
}
static bool _getjit(char* jit, bool jit64)
{
arch dummy;
@ -180,4 +195,7 @@ void dbgfunctionsinit()
_dbgfunctions.GetJitAuto = _getjitauto;
_dbgfunctions.GetDefJit = dbggetdefjit;
_dbgfunctions.GetProcessList = _getprocesslist;
_dbgfunctions.GetPageRights = _getpagerights;
_dbgfunctions.SetPageRights = _setpagerights;
_dbgfunctions.PageRightsToString = _pagerightstostring;
}

6
x64_dbg_dbg/_dbgfunctions.h
View File

@ -57,6 +57,9 @@ typedef bool (*GETJIT)(char* jit, bool x64);
typedef bool (*GETJITAUTO)(bool*);
typedef bool (*GETDEFJIT)(char*);
typedef bool (*GETPROCESSLIST)(DBGPROCESSINFO** entries, int* count);
typedef bool (*GETPAGERIGHTS)(duint*, char*);
typedef bool (*SETPAGERIGHTS)(duint*, char*);
typedef bool (*PAGERIGHTSTOSTRING)(DWORD, char*);
typedef struct DBGFUNCTIONS_
{
@ -84,6 +87,9 @@ typedef struct DBGFUNCTIONS_
GETJIT GetJit;
GETDEFJIT GetDefJit;
GETPROCESSLIST GetProcessList;
GETPAGERIGHTS GetPageRights;
SETPAGERIGHTS SetPageRights;
PAGERIGHTSTOSTRING PageRightsToString;
} DBGFUNCTIONS;
#ifdef BUILD_DBG

114
x64_dbg_dbg/debugger.cpp
View File

@ -1562,6 +1562,120 @@ bool _readwritejitkey(char* jit_key_value, DWORD* jit_key_vale_size, char* key,
return true;
}
bool dbgpagerightstostring(DWORD protect, char* rights)
{
memset(rights, 0, RIGHTS_STRING);
switch(protect & 0xFF)
{
case PAGE_EXECUTE:
strcpy(rights, "E---");
break;
case PAGE_EXECUTE_READ:
strcpy(rights, "ER--");
break;
case PAGE_EXECUTE_READWRITE:
strcpy(rights, "ERW-");
break;
case PAGE_EXECUTE_WRITECOPY:
strcpy(rights, "ERWC");
break;
case PAGE_NOACCESS:
strcpy(rights, "----");
break;
case PAGE_READONLY:
strcpy(rights, "-R--");
break;
case PAGE_READWRITE:
strcpy(rights, "-RW-");
break;
case PAGE_WRITECOPY:
strcpy(rights, "-RWC");
break;
}
if(protect & PAGE_GUARD)
strcat(rights, "G");
else
strcat(rights, "-");
return true;
}
void dbggetpageligned(uint* addr)
{
#ifdef _WIN64
* addr &= 0xFFFFFFFFFFFFF000;
#else // _WIN32
* addr &= 0xFFFFF000;
#endif // _WIN64
}
bool dbgpagerightsfromstring(DWORD* protect, char* rights_string)
{
if(strlen(rights_string) < 2)
return false;
* protect = 0;
if(rights_string[0] == 'G' || rights_string[0] == 'g')
{
* protect |= PAGE_GUARD;
rights_string++;
}
if(_strcmpi(rights_string, "Execute") == 0)
* protect |= PAGE_EXECUTE;
else if(_strcmpi(rights_string, "ExecuteRead") == 0)
* protect |= PAGE_EXECUTE_READ;
else if(_strcmpi(rights_string, "ExecuteReadWrite") == 0)
* protect |= PAGE_EXECUTE_READWRITE;
else if(_strcmpi(rights_string, "ExecuteWriteCopy") == 0)
* protect |= PAGE_EXECUTE_WRITECOPY;
else if(_strcmpi(rights_string, "NoAccess") == 0)
* protect |= PAGE_NOACCESS;
else if(_strcmpi(rights_string, "ReadOnly") == 0)
* protect |= PAGE_READONLY;
else if(_strcmpi(rights_string, "ReadWrite") == 0)
* protect |= PAGE_READWRITE;
else if(_strcmpi(rights_string, "WriteCopy") == 0)
* protect |= PAGE_WRITECOPY;
if(* protect == 0)
return false;
return true;
}
bool dbgsetpagerights(uint* addr, char* rights_string)
{
DWORD protect;
DWORD old_protect;
dbggetpageligned(addr);
if(!dbgpagerightsfromstring(& protect, rights_string))
return false;
if(VirtualProtectEx(fdProcessInfo->hProcess, (void*)*addr, PAGE_SIZE, protect, & old_protect) == 0)
return false;
// ADD ME: CALL TO UPDATE MEMORY VIEW HERE :-)
return true;
}
bool dbggetpagerights(uint* addr, char* rights)
{
dbggetpageligned(addr);
MEMORY_BASIC_INFORMATION mbi;
if(VirtualQueryEx(fdProcessInfo->hProcess, (const void*)*addr, &mbi, sizeof(mbi)) == 0)
return false;
return dbgpagerightstostring(mbi.Protect, rights);
}
bool dbggetjitauto(bool* auto_on, arch arch_in, arch* arch_out, readwritejitkey_error_t* rw_error_out)
{
char jit_entry[4];

6
x64_dbg_dbg/debugger.h
View File

@ -10,6 +10,7 @@
#define JIT_ENTRY_DEF_SIZE (MAX_PATH + sizeof(ATTACH_CMD_LINE) + 2)
#define JIT_ENTRY_MAX_SIZE 512
#define JIT_REG_KEY TEXT("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AeDebug")
#define RIGHTS_STRING (sizeof("ERWCG") + 1)
typedef enum
{
@ -62,6 +63,11 @@ bool dbgisignoredexception(unsigned int exception);
bool dbgcmdnew(const char* name, CBCOMMAND cbCommand, bool debugonly);
bool dbgcmddel(const char* name);
bool dbggetjit(char jit_entry[JIT_ENTRY_MAX_SIZE], arch arch_in, arch* arch_out, readwritejitkey_error_t*);
bool dbggetpagerights(uint*, char*);
bool dbgpagerightstostring(DWORD, char*);
void dbggetpageligned(uint*);
bool dbgpagerightsfromstring(DWORD*, char*);
bool dbgsetpagerights(uint*, char*);
bool dbgsetjit(char* jit_cmd, arch arch_in, arch* arch_out, readwritejitkey_error_t*);
bool dbggetdefjit(char* jit_entry);
bool _readwritejitkey(char*, DWORD*, char*, arch, arch*, readwritejitkey_error_t*, bool);

50
x64_dbg_dbg/debugger_commands.cpp
View File

@ -1686,5 +1686,55 @@ CMDRESULT cbDebugGetJIT(int argc, char* argv[])
dprintf("JIT %s: %s\n", (actual_arch == x64) ? "x64" : "x32", get_entry);
return STATUS_CONTINUE;
}
CMDRESULT cbDebugGetPageRights(int argc, char* argv[])
{
uint addr = 0;
char rights[RIGHTS_STRING];
if(argc != 2 || !valfromstring(argv[1], &addr))
{
dprintf("Error: using an address as arg1\n");
return STATUS_ERROR;
}
if(!dbggetpagerights(&addr, rights))
{
dprintf("Error getting rights of page: %s\n", argv[1]);
return STATUS_ERROR;
}
dprintf("Page: "fhex", Rights: %s\n", addr, rights);
return STATUS_CONTINUE;
}
CMDRESULT cbDebugSetPageRights(int argc, char* argv[])
{
uint addr = 0;
char rights[RIGHTS_STRING];
if(argc != 3 || !valfromstring(argv[1], &addr))
{
dprintf("Error: using an address as arg1 and as arg2: Execute, ExecuteRead, ExecuteReadWrite, ExecuteWriteCopy, NoAccess, ReadOnly, ReadWrite, WriteCopy. You can add a G at first for add PAGE GUARD, example: GReadOnly\n");
return STATUS_ERROR;
}
if(!dbgsetpagerights(&addr, argv[2]))
{
dprintf("Error: Set rights of "fhex" with Rights: %s\n", addr, argv[2]);
return STATUS_ERROR;
}
if(!dbggetpagerights(&addr, rights))
{
dprintf("Error getting rights of page: %s\n", argv[1]);
return STATUS_ERROR;
}
dprintf("New rights of "fhex": %s\n", addr, rights);
return STATUS_CONTINUE;
}

2
x64_dbg_dbg/debugger_commands.h
View File

@ -55,5 +55,7 @@ CMDRESULT cbDebugDisableHardwareBreakpoint(int argc, char* argv[]);
CMDRESULT cbDebugEnableMemoryBreakpoint(int argc, char* argv[]);
CMDRESULT cbDebugDisableMemoryBreakpoint(int argc, char* argv[]);
CMDRESULT cbDebugDownloadSymbol(int argc, char* argv[]);
CMDRESULT cbDebugGetPageRights(int argc, char* argv[]);
CMDRESULT cbDebugSetPageRights(int argc, char* argv[]);
#endif //_DEBUGGER_COMMANDS_H

2
x64_dbg_dbg/x64_dbg.cpp
View File

@ -162,6 +162,8 @@ static void registercommands()
dbgcmdnew("alloc", cbDebugAlloc, true); //allocate memory
dbgcmdnew("free", cbDebugFree, true); //free memory
dbgcmdnew("Fill\1memset", cbDebugMemset, true); //memset
dbgcmdnew("getpagerights\1getrightspage", cbDebugGetPageRights, true);
dbgcmdnew("setpagerights\1setrightspage", cbDebugSetPageRights, true);
//plugins
dbgcmdnew("StartScylla\1scylla\1imprec", cbDebugStartScylla, false); //start scylla

53
x64_dbg_gui/Project/Src/Gui/MemoryMapView.cpp
View File

@ -145,39 +145,13 @@ void MemoryMapView::contextMenuSlot(const QPoint & pos)
QString MemoryMapView::getProtectionString(DWORD Protect)
{
QString wS;
switch(Protect & 0xFF)
{
case PAGE_EXECUTE:
wS = QString("E---");
break;
case PAGE_EXECUTE_READ:
wS = QString("ER--");
break;
case PAGE_EXECUTE_READWRITE:
wS = QString("ERW-");
break;
case PAGE_EXECUTE_WRITECOPY:
wS = QString("ERWC");
break;
case PAGE_NOACCESS:
wS = QString("----");
break;
case PAGE_READONLY:
wS = QString("-R--");
break;
case PAGE_READWRITE:
wS = QString("-RW-");
break;
case PAGE_WRITECOPY:
wS = QString("-RWC");
break;
}
if(Protect & PAGE_GUARD)
wS += QString("G");
else
wS += QString("-");
return wS;
#define RIGHTS_STRING (sizeof("ERWCG") + 1)
char rights[RIGHTS_STRING];
if(!DbgFunctions()->PageRightsToString(Protect, rights))
return "bad";
return QString(rights);
}
QString MemoryMapView::paintContent(QPainter* painter, int_t rowBase, int rowOffset, int col, int x, int y, int w, int h)
@ -381,17 +355,6 @@ void MemoryMapView::pageMemoryRights()
{
PageMemoryRights* mPageMemoryRightsDialog = new PageMemoryRights(this);
if(getCellContent(getInitialSelection(), 3) != "IMG")
{
QMessageBox msg(QMessageBox::Warning, "ERROR TYPE", "ONLY SUPPORTED IMG TYPE YET");
msg.setWindowIcon(QIcon(":/icons/images/compile-warning.png"));
msg.setParent(this, Qt::Dialog);
msg.setWindowFlags(msg.windowFlags() & (~Qt::WindowContextHelpButtonHint));
msg.exec();
return;
}
#ifdef _WIN64
uint_t addr = getCellContent(getInitialSelection(), 0).toULongLong(0, 16);
#else //x86
@ -404,7 +367,7 @@ void MemoryMapView::pageMemoryRights()
uint_t size = getCellContent(getInitialSelection(), 1).toULong(0, 16);
#endif //_WIN64
mPageMemoryRightsDialog->RunAddrSize(addr, size);
mPageMemoryRightsDialog->RunAddrSize(addr, size, getCellContent(getInitialSelection(), 3));
}
void MemoryMapView::switchView()

76
x64_dbg_gui/Project/Src/Gui/PageMemoryRights.cpp
View File

@ -17,29 +17,31 @@ PageMemoryRights::~PageMemoryRights()
delete ui;
}
void PageMemoryRights::RunAddrSize(uint_t addrin, uint_t sizein)
void PageMemoryRights::RunAddrSize(uint_t addrin, uint_t sizein, QString pagetypein)
{
addr = addrin;
size = sizein;
pagetype = pagetypein;
int charwidth = QFontMetrics(this->font()).width(QChar(' '));
//addColumnAt(8 + charwidth * 2 * sizeof(uint_t), "ADDR", false, "Address"); //addr
QTableWidget* tableWidget = ui->pagetableWidget;
tableWidget->setSelectionBehavior(QAbstractItemView::SelectRows);
uint_t nr_pages = size / 1000;
uint_t nr_pages = size / PAGE_SIZE;
tableWidget->setColumnCount(2);
tableWidget->setRowCount(nr_pages);
tableWidget->setHorizontalHeaderItem(0, new QTableWidgetItem(QString("ADDR")));
tableWidget->setHorizontalHeaderItem(1, new QTableWidgetItem(QString("RIGHTS")));
tableWidget->setHorizontalHeaderItem(0, new QTableWidgetItem(QString("Address")));
tableWidget->setHorizontalHeaderItem(1, new QTableWidgetItem(QString("Rights")));
#define RIGHTS_STRING (sizeof("ERWCG") + 1)
duint actual_addr;
char rights[RIGHTS_STRING];
for(uint_t i = 0; i < nr_pages; i++)
{
tableWidget->setItem(i, 0, new QTableWidgetItem(QString("%1").arg(addr + (i * 1000), sizeof(uint_t) * 2, 16, QChar('0')).toUpper()));
actual_addr = addr + (i * PAGE_SIZE);
tableWidget->setItem(i, 0, new QTableWidgetItem(QString("%1").arg(actual_addr, sizeof(uint_t) * 2, 16, QChar('0')).toUpper()));
if(DbgFunctions()->GetPageRights(& actual_addr, rights))
tableWidget->setItem(i, 1, new QTableWidgetItem(QString(rights)));
}
@ -49,6 +51,7 @@ void PageMemoryRights::RunAddrSize(uint_t addrin, uint_t sizein)
ui->pagetableWidget->selectionModel()->select(idx, QItemSelectionModel::Select);
ui->radioFullaccess->setChecked(true);
ui->chkPageguard->setCheckable(true);
exec();
}
@ -76,3 +79,56 @@ void PageMemoryRights::on_btnDeselectall_clicked()
}
}
void PageMemoryRights::on_btnSetrights_clicked()
{
duint actual_addr;
QString rights;
char newrights[RIGHTS_STRING];
bool one_right_changed = false;
if(ui->radioExecute->isChecked())
rights = "Execute";
else if(ui->radioExecuteread->isChecked())
rights = "ExecuteRead";
else if(ui->radioNoaccess->isChecked())
rights = "NoAccess";
else if(ui->radioFullaccess ->isChecked())
rights = "ExecuteReadWrite";
else if(ui->radioReadonly->isChecked())
rights = "ReadOnly";
else if(ui->radioReadwrite->isChecked())
rights = "ReadWrite";
else if(ui->radioWritecopy->isChecked())
rights = "WriteCopy";
else if(ui->radioExecutewritecopy->isChecked())
rights = "ExecuteWriteCopy";
else
return;
if(ui->chkPageguard->isChecked())
rights = "G" + rights;
QModelIndexList indexList = ui->pagetableWidget->selectionModel()->selectedIndexes();
foreach(QModelIndex index, indexList)
{
#ifdef _WIN64
actual_addr = ui->pagetableWidget->item(index.row(), 0)->text().toULongLong(0, 16);
#else //x86
actual_addr = ui->pagetableWidget->item(index.row(), 0)->text().toULong(0, 16);
#endif //_WIN64
if(DbgFunctions()->SetPageRights(& actual_addr, (char*) rights.toStdString().c_str()))
{
one_right_changed = true;
if(DbgFunctions()->GetPageRights(& actual_addr, newrights))
ui->pagetableWidget->setItem(index.row(), 1, new QTableWidgetItem(QString(newrights)));
}
}
if(one_right_changed)
ui->LnEdStatus->setText("Pages Rights Changed to: " + rights);
else
ui->LnEdStatus->setText("Error setting rights, read the MSDN to learn the valid rights of: " + pagetype);
}

6
x64_dbg_gui/Project/Src/Gui/PageMemoryRights.h
View File

@ -5,6 +5,7 @@
#include "StdTable.h"
#include "Bridge.h"
#define PAGE_SIZE 0x1000
namespace Ui
{
@ -17,7 +18,7 @@ class PageMemoryRights : public QDialog
public:
explicit PageMemoryRights(QWidget* parent = 0);
void RunAddrSize(uint_t, uint_t);
void RunAddrSize(uint_t, uint_t, QString);
~PageMemoryRights();
private slots:
@ -25,10 +26,13 @@ private slots:
void on_btnDeselectall_clicked();
void on_btnSetrights_clicked();
private:
Ui::PageMemoryRights* ui;
uint_t addr;
uint_t size;
QString pagetype;
};
#endif // PAGEMEMORYRIGHTS_H

89
x64_dbg_gui/Project/Src/Gui/PageMemoryRights.ui
View File

@ -6,8 +6,8 @@
<rect>
<x>0</x>
<y>0</y>
<width>509</width>
<height>299</height>
<width>510</width>
<height>346</height>
</rect>
</property>
<property name="sizePolicy">
@ -27,7 +27,7 @@
<property name="geometry">
<rect>
<x>350</x>
<y>270</y>
<y>310</y>
<width>121</width>
<height>21</height>
</rect>
@ -47,8 +47,8 @@
<rect>
<x>20</x>
<y>11</y>
<width>311</width>
<height>211</height>
<width>291</width>
<height>241</height>
</rect>
</property>
<property name="autoScroll">
@ -64,10 +64,10 @@
<widget class="QWidget" name="layoutWidget">
<property name="geometry">
<rect>
<x>350</x>
<x>330</x>
<y>10</y>
<width>122</width>
<height>201</height>
<width>161</width>
<height>242</height>
</rect>
</property>
<layout class="QVBoxLayout" name="verticalLayout_2">
@ -76,54 +76,71 @@
<property name="title">
<string>Rights</string>
</property>
<layout class="QVBoxLayout" name="verticalLayout">
<item>
<widget class="QRadioButton" name="radioButton">
<layout class="QFormLayout" name="formLayout">
<property name="fieldGrowthPolicy">
<enum>QFormLayout::AllNonFixedFieldsGrow</enum>
</property>
<item row="0" column="0">
<widget class="QRadioButton" name="radioNoaccess">
<property name="text">
<string>NO ACCESS</string>
</property>
</widget>
</item>
<item>
<widget class="QRadioButton" name="radioButton_2">
<item row="1" column="0">
<widget class="QRadioButton" name="radioReadonly">
<property name="text">
<string>READ ONLY</string>
</property>
</widget>
</item>
<item>
<widget class="QRadioButton" name="radioButton_3">
<item row="2" column="0">
<widget class="QRadioButton" name="radioReadwrite">
<property name="text">
<string>READ &amp; WRITE</string>
<string>READ WRITE</string>
</property>
</widget>
</item>
<item>
<widget class="QRadioButton" name="radioButton_4">
<item row="3" column="0">
<widget class="QRadioButton" name="radioExecute">
<property name="text">
<string>EXECUTE</string>
</property>
</widget>
</item>
<item>
<widget class="QRadioButton" name="radioButton_5">
<item row="4" column="0">
<widget class="QRadioButton" name="radioExecuteread">
<property name="text">
<string>EXECUTE &amp; READ</string>
<string>EXECUTE READ</string>
</property>
</widget>
</item>
<item>
<item row="5" column="0">
<widget class="QRadioButton" name="radioFullaccess">
<property name="text">
<string>FULL ACCESS</string>
</property>
</widget>
</item>
<item row="6" column="0">
<widget class="QRadioButton" name="radioWritecopy">
<property name="text">
<string>WRITE COPY</string>
</property>
</widget>
</item>
<item row="7" column="0">
<widget class="QRadioButton" name="radioExecutewritecopy">
<property name="text">
<string>EXECUTE WRITE COPY</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<widget class="QPushButton" name="pushButton">
<widget class="QPushButton" name="btnSetrights">
<property name="text">
<string>Set Rights</string>
</property>
@ -135,7 +152,7 @@
<property name="geometry">
<rect>
<x>20</x>
<y>230</y>
<y>260</y>
<width>230</width>
<height>25</height>
</rect>
@ -157,12 +174,12 @@
</item>
</layout>
</widget>
<widget class="QLineEdit" name="lineEdit">
<widget class="QLineEdit" name="LnEdStatus">
<property name="geometry">
<rect>
<x>10</x>
<y>270</y>
<width>331</width>
<y>310</y>
<width>371</width>
<height>20</height>
</rect>
</property>
@ -174,7 +191,7 @@
<property name="geometry">
<rect>
<x>260</x>
<y>240</y>
<y>280</y>
<width>241</width>
<height>20</height>
</rect>
@ -183,12 +200,26 @@
<string>Press CTRL or SHIFT key to select multiple pages</string>
</property>
</widget>
<widget class="QCheckBox" name="chkPageguard">
<property name="geometry">
<rect>
<x>400</x>
<y>260</y>
<width>91</width>
<height>16</height>
</rect>
</property>
<property name="text">
<string>PAGE GUARD</string>
</property>
</widget>
<zorder>layoutWidget</zorder>
<zorder>layoutWidget</zorder>
<zorder>buttonBox</zorder>
<zorder>lineEdit</zorder>
<zorder>LnEdStatus</zorder>
<zorder>pagetableWidget</zorder>
<zorder>label</zorder>
<zorder>chkPageguard</zorder>
</widget>
<resources>
<include location="../../resource.qrc"/>