x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

DBG+GUI+BRIDGE: rewrote handles + tcp connections view

This commit is contained in:
mrexodia 2016-05-29 00:32:09 +02:00
parent 48541d8469
commit ab1cf7b92c
23 changed files with 427 additions and 274 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/bridge/_global.cpp
View File

@ -24,7 +24,3 @@ DBGGETBPLIST _dbg_getbplist;
DBGDBGCMDEXECDIRECT _dbg_dbgcmddirectexec;
DBGGETBRANCHDESTINATION _dbg_getbranchdestination;
DBGSENDMESSAGE _dbg_sendmessage;
DBGGETHANDLECOUNT _dbg_gethandlecount;
DBGENUMHANDLES _dbg_enumhandles;
DBGGETHANDLENAME _dbg_gethandlename;
DBGGETPROCESSINFORMATION _dbg_getProcessInformation;

9
src/bridge/_global.h
View File

@ -36,11 +36,6 @@ typedef bool (*DBGDBGCMDEXECDIRECT)(const char* cmd);
typedef duint(*DBGGETBRANCHDESTINATION)(duint addr);
typedef duint(*DBGSENDMESSAGE)(DBGMSG type, void* param1, void* param2);
typedef long(*DBGGETHANDLECOUNT)();
typedef long(*DBGENUMHANDLES)(duint* handles, unsigned char* typeNumbers, unsigned int* grantedAccess, unsigned int maxcount);
typedef bool(*DBGGETHANDLENAME)(char* name, char* typeName, size_t buffersize, duint remotehandle);
typedef PROCESS_INFORMATION* (*DBGGETPROCESSINFORMATION)();
//DBG functions
extern DBGDBGINIT _dbg_dbginit;
extern DBGMEMFINDBASEADDR _dbg_memfindbaseaddr;
@ -62,9 +57,5 @@ extern DBGGETBPLIST _dbg_getbplist;
extern DBGDBGCMDEXECDIRECT _dbg_dbgcmddirectexec;
extern DBGGETBRANCHDESTINATION _dbg_getbranchdestination;
extern DBGSENDMESSAGE _dbg_sendmessage;
extern DBGGETHANDLECOUNT _dbg_gethandlecount;
extern DBGENUMHANDLES _dbg_enumhandles;
extern DBGGETHANDLENAME _dbg_gethandlename;
extern DBGGETPROCESSINFORMATION _dbg_getProcessInformation;
#endif // _GLOBAL_H

24
src/bridge/bridgemain.cpp
View File

@ -83,10 +83,6 @@ BRIDGE_IMPEXP const char* BridgeInit()
LOADEXPORT(_dbg_dbgcmddirectexec);
LOADEXPORT(_dbg_getbranchdestination);
LOADEXPORT(_dbg_sendmessage);
LOADEXPORT(_dbg_gethandlecount);
LOADEXPORT(_dbg_gethandlename);
LOADEXPORT(_dbg_enumhandles);
LOADEXPORT(_dbg_getProcessInformation);
return 0;
}
@ -850,26 +846,6 @@ BRIDGE_IMPEXP ARGTYPE DbgGetArgTypeAt(duint addr)
return ARG_NONE;
}
BRIDGE_IMPEXP long DbgGetHandleCount()
{
return _dbg_gethandlecount();
}
BRIDGE_IMPEXP long DbgEnumHandles(duint* handles, unsigned char* typeNumbers, unsigned int* grantedAccess, unsigned int maxcount)
{
return _dbg_enumhandles(handles, typeNumbers, grantedAccess, maxcount);
}
BRIDGE_IMPEXP bool DbgGetHandleName(char* name, char* typeName, size_t buffersize, duint remotehandle)
{
return _dbg_gethandlename(name, typeName, buffersize, remotehandle);
}
BRIDGE_IMPEXP PROCESS_INFORMATION* DbgGetProcessInformation()
{
return _dbg_getProcessInformation();
}
BRIDGE_IMPEXP void GuiDisasmAt(duint addr, duint cip)
{
_gui_sendmessage(GUI_DISASSEMBLE_AT, (void*)addr, (void*)cip);

7
src/bridge/bridgemain.h
View File

@ -352,6 +352,7 @@ typedef struct
duint start; //OUT
duint end; //OUT
} LOOP;
#ifndef _NO_ADDRINFO
typedef struct
{
@ -364,6 +365,7 @@ typedef struct
LOOP loop;
} ADDRINFO;
#endif
struct SYMBOLINFO_
{
duint addr;
@ -725,11 +727,6 @@ BRIDGE_IMPEXP bool DbgWinEventGlobal(MSG* message);
BRIDGE_IMPEXP bool DbgIsRunning();
BRIDGE_IMPEXP duint DbgGetTimeWastedCounter();
BRIDGE_IMPEXP ARGTYPE DbgGetArgTypeAt(duint addr);
BRIDGE_IMPEXP long DbgGetHandleCount();
BRIDGE_IMPEXP long DbgEnumHandles(duint* handles, unsigned char* typeNumbers, unsigned int* grantedAccess, unsigned int maxcount);
BRIDGE_IMPEXP bool DbgGetHandleName(char* name, char* typeName, size_t buffersize, duint remotehandle);
BRIDGE_IMPEXP bool DbgGetHandleInfo(duint remotehandle, duint* refcount, duint* access);
BRIDGE_IMPEXP PROCESS_INFORMATION* DbgGetProcessInformation();
//Gui defines
#define GUI_PLUGIN_MENU 0

33
src/dbg/_dbgfunctions.cpp
View File

@ -21,6 +21,9 @@
#include "stringformat.h"
#include "TraceRecord.h"
#include "mnemonichelp.h"
#include "handles.h"
#include "../bridge/bridgelist.h"
#include "tcpconnections.h"
static DBGFUNCTIONS _dbgfunctions;
@ -252,6 +255,33 @@ static void _getmnemonicbrief(const char* mnem, size_t resultSize, char* result)
strcpy_s(result, resultSize, MnemonicHelp::getBriefDescription(mnem).c_str());
}
static bool _enumhandles(ListOf(HANDLEINFO) handles)
{
std::vector<HANDLEINFO> handleV;
if(!HandlesEnum(fdProcessInfo->dwProcessId, handleV))
return false;
return BridgeList<HANDLEINFO>::CopyData(handles, handleV);
}
static bool _gethandlename(duint handle, char* name, size_t nameSize, char* typeName, size_t typeNameSize)
{
String nameS;
String typeNameS;
if(!HandlesGetName(fdProcessInfo->hProcess, HANDLE(handle), nameS, typeNameS))
return false;
strcpy_s(name, nameSize, nameS.c_str());
strcpy_s(typeName, typeNameSize, typeNameS.c_str());
return true;
}
static bool _enumtcpconnections(ListOf(TCPCONNECTIONINFO) connections)
{
std::vector<TCPCONNECTIONINFO> connectionsV;
if(!TcpEnumConnections(fdProcessInfo->dwProcessId, connectionsV))
return false;
return BridgeList<TCPCONNECTIONINFO>::CopyData(connections, connectionsV);
}
void dbgfunctionsinit()
{
_dbgfunctions.AssembleAtEx = _assembleatex;
@ -298,4 +328,7 @@ void dbgfunctionsinit()
_dbgfunctions.GetTraceRecordByteType = _dbg_dbggetTraceRecordByteType;
_dbgfunctions.SetTraceRecordType = _dbg_dbgsetTraceRecordType;
_dbgfunctions.GetTraceRecordType = _dbg_dbggetTraceRecordType;
_dbgfunctions.EnumHandles = _enumhandles;
_dbgfunctions.GetHandleName = _gethandlename;
_dbgfunctions.EnumTcpConnections = _enumtcpconnections;
}

26
src/dbg/_dbgfunctions.h
View File

@ -45,7 +45,6 @@ typedef struct
char szExeFile[MAX_PATH];
} DBGPROCESSINFO;
enum TRACERECORDBYTETYPE
{
InstructionBody = 0,
@ -74,6 +73,25 @@ enum TRACERECORDTYPE
TraceRecordWordWithExecTypeAndCounter
};
typedef struct
{
duint Handle;
unsigned char TypeNumber;
unsigned int GrantedAccess;
} HANDLEINFO;
#define TCP_ADDR_SIZE 50
typedef struct
{
char RemoteAddress[TCP_ADDR_SIZE];
unsigned short RemotePort;
char LocalAddress[TCP_ADDR_SIZE];
unsigned short LocalPort;
char StateText[TCP_ADDR_SIZE];
unsigned int State;
} TCPCONNECTIONINFO;
typedef bool (*ASSEMBLEATEX)(duint addr, const char* instruction, char* error, bool fillnop);
typedef bool (*SECTIONFROMADDR)(duint addr, char* section);
typedef bool (*MODNAMEFROMADDR)(duint addr, char* modname, bool extension);
@ -118,6 +136,9 @@ typedef unsigned int (*GETTRACERECORDHITCOUNT)(duint address);
typedef TRACERECORDBYTETYPE(*GETTRACERECORDBYTETYPE)(duint address);
typedef bool (*SETTRACERECORDTYPE)(duint pageAddress, TRACERECORDTYPE type);
typedef TRACERECORDTYPE(*GETTRACERECORDTYPE)(duint pageAddress);
typedef bool(*ENUMHANDLES)(ListOf(HANDLEINFO) handles);
typedef bool(*GETHANDLENAME)(duint handle, char* name, size_t nameSize, char* typeName, size_t typeNameSize);
typedef bool(*ENUMTCPCONNECTIONS)(ListOf(TCPCONNECTIONINFO) connections);
typedef struct DBGFUNCTIONS_
{
@ -165,6 +186,9 @@ typedef struct DBGFUNCTIONS_
GETTRACERECORDBYTETYPE GetTraceRecordByteType;
SETTRACERECORDTYPE SetTraceRecordType;
GETTRACERECORDTYPE GetTraceRecordType;
ENUMHANDLES EnumHandles;
GETHANDLENAME GetHandleName;
ENUMTCPCONNECTIONS EnumTcpConnections;
} DBGFUNCTIONS;
#ifdef BUILD_DBG

6
src/dbg/_exports.cpp
View File

@ -366,12 +366,6 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoset(duint addr, ADDRINFO* addrinfo)
return retval;
}
extern "C" DLL_EXPORT long _dbg_gethandlecount()
{
return HandlerGetActiveHandleCount(fdProcessInfo->dwProcessId);
}
extern "C" DLL_EXPORT PROCESS_INFORMATION* _dbg_getProcessInformation()
{
return fdProcessInfo;

4
src/dbg/_exports.h
View File

@ -18,10 +18,6 @@ DLL_EXPORT bool _dbg_isdebugging();
DLL_EXPORT bool _dbg_isjumpgoingtoexecute(duint addr);
DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDRINFO* addrinfo);
DLL_EXPORT bool _dbg_addrinfoset(duint addr, ADDRINFO* addrinfo);
DLL_EXPORT long _dbg_gethandlecount();
DLL_EXPORT long _dbg_enumhandles(duint* handles, unsigned char* typeNumbers, unsigned int* grantedAccess, unsigned int maxcount);
DLL_EXPORT bool _dbg_gethandlename(char* name, char* typeName, size_t buffersize, duint remotehandle);
DLL_EXPORT PROCESS_INFORMATION* _dbg_getProcessInformation();
DLL_EXPORT int _dbg_bpgettypeat(duint addr);
DLL_EXPORT bool _dbg_getregdump(REGDUMP* regdump);
DLL_EXPORT bool _dbg_valtostring(const char* string, duint value);

111
src/dbg/enumhandles.cpp
View File

@ -1,111 +0,0 @@
#include "_global.h"
#include "debugger.h"
#include "TitanEngine\TitanEngine.h"
struct SYSTEM_HANDLE_INFORMATION
{
ULONG ProcessId;
UCHAR ObjectTypeNumber;
UCHAR Flags;
USHORT Handle;
PVOID Object;
DWORD GrantedAccess;
};
struct OBJECT_TYPE_INFORMATION
{
UNICODE_STRING Name;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG TotalPagedPoolUsage;
ULONG TotalNonPagedPoolUsage;
ULONG TotalNamePoolUsage;
ULONG TotalHandleTableUsage;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
ULONG HighWaterPagedPoolUsage;
ULONG HighWaterNonPagedPoolUsage;
ULONG HighWaterNamePoolUsage;
ULONG HighWaterHandleTableUsage;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccess;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
USHORT MaintainTypeList;
DWORD PoolType;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
};
struct MYHANDLES
{
DWORD_PTR HandleCount;
SYSTEM_HANDLE_INFORMATION Handles[1];
};
#ifdef _WIN64
DWORD (*NtQuerySystemInformation)(DWORD SystemInfoClass, void* SystemInfo, DWORD SystemInfoSize, DWORD* ReturnedSize) = nullptr;
#else //x86
DWORD(__stdcall* NtQuerySystemInformation)(DWORD SystemInfoClass, void* SystemInfo, DWORD SystemInfoSize, DWORD* ReturnedSize) = nullptr;
#endif //_WIN64
#ifdef _WIN64
DWORD (*NtQueryObject)(HANDLE ObjectHandle, ULONG ObjectInformationClass, PVOID ObjectInformation, ULONG ObjectInformationLength, PULONG ReturnLength) = nullptr;
#else //x86
DWORD(__stdcall* NtQueryObject)(HANDLE ObjectHandle, ULONG ObjectInformationClass, PVOID ObjectInformation, ULONG ObjectInformationLength, PULONG ReturnLength) = nullptr;
#endif //_WIN64
extern "C" DLL_EXPORT long _dbg_enumhandles(duint* handles, unsigned char* typeNumbers, unsigned int* grantedAccess, unsigned int maxcount)
{
Memory<MYHANDLES*> myhandles(16 * 1024 * 1024, "_dbg_enumhandles");
DWORD size = 16384;
DWORD errcode = 0xC0000004;
if(NtQuerySystemInformation == nullptr)
*(FARPROC*)&NtQuerySystemInformation = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "NtQuerySystemInformation");
while(errcode == 0xC0000004)
{
errcode = NtQuerySystemInformation(16, myhandles(), size, &size);
if(errcode != 0xC0000004)
break;
myhandles.realloc(myhandles.size() * 2, "_dbg_enumhandles");
}
if(errcode != 0)
return 0;
unsigned int j = 0;
for(unsigned int i = 0; i < myhandles()->HandleCount; i++)
{
DWORD pid = fdProcessInfo->dwProcessId;
if(myhandles()->Handles[i].ProcessId == pid)
{
handles[j] = myhandles()->Handles[j].Handle;
typeNumbers[j] = myhandles()->Handles[j].ObjectTypeNumber;
grantedAccess[j] = myhandles()->Handles[j].GrantedAccess;
if(++j == maxcount) break;
}
}
return j;
}
extern "C" DLL_EXPORT bool _dbg_gethandlename(char* name, char* typeName, size_t buffersize, duint remotehandle)
{
HANDLE hLocalHandle;
if(typeName && DuplicateHandle(fdProcessInfo->hProcess, (HANDLE)remotehandle, GetCurrentProcess(), &hLocalHandle, DUPLICATE_SAME_ACCESS, FALSE, 0))
{
Memory<OBJECT_TYPE_INFORMATION*> objectTypeInfo(128, "_dbg_gethandlename");
if(NtQueryObject == nullptr)
*(FARPROC*)&NtQueryObject = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "NtQueryObject");
if(NtQueryObject(hLocalHandle, 2, objectTypeInfo(), 128, NULL) >= 0)
strcpy_s(typeName, buffersize, StringUtils::Utf16ToUtf8(objectTypeInfo()->Name.Buffer).c_str());
CloseHandle(hLocalHandle);
}
wchar_t* buffer;
buffer = (wchar_t*)HandlerGetHandleNameW(fdProcessInfo->hProcess, fdProcessInfo->dwProcessId, (HANDLE)remotehandle, false);
if(buffer)
{
strcpy_s(name, buffersize, StringUtils::Utf16ToUtf8(buffer).c_str());
VirtualFree(buffer, 0, MEM_RELEASE);
return true;
}
return true;
}

141
src/dbg/handles.cpp Normal file
View File

@ -0,0 +1,141 @@
#include "handles.h"
#include "undocumented.h"
typedef struct _OBJECT_NAME_INFORMATION
{
UNICODE_STRING Name;
} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
typedef struct _OBJECT_TYPE_INFORMATION
{
UNICODE_STRING TypeName;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG TotalPagedPoolUsage;
ULONG TotalNonPagedPoolUsage;
ULONG TotalNamePoolUsage;
ULONG TotalHandleTableUsage;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
ULONG HighWaterPagedPoolUsage;
ULONG HighWaterNonPagedPoolUsage;
ULONG HighWaterNamePoolUsage;
ULONG HighWaterHandleTableUsage;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccessMask;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
UCHAR TypeIndex; // since WINBLUE
CHAR ReservedByte;
ULONG PoolType;
ULONG DefaultPagedPoolCharge;
ULONG DefaultNonPagedPoolCharge;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
#define STATUS_INFO_LENGTH_MISMATCH 0xC0000004
#define STATUS_SUCCESS 0x00000000
#define SystemHandleInformation 16
#define ObjectNameInformation 1
#define ObjectTypeInformation 2
typedef enum _SYSTEM_HANDLE_FLAGS
{
PROTECT_FROM_CLOSE = 1,
INHERIT = 2
} SYSTEM_HANDLE_FLAGS;
typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO // Size=16
{
USHORT UniqueProcessId; // Size=2 Offset=0
USHORT CreatorBackTraceIndex; // Size=2 Offset=2
UCHAR ObjectTypeIndex; // Size=1 Offset=4
UCHAR HandleAttributes; // Size=1 Offset=5 (SYSTEM_HANDLE_FLAGS)
USHORT HandleValue; // Size=2 Offset=6
PVOID Object; // Size=4 Offset=8
ULONG GrantedAccess; // Size=4 Offset=12
} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
typedef struct _SYSTEM_HANDLE_INFORMATION // Size=20
{
ULONG NumberOfHandles; // Size=4 Offset=0
SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1]; // Size=16 Offset=4
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
typedef NTSTATUS(NTAPI* ZWQUERYSYSTEMINFORMATION)(
IN LONG SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
typedef NTSTATUS(NTAPI* ZWQUERYOBJECT)(
IN HANDLE Handle OPTIONAL,
IN LONG ObjectInformationClass,
OUT PVOID ObjectInformation OPTIONAL,
IN ULONG ObjectInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
bool HandlesEnum(duint pid, std::vector<HANDLEINFO> & handles)
{
static auto ZwQuerySystemInformation = ZWQUERYSYSTEMINFORMATION(GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "ZwQuerySystemInformation"));
if(!ZwQuerySystemInformation)
return 0;
Memory<PSYSTEM_HANDLE_INFORMATION> HandleInformation(16 * 1024, "_dbg_enumhandles");
NTSTATUS ErrorCode = ERROR_SUCCESS;
for(;;)
{
ErrorCode = ZwQuerySystemInformation(SystemHandleInformation, HandleInformation(), ULONG(HandleInformation.size()), nullptr);
if(ErrorCode != STATUS_INFO_LENGTH_MISMATCH)
break;
HandleInformation.realloc(HandleInformation.size() * 2, "_dbg_enumhandles");
}
if(ErrorCode != STATUS_SUCCESS)
return false;
handles.reserve(HandleInformation()->NumberOfHandles);
HANDLEINFO info;
for(ULONG i = 0; i < HandleInformation()->NumberOfHandles; i++)
{
const auto & handle = HandleInformation()->Handles[i];
if(handle.UniqueProcessId != pid)
continue;
info.Handle = handle.HandleValue;
info.TypeNumber = handle.ObjectTypeIndex;
info.GrantedAccess = handle.GrantedAccess;
handles.push_back(info);
}
return true;
}
bool HandlesGetName(HANDLE hProcess, HANDLE remoteHandle, String & name, String & typeName)
{
static auto ZwQueryObject = ZWQUERYOBJECT(GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "ZwQueryObject"));
if(!ZwQueryObject)
return false;
HANDLE hLocalHandle;
if(DuplicateHandle(hProcess, remoteHandle, GetCurrentProcess(), &hLocalHandle, DUPLICATE_SAME_ACCESS, FALSE, 0))
{
ULONG ReturnSize = 0;
if(ZwQueryObject(hLocalHandle, ObjectTypeInformation, nullptr, 0, &ReturnSize) == STATUS_INFO_LENGTH_MISMATCH)
{
Memory<OBJECT_TYPE_INFORMATION*> objectTypeInfo(ReturnSize + sizeof(WCHAR) * 16, "_dbg_gethandlename:objectTypeInfo");
if(ZwQueryObject(hLocalHandle, ObjectTypeInformation, objectTypeInfo(), ReturnSize, nullptr) == STATUS_SUCCESS)
typeName = StringUtils::Utf16ToUtf8(objectTypeInfo()->TypeName.Buffer);
}
if(ZwQueryObject(hLocalHandle, ObjectNameInformation, nullptr, 0, &ReturnSize) == STATUS_INFO_LENGTH_MISMATCH)
{
Memory<OBJECT_NAME_INFORMATION*> objectNameInfo(ReturnSize + sizeof(WCHAR) * 16, "_dbg_gethandlename:objectNameInfo");
if(ZwQueryObject(hLocalHandle, ObjectNameInformation, objectNameInfo(), ReturnSize, nullptr) == STATUS_SUCCESS)
name = StringUtils::Utf16ToUtf8(objectNameInfo()->Name.Buffer);
}
CloseHandle(hLocalHandle);
}
return true;
}

7
src/dbg/handles.h Normal file
View File

@ -0,0 +1,7 @@
#pragma once
#include "_global.h"
#include "_dbgfunctions.h"
bool HandlesEnum(duint pid, std::vector<HANDLEINFO> & handlesList);
bool HandlesGetName(HANDLE hProcess, HANDLE remoteHandle, String & name, String & typeName);

21
src/dbg/instruction.cpp
View File

@ -2476,3 +2476,24 @@ CMDRESULT cbDisablePrivilege(int argc, char* argv[])
bool ret = AdjustTokenPrivileges(hProcessToken, FALSE, &Privilege, sizeof(TOKEN_PRIVILEGES), nullptr, nullptr) != NO_ERROR;
return ret ? STATUS_CONTINUE : STATUS_CONTINUE;
}
CMDRESULT cbHandleClose(int argc, char* argv[])
{
if(argc < 2)
{
dputs("Not enough arguments");
return STATUS_ERROR;
}
duint handle;
if(!valfromstring(argv[1], &handle, false))
return STATUS_ERROR;
HANDLE localHandle;
if(!DuplicateHandle(fdProcessInfo->hProcess, HANDLE(handle), GetCurrentProcess(), &localHandle, DUPLICATE_SAME_ACCESS, FALSE, DUPLICATE_CLOSE_SOURCE))
{
dprintf("DuplicateHandle failed (%08X)\n", GetLastError());
return STATUS_ERROR;
}
CloseHandle(localHandle);
dprintf("Handle %" fhex "X closed!\n", handle);
return STATUS_CONTINUE;
}

1
src/dbg/instruction.h
View File

@ -85,5 +85,6 @@ CMDRESULT cbInstrMnemonicbrief(int argc, char* argv[]);
CMDRESULT cbGetPrivilegeState(int argc, char* argv[]);
CMDRESULT cbEnablePrivilege(int argc, char* argv[]);
CMDRESULT cbDisablePrivilege(int argc, char* argv[]);
CMDRESULT cbHandleClose(int argc, char* argv[]);
#endif // _INSTRUCTION_H

132
src/dbg/tcpconnections.cpp Normal file
View File

@ -0,0 +1,132 @@
#define _NO_ADDRINFO
#include <WS2tcpip.h>
#undef _WIN32_WINNT
#undef WINVER
#undef _WIN32_IE
#include "tcpconnections.h"
#include "IPHlpApi.h"
static const char* TcpStateToString(DWORD State)
{
switch(State)
{
case MIB_TCP_STATE_CLOSED:
return "CLOSED";
case MIB_TCP_STATE_LISTEN:
return "LISTEN";
case MIB_TCP_STATE_SYN_SENT:
return "SYN-SENT";
case MIB_TCP_STATE_SYN_RCVD:
return "SYN-RECEIVED";
case MIB_TCP_STATE_ESTAB:
return "ESTABLISHED";
case MIB_TCP_STATE_FIN_WAIT1:
return "FIN-WAIT-1";
case MIB_TCP_STATE_FIN_WAIT2:
return "FIN-WAIT-2";
case MIB_TCP_STATE_CLOSE_WAIT:
return "CLOSE-WAIT";
case MIB_TCP_STATE_CLOSING:
return "CLOSING";
case MIB_TCP_STATE_LAST_ACK:
return "LAST-ACK";
case MIB_TCP_STATE_TIME_WAIT:
return "TIME-WAIT";
case MIB_TCP_STATE_DELETE_TCB:
return "DELETE-TCB";
default:
return "UNKNOWN";
}
}
typedef ULONG(WINAPI* GETTCPTABLE2)(PMIB_TCPTABLE2 TcpTable, PULONG SizePointer, BOOL Order);
typedef ULONG(WINAPI* GETTCP6TABLE2)(PMIB_TCP6TABLE2 TcpTable, PULONG SizePointer, BOOL Order);
typedef PCTSTR(WSAAPI* INETNTOPW)(INT Family, PVOID pAddr, wchar_t* pStringBuf, size_t StringBufSize);
bool TcpEnumConnections(duint pid, std::vector<TCPCONNECTIONINFO> & connections)
{
// The following code is modified from code sample at MSDN.GetTcpTable2
static auto hIpHlp = LoadLibraryW(L"iphlpapi.dll");
if(!hIpHlp)
return false;
// To ensure WindowsXP compatibility we won't link them statically
static auto GetTcpTable2 = GETTCPTABLE2(GetProcAddress(hIpHlp, "GetTcpTable2"));
static auto GetTcp6Table2 = GETTCP6TABLE2(GetProcAddress(hIpHlp, "GetTcp6Table2"));
static auto InetNtopW = INETNTOPW(GetProcAddress(GetModuleHandleW(L"ws2_32.dll"), "InetNtopW"));
if(!InetNtopW)
return false;
TCPCONNECTIONINFO info;
wchar_t AddrBuffer[TCP_ADDR_SIZE] = L"";
if(GetTcpTable2)
{
ULONG ulSize = 0;
// Make an initial call to GetTcpTable2 to get the necessary size into the ulSize variable
if(GetTcpTable2(nullptr, &ulSize, TRUE) == ERROR_INSUFFICIENT_BUFFER)
{
Memory<MIB_TCPTABLE2*> pTcpTable(ulSize);
// Make a second call to GetTcpTable2 to get the actual data we require
if(GetTcpTable2(pTcpTable(), &ulSize, TRUE) == NO_ERROR)
{
for(auto i = 0; i < int(pTcpTable()->dwNumEntries); i++)
{
auto & entry = pTcpTable()->table[i];
if(entry.dwOwningPid != pid)
continue;
info.State = entry.dwState;
strcpy_s(info.StateText, TcpStateToString(info.State));
struct in_addr IpAddr;
IpAddr.S_un.S_addr = u_long(entry.dwLocalAddr);
InetNtopW(AF_INET, &IpAddr, AddrBuffer, TCP_ADDR_SIZE);
strcpy_s(info.LocalAddress, StringUtils::Utf16ToUtf8(AddrBuffer).c_str());
info.LocalPort = ntohs(u_short(entry.dwLocalPort));
IpAddr.S_un.S_addr = u_long(entry.dwRemoteAddr);
InetNtopW(AF_INET, &IpAddr, AddrBuffer, TCP_ADDR_SIZE);
strcpy_s(info.RemoteAddress, StringUtils::Utf16ToUtf8(AddrBuffer).c_str());
info.RemotePort = ntohs(u_short(entry.dwRemotePort));
connections.push_back(info);
}
}
}
}
if(GetTcp6Table2)
{
ULONG ulSize = 0;
// Make an initial call to GetTcp6Table2 to get the necessary size into the ulSize variable
if(GetTcp6Table2(nullptr, &ulSize, TRUE) == ERROR_INSUFFICIENT_BUFFER)
{
Memory<MIB_TCP6TABLE2*> pTcp6Table(ulSize);
// Make a second call to GetTcpTable2 to get the actual data we require
if(GetTcp6Table2(pTcp6Table(), &ulSize, TRUE) == NO_ERROR)
{
for(auto i = 0; i < int(pTcp6Table()->dwNumEntries); i++)
{
auto & entry = pTcp6Table()->table[i];
if(entry.dwOwningPid != pid)
continue;
info.State = entry.State;
strcpy_s(info.StateText, TcpStateToString(info.State));
InetNtopW(AF_INET6, &entry.LocalAddr, AddrBuffer, TCP_ADDR_SIZE);
sprintf_s(info.LocalAddress, "[%s]", StringUtils::Utf16ToUtf8(AddrBuffer));
info.LocalPort = ntohs(u_short(entry.dwLocalPort));
InetNtopW(AF_INET6, &entry.RemoteAddr, AddrBuffer, TCP_ADDR_SIZE);
sprintf_s(info.RemoteAddress, "[%s]", StringUtils::Utf16ToUtf8(AddrBuffer));
info.RemotePort = ntohs(u_short(entry.dwRemotePort));
connections.push_back(info);
}
}
}
}
return true;
}

6
src/dbg/tcpconnections.h Normal file
View File

@ -0,0 +1,6 @@
#pragma once
#include "_global.h"
#include "_dbgfunctions.h"
bool TcpEnumConnections(duint pid, std::vector<TCPCONNECTIONINFO> & connections);

1
src/dbg/x64_dbg.cpp
View File

@ -271,6 +271,7 @@ static void registercommands()
dbgcmdnew("GetPrivilegeState", cbGetPrivilegeState, true); //get priv state
dbgcmdnew("EnablePrivilege", cbEnablePrivilege, true); //enable priv
dbgcmdnew("DisablePrivilege", cbDisablePrivilege, true); //disable priv
dbgcmdnew("handleclose", cbHandleClose, true); //close remote handle
}
static bool cbCommandProvider(char* cmd, int maxlen)

13
src/dbg/x64_dbg_dbg.vcxproj
View File

@ -39,7 +39,7 @@
<ClCompile Include="debugger_commands.cpp" />
<ClCompile Include="disasm_fast.cpp" />
<ClCompile Include="disasm_helper.cpp" />
<ClCompile Include="enumhandles.cpp" />
<ClCompile Include="handles.cpp" />
<ClCompile Include="error.cpp" />
<ClCompile Include="exception.cpp" />
<ClCompile Include="exceptiondirectoryanalysis.cpp" />
@ -69,6 +69,7 @@
<ClCompile Include="stringformat.cpp" />
<ClCompile Include="stringutils.cpp" />
<ClCompile Include="symbolinfo.cpp" />
<ClCompile Include="tcpconnections.cpp" />
<ClCompile Include="thread.cpp" />
<ClCompile Include="threading.cpp" />
<ClCompile Include="TraceRecord.cpp" />
@ -120,6 +121,7 @@
<ClInclude Include="disasm_fast.h" />
<ClInclude Include="disasm_helper.h" />
<ClInclude Include="dynamicmem.h" />
<ClInclude Include="handles.h" />
<ClInclude Include="error.h" />
<ClInclude Include="exception.h" />
<ClInclude Include="exceptiondirectoryanalysis.h" />
@ -150,6 +152,7 @@
<ClInclude Include="patternfind.h" />
<ClInclude Include="plugin_loader.h" />
<ClInclude Include="reference.h" />
<ClInclude Include="tcpconnections.h" />
<ClInclude Include="TraceRecord.h" />
<ClInclude Include="yara\yara\stream.h" />
<ClInclude Include="_scriptapi.h" />
@ -306,7 +309,7 @@
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>$(ProjectDir)..\capstone_wrapper\bin\x32\capstone_wrapper.lib;$(ProjectDir)..\capstone_wrapper\capstone\capstone_x86.lib;yara\yara_x86.lib;lz4\lz4_x86.lib;jansson\jansson_x86.lib;DeviceNameResolver\DeviceNameResolver_x86.lib;XEDParse\XEDParse_x86.lib;$(SolutionDir)bin\x32\x32bridge.lib;dbghelp\dbghelp_x86.lib;TitanEngine\TitanEngine_x86.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>$(ProjectDir)..\capstone_wrapper\bin\x32\capstone_wrapper.lib;$(ProjectDir)..\capstone_wrapper\capstone\capstone_x86.lib;yara\yara_x86.lib;lz4\lz4_x86.lib;jansson\jansson_x86.lib;DeviceNameResolver\DeviceNameResolver_x86.lib;XEDParse\XEDParse_x86.lib;$(SolutionDir)bin\x32\x32bridge.lib;dbghelp\dbghelp_x86.lib;TitanEngine\TitanEngine_x86.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
@ -327,7 +330,7 @@
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>false</EnableCOMDATFolding>
<OptimizeReferences>false</OptimizeReferences>
<AdditionalDependencies>$(ProjectDir)..\capstone_wrapper\bin\x32\capstone_wrapper.lib;$(ProjectDir)..\capstone_wrapper\capstone\capstone_x86.lib;yara\yara_x86.lib;lz4\lz4_x86.lib;jansson\jansson_x86.lib;DeviceNameResolver\DeviceNameResolver_x86.lib;XEDParse\XEDParse_x86.lib;$(SolutionDir)bin\x32\x32bridge.lib;dbghelp\dbghelp_x86.lib;TitanEngine\TitanEngine_x86.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>$(ProjectDir)..\capstone_wrapper\bin\x32\capstone_wrapper.lib;$(ProjectDir)..\capstone_wrapper\capstone\capstone_x86.lib;yara\yara_x86.lib;lz4\lz4_x86.lib;jansson\jansson_x86.lib;DeviceNameResolver\DeviceNameResolver_x86.lib;XEDParse\XEDParse_x86.lib;$(SolutionDir)bin\x32\x32bridge.lib;dbghelp\dbghelp_x86.lib;TitanEngine\TitanEngine_x86.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@ -354,7 +357,7 @@
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>$(ProjectDir)..\capstone_wrapper\bin\x64\capstone_wrapper.lib;$(ProjectDir)..\capstone_wrapper\capstone\capstone_x64.lib;yara\yara_x64.lib;lz4\lz4_x64.lib;jansson\jansson_x64.lib;DeviceNameResolver\DeviceNameResolver_x64.lib;XEDParse\XEDParse_x64.lib;$(SolutionDir)bin\x64\x64bridge.lib;dbghelp\dbghelp_x64.lib;TitanEngine\TitanEngine_x64.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>$(ProjectDir)..\capstone_wrapper\bin\x64\capstone_wrapper.lib;$(ProjectDir)..\capstone_wrapper\capstone\capstone_x64.lib;yara\yara_x64.lib;lz4\lz4_x64.lib;jansson\jansson_x64.lib;DeviceNameResolver\DeviceNameResolver_x64.lib;XEDParse\XEDParse_x64.lib;$(SolutionDir)bin\x64\x64bridge.lib;dbghelp\dbghelp_x64.lib;TitanEngine\TitanEngine_x64.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@ -378,7 +381,7 @@
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>false</EnableCOMDATFolding>
<OptimizeReferences>false</OptimizeReferences>
<AdditionalDependencies>$(ProjectDir)..\capstone_wrapper\bin\x64\capstone_wrapper.lib;$(ProjectDir)..\capstone_wrapper\capstone\capstone_x64.lib;yara\yara_x64.lib;lz4\lz4_x64.lib;jansson\jansson_x64.lib;DeviceNameResolver\DeviceNameResolver_x64.lib;XEDParse\XEDParse_x64.lib;$(SolutionDir)bin\x64\x64bridge.lib;dbghelp\dbghelp_x64.lib;TitanEngine\TitanEngine_x64.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>$(ProjectDir)..\capstone_wrapper\bin\x64\capstone_wrapper.lib;$(ProjectDir)..\capstone_wrapper\capstone\capstone_x64.lib;yara\yara_x64.lib;lz4\lz4_x64.lib;jansson\jansson_x64.lib;DeviceNameResolver\DeviceNameResolver_x64.lib;XEDParse\XEDParse_x64.lib;$(SolutionDir)bin\x64\x64bridge.lib;dbghelp\dbghelp_x64.lib;TitanEngine\TitanEngine_x64.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />

11
src/dbg/x64_dbg_dbg.vcxproj.filters
View File

@ -302,7 +302,10 @@
<ClCompile Include="mnemonichelp.cpp">
<Filter>Source Files\Information</Filter>
</ClCompile>
<ClCompile Include="enumhandles.cpp">
<ClCompile Include="handles.cpp">
<Filter>Source Files\Information</Filter>
</ClCompile>
<ClCompile Include="tcpconnections.cpp">
<Filter>Source Files\Information</Filter>
</ClCompile>
</ItemGroup>
@ -667,5 +670,11 @@
<ClInclude Include="TraceRecord.h">
<Filter>Header Files\Information</Filter>
</ClInclude>
<ClInclude Include="handles.h">
<Filter>Header Files\Information</Filter>
</ClInclude>
<ClInclude Include="tcpconnections.h">
<Filter>Header Files\Information</Filter>
</ClInclude>
</ItemGroup>
</Project>

138
src/gui/Src/Gui/HandlesView.cpp
View File

@ -1,10 +1,6 @@
#include <WS2tcpip.h>
#define _NO_ADDRINFO
#include "HandlesView.h"
#include "Bridge.h"
#include "IPHlpApi.h"
#include "VersionHelpers.h"
#pragma comment(lib, "ws2_32.lib")
HandlesView::HandlesView(QWidget* parent) : QWidget(parent)
{
@ -60,11 +56,8 @@ HandlesView::HandlesView(QWidget* parent) : QWidget(parent)
connect(mTcpConnectionsTable, SIGNAL(contextMenuSignal(const QPoint &)), this, SLOT(tcpConnectionsTableContextMenuSlot(const QPoint &)));
connect(mPrivilegesTable, SIGNAL(contextMenuSignal(const QPoint &)), this, SLOT(privilegesTableContextMenuSlot(const QPoint &)));
if(IsWindowsVistaOrGreater())
hIpHlp = LoadLibraryW(L"iphlpapi.dll");
else
if(!IsWindowsVistaOrGreater())
{
hIpHlp = 0;
mTcpConnectionsTable->setRowCount(1);
mTcpConnectionsTable->setCellContent(0, 0, tr("TCP Connection enumeration is only available on Windows Vista or greater."));
mTcpConnectionsTable->reloadData();
@ -72,12 +65,6 @@ HandlesView::HandlesView(QWidget* parent) : QWidget(parent)
reloadData();
}
HandlesView::~HandlesView()
{
if(hIpHlp)
FreeLibrary(hIpHlp);
}
void HandlesView::reloadData()
{
if(DbgIsDebugging())
@ -153,17 +140,7 @@ void HandlesView::privilegesTableContextMenuSlot(const QPoint & pos)
void HandlesView::closeHandleSlot()
{
duint remotehandle;
if(!DbgIsDebugging())
return;
if(DbgFunctions()->ValFromString(mHandlesTable->getCellContent(mHandlesTable->getInitialSelection(), 2).toUtf8().constData(), &remotehandle))
{
HANDLE localHandle = nullptr;
DuplicateHandle(DbgGetProcessInformation()->hProcess, (HANDLE)remotehandle, GetCurrentProcess(), &localHandle, DUPLICATE_SAME_ACCESS, FALSE, DUPLICATE_CLOSE_SOURCE);
if(localHandle)
CloseHandle(localHandle);
}
enumHandles();
DbgCmdExec(QString("handleclose %1").arg(mHandlesTable->getCellContent(mHandlesTable->getInitialSelection(), 2)).toUtf8().constData());
}
void HandlesView::enablePrivilegeSlot()
@ -196,39 +173,26 @@ void HandlesView::disableAllPrivilegesSlot()
void HandlesView::enumHandles()
{
long handleCount = DbgGetHandleCount();
if(handleCount > 0)
BridgeList<HANDLEINFO> handles;
if(DbgFunctions()->EnumHandles(&handles))
{
duint* allHandles = new duint[handleCount + 16];
unsigned char* typeNumbers = new unsigned char[handleCount + 16];
unsigned int* grantedAccess = new unsigned int[handleCount + 16];
memset(allHandles, 0, sizeof(duint) * (handleCount + 16));
memset(typeNumbers, 0, handleCount + 16);
memset(grantedAccess, 0, sizeof(unsigned int) * (handleCount + 16));
duint ret1 = DbgEnumHandles(allHandles, typeNumbers, grantedAccess, handleCount + 16);
mHandlesTable->setRowCount(ret1);
for(unsigned int i = 0; i < ret1; i++)
auto count = handles.Count();
mHandlesTable->setRowCount(count);
for(auto i = 0; i < count; i++)
{
char name[512];
char typeStr[512];
memset(name, 0, sizeof(name));
memset(typeStr, 0, sizeof(typeStr));
DbgGetHandleName(name, typeStr, sizeof(name), allHandles[i]);
mHandlesTable->setCellContent(i, 0, typeStr);
mHandlesTable->setCellContent(i, 1, ToHexString(typeNumbers[i]));
mHandlesTable->setCellContent(i, 2, ToHexString(allHandles[i]));
mHandlesTable->setCellContent(i, 3, ToHexString(grantedAccess[i]));
const HANDLEINFO & handle = handles[i];
char name[MAX_STRING_SIZE] = "";
char typeName[MAX_STRING_SIZE] = "";
DbgFunctions()->GetHandleName(handle.Handle, name, sizeof(name), typeName, sizeof(typeName));
mHandlesTable->setCellContent(i, 0, typeName);
mHandlesTable->setCellContent(i, 1, ToHexString(handle.TypeNumber));
mHandlesTable->setCellContent(i, 2, ToHexString(handle.Handle));
mHandlesTable->setCellContent(i, 3, ToHexString(handle.GrantedAccess));
mHandlesTable->setCellContent(i, 4, name);
}
delete allHandles;
delete typeNumbers;
delete grantedAccess;
}
else
{
mHandlesTable->setRowCount(1);
mHandlesTable->setCellContent(0, 0, QString("error:%1").arg(handleCount));
}
mHandlesTable->setRowCount(0);
mHandlesTable->reloadData();
}
@ -294,12 +258,29 @@ void HandlesView::AppendPrivilege(int row, const char* PrivilegeString)
void HandlesView::enumTcpConnections()
{
if(!hIpHlp)
return;
BridgeList<TCPCONNECTIONINFO> connections;
if(DbgFunctions()->EnumTcpConnections(&connections))
{
auto count = connections.Count();
mTcpConnectionsTable->setRowCount(count);
for(auto i = 0; i < count; i++)
{
const TCPCONNECTIONINFO & connection = connections[i];
auto remoteText = QString("%1:%2").arg(connection.RemoteAddress).arg(connection.RemotePort);
mTcpConnectionsTable->setCellContent(i, 0, remoteText);
auto localText = QString("%1:%2").arg(connection.LocalAddress).arg(connection.LocalPort);
mTcpConnectionsTable->setCellContent(i, 1, localText);
mTcpConnectionsTable->setCellContent(i, 2, connection.StateText);
}
}
else
mTcpConnectionsTable->setRowCount(0);
mTcpConnectionsTable->reloadData();
/*
QList<QString> TCPLocal;
QList<QString> TCPRemote;
QList<QString> TCPState;
DWORD PID = DbgGetProcessInformation()->dwProcessId;
DWORD PID = 0;// DbgGetProcessInformation()->dwProcessId;
// The following code is modified from code sample at MSDN.GetTcpTable2
// Declare and initialize variables
PMIB_TCPTABLE2 pTcpTable;
@ -387,50 +368,5 @@ void HandlesView::enumTcpConnections()
mTcpConnectionsTable->setCellContent(i, 2, TCPState.at(i));
}
mTcpConnectionsTable->reloadData();
}
QString HandlesView::TcpStateToString(DWORD State)
{
switch(State)
{
case MIB_TCP_STATE_CLOSED:
return "CLOSED";
break;
case MIB_TCP_STATE_LISTEN:
return "LISTEN";
break;
case MIB_TCP_STATE_SYN_SENT:
return "SYN-SENT";
break;
case MIB_TCP_STATE_SYN_RCVD:
return "SYN-RECEIVED";
break;
case MIB_TCP_STATE_ESTAB:
return "ESTABLISHED";
break;
case MIB_TCP_STATE_FIN_WAIT1:
return "FIN-WAIT-1";
break;
case MIB_TCP_STATE_FIN_WAIT2:
return "FIN-WAIT-2";
break;
case MIB_TCP_STATE_CLOSE_WAIT:
return "CLOSE-WAIT";
break;
case MIB_TCP_STATE_CLOSING:
return "CLOSING";
break;
case MIB_TCP_STATE_LAST_ACK:
return "LAST-ACK";
break;
case MIB_TCP_STATE_TIME_WAIT:
return "TIME-WAIT";
break;
case MIB_TCP_STATE_DELETE_TCB:
return "DELETE-TCB";
break;
default:
return QString("UNKNOWN dwState value %1").arg(State);
break;
}
*/
}

4
src/gui/Src/Gui/HandlesView.h
View File

@ -1,5 +1,6 @@
#ifndef HANDLESVIEW_H
#define HANDLESVIEW_H
#include "StdTable.h"
#include <QVBoxLayout>
#include <QSplitter>
@ -9,7 +10,6 @@ class HandlesView : public QWidget
Q_OBJECT
public:
explicit HandlesView(QWidget* parent = nullptr);
~HandlesView();
public slots:
void reloadData();
@ -43,8 +43,6 @@ private:
void enumPrivileges();
void AppendPrivilege(int row, const char* PrivilegeString);
QString TcpStateToString(DWORD State);
HMODULE hIpHlp;
};
#endif // HANDLESVIEW_H

1
src/gui/Src/Gui/MainWindow.cpp
View File

@ -160,6 +160,7 @@ MainWindow::MainWindow(QWidget* parent)
// Handles view
mHandlesView = new HandlesView(this);
mHandlesView->setWindowTitle(tr("Handles"));
mHandlesView->setWindowIcon(QIcon(":/icons/images/handles.png"));
mHandlesView->hide();
// Create the tab widget

BIN
src/gui/images/handles.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 630 B

1
src/gui/resource.qrc
View File

@ -94,5 +94,6 @@
<file>images/fileoffset.png</file>
<file>images/helpbrief.png</file>
<file>images/helpmnemonic.png</file>
<file>images/handles.png</file>
</qresource>
</RCC>