BRIDGE+DBG: added apis to access TEB/PEB

2017-01-03 23:36:57 +01:00 · 2017-01-03 23:36:57 +01:00 · b8cf80a32f
parent 53f300b32a
commit b8cf80a32f
3 changed files with 46 additions and 0 deletions
--- a/src/bridge/bridgemain.cpp
+++ b/src/bridge/bridgemain.cpp
@ -1016,6 +1016,16 @@ BRIDGE_IMPEXP DWORD DbgGetThreadId()
    return (DWORD)_dbg_sendmessage(DBG_GET_THREAD_ID, nullptr, nullptr);
 }

+BRIDGE_IMPEXP duint DbgGetPebAddress(DWORD ProcessId)
+{
+    return (duint)_dbg_sendmessage(DBG_GET_PEB_ADDRESS, (void*)ProcessId, nullptr);
+}
+
+BRIDGE_IMPEXP duint DbgGetTebAddress(DWORD ThreadId)
+{
+    return (duint)_dbg_sendmessage(DBG_GET_TEB_ADDRESS, (void*)ThreadId, nullptr);
+}
+
 BRIDGE_IMPEXP const char* GuiTranslateText(const char* Source)
 {
    EnterCriticalSection(&csTranslate);
--- a/src/bridge/bridgemain.h
+++ b/src/bridge/bridgemain.h
@ -236,6 +236,8 @@ typedef enum
    DBG_GET_THREAD_HANDLE,          // param1=unused,                    param2=unused
    DBG_GET_PROCESS_ID,             // param1=unused,                    param2=unused
    DBG_GET_THREAD_ID,              // param1=unused,                    param2=unused
+    DBG_GET_PEB_ADDRESS,            // param1=DWORD ProcessId,           param2=unused
+    DBG_GET_TEB_ADDRESS,            // param1=DWORD ThreadId,            param2=unused
 } DBGMSG;

 typedef enum
@ -871,6 +873,8 @@ BRIDGE_IMPEXP HANDLE DbgGetProcessHandle();
 BRIDGE_IMPEXP HANDLE DbgGetThreadHandle();
 BRIDGE_IMPEXP DWORD DbgGetProcessId();
 BRIDGE_IMPEXP DWORD DbgGetThreadId();
+BRIDGE_IMPEXP duint DbgGetPebAddress(DWORD ProcessId);
+BRIDGE_IMPEXP duint DbgGetTebAddress(DWORD ThreadId);

 //Gui defines
 #define GUI_PLUGIN_MENU 0
--- a/src/dbg/_exports.cpp
+++ b/src/dbg/_exports.cpp
@ -1349,6 +1349,38 @@ extern "C" DLL_EXPORT duint _dbg_sendmessage(DBGMSG type, void* param1, void* pa
    }
    break;

+    case DBG_GET_PEB_ADDRESS:
+    {
+        auto ProcessId = DWORD(param1);
+        if(ProcessId == fdProcessInfo->dwProcessId)
+            return (duint)GetPEBLocation(fdProcessInfo->hProcess);
+        auto hProcess = TitanOpenProcess(PROCESS_QUERY_INFORMATION, false, ProcessId);
+        duint pebAddress = 0;
+        if(hProcess)
+        {
+            pebAddress = (duint)GetPEBLocation(hProcess);
+            CloseHandle(hProcess);
+        }
+        return pebAddress;
+    }
+    break;
+
+    case DBG_GET_TEB_ADDRESS:
+    {
+        auto ThreadId = DWORD(param1);
+        auto tebAddress = ThreadGetLocalBase(ThreadId);
+        if(tebAddress)
+            return tebAddress;
+        HANDLE hThread = OpenThread(THREAD_QUERY_INFORMATION, FALSE, ThreadId);
+        if(hThread)
+        {
+            tebAddress = (duint)GetTEBLocation(hThread);
+            CloseHandle(hThread);
+        }
+        return tebAddress;
+    }
+    break;
+
    }
    return 0;
 }