x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 2 Activity

BRIDGE+DBG: added apis to access TEB/PEB

This commit is contained in:
mrexodia 2017-01-03 23:36:57 +01:00
parent 53f300b32a
commit b8cf80a32f
No known key found for this signature in database
GPG Key ID: FC89E0AAA0C1AAD8
3 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/bridge/bridgemain.cpp
View File

@ -1016,6 +1016,16 @@ BRIDGE_IMPEXP DWORD DbgGetThreadId()
return (DWORD)_dbg_sendmessage(DBG_GET_THREAD_ID, nullptr, nullptr); return (DWORD)_dbg_sendmessage(DBG_GET_THREAD_ID, nullptr, nullptr);
} }
BRIDGE_IMPEXP duint DbgGetPebAddress(DWORD ProcessId)
{
return (duint)_dbg_sendmessage(DBG_GET_PEB_ADDRESS, (void*)ProcessId, nullptr);
}
BRIDGE_IMPEXP duint DbgGetTebAddress(DWORD ThreadId)
{
return (duint)_dbg_sendmessage(DBG_GET_TEB_ADDRESS, (void*)ThreadId, nullptr);
}
BRIDGE_IMPEXP const char* GuiTranslateText(const char* Source) BRIDGE_IMPEXP const char* GuiTranslateText(const char* Source)
{ {
EnterCriticalSection(&csTranslate); EnterCriticalSection(&csTranslate);

4
src/bridge/bridgemain.h
View File

@ -236,6 +236,8 @@ typedef enum
DBG_GET_THREAD_HANDLE, // param1=unused, param2=unused DBG_GET_THREAD_HANDLE, // param1=unused, param2=unused
DBG_GET_PROCESS_ID, // param1=unused, param2=unused DBG_GET_PROCESS_ID, // param1=unused, param2=unused
DBG_GET_THREAD_ID, // param1=unused, param2=unused DBG_GET_THREAD_ID, // param1=unused, param2=unused
DBG_GET_PEB_ADDRESS, // param1=DWORD ProcessId, param2=unused
DBG_GET_TEB_ADDRESS, // param1=DWORD ThreadId, param2=unused
} DBGMSG; } DBGMSG;
typedef enum typedef enum
@ -871,6 +873,8 @@ BRIDGE_IMPEXP HANDLE DbgGetProcessHandle();
BRIDGE_IMPEXP HANDLE DbgGetThreadHandle(); BRIDGE_IMPEXP HANDLE DbgGetThreadHandle();
BRIDGE_IMPEXP DWORD DbgGetProcessId(); BRIDGE_IMPEXP DWORD DbgGetProcessId();
BRIDGE_IMPEXP DWORD DbgGetThreadId(); BRIDGE_IMPEXP DWORD DbgGetThreadId();
BRIDGE_IMPEXP duint DbgGetPebAddress(DWORD ProcessId);
BRIDGE_IMPEXP duint DbgGetTebAddress(DWORD ThreadId);
//Gui defines //Gui defines
#define GUI_PLUGIN_MENU 0 #define GUI_PLUGIN_MENU 0

32
src/dbg/_exports.cpp
View File

@ -1349,6 +1349,38 @@ extern "C" DLL_EXPORT duint _dbg_sendmessage(DBGMSG type, void* param1, void* pa
} }
break; break;
case DBG_GET_PEB_ADDRESS:
{
auto ProcessId = DWORD(param1);
if(ProcessId == fdProcessInfo->dwProcessId)
return (duint)GetPEBLocation(fdProcessInfo->hProcess);
auto hProcess = TitanOpenProcess(PROCESS_QUERY_INFORMATION, false, ProcessId);
duint pebAddress = 0;
if(hProcess)
{
pebAddress = (duint)GetPEBLocation(hProcess);
CloseHandle(hProcess);
}
return pebAddress;
}
break;
case DBG_GET_TEB_ADDRESS:
{
auto ThreadId = DWORD(param1);
auto tebAddress = ThreadGetLocalBase(ThreadId);
if(tebAddress)
return tebAddress;
HANDLE hThread = OpenThread(THREAD_QUERY_INFORMATION, FALSE, ThreadId);
if(hThread)
{
tebAddress = (duint)GetTEBLocation(hThread);
CloseHandle(hThread);
}
return tebAddress;
}
break;
} }
return 0; return 0;
} }