public int Breakpoint(IDebugBreakpoint2 Bp)
            {
                BreakpointHit = true;
                StateChanged  = true;

                if (Bp == pickUpWeaponBreakpoint)
                {
                    IDebugRegisters2Fixed registers = _control as IDebugRegisters2Fixed;
                    CheckHr(registers.GetIndexByName("edx", out uint edxIndex));
                    DEBUG_VALUE edxValue;
                    CheckHr(registers.GetValue(edxIndex, out edxValue));
                    edxValue.I32 = 17;
                    try {
                        CheckHr(registers.SetValue(edxIndex, ref edxValue));
                    } catch (Exception e) {
                        Console.WriteLine(e);
                        throw;
                    }


                    edxValue = new DEBUG_VALUE();
                    CheckHr(registers.GetValue(edxIndex, out edxValue));
                    edxValue.I32 = 17;
                    CheckHr(registers.SetValue(edxIndex, edxValue));

                    return((int)DEBUG_STATUS.GO);
                }

                //return (int) DEBUG_STATUS.NO_CHANGE;
                return((int)DEBUG_STATUS.BREAK);
            }
Beispiel #2
0
        private IDebugBreakpoint2 SetBreakpoint(UInt64 address, DEBUG_BREAKPOINT_TYPE breakpointType, DEBUG_BREAKPOINT_ACCESS_TYPE access, UInt32 size)
        {
            const UInt32 AnyId = UInt32.MaxValue;

            IDebugBreakpoint2 breakpoint = null;

            this.BeginInterrupt();

            Task.Factory.StartNew(() =>
            {
                try
                {
                    this.CheckHandleResult(this.Control.AddBreakpoint2(breakpointType, AnyId, out breakpoint));

                    breakpoint.SetOffset(address);
                    breakpoint.SetFlags(DEBUG_BREAKPOINT_FLAG.ENABLED);
                    breakpoint.SetDataParameters(size, access);

                    this.Control.SetExecutionStatus(DEBUG_STATUS.GO);
                }
                catch (Exception ex)
                {
                    Logger.Log(LogLevel.Error, "Error setting breakpoint", ex);
                }
            }, CancellationToken.None, TaskCreationOptions.DenyChildAttach, this.Scheduler.ExclusiveScheduler).Wait();

            this.EndInterrupt();

            return(breakpoint);
        }
 private void CreatePickUpWeaponBreakpoint(byte[] progModuleMemory)
 {
     _pickUpWeaponBreakpoint = CreateBreakpointForPattern(
         progModuleMemory,
         "55 8B EC 83 E4 F8 80 3D A9 0F ?? ?? 00 56 57 8B F2 8B F9 75 23 80 3D 9A 0E ?? ?? 00 75 1A 56 E8 9C 94 F9 FF 83 FE 0F 75 0F 83 F8 32 7C 0A B9 D4",
         "PickUpWeapon"
         );
 }
 private void CreatePickUpPerkBreakpoint(byte[] progModuleMemory)
 {
     _pickUpPerkBreakpoint = CreateBreakpointForPattern(
         progModuleMemory,
         "55 8B EC 83 E4 F8 83 EC 0C 53 8B D9 8B 0D 1C F6 ?? ?? 56 57 89 5C 24 14 E8 03 A1 03 00 FF 04 9D 88 9B ?? ?? 3B 1D 0C BA ?? ?? A1 04 0F ?? ?? 0F",
         "PickUpPerk"
         );
 }
Beispiel #5
0
        public Int32 Breakpoint([In, MarshalAs(UnmanagedType.Interface)] IDebugBreakpoint2 bp)
        {
            // Output.Output.Log(Output.LogLevel.Debug, "Breakpoint Hit");
            this.Control.SetExecutionStatus(DEBUG_STATUS.GO_HANDLED);

            CodeTraceInfo codeTraceInfo = new CodeTraceInfo();

            String[] registers;
            Boolean  isProcess32Bit = Processes.Default.IsOpenedProcess32Bit();

            if (isProcess32Bit)
            {
                registers = this.Registers32;
            }
            else
            {
                registers = this.Registers64;
            }

            // Prepare register indicies for DbgEng register value call call
            UInt32[] registerIndicies = new UInt32[registers.Length];

            for (Int32 index = 0; index < registers.Length; index++)
            {
                this.Registers.GetIndexByName(registers[index], out registerIndicies[index]);
            }

            // Get register values
            DEBUG_VALUE[] values = new DEBUG_VALUE[registers.Length];
            this.Registers.GetValues((UInt32)registers.Length, registerIndicies, 0, values);

            // Copy to code trace info
            for (Int32 index = 0; index < registers.Length; index++)
            {
                codeTraceInfo.IntRegisters.Add(registers[index], values[index].I64);
            }

            // Get the current instruction address
            UInt64 address;

            this.Registers.GetInstructionOffset(out address);

            // TEMP: Correct the traced address
            // TODO: Remove this once we figure out how to trigger breakpoint callbacks BEFORE EIP is updated
            address = this.CorrectAddress(address);

            // Disassemble instruction
            Byte[] bytes = Memory.Reader.Default.ReadBytes(address, 15, out _);
            codeTraceInfo.Instruction = Engine.Architecture.Disassembler.Default.Disassemble(bytes, isProcess32Bit, address).FirstOrDefault();

            // Invoke callbacks
            this.ReadCallback?.Invoke(codeTraceInfo);
            this.WriteCallback?.Invoke(codeTraceInfo);
            this.AccessCallback?.Invoke(codeTraceInfo);

            // Output.Output.Log(Output.LogLevel.Debug, "Breakpoint Hit: " + codeTraceInfo.Address);
            return((Int32)DEBUG_STATUS.BREAK);
        }
 private void CreateSpawnCreatureBreakpoint(byte[] progModuleMemory)
 {
     _spawnCreatureBreakpoint = CreateBreakpointForPattern(
         progModuleMemory,
         //"55 8B EC 83 EC 4C 53 8B D9 8B 0D 1C F6 59 0F 56 57 8B FA 89 5D F8 E8 15 39 03 00 A1 58 BA 4D 0F F3 0F 10 05 10 74 4C 0F F3 0F 11 45 FC 83 3C 85",
         "55 8B EC 83 E4 F8 83 EC 08 56 57 FF 75 ?? ?? 28 C2 8B F1 FF 75 ?? ?? 28 C8 ?? ?? 11 44 24 14 E8 5C F0 FF FF 83 C4 08 84 ?? ?? 85 AF 00 00 00 8B",
         "SpawnCreature"
         );
 }
 private void CreatePickUpBonusBreakpoint(byte[] progModuleMemory)
 {
     _pickUpBonusBreakpoint = CreateBreakpointForPattern(
         progModuleMemory,
         //"55 8B EC 83 EC 4C 53 8B D9 8B 0D 1C F6 59 0F 56 57 8B FA 89 5D F8 E8 15 39 03 00 A1 58 BA 4D 0F F3 0F 10 05 10 74 4C 0F F3 0F 11 45 FC 83 3C 85",
         "55 8B EC 83 EC 4C 53 8B D9 8B 0D 1C F6 ?? ?? 56 57 8B FA 89 5D F8 E8 15 39 03 00 A1 58 BA ?? ?? F3 0F 10 05 10 74 ?? ?? F3 0F 11 45 FC 83 3C 85",
         "PickUpBonus"
         );
 }
        int IDebugEventCallbacksWide.Breakpoint(IDebugBreakpoint2 Bp)
        {
            _breakpointHit = true;
            _stateChanged  = true;
            UpdateStatus();

            //Control.OutputCurrentState(DEBUG_OUTCTL.THIS_CLIENT, DEBUG_CURRENT.DEFAULT);

            return((int)DEBUG_STATUS.BREAK);
        }
Beispiel #9
0
 private string GetOffsetExpression(IDebugBreakpoint2 bp, uint expressionSize)
 {
     if (expressionSize != 0)
     {
         _builder.EnsureCapacity((int)expressionSize);
         var res = bp.GetOffsetExpressionWide(_builder, _builder.Capacity, out expressionSize);
         if (res != 0)
         {
             ErrorHelper.ThrowDebuggerException(res, "IDebugBreakpoint2.GetOffsetExpressionWide");
         }
     }
     return(_builder.ToString());
 }
Beispiel #10
0
 string GetCommand(IDebugBreakpoint2 bp, uint commandSize)
 {
     _builder.EnsureCapacity((int)commandSize);
     if (commandSize != 0)
     {
         uint size;
         var  res = bp.GetCommandWide(_builder, _builder.Capacity, out size);
         if (res != 0)
         {
             ErrorHelper.ThrowDebuggerException(res, "IDebugBreakpoint2.GetCommandWide");
         }
     }
     return(_builder.ToString());
 }
Beispiel #11
0
        public CancellationTokenSource FindWhatAccesses(UInt64 address, BreakpointSize size, MemoryAccessCallback callback)
        {
            this.Attach();

            this.accessCancellationToken?.Cancel();
            this.EventCallBacks.AccessCallback = callback;
            IDebugBreakpoint2 breakpoint = this.SetHardwareBreakpoint(address, DEBUG_BREAKPOINT_ACCESS_TYPE.READ | DEBUG_BREAKPOINT_ACCESS_TYPE.WRITE, size.ToUInt32());

            if (breakpoint == null)
            {
                return(null);
            }

            this.accessCancellationToken = this.CreateNewCancellationToken(this.OnAccessTraceCancel);
            this.BreakPoints.TryAdd(this.accessCancellationToken, breakpoint);

            return(this.accessCancellationToken);
        }
        /// <summary>
        /// Constructor for creating new breakpoints.
        /// </summary>
        /// <param name="breakpointSpec">Spec describing this breakpoint.</param>
        /// <param name="invalidateCache">Invalidate cache action.</param>
        /// <param name="dbgEngDll">DbgEngDll interface.</param>
        /// <remarks>
        /// This about adding some sort of factory pattern here.
        /// </remarks>
        public DbgEngBreakpoint(BreakpointSpec breakpointSpec, Action invalidateCache, DbgEngDll dbgEngDll)
        {
            this.breakpointAction = breakpointSpec.BreakpointAction;
            this.invalidateCache  = invalidateCache;

            unchecked
            {
                if (breakpointSpec.BreakpointType == BreakpointType.Code)
                {
                    breakpoint = dbgEngDll.Control.AddBreakpoint2((uint)Defines.DebugBreakpointCode, (uint)Defines.DebugAnyId);
                }
                else
                {
                    throw new NotImplementedException("Only supports Code breakpoints");
                }
            }

            breakpoint.SetOffset(breakpointSpec.BreakpointAddress);
            breakpoint.SetFlags((uint)Defines.DebugBreakpointEnabled);
            breakpointStatusEnabled = true;
        }
Beispiel #13
0
 public void Breakpoint(IDebugBreakpoint2 Bp)
 {
     Control.SetExecutionStatus((UInt32)DEBUG_STATUS.GO_HANDLED);
 }
		public virtual int Breakpoint(IDebugBreakpoint2 Bp)
		{
			return (int)DEBUG_STATUS.NO_CHANGE;
		}
        public override int Breakpoint(IDebugBreakpoint2 breakpoint)
        {
            if (breakpoint == _pickUpWeaponBreakpoint)
            {
                CheckHr(Registers.GetIndexByName("edx", out uint edxIndex));
                CheckHr(Registers.GetValue(edxIndex, out DEBUG_VALUE edxValue));

                Control.OutputWide(
                    DEBUG_OUTPUT.NORMAL,
                    "Picking up weapon " + (Weapon)edxValue.I32 + "\r\n"
                    );

                Weapon weapon = (Weapon)edxValue.I32;
                PickingUpWeapon?.Invoke(ref weapon);
                edxValue.I32 = (uint)weapon;
                CheckHr(Registers.SetValue(edxIndex, ref edxValue));

                return((int)DEBUG_STATUS.GO);
            }
            else if (breakpoint == _pickUpPerkBreakpoint)
            {
                CheckHr(Registers.GetIndexByName("ecx", out uint ecxIndex));
                CheckHr(Registers.GetValue(ecxIndex, out DEBUG_VALUE ecxValue));

                Control.OutputWide(
                    DEBUG_OUTPUT.NORMAL,
                    "Picking up perk " + (Perk)ecxValue.I32 + "\r\n"
                    );

                Perk perk = (Perk)ecxValue.I32;
                PickingUpPerk?.Invoke(ref perk);
                ecxValue.I32 = (uint)perk;
                CheckHr(Registers.SetValue(ecxIndex, ref ecxValue));

                return((int)DEBUG_STATUS.GO);
            }
            else if (breakpoint == _pickUpBonusBreakpoint)
            {
                CheckHr(Registers.GetIndexByName("edx", out uint edxIndex));
                CheckHr(Registers.GetValue(edxIndex, out DEBUG_VALUE edxValue));

                byte[] bonusIdBytes = new byte[4];
                CheckHr(DataSpaces.ReadVirtualUncached(edxValue.I64, bonusIdBytes, (uint)bonusIdBytes.Length, out uint bytesRead));
                Bonus bonus = (Bonus)BitConverter.ToInt32(bonusIdBytes, 0);

                Control.OutputWide(
                    DEBUG_OUTPUT.NORMAL,
                    "Picking up bonus " + (Bonus)bonus + "\r\n"
                    );

                if (bonus != Bonus.Weapon)
                {
                    PickingUpBonus?.Invoke(ref bonus);
                    bonusIdBytes[0] = (byte)bonus;
                    DataSpaces.WriteVirtualUncached(edxValue.I64, bonusIdBytes, (uint)bonusIdBytes.Length, out uint bytesWritten);
                }

                return((int)DEBUG_STATUS.GO);
            }
            else if (breakpoint == _spawnCreatureBreakpoint)
            {
                CheckHr(Registers.GetIndexByName("ecx", out uint ecxIndex));
                CheckHr(Registers.GetValue(ecxIndex, out DEBUG_VALUE ecxValue));

                Control.OutputWide(
                    DEBUG_OUTPUT.NORMAL,
                    "Spawning creature " + (Creature)ecxValue.I32 + "\r\n"
                    );

                Creature creature = (Creature)ecxValue.I32;
                SpawningCreature?.Invoke(ref creature);
                ecxValue.I32 = (uint)creature;
                CheckHr(Registers.SetValue(ecxIndex, ref ecxValue));

                return((int)DEBUG_STATUS.GO);
            }

            return(base.Breakpoint(breakpoint));
        }
Beispiel #16
0
        public Int32 Breakpoint([In, MarshalAs(UnmanagedType.Interface)] IDebugBreakpoint2 bp)
        {
            // Output.Output.Log(Output.LogLevel.Debug, "Breakpoint Hit");
            this.Control.SetExecutionStatus(DEBUG_STATUS.GO_HANDLED);

            CodeTraceInfo codeTraceInfo = new CodeTraceInfo();

            String[] registers;
            throw new NotImplementedException();

            /*
             * Boolean isProcess32Bit = false;// ProcessQuery.Instance.IsProcessWindowed();
             *
             * if (isProcess32Bit)
             * {
             *  registers = this.Registers32;
             * }
             * else
             * {
             *  registers = this.Registers64;
             * }
             *
             * // Prepare register indicies for DbgEng register value call call
             * UInt32[] registerIndicies = new UInt32[registers.Length];
             *
             * for (Int32 index = 0; index < registers.Length; index++)
             * {
             *  this.Registers.GetIndexByName(registers[index], out registerIndicies[index]);
             * }
             *
             * // Get register values
             * DEBUG_VALUE[] values = new DEBUG_VALUE[registers.Length];
             * this.Registers.GetValues((UInt32)registers.Length, registerIndicies, 0, values);
             *
             * // Copy to code trace info
             * for (Int32 index = 0; index < registers.Length; index++)
             * {
             *  codeTraceInfo.IntRegisters.Add(registers[index], values[index].I64);
             * }
             *
             * // Get the current instruction address
             * UInt64 address;
             * this.Registers.GetInstructionOffset(out address);
             *
             * // TEMP: Correct the traced address
             * // TODO: Remove this once we figure out how to trigger breakpoint callbacks BEFORE EIP is updated
             * address = this.CorrectAddress(address);
             *
             * // Disassemble instruction
             * Byte[] bytes = null; // MemoryReader.Instance.ReadBytes(address, 15, out _);
             * throw new NotImplementedException();
             * codeTraceInfo.Instruction = Engine.Architecture.Disassembler.Default.Disassemble(bytes, isProcess32Bit, address).FirstOrDefault();
             *
             * // Invoke callbacks
             * this.ReadCallback?.Invoke(codeTraceInfo);
             * this.WriteCallback?.Invoke(codeTraceInfo);
             * this.AccessCallback?.Invoke(codeTraceInfo);
             *
             * // Output.Output.Log(Output.LogLevel.Debug, "Breakpoint Hit: " + codeTraceInfo.Address);
             * return (Int32)DEBUG_STATUS.BREAK;
             */
        }
Beispiel #17
0
 public int Breakpoint(IDebugBreakpoint2 Bp)
 {
     BreakpointHit = true;
     StateChanged  = true;
     return((int)DEBUG_STATUS.BREAK);
 }
 public virtual int Breakpoint(IDebugBreakpoint2 Bp)
 {
     return((int)DEBUG_STATUS.NO_CHANGE);
 }
Beispiel #19
0
 public int Breakpoint(IDebugBreakpoint2 breakpoint)
 {
     BreakpointHit?.Invoke(this, breakpoint);
     return((int)DEBUG_STATUS.BREAK);
 }
Beispiel #20
0
 public int Breakpoint([In, MarshalAs(UnmanagedType.Interface)] IDebugBreakpoint2 Bp)
 {
     BreakpointHit = true;
     StateChanged  = true;
     return((int)DEBUG_STATUS.BREAK);
 }
 public virtual int Breakpoint(IDebugBreakpoint2 breakpoint)
 {
     return((int)DEBUG_STATUS.GO);
 }