Beispiel #1
0
 public static void ShouldNotCrashIfDetachAtBreakpoint()
 {
     using (var dbg = new ProcessDebugger())
     {
         dbg.Start(SimpleCrackMe);
         dbg.Wait.NextEvent();
         Breakpoint breakPoint = dbg.Breakpoints.AtEntryPoint();
         dbg.BreakingThread.Continue.UntilBreakpoint(breakPoint);
         dbg.BreakingThread.Continue.Run();
     }
 }
Beispiel #2
0
 public void CanDebugProcessToEndAndGetExitCode()
 {
     using (var dbg = new ProcessDebugger())
     {
         dbg.Start(SimpleCrackMe);
         var returnCode = dbg.Continue.ToEnd();
         Assert.NotNull(dbg.ExitCode);
         Assert.Equal(0, dbg.ExitCode.Value);
         Assert.Equal(returnCode, dbg.ExitCode.Value);
     }
 }
Beispiel #3
0
 public void CanStartDebugOnNewProcess()
 {
     using (var dbg = new ProcessDebugger())
     {
         dbg.Start(SimpleCrackMe);
         var debugEvent = dbg.Wait.NextEvent();
         Assert.Equal(DebugEventType.CreateProcessEvent, debugEvent.EventType);
         debugEvent = dbg.Continue.Until(DebugEventType.ExitProcessEvent);
         Assert.Equal(DebugEventType.ExitProcessEvent, debugEvent.EventType);
     }
 }
Beispiel #4
0
 public static void CanStepIn()
 {
     using (var dbg = new ProcessDebugger())
     {
         dbg.Start(SimpleCrackMe);
         Breakpoint breakPoint = dbg.Breakpoints.AtEntryPoint();
         dbg.BreakingThread.Continue.UntilBreakpoint(breakPoint);
         dbg.BreakingThread.StepByStep = true;
         AssertIsSingleStep(dbg.Wait.NextEvent());
         AssertIsSingleStep(dbg.Wait.NextEvent());
     }
 }
Beispiel #5
0
        public void CanGetRVAFromPdbPublicServerOrExport()
        {
            using (var dbg = new ProcessDebugger())
            {
                dbg.Start(SimpleCrackMe);

                var symbol = dbg.SymbolManager.FromName("kernel32.dll", "_GetStdHandle@4");
                Assert.NotNull(symbol);
                Assert.Equal(SymbolType.Pdb, symbol.Type);

                symbol = dbg.SymbolManager.FromName("kernel32.dll", "GetStdHandle");
                Assert.NotNull(symbol);
                Assert.Equal(SymbolType.Export, symbol.Type);
            }
        }
Beispiel #6
0
        private Patch PatchJNZ(ProcessDebugger dbg)
        {
            dbg.Start(SimpleCrackMe);
            RVA mainRVA = dbg.SymbolManager.FromName("SimpleCrackMe.exe", "main").RVA; //new RVA(0x113D0);
            RVA jnzRVA  = new RVA(0x113F2);                                            // mainRVA + 0x22;

            dbg.Wait.NextEvent();
            Breakpoint breakPoint = dbg.Breakpoints.At("SimpleCrackMe.exe", mainRVA);

            dbg.BreakingThread.Continue.UntilBreakpoint(breakPoint);
            var disasm   = dbg.BreakingThread.Continue.UntilInstruction("JNZ");
            var expected = dbg.AddressOfModule("SimpleCrackMe.exe") + jnzRVA;
            var actual   = dbg.BreakingThread.CurrentInstruction;

            Assert.Equal(expected, actual);
            return(dbg.BreakingThread.WriteInstruction("NOP", true));
        }
Beispiel #7
0
 public static void CanBreakAtEntryThenSkipBreakpointNextStepIn()
 {
     using (var dbg = new ProcessDebugger())
     {
         dbg.Start(SimpleCrackMe);
         Breakpoint breakPoint = dbg.Breakpoints.AtEntryPoint();
         var        evt        = dbg.BreakingThread.Continue.UntilBreakpoint(breakPoint);
         Assert.NotNull(evt);
         Assert.True(evt.Details.IsFirstChance);
         Assert.True(evt.Details.Exception.Reason == ExceptionReason.ExceptionBreakpoint);
         Assert.Equal(dbg.Debuggee.MainModule.EntryPointAddress, breakPoint.Address.ToIntPtr());
         Assert.Equal(breakPoint.Address.ToIntPtr(), dbg.BreakingThread.ThreadContext.EIP);
         Assert.Equal(dbg.Debuggee.MainModule.EntryPointAddress, evt.Details.Exception.Address);
         var nextEvent = dbg.BreakingThread.Wait.NextEvent();                 //Does not throw a trap
         Assert.NotEqual(DebugEventType.ExceptionEvent, nextEvent.EventType);
     }
 }
Beispiel #8
0
 public static void BreakpointDoesNotCancelStepIn()
 {
     using (var dbg = new ProcessDebugger())
     {
         dbg.Start(SimpleCrackMe);
         dbg.Wait.NextEvent();
         dbg.BreakingThread.StepByStep = true;
         Breakpoint breakPoint = dbg.Breakpoints.AtEntryPoint();
         dbg.Continue.UntilBreakpoint(breakPoint);
         var address = dbg.BreakingThread.CurrentInstruction;
         Assert.Equal(breakPoint.Address, address);
         AssertIsSingleStep(dbg.Wait.NextEvent());
         AssertIsSingleStep(dbg.Wait.NextEvent());
         dbg.BreakingThread.StepByStep = false;
         dbg.BreakingThread.GoTo(address);
         AssertIsBreakpoint(dbg.BreakingThread.Wait.NextEvent());
         AssertIsNotSingleStep(dbg.BreakingThread.Wait.NextEvent());
     }
 }