Beispiel #1
0
        private void ProcessDebugEvent(ref WinApi.DEBUG_EVENT debugEvent)
        {
            var process = processes[debugEvent.dwProcessId];

            switch (debugEvent.dwDebugEventCode)
            {
            // Handle process modifier events here
            case WinApi.CREATE_PROCESS_DEBUG_EVENT:
            {
                CreateProcessDebugEvent(process, ref debugEvent.u.CreateProcessInfo);
                var thread = process.GetThread(debugEvent.dwThreadId);
                WinApi.ContinueDebugThread(thread, true);
            } break;

            case WinApi.EXIT_PROCESS_DEBUG_EVENT:
            {
                ExitProcessDebugEvent(process, ref debugEvent.u.ExitProcess);
                var thread = process.GetThread(debugEvent.dwThreadId);
                WinApi.ContinueDebugThread(thread, true);
            } break;

            // Anything else we do in the process
            default:
                process.HandleDebugEvent(ref debugEvent);
                break;
            }
        }
Beispiel #2
0
        public void HandleDebugEvent(ref WinApi.DEBUG_EVENT debugEvent)
        {
            switch (debugEvent.dwDebugEventCode)
            {
            case WinApi.CREATE_THREAD_DEBUG_EVENT:
            {
                CreateThreadDebugEvent(ref debugEvent.u.CreateThread);
            } break;

            case WinApi.EXIT_THREAD_DEBUG_EVENT:
            {
                var thread = GetThread(debugEvent.dwThreadId);
                ExitThreadDebugEvent(thread, ref debugEvent.u.ExitThread);
            } break;

            case WinApi.LOAD_DLL_DEBUG_EVENT:
            {
                var thread = GetThread(debugEvent.dwThreadId);
                LoadDllDebugEvent(thread, ref debugEvent.u.LoadDll);
            } break;

            case WinApi.UNLOAD_DLL_DEBUG_EVENT:
            {
                var thread = GetThread(debugEvent.dwThreadId);
                UnloadDllDebugEvent(thread, ref debugEvent.u.UnloadDll);
            } break;

            case WinApi.EXCEPTION_DEBUG_EVENT:
            {
                var thread = GetThread(debugEvent.dwThreadId);
                ExceptionDebugEvent(thread, ref debugEvent.u.Exception);
            } break;

            case WinApi.OUTPUT_DEBUG_STRING_EVENT:
            {
                var thread = GetThread(debugEvent.dwThreadId);
                OutputStringDebugEvent(thread, ref debugEvent.u.DebugString);
            } break;

            case WinApi.RIP_EVENT:
            {
                var thread = GetThread(debugEvent.dwThreadId);
                RipDebugEvent(thread, ref debugEvent.u.RipInfo);
            } break;

            default:
                throw new NotImplementedException();
            }
        }
Beispiel #3
0
        private void RunLoop()
        {
            running = true;
            var debugEvent = new WinApi.DEBUG_EVENT();

            while (running)
            {
                // First check if there's something to perform and perform them
                for (; queuedActions.TryTake(out var action); action())
                {
                    ;
                }
                // Now handle debug events
                for (; WinApi.TryGetDebugEvent(out debugEvent); ProcessDebugEvent(ref debugEvent))
                {
                    ;
                }
                // Finished everything, ease the thread a bit
                Thread.Sleep(0);
            }
        }