Ejemplo n.º 1
0
        int IDebugEventCallbacksWide.CreateProcess(ulong ImageFileHandle, ulong Handle, ulong BaseOffset, uint ModuleSize, string ModuleName, string ImageName,
                                                   uint CheckSum, uint TimeDateStamp, ulong InitialThreadHandle, ulong ThreadDataOffset, ulong StartOffset)
        {
            Debug.WriteLine("IDebugEventCallbacksWide.CreateProcess");

            uint id;

            SystemObjects.GetCurrentProcessId(out id);
            ulong peb;

            SystemObjects.GetCurrentProcessPeb(out peb);
            uint pid;

            SystemObjects.GetCurrentProcessSystemId(out pid);

            var process = new TargetProcess {
                PID        = pid,
                hProcess   = Handle,
                hFile      = ImageFileHandle,
                BaseOffset = BaseOffset,
                ModuleSize = ModuleSize,
                ImageName  = ImageName,
                TimeStamp  = DateTime.FromFileTime(TimeDateStamp),
                ModuleName = ModuleName,
                Index      = (int)id,
                Peb        = peb
            };

            _processes.Add(process);

            OnProcessCreated(process);

            uint tindex, tid;

            SystemObjects.GetCurrentThreadId(out tindex);
            SystemObjects.GetCurrentThreadSystemId(out tid);
            var thread = new TargetThread(process)
            {
                Index        = tindex,
                TID          = tid,
                StartAddress = StartOffset,
                Teb          = ThreadDataOffset,
                Handle       = InitialThreadHandle,
                ProcessIndex = id
            };

            process.AddThread(thread);

            OnThreadCreated(new ThreadCreatedEventArgs(thread, process));

            return((int)DEBUG_STATUS.NO_CHANGE);
        }
Ejemplo n.º 2
0
 void OnProcessCreated(TargetProcess process)
 {
     ProcessCreated?.Invoke(this, new ProcessCreatedEventArgs(process));
 }
Ejemplo n.º 3
0
 public TargetThread(TargetProcess process)
 {
     Process = process;
 }
Ejemplo n.º 4
0
 public TargetModule(TargetProcess process)
 {
     Process = process;
 }
Ejemplo n.º 5
0
 internal ModuleEventArgs(TargetProcess process, TargetModule module)
 {
     Module  = module;
     Process = process;
 }
Ejemplo n.º 6
0
 internal ThreadExitedEventArgs(TargetThread thread, TargetProcess process)
 {
     Process = process;
     Thread  = thread;
 }
Ejemplo n.º 7
0
 internal ProcessExitedEventArgs(TargetProcess process)
 {
     Process = process;
 }
Ejemplo n.º 8
0
 internal ThreadCreatedEventArgs(TargetThread thread, TargetProcess process)
 {
     Thread  = thread;
     Process = process;
 }