private void SessionOnProcessStarted(object sender, DebuggeeProcessEventArgs args)
{
var thread = args.Process.Threads.First();
_logger.WriteLine("Process {0} created with thread {1} at address {2:X}.", args.Process.Id, thread.Id, thread.StartAddress.ToInt64());
// args.NextAction = DebuggerAction.Stop;
}
private DebuggerAction HandleExitProcessDebugEvent(DEBUG_EVENT debugEvent)
{
var info = debugEvent.InterpretDebugInfoAs <EXIT_PROCESS_DEBUG_INFO>();
var process = GetProcessById((int)debugEvent.dwProcessId);
process.ExitCode = (int)info.dwExitCode;
var eventArgs = new DebuggeeProcessEventArgs(process);
OnProcessTerminated(eventArgs);
_processes.Remove((int)debugEvent.dwProcessId);
return(eventArgs.NextAction);
}
private DebuggerAction HandleCreateProcessDebugEvent(DEBUG_EVENT debugEvent)
{
var info = debugEvent.InterpretDebugInfoAs <CREATE_PROCESS_DEBUG_INFO>();
var process = GetOrCreateProcess(info.hProcess, (int)debugEvent.dwProcessId);
process.BaseAddress = info.lpBaseOfImage;
// Create process event also spawns a new thread.
_currentThread = new DebuggeeThread(process, info.hThread, (int)debugEvent.dwThreadId, info.lpStartAddress);
process.AddThread(_currentThread);
var eventArgs = new DebuggeeProcessEventArgs(process);
OnProcessStarted(eventArgs);
return(eventArgs.NextAction);
}
protected virtual void OnProcessTerminated(DebuggeeProcessEventArgs e)
{
ProcessTerminated?.Invoke(this, e);
}
private static void DebugSessionOnProcessStarted(object?sender, DebuggeeProcessEventArgs e)
{
Utils.WriteLog($"[Debugger] Started process: {e.Process.Id}", ConsoleColor.DarkGray);
}
private void SessionOnProcessTerminated(object sender, DebuggeeProcessEventArgs args)
{
_logger.WriteLine("Process terminated. ID: " + args.Process.Id);
}