public static string ReadZeroTerminatedString(this IDebuggeeProcess process, IntPtr address, bool unicode, int maxLength = 0x100) { // We do not know the size of the string, therefore read the memory in chunks and search for a zero byte. const int bufferSize = 256; var encoding = unicode ? Encoding.ASCII : Encoding.Unicode; var builder = new StringBuilder(); IntPtr currentAddress = address; byte[] buffer = new byte[bufferSize]; string lastChunk; int nullIndex; do { process.ReadMemory(currentAddress, buffer, 0, buffer.Length); lastChunk = encoding.GetString(buffer); nullIndex = lastChunk.IndexOf('\0'); builder.Append(lastChunk); currentAddress += bufferSize; } while (nullIndex == -1 && builder.Length < 0x100); // If \0 was found, remove everything after this character. Otherwise just return the raw string. string rawString = builder.ToString(); return(nullIndex != -1 ? rawString.Remove(builder.Length - (lastChunk.Length - nullIndex)) : rawString); }
public void Execute(IDebuggerSession session, string[] arguments, Logger output) { var process = session.GetProcesses().First(); if (process != _process) { _process = process; _reader = new ProcessMemoryReader(process) { NegateBreakpoints = true }; _disassembler = new X86Disassembler(_reader); } if (arguments.Length > 0) { _reader.Position = long.Parse(arguments[0], NumberStyles.HexNumber); } int count = 5; if (arguments.Length > 1) { count = int.Parse(arguments[1]); } for (int i = 0; i < count; i++) { var instruction = _disassembler.ReadNextInstruction(); _printer.PrintInstruction(instruction, process.GetSoftwareBreakpointByAddress((IntPtr)instruction.Offset)); } }
public static string ReadString(this IDebuggeeProcess process, IntPtr address, int length, bool unicode) { byte[] data = new byte[length]; process.ReadMemory(address, data, 0, data.Length); var encoding = unicode ? Encoding.ASCII : Encoding.Unicode; return(encoding.GetString(data)); }
public ProcessMemoryReader(IDebuggeeProcess process) { _process = process ?? throw new ArgumentNullException(nameof(process)); StartPosition = (long)process.BaseAddress; Position = StartPosition; }
private void DumpMemory(IDebuggeeProcess process, ulong address, int rows, X86OperandSize size, Logger logger) { const int rowSize = 0x10; var buffer = new byte[rows * rowSize]; process.ReadMemory((IntPtr)address, buffer, 0, buffer.Length); int stepSize = 0; switch (size) { case X86OperandSize.Byte: stepSize = 1; break; case X86OperandSize.Word: stepSize = 2; break; case X86OperandSize.Dword: stepSize = 4; break; default: throw new ArgumentOutOfRangeException(nameof(size)); } for (int row = 0; row < rows; row++) { logger.Write("{0:X8}: ", address + (ulong)(row * rowSize)); var builder = new StringBuilder(); for (int col = 0; col < rowSize; col += stepSize) { if (col % 4 == 0) { logger.Write(" "); } ulong currentValue = 0; switch (size) { case X86OperandSize.Byte: currentValue = buffer[row * rowSize + col]; break; case X86OperandSize.Word: currentValue = BitConverter.ToUInt16(buffer, row * rowSize + col); break; case X86OperandSize.Dword: currentValue = BitConverter.ToUInt32(buffer, row * rowSize + col); break; } logger.Write("{0} ", currentValue.ToString("X" + (stepSize * 2))); if (stepSize == 1) { char currentChar = (char)currentValue; builder.Append(char.IsControl(currentChar) ? '.' : currentChar); } } logger.WriteLine(" " + builder.ToString()); } }
public DebuggeeLibrary(IDebuggeeProcess process, string name, IntPtr baseOfLibrary) { Process = process ?? throw new ArgumentNullException(nameof(process)); Name = name; BaseOfLibrary = baseOfLibrary; }
public DebuggeeProcessEventArgs(IDebuggeeProcess process) : base(process.Session) { Process = process; }