internal static byte[] WriteBreakInstruction(Win32Process process, ulong offset)
{
byte[] oldBytes = ReadInstructionBytes(process, offset, 1);
Debug.Assert(oldBytes.Length == 1);
WriteInstructionBytes(process, offset, new byte[] { INSTR_BREAK_X86 });
return(oldBytes);
}
internal static byte[] ReadInstructionBytes(Win32Process process, ulong offset, int size)
{
unsafe
{
Int32 success = FALSE;
byte[] buffer = new byte[size];
fixed(byte *pBuffer = buffer)
{
// TODO: Offset is wrong here!
success = ReadProcessMemory(process.Handle, (void *)offset, pBuffer, (nuint)size, null);
}
ErrorOnFalse(success);
return(buffer);
}
}
private void CreateProcessDebugEvent(Win32Process process, ref WinApi.CREATE_PROCESS_DEBUG_INFO info)
{
Console.WriteLine("create process");
// NOTE: We assign the result here as this is when we know the start address of the process
if (unreturnedProcesses.Remove(process.Id, out var tcs))
{
// Create the main thread, connect it up with the process
var mainThread = WinApi.MakeThreadObject(info.hThread);
process.AddThread(mainThread);
// Finally push the result back
tcs.SetResult(process);
}
else
{
// Something went very wrong
throw new InvalidOperationException();
}
}
internal static void WriteInstructionBytes(Win32Process process, ulong offset, byte[] bytes)
{
unsafe
{
// First write the memory
Int32 success = FALSE;
fixed(byte *pBuffer = bytes)
{
// TODO: Offset is wrong here!
success = WriteProcessMemory(process.Handle, (void *)offset, pBuffer, (nuint)bytes.Length, null);
}
ErrorOnFalse(success);
// Then flush instruction cache
success = FlushInstructionCache(process.Handle, (void *)offset, (nuint)bytes.Length);
ErrorOnFalse(success);
}
}
private void ExitProcessDebugEvent(Win32Process process, ref WinApi.EXIT_PROCESS_DEBUG_INFO info)
{
Console.WriteLine($"exit process (code {info.dwExitCode})");
// Just remove from bookkeeping
processes.Remove(process.Id);
}