public int Breakpoint(IDebugBreakpoint2 Bp) { BreakpointHit = true; StateChanged = true; if (Bp == pickUpWeaponBreakpoint) { IDebugRegisters2Fixed registers = _control as IDebugRegisters2Fixed; CheckHr(registers.GetIndexByName("edx", out uint edxIndex)); DEBUG_VALUE edxValue; CheckHr(registers.GetValue(edxIndex, out edxValue)); edxValue.I32 = 17; try { CheckHr(registers.SetValue(edxIndex, ref edxValue)); } catch (Exception e) { Console.WriteLine(e); throw; } edxValue = new DEBUG_VALUE(); CheckHr(registers.GetValue(edxIndex, out edxValue)); edxValue.I32 = 17; CheckHr(registers.SetValue(edxIndex, edxValue)); return((int)DEBUG_STATUS.GO); } //return (int) DEBUG_STATUS.NO_CHANGE; return((int)DEBUG_STATUS.BREAK); }
private IDebugBreakpoint2 SetBreakpoint(UInt64 address, DEBUG_BREAKPOINT_TYPE breakpointType, DEBUG_BREAKPOINT_ACCESS_TYPE access, UInt32 size) { const UInt32 AnyId = UInt32.MaxValue; IDebugBreakpoint2 breakpoint = null; this.BeginInterrupt(); Task.Factory.StartNew(() => { try { this.CheckHandleResult(this.Control.AddBreakpoint2(breakpointType, AnyId, out breakpoint)); breakpoint.SetOffset(address); breakpoint.SetFlags(DEBUG_BREAKPOINT_FLAG.ENABLED); breakpoint.SetDataParameters(size, access); this.Control.SetExecutionStatus(DEBUG_STATUS.GO); } catch (Exception ex) { Logger.Log(LogLevel.Error, "Error setting breakpoint", ex); } }, CancellationToken.None, TaskCreationOptions.DenyChildAttach, this.Scheduler.ExclusiveScheduler).Wait(); this.EndInterrupt(); return(breakpoint); }
private void CreatePickUpWeaponBreakpoint(byte[] progModuleMemory) { _pickUpWeaponBreakpoint = CreateBreakpointForPattern( progModuleMemory, "55 8B EC 83 E4 F8 80 3D A9 0F ?? ?? 00 56 57 8B F2 8B F9 75 23 80 3D 9A 0E ?? ?? 00 75 1A 56 E8 9C 94 F9 FF 83 FE 0F 75 0F 83 F8 32 7C 0A B9 D4", "PickUpWeapon" ); }
private void CreatePickUpPerkBreakpoint(byte[] progModuleMemory) { _pickUpPerkBreakpoint = CreateBreakpointForPattern( progModuleMemory, "55 8B EC 83 E4 F8 83 EC 0C 53 8B D9 8B 0D 1C F6 ?? ?? 56 57 89 5C 24 14 E8 03 A1 03 00 FF 04 9D 88 9B ?? ?? 3B 1D 0C BA ?? ?? A1 04 0F ?? ?? 0F", "PickUpPerk" ); }
public Int32 Breakpoint([In, MarshalAs(UnmanagedType.Interface)] IDebugBreakpoint2 bp) { // Output.Output.Log(Output.LogLevel.Debug, "Breakpoint Hit"); this.Control.SetExecutionStatus(DEBUG_STATUS.GO_HANDLED); CodeTraceInfo codeTraceInfo = new CodeTraceInfo(); String[] registers; Boolean isProcess32Bit = Processes.Default.IsOpenedProcess32Bit(); if (isProcess32Bit) { registers = this.Registers32; } else { registers = this.Registers64; } // Prepare register indicies for DbgEng register value call call UInt32[] registerIndicies = new UInt32[registers.Length]; for (Int32 index = 0; index < registers.Length; index++) { this.Registers.GetIndexByName(registers[index], out registerIndicies[index]); } // Get register values DEBUG_VALUE[] values = new DEBUG_VALUE[registers.Length]; this.Registers.GetValues((UInt32)registers.Length, registerIndicies, 0, values); // Copy to code trace info for (Int32 index = 0; index < registers.Length; index++) { codeTraceInfo.IntRegisters.Add(registers[index], values[index].I64); } // Get the current instruction address UInt64 address; this.Registers.GetInstructionOffset(out address); // TEMP: Correct the traced address // TODO: Remove this once we figure out how to trigger breakpoint callbacks BEFORE EIP is updated address = this.CorrectAddress(address); // Disassemble instruction Byte[] bytes = Memory.Reader.Default.ReadBytes(address, 15, out _); codeTraceInfo.Instruction = Engine.Architecture.Disassembler.Default.Disassemble(bytes, isProcess32Bit, address).FirstOrDefault(); // Invoke callbacks this.ReadCallback?.Invoke(codeTraceInfo); this.WriteCallback?.Invoke(codeTraceInfo); this.AccessCallback?.Invoke(codeTraceInfo); // Output.Output.Log(Output.LogLevel.Debug, "Breakpoint Hit: " + codeTraceInfo.Address); return((Int32)DEBUG_STATUS.BREAK); }
private void CreateSpawnCreatureBreakpoint(byte[] progModuleMemory) { _spawnCreatureBreakpoint = CreateBreakpointForPattern( progModuleMemory, //"55 8B EC 83 EC 4C 53 8B D9 8B 0D 1C F6 59 0F 56 57 8B FA 89 5D F8 E8 15 39 03 00 A1 58 BA 4D 0F F3 0F 10 05 10 74 4C 0F F3 0F 11 45 FC 83 3C 85", "55 8B EC 83 E4 F8 83 EC 08 56 57 FF 75 ?? ?? 28 C2 8B F1 FF 75 ?? ?? 28 C8 ?? ?? 11 44 24 14 E8 5C F0 FF FF 83 C4 08 84 ?? ?? 85 AF 00 00 00 8B", "SpawnCreature" ); }
private void CreatePickUpBonusBreakpoint(byte[] progModuleMemory) { _pickUpBonusBreakpoint = CreateBreakpointForPattern( progModuleMemory, //"55 8B EC 83 EC 4C 53 8B D9 8B 0D 1C F6 59 0F 56 57 8B FA 89 5D F8 E8 15 39 03 00 A1 58 BA 4D 0F F3 0F 10 05 10 74 4C 0F F3 0F 11 45 FC 83 3C 85", "55 8B EC 83 EC 4C 53 8B D9 8B 0D 1C F6 ?? ?? 56 57 8B FA 89 5D F8 E8 15 39 03 00 A1 58 BA ?? ?? F3 0F 10 05 10 74 ?? ?? F3 0F 11 45 FC 83 3C 85", "PickUpBonus" ); }
int IDebugEventCallbacksWide.Breakpoint(IDebugBreakpoint2 Bp) { _breakpointHit = true; _stateChanged = true; UpdateStatus(); //Control.OutputCurrentState(DEBUG_OUTCTL.THIS_CLIENT, DEBUG_CURRENT.DEFAULT); return((int)DEBUG_STATUS.BREAK); }
private string GetOffsetExpression(IDebugBreakpoint2 bp, uint expressionSize) { if (expressionSize != 0) { _builder.EnsureCapacity((int)expressionSize); var res = bp.GetOffsetExpressionWide(_builder, _builder.Capacity, out expressionSize); if (res != 0) { ErrorHelper.ThrowDebuggerException(res, "IDebugBreakpoint2.GetOffsetExpressionWide"); } } return(_builder.ToString()); }
string GetCommand(IDebugBreakpoint2 bp, uint commandSize) { _builder.EnsureCapacity((int)commandSize); if (commandSize != 0) { uint size; var res = bp.GetCommandWide(_builder, _builder.Capacity, out size); if (res != 0) { ErrorHelper.ThrowDebuggerException(res, "IDebugBreakpoint2.GetCommandWide"); } } return(_builder.ToString()); }
public CancellationTokenSource FindWhatAccesses(UInt64 address, BreakpointSize size, MemoryAccessCallback callback) { this.Attach(); this.accessCancellationToken?.Cancel(); this.EventCallBacks.AccessCallback = callback; IDebugBreakpoint2 breakpoint = this.SetHardwareBreakpoint(address, DEBUG_BREAKPOINT_ACCESS_TYPE.READ | DEBUG_BREAKPOINT_ACCESS_TYPE.WRITE, size.ToUInt32()); if (breakpoint == null) { return(null); } this.accessCancellationToken = this.CreateNewCancellationToken(this.OnAccessTraceCancel); this.BreakPoints.TryAdd(this.accessCancellationToken, breakpoint); return(this.accessCancellationToken); }
/// <summary> /// Constructor for creating new breakpoints. /// </summary> /// <param name="breakpointSpec">Spec describing this breakpoint.</param> /// <param name="invalidateCache">Invalidate cache action.</param> /// <param name="dbgEngDll">DbgEngDll interface.</param> /// <remarks> /// This about adding some sort of factory pattern here. /// </remarks> public DbgEngBreakpoint(BreakpointSpec breakpointSpec, Action invalidateCache, DbgEngDll dbgEngDll) { this.breakpointAction = breakpointSpec.BreakpointAction; this.invalidateCache = invalidateCache; unchecked { if (breakpointSpec.BreakpointType == BreakpointType.Code) { breakpoint = dbgEngDll.Control.AddBreakpoint2((uint)Defines.DebugBreakpointCode, (uint)Defines.DebugAnyId); } else { throw new NotImplementedException("Only supports Code breakpoints"); } } breakpoint.SetOffset(breakpointSpec.BreakpointAddress); breakpoint.SetFlags((uint)Defines.DebugBreakpointEnabled); breakpointStatusEnabled = true; }
public void Breakpoint(IDebugBreakpoint2 Bp) { Control.SetExecutionStatus((UInt32)DEBUG_STATUS.GO_HANDLED); }
public virtual int Breakpoint(IDebugBreakpoint2 Bp) { return (int)DEBUG_STATUS.NO_CHANGE; }
public override int Breakpoint(IDebugBreakpoint2 breakpoint) { if (breakpoint == _pickUpWeaponBreakpoint) { CheckHr(Registers.GetIndexByName("edx", out uint edxIndex)); CheckHr(Registers.GetValue(edxIndex, out DEBUG_VALUE edxValue)); Control.OutputWide( DEBUG_OUTPUT.NORMAL, "Picking up weapon " + (Weapon)edxValue.I32 + "\r\n" ); Weapon weapon = (Weapon)edxValue.I32; PickingUpWeapon?.Invoke(ref weapon); edxValue.I32 = (uint)weapon; CheckHr(Registers.SetValue(edxIndex, ref edxValue)); return((int)DEBUG_STATUS.GO); } else if (breakpoint == _pickUpPerkBreakpoint) { CheckHr(Registers.GetIndexByName("ecx", out uint ecxIndex)); CheckHr(Registers.GetValue(ecxIndex, out DEBUG_VALUE ecxValue)); Control.OutputWide( DEBUG_OUTPUT.NORMAL, "Picking up perk " + (Perk)ecxValue.I32 + "\r\n" ); Perk perk = (Perk)ecxValue.I32; PickingUpPerk?.Invoke(ref perk); ecxValue.I32 = (uint)perk; CheckHr(Registers.SetValue(ecxIndex, ref ecxValue)); return((int)DEBUG_STATUS.GO); } else if (breakpoint == _pickUpBonusBreakpoint) { CheckHr(Registers.GetIndexByName("edx", out uint edxIndex)); CheckHr(Registers.GetValue(edxIndex, out DEBUG_VALUE edxValue)); byte[] bonusIdBytes = new byte[4]; CheckHr(DataSpaces.ReadVirtualUncached(edxValue.I64, bonusIdBytes, (uint)bonusIdBytes.Length, out uint bytesRead)); Bonus bonus = (Bonus)BitConverter.ToInt32(bonusIdBytes, 0); Control.OutputWide( DEBUG_OUTPUT.NORMAL, "Picking up bonus " + (Bonus)bonus + "\r\n" ); if (bonus != Bonus.Weapon) { PickingUpBonus?.Invoke(ref bonus); bonusIdBytes[0] = (byte)bonus; DataSpaces.WriteVirtualUncached(edxValue.I64, bonusIdBytes, (uint)bonusIdBytes.Length, out uint bytesWritten); } return((int)DEBUG_STATUS.GO); } else if (breakpoint == _spawnCreatureBreakpoint) { CheckHr(Registers.GetIndexByName("ecx", out uint ecxIndex)); CheckHr(Registers.GetValue(ecxIndex, out DEBUG_VALUE ecxValue)); Control.OutputWide( DEBUG_OUTPUT.NORMAL, "Spawning creature " + (Creature)ecxValue.I32 + "\r\n" ); Creature creature = (Creature)ecxValue.I32; SpawningCreature?.Invoke(ref creature); ecxValue.I32 = (uint)creature; CheckHr(Registers.SetValue(ecxIndex, ref ecxValue)); return((int)DEBUG_STATUS.GO); } return(base.Breakpoint(breakpoint)); }
public Int32 Breakpoint([In, MarshalAs(UnmanagedType.Interface)] IDebugBreakpoint2 bp) { // Output.Output.Log(Output.LogLevel.Debug, "Breakpoint Hit"); this.Control.SetExecutionStatus(DEBUG_STATUS.GO_HANDLED); CodeTraceInfo codeTraceInfo = new CodeTraceInfo(); String[] registers; throw new NotImplementedException(); /* * Boolean isProcess32Bit = false;// ProcessQuery.Instance.IsProcessWindowed(); * * if (isProcess32Bit) * { * registers = this.Registers32; * } * else * { * registers = this.Registers64; * } * * // Prepare register indicies for DbgEng register value call call * UInt32[] registerIndicies = new UInt32[registers.Length]; * * for (Int32 index = 0; index < registers.Length; index++) * { * this.Registers.GetIndexByName(registers[index], out registerIndicies[index]); * } * * // Get register values * DEBUG_VALUE[] values = new DEBUG_VALUE[registers.Length]; * this.Registers.GetValues((UInt32)registers.Length, registerIndicies, 0, values); * * // Copy to code trace info * for (Int32 index = 0; index < registers.Length; index++) * { * codeTraceInfo.IntRegisters.Add(registers[index], values[index].I64); * } * * // Get the current instruction address * UInt64 address; * this.Registers.GetInstructionOffset(out address); * * // TEMP: Correct the traced address * // TODO: Remove this once we figure out how to trigger breakpoint callbacks BEFORE EIP is updated * address = this.CorrectAddress(address); * * // Disassemble instruction * Byte[] bytes = null; // MemoryReader.Instance.ReadBytes(address, 15, out _); * throw new NotImplementedException(); * codeTraceInfo.Instruction = Engine.Architecture.Disassembler.Default.Disassemble(bytes, isProcess32Bit, address).FirstOrDefault(); * * // Invoke callbacks * this.ReadCallback?.Invoke(codeTraceInfo); * this.WriteCallback?.Invoke(codeTraceInfo); * this.AccessCallback?.Invoke(codeTraceInfo); * * // Output.Output.Log(Output.LogLevel.Debug, "Breakpoint Hit: " + codeTraceInfo.Address); * return (Int32)DEBUG_STATUS.BREAK; */ }
public int Breakpoint(IDebugBreakpoint2 Bp) { BreakpointHit = true; StateChanged = true; return((int)DEBUG_STATUS.BREAK); }
public virtual int Breakpoint(IDebugBreakpoint2 Bp) { return((int)DEBUG_STATUS.NO_CHANGE); }
public int Breakpoint(IDebugBreakpoint2 breakpoint) { BreakpointHit?.Invoke(this, breakpoint); return((int)DEBUG_STATUS.BREAK); }
public int Breakpoint([In, MarshalAs(UnmanagedType.Interface)] IDebugBreakpoint2 Bp) { BreakpointHit = true; StateChanged = true; return((int)DEBUG_STATUS.BREAK); }
public virtual int Breakpoint(IDebugBreakpoint2 breakpoint) { return((int)DEBUG_STATUS.GO); }