public ClientInfo( string name, int timeStamp, AddressAndRegisters send, AddressAndRegisters recv )
{
m_Name = name;
m_TimeStamp = timeStamp;
m_Send = send;
m_Recv = recv;
}
public ClientInfo(string name, int timeStamp, AddressAndRegisters send, AddressAndRegisters recv)
{
m_Name = name;
m_TimeStamp = timeStamp;
m_Send = send;
m_Recv = recv;
}
public ClientInfo(string name, int timeStamp, AddressAndRegisters send, AddressAndRegisters recv)
{
if (name != null && name.EndsWith("SA"))
{
m_Enhanced = true;
}
m_Name = name;
m_TimeStamp = timeStamp;
m_Send = send;
m_Recv = recv;
}
public PacketSpy(AddressAndRegisters send, AddressAndRegisters recv, PacketHandler packetHandler)
{
m_Send = send;
m_Recv = recv;
m_PacketHandler = packetHandler;
m_ContextBuffer = new NativeMethods.CONTEXT();
m_ContextBuffer.ContextFlags = NativeMethods.ContextFlags.CONTEXT_CONTROL | NativeMethods.ContextFlags.CONTEXT_INTEGER;
m_DEventBuffer = new NativeMethods.DEBUG_EVENT_EXCEPTION();
m_ToStop = false;
m_Stopped = new ManualResetEvent(true);
}
public static ClientInfo Parse(string s)
{
string name;
int ts;
AddressAndRegisters send;
AddressAndRegisters recv;
try
{
int tsEnd = s.IndexOf(':');
ts = Int32.Parse(s.Substring(0, tsEnd), NumberStyles.HexNumber);
int nameStart = s.IndexOf('"', tsEnd) + 1;
int nameEnd = s.IndexOf('"', nameStart + 1);
name = s.Substring(nameStart, nameEnd - nameStart);
string[] splt = s.Substring(nameEnd + 2).Split(' ');
uint[] sendRecv = new uint[9];
for (int i = 0, n = 0; n < 9; i++)
{
if (splt[i] != "")
{
sendRecv[n] = UInt32.Parse(splt[i], NumberStyles.HexNumber);
n++;
}
}
Register sAddrReg = GetRegister(sendRecv[1]);
Register sLengthReg = GetRegister(sendRecv[3]);
Register sCheckReg = GetRegister(sendRecv[4]);
Register rAddrReg = GetRegister(sendRecv[6]);
Register rLengthReg = GetRegister(sendRecv[8]);
send = new AddressAndRegisters(sendRecv[0], sAddrReg, sendRecv[2], sLengthReg, sCheckReg);
recv = new AddressAndRegisters(sendRecv[5], rAddrReg, sendRecv[7], rLengthReg);
}
catch
{
throw new FormatException();
}
return(new ClientInfo(name, ts, send, recv));
}
public static ClientInfo Parse( string s )
{
string name;
int ts;
AddressAndRegisters send;
AddressAndRegisters recv;
try
{
int tsEnd = s.IndexOf( ':' );
ts = Int32.Parse( s.Substring( 0, tsEnd ), NumberStyles.HexNumber );
int nameStart = s.IndexOf( '"', tsEnd ) + 1;
int nameEnd = s.IndexOf( '"', nameStart + 1 );
name = s.Substring( nameStart, nameEnd - nameStart );
string[] splt = s.Substring( nameEnd + 2 ).Split( ' ' );
uint[] sendRecv = new uint[9];
for ( int i = 0, n = 0; n < 9; i++ )
{
if ( splt[i] != "" )
{
sendRecv[n] = UInt32.Parse( splt[i], NumberStyles.HexNumber );
n++;
}
}
Register sAddrReg = GetRegister( sendRecv[1] );
Register sLengthReg = GetRegister( sendRecv[3] );
Register sCheckReg = GetRegister( sendRecv[4] );
Register rAddrReg = GetRegister( sendRecv[6] );
Register rLengthReg = GetRegister( sendRecv[8] );
send = new AddressAndRegisters( sendRecv[0], sAddrReg, sendRecv[2], sLengthReg, sCheckReg );
recv = new AddressAndRegisters( sendRecv[5], rAddrReg, sendRecv[7], rLengthReg );
}
catch
{
throw new FormatException();
}
return new ClientInfo( name, ts, send, recv );
}
public PacketSpy( AddressAndRegisters send, AddressAndRegisters recv, PacketHandler packetHandler )
{
m_Send = send;
m_Recv = recv;
m_PacketHandler = packetHandler;
m_ContextBuffer = new NativeMethods.CONTEXT();
m_ContextBuffer.ContextFlags = NativeMethods.ContextFlags.CONTEXT_CONTROL | NativeMethods.ContextFlags.CONTEXT_INTEGER;
m_DEventBuffer = new NativeMethods.DEBUG_EVENT_EXCEPTION();
m_ToStop = false;
m_Stopped = new ManualResetEvent( true );
}
private void SpyPacket(uint threadId, bool send, bool length)
{
IntPtr hThread = NativeMethods.OpenThread(NativeMethods.DesiredAccessThread.THREAD_GET_CONTEXT | NativeMethods.DesiredAccessThread.THREAD_SET_CONTEXT, false, threadId);
GetThreadContext(hThread, ref m_ContextBuffer);
AddressAndRegisters ar = send ? m_Send : m_Recv;
byte[] data = null;
bool handle = true;
if (send && !length && GetContextRegister(m_ContextBuffer, ar.CheckRegister) != 3)
{
handle = false;
}
if (send && length && lastAddress_s == 0)
{
handle = false;
}
uint lastAddress;
if (handle)
{
if (!length)
{
lastAddress = GetContextRegister(m_ContextBuffer, ar.AddressRegister);
if (send)
{
lastAddress_s = lastAddress;
}
else
{
lastAddress_r = lastAddress;
}
}
else
{
uint dataLength = GetContextRegister(m_ContextBuffer, ar.LengthRegister) & 0xFFFF;
if (send)
{
lastAddress = new BinaryReader(new MemoryStream(ReadProcessMemory(lastAddress_s + 4, 4))).ReadUInt32();
lastAddress_s = 0;
}
else
{
lastAddress = lastAddress_r;
lastAddress_r = 0;
}
data = ReadProcessMemory(lastAddress, dataLength);
}
}
#region Breakpoint Recovery
WriteProcessMemory(length ? ar.LengthAddress : ar.Address, new byte[] { send ? (length ? m_OrSCode2 : m_OrSCode) : (length ? m_OrRCode2 : m_OrRCode) });
m_ContextBuffer.Eip--;
m_ContextBuffer.EFlags |= 0x100; // Single step
SetThreadContext(hThread, ref m_ContextBuffer);
ContinueDebugEvent(threadId);
if (!NativeMethods.WaitForDebugEvent(ref m_DEventBuffer, uint.MaxValue))
{
throw new Win32Exception();
}
WriteProcessMemory(length ? ar.LengthAddress : ar.Address, BreakCode);
GetThreadContext(hThread, ref m_ContextBuffer);
m_ContextBuffer.EFlags &= ~0x100u; // End single step
SetThreadContext(hThread, ref m_ContextBuffer);
#endregion
NativeMethods.CloseHandle(hThread);
ContinueDebugEvent(threadId);
if (length && handle)
{
m_PacketHandler(data, send);
}
}
private void SpyPacket(uint threadId, bool send)
{
IntPtr hThread = NativeMethods.OpenThread(NativeMethods.DesiredAccessThread.THREAD_GET_CONTEXT | NativeMethods.DesiredAccessThread.THREAD_SET_CONTEXT | NativeMethods.DesiredAccessThread.THREAD_QUERY_INFORMATION, false, threadId);
GetThreadContext(hThread);
AddressAndRegisters ar = send ? m_Send : m_Recv;
uint dataAddress = GetContextRegister(ar.AddressRegister);
uint dataLength = GetContextRegister(ar.LengthRegister) & 0xFFFF;
byte[] data = null;
if (m_Enhanced)
{
data = ReadProcessMemory(dataAddress + 4, 8);
using (MemoryStream stream = new MemoryStream(data))
{
using (BinaryReader reader = new BinaryReader(stream))
{
uint start = reader.ReadUInt32();
uint length = reader.ReadUInt32() - start;
data = ReadProcessMemory(start, length);
}
}
}
else
{
data = ReadProcessMemory(dataAddress, dataLength);
}
#region Breakpoint Recovery
WriteProcessMemory(ar.Address, new byte[] { send?m_OrSCode: m_OrRCode });
if (SystemInfo.IsX64)
{
m_X64ContextBuffer.Eip--;
m_X64ContextBuffer.EFlags |= 0x100; // Single step
}
else
{
m_ContextBuffer.Eip--;
m_ContextBuffer.EFlags |= 0x100; // Single step
}
SetThreadContext(hThread);
ContinueDebugEvent(threadId);
if (!NativeMethods.WaitForDebugEvent(ref m_DEventBuffer, 2500))
{
throw new Win32Exception();
}
WriteProcessMemory(ar.Address, BreakCode);
GetThreadContext(hThread);
if (SystemInfo.IsX64)
{
m_X64ContextBuffer.EFlags &= ~0x100u; // End single step
}
else
{
m_ContextBuffer.EFlags &= ~0x100u; // End single step
}
SetThreadContext(hThread);
#endregion
NativeMethods.CloseHandle(hThread);
ContinueDebugEvent(threadId);
if (data != null)
{
m_PacketHandler(data, send);
}
}