Esempio n. 1
0
		public ClientInfo( string name, int timeStamp, AddressAndRegisters send, AddressAndRegisters recv )
		{
			m_Name = name;
			m_TimeStamp = timeStamp;
			m_Send = send;
			m_Recv = recv;
		}
Esempio n. 2
0
 public ClientInfo(string name, int timeStamp, AddressAndRegisters send, AddressAndRegisters recv)
 {
     m_Name      = name;
     m_TimeStamp = timeStamp;
     m_Send      = send;
     m_Recv      = recv;
 }
Esempio n. 3
0
        public ClientInfo(string name, int timeStamp, AddressAndRegisters send, AddressAndRegisters recv)
        {
            if (name != null && name.EndsWith("SA"))
            {
                m_Enhanced = true;
            }

            m_Name      = name;
            m_TimeStamp = timeStamp;
            m_Send      = send;
            m_Recv      = recv;
        }
Esempio n. 4
0
        public PacketSpy(AddressAndRegisters send, AddressAndRegisters recv, PacketHandler packetHandler)
        {
            m_Send          = send;
            m_Recv          = recv;
            m_PacketHandler = packetHandler;

            m_ContextBuffer = new NativeMethods.CONTEXT();
            m_ContextBuffer.ContextFlags = NativeMethods.ContextFlags.CONTEXT_CONTROL | NativeMethods.ContextFlags.CONTEXT_INTEGER;
            m_DEventBuffer = new NativeMethods.DEBUG_EVENT_EXCEPTION();

            m_ToStop  = false;
            m_Stopped = new ManualResetEvent(true);
        }
Esempio n. 5
0
        public static ClientInfo Parse(string s)
        {
            string name;
            int    ts;
            AddressAndRegisters send;
            AddressAndRegisters recv;

            try
            {
                int tsEnd = s.IndexOf(':');
                ts = Int32.Parse(s.Substring(0, tsEnd), NumberStyles.HexNumber);

                int nameStart = s.IndexOf('"', tsEnd) + 1;
                int nameEnd   = s.IndexOf('"', nameStart + 1);
                name = s.Substring(nameStart, nameEnd - nameStart);

                string[] splt = s.Substring(nameEnd + 2).Split(' ');


                uint[] sendRecv = new uint[9];
                for (int i = 0, n = 0; n < 9; i++)
                {
                    if (splt[i] != "")
                    {
                        sendRecv[n] = UInt32.Parse(splt[i], NumberStyles.HexNumber);
                        n++;
                    }
                }

                Register sAddrReg   = GetRegister(sendRecv[1]);
                Register sLengthReg = GetRegister(sendRecv[3]);
                Register sCheckReg  = GetRegister(sendRecv[4]);

                Register rAddrReg   = GetRegister(sendRecv[6]);
                Register rLengthReg = GetRegister(sendRecv[8]);

                send = new AddressAndRegisters(sendRecv[0], sAddrReg, sendRecv[2], sLengthReg, sCheckReg);
                recv = new AddressAndRegisters(sendRecv[5], rAddrReg, sendRecv[7], rLengthReg);
            }
            catch
            {
                throw new FormatException();
            }

            return(new ClientInfo(name, ts, send, recv));
        }
Esempio n. 6
0
		public static ClientInfo Parse( string s )
		{
			string name;
			int ts;
			AddressAndRegisters send;
			AddressAndRegisters recv;

			try
			{
				int tsEnd = s.IndexOf( ':' );
				ts = Int32.Parse( s.Substring( 0, tsEnd ), NumberStyles.HexNumber );

				int nameStart = s.IndexOf( '"', tsEnd ) + 1;
				int nameEnd = s.IndexOf( '"', nameStart + 1 );
				name = s.Substring( nameStart, nameEnd - nameStart );

				string[] splt = s.Substring( nameEnd + 2 ).Split( ' ' );

                
				uint[] sendRecv = new uint[9];
				for ( int i = 0, n = 0; n < 9; i++ )
				{
					if ( splt[i] != "" )
					{
						sendRecv[n] = UInt32.Parse( splt[i], NumberStyles.HexNumber );
						n++;
					}
				}

				Register sAddrReg = GetRegister( sendRecv[1] );
				Register sLengthReg = GetRegister( sendRecv[3] );
                Register sCheckReg = GetRegister( sendRecv[4] );

				Register rAddrReg = GetRegister( sendRecv[6] );
				Register rLengthReg = GetRegister( sendRecv[8] );

				send = new AddressAndRegisters( sendRecv[0], sAddrReg, sendRecv[2], sLengthReg, sCheckReg );
                recv = new AddressAndRegisters( sendRecv[5], rAddrReg, sendRecv[7], rLengthReg );
			}
			catch
			{
				throw new FormatException();
			}

			return new ClientInfo( name, ts, send, recv );
		}
Esempio n. 7
0
		public PacketSpy( AddressAndRegisters send, AddressAndRegisters recv, PacketHandler packetHandler )
		{
			m_Send = send;
			m_Recv = recv;
			m_PacketHandler = packetHandler;

			m_ContextBuffer = new NativeMethods.CONTEXT();
			m_ContextBuffer.ContextFlags = NativeMethods.ContextFlags.CONTEXT_CONTROL | NativeMethods.ContextFlags.CONTEXT_INTEGER;
			m_DEventBuffer = new NativeMethods.DEBUG_EVENT_EXCEPTION();

			m_ToStop = false;
			m_Stopped = new ManualResetEvent( true );
		}
Esempio n. 8
0
        private void SpyPacket(uint threadId, bool send, bool length)
        {
            IntPtr hThread = NativeMethods.OpenThread(NativeMethods.DesiredAccessThread.THREAD_GET_CONTEXT | NativeMethods.DesiredAccessThread.THREAD_SET_CONTEXT, false, threadId);

            GetThreadContext(hThread, ref m_ContextBuffer);

            AddressAndRegisters ar = send ? m_Send : m_Recv;

            byte[] data = null;

            bool handle = true;

            if (send && !length && GetContextRegister(m_ContextBuffer, ar.CheckRegister) != 3)
            {
                handle = false;
            }

            if (send && length && lastAddress_s == 0)
            {
                handle = false;
            }

            uint lastAddress;

            if (handle)
            {
                if (!length)
                {
                    lastAddress = GetContextRegister(m_ContextBuffer, ar.AddressRegister);
                    if (send)
                    {
                        lastAddress_s = lastAddress;
                    }
                    else
                    {
                        lastAddress_r = lastAddress;
                    }
                }
                else
                {
                    uint dataLength = GetContextRegister(m_ContextBuffer, ar.LengthRegister) & 0xFFFF;
                    if (send)
                    {
                        lastAddress   = new BinaryReader(new MemoryStream(ReadProcessMemory(lastAddress_s + 4, 4))).ReadUInt32();
                        lastAddress_s = 0;
                    }
                    else
                    {
                        lastAddress   = lastAddress_r;
                        lastAddress_r = 0;
                    }
                    data = ReadProcessMemory(lastAddress, dataLength);
                }
            }
            #region Breakpoint Recovery

            WriteProcessMemory(length ? ar.LengthAddress : ar.Address, new byte[] { send ? (length ? m_OrSCode2 : m_OrSCode) : (length ?  m_OrRCode2 : m_OrRCode) });
            m_ContextBuffer.Eip--;
            m_ContextBuffer.EFlags |= 0x100;             // Single step

            SetThreadContext(hThread, ref m_ContextBuffer);
            ContinueDebugEvent(threadId);

            if (!NativeMethods.WaitForDebugEvent(ref m_DEventBuffer, uint.MaxValue))
            {
                throw new Win32Exception();
            }

            WriteProcessMemory(length ? ar.LengthAddress : ar.Address, BreakCode);

            GetThreadContext(hThread, ref m_ContextBuffer);
            m_ContextBuffer.EFlags &= ~0x100u;             // End single step
            SetThreadContext(hThread, ref m_ContextBuffer);

            #endregion

            NativeMethods.CloseHandle(hThread);

            ContinueDebugEvent(threadId);

            if (length && handle)
            {
                m_PacketHandler(data, send);
            }
        }
Esempio n. 9
0
        private void SpyPacket(uint threadId, bool send)
        {
            IntPtr hThread = NativeMethods.OpenThread(NativeMethods.DesiredAccessThread.THREAD_GET_CONTEXT | NativeMethods.DesiredAccessThread.THREAD_SET_CONTEXT | NativeMethods.DesiredAccessThread.THREAD_QUERY_INFORMATION, false, threadId);

            GetThreadContext(hThread);

            AddressAndRegisters ar = send ? m_Send : m_Recv;

            uint dataAddress = GetContextRegister(ar.AddressRegister);
            uint dataLength  = GetContextRegister(ar.LengthRegister) & 0xFFFF;

            byte[] data = null;

            if (m_Enhanced)
            {
                data = ReadProcessMemory(dataAddress + 4, 8);

                using (MemoryStream stream = new MemoryStream(data))
                {
                    using (BinaryReader reader = new BinaryReader(stream))
                    {
                        uint start  = reader.ReadUInt32();
                        uint length = reader.ReadUInt32() - start;

                        data = ReadProcessMemory(start, length);
                    }
                }
            }
            else
            {
                data = ReadProcessMemory(dataAddress, dataLength);
            }

            #region Breakpoint Recovery

            WriteProcessMemory(ar.Address, new byte[] { send?m_OrSCode: m_OrRCode });

            if (SystemInfo.IsX64)
            {
                m_X64ContextBuffer.Eip--;
                m_X64ContextBuffer.EFlags |= 0x100;                 // Single step
            }
            else
            {
                m_ContextBuffer.Eip--;
                m_ContextBuffer.EFlags |= 0x100;                 // Single step
            }

            SetThreadContext(hThread);
            ContinueDebugEvent(threadId);

            if (!NativeMethods.WaitForDebugEvent(ref m_DEventBuffer, 2500))
            {
                throw new Win32Exception();
            }

            WriteProcessMemory(ar.Address, BreakCode);

            GetThreadContext(hThread);

            if (SystemInfo.IsX64)
            {
                m_X64ContextBuffer.EFlags &= ~0x100u;                 //  End single step
            }
            else
            {
                m_ContextBuffer.EFlags &= ~0x100u;                 // End single step
            }
            SetThreadContext(hThread);

            #endregion

            NativeMethods.CloseHandle(hThread);

            ContinueDebugEvent(threadId);

            if (data != null)
            {
                m_PacketHandler(data, send);
            }
        }