int IDebugEventCallbacksWide.LoadModule(ulong ImageFileHandle, ulong BaseOffset, uint ModuleSize, string ModuleName, string ImageName, uint CheckSum, uint TimeDateStamp) { uint id, pid; SystemObjects.GetCurrentProcessId(out id); SystemObjects.GetCurrentProcessSystemId(out pid); var module = new TargetModule(Processes.First(p => p.PID == pid)) { ImageName = ImageName, Name = ModuleName, BaseAddress = BaseOffset, Size = ModuleSize, TimeStamp = TimeDateStamp, Handle = ImageFileHandle, ProcessIndex = id, PID = pid }; var process = _processes.First(p => p.PID == pid); process.AddModule(module); OnModuleLoaded(new ModuleEventArgs(process, module)); return((int)DEBUG_STATUS.NO_CHANGE); }
int IDebugEventCallbacksWide.CreateThread(ulong Handle, ulong DataOffset, ulong StartOffset) { uint id, tid, pindex, pid; SystemObjects.GetCurrentProcessId(out pindex); SystemObjects.GetCurrentThreadId(out id); SystemObjects.GetCurrentProcessSystemId(out pid); SystemObjects.GetCurrentThreadSystemId(out tid); Debug.Assert(tid > 0 && pid > 0); var process = _processes.First(p => p.PID == pid); var thread = new TargetThread(process) { Index = id, TID = tid, StartAddress = StartOffset, Teb = DataOffset, Handle = Handle, ProcessIndex = pindex }; process.AddThread(thread); OnThreadCreated(new ThreadCreatedEventArgs(thread, process)); return((int)DEBUG_STATUS.NO_CHANGE); }
public TargetProcess GetCurrentProcess() { return(RunAsync(() => { uint id; SystemObjects.GetCurrentProcessSystemId(out id); return _processes.First(p => p.PID == id); }).Result); }
int IDebugEventCallbacksWide.CreateProcess(ulong ImageFileHandle, ulong Handle, ulong BaseOffset, uint ModuleSize, string ModuleName, string ImageName, uint CheckSum, uint TimeDateStamp, ulong InitialThreadHandle, ulong ThreadDataOffset, ulong StartOffset) { Debug.WriteLine("IDebugEventCallbacksWide.CreateProcess"); uint id; SystemObjects.GetCurrentProcessId(out id); ulong peb; SystemObjects.GetCurrentProcessPeb(out peb); uint pid; SystemObjects.GetCurrentProcessSystemId(out pid); var process = new TargetProcess { PID = pid, hProcess = Handle, hFile = ImageFileHandle, BaseOffset = BaseOffset, ModuleSize = ModuleSize, ImageName = ImageName, TimeStamp = DateTime.FromFileTime(TimeDateStamp), ModuleName = ModuleName, Index = (int)id, Peb = peb }; _processes.Add(process); OnProcessCreated(process); uint tindex, tid; SystemObjects.GetCurrentThreadId(out tindex); SystemObjects.GetCurrentThreadSystemId(out tid); var thread = new TargetThread(process) { Index = tindex, TID = tid, StartAddress = StartOffset, Teb = ThreadDataOffset, Handle = InitialThreadHandle, ProcessIndex = id }; process.AddThread(thread); OnThreadCreated(new ThreadCreatedEventArgs(thread, process)); return((int)DEBUG_STATUS.NO_CHANGE); }
int IDebugEventCallbacksWide.UnloadModule(string ImageBaseName, ulong BaseOffset) { uint id, pid; SystemObjects.GetCurrentProcessId(out id); SystemObjects.GetCurrentProcessSystemId(out pid); var process = _processes.First(p => p.PID == pid); var module = process.Modules.First(m => m.BaseAddress == BaseOffset); process.RemoveModule(module); OnModuleUnloaded(new ModuleEventArgs(process, module)); return((int)DEBUG_STATUS.NO_CHANGE); }
int IDebugEventCallbacksWide.ExitProcess(uint ExitCode) { Debug.WriteLine("IDebugEventCallbacksWide.ExitProcess"); uint pid; SystemObjects.GetCurrentProcessSystemId(out pid); var process = _processes.First(p => p.PID == pid); process.ExitCode = ExitCode; OnProcessExited(new ProcessExitedEventArgs(process)); UpdateStatus(); return((int)DEBUG_STATUS.NO_CHANGE); }
int IDebugEventCallbacksWide.ExitThread(uint ExitCode) { uint id, pindex, tid, pid; SystemObjects.GetCurrentThreadId(out id); SystemObjects.GetCurrentProcessId(out pindex); SystemObjects.GetCurrentProcessSystemId(out pid); SystemObjects.GetCurrentThreadSystemId(out tid); var process = _processes.First(p => p.PID == pid); var thread = process.Threads.First(t => t.TID == tid); thread.ExitCode = ExitCode; process.RemoveThread(thread); OnThreadExited(new ThreadExitedEventArgs(thread, process)); return((int)DEBUG_STATUS.NO_CHANGE); }