コード例 #1
0
        int IDebugEventCallbacksWide.CreateThread(ulong Handle, ulong DataOffset, ulong StartOffset)
        {
            uint id, tid, pindex, pid;

            SystemObjects.GetCurrentProcessId(out pindex);
            SystemObjects.GetCurrentThreadId(out id);
            SystemObjects.GetCurrentProcessSystemId(out pid);
            SystemObjects.GetCurrentThreadSystemId(out tid);
            Debug.Assert(tid > 0 && pid > 0);

            var process = _processes.First(p => p.PID == pid);

            var thread = new TargetThread(process)
            {
                Index        = id,
                TID          = tid,
                StartAddress = StartOffset,
                Teb          = DataOffset,
                Handle       = Handle,
                ProcessIndex = pindex
            };

            process.AddThread(thread);

            OnThreadCreated(new ThreadCreatedEventArgs(thread, process));

            return((int)DEBUG_STATUS.NO_CHANGE);
        }
コード例 #2
0
        int IDebugEventCallbacksWide.CreateProcess(ulong ImageFileHandle, ulong Handle, ulong BaseOffset, uint ModuleSize, string ModuleName, string ImageName,
                                                   uint CheckSum, uint TimeDateStamp, ulong InitialThreadHandle, ulong ThreadDataOffset, ulong StartOffset)
        {
            Debug.WriteLine("IDebugEventCallbacksWide.CreateProcess");

            uint id;

            SystemObjects.GetCurrentProcessId(out id);
            ulong peb;

            SystemObjects.GetCurrentProcessPeb(out peb);
            uint pid;

            SystemObjects.GetCurrentProcessSystemId(out pid);

            var process = new TargetProcess {
                PID        = pid,
                hProcess   = Handle,
                hFile      = ImageFileHandle,
                BaseOffset = BaseOffset,
                ModuleSize = ModuleSize,
                ImageName  = ImageName,
                TimeStamp  = DateTime.FromFileTime(TimeDateStamp),
                ModuleName = ModuleName,
                Index      = (int)id,
                Peb        = peb
            };

            _processes.Add(process);

            OnProcessCreated(process);

            uint tindex, tid;

            SystemObjects.GetCurrentThreadId(out tindex);
            SystemObjects.GetCurrentThreadSystemId(out tid);
            var thread = new TargetThread(process)
            {
                Index        = tindex,
                TID          = tid,
                StartAddress = StartOffset,
                Teb          = ThreadDataOffset,
                Handle       = InitialThreadHandle,
                ProcessIndex = id
            };

            process.AddThread(thread);

            OnThreadCreated(new ThreadCreatedEventArgs(thread, process));

            return((int)DEBUG_STATUS.NO_CHANGE);
        }
コード例 #3
0
        int IDebugEventCallbacksWide.ExitThread(uint ExitCode)
        {
            uint id, pindex, tid, pid;

            SystemObjects.GetCurrentThreadId(out id);
            SystemObjects.GetCurrentProcessId(out pindex);
            SystemObjects.GetCurrentProcessSystemId(out pid);
            SystemObjects.GetCurrentThreadSystemId(out tid);

            var process = _processes.First(p => p.PID == pid);
            var thread  = process.Threads.First(t => t.TID == tid);

            thread.ExitCode = ExitCode;

            process.RemoveThread(thread);

            OnThreadExited(new ThreadExitedEventArgs(thread, process));

            return((int)DEBUG_STATUS.NO_CHANGE);
        }