public DebugThread(DebugProcess owner, IntPtr handle, uint threadId, IntPtr startAddress, IntPtr threadBase)
{
this.OwnerProcess = owner;
this.Handle = handle;
this.Id = threadId;
this.StartAddress = startAddress;
this.ThreadBase = threadBase;
this.Context = new DebugThreadContext(this);
}
public DebugThread(DebugProcess owner, IntPtr handle, uint threadId, IntPtr startAddress, IntPtr threadBase)
{
this.OwnerProcess = owner;
this.Handle = handle;
this.Id = threadId;
this.StartAddress = startAddress;
this.ThreadBase = threadBase;
this.Context = new DebugThreadContext(this);
}
internal Debuggee(string executable,
IntPtr procHandle, uint procId,
IntPtr mainThreadHandle, uint mainThreadId,
ExecutableMetaInfo emi = null)
{
// Note: The CodeView information extraction will be done per module, i.e. when the module/process is loaded into the memory.
Memory = new MemoryManagement(this);
Breakpoints = new BreakpointManagement(this);
CodeStepping = new Stepping(this);
var mProc = new DebugProcess(this, executable, procHandle, procId, mainThreadHandle, mainThreadId, emi);
CurrentThread = mProc.MainThread;
processes.Add(mProc);
}
internal Debuggee(string executable,
IntPtr procHandle,uint procId,
IntPtr mainThreadHandle,uint mainThreadId,
ExecutableMetaInfo emi = null)
{
// Note: The CodeView information extraction will be done per module, i.e. when the module/process is loaded into the memory.
Memory = new MemoryManagement(this);
Breakpoints = new BreakpointManagement(this);
CodeStepping = new Stepping(this);
var mProc = new DebugProcess(this,executable, procHandle, procId, mainThreadHandle, mainThreadId, emi);
CurrentThread = mProc.MainThread;
processes.Add(mProc);
}
void HandleDebugEvent(DebugEventData de)
{
var p = ProcessById(de.dwProcessId);
var th = CurrentThread = p.ThreadById(de.dwThreadId);
switch (de.dwDebugEventCode)
{
case DebugEventCode.EXCEPTION_DEBUG_EVENT:
HandleException(th, de.Exception);
break;
case DebugEventCode.CREATE_PROCESS_DEBUG_EVENT:
var cpi = de.CreateProcessInfo;
if (MainProcess != null && de.dwProcessId == MainProcess.Id)
{
API.CloseHandle(cpi.hProcess);
API.CloseHandle(cpi.hThread);
API.CloseHandle(cpi.hFile);
foreach(var l in DDebugger.EventListeners)
l.OnCreateProcess(MainProcess);
break;
}
// After a new process was created (also occurs after initial WaitForDebugEvent()!!),
p = new DebugProcess(this,cpi, de.dwProcessId, de.dwThreadId);
API.CloseHandle(cpi.hFile);
// enlist it
processes.Add(p);
// and call the listeners
foreach (var l in DDebugger.EventListeners)
l.OnCreateProcess(p);
break;
case DebugEventCode.CREATE_THREAD_DEBUG_EVENT:
p = ProcessById(de.dwProcessId);
// Create new thread wrapper
th = CurrentThread = new DebugThread(p,
de.CreateThread.hThread,
de.dwThreadId,
de.CreateThread.lpStartAddress,
de.CreateThread.lpThreadLocalBase);
// Register it to main process
p.RegThread(th);
// Call listeners
foreach (var l in DDebugger.EventListeners)
l.OnCreateThread(th);
break;
case DebugEventCode.EXIT_PROCESS_DEBUG_EVENT:
foreach (var l in DDebugger.EventListeners)
l.OnProcessExit(p, de.ExitProcess.dwExitCode);
processes.Remove(p);
p.Dispose();
break;
case DebugEventCode.EXIT_THREAD_DEBUG_EVENT:
foreach (var l in DDebugger.EventListeners)
l.OnThreadExit(th, de.ExitThread.dwExitCode);
p.RemThread(th);
th.Dispose();
break;
case DebugEventCode.LOAD_DLL_DEBUG_EVENT:
var loadParam = de.LoadDll;
var modName = APIIntermediate.GetModulePath(p.Handle, loadParam.lpBaseOfDll, loadParam.hFile);
API.CloseHandle(loadParam.hFile);
var mod = new DebugProcessModule(loadParam.lpBaseOfDll, modName, ExecutableMetaInfo.ExtractFrom(modName));
p.RegModule(mod);
foreach (var l in DDebugger.EventListeners)
l.OnModuleLoaded(p, mod);
break;
case DebugEventCode.UNLOAD_DLL_DEBUG_EVENT:
mod = p.ModuleByBase(de.UnloadDll.lpBaseOfDll);
foreach (var l in DDebugger.EventListeners)
l.OnModuleUnloaded(p, mod);
p.RemModule(mod);
break;
case DebugEventCode.OUTPUT_DEBUG_STRING_EVENT:
var message = APIIntermediate.ReadString(p.Handle,
de.DebugString.lpDebugStringData,
de.DebugString.fUnicode == 0 ? Encoding.ASCII : Encoding.Unicode,
(int)de.DebugString.nDebugStringLength);
foreach (var l in DDebugger.EventListeners)
l.OnDebugOutput(th, message);
break;
}
}
void HandleDebugEvent(DebugEventData de)
{
var p = ProcessById(de.dwProcessId);
var th = CurrentThread = p.ThreadById(de.dwThreadId);
switch (de.dwDebugEventCode)
{
case DebugEventCode.EXCEPTION_DEBUG_EVENT:
HandleException(th, de.Exception);
break;
case DebugEventCode.CREATE_PROCESS_DEBUG_EVENT:
var cpi = de.CreateProcessInfo;
if (MainProcess != null && de.dwProcessId == MainProcess.Id)
{
API.CloseHandle(cpi.hProcess);
API.CloseHandle(cpi.hThread);
API.CloseHandle(cpi.hFile);
foreach (var l in DDebugger.EventListeners)
{
l.OnCreateProcess(MainProcess);
}
break;
}
// After a new process was created (also occurs after initial WaitForDebugEvent()!!),
p = new DebugProcess(this, cpi, de.dwProcessId, de.dwThreadId);
API.CloseHandle(cpi.hFile);
// enlist it
processes.Add(p);
// and call the listeners
foreach (var l in DDebugger.EventListeners)
{
l.OnCreateProcess(p);
}
break;
case DebugEventCode.CREATE_THREAD_DEBUG_EVENT:
p = ProcessById(de.dwProcessId);
// Create new thread wrapper
th = CurrentThread = new DebugThread(p,
de.CreateThread.hThread,
de.dwThreadId,
de.CreateThread.lpStartAddress,
de.CreateThread.lpThreadLocalBase);
// Register it to main process
p.RegThread(th);
// Call listeners
foreach (var l in DDebugger.EventListeners)
{
l.OnCreateThread(th);
}
break;
case DebugEventCode.EXIT_PROCESS_DEBUG_EVENT:
foreach (var l in DDebugger.EventListeners)
{
l.OnProcessExit(p, de.ExitProcess.dwExitCode);
}
processes.Remove(p);
p.Dispose();
break;
case DebugEventCode.EXIT_THREAD_DEBUG_EVENT:
foreach (var l in DDebugger.EventListeners)
{
l.OnThreadExit(th, de.ExitThread.dwExitCode);
}
p.RemThread(th);
th.Dispose();
break;
case DebugEventCode.LOAD_DLL_DEBUG_EVENT:
var loadParam = de.LoadDll;
var modName = APIIntermediate.GetModulePath(p.Handle, loadParam.lpBaseOfDll, loadParam.hFile);
API.CloseHandle(loadParam.hFile);
var mod = new DebugProcessModule(loadParam.lpBaseOfDll, modName, ExecutableMetaInfo.ExtractFrom(modName));
p.RegModule(mod);
foreach (var l in DDebugger.EventListeners)
{
l.OnModuleLoaded(p, mod);
}
break;
case DebugEventCode.UNLOAD_DLL_DEBUG_EVENT:
mod = p.ModuleByBase(de.UnloadDll.lpBaseOfDll);
foreach (var l in DDebugger.EventListeners)
{
l.OnModuleUnloaded(p, mod);
}
p.RemModule(mod);
break;
case DebugEventCode.OUTPUT_DEBUG_STRING_EVENT:
var message = APIIntermediate.ReadString(p.Handle,
de.DebugString.lpDebugStringData,
de.DebugString.fUnicode == 0 ? Encoding.ASCII : Encoding.Unicode,
(int)de.DebugString.nDebugStringLength);
foreach (var l in DDebugger.EventListeners)
{
l.OnDebugOutput(th, message);
}
break;
}
}
public override void OnProcessExit(DebugProcess process, uint exitCode)
{
form.eventLogBox.AppendText("Process exited with code 0x" + string.Format("{0,X}", exitCode));
}
public override void OnModuleUnloaded(DebugProcess mainProcess, DebugProcessModule module)
{
if (module != null)
form.Log(module.ImageFile + " unloaded (0x" + string.Format("{0,8:X}", module.ImageBase) + ")");
else
form.Log("Some module was unloaded");
}
public override void OnModuleLoaded(DebugProcess mainProcess, DebugProcessModule module)
{
form.Log(module.ImageFile+" loaded (0x"+string.Format("{0,8:X}",module.ImageBase)+")");
}
public override void OnCreateProcess(DebugProcess newProcess)
{
form.Log(
"Program " + newProcess.MainModule.ImageFile+" was launched\r\n"+
"\tPID #"+newProcess.Id);
form.list_AvailableSources.Clear();
if (newProcess.MainModule.ContainsSymbolData)
{
foreach (var section in newProcess.MainModule.ModuleMetaInfo.CodeViewSection.Data.SubsectionDirectory.Sections)
if(section is sstSrcModule)
{
var srcModule = (sstSrcModule)section;
foreach (var f in srcModule.FileInfo)
form.list_AvailableSources.Items.Add(new ListViewItem(f.SourceFileName) {
Tag = f
});
}
}
}
public Breakpoint(DebugProcess proc, IntPtr breakpointAddress)
{
this.Owner = proc;
this.Address = breakpointAddress;
}
public virtual void OnCreateProcess(DebugProcess newProcess)
{
}
public virtual void OnModuleUnloaded(DebugProcess mainProcess, DebugProcessModule module)
{
}
public virtual void OnProcessExit(DebugProcess process, uint exitCode)
{
}
public virtual void OnCreateProcess(DebugProcess newProcess)
{
}
public virtual void OnProcessExit(DebugProcess process, uint exitCode)
{
}
public virtual void OnModuleUnloaded(DebugProcess mainProcess, DebugProcessModule module)
{
}