コード例 #1
0
 /// <summary>
 /// Constructor.
 /// </summary>
 /// <param name="debug_event">The current debug event.</param>
 /// <param name="debug">The debug port associated with this event.</param>
 protected DebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
 {
     ProcessId = debug_event.AppClientId.UniqueProcess.ToInt32();
     ThreadId  = debug_event.AppClientId.UniqueThread.ToInt32();
     State     = debug_event.NewState;
     _debug    = debug;
 }
コード例 #2
0
        internal static DebugEvent FromDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
        {
            switch (debug_event.NewState)
            {
            case DbgState.CreateProcessStateChange:
                return(new CreateProcessDebugEvent(debug_event, debug));

            case DbgState.CreateThreadStateChange:
                return(new CreateThreadDebugEvent(debug_event, debug));

            case DbgState.BreakpointStateChange:
            case DbgState.ExceptionStateChange:
            case DbgState.SingleStepStateChange:
                return(new ExceptionDebugEvent(debug_event, debug));

            case DbgState.ExitProcessStateChange:
                return(new ExitProcessDebugEvent(debug_event, debug));

            case DbgState.ExitThreadStateChange:
                return(new ExitThreadDebugEvent(debug_event, debug));

            case DbgState.LoadDllStateChange:
                return(new LoadDllDebugEvent(debug_event, debug));

            case DbgState.UnloadDllStateChange:
                return(new UnloadDllDebugEvent(debug_event, debug));

            default:
                return(new UnknownDebugEvent(debug_event, debug));
            }
        }
コード例 #3
0
        internal ExceptionDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
            : base(debug_event, debug)
        {
            var info = debug_event.StateInfo.Exception;

            FirstChance = info.FirstChance != 0;
            var exp = info.ExceptionRecord;

            Code        = exp.ExceptionCode;
            Flags       = exp.ExceptionFlags;
            RecordChain = exp.ExceptionRecordChain.ToInt64();
            Address     = exp.ExceptionAddress.ToInt64();
            List <long> ps = new List <long>
            {
                exp.ExceptionInformation0.ToInt64(),
                        exp.ExceptionInformation1.ToInt64(),
                        exp.ExceptionInformation2.ToInt64(),
                        exp.ExceptionInformation3.ToInt64(),
                        exp.ExceptionInformation4.ToInt64(),
                        exp.ExceptionInformation5.ToInt64(),
                        exp.ExceptionInformation6.ToInt64(),
                        exp.ExceptionInformation7.ToInt64(),
                        exp.ExceptionInformation8.ToInt64(),
                        exp.ExceptionInformation9.ToInt64(),
                        exp.ExceptionInformationA.ToInt64(),
                        exp.ExceptionInformationB.ToInt64(),
                        exp.ExceptionInformationC.ToInt64(),
                        exp.ExceptionInformationD.ToInt64(),
                        exp.ExceptionInformationE.ToInt64()
            };

            ps.RemoveRange(exp.NumberParameters, ps.Count - exp.NumberParameters);
            Parameters = ps.AsReadOnly();
        }
コード例 #4
0
        internal UnloadDllDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
            : base(debug_event, debug)
        {
            var info = debug_event.StateInfo.UnloadDll;

            BaseAddress = info.BaseAddress.ToInt64();
        }
コード例 #5
0
        internal LoadDllDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
            : base(debug_event, debug)
        {
            var info = debug_event.StateInfo.LoadDll;

            File                = info.FileHandle == IntPtr.Zero ? null : NtFile.FromHandle(info.FileHandle);
            BaseOfDll           = info.BaseOfDll.ToInt64();
            DebugInfoFileOffset = info.DebugInfoFileOffset;
            DebugInfoSize       = info.DebugInfoSize;
            NamePointer         = info.NamePointer.ToInt64();
        }
コード例 #6
0
        internal CreateThreadDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
            : base(debug_event, debug)
        {
            var info = debug_event.StateInfo.CreateThread;

            Thread = info.HandleToThread == IntPtr.Zero ? null : NtThread.FromHandle(info.HandleToThread);
            var thread = info.NewThread;

            ThreadSubSystemKey = thread.SubSystemKey;
            ThreadStartAddress = thread.StartAddress.ToInt64();
        }
コード例 #7
0
        internal CreateProcessDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
            : base(debug_event, debug)
        {
            var info = debug_event.StateInfo.CreateProcess;

            Process = info.HandleToProcess == IntPtr.Zero ? null : NtProcess.FromHandle(info.HandleToProcess);
            Thread  = info.HandleToThread == IntPtr.Zero ? null : NtThread.FromHandle(info.HandleToThread);
            var new_proc = info.NewProcess;

            ProcessSubSystemKey = new_proc.SubSystemKey;
            File                = new_proc.FileHandle == IntPtr.Zero ? null : NtFile.FromHandle(new_proc.FileHandle);
            BaseOfImage         = new_proc.BaseOfImage.ToInt64();
            DebugInfoFileOffset = new_proc.DebugInfoFileOffset;
            DebugInfoSize       = new_proc.DebugInfoSize;
            var thread = new_proc.InitialThread;

            ThreadSubSystemKey = thread.SubSystemKey;
            ThreadStartAddress = thread.StartAddress.ToInt64();
        }
コード例 #8
0
 internal UnknownDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
     : base(debug_event, debug)
 {
     DebugEvent = debug_event;
 }
コード例 #9
0
 internal ExitProcessDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
     : base(debug_event, debug)
 {
     ExitStatus = debug_event.StateInfo.ExitProcess.ExitStatus;
 }