public ContextManager(String name, Logger loggerInstance, Specifics specificsInstance, Func<ContextManager, int, Win32Imports.ContextX64, bool, ContextTracer.TraceReturn> breakPointCallBack, ImportResolver importResolver) { LoggerInstance = loggerInstance; BreakPointCallBack = breakPointCallBack; _importResolver = importResolver; setDebugPrivilege(); CurrentProcess = DebugProcessUtils.GetFirstProcessByName(name); foreach (ProcessThread thread in CurrentProcess.Threads) { loggerInstance.WriteLine($"main thread: {thread.Id}"); break; } SpecificsInstance = specificsInstance; Console.WriteLine("debugger"); Console.WriteLine("pid: " + CurrentProcess.Id); #if RestartEachTime // Attach to the process we provided the thread as an argument if (!Win32Imports.DebugActiveProcess(CurrentProcess.Id)) { throw new Win32Exception(); } if (!Win32Imports.DebugSetProcessKillOnExit(false)) { throw new Win32Exception(); } ClearEvents(); }
public static void Main() { var process = DebugProcessUtils.GetFirstProcessByName(Specifics.ProcessName); // ReSharper disable once UnusedVariable using (var logger = new Logger(Specifics.LogName, Specifics.LogNameLatest)) { ImportResolver ir = new ImportResolver(process); ir.DumpDebug(); var matches = MemScan.LookForByteArray(process, ir, Specifics.StartAddressBytes); foreach (var match in matches) { Console.WriteLine($"byte array match at: 0x{match:X}"); } if (matches.Count != 1) { return; } MemScan.MemModuleScan(process, ir); // TraceMain(process, ir, matches, logger); } }
public static void DoIt() { var name = Specifics.ProcessName; var address = Specifics.StartAddress; var process = DebugProcessUtils.GetFirstProcessByName(name); using (Form form = new Form()) { form.Text = "Inspector"; form.Size = new Size(600, 1080); var table = new DataGridView(); var bindingSource = new BindingSource(); table.DataSource = bindingSource; var infoTable = new DataGridView(); var infoSource = new BindingSource(); infoTable.DataSource = infoSource; var formClosed = false; var cleanupFinished = false; var splitter = new Splitter(); infoTable.Dock = DockStyle.Left; splitter.Dock = DockStyle.Left; table.Dock = DockStyle.Fill; form.Controls.AddRange(new Control[] { table, splitter, infoTable }); Console.CancelKeyPress += delegate(object sender, ConsoleCancelEventArgs e) { e.Cancel = true; //form.Close(); }; var progress = new Progress <List <ContextManager.ThreadData> >( (contexts) => { AddContexts(bindingSource, contexts); } ); IProgress <ContextManager.Info> infoProgress = new Progress <ContextManager.Info>( (info) => { UpdateInfo(infoSource, info); } ); var specifics = new Specifics(); Task.Factory.StartNew( () => { var logName = Specifics.LogName; var logName2 = Specifics.LogNameLatest; using (var logFile = new Logger(logName, logName2)) { ContextManager cg = null; logFile.WriteLine(""); logFile.WriteLine("STARTING INSPECTOR"); try { var importResolver = new ImportResolver(process); importResolver.DumpDebug(); var logContext = new ContextTracer(importResolver); var logFile2 = logFile; cg = new ContextManager(name, logFile, specifics, (cm, threadId, context, trace) => { Debug.Assert(logFile2 != null, "logFile2 != null"); return(logContext.Log(cm, logFile2, process, threadId, context, trace)); }, importResolver); //if (File.Exists(Specifics.appStateFileName)) { //SaveAndRestore.Restore(Specifics.appStateFileName, cg); //} else { cg.EnableBreakPoint(importResolver.ResolveRelativeAddress(address), new ContextManager.BreakPointInfo { Description = "starting breakpoint" }); //} cg.AntiAntiDebug(); /*try { * cg.InstallBreakPoint(address); * } catch (InvalidOperationException e) { * Console.WriteLine($"Failed to install break points: {e.ToString()}"); * }*/ while (!formClosed) { logFile.WriteLine("main debugger loop"); cg.CurrentProcess = DebugProcessUtils.GetFirstProcessByName(cg.CurrentProcess.ProcessName); cg.TestBreak(); Update(cg, progress); infoProgress.Report(cg.CurrentInfo); SaveAndRestore.Save(Specifics.AppStateFileName, cg); Task.Delay(Specifics.MainLoopDelay).Wait(); } } catch (Exception e) { Console.WriteLine($"Exception: {e.Message}"); Console.WriteLine(e.StackTrace); logFile.WriteLine($"Exception: {e.Message}"); logFile.WriteLine(e.StackTrace); } // cleanup Console.WriteLine("cleaning up"); SaveAndRestore.Save(Specifics.AppStateFileName, cg); cg?.Stop(); cleanupFinished = true; } }, TaskCreationOptions.LongRunning ); /*Task.Factory.StartNew( * () => { * while (true) { * cg.ResumeEvents(); * } * }, * TaskCreationOptions.LongRunning * );*/ form.FormClosing += (sender, e) => { Console.WriteLine("form closing"); formClosed = true; while (!cleanupFinished) { Console.WriteLine("waiting for cleanup"); Task.Delay(1000).Wait(); } }; form.ShowDialog(); } }