// UI thread void OnProcessChanged_UI(DbgProcess newProcess) { uiDispatcher.VerifyAccess(); if (disposed) { Debug.Assert(process == null); Debug.Assert(runtimes.Count == 0); Debug.Assert(moduleReferences.Count == 0); Debug.Assert(!hexBufferFileService.Files.Any()); return; } if (process != null) { process.RuntimesChanged -= Process_RuntimesChanged; } foreach (var r in runtimes) { r.ModulesChanged -= DbgRuntime_ModulesChanged; } runtimes.Clear(); moduleReferences.Clear(); hexBufferFileService.RemoveAllFiles(); addedModules.Clear(); process = newProcess; if (newProcess != null) { newProcess.DbgManager.Dispatcher.BeginInvoke(() => OnNewProcess_DbgThread(newProcess)); } }
void DbgManager_DelayedIsRunningChanged(object sender, EventArgs e) { var process = currentProcess; currentProcess = null; // Ignore it the first time because the OS will give the debugged process focus if (ignoreSetForeground) { return; } if (process == null) { process = ((DbgManager)sender).Processes.FirstOrDefault(a => a.State == DbgProcessState.Running); } // Fails if the process hasn't been created yet (eg. the engine hasn't connected to the process yet) if (process == null) { return; } try { using (var p = Process.GetProcessById((int)process.Id)) { var hWnd = p.MainWindowHandle; if (hWnd != IntPtr.Zero) { NativeMethods.SetForegroundWindow(hWnd); } } } catch { } }
void DbgManager_ProcessesChanged(object sender, DbgCollectionChangedEventArgs <DbgProcess> e) { if (!e.Added && e.Objects.Contains(currentProcess)) { currentProcess = null; } }
public static bool TryGetModuleAddressAndSize(DbgProcess process, string moduleFilename, out ulong imageAddr, out uint imageSize) { //TODO: mono maps the files as data, use Win32 funcs to find all mapped files imageAddr = 0; imageSize = 0; return(false); }
public static bool TryGetSizeOfImage(DbgProcess process, ulong address, bool isFileLayout, out uint imageSize) { imageSize = 0; try { var buffer = new byte[0x2000]; process.ReadMemory(address, buffer, 0, buffer.Length); if (BitConverter.ToUInt16(buffer, 0) != 0x5A4D) { return(false); } using (var peImage = new PEImage(buffer, null, isFileLayout ? ImageLayout.File : ImageLayout.Memory, verify: true)) { ulong length = GetImageSize(peImage); Debug.Assert(length <= uint.MaxValue); if (length > uint.MaxValue) { return(false); } imageSize = (uint)length; return(true); } } catch (BadImageFormatException) { return(false); } catch (IOException) { return(false); } catch (Exception ex) { Debug.Fail(ex.ToString()); return(false); } }
public override void Execute(IMenuItemContext context) { parent.settings.AddRecentInjection(injectionArguments); DbgProcess proc = parent.CurrentProcess; parent.injector.Inject(proc.Id, injectionArguments, proc.Bitness == 32, proc.Runtimes.First().GetRuntimeType()); }
public ModuleInfo(DbgProcess process, ulong addr, int size, string filename, DbgImageLayout imageLayout) { Process = process; Address = addr; Size = size; Filename = filename; ImageLayout = imageLayout; }
public ManagedDebuggerPatcherX86(DbgNativeFunctionHookContext context, DbgCorDebugInternalRuntime runtime) { if (context == null) { throw new ArgumentNullException(nameof(context)); } process = context.Process; this.runtime = runtime ?? throw new ArgumentNullException(nameof(runtime)); }
public ProcessMemoryBlockAllocator(DbgProcess process) { this.process = process; allocatedMemory = new List <ProcessMemoryBlockImpl>(); hProcess = NativeMethods.OpenProcess(NativeMethods.PROCESS_ALL_ACCESS, false, (uint)process.Id); if (hProcess == IntPtr.Zero || hProcess == (IntPtr)(-1)) { throw new DbgHookException($"Couldn't open process {process.Id} ({process.Name})"); } }
public void SetUnderlyingStream(HexBufferStream stream, DbgProcess process) { if (Process == process && DebuggerHexBufferStream.UnderlyingStream == stream) { return; } Process = process; DebuggerHexBufferStream.UnderlyingStream = stream; UnderlyingStreamChanged?.Invoke(this, EventArgs.Empty); UnderlyingProcessChanged?.Invoke(this, EventArgs.Empty); }
private void DbgManager_CurrentProcessChanged(object sender, DbgCurrentObjectChangedEventArgs <DbgProcess> e) { if (!e.CurrentChanged) { return; } var newProcess = ((DbgManager)sender).CurrentProcess.Current; if (!(newProcess is null)) { currentProcess = newProcess; } }
public static bool TryGetInternalRuntime(DbgProcess process, [NotNullWhenTrue] out DbgCorDebugInternalRuntime?runtime) { runtime = null; var dbgRuntime = process.Runtimes.FirstOrDefault(); Debug.Assert(!(dbgRuntime is null)); if (dbgRuntime is null) { return(false); } runtime = dbgRuntime.InternalRuntime as DbgCorDebugInternalRuntime; return(!(runtime is null)); }
static bool TryGetInternalRuntime(DbgProcess process, out DbgMonoDebugInternalRuntime runtime) { runtime = null; var dbgRuntime = process.Runtimes.FirstOrDefault(); Debug.Assert(dbgRuntime != null); if (dbgRuntime == null) { return(false); } runtime = dbgRuntime.InternalRuntime as DbgMonoDebugInternalRuntime; return(runtime != null); }
static bool TryGetInternalRuntime(DbgProcess process, [NotNullWhen(true)] out DbgMonoDebugInternalRuntime?runtime) { runtime = null; var dbgRuntime = process.Runtimes.FirstOrDefault(); Debug2.Assert(dbgRuntime is not null); if (dbgRuntime is null) { return(false); } runtime = dbgRuntime.InternalRuntime as DbgMonoDebugInternalRuntime; return(runtime is not null); }
void SetCurrentProcess(DbgProcess process) { if (currentProcess == process) { return; } if (currentProcess != null) { currentProcess.IsRunningChanged -= DbgProcess_IsRunningChanged; } currentProcess = process; if (process != null) { process.IsRunningChanged += DbgProcess_IsRunningChanged; } }
public static T Write <T>(this T output, DbgProcess process, bool useHex) where T : ITextColorWriter { output.Write(BoxedTextColor.Punctuation, "["); if (useHex) { output.Write(BoxedTextColor.Number, "0x" + process.Id.ToString("X")); } else { output.Write(BoxedTextColor.Number, process.Id.ToString()); } output.Write(BoxedTextColor.Punctuation, "]"); output.WriteSpace(); output.WriteFilename(process.Name); return(output); }
void HookFuncs(DbgProcess process) { var key = new Key(process.Machine, process.OperatingSystem); if (!toHooks.TryGetValue(key, out var hooks)) { return; } var hookedFuncs = new HashSet <(string dll, string function)>(); var errors = new List <string>(); using (var context = new DbgNativeFunctionHookContextImpl(process)) { foreach (var lz in hooks) { var id = (lz.Metadata.Dll, lz.Metadata.Function); if (hookedFuncs.Contains(id)) { continue; } if (!lz.Value.IsEnabled(context)) { continue; } hookedFuncs.Add(id); string errorMessage = null; try { lz.Value.Hook(context, out errorMessage); } catch (DbgHookException ex) { errorMessage = ex.Message ?? "???"; } if (errorMessage != null) { errors.Add($"{lz.Metadata.Dll}!{lz.Metadata.Function}: {errorMessage}"); } } context.Write(); } if (errors.Count != 0) { var msg = "Couldn't patch debugger detection functions:\n\t" + string.Join("\n\t", errors.ToArray()); Debug.Fail(msg); process.DbgManager.WriteMessage(msg); } }
void UpdateCurrentThreadProcess_DbgThread(DbgProcess process) { dbgManager.Dispatcher.VerifyAccess(); if (currentThreadProcess == process) { return; } if (currentThreadProcess != null) { currentThreadProcess.IsRunningChanged -= DbgProcess_IsRunningChanged; } currentThreadProcess = process; if (process != null) { process.IsRunningChanged += DbgProcess_IsRunningChanged; } }
public DbgRuntimeImpl(DbgManagerImpl owner, DbgProcess process, DbgEngine engine) { lockObj = new object(); this.owner = owner ?? throw new ArgumentNullException(nameof(owner)); Process = process ?? throw new ArgumentNullException(nameof(process)); Engine = engine ?? throw new ArgumentNullException(nameof(engine)); var info = engine.RuntimeInfo; Id = info.Id; Guid = info.Guid; RuntimeKindGuid = info.RuntimeKindGuid; Name = info.Name; Tags = info.Tags; appDomains = new List <DbgAppDomain>(); modules = new List <DbgModule>(); threads = new List <DbgThreadImpl>(); closeOnContinueList = new List <DbgObject>(); InternalRuntime = engine.CreateInternalRuntime(this) ?? throw new InvalidOperationException(); }
// DbgThread void OnNewProcess_DbgThread(DbgProcess newProcess) { newProcess.DbgManager.Dispatcher.VerifyAccess(); if (process != newProcess) { return; } newProcess.RuntimesChanged += Process_RuntimesChanged; var runtimes = newProcess.Runtimes; UI(() => { if (process != newProcess) { newProcess.RuntimesChanged -= Process_RuntimesChanged; } else { Process_RuntimesChanged_UI(runtimes, added: true); } }); }
public unsafe DbgRawMetadataImpl(DbgProcess process, bool isFileLayout, ulong moduleAddress, int moduleSize) { lockObj = new object(); referenceCounter = 1; this.isFileLayout = isFileLayout; size = moduleSize; isProcessMemory = true; try { // Prevent allocation on the LOH. We'll also be able to free the memory as soon as it's not needed. address = NativeMethods.VirtualAlloc(IntPtr.Zero, new IntPtr(moduleSize), NativeMethods.MEM_COMMIT, NativeMethods.PAGE_READWRITE); if (address == IntPtr.Zero) { throw new OutOfMemoryException(); } process.ReadMemory(moduleAddress, (byte *)address.ToPointer(), size); (metadataAddress, metadataSize) = GetMetadataInfo(); } catch { Dispose(); throw; } }
public unsafe DbgRawMetadataImpl(DbgProcess process, bool isFileLayout, ulong moduleAddress, int moduleSize) { lockObj = new object(); referenceCounter = 1; this.isFileLayout = isFileLayout; size = moduleSize; try { // Prevent allocation on the LOH. We'll also be able to free the memory as soon as it's not needed. address = NativeMethods.VirtualAlloc(IntPtr.Zero, new IntPtr(moduleSize), NativeMethods.MEM_COMMIT, NativeMethods.PAGE_READWRITE); if (address == IntPtr.Zero) { throw new OutOfMemoryException(); } process.ReadMemory(moduleAddress, (byte *)address.ToPointer(), size); try { var peImage = new PEImage(address, size, isFileLayout ? ImageLayout.File : ImageLayout.Memory, true); var dotNetDir = peImage.ImageNTHeaders.OptionalHeader.DataDirectories[14]; if (dotNetDir.VirtualAddress != 0 && dotNetDir.Size >= 0x48) { var cor20 = new ImageCor20Header(peImage.CreateStream(dotNetDir.VirtualAddress, 0x48), true); var mdStart = (long)peImage.ToFileOffset(cor20.MetaData.VirtualAddress); metadataAddress = new IntPtr((byte *)address + mdStart); metadataSize = (int)cor20.MetaData.Size; } } catch (Exception ex) when(ex is IOException || ex is BadImageFormatException) { Debug.Fail("Couldn't read .NET metadata"); } } catch { Dispose(); throw; } }
public bool IsProcessSupported(DbgProcess process, out string?reason) { if (process is null) { reason = "no process found"; return(false); } if (process.OperatingSystem != DbgOperatingSystem.Windows) { reason = "Windows only"; return(false); } if (process.Architecture != DbgArchitecture.X86 && process.Architecture != DbgArchitecture.X64) { reason = "x86 and x64 only"; return(false); } var runtimeType = process.Runtimes.First().GetRuntimeType(); var rtSupported = runtimeType switch { RuntimeType.FrameworkV2 => true, RuntimeType.FrameworkV4 => true, _ => false, }; if (!rtSupported) { reason = $"Unsupported runtime '{process.Runtimes.First().Name}'"; return(false); } reason = null; return(true); }
public ProcessInfo(DbgProcess process, HexCachedBufferStream stream, SafeProcessHandle processHandle) { Process = process ?? throw new ArgumentNullException(nameof(process)); Stream = stream ?? throw new ArgumentNullException(nameof(stream)); ProcessHandle = processHandle; }
public DbgNativeFunctionHookContextImpl(DbgProcess process) { Process = process ?? throw new ArgumentNullException(nameof(process)); processMemoryBlockAllocator = new ProcessMemoryBlockAllocator(process); functionProvider = new DbgHookedNativeFunctionProviderImpl(process, processMemoryBlockAllocator); }
protected PatcherX86(DbgNativeFunctionHookContext context) { process = context.Process; functionProvider = context.FunctionProvider; nextBranchTargetId = ulong.MaxValue; }
public DocKey(DbgProcess process, ulong address) { this.process = process ?? throw new ArgumentNullException(nameof(process)); this.address = address; }
public void Initialize(DbgProcess process, ulong address) { process.ReadMemory(address, data); dataIndex = 0; }
public ObjectConstantsFactory(DbgProcess process, ThreadMirror thread) { this.process = process; this.thread = thread; }
static DbgModule[] GetModules(DbgProcess process, ulong address) => process.Runtimes.SelectMany(a => a.Modules).Where(a => a.HasAddress && a.Address == address).ToArray();