private void RefreshRegistersButton_Click(object sender, EventArgs e) { if (OrbisDbg.IsProcessPaused()) { UpdateRegisterWindow(OrbisDbg.GetRegisters()); } else { MessageBox.Show("The process must be paused before you can get/set registers", "Error Getting Registers"); } }
private void StepProcess() { if (OrbisDbg.IsProcessPaused()) { OrbisDbg.SingleStep(); if (registersForm != null) { registersForm.UpdateRegisterWindow(OrbisDbg.GetRegisters()); } } }
private void UpdateFormsOnPaused() { OrbisDbg.registers regs = OrbisDbg.GetRegisters(); if (!bUpdatedOnPause) { bool isBreakpoint = OrbisDbg.Ext.ReadByte(regs.r_rip - 1) == 0xCC; ulong breakAddress = isBreakpoint ? regs.r_rip - 1 : regs.r_rip; if (isBreakpoint) { for (int i = 0; i < breakpoints.Count; i++) { if (breakpoints[i].address == breakAddress) { OrbisDbg.Ext.WriteByte(breakAddress, breakpoints[i].instruction); break; } } regs.r_rip -= 1; OrbisDbg.SetRegisters(regs); } if (memoryForm != null) { memoryForm.UpdateMemoryView(regs.r_rip, 0x1000, OrbisDbg.GetMemory(regs.r_rip, 0x1000)); } if (registersForm != null) { registersForm.UpdateRegisterWindow(regs); } } if (disassemblyForm != null && regs.r_rip != PreviousRip) { if (PreviousRip != 0 && regs.r_rip > PreviousRip && regs.r_rip - PreviousRip < 0xD0) { disassemblyForm.UpdateDisassemblyKeepMemory(regs.r_rip); } else { PreviousRip = regs.r_rip; byte[] memory = OrbisDbg.GetMemory(regs.r_rip, 0x100); disassemblyForm.UpdateDisassembly(regs.r_rip, memory, disassemblyForm.IsShowingBytes()); } } bUpdatedOnPause = true; }
public OrbisDbg.registers GetRegisters() { OrbisDbg.registers result = OrbisDbg.GetRegisters(); result.r_rax = Convert.ToUInt64(RAXRegisterValue.Text, 16); result.r_rbx = Convert.ToUInt64(RBXRegisterValue.Text, 16); result.r_rdi = Convert.ToUInt64(RDIRegisterValue.Text, 16); result.r_rsi = Convert.ToUInt64(RSIRegisterValue.Text, 16); result.r_rdx = Convert.ToUInt64(RDXRegisterValue.Text, 16); result.r_rcx = Convert.ToUInt64(RCXRegisterValue.Text, 16); result.r_r8 = Convert.ToUInt64(R8RegisterValue.Text, 16); result.r_r9 = Convert.ToUInt64(R9RegisterValue.Text, 16); result.r_r10 = Convert.ToUInt64(R10RegisterValue.Text, 16); result.r_r11 = Convert.ToUInt64(R11RegisterValue.Text, 16); result.r_r12 = Convert.ToUInt64(R12RegisterValue.Text, 16); result.r_r13 = Convert.ToUInt64(R13RegisterValue.Text, 16); result.r_r14 = Convert.ToUInt64(R14RegisterValue.Text, 16); result.r_r15 = Convert.ToUInt64(R15RegisterValue.Text, 16); result.r_rsp = Convert.ToUInt64(RSPRegisterValue.Text, 16); result.r_rbp = Convert.ToUInt64(RBPRegisterValue.Text, 16); result.r_rip = Convert.ToUInt64(RIPRegisterValue.Text, 16); return(result); }