internal static byte[] WriteBreakInstruction(Win32Process process, ulong offset) { byte[] oldBytes = ReadInstructionBytes(process, offset, 1); Debug.Assert(oldBytes.Length == 1); WriteInstructionBytes(process, offset, new byte[] { INSTR_BREAK_X86 }); return(oldBytes); }
internal static byte[] ReadInstructionBytes(Win32Process process, ulong offset, int size) { unsafe { Int32 success = FALSE; byte[] buffer = new byte[size]; fixed(byte *pBuffer = buffer) { // TODO: Offset is wrong here! success = ReadProcessMemory(process.Handle, (void *)offset, pBuffer, (nuint)size, null); } ErrorOnFalse(success); return(buffer); } }
private void CreateProcessDebugEvent(Win32Process process, ref WinApi.CREATE_PROCESS_DEBUG_INFO info) { Console.WriteLine("create process"); // NOTE: We assign the result here as this is when we know the start address of the process if (unreturnedProcesses.Remove(process.Id, out var tcs)) { // Create the main thread, connect it up with the process var mainThread = WinApi.MakeThreadObject(info.hThread); process.AddThread(mainThread); // Finally push the result back tcs.SetResult(process); } else { // Something went very wrong throw new InvalidOperationException(); } }
internal static void WriteInstructionBytes(Win32Process process, ulong offset, byte[] bytes) { unsafe { // First write the memory Int32 success = FALSE; fixed(byte *pBuffer = bytes) { // TODO: Offset is wrong here! success = WriteProcessMemory(process.Handle, (void *)offset, pBuffer, (nuint)bytes.Length, null); } ErrorOnFalse(success); // Then flush instruction cache success = FlushInstructionCache(process.Handle, (void *)offset, (nuint)bytes.Length); ErrorOnFalse(success); } }
private void ExitProcessDebugEvent(Win32Process process, ref WinApi.EXIT_PROCESS_DEBUG_INFO info) { Console.WriteLine($"exit process (code {info.dwExitCode})"); // Just remove from bookkeeping processes.Remove(process.Id); }