void DbgManager_Message(object sender, DbgMessageEventArgs e)
{
if (e.Kind == DbgMessageKind.ExceptionThrown)
{
e.Pause = ShouldBreak(((DbgMessageExceptionThrownEventArgs)e).Exception);
}
}
void DbgManager_Message(object sender, DbgMessageEventArgs e)
{
if (e.Kind == DbgMessageKind.ProcessCreated)
{
HookFuncs(((DbgMessageProcessCreatedEventArgs)e).Process);
}
}
void DbgManager_Message(object sender, DbgMessageEventArgs e)
{
if (e.Kind == DbgMessageKind.SetIPComplete)
{
var ep = (DbgMessageSetIPCompleteEventArgs)e;
if (ep.FramesInvalidated && dbgManager.CurrentThread.Current == ep.Thread)
{
RefreshAllFrames_DbgThread();
}
}
}
void DbgManager_Message(object sender, DbgMessageEventArgs e)
{
if (e.Kind == DbgMessageKind.BoundBreakpoint)
{
var be = (DbgMessageBoundBreakpointEventArgs)e;
e.Pause = ShouldBreak(be.BoundBreakpoint, be.Thread);
if (e.Pause && be.BoundBreakpoint.Breakpoint.IsOneShot)
{
be.BoundBreakpoint.Breakpoint.Remove();
}
}
}
private static void StartScyllaDide(int proccessId, DbgManager dbgManager, DbgMessageEventArgs mesage)
{
switch (mesage.Kind)
{
case DbgMessageKind.ProcessCreated:
string currentDirectory = System.Environment.CurrentDirectory;
ScyllaHideInit(currentDirectory);
MyLogger.Instance.WriteLine(TextColor.Red, $"InitScyllaHide");
DbgMessageProcessCreatedEventArgs processCreated = (DbgMessageProcessCreatedEventArgs)mesage;
ScyllaHideDebugLoop(1, (int)proccessId, true, false);
ScyllaHideDebugLoop(3, (int)proccessId);
MyLogger.Instance.WriteLine(TextColor.Red, $"PointerSize = {processCreated.Process.PointerSize}");
break;
case DbgMessageKind.ModuleLoaded:
DbgMessageModuleLoadedEventArgs moduleLoaded = (DbgMessageModuleLoadedEventArgs)mesage;
string filename = moduleLoaded.Module.Filename;
if (filename.Contains(".dll"))
{
bool IsNtDLL = filename.Contains("ntdll.dll");
ScyllaHideDebugLoop(2, (int)proccessId, false, IsNtDLL);
MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide dll loaded ");
}
break;
case DbgMessageKind.BoundBreakpoint:
ScyllaHideDebugLoop(3, (int)proccessId);
MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide Breakpoint");
break;
default:
ScyllaHideDebugLoop(0, (int)proccessId);
MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide otherDebug message");
break;
}
}
private static void MessageFromDbg(DbgManager dbgManager, DbgMessageEventArgs message)
{
MyLogger.Instance.WriteLine($"We have message type {message.Kind.ToString()}");
if (message.Kind == DbgMessageKind.ModuleLoaded)
{
DbgMessageModuleLoadedEventArgs moduleLoaded = (DbgMessageModuleLoadedEventArgs)message;
MyLogger.Instance.WriteLine($"ModuleLoaded: {moduleLoaded.Module.Filename}");
}
if (!Instance.ProgrammSettings.IsEnabledOption)
{
return;
}
if (dbgManager.Processes.Length > 0)
{
for (int i = 0; i < dbgManager.Processes.Length; i++)
{
int pid = dbgManager.Processes[i].Id;
StartScyllaDide(pid, dbgManager, message);
MyLogger.Instance.WriteLine(TextColor.Red, $"PointerSize = {dbgManager.Processes[i].PointerSize}");
}
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="message">Debug message</param>
public DbgBreakInfo(DbgMessageEventArgs message)
{
Kind = DbgBreakInfoKind.Message;
Data = message ?? throw new ArgumentNullException(nameof(message));
}
public void Add(DbgMessageEventArgs e) => Add(new DbgBreakInfo(e));
