// UI thread
void OnProcessChanged_UI(DbgProcess newProcess)
{
uiDispatcher.VerifyAccess();
if (disposed)
{
Debug.Assert(process == null);
Debug.Assert(runtimes.Count == 0);
Debug.Assert(moduleReferences.Count == 0);
Debug.Assert(!hexBufferFileService.Files.Any());
return;
}
if (process != null)
{
process.RuntimesChanged -= Process_RuntimesChanged;
}
foreach (var r in runtimes)
{
r.ModulesChanged -= DbgRuntime_ModulesChanged;
}
runtimes.Clear();
moduleReferences.Clear();
hexBufferFileService.RemoveAllFiles();
addedModules.Clear();
process = newProcess;
if (newProcess != null)
{
newProcess.DbgManager.Dispatcher.BeginInvoke(() => OnNewProcess_DbgThread(newProcess));
}
}
void DbgManager_DelayedIsRunningChanged(object sender, EventArgs e)
{
var process = currentProcess;
currentProcess = null;
// Ignore it the first time because the OS will give the debugged process focus
if (ignoreSetForeground)
{
return;
}
if (process == null)
{
process = ((DbgManager)sender).Processes.FirstOrDefault(a => a.State == DbgProcessState.Running);
}
// Fails if the process hasn't been created yet (eg. the engine hasn't connected to the process yet)
if (process == null)
{
return;
}
try {
using (var p = Process.GetProcessById((int)process.Id)) {
var hWnd = p.MainWindowHandle;
if (hWnd != IntPtr.Zero)
{
NativeMethods.SetForegroundWindow(hWnd);
}
}
}
catch {
}
}
void DbgManager_ProcessesChanged(object sender, DbgCollectionChangedEventArgs <DbgProcess> e)
{
if (!e.Added && e.Objects.Contains(currentProcess))
{
currentProcess = null;
}
}
public static bool TryGetModuleAddressAndSize(DbgProcess process, string moduleFilename, out ulong imageAddr, out uint imageSize)
{
//TODO: mono maps the files as data, use Win32 funcs to find all mapped files
imageAddr = 0;
imageSize = 0;
return(false);
}
public static bool TryGetSizeOfImage(DbgProcess process, ulong address, bool isFileLayout, out uint imageSize)
{
imageSize = 0;
try {
var buffer = new byte[0x2000];
process.ReadMemory(address, buffer, 0, buffer.Length);
if (BitConverter.ToUInt16(buffer, 0) != 0x5A4D)
{
return(false);
}
using (var peImage = new PEImage(buffer, null, isFileLayout ? ImageLayout.File : ImageLayout.Memory, verify: true)) {
ulong length = GetImageSize(peImage);
Debug.Assert(length <= uint.MaxValue);
if (length > uint.MaxValue)
{
return(false);
}
imageSize = (uint)length;
return(true);
}
}
catch (BadImageFormatException) {
return(false);
}
catch (IOException) {
return(false);
}
catch (Exception ex) {
Debug.Fail(ex.ToString());
return(false);
}
}
public override void Execute(IMenuItemContext context)
{
parent.settings.AddRecentInjection(injectionArguments);
DbgProcess proc = parent.CurrentProcess;
parent.injector.Inject(proc.Id, injectionArguments, proc.Bitness == 32, proc.Runtimes.First().GetRuntimeType());
}
public ModuleInfo(DbgProcess process, ulong addr, int size, string filename, DbgImageLayout imageLayout)
{
Process = process;
Address = addr;
Size = size;
Filename = filename;
ImageLayout = imageLayout;
}
public ManagedDebuggerPatcherX86(DbgNativeFunctionHookContext context, DbgCorDebugInternalRuntime runtime)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
process = context.Process;
this.runtime = runtime ?? throw new ArgumentNullException(nameof(runtime));
}
public ProcessMemoryBlockAllocator(DbgProcess process)
{
this.process = process;
allocatedMemory = new List <ProcessMemoryBlockImpl>();
hProcess = NativeMethods.OpenProcess(NativeMethods.PROCESS_ALL_ACCESS, false, (uint)process.Id);
if (hProcess == IntPtr.Zero || hProcess == (IntPtr)(-1))
{
throw new DbgHookException($"Couldn't open process {process.Id} ({process.Name})");
}
}
public void SetUnderlyingStream(HexBufferStream stream, DbgProcess process)
{
if (Process == process && DebuggerHexBufferStream.UnderlyingStream == stream)
{
return;
}
Process = process;
DebuggerHexBufferStream.UnderlyingStream = stream;
UnderlyingStreamChanged?.Invoke(this, EventArgs.Empty);
UnderlyingProcessChanged?.Invoke(this, EventArgs.Empty);
}
private void DbgManager_CurrentProcessChanged(object sender, DbgCurrentObjectChangedEventArgs <DbgProcess> e)
{
if (!e.CurrentChanged)
{
return;
}
var newProcess = ((DbgManager)sender).CurrentProcess.Current;
if (!(newProcess is null))
{
currentProcess = newProcess;
}
}
public static bool TryGetInternalRuntime(DbgProcess process, [NotNullWhenTrue] out DbgCorDebugInternalRuntime?runtime)
{
runtime = null;
var dbgRuntime = process.Runtimes.FirstOrDefault();
Debug.Assert(!(dbgRuntime is null));
if (dbgRuntime is null)
{
return(false);
}
runtime = dbgRuntime.InternalRuntime as DbgCorDebugInternalRuntime;
return(!(runtime is null));
}
static bool TryGetInternalRuntime(DbgProcess process, out DbgMonoDebugInternalRuntime runtime)
{
runtime = null;
var dbgRuntime = process.Runtimes.FirstOrDefault();
Debug.Assert(dbgRuntime != null);
if (dbgRuntime == null)
{
return(false);
}
runtime = dbgRuntime.InternalRuntime as DbgMonoDebugInternalRuntime;
return(runtime != null);
}
static bool TryGetInternalRuntime(DbgProcess process, [NotNullWhen(true)] out DbgMonoDebugInternalRuntime?runtime)
{
runtime = null;
var dbgRuntime = process.Runtimes.FirstOrDefault();
Debug2.Assert(dbgRuntime is not null);
if (dbgRuntime is null)
{
return(false);
}
runtime = dbgRuntime.InternalRuntime as DbgMonoDebugInternalRuntime;
return(runtime is not null);
}
void SetCurrentProcess(DbgProcess process)
{
if (currentProcess == process)
{
return;
}
if (currentProcess != null)
{
currentProcess.IsRunningChanged -= DbgProcess_IsRunningChanged;
}
currentProcess = process;
if (process != null)
{
process.IsRunningChanged += DbgProcess_IsRunningChanged;
}
}
public static T Write <T>(this T output, DbgProcess process, bool useHex) where T : ITextColorWriter
{
output.Write(BoxedTextColor.Punctuation, "[");
if (useHex)
{
output.Write(BoxedTextColor.Number, "0x" + process.Id.ToString("X"));
}
else
{
output.Write(BoxedTextColor.Number, process.Id.ToString());
}
output.Write(BoxedTextColor.Punctuation, "]");
output.WriteSpace();
output.WriteFilename(process.Name);
return(output);
}
void HookFuncs(DbgProcess process)
{
var key = new Key(process.Machine, process.OperatingSystem);
if (!toHooks.TryGetValue(key, out var hooks))
{
return;
}
var hookedFuncs = new HashSet <(string dll, string function)>();
var errors = new List <string>();
using (var context = new DbgNativeFunctionHookContextImpl(process)) {
foreach (var lz in hooks)
{
var id = (lz.Metadata.Dll, lz.Metadata.Function);
if (hookedFuncs.Contains(id))
{
continue;
}
if (!lz.Value.IsEnabled(context))
{
continue;
}
hookedFuncs.Add(id);
string errorMessage = null;
try {
lz.Value.Hook(context, out errorMessage);
}
catch (DbgHookException ex) {
errorMessage = ex.Message ?? "???";
}
if (errorMessage != null)
{
errors.Add($"{lz.Metadata.Dll}!{lz.Metadata.Function}: {errorMessage}");
}
}
context.Write();
}
if (errors.Count != 0)
{
var msg = "Couldn't patch debugger detection functions:\n\t" + string.Join("\n\t", errors.ToArray());
Debug.Fail(msg);
process.DbgManager.WriteMessage(msg);
}
}
void UpdateCurrentThreadProcess_DbgThread(DbgProcess process)
{
dbgManager.Dispatcher.VerifyAccess();
if (currentThreadProcess == process)
{
return;
}
if (currentThreadProcess != null)
{
currentThreadProcess.IsRunningChanged -= DbgProcess_IsRunningChanged;
}
currentThreadProcess = process;
if (process != null)
{
process.IsRunningChanged += DbgProcess_IsRunningChanged;
}
}
public DbgRuntimeImpl(DbgManagerImpl owner, DbgProcess process, DbgEngine engine)
{
lockObj = new object();
this.owner = owner ?? throw new ArgumentNullException(nameof(owner));
Process = process ?? throw new ArgumentNullException(nameof(process));
Engine = engine ?? throw new ArgumentNullException(nameof(engine));
var info = engine.RuntimeInfo;
Id = info.Id;
Guid = info.Guid;
RuntimeKindGuid = info.RuntimeKindGuid;
Name = info.Name;
Tags = info.Tags;
appDomains = new List <DbgAppDomain>();
modules = new List <DbgModule>();
threads = new List <DbgThreadImpl>();
closeOnContinueList = new List <DbgObject>();
InternalRuntime = engine.CreateInternalRuntime(this) ?? throw new InvalidOperationException();
}
// DbgThread
void OnNewProcess_DbgThread(DbgProcess newProcess)
{
newProcess.DbgManager.Dispatcher.VerifyAccess();
if (process != newProcess)
{
return;
}
newProcess.RuntimesChanged += Process_RuntimesChanged;
var runtimes = newProcess.Runtimes;
UI(() => {
if (process != newProcess)
{
newProcess.RuntimesChanged -= Process_RuntimesChanged;
}
else
{
Process_RuntimesChanged_UI(runtimes, added: true);
}
});
}
public unsafe DbgRawMetadataImpl(DbgProcess process, bool isFileLayout, ulong moduleAddress, int moduleSize)
{
lockObj = new object();
referenceCounter = 1;
this.isFileLayout = isFileLayout;
size = moduleSize;
isProcessMemory = true;
try {
// Prevent allocation on the LOH. We'll also be able to free the memory as soon as it's not needed.
address = NativeMethods.VirtualAlloc(IntPtr.Zero, new IntPtr(moduleSize), NativeMethods.MEM_COMMIT, NativeMethods.PAGE_READWRITE);
if (address == IntPtr.Zero)
{
throw new OutOfMemoryException();
}
process.ReadMemory(moduleAddress, (byte *)address.ToPointer(), size);
(metadataAddress, metadataSize) = GetMetadataInfo();
}
catch {
Dispose();
throw;
}
}
public unsafe DbgRawMetadataImpl(DbgProcess process, bool isFileLayout, ulong moduleAddress, int moduleSize)
{
lockObj = new object();
referenceCounter = 1;
this.isFileLayout = isFileLayout;
size = moduleSize;
try {
// Prevent allocation on the LOH. We'll also be able to free the memory as soon as it's not needed.
address = NativeMethods.VirtualAlloc(IntPtr.Zero, new IntPtr(moduleSize), NativeMethods.MEM_COMMIT, NativeMethods.PAGE_READWRITE);
if (address == IntPtr.Zero)
{
throw new OutOfMemoryException();
}
process.ReadMemory(moduleAddress, (byte *)address.ToPointer(), size);
try {
var peImage = new PEImage(address, size, isFileLayout ? ImageLayout.File : ImageLayout.Memory, true);
var dotNetDir = peImage.ImageNTHeaders.OptionalHeader.DataDirectories[14];
if (dotNetDir.VirtualAddress != 0 && dotNetDir.Size >= 0x48)
{
var cor20 = new ImageCor20Header(peImage.CreateStream(dotNetDir.VirtualAddress, 0x48), true);
var mdStart = (long)peImage.ToFileOffset(cor20.MetaData.VirtualAddress);
metadataAddress = new IntPtr((byte *)address + mdStart);
metadataSize = (int)cor20.MetaData.Size;
}
}
catch (Exception ex) when(ex is IOException || ex is BadImageFormatException)
{
Debug.Fail("Couldn't read .NET metadata");
}
}
catch {
Dispose();
throw;
}
}
public bool IsProcessSupported(DbgProcess process, out string?reason)
{
if (process is null)
{
reason = "no process found";
return(false);
}
if (process.OperatingSystem != DbgOperatingSystem.Windows)
{
reason = "Windows only";
return(false);
}
if (process.Architecture != DbgArchitecture.X86 && process.Architecture != DbgArchitecture.X64)
{
reason = "x86 and x64 only";
return(false);
}
var runtimeType = process.Runtimes.First().GetRuntimeType();
var rtSupported = runtimeType switch {
RuntimeType.FrameworkV2 => true,
RuntimeType.FrameworkV4 => true,
_ => false,
};
if (!rtSupported)
{
reason = $"Unsupported runtime '{process.Runtimes.First().Name}'";
return(false);
}
reason = null;
return(true);
}
public ProcessInfo(DbgProcess process, HexCachedBufferStream stream, SafeProcessHandle processHandle)
{
Process = process ?? throw new ArgumentNullException(nameof(process));
Stream = stream ?? throw new ArgumentNullException(nameof(stream));
ProcessHandle = processHandle;
}
public DbgNativeFunctionHookContextImpl(DbgProcess process)
{
Process = process ?? throw new ArgumentNullException(nameof(process));
processMemoryBlockAllocator = new ProcessMemoryBlockAllocator(process);
functionProvider = new DbgHookedNativeFunctionProviderImpl(process, processMemoryBlockAllocator);
}
protected PatcherX86(DbgNativeFunctionHookContext context)
{
process = context.Process;
functionProvider = context.FunctionProvider;
nextBranchTargetId = ulong.MaxValue;
}
public DocKey(DbgProcess process, ulong address)
{
this.process = process ?? throw new ArgumentNullException(nameof(process));
this.address = address;
}
public void Initialize(DbgProcess process, ulong address)
{
process.ReadMemory(address, data);
dataIndex = 0;
}
public ObjectConstantsFactory(DbgProcess process, ThreadMirror thread)
{
this.process = process;
this.thread = thread;
}
static DbgModule[] GetModules(DbgProcess process, ulong address) => process.Runtimes.SelectMany(a => a.Modules).Where(a => a.HasAddress && a.Address == address).ToArray();
