int IDebugEventCallbacksWide.LoadModule(ulong ImageFileHandle, ulong BaseOffset, uint ModuleSize, string ModuleName, string ImageName, uint CheckSum, uint TimeDateStamp)
        {
            uint id, pid;

            SystemObjects.GetCurrentProcessId(out id);
            SystemObjects.GetCurrentProcessSystemId(out pid);

            var module = new TargetModule(Processes.First(p => p.PID == pid))
            {
                ImageName    = ImageName,
                Name         = ModuleName,
                BaseAddress  = BaseOffset,
                Size         = ModuleSize,
                TimeStamp    = TimeDateStamp,
                Handle       = ImageFileHandle,
                ProcessIndex = id,
                PID          = pid
            };

            var process = _processes.First(p => p.PID == pid);

            process.AddModule(module);

            OnModuleLoaded(new ModuleEventArgs(process, module));

            return((int)DEBUG_STATUS.NO_CHANGE);
        }
        int IDebugEventCallbacksWide.CreateThread(ulong Handle, ulong DataOffset, ulong StartOffset)
        {
            uint id, tid, pindex, pid;

            SystemObjects.GetCurrentProcessId(out pindex);
            SystemObjects.GetCurrentThreadId(out id);
            SystemObjects.GetCurrentProcessSystemId(out pid);
            SystemObjects.GetCurrentThreadSystemId(out tid);
            Debug.Assert(tid > 0 && pid > 0);

            var process = _processes.First(p => p.PID == pid);

            var thread = new TargetThread(process)
            {
                Index        = id,
                TID          = tid,
                StartAddress = StartOffset,
                Teb          = DataOffset,
                Handle       = Handle,
                ProcessIndex = pindex
            };

            process.AddThread(thread);

            OnThreadCreated(new ThreadCreatedEventArgs(thread, process));

            return((int)DEBUG_STATUS.NO_CHANGE);
        }
Exemplo n.º 3
0
 public TargetProcess GetCurrentProcess()
 {
     return(RunAsync(() => {
         uint id;
         SystemObjects.GetCurrentProcessSystemId(out id);
         return _processes.First(p => p.PID == id);
     }).Result);
 }
        int IDebugEventCallbacksWide.CreateProcess(ulong ImageFileHandle, ulong Handle, ulong BaseOffset, uint ModuleSize, string ModuleName, string ImageName,
                                                   uint CheckSum, uint TimeDateStamp, ulong InitialThreadHandle, ulong ThreadDataOffset, ulong StartOffset)
        {
            Debug.WriteLine("IDebugEventCallbacksWide.CreateProcess");

            uint id;

            SystemObjects.GetCurrentProcessId(out id);
            ulong peb;

            SystemObjects.GetCurrentProcessPeb(out peb);
            uint pid;

            SystemObjects.GetCurrentProcessSystemId(out pid);

            var process = new TargetProcess {
                PID        = pid,
                hProcess   = Handle,
                hFile      = ImageFileHandle,
                BaseOffset = BaseOffset,
                ModuleSize = ModuleSize,
                ImageName  = ImageName,
                TimeStamp  = DateTime.FromFileTime(TimeDateStamp),
                ModuleName = ModuleName,
                Index      = (int)id,
                Peb        = peb
            };

            _processes.Add(process);

            OnProcessCreated(process);

            uint tindex, tid;

            SystemObjects.GetCurrentThreadId(out tindex);
            SystemObjects.GetCurrentThreadSystemId(out tid);
            var thread = new TargetThread(process)
            {
                Index        = tindex,
                TID          = tid,
                StartAddress = StartOffset,
                Teb          = ThreadDataOffset,
                Handle       = InitialThreadHandle,
                ProcessIndex = id
            };

            process.AddThread(thread);

            OnThreadCreated(new ThreadCreatedEventArgs(thread, process));

            return((int)DEBUG_STATUS.NO_CHANGE);
        }
        int IDebugEventCallbacksWide.UnloadModule(string ImageBaseName, ulong BaseOffset)
        {
            uint id, pid;

            SystemObjects.GetCurrentProcessId(out id);
            SystemObjects.GetCurrentProcessSystemId(out pid);

            var process = _processes.First(p => p.PID == pid);
            var module  = process.Modules.First(m => m.BaseAddress == BaseOffset);

            process.RemoveModule(module);
            OnModuleUnloaded(new ModuleEventArgs(process, module));

            return((int)DEBUG_STATUS.NO_CHANGE);
        }
        int IDebugEventCallbacksWide.ExitProcess(uint ExitCode)
        {
            Debug.WriteLine("IDebugEventCallbacksWide.ExitProcess");

            uint pid;

            SystemObjects.GetCurrentProcessSystemId(out pid);
            var process = _processes.First(p => p.PID == pid);

            process.ExitCode = ExitCode;

            OnProcessExited(new ProcessExitedEventArgs(process));

            UpdateStatus();
            return((int)DEBUG_STATUS.NO_CHANGE);
        }
        int IDebugEventCallbacksWide.ExitThread(uint ExitCode)
        {
            uint id, pindex, tid, pid;

            SystemObjects.GetCurrentThreadId(out id);
            SystemObjects.GetCurrentProcessId(out pindex);
            SystemObjects.GetCurrentProcessSystemId(out pid);
            SystemObjects.GetCurrentThreadSystemId(out tid);

            var process = _processes.First(p => p.PID == pid);
            var thread  = process.Threads.First(t => t.TID == tid);

            thread.ExitCode = ExitCode;

            process.RemoveThread(thread);

            OnThreadExited(new ThreadExitedEventArgs(thread, process));

            return((int)DEBUG_STATUS.NO_CHANGE);
        }