void DbgManager_Message(object sender, DbgMessageEventArgs e) { if (e.Kind == DbgMessageKind.ExceptionThrown) { e.Pause = ShouldBreak(((DbgMessageExceptionThrownEventArgs)e).Exception); } }
void DbgManager_Message(object sender, DbgMessageEventArgs e) { if (e.Kind == DbgMessageKind.ProcessCreated) { HookFuncs(((DbgMessageProcessCreatedEventArgs)e).Process); } }
void DbgManager_Message(object sender, DbgMessageEventArgs e) { if (e.Kind == DbgMessageKind.SetIPComplete) { var ep = (DbgMessageSetIPCompleteEventArgs)e; if (ep.FramesInvalidated && dbgManager.CurrentThread.Current == ep.Thread) { RefreshAllFrames_DbgThread(); } } }
void DbgManager_Message(object sender, DbgMessageEventArgs e) { if (e.Kind == DbgMessageKind.BoundBreakpoint) { var be = (DbgMessageBoundBreakpointEventArgs)e; e.Pause = ShouldBreak(be.BoundBreakpoint, be.Thread); if (e.Pause && be.BoundBreakpoint.Breakpoint.IsOneShot) { be.BoundBreakpoint.Breakpoint.Remove(); } } }
private static void StartScyllaDide(int proccessId, DbgManager dbgManager, DbgMessageEventArgs mesage) { switch (mesage.Kind) { case DbgMessageKind.ProcessCreated: string currentDirectory = System.Environment.CurrentDirectory; ScyllaHideInit(currentDirectory); MyLogger.Instance.WriteLine(TextColor.Red, $"InitScyllaHide"); DbgMessageProcessCreatedEventArgs processCreated = (DbgMessageProcessCreatedEventArgs)mesage; ScyllaHideDebugLoop(1, (int)proccessId, true, false); ScyllaHideDebugLoop(3, (int)proccessId); MyLogger.Instance.WriteLine(TextColor.Red, $"PointerSize = {processCreated.Process.PointerSize}"); break; case DbgMessageKind.ModuleLoaded: DbgMessageModuleLoadedEventArgs moduleLoaded = (DbgMessageModuleLoadedEventArgs)mesage; string filename = moduleLoaded.Module.Filename; if (filename.Contains(".dll")) { bool IsNtDLL = filename.Contains("ntdll.dll"); ScyllaHideDebugLoop(2, (int)proccessId, false, IsNtDLL); MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide dll loaded "); } break; case DbgMessageKind.BoundBreakpoint: ScyllaHideDebugLoop(3, (int)proccessId); MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide Breakpoint"); break; default: ScyllaHideDebugLoop(0, (int)proccessId); MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide otherDebug message"); break; } }
private static void MessageFromDbg(DbgManager dbgManager, DbgMessageEventArgs message) { MyLogger.Instance.WriteLine($"We have message type {message.Kind.ToString()}"); if (message.Kind == DbgMessageKind.ModuleLoaded) { DbgMessageModuleLoadedEventArgs moduleLoaded = (DbgMessageModuleLoadedEventArgs)message; MyLogger.Instance.WriteLine($"ModuleLoaded: {moduleLoaded.Module.Filename}"); } if (!Instance.ProgrammSettings.IsEnabledOption) { return; } if (dbgManager.Processes.Length > 0) { for (int i = 0; i < dbgManager.Processes.Length; i++) { int pid = dbgManager.Processes[i].Id; StartScyllaDide(pid, dbgManager, message); MyLogger.Instance.WriteLine(TextColor.Red, $"PointerSize = {dbgManager.Processes[i].PointerSize}"); } } }
/// <summary> /// Constructor /// </summary> /// <param name="message">Debug message</param> public DbgBreakInfo(DbgMessageEventArgs message) { Kind = DbgBreakInfoKind.Message; Data = message ?? throw new ArgumentNullException(nameof(message)); }
public void Add(DbgMessageEventArgs e) => Add(new DbgBreakInfo(e));