private static void DebugSessionOnLibraryLoaded(object?sender, DebuggeeLibraryEventArgs e)
{
// Utils.WriteLog($"[Debugger] Loaded lib: {e.Library.Name} (0x{e.Library.BaseOfLibrary:x})", ConsoleColor.DarkGray);
if (e.Library.Name != null && e.Library.Name.Contains("GDLoader"))
{
Utils.WriteLog($"[Debugger] GDLoader.dll found at: 0x{e.Library.BaseOfLibrary:x}", ConsoleColor.DarkGray);
gdLoaderBaseAddr = e.Library.BaseOfLibrary;
addressOfPreInit = gdLoaderBaseAddr.ToInt32() + (int)preInitOffset;
Utils.WriteLog($"[Debugger] pre_init addr: 0x{addressOfPreInit:x}", ConsoleColor.Yellow);
Utils.WriteLog("[Debugger] Debugger Ladybug was made by Washi1337 (https://github.com/Washi1337).", ConsoleColor.Cyan);
foundLibrary = true;
}
}
private DebuggerAction HandleUnloadDllDebugEvent(DEBUG_EVENT debugEvent)
{
var info = debugEvent.InterpretDebugInfoAs <UNLOAD_DLL_DEBUG_INFO>();
var process = GetProcessById((int)debugEvent.dwProcessId);
var thread = process.GetThreadById((int)debugEvent.dwThreadId);
var library = process.GetLibraryByBase(info.lpBaseOfDll);
if (library != null)
{
process.RemoveLibrary(library);
var eventArgs = new DebuggeeLibraryEventArgs(thread, library);
OnLibraryUnloaded(eventArgs);
return(eventArgs.NextAction);
}
return(DebuggerAction.Continue);
}
private DebuggerAction HandleLoadDllDebugEvent(DEBUG_EVENT debugEvent)
{
var info = debugEvent.InterpretDebugInfoAs <LOAD_DLL_DEBUG_INFO>();
var process = GetProcessById((int)debugEvent.dwProcessId);
var thread = process.GetThreadById((int)debugEvent.dwThreadId);
// LOAD_DLL_DEBUG_INFO.lpImageName is a char** or a wchar_t**, which can be null.
string name = null;
try
{
if (info.lpImageName != IntPtr.Zero)
{
var buffer = new byte[8];
process.ReadMemory(info.lpImageName, buffer, 0, IntPtr.Size);
var ptr = new IntPtr(BitConverter.ToInt64(buffer, 0));
if (ptr != IntPtr.Zero)
{
name = process.ReadZeroTerminatedString(ptr, info.fUnicode == 0);
}
}
}
catch (Win32Exception)
{
// Reading failed, possibly due to an invalid pointer address. Set to no name instead.
name = null;
}
var library = new DebuggeeLibrary(process, name, info.lpBaseOfDll);
process.AddLibrary(library);
var eventArgs = new DebuggeeLibraryEventArgs(thread, library);
OnLibraryLoaded(eventArgs);
return(eventArgs.NextAction);
}
protected virtual void OnLibraryUnloaded(DebuggeeLibraryEventArgs e)
{
LibraryUnloaded?.Invoke(this, e);
}
private void SessionOnLibraryUnloaded(object sender, DebuggeeLibraryEventArgs args)
{
_logger.WriteLine("Unloaded library " + (args.Library.Name ?? "<no name>") + " at " + args.Library.BaseOfLibrary.ToInt64().ToString("X8"));
}