public override object GetArgumentValue(DkmStackWalkFrame frame, int index) {
ulong esp = (uint)frame.Registers.GetStackPointer();
uint esp2 = frame.VscxGetRegisterValue32(CpuRegister.Esp);
uint ebp = frame.VscxGetRegisterValue32(CpuRegister.Ebp);
ulong frameBase = (uint)frame.FrameBase;
int stackOffset = 0;
for (int i = 0; i < index; ++i)
stackOffset += _parameters[i].GetPaddedSize(WordSize);
// The return address (4 bytes) is at the top of the stack, so offset by 4 to skip the return
// address.
ulong stackAddress = esp + 4 + (ulong)stackOffset;
int paramSize = _parameters[index].GetSize(WordSize);
byte[] parameter = new byte[paramSize];
frame.Process.ReadMemory(stackAddress, DkmReadMemoryFlags.None, parameter);
switch (paramSize) {
case 4:
return BitConverter.ToUInt32(parameter, 0);
case 8:
return BitConverter.ToUInt64(parameter, 0);
default:
return parameter;
}
}
public override object GetArgumentValue(DkmStackWalkFrame frame, int index)
{
ulong esp = (uint)frame.Registers.GetStackPointer();
uint esp2 = frame.VscxGetRegisterValue32(CpuRegister.Esp);
uint ebp = frame.VscxGetRegisterValue32(CpuRegister.Ebp);
ulong frameBase = (uint)frame.FrameBase;
int stackOffset = 0;
for (int i = 0; i < index; ++i)
{
stackOffset += _parameters[i].GetPaddedSize(WordSize);
}
// The return address (4 bytes) is at the top of the stack, so offset by 4 to skip the return
// address.
ulong stackAddress = esp + 4 + (ulong)stackOffset;
int paramSize = _parameters[index].GetSize(WordSize);
byte[] parameter = new byte[paramSize];
frame.Process.ReadMemory(stackAddress, DkmReadMemoryFlags.None, parameter);
switch (paramSize)
{
case 4:
return(BitConverter.ToUInt32(parameter, 0));
case 8:
return(BitConverter.ToUInt64(parameter, 0));
default:
return(parameter);
}
}
void createProcessTracer_OnFunctionExited(
DkmStackWalkFrame frame,
StackFrameAnalyzer frameAnalyzer)
{
try {
ulong processInfoAddr = Convert.ToUInt64(
frameAnalyzer.GetArgumentValue(frame, "lpProcessInformation"));
// Check the return address first, it should be in EAX. CreateProcessAsUser and
// CreateProcess both return 0 on failure. If the function failed, there is no child to
// attach to.
if (0 == frame.VscxGetRegisterValue32(CpuRegister.Eax))
{
return;
}
// The process was successfully created. Extract the PID from the PROCESS_INFORMATION
// output param. An attachment request must happend through the EnvDTE, which can only
// be accessed from the VsPackage, so a request must be sent via a component message.
DkmProcess process = frame.Process;
int size = Marshal.SizeOf(typeof(PROCESS_INFORMATION));
byte[] buffer = new byte[size];
process.ReadMemory(processInfoAddr, DkmReadMemoryFlags.None, buffer);
PROCESS_INFORMATION info = MarshalUtility.ByteArrayToStructure <PROCESS_INFORMATION>(buffer);
DkmCustomMessage attachRequest = DkmCustomMessage.Create(
process.Connection,
process,
PackageServices.VsPackageMessageGuid,
(int)VsPackageMessage.AttachToChild,
process.LivePart.Id,
info.dwProcessId);
attachRequest.SendToVsService(PackageServices.DkmComponentEventHandler, false);
} catch (Exception exception) {
Logger.LogError(
exception,
"An error occured handling the exit breakpoint. HR = 0x{0:X}",
exception.HResult);
}
}
void createProcessTracer_OnFunctionExited(
DkmStackWalkFrame frame,
StackFrameAnalyzer frameAnalyzer)
{
try {
ulong processInfoAddr = Convert.ToUInt64(
frameAnalyzer.GetArgumentValue(frame, "lpProcessInformation"));
// Check the return address first, it should be in EAX. CreateProcessAsUser and
// CreateProcess both return 0 on failure. If the function failed, there is no child to
// attach to.
if (0 == frame.VscxGetRegisterValue32(CpuRegister.Eax))
return;
// The process was successfully created. Extract the PID from the PROCESS_INFORMATION
// output param. An attachment request must happend through the EnvDTE, which can only
// be accessed from the VsPackage, so a request must be sent via a component message.
DkmProcess process = frame.Process;
int size = Marshal.SizeOf(typeof(PROCESS_INFORMATION));
byte[] buffer = new byte[size];
process.ReadMemory(processInfoAddr, DkmReadMemoryFlags.None, buffer);
PROCESS_INFORMATION info = MarshalUtility.ByteArrayToStructure<PROCESS_INFORMATION>(buffer);
DkmCustomMessage attachRequest = DkmCustomMessage.Create(
process.Connection,
process,
PackageServices.VsPackageMessageGuid,
(int)VsPackageMessage.AttachToChild,
process.LivePart.Id,
info.dwProcessId);
attachRequest.SendToVsService(PackageServices.DkmComponentEventHandler, false);
} catch (Exception exception) {
Logger.LogException(
exception,
"An error occured handling the exit breakpoint. HR = 0x{0:X}",
exception.HResult);
}
}
