Пример #1
0
        private IDebugBreakpoint2 SetBreakpoint(UInt64 address, DEBUG_BREAKPOINT_TYPE breakpointType, DEBUG_BREAKPOINT_ACCESS_TYPE access, UInt32 size)
        {
            const UInt32 AnyId = UInt32.MaxValue;

            IDebugBreakpoint2 breakpoint = null;

            this.BeginInterrupt();

            Task.Factory.StartNew(() =>
            {
                try
                {
                    this.CheckHandleResult(this.Control.AddBreakpoint2(breakpointType, AnyId, out breakpoint));

                    breakpoint.SetOffset(address);
                    breakpoint.SetFlags(DEBUG_BREAKPOINT_FLAG.ENABLED);
                    breakpoint.SetDataParameters(size, access);

                    this.Control.SetExecutionStatus(DEBUG_STATUS.GO);
                }
                catch (Exception ex)
                {
                    Logger.Log(LogLevel.Error, "Error setting breakpoint", ex);
                }
            }, CancellationToken.None, TaskCreationOptions.DenyChildAttach, this.Scheduler.ExclusiveScheduler).Wait();

            this.EndInterrupt();

            return(breakpoint);
        }
Пример #2
0
        /// <summary>
        /// Constructor for creating new breakpoints.
        /// </summary>
        /// <param name="breakpointSpec">Spec describing this breakpoint.</param>
        /// <param name="invalidateCache">Invalidate cache action.</param>
        /// <param name="dbgEngDll">DbgEngDll interface.</param>
        /// <remarks>
        /// This about adding some sort of factory pattern here.
        /// </remarks>
        public DbgEngBreakpoint(BreakpointSpec breakpointSpec, Action invalidateCache, DbgEngDll dbgEngDll)
        {
            this.breakpointAction = breakpointSpec.BreakpointAction;
            this.invalidateCache  = invalidateCache;

            unchecked
            {
                if (breakpointSpec.BreakpointType == BreakpointType.Code)
                {
                    breakpoint = dbgEngDll.Control.AddBreakpoint2((uint)Defines.DebugBreakpointCode, (uint)Defines.DebugAnyId);
                }
                else
                {
                    throw new NotImplementedException("Only supports Code breakpoints");
                }
            }

            breakpoint.SetOffset(breakpointSpec.BreakpointAddress);
            breakpoint.SetFlags((uint)Defines.DebugBreakpointEnabled);
            breakpointStatusEnabled = true;
        }
        public static void Run(Process clProcess)
        {
            ProcessModuleCollection clProcessModules = clProcess.Modules;



            /////////////////////////////////
            Guid guid = typeof(IDebugClient).GUID;

            // create debug client object
            //object obj;
            //CheckHr(Native.NativeMethods.DbgEng.DebugCreate(ref guid, out obj));
            IntPtr pObj = IntPtr.Zero;

            CheckHr(Native.NativeMethods.DbgEng.DebugCreate(ref guid, ref pObj));
            IDebugClient5Fixed    client     = (IDebugClient5Fixed)Marshal.GetTypedObjectForIUnknown(pObj, typeof(IDebugClient5Fixed));
            IDebugDataSpaces4     dataSpaces = client as IDebugDataSpaces4;
            IDebugRegisters2Fixed registers  = client as IDebugRegisters2Fixed;

            //IDebugClient5Fixed client = obj as IDebugClient5Fixed;
            IDebugControl6 control = client as IDebugControl6;
            var            events  = new EventCallbacks(control);

            client.SetEventCallbacksWide(events);
            client.SetOutputCallbacksWide(new OutputCallbacks());
            Console.CancelKeyPress += (s, e) => {
                e.Cancel = true;

                //control.SetInterrupt(DEBUG_INTERRUPT.ACTIVE);
            };
            CheckHr(client.AttachProcess(0, (uint)clProcess.Id, DEBUG_ATTACH.DEFAULT));

            ///////////
            ProcessModule progModule = null;

            foreach (ProcessModule module in clProcessModules)
            {
                if (module.ModuleName == "prog.dll")
                {
                    progModule = module;
                    break;
                }
            }

            Console.WriteLine(
                $"Module: {progModule.ModuleName}\r\n" +
                $"  BaseAddress: {progModule.BaseAddress.FormatAsHex()}\r\n" +
                $"  EntryPointAddress: {progModule.EntryPointAddress.FormatAsHex()}\r\n" +
                $"  ModuleMemorySize: 0x{progModule.ModuleMemorySize:X8}\r\n" +
                $"");


            //callbackProvider = new UnmanagedCodeSupplier((PickUpWeaponDelegate)ttExecutionCallback, IntPtr.Size == sizeof(int) ? x86CodeForFastcallWrapperForExecutionDelegate : x64CodeForFastcallWrapperForExecutionDelegate, IntPtr.Size == sizeof(int) ? new UIntPtr(0xF0F0F0F0) : new UIntPtr(0xF0F0F0F0F0F0F0F0));

            //byte[] progMemory = new byte[progModule.ModuleMemorySize];

            //return;


            ////////

            CheckHr(control.WaitForEvent(DEBUG_WAIT.DEFAULT, 5000));


            byte[] progMemory = new byte[progModule.ModuleMemorySize];
            uint   readMemoryBytes;

            ulong validbase;
            uint  validsize;

            CheckHr(dataSpaces.GetValidRegionVirtual((ulong)progModule.BaseAddress, (uint)progMemory.Length, out validbase, out validsize));


            //Console.WriteLine($"Read {readMemoryBytes} bytes");


            byte[] pickUpWeaponSignature;
            byte[] wildcard;
            ParseSearchPattern(
                "55 8B EC 83 E4 F8 80 3D A9 0F ?? 0F 00 56 57 8B F2 8B F9 75 23 80 3D 9A 0E ?? 0F 00 75 1A 56 E8 9C 94 F9 FF 83 FE 0F 75 0F 83 F8 32 7C 0A B9 D4",
                out pickUpWeaponSignature,
                out wildcard
                );
            //wildcard[3] = 1;
            ulong matchOffset;

            CheckHr(dataSpaces.ReadVirtualUncached((ulong)progModule.BaseAddress, progMemory, (uint)progMemory.Length, out readMemoryBytes));
            fixed(void *progMemoryPtr = progMemory, pickUpWeaponSignaturePtr = pickUpWeaponSignature, wildcardPtr = wildcard)
            {
                //pickUpWeaponAddress = (IntPtr) IndexOfUnchecked(progMemoryPtr, progMemory.Length, pickUpWeaponSignaturePtr, pickUpWeaponSignature.Length, wildcardPtr);
                int pickUpWeaponAddressOffset =
                    IndexOfUnchecked(progMemoryPtr, progMemory.Length, pickUpWeaponSignaturePtr, pickUpWeaponSignature.Length, wildcardPtr);

                Console.WriteLine($"PickUpWeapon offset: 0x{pickUpWeaponAddressOffset:X8}");
                if (pickUpWeaponAddressOffset == -1)
                {
                    throw new Exception("Pattern not found!");
                }

                pickUpWeaponAddress = new IntPtr(pickUpWeaponAddressOffset + (int)progModule.BaseAddress);
            }

            //dataSpaces.SearchVirtual((ulong) progModule.BaseAddress, (ulong) progModule.ModuleMemorySize, pickUpWeaponSignature, (uint) pickUpWeaponSignature.Length, 1, out matchOffset);
            //pickUpWeaponAddress = (IntPtr) matchOffset;
            Console.WriteLine($"PickUpWeapon address: {pickUpWeaponAddress.FormatAsHex()}");

            control.AddBreakpoint2(DEBUG_BREAKPOINT_TYPE.CODE, uint.MaxValue, out pickUpWeaponBreakpoint);
            pickUpWeaponBreakpoint.SetOffset((ulong)pickUpWeaponAddress);
            pickUpWeaponBreakpoint.SetFlags(DEBUG_BREAKPOINT_FLAG.ENABLED);

            pickUpWeaponBreakpoint.SetCommandWide(".echo WEAPON PICKUP!");

            // fixed (void* progMemoryPtr = progMemory, pickUpWeaponSignaturePtr = pickUpWeaponSignature) {
            //     int pickUpWeaponAddressOffset =
            //         IndexOfUnchecked(progMemoryPtr, progMemory.Length, pickUpWeaponSignaturePtr, pickUpWeaponSignature.Length);
            //     Console.WriteLine($"PickUpWeapon offset: 0x{pickUpWeaponAddressOffset:X8}");
            //     if (pickUpWeaponAddressOffset == -1)
            //         throw new Exception("Pattern not found!");
            //
            //     pickUpWeaponAddress = new IntPtr(pickUpWeaponAddressOffset + (int) progModule.BaseAddress);
            //     Console.WriteLine($"PickUpWeapon address: {pickUpWeaponAddress.FormatAsHex()}");
            // }

            control.SetExecutionStatus(DEBUG_STATUS.GO);

            File.WriteAllBytes("dump.bin", progMemory);

            DEBUG_STATUS status;
            int          hr;

            while (true)
            {
                CheckHr(control.GetExecutionStatus(out status));
                if (status == DEBUG_STATUS.NO_DEBUGGEE)
                {
                    Console.WriteLine("No Target");
                    break;
                }

                if (status == DEBUG_STATUS.GO || status == DEBUG_STATUS.STEP_BRANCH ||
                    status == DEBUG_STATUS.STEP_INTO ||
                    status == DEBUG_STATUS.STEP_OVER)
                {
                    hr = control.WaitForEvent(DEBUG_WAIT.DEFAULT, uint.MaxValue);
                    continue;
                }

                if (events.StateChanged)
                {
                    Console.WriteLine();
                    events.StateChanged = false;
                    if (events.BreakpointHit)
                    {
                        control.OutputCurrentState(DEBUG_OUTCTL.THIS_CLIENT,
                                                   DEBUG_CURRENT.DEFAULT);
                        events.BreakpointHit = false;
                    }
                }


                control.OutputPromptWide(DEBUG_OUTCTL.THIS_CLIENT, null);
                Console.Write(" ");
                Console.ForegroundColor = ConsoleColor.Gray;
                string command = Console.ReadLine();
                if (command == ".detach")
                {
                    client.DetachCurrentProcess();
                }
                else
                {
                    control.ExecuteWide(DEBUG_OUTCTL.THIS_CLIENT, command,
                                        DEBUG_EXECUTE.DEFAULT);
                }
            }
        }