Пример #1
0
        public ContextManager(String name, Logger loggerInstance, Specifics specificsInstance,
            Func<ContextManager, int, Win32Imports.ContextX64, bool, ContextTracer.TraceReturn> breakPointCallBack,
            ImportResolver importResolver) {

            LoggerInstance = loggerInstance;
            BreakPointCallBack = breakPointCallBack;
            _importResolver = importResolver;

            setDebugPrivilege();

            CurrentProcess = DebugProcessUtils.GetFirstProcessByName(name);

            foreach (ProcessThread thread in CurrentProcess.Threads) {
                loggerInstance.WriteLine($"main thread: {thread.Id}");
                break;
            }

            SpecificsInstance = specificsInstance;

            Console.WriteLine("debugger");

            Console.WriteLine("pid: " + CurrentProcess.Id);

#if RestartEachTime
            // Attach to the process we provided the thread as an argument
            if (!Win32Imports.DebugActiveProcess(CurrentProcess.Id)) {
                    throw new Win32Exception();
                }

                if (!Win32Imports.DebugSetProcessKillOnExit(false)) {
                    throw new Win32Exception();
                }

                ClearEvents();
            }
Пример #2
0
        public static void Main()
        {
            var process = DebugProcessUtils.GetFirstProcessByName(Specifics.ProcessName);

            // ReSharper disable once UnusedVariable
            using (var logger = new Logger(Specifics.LogName, Specifics.LogNameLatest)) {
                ImportResolver ir = new ImportResolver(process);

                ir.DumpDebug();

                var matches = MemScan.LookForByteArray(process, ir, Specifics.StartAddressBytes);
                foreach (var match in matches)
                {
                    Console.WriteLine($"byte array match at: 0x{match:X}");
                }
                if (matches.Count != 1)
                {
                    return;
                }

                MemScan.MemModuleScan(process, ir);

                // TraceMain(process, ir, matches, logger);
            }
        }
Пример #3
0
        public static void DoIt()
        {
            var name    = Specifics.ProcessName;
            var address = Specifics.StartAddress;
            var process = DebugProcessUtils.GetFirstProcessByName(name);

            using (Form form = new Form()) {
                form.Text = "Inspector";
                form.Size = new Size(600, 1080);

                var table         = new DataGridView();
                var bindingSource = new BindingSource();
                table.DataSource = bindingSource;

                var infoTable  = new DataGridView();
                var infoSource = new BindingSource();
                infoTable.DataSource = infoSource;

                var formClosed      = false;
                var cleanupFinished = false;

                var splitter = new Splitter();

                infoTable.Dock = DockStyle.Left;
                splitter.Dock  = DockStyle.Left;
                table.Dock     = DockStyle.Fill;
                form.Controls.AddRange(new Control[] { table, splitter, infoTable });

                Console.CancelKeyPress += delegate(object sender, ConsoleCancelEventArgs e) {
                    e.Cancel = true;
                    //form.Close();
                };

                var progress = new Progress <List <ContextManager.ThreadData> >(
                    (contexts) => {
                    AddContexts(bindingSource, contexts);
                }
                    );

                IProgress <ContextManager.Info> infoProgress = new Progress <ContextManager.Info>(
                    (info) => {
                    UpdateInfo(infoSource, info);
                }
                    );

                var specifics = new Specifics();

                Task.Factory.StartNew(
                    () => {
                    var logName  = Specifics.LogName;
                    var logName2 = Specifics.LogNameLatest;
                    using (var logFile = new Logger(logName, logName2)) {
                        ContextManager cg = null;
                        logFile.WriteLine("");
                        logFile.WriteLine("STARTING INSPECTOR");
                        try {
                            var importResolver = new ImportResolver(process);
                            importResolver.DumpDebug();
                            var logContext = new ContextTracer(importResolver);
                            var logFile2   = logFile;
                            cg             = new ContextManager(name, logFile, specifics, (cm, threadId, context, trace) => {
                                Debug.Assert(logFile2 != null, "logFile2 != null");
                                return(logContext.Log(cm, logFile2, process, threadId, context, trace));
                            }, importResolver);

                            //if (File.Exists(Specifics.appStateFileName)) {
                            //SaveAndRestore.Restore(Specifics.appStateFileName, cg);
                            //} else {
                            cg.EnableBreakPoint(importResolver.ResolveRelativeAddress(address), new ContextManager.BreakPointInfo {
                                Description = "starting breakpoint"
                            });
                            //}
                            cg.AntiAntiDebug();

                            /*try {
                             *  cg.InstallBreakPoint(address);
                             * } catch (InvalidOperationException e) {
                             *  Console.WriteLine($"Failed to install break points: {e.ToString()}");
                             * }*/

                            while (!formClosed)
                            {
                                logFile.WriteLine("main debugger loop");
                                cg.CurrentProcess = DebugProcessUtils.GetFirstProcessByName(cg.CurrentProcess.ProcessName);
                                cg.TestBreak();
                                Update(cg, progress);
                                infoProgress.Report(cg.CurrentInfo);
                                SaveAndRestore.Save(Specifics.AppStateFileName, cg);
                                Task.Delay(Specifics.MainLoopDelay).Wait();
                            }
                        }
                        catch (Exception e) {
                            Console.WriteLine($"Exception: {e.Message}");
                            Console.WriteLine(e.StackTrace);
                            logFile.WriteLine($"Exception: {e.Message}");
                            logFile.WriteLine(e.StackTrace);
                        }
                        // cleanup
                        Console.WriteLine("cleaning up");
                        SaveAndRestore.Save(Specifics.AppStateFileName, cg);
                        cg?.Stop();
                        cleanupFinished = true;
                    }
                },
                    TaskCreationOptions.LongRunning
                    );

                /*Task.Factory.StartNew(
                 *  () => {
                 *      while (true) {
                 *          cg.ResumeEvents();
                 *      }
                 *  },
                 *  TaskCreationOptions.LongRunning
                 * );*/

                form.FormClosing += (sender, e) => {
                    Console.WriteLine("form closing");
                    formClosed = true;
                    while (!cleanupFinished)
                    {
                        Console.WriteLine("waiting for cleanup");
                        Task.Delay(1000).Wait();
                    }
                };

                form.ShowDialog();
            }
        }