public static string ReadZeroTerminatedString(this IDebuggeeProcess process, IntPtr address, bool unicode, int maxLength = 0x100)
{
// We do not know the size of the string, therefore read the memory in chunks and search for a zero byte.
const int bufferSize = 256;
var encoding = unicode ? Encoding.ASCII : Encoding.Unicode;
var builder = new StringBuilder();
IntPtr currentAddress = address;
byte[] buffer = new byte[bufferSize];
string lastChunk;
int nullIndex;
do
{
process.ReadMemory(currentAddress, buffer, 0, buffer.Length);
lastChunk = encoding.GetString(buffer);
nullIndex = lastChunk.IndexOf('\0');
builder.Append(lastChunk);
currentAddress += bufferSize;
} while (nullIndex == -1 && builder.Length < 0x100);
// If \0 was found, remove everything after this character. Otherwise just return the raw string.
string rawString = builder.ToString();
return(nullIndex != -1
? rawString.Remove(builder.Length - (lastChunk.Length - nullIndex))
: rawString);
}
public void Execute(IDebuggerSession session, string[] arguments, Logger output)
{
var process = session.GetProcesses().First();
if (process != _process)
{
_process = process;
_reader = new ProcessMemoryReader(process)
{
NegateBreakpoints = true
};
_disassembler = new X86Disassembler(_reader);
}
if (arguments.Length > 0)
{
_reader.Position = long.Parse(arguments[0], NumberStyles.HexNumber);
}
int count = 5;
if (arguments.Length > 1)
{
count = int.Parse(arguments[1]);
}
for (int i = 0; i < count; i++)
{
var instruction = _disassembler.ReadNextInstruction();
_printer.PrintInstruction(instruction, process.GetSoftwareBreakpointByAddress((IntPtr)instruction.Offset));
}
}
public static string ReadString(this IDebuggeeProcess process, IntPtr address, int length, bool unicode)
{
byte[] data = new byte[length];
process.ReadMemory(address, data, 0, data.Length);
var encoding = unicode ? Encoding.ASCII : Encoding.Unicode;
return(encoding.GetString(data));
}
public ProcessMemoryReader(IDebuggeeProcess process)
{
_process = process ?? throw new ArgumentNullException(nameof(process));
StartPosition = (long)process.BaseAddress;
Position = StartPosition;
}
private void DumpMemory(IDebuggeeProcess process, ulong address, int rows, X86OperandSize size, Logger logger)
{
const int rowSize = 0x10;
var buffer = new byte[rows * rowSize];
process.ReadMemory((IntPtr)address, buffer, 0, buffer.Length);
int stepSize = 0;
switch (size)
{
case X86OperandSize.Byte:
stepSize = 1;
break;
case X86OperandSize.Word:
stepSize = 2;
break;
case X86OperandSize.Dword:
stepSize = 4;
break;
default:
throw new ArgumentOutOfRangeException(nameof(size));
}
for (int row = 0; row < rows; row++)
{
logger.Write("{0:X8}: ", address + (ulong)(row * rowSize));
var builder = new StringBuilder();
for (int col = 0; col < rowSize; col += stepSize)
{
if (col % 4 == 0)
{
logger.Write(" ");
}
ulong currentValue = 0;
switch (size)
{
case X86OperandSize.Byte:
currentValue = buffer[row * rowSize + col];
break;
case X86OperandSize.Word:
currentValue = BitConverter.ToUInt16(buffer, row * rowSize + col);
break;
case X86OperandSize.Dword:
currentValue = BitConverter.ToUInt32(buffer, row * rowSize + col);
break;
}
logger.Write("{0} ", currentValue.ToString("X" + (stepSize * 2)));
if (stepSize == 1)
{
char currentChar = (char)currentValue;
builder.Append(char.IsControl(currentChar) ? '.' : currentChar);
}
}
logger.WriteLine(" " + builder.ToString());
}
}
public DebuggeeLibrary(IDebuggeeProcess process, string name, IntPtr baseOfLibrary)
{
Process = process ?? throw new ArgumentNullException(nameof(process));
Name = name;
BaseOfLibrary = baseOfLibrary;
}
public DebuggeeProcessEventArgs(IDebuggeeProcess process)
: base(process.Session)
{
Process = process;
}
