public static sstSrcModule.SourceFileInformation? GetFileInfo(DebugProcessModule module, string file) { foreach (var section in module.ModuleMetaInfo.CodeViewSection.Data.SubsectionDirectory.Sections) if (section is sstSrcModule) { var srcModule = (sstSrcModule)section; foreach (var f in srcModule.FileInfo) if (f.SourceFileName == file) return f; } return null; }
public DebugProcess(Debuggee dbg, string executableFile, IntPtr processHandle, uint processId, IntPtr mainThreadHandle, uint mainThreadId, ExecutableMetaInfo emi) { this.Debuggee = dbg; Handle = processHandle; Id = processId; MainModule = new DebugProcessModule(new IntPtr(emi.PEHeader.OptionalHeader32.ImageBase),executableFile, emi); RegModule(MainModule); MainThread = new DebugThread(this, mainThreadHandle, mainThreadId, MainModule.StartAddress, IntPtr.Zero); RegThread(MainThread); }
public DebugProcess(Debuggee dbg, string executableFile, IntPtr processHandle, uint processId, IntPtr mainThreadHandle, uint mainThreadId, ExecutableMetaInfo emi) { this.Debuggee = dbg; Handle = processHandle; Id = processId; MainModule = new DebugProcessModule(new IntPtr(emi.PEHeader.OptionalHeader32.ImageBase), executableFile, emi); RegModule(MainModule); MainThread = new DebugThread(this, mainThreadHandle, mainThreadId, MainModule.StartAddress, IntPtr.Zero); RegThread(MainThread); }
public DebugProcess(Debuggee dbg, Win32.CREATE_PROCESS_DEBUG_INFO info, uint id, uint threadId) { this.Debuggee = dbg; Handle = info.hProcess; Id = id == 0 ? API.GetProcessId(Handle) : id; var moduleFile = APIIntermediate.GetModulePath(Handle, info.lpBaseOfImage, info.hFile); // Deduce main module MainModule = new DebugProcessModule(info.lpBaseOfImage, moduleFile, ExecutableMetaInfo.ExtractFrom(moduleFile)); RegModule(MainModule); // Create main thread MainThread = new DebugThread(this, info.hThread, threadId == 0 ? API.GetThreadId(info.hThread) : threadId, info.lpStartAddress, info.lpThreadLocalBase); RegThread(MainThread); }
void HandleDebugEvent(DebugEventData de) { var p = ProcessById(de.dwProcessId); var th = CurrentThread = p.ThreadById(de.dwThreadId); switch (de.dwDebugEventCode) { case DebugEventCode.EXCEPTION_DEBUG_EVENT: HandleException(th, de.Exception); break; case DebugEventCode.CREATE_PROCESS_DEBUG_EVENT: var cpi = de.CreateProcessInfo; if (MainProcess != null && de.dwProcessId == MainProcess.Id) { API.CloseHandle(cpi.hProcess); API.CloseHandle(cpi.hThread); API.CloseHandle(cpi.hFile); foreach (var l in DDebugger.EventListeners) { l.OnCreateProcess(MainProcess); } break; } // After a new process was created (also occurs after initial WaitForDebugEvent()!!), p = new DebugProcess(this, cpi, de.dwProcessId, de.dwThreadId); API.CloseHandle(cpi.hFile); // enlist it processes.Add(p); // and call the listeners foreach (var l in DDebugger.EventListeners) { l.OnCreateProcess(p); } break; case DebugEventCode.CREATE_THREAD_DEBUG_EVENT: p = ProcessById(de.dwProcessId); // Create new thread wrapper th = CurrentThread = new DebugThread(p, de.CreateThread.hThread, de.dwThreadId, de.CreateThread.lpStartAddress, de.CreateThread.lpThreadLocalBase); // Register it to main process p.RegThread(th); // Call listeners foreach (var l in DDebugger.EventListeners) { l.OnCreateThread(th); } break; case DebugEventCode.EXIT_PROCESS_DEBUG_EVENT: foreach (var l in DDebugger.EventListeners) { l.OnProcessExit(p, de.ExitProcess.dwExitCode); } processes.Remove(p); p.Dispose(); break; case DebugEventCode.EXIT_THREAD_DEBUG_EVENT: foreach (var l in DDebugger.EventListeners) { l.OnThreadExit(th, de.ExitThread.dwExitCode); } p.RemThread(th); th.Dispose(); break; case DebugEventCode.LOAD_DLL_DEBUG_EVENT: var loadParam = de.LoadDll; var modName = APIIntermediate.GetModulePath(p.Handle, loadParam.lpBaseOfDll, loadParam.hFile); API.CloseHandle(loadParam.hFile); var mod = new DebugProcessModule(loadParam.lpBaseOfDll, modName, ExecutableMetaInfo.ExtractFrom(modName)); p.RegModule(mod); foreach (var l in DDebugger.EventListeners) { l.OnModuleLoaded(p, mod); } break; case DebugEventCode.UNLOAD_DLL_DEBUG_EVENT: mod = p.ModuleByBase(de.UnloadDll.lpBaseOfDll); foreach (var l in DDebugger.EventListeners) { l.OnModuleUnloaded(p, mod); } p.RemModule(mod); break; case DebugEventCode.OUTPUT_DEBUG_STRING_EVENT: var message = APIIntermediate.ReadString(p.Handle, de.DebugString.lpDebugStringData, de.DebugString.fUnicode == 0 ? Encoding.ASCII : Encoding.Unicode, (int)de.DebugString.nDebugStringLength); foreach (var l in DDebugger.EventListeners) { l.OnDebugOutput(th, message); } break; } }
public override void OnModuleUnloaded(DebugProcess mainProcess, DebugProcessModule module) { if (module != null) form.Log(module.ImageFile + " unloaded (0x" + string.Format("{0,8:X}", module.ImageBase) + ")"); else form.Log("Some module was unloaded"); }
public override void OnModuleLoaded(DebugProcess mainProcess, DebugProcessModule module) { form.Log(module.ImageFile+" loaded (0x"+string.Format("{0,8:X}",module.ImageBase)+")"); }
internal bool RemModule(DebugProcessModule mod) { return modules.Remove(mod); }
internal void RegModule(DebugProcessModule mod) { modules.Add(mod); }
void HandleDebugEvent(DebugEventData de) { var p = ProcessById(de.dwProcessId); var th = CurrentThread = p.ThreadById(de.dwThreadId); switch (de.dwDebugEventCode) { case DebugEventCode.EXCEPTION_DEBUG_EVENT: HandleException(th, de.Exception); break; case DebugEventCode.CREATE_PROCESS_DEBUG_EVENT: var cpi = de.CreateProcessInfo; if (MainProcess != null && de.dwProcessId == MainProcess.Id) { API.CloseHandle(cpi.hProcess); API.CloseHandle(cpi.hThread); API.CloseHandle(cpi.hFile); foreach(var l in DDebugger.EventListeners) l.OnCreateProcess(MainProcess); break; } // After a new process was created (also occurs after initial WaitForDebugEvent()!!), p = new DebugProcess(this,cpi, de.dwProcessId, de.dwThreadId); API.CloseHandle(cpi.hFile); // enlist it processes.Add(p); // and call the listeners foreach (var l in DDebugger.EventListeners) l.OnCreateProcess(p); break; case DebugEventCode.CREATE_THREAD_DEBUG_EVENT: p = ProcessById(de.dwProcessId); // Create new thread wrapper th = CurrentThread = new DebugThread(p, de.CreateThread.hThread, de.dwThreadId, de.CreateThread.lpStartAddress, de.CreateThread.lpThreadLocalBase); // Register it to main process p.RegThread(th); // Call listeners foreach (var l in DDebugger.EventListeners) l.OnCreateThread(th); break; case DebugEventCode.EXIT_PROCESS_DEBUG_EVENT: foreach (var l in DDebugger.EventListeners) l.OnProcessExit(p, de.ExitProcess.dwExitCode); processes.Remove(p); p.Dispose(); break; case DebugEventCode.EXIT_THREAD_DEBUG_EVENT: foreach (var l in DDebugger.EventListeners) l.OnThreadExit(th, de.ExitThread.dwExitCode); p.RemThread(th); th.Dispose(); break; case DebugEventCode.LOAD_DLL_DEBUG_EVENT: var loadParam = de.LoadDll; var modName = APIIntermediate.GetModulePath(p.Handle, loadParam.lpBaseOfDll, loadParam.hFile); API.CloseHandle(loadParam.hFile); var mod = new DebugProcessModule(loadParam.lpBaseOfDll, modName, ExecutableMetaInfo.ExtractFrom(modName)); p.RegModule(mod); foreach (var l in DDebugger.EventListeners) l.OnModuleLoaded(p, mod); break; case DebugEventCode.UNLOAD_DLL_DEBUG_EVENT: mod = p.ModuleByBase(de.UnloadDll.lpBaseOfDll); foreach (var l in DDebugger.EventListeners) l.OnModuleUnloaded(p, mod); p.RemModule(mod); break; case DebugEventCode.OUTPUT_DEBUG_STRING_EVENT: var message = APIIntermediate.ReadString(p.Handle, de.DebugString.lpDebugStringData, de.DebugString.fUnicode == 0 ? Encoding.ASCII : Encoding.Unicode, (int)de.DebugString.nDebugStringLength); foreach (var l in DDebugger.EventListeners) l.OnDebugOutput(th, message); break; } }
public virtual void OnModuleUnloaded(DebugProcess mainProcess, DebugProcessModule module) { }
internal bool RemModule(DebugProcessModule mod) { return(modules.Remove(mod)); }