📄 debdebug.c
字号:
return( TRUE );
}
// ************************************************************************
// FUNCTION : HandleExitProcessEvent( LPDEBUG_EVENT )
// PURPOSE : handle EXIT_PROCESS_DEBUG_EVENT
// COMMENTS : search process list, delete existing process node,
// ************************************************************************
BOOL
HandleExitProcessEvent( LPDEBUG_EVENT lpDebugEvent )
{
PNODE pSearchProcessNode;
PDEB_PROCESS_NODE_INFO pSearchProcessNodeInfo;
PDEB_PROCESS_LIST_INFO pProcessListInfo;
AllocProcessNode( &pSearchProcessNode, &pSearchProcessNodeInfo );
pSearchProcessNodeInfo->dwProcessId = lpDebugEvent->dwProcessId;
DeleteProcessNode( pProcessList, pSearchProcessNode );
//-- if last process? free all temporary memory, exit thread
pProcessListInfo = (PDEB_PROCESS_LIST_INFO) pProcessList->pListData;
if( !pProcessListInfo->dwActiveProcesses )
fFinished = TRUE;
DestroyProcessNode( pSearchProcessNode );
return( TRUE );
}
// ************************************************************************
// FUNCTION : HandleLoadDllEvent( LPDEBUG_EVENT )
// PURPOSE : handle LOAD_DLL_DEBUG_EVENT
// COMMENTS : search process list, insert new DLL node
// ************************************************************************
BOOL
HandleLoadDllEvent( LPDEBUG_EVENT lpDebugEvent )
{
PNODE pProcessNode, pSearchProcessNode;
PNODE pDllNode;
PDEB_PROCESS_NODE_INFO pProcessNodeInfo, pSearchProcessNodeInfo;
PDEB_DLL_NODE_INFO pDllNodeInfo;
AllocProcessNode( &pSearchProcessNode, &pSearchProcessNodeInfo );
pSearchProcessNodeInfo->dwProcessId = lpDebugEvent->dwProcessId;
SetCurrentProcessNode( pProcessList, pSearchProcessNode );
GetCurrentNode( pProcessList, &pProcessNode );
pProcessNodeInfo = (PDEB_PROCESS_NODE_INFO) pProcessNode->pNodeData;
AllocDllNode( &pDllNode, &pDllNodeInfo );
InitDllNodeInfo( &pDllNodeInfo, lpDebugEvent );
InsertDllNode( pProcessNodeInfo->pDllList, pDllNode );
DestroyProcessNode( pSearchProcessNode );
return( TRUE );
}
// ************************************************************************
// FUNCTION : HandleUnloadDllEvent( LPDEBUG_EVENT )
// PURPOSE : handle UNLOAD_DLL_DEBUG_EVENT
// COMMENTS : search process list, search DLL list, delete existing DLL
// node
// ************************************************************************
BOOL
HandleUnloadDllEvent( LPDEBUG_EVENT lpDebugEvent )
{
PNODE pProcessNode, pSearchProcessNode;
PNODE pSearchDllNode;
PDEB_PROCESS_NODE_INFO pProcessNodeInfo, pSearchProcessNodeInfo;
PDEB_DLL_NODE_INFO pSearchDllNodeInfo;
AllocProcessNode( &pSearchProcessNode, &pSearchProcessNodeInfo );
pSearchProcessNodeInfo->dwProcessId = lpDebugEvent->dwProcessId;
SetCurrentProcessNode( pProcessList, pSearchProcessNode );
GetCurrentNode( pProcessList, &pProcessNode );
pProcessNodeInfo = (PDEB_PROCESS_NODE_INFO) pProcessNode->pNodeData;
AllocDllNode( &pSearchDllNode, &pSearchDllNodeInfo );
pSearchDllNodeInfo->DllDebugInfo.lpBaseOfDll = lpDebugEvent->u.UnloadDll.lpBaseOfDll;
DeleteDllNode( pProcessNodeInfo->pDllList, pSearchDllNode );
DestroyDllNode( pSearchDllNode );
DestroyProcessNode( pSearchProcessNode );
return( TRUE );
}
// ************************************************************************
// FUNCTION : HandleOutputDebugStringEvent( LPDEBUG_EVENT )
// PURPOSE : handle OUTPUT_DEBUG_STRING_EVENT
// COMMENTS : do nothing
// ************************************************************************
BOOL
HandleOutputDebugStringEvent( LPDEBUG_EVENT lpDebugEvent )
{
return( TRUE );
}
// ************************************************************************
// FUNCTION : HandleRipEvent( LPDEBUG_EVENT )
// PURPOSE : handle RIP_EVENT
// COMMENTS : do nothing
// ************************************************************************
BOOL
HandleRipEvent( LPDEBUG_EVENT lpDebugEvent )
{
return( TRUE );
}
// ************************************************************************
// FUNCTION : HandleUnknownEvent( LPDEBUG_EVENT )
// PURPOSE : handle all unknown debug events
// COMMENTS : do nothing
// ************************************************************************
BOOL
HandleUnknownEvent( LPDEBUG_EVENT lpDebugEvent )
{
return( TRUE );
}
// ========================================================================
// misc debug event helper functions
// ========================================================================
// ************************************************************************
// FUNCTION : DebugNewProcess( LPTSTR, LPTSTR )
// PURPOSE : starts a new process as a debuggee
// COMMENTS :
// ************************************************************************
BOOL
DebugNewProcess( LPTSTR lpszFileName, LPTSTR lpszTitle )
{
static STARTUPINFO StartupInfo;
static LPSTARTUPINFO lpStartupInfo = &StartupInfo;
static PROCESS_INFORMATION ProcessInfo;
static LPPROCESS_INFORMATION lpProcessInfo = &ProcessInfo;
lpStartupInfo->cb = sizeof( STARTUPINFO );
lpStartupInfo->lpDesktop = NULL;
lpStartupInfo->lpTitle = lpszTitle;
lpStartupInfo->dwX = 0;
lpStartupInfo->dwY = 0;
lpStartupInfo->dwXSize = 0;
lpStartupInfo->dwYSize = 0;
lpStartupInfo->dwFlags = (DWORD) NULL;
lpStartupInfo->wShowWindow = SW_SHOWDEFAULT;
lpProcessInfo->hProcess = NULL;
//-- create the Debuggee process instead
if( !CreateProcess(
NULL,
lpszFileName,
(LPSECURITY_ATTRIBUTES) NULL,
(LPSECURITY_ATTRIBUTES) NULL,
TRUE,
Profile.DebugMode | Profile.DebuggeePriority | CREATE_NEW_CONSOLE,
(LPVOID) NULL,
(LPTSTR) NULL,
lpStartupInfo, lpProcessInfo ) ) {
switch( GetLastError() ) {
case ERROR_FILE_NOT_FOUND:
MessageBox( GetDesktopWindow(), TEXT( "This file does not exist." ),
TEXT( "Open File Error" ), MB_OK | MB_APPLMODAL | MB_SETFOREGROUND );
break;
case ERROR_ACCESS_DENIED:
MessageBox( GetDesktopWindow(), TEXT( "Access denied." ),
TEXT( "Open File Error" ), MB_OK | MB_APPLMODAL | MB_SETFOREGROUND );
break;
case ERROR_FILE_INVALID:
MessageBox( GetDesktopWindow(), TEXT( "Invalid file." ),
TEXT( "Open File Error" ), MB_OK | MB_APPLMODAL | MB_SETFOREGROUND );
break;
case ERROR_FILE_CORRUPT:
MessageBox( GetDesktopWindow(), TEXT( "The file is corrupt." ),
TEXT( "Open File Error" ), MB_OK | MB_APPLMODAL | MB_SETFOREGROUND );
break;
case ERROR_BAD_EXE_FORMAT:
MessageBox( GetDesktopWindow(), TEXT( "The file has a bad format." ),
TEXT( "Open File Error" ), MB_OK | MB_APPLMODAL | MB_SETFOREGROUND );
break;
default:
ErrorMessageBox( TEXT( "CreateProcess()" ),
Global.szApiFailed, szSourceFileName, __LINE__ );
break;
}
return( FALSE );
}
else {
CloseHandle( ProcessInfo.hProcess );
CloseHandle( ProcessInfo.hThread );
}
return( TRUE
);
}
// ************************************************************************
// FUNCTION : GetDllFileName( LPDEBUG_EVENT, LPTSTR, DWORD )
// PURPOSE : get DLL filename when LOAD_DLL_DEBUG_EVENT occurs
// COMMENTS : search process list, get DLL name from header
// ************************************************************************
BOOL
GetDllFileName( LPDEBUG_EVENT lpDebugEvent, LPTSTR lpszBuffer,
DWORD cchBuffer )
{
PNODE pProcessNode, pSearchProcessNode;
PDEB_PROCESS_NODE_INFO pProcessNodeInfo, pSearchProcessNodeInfo;
AllocProcessNode( &pSearchProcessNode, &pSearchProcessNodeInfo );
pSearchProcessNodeInfo->dwProcessId = lpDebugEvent->dwProcessId;
SetCurrentProcessNode( pProcessList, pSearchProcessNode );
GetCurrentNode( pProcessList, &pProcessNode );
pProcessNodeInfo = (PDEB_PROCESS_NODE_INFO) pProcessNode->pNodeData;
GetModuleFileNameFromHeader(
pProcessNodeInfo->ProcessDebugInfo.hProcess,
lpDebugEvent->u.LoadDll.hFile,
(DWORD) lpDebugEvent->u.LoadDll.lpBaseOfDll,
lpszBuffer, cchBuffer);
DestroyProcessNode( pSearchProcessNode );
return( TRUE );
}
// ************************************************************************
// FUNCTION : GetDllFileNameFromList( LPDEBUG_EVENT, LPTSTR, DWORD )
// PURPOSE : get DLL filename when UNLOAD_DLL_DEBUG_EVENT occurs
// COMMENTS : search process list, search DLL list, get DLL name
// ************************************************************************
BOOL
GetDllFileNameFromList( LPDEBUG_EVENT lpDebugEvent, LPTSTR lpszBuffer,
DWORD cchBuffer )
{
PNODE pProcessNode, pSearchProcessNode;
PNODE pDllNode, pSearchDllNode;
PDEB_PROCESS_NODE_INFO pProcessNodeInfo, pSearchProcessNodeInfo;
PDEB_DLL_NODE_INFO pDllNodeInfo, pSearchDllNodeInfo;
UNREFERENCED_PARAMETER( cchBuffer );
AllocProcessNode( &pSearchProcessNode, &pSearchProcessNodeInfo );
pSearchProcessNodeInfo->dwProcessId = lpDebugEvent->dwProcessId;
SetCurrentProcessNode( pProcessList, pSearchProcessNode );
GetCurrentNode( pProcessList, &pProcessNode );
pProcessNodeInfo = (PDEB_PROCESS_NODE_INFO) pProcessNode->pNodeData;
AllocDllNode( &pSearchDllNode, &pSearchDllNodeInfo );
pSearchDllNodeInfo->DllDebugInfo.lpBaseOfDll = lpDebugEvent->u.UnloadDll.lpBaseOfDll;
SetCurrentDllNode( pProcessNodeInfo->pDllList, pSearchDllNode );
GetCurrentNode( pProcessNodeInfo->pDllList, &pDllNode );
pDllNodeInfo = (PDEB_DLL_NODE_INFO) pDllNode->pNodeData;
lstrcpy( lpszBuffer, pDllNodeInfo->lpstrFileName );
return( TRUE );
}
// ************************************************************************
// FUNCTION : GetOutputDebugString( LPDEBUG_EVENT, LPTSTR, DWORD )
// PURPOSE : get the output debug string from the debuggee when
// OUTPUT_DEBUG_STRING_EVENT occurs
// COMMENTS : search process list, read the string from the debuggee
// ************************************************************************
BOOL
GetOutputDebugString( LPDEBUG_EVENT lpDebugEvent, LPTSTR lpszBuffer,
DWORD cchBuffer )
{
PNODE pProcessNode, pSearchProcessNode;
PDEB_PROCESS_NODE_INFO pProcessNodeInfo, pSearchProcessNodeInfo;
DWORD dwNumberOfBytesRead;
UNREFERENCED_PARAMETER( cchBuffer );
AllocProcessNode( &pSearchProcessNode, &pSearchProcessNodeInfo );
pSearchProcessNodeInfo->dwProcessId = lpDebugEvent->dwProcessId;
SetCurrentProcessNode( pProcessList, pSearchProcessNode );
GetCurrentNode( pProcessList, &pProcessNode );
pProcessNode = (PNODE) pProcessList->pCurrentNode;
pProcessNodeInfo = (PDEB_PROCESS_NODE_INFO) pProcessNode->pNodeData;
ReadProcessMemory(
pProcessNodeInfo->ProcessDebugInfo.hProcess,
lpDebugEvent->u.DebugString.lpDebugStringData,
lpszBuffer, lpDebugEvent->u.DebugString.nDebugStringLength,
&dwNumberOfBytesRead );
DestroyProcessNode( pSearchProcessNode );
return( TRUE );
}
// ************************************************************************
// FUNCTION : GetModuleFileNameFromHeader( HANDLE, HANDLE, DWORD, LPTSTR, DWORD )
// PURPOSE : Retrieves the DLL module name for a given file handle of a
// the module. Reads the module name from the EXE header.
// COMMENTS :
// Retrieves only the module name and not the pathname. Returns the
// number of characters copies to the buffer, else returns 0.
// ************************************************************************
DWORD
GetModuleFileNameFromHeader( HANDLE hProcess, HANDLE hFile, DWORD BaseOfDll,
LPTSTR lpszPath, DWORD cchPath )
{
#define IMAGE_SECOND_HEADER_OFFSET (15 * sizeof(ULONG)) // relative to file beginning
#define IMAGE_BASE_OFFSET (13 * sizeof(DWORD)) // relative to PE header base
#define IMAGE_EXPORT_TABLE_RVA_OFFSET (30 * sizeof(DWORD)) // relative to PE header base
#define IMAGE_NAME_RVA_OFFSET offsetof(IMAGE_EXPORT_DIRECTORY, Name)
WORD DosSignature;
DWORD NtSignature;
DWORD dwNumberOfBytesRead = 0;
DWORD PeHeader, ImageBase, ExportTableRVA, NameRVA;
//-- verify that the handle is not NULL
if( !hFile ) {
lstrcpy( lpszPath, TEXT("Invalid File Handle") );
return( 0 );
}
//-- verify that the handle is for a disk file
if( GetFileType(hFile) != FILE_TYPE_DISK ) {
lstrcpy( lpszPath, TEXT("Invalid File Type") );
return( 0 );
}
//-- Extract the filename from the EXE header
SetFilePointer( hFile, 0L, NULL, FILE_BEGIN );
ReadFile( hFile, &DosSignature, sizeof(DosSignature), &dwNumberOfBytesRead,
(LPOVERLAPPED) NULL);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -