📄 debugger.pas
字号:
frmcreatedprocesslist.ListBox1.Items.Add(IntToHex(newprocesses[currentprocess].processid,8));
{$endif}
end;
procedure TDebugger.FoundOne;
var desc,opcode: string;
address: dword;
{$ifdef netserver}
i: integer;
threadlist: tlist;
output: array [0..41] of byte;
{$endif}
begin
{$ifndef netserver}
if foundcodedialog<>nil then
with foundcodedialog do
begin
address:=addressfound;
opcode:=disassemble(address,desc);
setlength(coderecords,length(coderecords)+1);
coderecords[length(coderecords)-1].address:=addressfound;
coderecords[length(coderecords)-1].size:=address-addressfound;
coderecords[length(coderecords)-1].opcode:=opcode;
coderecords[length(coderecords)-1].desciption:=desc;
coderecords[length(coderecords)-1].eax:=context.Eax;
coderecords[length(coderecords)-1].ebx:=context.Ebx;
coderecords[length(coderecords)-1].ecx:=context.Ecx;
coderecords[length(coderecords)-1].edx:=context.Edx;
coderecords[length(coderecords)-1].esi:=context.Esi;
coderecords[length(coderecords)-1].edi:=context.Edi;
coderecords[length(coderecords)-1].ebp:=context.Ebp;
coderecords[length(coderecords)-1].esp:=context.Esp;
coderecords[length(coderecords)-1].eip:=context.Eip;
Foundcodelist.Items.Add(opcode);
end;
{$else}
//send the state information to the client(s)
//FoundCode(Address: dword;eax:dword; ebx:dword; ecx:dword; edx:dword;esi:dword;edi:dword;ebp:dword;esp:dword;eip:dword)
setlength(coderecords,length(coderecords)+1);
coderecords[length(coderecords)-1]:=addressfound;
output[0]:=SC_FoundCode;
pdword(@output[1])^:=addressfound;
pdword(@output[5])^:=context.Eax;
pdword(@output[9])^:=context.Ebx;
pdword(@output[13])^:=context.Ecx;
pdword(@output[17])^:=context.Edx;
pdword(@output[21])^:=context.Esi;
pdword(@output[25])^:=context.Edi;
pdword(@output[29])^:=context.Ebp;
pdword(@output[33])^:=context.Esp;
pdword(@output[37])^:=context.Eip;
threadlist:=form1.idtcpserver1.Threads.LockList;
try
for i:=0 to threadlist.count-1 do
TIdPeerThread(threadlist[i]).Connection.WriteBuffer(output[0],41);
finally
form1.idtcpserver1.Threads.UnlockList;
end;
{$endif}
end;
procedure tdebugger.suspendallthreads;
var i: integer;
begin
for i:=0 to length(threadlist)-1 do
suspendthread(threadlist[i,1]);
end;
procedure tdebugger.resumeallthreads;
var i: integer;
begin
for i:=0 to length(threadlist)-1 do
resumethread(threadlist[i,1]);
end;
procedure TDebugger.UpdateRegisters;
var temp: string;
i: integer;
begin
//removed for a while
{$ifndef netserver}
with memorybrowser do
begin
//enable debug mode
run1.Enabled:=true;
step1.Enabled:=true;
stepover1.Enabled:=true;
runtill1.Enabled:=true;
stacktrace1.Enabled:=true;
for i:=0 to length(threadlist)-1 do
begin
if threadlist[i,1]=pausedthreadhandle then
begin
caption:='Memory Viewer - Currently debugging thread '+inttohex(threadlist[i,0],8);
break;
end;
end;
if frmstacktrace<>nil then
begin
frmstacktrace.stacktrace(debuggerthread.pausedthreadhandle,debuggerthread.context);
end;
Disassembleraddress:=context.Eip;
dselected:=context.eip;
temp:='EAX '+IntToHex(context.Eax,8);
if temp<>eaxlabel.Caption then
begin
eaxlabel.Font.Color:=clred;
eaxlabel.Caption:=temp;
end else eaxlabel.Font.Color:=clWindowText;
temp:='EBX '+IntToHex(context.Ebx,8);
if temp<>ebxlabel.Caption then
begin
ebxlabel.Font.Color:=clred;
ebxlabel.Caption:=temp;
end else ebxlabel.Font.Color:=clWindowText;
temp:='ECX '+IntToHex(context.ECx,8);
if temp<>eCxlabel.Caption then
begin
eCXlabel.Font.Color:=clred;
eCXlabel.Caption:=temp;
end else eCXlabel.Font.Color:=clWindowText;
temp:='EDX '+IntToHex(context.EDx,8);
if temp<>eDxlabel.Caption then
begin
eDxlabel.Font.Color:=clred;
eDxlabel.Caption:=temp;
end else eDxlabel.Font.Color:=clWindowText;
temp:='ESI '+IntToHex(context.ESI,8);
if temp<>eSIlabel.Caption then
begin
eSIlabel.Font.Color:=clred;
eSIlabel.Caption:=temp;
end else eSIlabel.Font.Color:=clWindowText;
temp:='EDI '+IntToHex(context.EDI,8);
if temp<>eDIlabel.Caption then
begin
eDIlabel.Font.Color:=clred;
eDIlabel.Caption:=temp;
end else eDIlabel.Font.Color:=clWindowText;
temp:='EBP '+IntToHex(context.EBP,8);
if temp<>eBPlabel.Caption then
begin
eBPlabel.Font.Color:=clred;
eBPlabel.Caption:=temp;
end else eBPlabel.Font.Color:=clWindowText;
temp:='ESP '+IntToHex(context.ESP,8);
if temp<>eSPlabel.Caption then
begin
eSPlabel.Font.Color:=clred;
eSPlabel.Caption:=temp;
end else eSPlabel.Font.Color:=clWindowText;
temp:='EIP '+IntToHex(context.EIP,8);
if temp<>eIPlabel.Caption then
begin
eIPlabel.Font.Color:=clred;
eIPlabel.Caption:=temp;
end else eIPlabel.Font.Color:=clWindowText;
temp:='CS '+IntToHex(context.SEGCS,4);
if temp<>CSlabel.Caption then
begin
CSlabel.Font.Color:=clred;
CSlabel.Caption:=temp;
end else CSlabel.Font.Color:=clWindowText;
temp:='DS '+IntToHex(context.SEGDS,4);
if temp<>DSlabel.Caption then
begin
DSlabel.Font.Color:=clred;
DSlabel.Caption:=temp;
end else DSLabel.Font.Color:=clWindowText;
temp:='SS '+IntToHex(context.SEGSS,4);
if temp<>SSlabel.Caption then
begin
SSlabel.Font.Color:=clred;
SSlabel.Caption:=temp;
end else SSlabel.Font.Color:=clWindowText;
temp:='ES '+IntToHex(context.SEGES,4);
if temp<>ESlabel.Caption then
begin
ESlabel.Font.Color:=clred;
ESlabel.Caption:=temp;
end else ESlabel.Font.Color:=clWindowText;
temp:='FS '+IntToHex(context.SEGFS,4);
if temp<>FSlabel.Caption then
begin
FSlabel.Font.Color:=clred;
FSlabel.Caption:=temp;
end else FSlabel.Font.Color:=clWindowText;
temp:='GS '+IntToHex(context.SEGGS,4);
if temp<>GSlabel.Caption then
begin
GSlabel.Font.Color:=clred;
GSlabel.Caption:=temp;
end else GSlabel.Font.Color:=clWindowText;
temp:='CF '+IntToStr(GetBitOf(context.EFLAgs,0));
if temp<>cflabel.Caption then
begin
CFlabel.Font.Color:=clred;
CFlabel.caption:=temp;
end else cflabel.Font.Color:=clWindowText;
temp:='PF '+IntToStr(GetBitOf(context.EFlags,2));
if temp<>Pflabel.Caption then
begin
Pflabel.Font.Color:=clred;
Pflabel.caption:=temp;
end else Pflabel.Font.Color:=clWindowText;
temp:='AF '+IntToStr(GetBitOf(context.EFlags,4));
if temp<>Aflabel.Caption then
begin
Aflabel.Font.Color:=clred;
Aflabel.caption:=temp;
end else Aflabel.Font.Color:=clWindowText;
temp:='ZF '+IntToStr(GetBitOf(context.EFlags,6));
if temp<>Zflabel.Caption then
begin
Zflabel.Font.Color:=clred;
Zflabel.caption:=temp;
end else Zflabel.Font.Color:=clWindowText;
temp:='SF '+IntToStr(GetBitOf(context.EFlags,7));
if temp<>Sflabel.Caption then
begin
Sflabel.Font.Color:=clred;
Sflabel.caption:=temp;
end else Sflabel.Font.Color:=clWindowText;
temp:='OF '+IntToStr(GetBitOf(context.EFlags,11));
if temp<>Oflabel.Caption then
begin
Oflabel.Font.Color:=clred;
Oflabel.caption:=temp;
end else Oflabel.Font.Color:=clWindowText;
EAXv:=context.Eax;
EBXv:=context.Ebx;
ECXv:=context.Ecx;
EDXv:=context.Edx;
ESIv:=context.ESi;
EDIv:=context.Edi;
EBPv:=context.Ebp;
ESPv:=context.Esp;
EIPv:=context.Eip;
updatedisassemblerview;
end;
{$endif}
end;
procedure TDebugger.SetSingleStepping(Threadid: dword);
var i: integer;
begin
for i:=0 to length(threadlist)-1 do
if threadlist[i,0]=ThreadId then
begin
context.ContextFlags:=CONTEXT_FULL;
getthreadcontext(threadlist[i,1],context);
context.ContextFlags:=CONTEXT_FULL; //CONTEXT_CONTROL;
context.EFlags:=context.EFlags or $100;
setthreadcontext(threadlist[i,1],context);
break;
end;
end;
procedure TDebugger.ResetBreakpoint;
var zerobreak: _context;
i: integer;
int3: byte;
original,a,written:dword;
begin
if canusedebugregs then
for i:=0 to length(threadlist)-1 do
begin
suspendthread(threadlist[i,1]);
setthreadcontext(threadlist[i,1],drregs);
resumethread(threadlist[i,1]);
end
else
begin
int3:=$cc;
for i:=0 to length(int3userbreakpoints)-1 do
RewriteCode(processhandle,int3userbreakpoints[i].address,@int3,1);
if int3CEBreakpoint.address>0 then
RewriteCode(processhandle,int3CEBreakpoint.address,@int3,1);
end;
end;
procedure TDebugger.RemoveBreakpoint;
var zerobreak: _context;
i: integer;
original,written,a:dword;
begin
if canusedebugregs then
begin
zeromemory(@zerobreak,sizeof(zerobreak));
zerobreak.ContextFlags:=CONTEXT_DEBUG_REGISTERS;
zerobreak.Dr7:=reg0set or reg1set or reg2set or reg3set;
for i:=0 to length(threadlist)-1 do
begin
suspendthread(threadlist[i,1]);
setthreadcontext(threadlist[i,1],zerobreak);
resumethread(threadlist[i,1]);
end;
end
else
begin
//temporarily disable all breakpoints
for i:=0 to length(int3userbreakpoints)-1 do
RewriteCode(processhandle,int3userbreakpoints[i].address,@int3userbreakpoints[i].originalbyte,1);
if int3CEBreakpoint.address>0 then
begin
RewriteCode(processhandle,int3CEbreakpoint.address,@int3cebreakpoint.originalbyte,1);
int3CEBreakpoint.address:=0;
end;
end;
end;
//I always knew viruses are usefull
function TDebugger.injectcode(AddressOfEntryPoint:dword;processhandle:thandle):dword;
{$ifndef net}
var LoadLibraryPtr: pointer;
GetProcAddressPtr: Pointer;
injectedlocation: pointer;
h: Thandle;
inject: array [0..255] of byte;
x:dword;
outp:TAssemblerBytes;
position,position2: dword;
dllLocation: string;
startaddresS: dword;
IHWCIloc: dword;
{$endif}
begin
{$ifndef net}
h:=LoadLibrary('Kernel32.dll');
if h=0 then raise exception.Create('No kernel32.dll loaded');
try
GetProcAddressPtr:=GetProcAddress(h,'GetProcAddress');
if getprocaddressptr=nil then raise exception.Create('GetProcAddress not found');
LoadLibraryPtr:=GetProcAddress(h,'LoadLibraryA');
if LoadLibraryptr=nil then raise exception.Create('LoadLibraryA not found');
injectedlocation:=VirtualAllocEx(processhandle,nil,4096,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
if injectedlocation=nil then raise exception.Create('Failed to allocate memory');
dlllocation:=extractfilepath(application.exename)+'CEHOOK.DLL';
position:=dword(injectedlocation);
position2:=0;
copymemory(@inject[0],pchar(dllLocation+#0),length(dllLocation)+1);
inc(position,length(dllLocation)+1);
inc(position2,length(dlllocation)+1);
ihwciloc:=position;
copymemory(@inject[position2],pchar('IHWCI'#0),6);
inc(position,6);
inc(position2,6);
startaddress:=position;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -