📄 bp.c
字号:
ULONG i; ENTER_FUNC(); p = aSwBreakpoints; for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++,p++) { if(PICE_strcmpi(p->szProcessName,current->comm) == 0 ) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "%lx == %lx?\n", ulAddress & PAGE_MASK, p->ulAddress & PAGE_MASK); if(p->bUsed == TRUE && p->bInstalled == FALSE && p->bVirtual == TRUE && ((ulAddress & PAGE_MASK) == (p->ulAddress & PAGE_MASK))) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "candidate %x found\n",p->ulAddress); if(IsAddressValid(p->ulAddress)) { if(p->ulAddress < TASK_SIZE) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical write\n"); p->ulPhysAddress = GetPhysicalAddress(p->ulAddress); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical address is %.8X\n",p->ulPhysAddress); WritePhysMem(p->ulPhysAddress,INT3_OPCODE,sizeof(UCHAR)); } else *(PUCHAR)p->ulAddress = INT3_OPCODE; p->bInstalled = TRUE; p->bVirtual = FALSE; } } } } LEAVE_FUNC();}//************************************************************************* // IsSwBpAtAddressInstalled() // //************************************************************************* BOOLEAN IsSwBpAtAddressInstalled(ULONG ulAddress){ ULONG i; for(i=0;i<DIM(aSwBreakpoints);i++) { if(aSwBreakpoints[i].ulAddress == ulAddress && aSwBreakpoints[i].bUsed == TRUE && aSwBreakpoints[i].bInstalled && aSwBreakpoints[i].bVirtual == FALSE) return TRUE; } return FALSE;}//************************************************************************* // IsSwBpAtAddress() // //************************************************************************* BOOLEAN IsSwBpAtAddress(ULONG ulAddress){ ULONG i; for(i=0;i<DIM(aSwBreakpoints);i++) { if(aSwBreakpoints[i].ulAddress == ulAddress && aSwBreakpoints[i].bUsed==TRUE && aSwBreakpoints[i].bVirtual==FALSE) return TRUE; } return FALSE;}//************************************************************************* // IsSwBpAtPreviousAddress() // //************************************************************************* BOOLEAN IsSwBpAtPreviousAddress(ULONG ulAddress){ ULONG i; for(i=0;i<DIM(aSwBreakpoints);i++) { if(aSwBreakpoints[i].ulNextInstr == ulAddress && aSwBreakpoints[i].bUsed==TRUE && aSwBreakpoints[i].bVirtual==FALSE) return TRUE; } return FALSE;}//************************************************************************* // NeedToReInstallSWBreakpoints() // //************************************************************************* BOOLEAN NeedToReInstallSWBreakpoints(ULONG ulAddress,BOOLEAN bUseAddress){ PSW_BP p; BOOLEAN bResult = FALSE; ULONG i; ENTER_FUNC(); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "%x (bUseAddress = %s)\n",ulAddress,bUseAddress?"TRUE":"FALSE"); for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++) { p = &aSwBreakpoints[i]; if(bUseAddress) { if(p->bUsed == TRUE && p->bInstalled == FALSE && p->ulAddress==ulAddress && p->bVirtual==FALSE) { if(IsAddressValid(p->ulAddress)) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "found BP\n"); bResult = TRUE; break; } } } else { if(p->bUsed == TRUE && p->bInstalled == FALSE && p->bVirtual == FALSE) { if(IsAddressValid(p->ulAddress)) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "found BP\n"); bResult = TRUE; break; } } } } LEAVE_FUNC(); return bResult;}//************************************************************************* // ReInstallSWBreakpoint() // //************************************************************************* BOOLEAN ReInstallSWBreakpoint(ULONG ulAddress){ PSW_BP p; BOOLEAN bResult = FALSE; ULONG i; ENTER_FUNC(); p = aSwBreakpoints; for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++,p++) { if(p->bUsed == TRUE && p->bInstalled == FALSE && p->ulAddress == ulAddress && p->bVirtual == FALSE) { if(IsAddressValid(p->ulAddress)) { if(p->ulAddress < TASK_SIZE) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical write\n"); p->ulPhysAddress = GetPhysicalAddress(p->ulAddress); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical address is %.8X\n", p->ulPhysAddress); WritePhysMem(p->ulPhysAddress,INT3_OPCODE,sizeof(UCHAR)); } else { *(PUCHAR)p->ulAddress = INT3_OPCODE; } p->bInstalled = TRUE; bResult = TRUE; } } } LEAVE_FUNC(); return bResult;}//************************************************************************* // ReInstallSWBreakpointAtPreviousAddress() // //************************************************************************* BOOLEAN ReInstallSWBreakpointAtPreviousAddress(ULONG ulAddress){ PSW_BP p; BOOLEAN bResult = FALSE; ULONG i; ENTER_FUNC(); p = aSwBreakpoints; for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++,p++) { if(p->bUsed == TRUE && p->bInstalled == FALSE && p->ulNextInstr == ulAddress && p->bVirtual == FALSE) { if(IsAddressValid(p->ulAddress)) { if(p->ulAddress < TASK_SIZE) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical write\n"); p->ulPhysAddress = GetPhysicalAddress(p->ulAddress); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical address is %.8X\n", p->ulPhysAddress); WritePhysMem(p->ulPhysAddress,INT3_OPCODE,sizeof(UCHAR)); } else { *(PUCHAR)p->ulAddress = INT3_OPCODE; } p->bInstalled = TRUE; bResult = TRUE; } } } LEAVE_FUNC(); return bResult;}//************************************************************************* // InstallSWBreakpoint() // //************************************************************************* BOOLEAN InstallSWBreakpoint(ULONG ulAddress,BOOLEAN bPermanent,void (*SWBreakpointCallback)(EXCEPTION_FRAME*)){ DECL_TEMP; PSW_BP p; BOOLEAN bResult = FALSE; ENTER_FUNC(); // check if page is present // TODO: must also check if it's a writable page if((p = FindSwBp(ulAddress))==NULL) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "%.8X is free\n",ulAddress); if( (p=FindEmptySwBpSlot()) ) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "found empty slot\n"); p->bUsed = TRUE; // // slot is used p->bInstalled = TRUE; p->ulAddress = ulAddress; DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "find next instruction for %.8X\n", ulAddress); ALLOC_TEMP(1024); Disasm(&ulAddress,(PUCHAR)TEMP); FREE_TEMP(); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "next instruction address = %.8X\n",ulAddress); p->ulNextInstr = ulAddress; p->bPermanent = bPermanent; if(ulAddress < TASK_SIZE) { p->ulProcess = (ULONG)current; PICE_strcpy(p->szProcessName,current->comm); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "user-mode BP in process %s = %.8X\n",p->szProcessName,p->ulProcess); } if(bPermanent) p->Callback = SWBreakpointCallback; else p->Callback = NULL; if(IsAddressValid(p->ulAddress)) { p->ucOriginalOpcode = *(PUCHAR)p->ulAddress; if(p->ulAddress < TASK_SIZE) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical write\n"); p->ulPhysAddress = GetPhysicalAddress(p->ulAddress); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical address is %.8X\n",p->ulPhysAddress); WritePhysMem(p->ulPhysAddress,INT3_OPCODE,sizeof(UCHAR)); } else { *(PUCHAR)p->ulAddress = INT3_OPCODE; } } bResult = TRUE; } } else { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "%.8X is already used\n",ulAddress); if(p->bPermanent) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "%.8X is a permanent breakpoint\n",ulAddress); } } LEAVE_FUNC(); return bResult;}//************************************************************************* // InstallVirtualSWBreakpoint() // //************************************************************************* BOOLEAN InstallVirtualSWBreakpoint(LPSTR ModName,LPSTR FunctionName){ PSW_BP p; BOOLEAN bResult = FALSE; ENTER_FUNC(); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "[%s] [%s]\n", ModName, FunctionName); if( (p=FindEmptySwBpSlot()) ) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "found empty slot\n"); p->bUsed = TRUE; p->bInstalled = TRUE; p->bVirtual = TRUE; p->Callback = NULL; PICE_strcpy(p->szModName,ModName); PICE_strcpy(p->szFunctionName,FunctionName); bResult = TRUE; } LEAVE_FUNC(); return bResult;}//************************************************************************* // TryToInstallVirtualSWBreakpoints() // //************************************************************************* void TryToInstallVirtualSWBreakpoints(void){ DECL_TEMP; ULONG i,ulAddress; struct module* pMod; PSW_BP p; ENTER_FUNC(); p = aSwBreakpoints; for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++,p++) { if(p->bUsed == TRUE && p->bVirtual) { if((pMod = IsModuleLoaded(p->szModName))) { if((ulAddress = FindFunctionInModuleByName(p->szFunctionName,pMod))) { if((p = FindVirtualSwBp(p->szModName,p->szFunctionName))) { ULONG ulAddressWithOffset = ulAddress+p->ulAddress; DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "ulAddressWithOffset = %x (offset = %x)\n",ulAddressWithOffset,p->ulAddress); if(IsAddressValid(ulAddressWithOffset) && IsAddressWriteable(ulAddress)) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "installing...\n"); p->ucOriginalOpcode = *(PUCHAR)ulAddressWithOffset; *(PUCHAR)ulAddressWithOffset = INT3_OPCODE; p->bUsed = TRUE; p->bInstalled = TRUE; p->bVirtual = FALSE; // find next address p->ulAddress = ulAddressWithOffset; ALLOC_TEMP(1024); Disasm(&ulAddressWithOffset,(PUCHAR)TEMP); FREE_TEMP(); p->ulNextInstr = ulAddressWithOffset; p->bPermanent = FALSE; p->Callback = NULL; } else { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "not valid address\n"); PICE_memset(p,0,sizeof(*p)); } } } } } } LEAVE_FUNC();}//************************************************************************* // RemoveSWBreakpointsOnProcessExit() // // removes breakpoint from breakpoint list//************************************************************************* BOOLEAN RemoveSWBreakpointOnProcessExit(ULONG ulProcess){ PSW_BP p; BOOLEAN bResult = FALSE; ULONG i; ENTER_FUNC(); p = aSwBreakpoints; for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++,p++)⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -