📄 bp.c
字号:
{ if(ulProcess == p->ulProcess && p->bInstalled == TRUE && p->bVirtual==FALSE && !p->bPermanent) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "%u match\n",i); if(IsAddressValid(p->ulAddress) ) { if(p->ulAddress < TASK_SIZE) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "%u physical write\n",i); p->ulPhysAddress = GetPhysicalAddress(p->ulAddress); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical address is %.8X\n",p->ulPhysAddress); WritePhysMem(p->ulPhysAddress,p->ucOriginalOpcode,sizeof(UCHAR)); } else { *(PUCHAR)p->ulAddress = p->ucOriginalOpcode; } p->bInstalled = FALSE; } // virtualize breakpoint p->bVirtual = TRUE; } bResult = TRUE; } LEAVE_FUNC(); return bResult;}//************************************************************************* // RemoveSWBreakpoint() // // removes breakpoint from breakpoint list//************************************************************************* BOOLEAN RemoveSWBreakpoint(ULONG ulAddress){ PSW_BP p; BOOLEAN bResult = FALSE; ENTER_FUNC(); if( (p = FindSwBp(ulAddress)) ) { if(IsAddressValid(ulAddress) && p->bInstalled == TRUE && p->bVirtual==FALSE) { if(IsAddressWriteable(ulAddress) ) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "direct write\n"); // restore original opcode *(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode; } else { ULONG ulPhysAddress; DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical write\n"); ulPhysAddress = GetPhysicalAddress(p->ulAddress); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical address is %.8X\n", ulPhysAddress); WritePhysMem(ulPhysAddress,p->ucOriginalOpcode,sizeof(UCHAR)); } } PICE_memset(p,0,sizeof(*p)); bResult = TRUE; } LEAVE_FUNC(); return bResult;}//************************************************************************* // RemoveSWBreakpointByNumber() // //************************************************************************* BOOLEAN RemoveSWBreakpointByNumber(ULONG ulNumber){ BOOLEAN bResult = FALSE; ENTER_FUNC(); if(aSwBreakpoints[ulNumber].bUsed && !aSwBreakpoints[ulNumber].bPermanent) { bResult = RemoveSWBreakpoint(aSwBreakpoints[ulNumber].ulAddress); } LEAVE_FUNC(); return bResult;}//************************************************************************* // DeInstallSWBreakpoint() // //************************************************************************* BOOLEAN DeInstallSWBreakpoint(ULONG ulAddress){ PSW_BP p; BOOLEAN bResult = FALSE; ENTER_FUNC(); if( (p = FindSwBp(ulAddress)) ) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "breakpoint found @ %.8X\n", ulAddress); if(IsAddressValid(ulAddress) && p->bInstalled == TRUE && p->bVirtual==FALSE) { if(p->ulAddress < TASK_SIZE) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical write\n"); p->ulPhysAddress = GetPhysicalAddress(p->ulAddress); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical address is %.8X\n",p->ulPhysAddress); WritePhysMem(p->ulPhysAddress,p->ucOriginalOpcode,sizeof(UCHAR)); } else { *(PUCHAR)p->ulAddress = p->ucOriginalOpcode; } } p->bInstalled = FALSE; bResult = TRUE; } LEAVE_FUNC(); return bResult;}//************************************************************************* // RemoveAllSWBreakpoints() // //************************************************************************* BOOLEAN RemoveAllSWBreakpoints(BOOLEAN bEvenPermanents){ PSW_BP p; BOOLEAN bResult = FALSE; ULONG i; ENTER_FUNC(); p = aSwBreakpoints; for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++,p++) { if(p->bUsed == TRUE) { if(!p->bPermanent || (p->bPermanent == bEvenPermanents)) { if(IsAddressValid(p->ulAddress) && p->bInstalled && p->bVirtual==FALSE) { if(p->ulAddress < TASK_SIZE) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical write\n"); p->ulPhysAddress = GetPhysicalAddress(p->ulAddress); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "physical address is %.8X\n", p->ulPhysAddress); WritePhysMem(p->ulPhysAddress,p->ucOriginalOpcode,sizeof(UCHAR)); } else { *(PUCHAR)p->ulAddress = p->ucOriginalOpcode; } bResult = TRUE; } PICE_memset(p,0,sizeof(*p)); } } } LEAVE_FUNC(); return bResult;}//************************************************************************* // IsPermanentSWBreakpoint() // //************************************************************************* PSW_BP IsPermanentSWBreakpoint(ULONG ulAddress){ PSW_BP p; ULONG i; ENTER_FUNC(); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "IsPermanentSWBreakpoint(%.8X)\n", ulAddress); for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(aSwBreakpoints[0]));i++) { p = &aSwBreakpoints[i]; if(p->ulAddress == ulAddress && p->bUsed == TRUE && p->bPermanent == TRUE) { LEAVE_FUNC(); return p; } } LEAVE_FUNC(); return NULL;}//************************************************************************* // ListSWBreakpoints() // //************************************************************************* void ListSWBreakpoints(void){ DECL_TEMP; PSW_BP p; ULONG i; LPSTR pSymbolName; struct module* pMod; ENTER_FUNC(); ALLOC_TEMP(1024); for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++) { p = &aSwBreakpoints[i]; if(p->bUsed == TRUE && p->bVirtual == FALSE) { if((pSymbolName = FindFunctionByAddress(p->ulAddress,NULL,NULL)) ) { pMod = FindModuleFromAddress(p->ulAddress); PICE_sprintf(TEMP,"[%u] %.8X (%s!%s) %s\n",i,p->ulAddress,pMod->name,pSymbolName,p->bPermanent?"PERMANENT":""); } else {#ifdef ACTIVATE_SYMBOL_LOOKUP if(FindSymbolByAddress(&pSymbolName,p->ulAddress)) PICE_sprintf(TEMP,"[%u] %.8X (%s) %s\n",i,p->ulAddress,pSymbolName,p->bPermanent?"PERMANENT":""); else#endif // ACTIVATE_SYMBOL_LOOKUP PICE_sprintf(TEMP,"[%u] %.8X (no symbol) %s\n",i,p->ulAddress,p->bPermanent?"PERMANENT":""); } Print(OUTPUT_WINDOW,TEMP); } else if(p->bUsed == TRUE) { PICE_sprintf(TEMP,"[%u] xxxxxxxx (%s!%s) VIRTUAL\n",i,p->szModName,p->szFunctionName); Print(OUTPUT_WINDOW,TEMP); } } FREE_TEMP(); LEAVE_FUNC();}//************************************************************************* // RevirtualizeBreakpointsForModule() // //************************************************************************* void RevirtualizeBreakpointsForModule(struct module* pMod){ DECL_TEMP; ULONG i,start,end; PSW_BP p; ENTER_FUNC(); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "RevirtualizeBreakpointsForModule(%x)\n",(ULONG)pMod); if(IsRangeValid((ULONG)pMod,sizeof(struct module)) ) { start = (ULONG)pMod; end = (ULONG)pMod+pMod->size; DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "module %x (%x-%x)\n", (ULONG)pMod, start,end); // go through all breakpoints for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++) { p = &aSwBreakpoints[i]; // if it's used and installed and not virtual if(p->bUsed && p->bInstalled && p->bVirtual == FALSE) { // make sure we're in module's bound if(p->ulAddress>=start && p->ulAddress<end) { LPSTR pFind; ULONG ulFunctionAddress; DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "module breakpoint %u\n",i);#ifdef ACTIVATE_SYMBOL_LOOKUP // find the function in which this breakpoint resides if(FindSymbolByAddress(&pFind,p->ulAddress)) { // from now on it's virtual again p->bVirtual = TRUE; if(IsAddressValid(p->ulAddress) && IsAddressWriteable(p->ulAddress)) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "restoring original opcode @ %x\n",p->ulAddress); *(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode; } else { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "could not restore original opcode @ %x\n", p->ulAddress); } // skip past the module separator while(*pFind!='!') pFind++; pFind++; // remember the function and the module for reinstallation PICE_strcpy(p->szModName,(LPSTR)pMod->name); PICE_strcpy(p->szFunctionName,pFind); DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "%s!%s\n",p->szModName,p->szFunctionName); // if function name contains a '+' it's an offset pFind = p->szFunctionName; while(*pFind!=0) { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "%s\n", pFind); // found any offset to function if(*pFind=='+') { *pFind=0; break; } pFind++; } DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "%s\n",p->szFunctionName); if(ScanSystemMap(p->szFunctionName,&ulFunctionAddress)) { p->ulAddress -= ulFunctionAddress; DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "function @ %x offset = %x\n",ulFunctionAddress,p->ulAddress); } else { if((ulFunctionAddress = FindFunctionInModuleByName(p->szFunctionName,pMod)) ) { p->ulAddress -= ulFunctionAddress; DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "function @ %x offset = %x\n",ulFunctionAddress,p->ulAddress); } else { DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "Breakpoint %u could not be virtualized properly!\n",i); ALLOC_TEMP(1024); PICE_sprintf(TEMP,"Breakpoint %u could not be virtualized properly!\n",i); Print(OUTPUT_WINDOW,TEMP); FREE_TEMP(); } } } else {#endif // ACTIVATE_SYMBOL_LOOKUP DPRINT(PICE_DEBUG, DBT_BP, DBL_INFO, "function for %x not found!\n",p->ulAddress); PICE_memset(p, 0, sizeof(*p));#ifdef ACTIVATE_SYMBOL_LOOKUP }#endif // ACTIVATE_SYMBOL_LOOKUP } } } } LEAVE_FUNC();}//************************************************************************* // InstallBreakpointHook() // //************************************************************************* void InstallBreakpointHook(void){#ifdef ACTIVATE_BREAKPOINT_HOOK void DebuggerBreakpoint(void); ENTER_FUNC(); if(!ulOldBreakpointHandler) { PICE_memset(aSwBreakpoints,0,sizeof(aSwBreakpoints)); HookInterruptVector(BREAKPOINT_VECTOR,(PVOID)&DebuggerBreakpoint,(PVOID)&ulOldBreakpointHandler); } LEAVE_FUNC();#endif // ACTIVATE_BREAKPOINT_HOOK} //************************************************************************* // DeInstallBreakpointHook() // //************************************************************************* void DeInstallBreakpointHook(void){#ifdef ACTIVATE_BREAKPOINT_HOOK ENTER_FUNC(); if(ulOldBreakpointHandler) { RemoveAllSWBreakpoints(TRUE); HookInterruptVector(BREAKPOINT_VECTOR,(PVOID)ulOldBreakpointHandler,NULL); } LEAVE_FUNC();#endif // ACTIVATE_BREAKPOINT_HOOK}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -