complete_debug_gatecondition.cpp

此为破解装载器一书中的源代码,在看雪论坛下载的,

							contproc = TRUE;
							dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
						}
						break;

						case EXCEPTION_PRIV_INSTRUCTION: {
							// The thread tried to execute an instruction whose operation is not allowed
							// in the current machine mode.

							sprintf( b, "Exception address:%08X", DebugEv.u.Exception.ExceptionRecord.ExceptionAddress);
							MessageBox(NULL, b, "Priviledge instruction", MB_OK+MB_TASKMODAL+MB_ICONWARNING);
							contproc = TRUE;
							dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
						}
						break;

						case EXCEPTION_STACK_OVERFLOW: {
							// The thread used up its stack:

							sprintf( b, "Exception address:%08X", DebugEv.u.Exception.ExceptionRecord.ExceptionAddress);
							MessageBox(NULL, b, "Stack overflow", MB_OK+MB_TASKMODAL+MB_ICONWARNING);
							contproc = TRUE;
							dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
						}	
						break;

						case DBG_CONTROL_C: {
							// First chance: Pass this on to the kernel.
							// Last chance: Display an appropriate error.
							// Handle other exceptions.

							if (DebugEv.u.Exception.dwFirstChance) {
								contproc = TRUE;
								dwContinueStatus = DBG_CONTINUE;
								sprintf( b, "First Chance\n"
									"Exception address:%08X", DebugEv.u.Exception.ExceptionRecord.ExceptionAddress);
								MessageBox(NULL, b, "Ctrl+C", MB_OK+MB_TASKMODAL+MB_ICONINFORMATION);
							}
							else {
								contproc = FALSE;
								sprintf( b, "Last Chance\n"
									"Exception address:%08X", DebugEv.u.Exception.ExceptionRecord.ExceptionAddress);
								MessageBox(NULL, b, "Ctrl+C", MB_OK+MB_TASKMODAL+MB_ICONWARNING);
							}
						}
						break;

							// some without any documented explanation
						case EXCEPTION_GUARD_PAGE: {
							sprintf( b, "Exception address:%08X", DebugEv.u.Exception.ExceptionRecord.ExceptionAddress);
							MessageBox(NULL, b, "Guard Page Hit", MB_OK+MB_TASKMODAL+MB_ICONWARNING);
							contproc = TRUE;
							dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
						}
						break;

						case CONTROL_C_EXIT: {
							sprintf( b, "Exception address:%08X", DebugEv.u.Exception.ExceptionRecord.ExceptionAddress);
							MessageBox(NULL, b, "Control C Exit", MB_OK+MB_TASKMODAL+MB_ICONWARNING);
							contproc = FALSE;
						}
						break;

						case 0xc0000135: {
							//Just an example of how to handle custom exceptions the application might raise.
							sprintf( b, "Exception address:%08X", DebugEv.u.Exception.ExceptionRecord.ExceptionAddress);
							MessageBox(NULL, b, "DLL Not Found", MB_OK+MB_TASKMODAL+MB_ICONWARNING);
							contproc = TRUE;
							dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
						}
						break;

						case 0xc0000142: {
							sprintf( b, "Exception address:%08X", DebugEv.u.Exception.ExceptionRecord.ExceptionAddress);
							MessageBox(NULL, b, "DLL Initialization Failed", MB_OK+MB_TASKMODAL+MB_ICONWARNING);
							contproc = TRUE;
							dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
						}
						break;

						case 0xc06d007e: {
							sprintf( b, "Exception address:%08X", DebugEv.u.Exception.ExceptionRecord.ExceptionAddress);
							MessageBox(NULL, b, "Module Not Found", MB_OK+MB_TASKMODAL+MB_ICONWARNING);
							contproc = TRUE;
							dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
						}
						break;

						case 0xc06d007f: {
							sprintf( b, "Exception address:%08X", DebugEv.u.Exception.ExceptionRecord.ExceptionAddress);
							MessageBox(NULL, b, "Procedure Not Found", MB_OK+MB_TASKMODAL+MB_ICONWARNING);
							contproc = TRUE;
							dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
						}
						break;

						default: {
							sprintf( b, "Exception address:%08X", DebugEv.u.Exception.ExceptionRecord.ExceptionAddress);
							MessageBox(NULL, b, "Unknown exception", MB_OK+MB_TASKMODAL+MB_ICONWARNING);
							contproc = TRUE;
							dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
						}
						break;
					} //end switch

				}
				break; //end case EXCEPTION_DEBUG_EVENT

				case EXIT_PROCESS_DEBUG_EVENT: {
					FormatMessage(
						FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
						NULL,
						GetLastError(),
						MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
						(LPTSTR) &lpMsgBuf,
						0,
						NULL
					);

					sprintf( b, "Exit Code:%d\n%s", DebugEv.u.ExitProcess.dwExitCode, lpMsgBuf );
					MessageBox(NULL, b, "EXIT_PROCESS_DEBUG_EVENT", MB_OK+MB_TASKMODAL+MB_ICONINFORMATION);
					contproc = TRUE;
					dwContinueStatus = DBG_CONTINUE;

					// Free the buffer.
					LocalFree( lpMsgBuf );
					SetLastError(ERROR_SUCCESS);
				}
				break;

				case EXIT_THREAD_DEBUG_EVENT: {
					// Display the thread's exit code.
					FormatMessage(
						FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
						NULL,
						GetLastError(),
						MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
						(LPTSTR) &lpMsgBuf,
						0,
						NULL
					);

					//sprintf( b, "Exit Code:%d\n"
					//"%s", DebugEv.u.ExitThread.dwExitCode, lpMsgBuf );
					//MessageBox(NULL, b, "EXIT_THREAD_DEBUG_EVENT", MB_OK+MB_TASKMODAL+MB_ICONINFORMATION);
					contproc = TRUE;
					dwContinueStatus = DBG_CONTINUE;

					// Free the buffer.
					LocalFree( lpMsgBuf );
					SetLastError(ERROR_SUCCESS);
				}
				break;

				case CREATE_THREAD_DEBUG_EVENT: {
					// As needed, examine or change the thread's registers with the GetThreadContext and SetThreadContext functions;
					// and suspend and resume thread execution with the SuspendThread and ResumeThread functions.
					//MessageBox(NULL, "", "CREATE_THREAD_DEBUG_EVENT",MB_OK+MB_TASKMODAL);
					contproc = TRUE;
					dwContinueStatus = DBG_CONTINUE;
				}
				break;

				case CREATE_PROCESS_DEBUG_EVENT: {
					// As needed, examine or change the registers of the process's initial thread with the GetThreadContext and
					// SetThreadContext functions; read from and write to the process's virtual memory with the ReadProcessMemory and
					// WriteProcessMemory functions; and suspend and resume thread execution with the SuspendThread and ResumeThread
					// functions. Be sure to close the handle to the process image file with CloseHandle.

					contproc = TRUE;
					dwContinueStatus = DBG_CONTINUE;
					hSaveFile  		= DebugEv.u.CreateProcessInfo.hFile;
					hSaveProcess 	= DebugEv.u.CreateProcessInfo.hProcess;
					hSaveThread 	= DebugEv.u.CreateProcessInfo.hThread;

					Pid[k] = GetProcessId(hSaveProcess);
					dwPid = Pid[k];

					// more than 1 process
					if (k > 0)
					{

						//DebugActiveProcessStop(Pid[0]);

						//OpenProcess(
							//PROCESS_ALL_ACCESS,	// access flag
							//FALSE,	// handle inheritance flag
							//dwPid 	// process identifier
						//);

						//DebugActiveProcess(
							//dwPid
						//);

						// no need to go further
						contproc = FALSE;
					}

					k++;

					// include process info
					sprintf( b, "hFile:%X\n"
						"ProcessId:%X\n"
						"hProcess:%X\n"
						"hThread:%X\n"
						"lpBaseOfImage:%08X\n"
						"dwDebugInfoFileOffset:%d\n"
						"nDebugInfoSize:%d\n"
						"lpThreadLocalBase:%08X\n"
						"lpStartAddress:%08X\n"
						"lpImageName:%08X\n"
						"fUnicode:%d",
						DebugEv.u.CreateProcessInfo.hFile, Pid[k -1], DebugEv.u.CreateProcessInfo.hProcess,
						DebugEv.u.CreateProcessInfo.hThread, DebugEv.u.CreateProcessInfo.lpBaseOfImage,
						DebugEv.u.CreateProcessInfo.dwDebugInfoFileOffset, DebugEv.u.CreateProcessInfo.nDebugInfoSize,
						DebugEv.u.CreateProcessInfo.lpThreadLocalBase, DebugEv.u.CreateProcessInfo.lpStartAddress,
						DebugEv.u.CreateProcessInfo.lpImageName, DebugEv.u.CreateProcessInfo.fUnicode 
					);

					MessageBox(NULL, b, "CREATE_PROCESS_DEBUG_EVENT",MB_OK+MB_TASKMODAL);
				}
				break;

				case LOAD_DLL_DEBUG_EVENT: {
					// Read the debugging information included in the newly loaded DLL. 
					// Be sure to close the handle to the loaded DLL with CloseHandle.

					contproc = TRUE;
					dwContinueStatus = DBG_CONTINUE;

					if (DebugEv.u.LoadDll.hFile == NULL) {
						break;
					}

					// EnumProcessModules returns an array of hMods for the process
					// Fails first time for ntdll.dll
					if (!EnumProcessModules(hSaveProcess, hMods, sizeof(hMods), &cbNeeded)) {
						FormatMessage(
							FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
							NULL,
							GetLastError(),
							MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
							(LPTSTR) &lpMsgBuf,
							0,
							NULL
							);

						// Display any error msg.
						//MessageBox(NULL, lpMsgBuf, "EnumProcessModules Error", MB_OK+MB_TASKMODAL);

						// Free the buffer.
						LocalFree( lpMsgBuf );
						SetLastError(ERROR_SUCCESS);

						//close handle to load dll event
						CloseHandle(DebugEv.u.LoadDll.hFile);
						break;
					}

					// Calculate number of modules in the process
					nMods = cbNeeded / sizeof(HMODULE);

					for ( i = 0; i < nMods; i++ ) {
						HMODULE hModule = hMods[i];
						char szModName[MAX_PATH];

						// GetModuleFileNameEx is like GetModuleFileName, but works in other process address spaces
						// Get the full path to the module's file.
						GetModuleFileNameEx( hSaveProcess, hModule, szModName, sizeof(szModName));

						if ( 0 == i ) {  // First module is the EXE. Add to list and skip it.
							modlist[i] = i;
						}
						else    		// Not the first module. It's a DLL
						{
							// Determine if this is a DLL we've already seen
							if ( i == modlist[i] ) {
								continue;
							}
							else {
								// We haven't see it, add it to the list
								modlist[i] = i;

								//Get the module information
								//GetModuleInformation(
								//	hSaveProcess,
								//	hModule,
								//	&mi,
								//	cbNeeded
								//	);
								// include DLL entry, name and base image address, etc. info
								//sprintf( b, "DLL entry:%d\n"
								//  "DLL module:%s\n"
								//  "Load address:%08X\n"
								//  "Size of image:%08X\n"
								//  "Entry Point:%08X", i, szModName, hModule, mi.SizeOfImage, mi.EntryPoint