📄 debugger.pas.svn-base
字号:
If MyNTOpenProcessPos<>0 then
begin
if VirtualProtect(pointer(NTOpenProcessPos-50),55,PAGE_EXECUTE_READWRITE,x) then
begin
y[0]:=$e9;
pdword(@y[1])^:=MyNTOpenProcessPos-NTOpenProcessPos-5;
try
asm
push edi
push esi
lea esi,y[0]
mov edi,NTOpenProcessPos
movsd
movsb
pop esi
pop edi
end;
except
end;
end;
end;
end;
end;
procedure TDebugger.AddDebugString;
begin
{$ifndef netserver}
formdebugstrings.listbox1.Items.add(temps);
{$endif}
end;
procedure TDebugger.addtochangeslist;
begin
{$ifndef netserver}
with memorybrowser do
begin
EAXv:=context.Eax;
EBXv:=context.Ebx;
ECXv:=context.Ecx;
EDXv:=context.Edx;
ESIv:=context.Esi;
EDIv:=context.Edi;
EBPv:=context.Ebp;
ESPv:=context.Esp;
EIPv:=context.Eip;
end;
try
lastbreakpoint:=getaddress(temps);
except
//
end;
if frmchangedaddresses.Changedlist.Items.IndexOf(inttohex(lastbreakpoint,8))=-1 then
frmchangedaddresses.Changedlist.Items.Add(inttohex(lastbreakpoint,8));
{$endif}
end;
procedure TDebugger.debuginfo;
begin
end;
procedure TDebugger.ProcessCreated;
begin
{$ifndef netserver}
if frmCreatedProcessList=nil then
begin
frmCreatedProcesslist:=tfrmcreatedprocesslist.create(nil);
frmCreatedProcesslist.show;
end;
frmcreatedprocesslist.ListBox1.Items.Add(IntToHex(newprocesses[currentprocess].processid,8));
{$endif}
end;
procedure TDebugger.FoundOne;
var desc,opcode: string;
address: dword;
{$ifdef netserver}
i: integer;
threadlist: tlist;
output: array [0..41] of byte;
{$endif}
begin
{$ifndef netserver}
if foundcodedialog<>nil then
with foundcodedialog do
begin
address:=addressfound;
opcode:=disassemble(address,desc);
setlength(coderecords,length(coderecords)+1);
coderecords[length(coderecords)-1].address:=addressfound;
coderecords[length(coderecords)-1].size:=address-addressfound;
coderecords[length(coderecords)-1].opcode:=opcode;
coderecords[length(coderecords)-1].desciption:=desc;
coderecords[length(coderecords)-1].eax:=context.Eax;
coderecords[length(coderecords)-1].ebx:=context.Ebx;
coderecords[length(coderecords)-1].ecx:=context.Ecx;
coderecords[length(coderecords)-1].edx:=context.Edx;
coderecords[length(coderecords)-1].esi:=context.Esi;
coderecords[length(coderecords)-1].edi:=context.Edi;
coderecords[length(coderecords)-1].ebp:=context.Ebp;
coderecords[length(coderecords)-1].esp:=context.Esp;
coderecords[length(coderecords)-1].eip:=context.Eip;
Foundcodelist.Items.Add(opcode);
end;
{$else}
//send the state information to the client(s)
//FoundCode(Address: dword;eax:dword; ebx:dword; ecx:dword; edx:dword;esi:dword;edi:dword;ebp:dword;esp:dword;eip:dword)
setlength(coderecords,length(coderecords)+1);
coderecords[length(coderecords)-1]:=addressfound;
output[0]:=SC_FoundCode;
pdword(@output[1])^:=addressfound;
pdword(@output[5])^:=context.Eax;
pdword(@output[9])^:=context.Ebx;
pdword(@output[13])^:=context.Ecx;
pdword(@output[17])^:=context.Edx;
pdword(@output[21])^:=context.Esi;
pdword(@output[25])^:=context.Edi;
pdword(@output[29])^:=context.Ebp;
pdword(@output[33])^:=context.Esp;
pdword(@output[37])^:=context.Eip;
threadlist:=form1.idtcpserver1.Threads.LockList;
try
for i:=0 to threadlist.count-1 do
TIdPeerThread(threadlist[i]).Connection.WriteBuffer(output[0],41);
finally
form1.idtcpserver1.Threads.UnlockList;
end;
{$endif}
end;
procedure tdebugger.suspendallthreads;
var i: integer;
begin
for i:=0 to length(threadlist)-1 do
suspendthread(threadlist[i,1]);
end;
procedure tdebugger.resumeallthreads;
var i: integer;
begin
for i:=0 to length(threadlist)-1 do
resumethread(threadlist[i,1]);
end;
procedure TDebugger.UpdateRegisters;
var temp: string;
i: integer;
begin
//removed for a while
{$ifndef netserver}
with memorybrowser do
begin
//enable debug mode
run1.Enabled:=true;
step1.Enabled:=true;
stepover1.Enabled:=true;
runtill1.Enabled:=true;
stacktrace1.Enabled:=true;
for i:=0 to length(threadlist)-1 do
begin
if threadlist[i,1]=pausedthreadhandle then
begin
caption:='Memory Viewer - Currently debugging thread '+inttohex(threadlist[i,0],8);
break;
end;
end;
if frmstacktrace<>nil then
begin
frmstacktrace.stacktrace(debuggerthread.pausedthreadhandle,debuggerthread.context);
end;
Disassembleraddress:=context.Eip;
dselected:=context.eip;
temp:='EAX '+IntToHex(context.Eax,8);
if temp<>eaxlabel.Caption then
begin
eaxlabel.Font.Color:=clred;
eaxlabel.Caption:=temp;
end else eaxlabel.Font.Color:=clWindowText;
temp:='EBX '+IntToHex(context.Ebx,8);
if temp<>ebxlabel.Caption then
begin
ebxlabel.Font.Color:=clred;
ebxlabel.Caption:=temp;
end else ebxlabel.Font.Color:=clWindowText;
temp:='ECX '+IntToHex(context.ECx,8);
if temp<>eCxlabel.Caption then
begin
eCXlabel.Font.Color:=clred;
eCXlabel.Caption:=temp;
end else eCXlabel.Font.Color:=clWindowText;
temp:='EDX '+IntToHex(context.EDx,8);
if temp<>eDxlabel.Caption then
begin
eDxlabel.Font.Color:=clred;
eDxlabel.Caption:=temp;
end else eDxlabel.Font.Color:=clWindowText;
temp:='ESI '+IntToHex(context.ESI,8);
if temp<>eSIlabel.Caption then
begin
eSIlabel.Font.Color:=clred;
eSIlabel.Caption:=temp;
end else eSIlabel.Font.Color:=clWindowText;
temp:='EDI '+IntToHex(context.EDI,8);
if temp<>eDIlabel.Caption then
begin
eDIlabel.Font.Color:=clred;
eDIlabel.Caption:=temp;
end else eDIlabel.Font.Color:=clWindowText;
temp:='EBP '+IntToHex(context.EBP,8);
if temp<>eBPlabel.Caption then
begin
eBPlabel.Font.Color:=clred;
eBPlabel.Caption:=temp;
end else eBPlabel.Font.Color:=clWindowText;
temp:='ESP '+IntToHex(context.ESP,8);
if temp<>eSPlabel.Caption then
begin
eSPlabel.Font.Color:=clred;
eSPlabel.Caption:=temp;
end else eSPlabel.Font.Color:=clWindowText;
temp:='EIP '+IntToHex(context.EIP,8);
if temp<>eIPlabel.Caption then
begin
eIPlabel.Font.Color:=clred;
eIPlabel.Caption:=temp;
end else eIPlabel.Font.Color:=clWindowText;
temp:='CS '+IntToHex(context.SEGCS,4);
if temp<>CSlabel.Caption then
begin
CSlabel.Font.Color:=clred;
CSlabel.Caption:=temp;
end else CSlabel.Font.Color:=clWindowText;
temp:='DS '+IntToHex(context.SEGDS,4);
if temp<>DSlabel.Caption then
begin
DSlabel.Font.Color:=clred;
DSlabel.Caption:=temp;
end else DSLabel.Font.Color:=clWindowText;
temp:='SS '+IntToHex(context.SEGSS,4);
if temp<>SSlabel.Caption then
begin
SSlabel.Font.Color:=clred;
SSlabel.Caption:=temp;
end else SSlabel.Font.Color:=clWindowText;
temp:='ES '+IntToHex(context.SEGES,4);
if temp<>ESlabel.Caption then
begin
ESlabel.Font.Color:=clred;
ESlabel.Caption:=temp;
end else ESlabel.Font.Color:=clWindowText;
temp:='FS '+IntToHex(context.SEGFS,4);
if temp<>FSlabel.Caption then
begin
FSlabel.Font.Color:=clred;
FSlabel.Caption:=temp;
end else FSlabel.Font.Color:=clWindowText;
temp:='GS '+IntToHex(context.SEGGS,4);
if temp<>GSlabel.Caption then
begin
GSlabel.Font.Color:=clred;
GSlabel.Caption:=temp;
end else GSlabel.Font.Color:=clWindowText;
temp:='CF '+IntToStr(GetBitOf(context.EFLAgs,0));
if temp<>cflabel.Caption then
begin
CFlabel.Font.Color:=clred;
CFlabel.caption:=temp;
end else cflabel.Font.Color:=clWindowText;
temp:='PF '+IntToStr(GetBitOf(context.EFlags,2));
if temp<>Pflabel.Caption then
begin
Pflabel.Font.Color:=clred;
Pflabel.caption:=temp;
end else Pflabel.Font.Color:=clWindowText;
temp:='AF '+IntToStr(GetBitOf(context.EFlags,4));
if temp<>Aflabel.Caption then
begin
Aflabel.Font.Color:=clred;
Aflabel.caption:=temp;
end else Aflabel.Font.Color:=clWindowText;
temp:='ZF '+IntToStr(GetBitOf(context.EFlags,6));
if temp<>Zflabel.Caption then
begin
Zflabel.Font.Color:=clred;
Zflabel.caption:=temp;
end else Zflabel.Font.Color:=clWindowText;
temp:='SF '+IntToStr(GetBitOf(context.EFlags,7));
if temp<>Sflabel.Caption then
begin
Sflabel.Font.Color:=clred;
Sflabel.caption:=temp;
end else Sflabel.Font.Color:=clWindowText;
temp:='DF '+IntToStr(GetBitOf(context.EFlags,10));
if temp<>Dflabel.Caption then
begin
Dflabel.Font.Color:=clred;
Dflabel.caption:=temp;
end else Dflabel.Font.Color:=clWindowText;
temp:='OF '+IntToStr(GetBitOf(context.EFlags,11));
if temp<>Oflabel.Caption then
begin
Oflabel.Font.Color:=clred;
Oflabel.caption:=temp;
end else Oflabel.Font.Color:=clWindowText;
EAXv:=context.Eax;
EBXv:=context.Ebx;
ECXv:=context.Ecx;
EDXv:=context.Edx;
ESIv:=context.ESi;
EDIv:=context.Edi;
EBPv:=context.Ebp;
ESPv:=context.Esp;
EIPv:=context.Eip;
updatedisassemblerview;
end;
{$endif}
end;
procedure TDebugger.SetSingleStepping(Threadid: dword);
var i: integer;
begin
for i:=0 to length(threadlist)-1 do
if threadlist[i,0]=ThreadId then
begin
context.ContextFlags:=CONTEXT_FULL;
getthreadcontext(threadlist[i,1],context);
context.ContextFlags:=CONTEXT_FULL; //CONTEXT_CONTROL;
context.EFlags:=context.EFlags or $100;
setthreadcontext(threadlist[i,1],context);
break;
end;
end;
procedure TDebugger.ResetBreakpoint;
var zerobreak: _context;
i: integer;
int3: byte;
original,a,written:dword;
begin
if canusedebugregs then
for i:=0 to length(threadlist)-1 do
begin
suspendthread(threadlist[i,1]);
setthreadcontext(threadlist[i,1],drregs);
resumethread(threadlist[i,1]);
end
else
begin
int3:=$cc;
for i:=0 to length(int3userbreakpoints)-1 do
RewriteCode(processhandle,int3userbreakpoints[i].address,@int3,1);
if int3CEBreakpoint.address>0 then
RewriteCode(processhandle,int3CEBreakpoint.address,@int3,1);
end;
end;
procedure TDebugger.RemoveBreakpoint;
var zerobreak: _context;
i: integer;
original,written,a:dword;
begin
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -