📄 bp.c
字号:
}
}
}
}
}
}
}
//*************************************************************************
// RemoveSWBreakpoint()
//
// removes breakpoint from breakpoint list
//*************************************************************************
BOOLEAN RemoveSWBreakpoint(ULONG ulAddress)
{
PSW_BP p;
BOOLEAN bResult = FALSE;
ENTER_FUNC();
DPRINT((0,"RemoveSWBreakpoint()\n"));
if( (p = FindSwBp(ulAddress)) )
{
if(IsAddressValid(ulAddress) && p->bInstalled == TRUE && p->bVirtual==FALSE)
{
BOOLEAN isWriteable;
if( !( isWriteable = IsAddressWriteable(ulAddress) ) )
SetAddressWriteable(ulAddress,TRUE);
// restore original opcode
*(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode;
if( !isWriteable )
SetAddressWriteable(ulAddress,FALSE);
}
PICE_memset(p,0,sizeof(*p));
bResult = TRUE;
}
LEAVE_FUNC();
return bResult;
}
//*************************************************************************
// DeInstallSWBreakpoint()
//
//*************************************************************************
BOOLEAN DeInstallSWBreakpoint(ULONG ulAddress)
{
PSW_BP p;
BOOLEAN bResult = FALSE;
ENTER_FUNC();
DPRINT((0,"DeInstallSWBreakpoint()\n"));
if( (p = FindSwBp(ulAddress)) )
{
if(IsAddressValid(ulAddress) && p->bInstalled == TRUE && p->bVirtual==FALSE)
{
BOOLEAN isWriteable;
if( !( isWriteable = IsAddressWriteable(ulAddress) ) )
SetAddressWriteable(ulAddress,TRUE);
// restore original opcode
*(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode;
if( !isWriteable )
SetAddressWriteable(ulAddress,FALSE);
}
p->bInstalled = FALSE;
bResult = TRUE;
}
LEAVE_FUNC();
return bResult;
}
//*************************************************************************
// RemoveAllSWBreakpoints()
//
//*************************************************************************
BOOLEAN RemoveAllSWBreakpoints(BOOLEAN bEvenPermanents)
{
PSW_BP p;
BOOLEAN bResult = FALSE;
ULONG i;
ENTER_FUNC();
DPRINT((0,"RemoveAllSWBreakpoint()\n"));
for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++)
{
p = &aSwBreakpoints[i];
if(p->bUsed == TRUE)
{
if(bEvenPermanents)
{
if(IsAddressValid(p->ulAddress) && p->bVirtual==FALSE)
{
BOOLEAN isWriteable;
if( !( isWriteable = IsAddressWriteable(p->ulAddress) ) )
SetAddressWriteable(p->ulAddress,TRUE);
*(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode;
if( !isWriteable )
SetAddressWriteable(p->ulAddress,FALSE);
bResult = TRUE;
}
PICE_memset(p,0,sizeof(*p));
}
else
{
if(!p->bPermanent)
{
if(IsAddressValid(p->ulAddress) && p->bVirtual==FALSE)
{
BOOLEAN isWriteable;
if( !( isWriteable = IsAddressWriteable(p->ulAddress) ) )
SetAddressWriteable(p->ulAddress,TRUE);
*(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode;
if( !isWriteable )
SetAddressWriteable(p->ulAddress,FALSE);
bResult = TRUE;
}
PICE_memset(p,0,sizeof(*p));
}
}
}
}
LEAVE_FUNC();
return bResult;
}
//*************************************************************************
// IsPermanentSWBreakpoint()
//
//*************************************************************************
PSW_BP IsPermanentSWBreakpoint(ULONG ulAddress)
{
PSW_BP p;
ULONG i;
ENTER_FUNC();
DPRINT((0,"IsPermanentSWBreakpoint(%.8X)\n",ulAddress));
for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(aSwBreakpoints[0]));i++)
{
p = &aSwBreakpoints[i];
if(p->ulAddress == ulAddress &&
p->bUsed == TRUE &&
p->bPermanent == TRUE)
{
LEAVE_FUNC();
return p;
}
}
LEAVE_FUNC();
return NULL;
}
//*************************************************************************
// ListSWBreakpoints()
//
//*************************************************************************
void ListSWBreakpoints(void)
{
PSW_BP p;
ULONG i;
LPSTR pSymbolName;
PDEBUG_MODULE pMod;
ENTER_FUNC();
DPRINT((0,"ListSWBreakpoints()\n"));
for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++)
{
p = &aSwBreakpoints[i];
if(p->bUsed == TRUE && p->bVirtual == FALSE)
{
if((pSymbolName = FindFunctionByAddress(p->ulAddress,NULL,NULL)) )
{
pMod = FindModuleFromAddress(p->ulAddress);
PICE_sprintf(tempBp,"[%u] %.8X (%S!%s) %s\n",i,p->ulAddress,pMod->name,pSymbolName,p->bPermanent?"PERMANENT":"");
}
else
{
if(ScanExportsByAddress(&pSymbolName,p->ulAddress))
PICE_sprintf(tempBp,"[%u] %.8X (%s) %s\n",i,p->ulAddress,pSymbolName,p->bPermanent?"PERMANENT":"");
else
PICE_sprintf(tempBp,"[%u] %.8X (no symbol) %s\n",i,p->ulAddress,p->bPermanent?"PERMANENT":"");
}
Print(OUTPUT_WINDOW,tempBp);
}
else if(p->bUsed == TRUE)
{
PICE_sprintf(tempBp,"[%u] xxxxxxxx (%s!%s) VIRTUAL\n",i,p->szModName,p->szFunctionName);
Print(OUTPUT_WINDOW,tempBp);
}
}
LEAVE_FUNC();
}
//*************************************************************************
// RevirtualizeBreakpointsForModule()
//
//*************************************************************************
void RevirtualizeBreakpointsForModule(PDEBUG_MODULE pMod)
{
ULONG i,start,end;
PSW_BP p;
char temp[DEBUG_MODULE_NAME_LEN];
DPRINT((0,"RevirtualizeBreakpointsForModule(%x)\n",(ULONG)pMod));
if(IsRangeValid((ULONG)pMod,sizeof(DEBUG_MODULE)) )
{
start = (ULONG)pMod->BaseAddress;
end = (ULONG)pMod->BaseAddress+pMod->size;
DPRINT((0,"RevirtualizeBreakpointsForModule(): module %x (%x-%x)\n",(ULONG)pMod,start,end));
// go through all breakpoints
for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++)
{
p = &aSwBreakpoints[i];
// if it's used and installed and not virtual
if(p->bUsed && p->bInstalled && p->bVirtual == FALSE)
{
// make sure we're in module's bound
if(p->ulAddress>=start && p->ulAddress<end)
{
LPSTR pFind;
ULONG ulFunctionAddress;
DPRINT((0,"RevirtualizeBreakpointsForModule(): module breakpoint %u\n",i));
// find the function in which this breakpoint resides
if(ScanExportsByAddress(&pFind,p->ulAddress))
{
// from now on it's virtual again
p->bVirtual = TRUE;
if(IsAddressValid(p->ulAddress) )
{
BOOLEAN isWriteable;
if( !( isWriteable = IsAddressWriteable(p->ulAddress) ) )
SetAddressWriteable(p->ulAddress,TRUE);
DPRINT((0,"RevirtualizeBreakpointsForModule(): restoring original opcode @ %x\n",p->ulAddress));
*(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode;
if( !isWriteable )
SetAddressWriteable(p->ulAddress,FALSE);
}
else
{
DPRINT((0,"RevirtualizeBreakpointsForModule(): could not restore original opcode @ %x\n",p->ulAddress));
}
// skip past the module separator
while(*pFind!='!')pFind++;
pFind++;
// remember the function and the module for reinstallation
CopyWideToAnsi(temp,pMod->name);
PICE_strcpy(p->szModName,temp);
PICE_strcpy(p->szFunctionName,pFind);
DPRINT((0,"RevirtualizeBreakpointsForModule(): %s!%s\n",p->szModName,p->szFunctionName));
// if function name contains a '+' it's an offset
pFind = p->szFunctionName;
while(*pFind!=0)
{
DPRINT((0,"RevirtualizeBreakpointsForModule(): [1] %s\n",pFind));
// found any offset to function
if(*pFind=='+')
{
*pFind=0;
break;
}
pFind++;
}
DPRINT((0,"RevirtualizeBreakpointsForModule(): [2] %s\n",p->szFunctionName));
if(ScanExports(p->szFunctionName,&ulFunctionAddress))
{
p->ulAddress -= ulFunctionAddress;
DPRINT((0,"RevirtualizeBreakpointsForModule(): [1] function @ %x offset = %x\n",ulFunctionAddress,p->ulAddress));
}
else
{
if((ulFunctionAddress = FindFunctionInModuleByName(p->szFunctionName,pMod)) )
{
p->ulAddress -= ulFunctionAddress;
DPRINT((0,"RevirtualizeBreakpointsForModule(): [2] function @ %x offset = %x\n",ulFunctionAddress,p->ulAddress));
}
else
{
DPRINT((0,"RevirtualizeBreakpointsForModule(): Breakpoint %u could not be virtualized properly!\n",i));
PICE_sprintf(tempBp,"Breakpoint %u could not be virtualized properly!\n",i);
Print(OUTPUT_WINDOW,tempBp);
}
}
}
else
{
DPRINT((0,"RevirtualizeBreakpointsForModule(): function for %x not found!\n",p->ulAddress));
PICE_memset(p,0,sizeof(*p));
}
}
}
}
}
}
//*************************************************************************
// NewInt3Handler()
//
//*************************************************************************
__asm__ ("\n\t \
NewInt3Handler:\n\t \
pushl $" STR(REASON_INT3) "\n\t \
// call debugger loop\n\t \
jmp NewInt31Handler\n\t \
");
//*************************************************************************
// InstallInt3Hook()
//
//*************************************************************************
void InstallInt3Hook(void)
{
ULONG LocalInt3Handler;
ENTER_FUNC();
DPRINT((0,"enter InstallInt3Hook()...\n"));
MaskIrqs();
if(!OldInt3Handler)
{
PICE_memset(aSwBreakpoints,0,sizeof(aSwBreakpoints));
__asm__("mov $NewInt3Handler,%0"
:"=r" (LocalInt3Handler)
:
:"eax");
OldInt3Handler=SetGlobalInt(0x03,(ULONG)LocalInt3Handler);
}
UnmaskIrqs();
DPRINT((0,"leave InstallInt3Hook()...\n"));
LEAVE_FUNC();
}
//*************************************************************************
// DeInstallInt3Hook()
//
//*************************************************************************
void DeInstallInt3Hook(void)
{
ENTER_FUNC();
DPRINT((0,"enter DeInstallInt3Hook()...\n"));
MaskIrqs();
if(OldInt3Handler)
{
RemoveAllSWBreakpoints(TRUE);
SetGlobalInt(0x03,(ULONG)OldInt3Handler);
OldInt3Handler=0;
}
UnmaskIrqs();
DPRINT((0,"leave DeInstallInt3Hook()...\n"));
LEAVE_FUNC();
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -