📄 debug.h
字号:
#pragma once
#define TF_FLAG 0x100
#define INT3 0xcc
#define JMP 0xe9
#define EAX 0
#define EBX 1
#define ECX 2
#define EDX 3
#define EBP 4
#define ESP 5
#define ESI 6
#define EDI 7
#define EIP 8
#include "image.h"
#include "type.h"
#include "eventobj.h"
class CDancerDoc ;
// record for a breakpoint in target
struct Breakpoint
{
LPVOID m_lpAddress ;
BYTE m_byteCode ;
BOOL m_bLimit ;
CDWordArray m_arRefThread ;
} ;
// record for a thread of target
struct Thread
{
// attribute
DWORD m_dwID ;
LPVOID m_lpStartAddress ;
HANDLE m_hThread ;
Breakpoint* m_pLastBreakpoint ;
CPtrList m_stBreakpoint ;
CPtrList m_stDispatch ;
CList < WORD , WORD > m_stDelay ;
DWORD m_dwDepth ;
public :
Thread ( ) ;
~Thread ( ) ;
} ;
struct Module2
{
LPVOID m_lpBase ;
DWORD m_dwSize ;
CString m_strPathName ;
} ;
class CTypeManager ;
struct Register ;
// debug control core perform all core process
class CDebugControl
{
// interactive with type manager
friend class CTypeManager ;
private :
// attribute
CTypeManager* m_pTypeManager ;
CDancerDoc* m_pDancerDoc ;
BOOL m_bDebugging ;
BOOL m_bPause ;
BOOL m_bInitialBreakpoint ;
BOOL m_bExited ;
HANDLE m_hProcess ;
DWORD m_dwProcessID ;
CPtrArray m_arHooked ;
CPtrArray m_arThread ;
CPtrArray m_arModule ;
CPtrArray m_arBreakpoint ;
CMapPtrToPtr m_mapThread ;
CMapPtrToPtr m_mapModule ;
CMapPtrToPtr m_mapBreakpoint ;
LPVOID m_lpMem ;
CRITICAL_SECTION m_csSync ;
CWinThread* m_pDebugThread ;
public :
// operation
void Start ( ) ;
void Stop ( ) ;
void AttachTo ( CDancerDoc* pDancerDoc ) ;
void Pause ( ) ;
CDebugControl ( ) ;
~CDebugControl ( ) ;
BOOL IsDebugging ( )
{ return m_bDebugging ; }
BOOL IsPaused ( )
{ return m_bPause; }
void PreProcess ( ) ;
void PostProcess ( ) ;
// record for threads of target
void AddThread ( DWORD dwID , LPVOID lpStartAddress , HANDLE hThread ) ;
Thread* QueryThread ( DWORD dwID ) ;
void RemoveThread ( DWORD dwID ) ;
// record for modules of target
void AddModule ( LPVOID lpBase ) ;
Module2* QueryModule ( LPVOID lpAddress ) ;
void RemoveModule ( LPVOID lpBase ) ;
// process for auto breakpoint
Breakpoint* AddBreakpoint ( Thread* pThread , LPVOID lpAdddress ) ;
void AddUnlimitedBreakpoint ( LPVOID lpAdddress ) ;
Breakpoint* QueryBreakpoint ( LPVOID lpAddress ) ;
void StopAtReturn ( Thread* pThread , Breakpoint* pBreakpoint ) ;
// FSM core
void PassBreakpoint ( Thread* pThread , Breakpoint* pBreakpoint ) ;
// debug event handler
DWORD OnCreateProcess ( DWORD dwID , CREATE_PROCESS_DEBUG_INFO& v ) ;
DWORD OnExitProcess ( DWORD dwID , EXIT_PROCESS_DEBUG_INFO& v ) ;
DWORD OnCreateThread ( DWORD dwID , CREATE_THREAD_DEBUG_INFO& v ) ;
DWORD OnExitThread ( DWORD dwID , EXIT_THREAD_DEBUG_INFO& v ) ;
DWORD OnException ( DWORD dwID , EXCEPTION_DEBUG_INFO& v ) ;
DWORD OnLoadDll ( LOAD_DLL_DEBUG_INFO& v ) ;
DWORD OnUnloadDll ( UNLOAD_DLL_DEBUG_INFO& v ) ;
BOOL OnBreakpoint ( DWORD dwID , EXCEPTION_RECORD& v ) ;
BOOL OnSingleStep ( DWORD dwID , EXCEPTION_RECORD& v ) ;
// helper
BYTE ReadByte ( LPVOID lpBase ) ;
WORD ReadWord ( LPVOID lpBase ) ;
DWORD ReadDWord ( LPVOID lpBase ) ;
void ReadString ( LPVOID lpBase , CString& str ) ;
void ReadStringW ( LPVOID lpBase , CString& str ) ;
BOOL ReadBlock ( LPVOID lpBase , LPVOID lpBuf , int size ) ;
void WriteByte ( LPVOID lpBase , BYTE b ) ;
void WriteDWord ( LPVOID lpBase , DWORD dw ) ;
// CPU controller
void EnableSingleStep ( Thread* pThread ) ;
void BackwardEip ( Thread* pThread ) ;
DWORD GetRegister ( Thread* pThread , DWORD dwID ) ;
void SetRegister ( Thread* pThread , DWORD dwID , DWORD v ) ;
DWORD GetParameter ( Thread* pThread , DWORD dwIndex ) ;
LPVOID GetReturnAddress ( Thread* pThread ) ;
void GetAllRegister ( Thread* pThread , Register* pr ) ;
// process when a call is hooking
void PreDispatch ( Thread* pThread , Breakpoint* pBreakpoint ) ;
void PostDispatch ( Thread* pThread ) ;
void OnStubNotify ( Thread* pThread , DWORD dwIndex ) ;
void OnStubNotifyPost ( Thread* pThread , DWORD dwIndex ) ;
// process all thread except the one passed
void SuspendThreadExcept ( Thread* pThread ) ;
void ResumeThreadExcept ( Thread* pThread ) ;
// snap all module currently loaded into target
void SnapModule ( ) ;
// modify target to install hook
void PatchModule ( Module2* pModule ) ;
// check if a hook can be installed properly
BOOL IsPageExecutable ( LPVOID lpAddress ) ;
// helper
WORD LocateHookedByName ( Module2* pModule1 ,
Module2* pModule2 , const CString& strName ) ;
WORD LocateHookedByOrdinal ( Module2* pModule1 ,
Module2* pModule2 , WORD wOrdinal ) ;
void NotifyCreateThread ( DWORD dwID , LPVOID lpAddress ) ;
static UINT DebugThread ( LPVOID lpParam ) ; // debug thread procedure
public :
// routines for user-defined decoder
static BYTE CALLBACK _ReadByte ( HANDLE hControl , LPVOID lpAddress ) ;
static WORD CALLBACK _ReadWord ( HANDLE hControl , LPVOID lpAddress ) ;
static DWORD CALLBACK _ReadDWord ( HANDLE hControl , LPVOID lpAddress ) ;
static BOOL CALLBACK _ReadBlock ( HANDLE hControl , LPVOID lpAddress , LPVOID lpBuf , DWORD dwSize ) ;
static DWORD CALLBACK _ReadString ( HANDLE hControl , LPVOID lpAddress , LPVOID lpBuf ) ;
static DWORD CALLBACK _ReadStringW ( HANDLE hControl , LPVOID lpAddress , LPVOID lpBuf ) ;
static void CALLBACK _RegisterDecoder ( HANDLE hControl , LPCSTR lpTypeName , LPPROC_DECODE_ROUTINE lpDecodeRoutine) ;
static void CALLBACK _OutputString ( HANDLE hControl , LPCSTR lpString ) ;
friend class CRecordManager ;
friend class CDancerDoc ;
friend class CDancerFrame ;
} ;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -