-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathXDbgProxy.h
134 lines (105 loc) · 3.3 KB
/
XDbgProxy.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#pragma once
#include "Thread.h"
#include "Lock.h"
#include <list>
#include <map>
#include "common.h"
#include "ThreadMgr.h"
#include "Utils.h"
class XDbgProxy : protected Thread, public ThreadMgr /*, protected Mutex */
{
private:
XDbgProxy(void);
~XDbgProxy(void);
public:
bool initialize(); // ³õʼ»¯
void stop();
static XDbgProxy& instance()
{
static XDbgProxy inst;
return inst;
}
bool isAttached() const
{
return _attached;
}
void waitForAttach();
BOOL DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved);
protected:
static LONG CALLBACK _VectoredHandler(PEXCEPTION_POINTERS ExceptionInfo);
static VOID CALLBACK _LdrDllNotification(ULONG NotificationReason,
union _LDR_DLL_NOTIFICATION_DATA* NotificationData, PVOID Context);
VOID CALLBACK LdrDllNotification(ULONG NotificationReason,
union _LDR_DLL_NOTIFICATION_DATA* NotificationData, PVOID Context);
LONG CALLBACK VectoredHandler(PEXCEPTION_POINTERS ExceptionInfo);
LONG CALLBACK AsyncVectoredHandler(DebugEventPacket& pkt);
bool createEventPipe();
bool createApiPipe();
// bool createPipe();
virtual long run();
virtual long runApiLoop();
BOOL sendDbgEvent(const DebugEventPacket& event);
BOOL recvDbgAck(struct DebugAckPacket& ack);
BOOL sendDbgEvent(const DebugEventPacket& event, struct DebugAckPacket& ack, bool freeze = true);
void onDbgConnect();
void onDbgDisconnect();
void sendProcessInfo(DWORD firstThread);
void sendModuleInfo(DWORD firstThread);
void sendThreadInfo();
//////////////////////////////////////////////////////////////////////////
struct DbgEventEntry {
SLIST_ENTRY entry;
DebugEventPacket pkt;
};
void pushDbgEvent(DebugEventPacket& pkt);
bool popDbgEvent(DebugEventPacket& pkt);
//////////////////////////////////////////////////////////////////////////
// REMOTE API
class ApiThread : public Thread {
public:
ApiThread(XDbgProxy& parent) : _parent(parent)
{
}
protected:
virtual long run()
{
return _parent.runApiLoop();
}
XDbgProxy& _parent;
};
BOOL recvApiCall(ApiCallPacket& inPkt);
BOOL sendApiReturn(const ApiReturnPakcet& outPkt);
typedef void(XDbgProxy::* RemoteApiHandler)(ApiCallPacket& inPkt);
void registerRemoteApi();
void ReadProcessMemory(ApiCallPacket& inPkt);
void WriteProcessMemory(ApiCallPacket& inPkt);
void SuspendThread(ApiCallPacket& inPkt);
void ResumeThread(ApiCallPacket& inPkt);
void VirtualQueryEx(ApiCallPacket& inPkt);
void GetThreadContext(ApiCallPacket& inPkt);
void SetThreadContext(ApiCallPacket& inPkt);
void VirtualProtectEx(ApiCallPacket& inPkt);
void _GetModuleFileNameExW(ApiCallPacket& inPkt);
void CreateRemoteThread(ApiCallPacket& inPkt);
//////////////////////////////////////////////////////////////////////////
protected:
HANDLE _hPipe;
volatile bool _attached;
EXCEPTION_RECORD* _lastException;
ULONG _lastExceptCode;
PVOID _lastExceptAddr;
volatile int _stopFlag;
typedef std::list<DebugEventPacket> DbgEvtPkgs;
DbgEvtPkgs _pendingEvents;
// event completion notification
HANDLE _evtQueueEvent;
Mutex _evtLock;
Mutex _evtQueueLock;
LONG _exceptHandleCode;
PVOID _vehCookie;
PVOID _dllNotifCooike;
HANDLE _hApiPipe;
ApiThread _apiThread;
typedef std::map<DWORD, RemoteApiHandler> RemoteApiHandlers;
RemoteApiHandlers _apiHandlers;
};