void XDbgProxy::sendThreadInfo()
{
MyTrace("%s()", __FUNCTION__);
DebugEventPacket event;
memset(&event, 0, sizeof(event));
DEBUG_EVENT& msg = event.event;
DebugAckPacket ack;
msg.dwDebugEventCode = CREATE_THREAD_DEBUG_EVENT;
msg.dwProcessId = XDbgGetCurrentProcessId();
DWORD threadId = getFirstThread();
while (threadId) {
msg.dwThreadId = threadId;
msg.u.CreateThread.hThread = NULL;
msg.u.CreateThread.lpStartAddress = (LPTHREAD_START_ROUTINE)
GetThreadStartAddress(threadId);
msg.u.CreateThread.lpThreadLocalBase = GetThreadTeb(threadId);
sendDbgEvent(event, ack, false);
threadId = getNextThread();
}
}
void XDbgProxy::sendProcessInfo(DWORD firstThread)
{
MyTrace("%s()", __FUNCTION__);
DebugEventPacket event;
memset(&event, 0, sizeof(event));
DEBUG_EVENT& msg = event.event;
DebugAckPacket ack;
msg.dwProcessId = XDbgGetCurrentProcessId();
msg.dwThreadId = firstThread;
char modName[MAX_PATH + 1] = {0};
memset(&msg.u.CreateProcessInfo, 0, sizeof(msg.u.CreateProcessInfo));
msg.dwDebugEventCode = CREATE_PROCESS_DEBUG_EVENT;
msg.u.CreateProcessInfo.dwDebugInfoFileOffset = 0;
msg.u.CreateProcessInfo.fUnicode = 0;
msg.u.CreateProcessInfo.hFile = NULL;
msg.u.CreateProcessInfo.hProcess = NULL;
msg.u.CreateProcessInfo.hThread = NULL;
msg.u.CreateProcessInfo.lpBaseOfImage = (PVOID )GetModuleHandle(NULL);
GetModuleFileName(GetModuleHandle(NULL), modName, MAX_PATH);
msg.u.CreateProcessInfo.lpImageName = modName;
msg.u.CreateProcessInfo.lpStartAddress = (LPTHREAD_START_ROUTINE)GetThreadStartAddress(firstThread);
MyTrace("%s(): mod: %s, main thread start at: %p", __FUNCTION__, modName,
msg.u.CreateProcessInfo.lpStartAddress);
msg.u.CreateProcessInfo.lpThreadLocalBase = GetThreadTeb(firstThread);
msg.u.CreateProcessInfo.nDebugInfoSize = 0;
sendDbgEvent(event, ack, false);
}
PVOID WINAPI GetThreadStartAddress(DWORD tid)
{
HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, tid);
PVOID addr = GetThreadStartAddress(hThread);
CloseHandle(hThread);
return addr;
}
struct Thread_info * ListThreads(HANDLE heap)
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE,hProcess,hThread;
THREADENTRY32 te32;
MEMORY_BASIC_INFORMATION mbi;
struct Thread_info *tinfo,*Start;
hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 );
if( hThreadSnap == INVALID_HANDLE_VALUE )
return( FALSE );
te32.dwSize = sizeof(THREADENTRY32 );
if( !Thread32First( hThreadSnap, &te32 ) )
{
CloseHandle( hThreadSnap ); // Must clean up the snapshot object!
return( FALSE );
}
Start = init(heap);
if(Start == 0)
return 0;
tinfo = Start;
do
{
if(te32.th32ThreadID == GetCurrentThreadId())
continue;
tinfo->Tid = te32.th32ThreadID;
tinfo->Pid = te32.th32OwnerProcessID;
hThread = OpenThread(THREAD_ALL_ACCESS,0,tinfo->Tid);
hProcess = OpenProcess(PROCESS_ALL_ACCESS,0,tinfo->Pid);
if(hThread && hProcess)
{
tinfo->OEP = GetThreadStartAddress(hThread,hProcess);
if(tinfo->OEP)
{
VirtualQueryEx(hProcess,tinfo->OEP,&mbi,sizeof(MEMORY_BASIC_INFORMATION));
tinfo->ImageType = mbi.Type;
tinfo->AllocationType = mbi.AllocationProtect;
}
}
CloseHandle(hProcess);
CloseHandle(hThread);
tinfo->next = init(heap);
if(tinfo->next == NULL)
return 0;
tinfo = tinfo->next;
} while( Thread32Next(hThreadSnap, &te32 ) );
CloseHandle( hThreadSnap );
tinfo->Pid =-1;
tinfo->Tid =-1;
return Start;
}
int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrev, LPSTR lpCmdLine, int nShowCmd)
{
CHAR cMessage[9];
wsprintf(cMessage, "%p", GetThreadStartAddress(GetCurrentThread()));
MessageBox(HWND_DESKTOP, cMessage, "Start Address", MB_ICONINFORMATION | MB_OK);
return 0;
}
// SO, THIS MODULE MUST BE A DLL
BOOL XDbgProxy::DllMain(HMODULE hModule, DWORD reason, LPVOID lpReserved)
{
// MyTrace("%s()", __FUNCTION__);
DebugEventPacket event;
memset(&event, 0, sizeof(event));
DEBUG_EVENT& msg = event.event;
switch (reason) {
case DLL_PROCESS_ATTACH:
{
/* char dllPath[MAX_PATH + 1];
GetModuleFileName(hModule, dllPath, sizeof(dllPath) - 1);
dllPath[sizeof(dllPath) - 1] = 0;
LoadLibrary(dllPath); */
}
// MyTrace("%s(): process(%u) xdbg proxy loaded. thread id: %u", __FUNCTION__,
// GetCurrentProcessId(), GetCurrentThreadId());
break;
case DLL_PROCESS_DETACH:
// MyTrace("%s(): process(%u) xdbg proxy unloaded. thread id: %u", __FUNCTION__,
// GetCurrentProcessId(), GetCurrentThreadId());
break;
case DLL_THREAD_ATTACH:
//MyTrace("%s(): process(%u) xdbg proxy attach thread. thread id: %u <<<", __FUNCTION__,
// XDbgGetCurrentProcessId(), XDbgGetCurrentThreadId());
if (!_attached)
return TRUE;
// REPORT CreateThread
msg.dwProcessId = XDbgGetCurrentProcessId();
msg.dwThreadId = XDbgGetCurrentThreadId();
msg.dwDebugEventCode = CREATE_THREAD_DEBUG_EVENT;
msg.u.CreateThread.hThread = NULL;
msg.u.CreateThread.lpStartAddress = (LPTHREAD_START_ROUTINE )
GetThreadStartAddress(XDbgGetCurrentThread());
msg.u.CreateThread.lpThreadLocalBase = NtCurrentTeb();
pushDbgEvent(event);
//MyTrace("%s(): process(%u) xdbg proxy attach thread. thread id: %u >>>", __FUNCTION__,
// GetCurrentProcessId(), GetCurrentThreadId());
break;
case DLL_THREAD_DETACH:
// REPORT ExitThread
//MyTrace("%s(): process(%u) xdbg proxy detach thread. thread id: %u <<<", __FUNCTION__,
// GetCurrentProcessId(), GetCurrentThreadId());
if (!_attached)
return TRUE;
msg.dwProcessId = XDbgGetCurrentProcessId();
msg.dwThreadId = XDbgGetCurrentThreadId();
msg.dwDebugEventCode = EXIT_THREAD_DEBUG_EVENT;
if (!GetExitCodeThread(XDbgGetCurrentThread(), &msg.u.ExitThread.dwExitCode))
msg.u.ExitThread.dwExitCode = 0;
pushDbgEvent(event);
//MyTrace("%s(): process(%u) xdbg proxy detach thread. thread id: %u >>>", __FUNCTION__,
// GetCurrentProcessId(), GetCurrentThreadId());
break;
};
return TRUE;
}
