void CallStackView::updateCallStack() { DBGCALLSTACK callstack; memset(&callstack, 0, sizeof(DBGCALLSTACK)); if(!DbgFunctions()->GetCallStack) return; DbgFunctions()->GetCallStack(&callstack); setRowCount(callstack.total); for(int i = 0; i < callstack.total; i++) { QString addrText = ToPtrString(callstack.entries[i].addr); setCellContent(i, 0, addrText); addrText = ToPtrString(callstack.entries[i].to); setCellContent(i, 1, addrText); if(callstack.entries[i].from) { addrText = ToPtrString(callstack.entries[i].from); setCellContent(i, 2, addrText); } setCellContent(i, 3, callstack.entries[i].comment); } if(callstack.total) BridgeFree(callstack.entries); reloadData(); }
std::unique_ptr<DBGPATCHINFO> EnumPatches(size_t & buffersize, size_t & numPatches) { if(!DbgIsDebugging()) return nullptr; DbgFunctions()->PatchEnum(0, &buffersize); if(buffersize % sizeof(DBGPATCHINFO) != 0) { MessageBox(hwndDlg, LoadWideString(IDS_OUTDATED).c_str(), LoadWideString(IDS_PLUGNAME).c_str(), MB_ICONERROR); return nullptr; } if(buffersize == 0) { MessageBox(hwndDlg, LoadWideString(IDS_EMPTYPATCH).c_str(), LoadWideString(IDS_PLUGNAME).c_str(), MB_ICONERROR); return nullptr; } numPatches = buffersize / sizeof(DBGPATCHINFO); std::unique_ptr<DBGPATCHINFO> patchList(new DBGPATCHINFO[numPatches]); memset(patchList.get(), 0, numPatches * sizeof(DBGPATCHINFO)); DbgFunctions()->PatchEnum(patchList.get(), &buffersize); std::qsort(patchList.get(), numPatches, sizeof(DBGPATCHINFO), [](const void* a, const void* b) { const DBGPATCHINFO* A = (const DBGPATCHINFO*)a; const DBGPATCHINFO* B = (const DBGPATCHINFO*)b; if(A->addr > B->addr) return 1; else if(A->addr < B->addr) return -1; else return 0; }); return patchList; }
void PageMemoryRights::RunAddrSize(duint addrin, duint sizein, QString pagetypein) { addr = addrin; size = sizein; pagetype = pagetypein; QTableWidget* tableWidget = ui->pagetableWidget; tableWidget->setSelectionBehavior(QAbstractItemView::SelectRows); duint nr_pages = size / PAGE_SIZE; tableWidget->setColumnCount(2); tableWidget->setRowCount(nr_pages); tableWidget->setHorizontalHeaderItem(0, new QTableWidgetItem(QString(tr("Address")))); tableWidget->setHorizontalHeaderItem(1, new QTableWidgetItem(QString(tr("Rights")))); duint actual_addr; char rights[RIGHTS_STRING_SIZE]; for(duint i = 0; i < nr_pages; i++) { actual_addr = addr + (i * PAGE_SIZE); tableWidget->setItem(i, 0, new QTableWidgetItem(ToPtrString(actual_addr))); if(DbgFunctions()->GetPageRights(actual_addr, rights)) tableWidget->setItem(i, 1, new QTableWidgetItem(QString(rights))); } QModelIndex idx = (ui->pagetableWidget->model()->index(0, 0)); ui->pagetableWidget->selectionModel()->select(idx, QItemSelectionModel::Select); idx = (ui->pagetableWidget->model()->index(0, 1)); ui->pagetableWidget->selectionModel()->select(idx, QItemSelectionModel::Select); ui->radioFullaccess->setChecked(true); ui->chkPageguard->setCheckable(true); exec(); }
void AssembleDialog::validateInstruction(QString expression) { if(!ui->lineEdit->text().length()) { emit mValidateThread->emitInstructionChanged(0, tr("empty instruction")); return; } //void instructionChanged(bool validInstruction, dsint sizeDifference, QString error) dsint sizeDifference = 0; int typedInstructionSize = 0; int selectedInstructionSize = 0; bool validInstruction = false; QByteArray error(MAX_ERROR_SIZE, 0); BASIC_INSTRUCTION_INFO basicInstrInfo; // Get selected instruction info (size here) DbgDisasmFastAt(mSelectedInstrVa, &basicInstrInfo); selectedInstructionSize = basicInstrInfo.size; // Get typed in instruction size if(!DbgFunctions()->Assemble(mSelectedInstrVa, NULL, &typedInstructionSize, ui->lineEdit->text().toUtf8().constData(), error.data()) || selectedInstructionSize == 0) { emit mValidateThread->emitInstructionChanged(0, QString(error)); return; } // Valid instruction validInstruction = true; sizeDifference = typedInstructionSize - selectedInstructionSize; emit mValidateThread->emitInstructionChanged(sizeDifference, ""); }
void SettingsDialog::on_chkSetJIT_stateChanged(int arg1) { if(arg1 == Qt::Unchecked) { if(DbgFunctions()->GetJit) { char jit_def_entry[MAX_SETTING_SIZE] = ""; QString qsjit_def_entry; DbgFunctions()->GetDefJit(jit_def_entry); qsjit_def_entry = jit_def_entry; // if there are not an OLD JIT Stored GetJit(NULL,) returns false. if((DbgFunctions()->GetJit(NULL, true) == false) && (ui->editJIT->text() == qsjit_def_entry)) { /* * Only do this when the user wants uncheck the JIT and there are not an OLD JIT Stored * and the JIT in Windows registry its this debugger. * Scenario 1: the JIT in Windows registry its this debugger, if the database of the * debugger was removed and the user wants uncheck the JIT: he cant (this block its executed then) * - * Scenario 2: the JIT in Windows registry its NOT this debugger, if the database of the debugger * was removed and the user in MISC tab wants check and uncheck the JIT checkbox: he can (this block its NOT executed then). */ QMessageBox msg(QMessageBox::Warning, "ERROR NOT FOUND OLD JIT", "NOT FOUND OLD JIT ENTRY STORED, USE SETJIT COMMAND"); msg.setWindowIcon(QIcon(":/icons/images/compile-warning.png")); msg.setParent(this, Qt::Dialog); msg.setWindowFlags(msg.windowFlags() & (~Qt::WindowContextHelpButtonHint)); msg.exec(); settings.miscSetJIT = true; } else settings.miscSetJIT = false; ui->chkSetJIT->setCheckState(bool2check(settings.miscSetJIT)); } settings.miscSetJIT = false; } else settings.miscSetJIT = true; }
void ValidateExpressionThread::run() { while(!mStopThread) { mExpressionMutex.lock(); QString expression = mExpressionText; bool changed = mExpressionChanged; mExpressionChanged = false; mExpressionMutex.unlock(); if(changed) { duint value; bool validExpression = DbgFunctions()->ValFromString(expression.toUtf8().constData(), &value); bool validPointer = validExpression && DbgMemIsValidReadPtr(value); emit expressionChanged(validExpression, validPointer, value); } Sleep(50); } mStopThread = false; }
bool MemoryPage::write(const void* parDest, dsint parRVA, duint parSize) { bool ret = DbgFunctions()->MemPatch(mBase + parRVA, reinterpret_cast<const unsigned char*>(parDest), parSize); GuiUpdatePatches(); return ret; }
void ExportPatch(const std::wstring & templateContent, DBGPATCHINFO* patchList, size_t numPatches) { printFileName(); size_t idx_template = templateContent.find(L"$TEMPLATE_PREFIX:"); size_t idx_module = templateContent.find(L"$MODULE_PREFIX:"); size_t idx_patch = templateContent.find(L"$PATCH:"); size_t idx_module_suffix = templateContent.find(L"$MODULE_SUFFIX:"); size_t idx_template_suffix = templateContent.find(L"$TEMPLATE_SUFFIX:"); if(idx_template == std::wstring::npos || idx_module == std::wstring::npos || idx_patch == std::wstring::npos || idx_module_suffix == std::wstring::npos || idx_template_suffix == std::wstring::npos) { MessageBox(hwndDlg, LoadWideString(IDS_INVALID_PATCH).c_str(), LoadWideString(IDS_PLUGNAME).c_str(), MB_ICONERROR); return; } HANDLE hProcess; wchar_t ProcessName[1024]; memset(ProcessName, 0, sizeof(ProcessName)); hProcess = (HANDLE)DbgValFromString("$hProcess"); if(GetModuleBaseNameW(hProcess, 0, ProcessName, sizeof(ProcessName) / sizeof(wchar_t)) == 0) { MessageBox(hwndDlg, LoadWideString(IDS_HPROCESSFAIL).c_str(), LoadWideString(IDS_PLUGNAME).c_str(), MB_ICONERROR); return; } std::wstring text = templateContent.substr(idx_template + int(wcslen(L"$TEMPLATE_PREFIX:")), idx_module - idx_template - int(wcslen(L"$TEMPLATE_PREFIX:"))); std::wstring modulePrefix = templateContent.substr(idx_module + int(wcslen(L"$MODULE_PREFIX:")), idx_patch - idx_module - int(wcslen(L"$MODULE_PREFIX:"))); std::wstring patchText = templateContent.substr(idx_patch + int(wcslen(L"$PATCH:")), idx_module_suffix - idx_patch - int(wcslen(L"$PATCH:"))); std::wstring moduleSuffix = templateContent.substr(idx_module_suffix + int(wcslen(L"$MODULE_SUFFIX:")), idx_template_suffix - idx_module_suffix - int(wcslen(L"$MODULE_SUFFIX:"))); std::wstring templateSuffix = templateContent.substr(idx_template_suffix + int(wcslen(L"$TEMPLATE_SUFFIX:"))); std::vector<std::pair<std::wstring, unsigned int>> modules; std::string firstModuleUTF8(patchList[0].mod); std::wstring firstModuleUTF16; unsigned int currentModuleCount = 1; utf8::utf8to16(firstModuleUTF8.begin(), firstModuleUTF8.end(), std::back_inserter(firstModuleUTF16)); modules.push_back(std::make_pair(firstModuleUTF16, 1)); for(duint i = 1; i < numPatches; i++) { firstModuleUTF8 = std::string(patchList[i].mod); firstModuleUTF16.clear(); utf8::utf8to16(firstModuleUTF8.begin(), firstModuleUTF8.end(), std::back_inserter(firstModuleUTF16)); if(firstModuleUTF16.compare(modules.back().first) != 0) { modules.back().second = currentModuleCount; currentModuleCount = 1; modules.push_back(std::make_pair(firstModuleUTF16, 1)); } else currentModuleCount++; } modules.back().second = currentModuleCount; currentModuleCount = 0; duint patches = 0; duint modbase; unsigned int currentModule = 0; std::wstring moduleText; for(duint i = 0; i < numPatches; i++) { if(currentModuleCount == 0) { moduleText += modulePrefix + L"\r\n"; modbase = DbgFunctions()->ModBaseFromName(patchList[i].mod); } std::wstring patchText2(patchText); std::wstring newByteText(printByte(patchList[i].newbyte)); ReplaceWString(patchText2, L"$rva", printHex(patchList[i].addr - modbase)); ReplaceWString(patchText2, L"$newByte", newByteText); ReplaceWString(patchText2, L"$patchIndex", printInto(++patches)); moduleText += patchText2 + L"\r\n"; if(currentModuleCount == modules.at(currentModule).second - 1) { moduleText += moduleSuffix + L"\r\n"; ReplaceWString(moduleText, L"$moduleName", modules.at(currentModule).first); ReplaceWString(moduleText, L"$numPatches", printInto(modules.at(currentModule).second)); text += moduleText; moduleText.clear(); currentModuleCount = 0; patches = 0; currentModule++; } else currentModuleCount++; } text.append(templateSuffix); ReplaceWString(text, L"$numPatches", printInto(numPatches)); ReplaceWString(text, L"$exeName", std::wstring(ProcessName)); ReplaceWString(text, L"$date", printTime()); std::wstring compiledate; std::string compiledateASCII(__DATE__); utf8::utf8to16(compiledateASCII.begin(), compiledateASCII.end(), std::back_inserter(compiledate)); ReplaceWString(text, L"$compiledate", compiledate); // save if(SaveFile(exportedname, text)) _plugin_logputs(LoadUTF8String(IDS_SAVESUCCESS).c_str()); else _plugin_logputs(LoadUTF8String(IDS_SAVEFAIL).c_str()); }
void SettingsDialog::LoadSettings() { //Defaults memset(&settings, 0, sizeof(SettingsStruct)); settings.eventSystemBreakpoint = true; settings.eventTlsCallbacks = true; settings.eventEntryBreakpoint = true; settings.eventAttachBreakpoint = true; settings.engineCalcType = calc_unsigned; settings.engineBreakpointType = break_int3short; settings.engineUndecorateSymbolNames = true; settings.engineEnableSourceDebugging = true; settings.exceptionRanges = &realExceptionRanges; settings.disasmArgumentSpaces = false; settings.disasmMemorySpaces = false; settings.disasmUppercase = false; settings.disasmOnlyCipAutoComments = false; settings.disasmTabBetweenMnemonicAndArguments = false; //Events tab GetSettingBool("Events", "SystemBreakpoint", &settings.eventSystemBreakpoint); GetSettingBool("Events", "TlsCallbacks", &settings.eventTlsCallbacks); GetSettingBool("Events", "EntryBreakpoint", &settings.eventEntryBreakpoint); GetSettingBool("Events", "DllEntry", &settings.eventDllEntry); GetSettingBool("Events", "ThreadEntry", &settings.eventThreadEntry); GetSettingBool("Events", "AttachBreakpoint", &settings.eventAttachBreakpoint); GetSettingBool("Events", "DllLoad", &settings.eventDllLoad); GetSettingBool("Events", "DllUnload", &settings.eventDllUnload); GetSettingBool("Events", "ThreadStart", &settings.eventThreadStart); GetSettingBool("Events", "ThreadEnd", &settings.eventThreadEnd); GetSettingBool("Events", "DebugStrings", &settings.eventDebugStrings); ui->chkSystemBreakpoint->setCheckState(bool2check(settings.eventSystemBreakpoint)); ui->chkTlsCallbacks->setCheckState(bool2check(settings.eventTlsCallbacks)); ui->chkEntryBreakpoint->setCheckState(bool2check(settings.eventEntryBreakpoint)); ui->chkDllEntry->setCheckState(bool2check(settings.eventDllEntry)); ui->chkThreadEntry->setCheckState(bool2check(settings.eventThreadEntry)); ui->chkAttachBreakpoint->setCheckState(bool2check(settings.eventAttachBreakpoint)); ui->chkDllLoad->setCheckState(bool2check(settings.eventDllLoad)); ui->chkDllUnload->setCheckState(bool2check(settings.eventDllUnload)); ui->chkThreadStart->setCheckState(bool2check(settings.eventThreadStart)); ui->chkThreadEnd->setCheckState(bool2check(settings.eventThreadEnd)); ui->chkDebugStrings->setCheckState(bool2check(settings.eventDebugStrings)); //Engine tab duint cur; if(BridgeSettingGetUint("Engine", "CalculationType", &cur)) { switch(cur) { case calc_signed: case calc_unsigned: settings.engineCalcType = (CalcType)cur; break; } } if(BridgeSettingGetUint("Engine", "BreakpointType", &cur)) { switch(cur) { case break_int3short: case break_int3long: case break_ud2: settings.engineBreakpointType = (BreakpointType)cur; break; } } GetSettingBool("Engine", "UndecorateSymbolNames", &settings.engineUndecorateSymbolNames); GetSettingBool("Engine", "EnableDebugPrivilege", &settings.engineEnableDebugPrivilege); GetSettingBool("Engine", "EnableSourceDebugging", &settings.engineEnableSourceDebugging); GetSettingBool("Engine", "SaveDatabaseInProgramDirectory", &settings.engineSaveDatabaseInProgramDirectory); GetSettingBool("Engine", "DisableDatabaseCompression", &settings.engineDisableDatabaseCompression); switch(settings.engineCalcType) { case calc_signed: ui->radioSigned->setChecked(true); break; case calc_unsigned: ui->radioUnsigned->setChecked(true); break; } switch(settings.engineBreakpointType) { case break_int3short: ui->radioInt3Short->setChecked(true); break; case break_int3long: ui->radioInt3Long->setChecked(true); break; case break_ud2: ui->radioUd2->setChecked(true); break; } ui->chkUndecorateSymbolNames->setChecked(settings.engineUndecorateSymbolNames); ui->chkEnableDebugPrivilege->setChecked(settings.engineEnableDebugPrivilege); ui->chkEnableSourceDebugging->setChecked(settings.engineEnableSourceDebugging); ui->chkSaveDatabaseInProgramDirectory->setChecked(settings.engineSaveDatabaseInProgramDirectory); ui->chkDisableDatabaseCompression->setChecked(settings.engineDisableDatabaseCompression); //Exceptions tab char exceptionRange[MAX_SETTING_SIZE] = ""; if(BridgeSettingGet("Exceptions", "IgnoreRange", exceptionRange)) { QStringList ranges = QString(exceptionRange).split(QString(","), QString::SkipEmptyParts); for(int i = 0; i < ranges.size(); i++) { unsigned long start; unsigned long end; if(sscanf_s(ranges.at(i).toUtf8().constData(), "%08X-%08X", &start, &end) == 2 && start <= end) { RangeStruct newRange; newRange.start = start; newRange.end = end; AddRangeToList(newRange); } } } //Disasm tab GetSettingBool("Disassembler", "ArgumentSpaces", &settings.disasmArgumentSpaces); GetSettingBool("Disassembler", "MemorySpaces", &settings.disasmMemorySpaces); GetSettingBool("Disassembler", "Uppercase", &settings.disasmUppercase); GetSettingBool("Disassembler", "OnlyCipAutoComments", &settings.disasmOnlyCipAutoComments); GetSettingBool("Disassembler", "TabbedMnemonic", &settings.disasmTabBetweenMnemonicAndArguments); ui->chkArgumentSpaces->setChecked(settings.disasmArgumentSpaces); ui->chkMemorySpaces->setChecked(settings.disasmMemorySpaces); ui->chkUppercase->setChecked(settings.disasmUppercase); ui->chkOnlyCipAutoComments->setChecked(settings.disasmOnlyCipAutoComments); ui->chkTabBetweenMnemonicAndArguments->setChecked(settings.disasmTabBetweenMnemonicAndArguments); //Misc tab if(DbgFunctions()->GetJit) { char jit_entry[MAX_SETTING_SIZE] = ""; char jit_def_entry[MAX_SETTING_SIZE] = ""; bool isx64 = true; #ifndef _WIN64 isx64 = false; #endif bool jit_auto_on; bool get_jit_works; get_jit_works = DbgFunctions()->GetJit(jit_entry, isx64); DbgFunctions()->GetDefJit(jit_def_entry); if(get_jit_works) { if(_strcmpi(jit_entry, jit_def_entry) == 0) settings.miscSetJIT = true; } else settings.miscSetJIT = false; ui->editJIT->setText(jit_entry); ui->editJIT->setCursorPosition(0); ui->chkSetJIT->setCheckState(bool2check(settings.miscSetJIT)); bool get_jit_auto_works = DbgFunctions()->GetJitAuto(&jit_auto_on); if(!get_jit_auto_works || !jit_auto_on) settings.miscSetJITAuto = true; else settings.miscSetJITAuto = false; ui->chkConfirmBeforeAtt->setCheckState(bool2check(settings.miscSetJITAuto)); if(!DbgFunctions()->IsProcessElevated()) { ui->chkSetJIT->setDisabled(true); ui->chkConfirmBeforeAtt->setDisabled(true); ui->lblAdminWarning->setText(QString("<font color=\"red\"><b>Warning</b></font>: Run the debugger as Admin to enable JIT.")); } else ui->lblAdminWarning->setText(""); } char setting[MAX_SETTING_SIZE] = ""; if(BridgeSettingGet("Symbols", "DefaultStore", setting)) ui->editSymbolStore->setText(QString(setting)); else { QString defaultStore = "http://msdl.microsoft.com/download/symbols"; ui->editSymbolStore->setText(defaultStore); BridgeSettingSet("Symbols", "DefaultStore", defaultStore.toUtf8().constData()); } if(BridgeSettingGet("Symbols", "CachePath", setting)) ui->editSymbolCache->setText(QString(setting)); bJitOld = settings.miscSetJIT; bJitAutoOld = settings.miscSetJITAuto; }
void SettingsDialog::SaveSettings() { //Events tab BridgeSettingSetUint("Events", "SystemBreakpoint", settings.eventSystemBreakpoint); BridgeSettingSetUint("Events", "TlsCallbacks", settings.eventTlsCallbacks); BridgeSettingSetUint("Events", "EntryBreakpoint", settings.eventEntryBreakpoint); BridgeSettingSetUint("Events", "DllEntry", settings.eventDllEntry); BridgeSettingSetUint("Events", "ThreadEntry", settings.eventThreadEntry); BridgeSettingSetUint("Events", "AttachBreakpoint", settings.eventAttachBreakpoint); BridgeSettingSetUint("Events", "DllLoad", settings.eventDllLoad); BridgeSettingSetUint("Events", "DllUnload", settings.eventDllUnload); BridgeSettingSetUint("Events", "ThreadStart", settings.eventThreadStart); BridgeSettingSetUint("Events", "ThreadEnd", settings.eventThreadEnd); BridgeSettingSetUint("Events", "DebugStrings", settings.eventDebugStrings); //Engine tab BridgeSettingSetUint("Engine", "CalculationType", settings.engineCalcType); BridgeSettingSetUint("Engine", "BreakpointType", settings.engineBreakpointType); BridgeSettingSetUint("Engine", "UndecorateSymbolNames", settings.engineUndecorateSymbolNames); BridgeSettingSetUint("Engine", "EnableDebugPrivilege", settings.engineEnableDebugPrivilege); BridgeSettingSetUint("Engine", "EnableSourceDebugging", settings.engineEnableSourceDebugging); BridgeSettingSetUint("Engine", "SaveDatabaseInProgramDirectory", settings.engineSaveDatabaseInProgramDirectory); BridgeSettingSetUint("Engine", "DisableDatabaseCompression", settings.engineDisableDatabaseCompression); //Exceptions tab QString exceptionRange = ""; for(int i = 0; i < settings.exceptionRanges->size(); i++) exceptionRange.append(QString().sprintf("%.8X-%.8X", settings.exceptionRanges->at(i).start, settings.exceptionRanges->at(i).end) + QString(",")); exceptionRange.chop(1); //remove last comma if(exceptionRange.size()) BridgeSettingSet("Exceptions", "IgnoreRange", exceptionRange.toUtf8().constData()); else BridgeSettingSet("Exceptions", "IgnoreRange", ""); //Disasm tab BridgeSettingSetUint("Disassembler", "ArgumentSpaces", settings.disasmArgumentSpaces); BridgeSettingSetUint("Disassembler", "MemorySpaces", settings.disasmMemorySpaces); BridgeSettingSetUint("Disassembler", "Uppercase", settings.disasmUppercase); BridgeSettingSetUint("Disassembler", "OnlyCipAutoComments", settings.disasmOnlyCipAutoComments); BridgeSettingSetUint("Disassembler", "TabbedMnemonic", settings.disasmTabBetweenMnemonicAndArguments); //Misc tab if(DbgFunctions()->GetJit) { if(bJitOld != settings.miscSetJIT) { if(settings.miscSetJIT) DbgCmdExecDirect("setjit oldsave"); else DbgCmdExecDirect("setjit restore"); } if(bJitAutoOld != settings.miscSetJITAuto) { if(!settings.miscSetJITAuto) DbgCmdExecDirect("setjitauto on"); else DbgCmdExecDirect("setjitauto off"); } } if(settings.miscSymbolStore) BridgeSettingSet("Symbols", "DefaultStore", ui->editSymbolStore->text().toUtf8().constData()); if(settings.miscSymbolCache) BridgeSettingSet("Symbols", "CachePath", ui->editSymbolCache->text().toUtf8().constData()); BridgeSettingFlush(); Config()->load(); DbgSettingsUpdated(); GuiUpdateAllViews(); }