////////////////////////////////////////////////////////////////////////////////////////////////////////// // callback functions // void initial_break (DEBUG_EVENT *db) { char line[256], module[128]; DWORD f_offset, offset, base, size; int loaded = 0; node *bp_node; dbg.ActivateTraces(); printf("initial break, tid = %04x.\n\n", dbg.FindThread( (DWORD)db->dwThreadId )->hThread); if (!dbg.get_thandle()) { printf("manually setting thread handle.\n"); dbg.set_thandle(dbg.FindThread( (DWORD)db->dwThreadId )->hThread); } // if an initial breakpoint list was provided, process it. if (bpl != NULL) { printf("loading breakpoints from %s\n", breakpoint_list); // process the breakpoint list line by line. for (int i = 0; fgets(line, sizeof(line), bpl) != NULL; i++) { // line format: module name:function offset:offset // ignore malformatted lines. if (sscanf(line, "%127[^:]:%08x:%08x", module, &f_offset, &offset) == 0) continue; // determine if this module already exists in our linked list. // if not attempt to locate the module in memory. if ((bp_node = ps_node_find_by_name(module, bp_modules)) == NULL) { // attempt to determine the module address / size. if (!ps_base_address(module, &base, &size)) { printf("failed locating base address for module %s\n", module); continue; } // add a bp_node to the linked list. bp_node = (node *) malloc(sizeof(node)); bp_node->base = base; bp_node->size = size; strncpy(bp_node->name, module, sizeof(bp_node->name) - 1); ps_node_add(bp_node, &bp_modules, &num_bp_modules); } // the '-25' means we want to reserve 25 left justified characters for the name. // the '.25' specifies that we want the string truncated after 25 characters. //printf("Setting breakpoint @%08x [%-25.25s] ... ", address, name); if (!dbg.bpx(bp_node->base + offset)) { //printf("failed setting breakpoint @ 0x%08x\n", bp_node->base + offset); continue; } // at this point a breakpoint was successfully loaded. loaded++; if (i % 100 == 0) printf("setting breakpoint %d\r", i); // add function to splay tree. //if (offset == f_offset) // function_list = splay_insert(address, name, function_list); } printf("done. %d of %d breakpoints set.\n", loaded, i); fclose(bpl); } // display the command menu. ps_commands(); }
////////////////////////////////////////////////////////////////////////////////////////////////////////// // ps_load_dll_callback() // // callback function for when a new dll is loaded into the target process. // void ps_load_dll_callback (PEfile *pe) { FILE *fp; char filename[MAX_PATH]; char line[256], module[128]; DWORD f_offset, offset, base, size; int loaded = 0; node *bp_node; map <DWORD,t_Debugger_memory*>::const_iterator it; strncpy(module, pe->internal_name.c_str(), sizeof(module) - 1); // determine if this module already exists in our linked list. // if not attempt to locate the module in memory. if ((bp_node = ps_node_find_by_name(module, bp_modules)) == NULL) { // attempt to determine the module address / size. if (!ps_base_address(module, &base, &size)) { printf("failed locating base address for module %s\n", module); return; } } // if a breakpoint list exists for the recently loaded module then parse it and set breakpoints. _snprintf(filename, sizeof(filename) - 1, "%s.bpl", module); if ((fp = fopen(filename, "r+")) == NULL) return; // add the bp_node to the linked list. bp_node = (node *) malloc(sizeof(node)); bp_node->base = base; bp_node->size = size; strncpy(bp_node->name, module, sizeof(bp_node->name) - 1); ps_node_add(bp_node, &bp_modules, &num_bp_modules); // pe->winpe->ImageBase + pe->section[0]->VirtualAddress == 'base' but that's only in situations where // the first section is the executable section. most dlls are simply imagebase+0x1000 but we don't want // to make either assumption. // XXX - there is definetely a more elegant way of determining 'base'. printf("processing breakpoints for module %s at %08x\n", module, base); // process the breakpoint list line by line. for (int i = 0; fgets(line, sizeof(line), fp) != NULL; i++) { // line format: module name:function offset:offset // ignore malformatted lines. if (sscanf(line, "%127[^:]:%08x:%08x", module, &f_offset, &offset) == 0) continue; if (!dbg.bpx(bp_node->base + offset)) { //printf("failed setting breakpoint @ 0x%08x\n", base + offset); continue; } // at this point a breakpoint was successfully loaded. loaded++; if (i % 100 == 0) printf("setting breakpoint %d\r", i); } printf("done. %d of %d breakpoints set.\n\n", loaded, i); fclose(fp); return; }