bool ExHandlerGetSEH(std::vector<duint> & Entries)
{
#ifdef _WIN64
return false; // TODO: 64-bit
#endif
static duint nextSEH = 0;
NT_TIB tib;
if(ThreadGetTib((duint)GetTEBLocation(hActiveThread), &tib))
{
EXCEPTION_REGISTRATION_RECORD sehr;
duint addr_ExRegRecord = (duint)tib.ExceptionList;
int MAX_DEPTH = MAX_HANDLER_DEPTH;
while(addr_ExRegRecord != 0xFFFFFFFF && MAX_DEPTH)
{
Entries.push_back(addr_ExRegRecord);
if(!MemRead(addr_ExRegRecord , &sehr, sizeof(EXCEPTION_REGISTRATION_RECORD)))
break;
addr_ExRegRecord = (duint)sehr.Next;
MAX_DEPTH--;
}
}
return true;
}
// TitanEngine.Threader.functions:
__declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId)
{
bool updateList = false;
DWORD dwProcessId = 0;
if(ProcessId == NULL && dbgProcessInformation.hProcess != NULL)
{
updateList = true;
dwProcessId = GetProcessId(dbgProcessInformation.hProcess);
}
else if(ProcessId != NULL && dbgProcessInformation.hProcess != NULL)
{
updateList = true;
dwProcessId = ProcessId;
}
else if(ProcessId != NULL && dbgProcessInformation.hProcess == NULL)
{
updateList = false;
dwProcessId = ProcessId;
}
else if(ProcessId == NULL && dbgProcessInformation.hProcess == NULL)
{
return false;
}
if(updateList == false)
{
std::vector<THREAD_ITEM_DATA>().swap(hListThread); //clear thread list
}
THREAD_ITEM_DATA NewThreadData;
ULONG retLength = 0;
ULONG bufferLength = 1;
PSYSTEM_PROCESS_INFORMATION pBuffer = (PSYSTEM_PROCESS_INFORMATION)malloc(bufferLength);
PSYSTEM_PROCESS_INFORMATION pIter;
PSYSTEM_THREAD_INFORMATION pIterThread;
if(NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) == STATUS_INFO_LENGTH_MISMATCH)
{
free(pBuffer);
bufferLength = retLength + sizeof(SYSTEM_PROCESS_INFORMATION);
pBuffer = (PSYSTEM_PROCESS_INFORMATION)malloc(bufferLength);
if(!pBuffer)
return false;
if(NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) != STATUS_SUCCESS)
{
return false;
}
}
else
{
return false;
}
pIter = pBuffer;
while(TRUE)
{
if(pIter->UniqueProcessId == (HANDLE)dwProcessId)
{
pIterThread = &pIter->Threads[0];
for(ULONG i = 0; i < pIter->NumberOfThreads; i++)
{
ZeroMemory(&NewThreadData, sizeof(THREAD_ITEM_DATA));
NewThreadData.BasePriority = pIterThread->BasePriority;
NewThreadData.ContextSwitches = pIterThread->ContextSwitches;
NewThreadData.Priority = pIterThread->Priority;
NewThreadData.BasePriority = pIterThread->BasePriority;
//NewThreadData.ThreadStartAddress = pIterThread->StartAddress; <- wrong value
NewThreadData.ThreadState = pIterThread->ThreadState;
NewThreadData.WaitReason = pIterThread->WaitReason;
NewThreadData.WaitTime = pIterThread->WaitTime;
NewThreadData.dwThreadId = (DWORD)pIterThread->ClientId.UniqueThread;
NewThreadData.hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, NewThreadData.dwThreadId);
if(NewThreadData.hThread)
{
NewThreadData.TebAddress = GetTEBLocation(NewThreadData.hThread);
PVOID startAddress = 0;
if(NtQueryInformationThread(NewThreadData.hThread, ThreadQuerySetWin32StartAddress, &startAddress, sizeof(PVOID), NULL) == STATUS_SUCCESS)
{
NewThreadData.ThreadStartAddress = startAddress;
}
}
if(updateList == false)
{
hListThread.push_back(NewThreadData);
}
else
{
updateThreadList(&NewThreadData);
}
pIterThread++;
}
break;
}
if(pIter->NextEntryOffset == 0)
{
break;
}
else
{
pIter = (PSYSTEM_PROCESS_INFORMATION)((DWORD_PTR)pIter + (DWORD_PTR)pIter->NextEntryOffset);
}
}
free(pBuffer);
return (hListThread.size() > 0);
}
