attach.cpp File Reference

.attach command More...

#include "pch.h"

Functions
VOID	CommandAttachHelp ()
	help of the .attach command
VOID	CommandAttach (vector< string > SplitCommand, string Command)
	.attach command handler

Variables
BOOLEAN	g_IsSerialConnectedToRemoteDebuggee
	Shows if the debugger was connected to remote debuggee over (A remote guest)
BOOLEAN	g_IsSerialConnectedToRemoteDebugger
	Shows if the debugger was connected to remote debugger (A remote host)

Detailed Description

.attach command

Author

Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Version

0.1

Date

2020-08-27

Copyright

This project is released under the GNU Public License v3.

Function Documentation

CommandAttach()

VOID CommandAttach	(	vector< string >	SplitCommand,
		string	Command )

.attach command handler

Parameters

SplitCommand
Command

Returns

VOID

{
    UINT32  TargetPid = 0;
    BOOLEAN NextIsPid = FALSE;
 
    //
    // Disable user-mode debugger in this version
    //
#if ActivateUserModeDebugger == FALSE
 
    if (!g_IsSerialConnectedToRemoteDebugger)
    {
        ShowMessages("the user-mode debugger in VMI Mode is still in the beta version and not stable. "
                     "we decided to exclude it from this release and release it in future versions. "
                     "if you want to test the user-mode debugger in VMI Mode, you should build "
                     "HyperDbg with special instructions. But attaching/switching to other processes\n"
                     "are fully supported in the Debugger Mode.\n"
                     "(it's not recommended to use it in VMI Mode yet!)\n");
        return;
    }
 
#endif // !ActivateUserModeDebugger
 
    //
    // It's a attach to a target PID
    //
    if (SplitCommand.size() >= 4)
    {
        ShowMessages("incorrect use of the '.attach'\n\n");
        CommandAttachHelp();
        return;
    }
 
    //
    // .attach and .detach commands are only supported in VMI Mode
    //
    if (g_IsSerialConnectedToRemoteDebuggee)
    {
        ShowMessages("err, '.attach', and '.detach' commands are only usable "
                     "in VMI Mode, you can use the '.process', or the '.thread' "
                     "in Debugger Mode\n");
        return;
    }
 
    for (auto item : SplitCommand)
    {
        //
        // Find out whether the user enters pid or not
        //
        if (NextIsPid)
        {
            NextIsPid = FALSE;
 
            if (!ConvertStringToUInt32(item, &TargetPid))
            {
                ShowMessages("please specify a correct hex value for process id\n\n");
                CommandAttachHelp();
                return;
            }
        }
        else if (!item.compare("pid"))
        {
            //
            // next item is a pid for the process
            //
            NextIsPid = TRUE;
        }
    }
 
    //
    // Check if the process id is empty or not
    //
    if (TargetPid == 0)
    {
        ShowMessages("please specify a hex value for process id\n\n");
        CommandAttachHelp();
        return;
    }
 
    //
    // Perform attach to target process
    //
    UdAttachToProcess(TargetPid, NULL, NULL, FALSE);
}

CommandAttachHelp()

VOID CommandAttachHelp

(

)

help of the .attach command

Returns

VOID

{
    ShowMessages(".attach : attaches to debug a thread in VMI Mode.\n\n");
 
    ShowMessages("syntax : \t.attach [pid ProcessId (hex)]\n");
 
    ShowMessages("\n");
    ShowMessages("\t\te.g : .attach pid b60 \n");
}

Variable Documentation

g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee

extern

Shows if the debugger was connected to remote debuggee over (A remote guest)

g_IsSerialConnectedToRemoteDebugger

BOOLEAN g_IsSerialConnectedToRemoteDebugger

extern

Shows if the debugger was connected to remote debugger (A remote host)