break control is the handler for CTRL+C and CTRL+BREAK Signals More...

#include "pch.h"

Functions
BOOL	BreakController (DWORD CtrlType)
	handle CTRL+C and CTRL+Break events

Variables
BOOLEAN	g_BreakPrintingOutput
	Shows whether the pause command or CTRL+C or CTRL+Break is executed or not.

BOOLEAN	g_IsDebuggerModulesLoaded
	this variable is used to indicate that modules are loaded so we make sure to later use a trace of loading in 'unload' command (used in Debugger VMM)

BOOLEAN	g_AutoUnpause
	Whether auto-unpause mode is enabled or not enabled.

BOOLEAN	g_IsConnectedToRemoteDebuggee
	Shows whether the current debugger is the host and connected to a remote debuggee (guest)

BOOLEAN	g_IsSerialConnectedToRemoteDebuggee
	Shows if the debugger was connected to remote debuggee over (A remote guest)

BOOLEAN	g_IsExecutingSymbolLoadingRoutines
	Executing symbol reloading or downloading routines.

BOOLEAN	g_IsInstrumentingInstructions
	Shows whether the user is running 't', 'p', or 'i' command.

BOOLEAN	g_IgnorePauseRequests
	Show whether the pause request (CTRL+C or CTRL+BREAK) should be ignored or not.

ACTIVE_DEBUGGING_PROCESS	g_ActiveProcessDebuggingState
	State of active debugging thread.

Detailed Description

break control is the handler for CTRL+C and CTRL+BREAK Signals

Author: Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Version: 0.1

Date: 2020-07-24

Copyright: This project is released under the GNU Public License v3.

Function Documentation

◆ BreakController()

BOOL BreakController ( DWORD CtrlType )

handle CTRL+C and CTRL+Break events

Parameters

CtrlType

Returns: BOOL

{
    switch (CtrlType)
    {
        //
        // Handle the CTRL + C & CTRL + Break signal
        //
    case CTRL_BREAK_EVENT:
    case CTRL_C_EVENT:
 
        //
        // check if we should ignore the break requests or not
        //
        if (g_IgnorePauseRequests)
        {
            return TRUE;
        }
 
        //
        // Check for aborting symbol loading routines
        //
        if (g_IsExecutingSymbolLoadingRoutines)
        {
            //
            // Avoid to calling it again
            //
            g_IsExecutingSymbolLoadingRoutines = FALSE;
 
            //
            // Abort the execution
            //
            ScriptEngineSymbolAbortLoadingWrapper();
        }
 
        //
        // Check if the debuggee is running because of pausing or not
        //
        if (g_IsSerialConnectedToRemoteDebuggee)
        {
            if (g_IsInstrumentingInstructions)
            {
                g_IsInstrumentingInstructions = FALSE;
            }
            else
            {
                KdBreakControlCheckAndPauseDebugger();
            }
        }
        else if (!g_IsDebuggerModulesLoaded && !g_IsConnectedToRemoteDebuggee)
        {
            //
            // vmm module is not loaded here
            //
        }
        else
        {
            if (g_IsInstrumentingInstructions)
            {
                g_IsInstrumentingInstructions = FALSE;
            }
            else
            {
                //
                // Sleep because the other thread that shows must be stopped
                //
                g_BreakPrintingOutput = TRUE;
 
                //
                // Check if its a remote debuggee then we should send the 'pause' command
                //
                if (g_IsConnectedToRemoteDebuggee)
                {
                    RemoteConnectionSendCommand("pause", (UINT32)strlen("pause") + 1);
                }
 
                Sleep(300);
 
                //
                // It is because we didn't query the target debuggee auto-unpause variable
                //
                if (!g_IsConnectedToRemoteDebuggee)
                {
                    if (g_AutoUnpause)
                    {
                        ShowMessages(
                            "\npausing...\nauto-unpause mode is enabled, "
                            "debugger will automatically continue when you run a new "
                            "event command, if you want to change this behaviour then "
                            "run run 'settings autounpause off'\n\n");
                    }
                    else
                    {
                        ShowMessages(
                            "\npausing...\nauto-unpause mode is disabled, you "
                            "should run 'g' when you want to continue, otherwise run "
                            "'settings "
                            "autounpause on'\n\n");
                    }
 
                    //
                    // Show the signature of HyperDbg
                    //
                    HyperDbgShowSignature();
 
                    if (g_ActiveProcessDebuggingState.IsActive)
                    {
                        UdPauseProcess(g_ActiveProcessDebuggingState.ProcessDebuggingToken);
                    }
                }
            }
        }
 
        return TRUE;
 
        //
        // CTRL+CLOSE: confirm that the user wants to exit.
        //
    case CTRL_CLOSE_EVENT:
        return TRUE;
 
    case CTRL_LOGOFF_EVENT:
        return FALSE;
 
    case CTRL_SHUTDOWN_EVENT:
        return FALSE;
 
    default:
 
        //
        // Return TRUE if handled this message, further handler functions won't be
        // called.
        // Return FALSE to pass this message to further handlers until default
        // handler calls ExitProcess().
        //
        return FALSE;
    }
}

Variable Documentation

◆ g_ActiveProcessDebuggingState

ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState

extern

State of active debugging thread.

362{0};

◆ g_AutoUnpause

BOOLEAN g_AutoUnpause

extern

Whether auto-unpause mode is enabled or not enabled.

it is enabled by default

◆ g_BreakPrintingOutput

BOOLEAN g_BreakPrintingOutput

extern

Shows whether the pause command or CTRL+C or CTRL+Break is executed or not.

◆ g_IgnorePauseRequests

BOOLEAN g_IgnorePauseRequests

extern

Show whether the pause request (CTRL+C or CTRL+BREAK) should be ignored or not.

◆ g_IsConnectedToRemoteDebuggee

BOOLEAN g_IsConnectedToRemoteDebuggee

extern

Shows whether the current debugger is the host and connected to a remote debuggee (guest)

◆ g_IsDebuggerModulesLoaded

BOOLEAN g_IsDebuggerModulesLoaded

extern

this variable is used to indicate that modules are loaded so we make sure to later use a trace of loading in 'unload' command (used in Debugger VMM)

◆ g_IsExecutingSymbolLoadingRoutines

BOOLEAN g_IsExecutingSymbolLoadingRoutines

extern

Executing symbol reloading or downloading routines.

◆ g_IsInstrumentingInstructions

BOOLEAN g_IsInstrumentingInstructions

extern

Shows whether the user is running 't', 'p', or 'i' command.

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee

extern

Shows if the debugger was connected to remote debuggee over (A remote guest)

Functions

Variables

Detailed Description

Function Documentation

◆ BreakController()

Variable Documentation

◆ g_ActiveProcessDebuggingState

◆ g_AutoUnpause

◆ g_BreakPrintingOutput

◆ g_IgnorePauseRequests

◆ g_IsConnectedToRemoteDebuggee

◆ g_IsDebuggerModulesLoaded

◆ g_IsExecutingSymbolLoadingRoutines

◆ g_IsInstrumentingInstructions

◆ g_IsSerialConnectedToRemoteDebuggee