HyperDbg Debugger
Loading...
Searching...
No Matches
start.cpp File Reference

.start command More...

#include "pch.h"

Functions

VOID CommandStartHelp ()
 help of the .start command
VOID CommandStart (vector< CommandToken > CommandTokens, string Command)
 .start command handler

Variables

std::wstring g_StartCommandPath
 the start path used in .start command
std::wstring g_StartCommandPathAndArguments
 the start arguments used in .start command
BOOLEAN g_IsSerialConnectedToRemoteDebugger
 Shows if the debugger was connected to remote debugger (A remote host).

Detailed Description

.start command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2022-01-06

Function Documentation

◆ CommandStart()

VOID CommandStart ( vector< CommandToken > CommandTokens,
string Command )

.start command handler

Parameters
CommandTokens
Command
Returns
VOID
48{
49 vector<string> PathAndArgs;
50 string Arguments = "";
51 BOOLEAN IsFirstCommand = FALSE;
52 BOOLEAN PathIgnored = FALSE;
53 BOOLEAN IsNextPath = FALSE;
54
55 if (CommandTokens.size() <= 2)
56 {
57 ShowMessages("incorrect use of the '%s'\n\n",
58 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
60 return;
61 }
62
63//
64// Disable user-mode debugger in this version
65//
66#if ActivateUserModeDebugger == FALSE
67
69 {
70 ShowMessages("the user-mode debugger in VMI Mode is still in the beta version and not stable. "
71 "we decided to exclude it from this release and release it in future versions. "
72 "if you want to test the user-mode debugger in VMI Mode, you should build "
73 "HyperDbg with special instructions. But starting processes is fully supported "
74 "in the Debugger Mode.\n"
75 "(it's not recommended to use it in VMI Mode yet!)\n");
76 return;
77 }
78
79#endif // !ActivateUserModeDebugger
80
81 //
82 // Check if the first token is 'path'
83 //
84 if (!CompareLowerCaseStrings(CommandTokens.at(1), "path"))
85 {
86 ShowMessages("err, couldn't resolve error at '%s'\n\n",
87 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(1)).c_str());
89 return;
90 }
91
92 //
93 // *** It's a run of target PE file ***
94 //
95
96 for (auto Section : CommandTokens)
97 {
98 //
99 // Skip first two parameters
100 //
101 if (!IsFirstCommand)
102 {
103 IsFirstCommand = TRUE;
104 continue;
105 }
106
107 //
108 // Skip the path
109 //
110 if (!PathIgnored)
111 {
112 PathIgnored = TRUE;
113 IsNextPath = TRUE;
114 continue;
115 }
116
117 //
118 // Check if the next token is the actual path
119 //
120 if (IsNextPath)
121 {
122 IsNextPath = FALSE;
123
124 //
125 // Convert path to wstring
126 //
128
129 continue;
130 }
131
132 //
133 // Append the arguments and check if arguments contain spaces then add quotes
134 //
135 if (GetCaseSensitiveStringFromCommandToken(Section).find(' ') != std::string::npos)
136 {
137 Arguments += "\"" + GetCaseSensitiveStringFromCommandToken(Section) + "\" ";
138 }
139 else
140 {
141 Arguments += GetCaseSensitiveStringFromCommandToken(Section) + " ";
142 }
143 }
144
145 //
146 // Perform run of the target file
147 //
148 if (Arguments.empty())
149 {
150 //
151 // TEMPORARY LINUX SHIM (same as in pe.cpp/dump.cpp): the path is a
152 // std::wstring of native wchar_t (4 bytes on Linux), but UdAttachToProcess
153 // takes a 2-byte HyperDbg WCHAR * (UINT16). The cast is a bogus 2-byte
154 // reinterpretation on Linux, acceptable only because the user-debugger
155 // path is still stubbed there. On Windows WCHAR == wchar_t, so it is a
156 // plain correct pointer. TODO(Linux): convert wchar_t -> 2-byte WCHAR
157 // properly once the Linux user-debugger path is real.
158 //
160 (WCHAR *)g_StartCommandPath.c_str(),
161 NULL,
162 FALSE);
163 }
164 else
165 {
166 //
167 // Remove the last space
168 //
169 Arguments.pop_back();
170
171 //
172 // Convert arguments to wstring if it's not empty
173 //
175
176 //
177 // TEMPORARY LINUX SHIM (same as in pe.cpp/dump.cpp): the path/arguments
178 // are std::wstring of native wchar_t (4 bytes on Linux), but
179 // UdAttachToProcess takes 2-byte HyperDbg WCHAR * (UINT16). The casts are
180 // a bogus 2-byte reinterpretation on Linux, acceptable only because the
181 // user-debugger path is still stubbed there. On Windows WCHAR == wchar_t,
182 // so they are plain correct pointers. TODO(Linux): convert wchar_t ->
183 // 2-byte WCHAR properly once the Linux user-debugger path is real.
184 //
186 (WCHAR *)g_StartCommandPath.c_str(),
187 (WCHAR *)g_StartCommandPathAndArguments.c_str(),
188 FALSE);
189 }
190}
UCHAR BOOLEAN
Definition BasicTypes.h:35
#define TRUE
Definition BasicTypes.h:114
#define FALSE
Definition BasicTypes.h:113
std::string GetCaseSensitiveStringFromCommandToken(CommandToken TargetToken)
Get case sensitive string from command token.
Definition common.cpp:467
VOID StringToWString(std::wstring &ws, const std::string &s)
convert std::string to std::wstring
Definition common.cpp:850
BOOLEAN CompareLowerCaseStrings(CommandToken TargetToken, const CHAR *StringToCompare)
Compare lower case strings.
Definition common.cpp:503
BOOLEAN g_IsSerialConnectedToRemoteDebugger
Shows if the debugger was connected to remote debugger (A remote host).
Definition rev.cpp:18
std::wstring g_StartCommandPathAndArguments
the start arguments used in .start command
Definition globals.h:663
std::wstring g_StartCommandPath
the start path used in .start command
Definition globals.h:657
VOID CommandStartHelp()
help of the .start command
Definition start.cpp:27
BOOLEAN UdAttachToProcess(UINT32 TargetPid, const WCHAR *TargetFileAddress, const WCHAR *CommandLine, BOOLEAN RunCallbackAtTheFirstInstruction)
Attach to target process.
Definition ud.cpp:372

◆ CommandStartHelp()

VOID CommandStartHelp ( )

help of the .start command

Returns
VOID
28{
29 ShowMessages(".start : runs a user-mode process.\n\n");
30
31 ShowMessages("syntax : \t.start [path Path (string)] [Parameters (string)]\n");
32
33 ShowMessages("\n");
34 ShowMessages("\t\te.g : .start path c:\\reverse_eng\\my_file.exe\n");
35 ShowMessages("\t\te.g : .start path \"c:\\reverse eng\\my_file.exe\"\n");
36 ShowMessages("\t\te.g : .start path \"c:\\reverse eng\\my_file.exe\" \"arg1\" 2 \"arg 3\"\n");
37}

Variable Documentation

◆ g_IsSerialConnectedToRemoteDebugger

BOOLEAN g_IsSerialConnectedToRemoteDebugger
extern

Shows if the debugger was connected to remote debugger (A remote host).

◆ g_StartCommandPath

std::wstring g_StartCommandPath
extern

the start path used in .start command

◆ g_StartCommandPathAndArguments

std::wstring g_StartCommandPathAndArguments
extern

the start arguments used in .start command