HyperDbg Debugger
Loading...
Searching...
No Matches
Functions | Variables
sym.cpp File Reference

.sym command More...

#include "pch.h"

Functions

VOID CommandSymHelp ()
 help of the .sym command
 
VOID CommandSym (vector< string > SplitCommand, string Command)
 .sym command handler
 

Variables

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest)
 
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
 State of active debugging thread.
 

Detailed Description

.sym command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2021-05-27
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ CommandSym()

VOID CommandSym ( vector< string > SplitCommand,
string Command )

.sym command handler

Parameters
SplitCommand
Command
Returns
VOID
56{
57 UINT64 BaseAddress = NULL;
58 UINT32 UserProcessId = NULL;
59
60 if (SplitCommand.size() == 1)
61 {
62 ShowMessages("incorrect use of the '.sym'\n\n");
63 CommandSymHelp();
64 return;
65 }
66
67 if (!SplitCommand.at(1).compare("table"))
68 {
69 //
70 // Validate params
71 //
72 if (SplitCommand.size() != 2)
73 {
74 ShowMessages("incorrect use of the '.sym'\n\n");
75 CommandSymHelp();
76 return;
77 }
78
79 //
80 // Show symbol table
81 //
82 SymbolBuildAndShowSymbolTable();
83 }
84 else if (!SplitCommand.at(1).compare("load") || !SplitCommand.at(1).compare("download"))
85 {
86 //
87 // Validate params
88 //
89 if (SplitCommand.size() != 2)
90 {
91 ShowMessages("incorrect use of the '.sym'\n\n");
92 CommandSymHelp();
93 return;
94 }
95
96 //
97 // Load and download available symbols
98 //
99 if (!SplitCommand.at(1).compare("load"))
100 {
101 SymbolLoadOrDownloadSymbols(FALSE, FALSE);
102 }
103 else if (!SplitCommand.at(1).compare("download"))
104 {
105 SymbolLoadOrDownloadSymbols(TRUE, FALSE);
106 }
107 }
108 else if (!SplitCommand.at(1).compare("reload"))
109 {
110 //
111 // Validate params
112 //
113 if (SplitCommand.size() != 2 && SplitCommand.size() != 4)
114 {
115 ShowMessages("incorrect use of the '.sym'\n\n");
116 CommandSymHelp();
117 return;
118 }
119
120 //
121 // Check for process id
122 //
123 if (SplitCommand.size() == 4)
124 {
125 if (!SplitCommand.at(2).compare("pid"))
126 {
127 if (!ConvertStringToUInt32(SplitCommand.at(3), &UserProcessId))
128 {
129 //
130 // couldn't resolve or unknown parameter
131 //
132 ShowMessages("err, couldn't resolve error at '%s'\n\n",
133 SplitCommand.at(3).c_str());
134 CommandSymHelp();
135 return;
136 }
137 }
138 else
139 {
140 ShowMessages("incorrect use of the '.sym'\n\n");
141 CommandSymHelp();
142 return;
143 }
144 }
145
146 //
147 // Refresh and reload symbols
148 //
149 if (g_IsSerialConnectedToRemoteDebuggee)
150 {
151 //
152 // Update symbol table from remote debuggee in debugger-mode
153 //
154 SymbolReloadSymbolTableInDebuggerMode(UserProcessId);
155 }
156 else
157 {
158 //
159 // Check if user explicitly specified the process id
160 //
161 if (UserProcessId == NULL)
162 {
163 //
164 // User didn't explicitly specified the process id, so
165 // if it's a user-debugger process, we use the modules
166 // of the target user-debuggee's process, otherwise,
167 // the current process (HyperDbg's process) is specified
168 //
169 if (g_ActiveProcessDebuggingState.IsActive)
170 {
171 UserProcessId = g_ActiveProcessDebuggingState.ProcessId;
172 }
173 else
174 {
175 UserProcessId = GetCurrentProcessId();
176 }
177 }
178
179 //
180 // Build locally and reload it
181 //
182 if (SymbolLocalReload(UserProcessId))
183 {
184 ShowMessages("symbol table updated successfully\n");
185 }
186 }
187 }
188 else if (!SplitCommand.at(1).compare("unload"))
189 {
190 //
191 // Validate params
192 //
193 if (SplitCommand.size() != 2)
194 {
195 ShowMessages("incorrect use of the '.sym'\n\n");
196 CommandSymHelp();
197 return;
198 }
199
200 //
201 // unload without any parameters, means that unload
202 // all the symbols
203 //
204 ScriptEngineUnloadAllSymbolsWrapper();
205
206 //
207 // Size is 3 there is module name (not working ! I don't know why)
208 //
209 // ScriptEngineUnloadModuleSymbolWrapper((char *)SplitCommand.at(2).c_str());
210 }
211 else if (!SplitCommand.at(1).compare("add"))
212 {
213 //
214 // Validate params
215 //
216 if (SplitCommand.size() < 6)
217 {
218 ShowMessages("incorrect use of the '.sym'\n\n");
219 CommandSymHelp();
220 return;
221 }
222
223 if (!SplitCommand.at(2).compare("base"))
224 {
225 string Delimiter = "";
226 string PathToPdb = "";
227 if (!ConvertStringToUInt64(SplitCommand.at(3), &BaseAddress))
228 {
229 ShowMessages("please add a valid hex address to be used as the base address\n\n");
230 CommandSymHelp();
231 return;
232 }
233
234 //
235 // Base address is now valid, check if next parameter is path
236 //
237 if (SplitCommand.at(4).compare("path"))
238 {
239 ShowMessages("incorrect use of the '.sym'\n\n");
240 CommandSymHelp();
241 return;
242 }
243
244 //
245 // The rest of command is pdb path
246 //
247 Delimiter = "path ";
248 PathToPdb = Command.substr(Command.find(Delimiter) + 5, Command.size());
249
250 //
251 // Check if pdb file exists or not
252 //
253 if (!IsFileExistA(PathToPdb.c_str()))
254 {
255 ShowMessages("pdb file not found\n");
256 return;
257 }
258
259 ShowMessages("loading module symbol at '%s'\n", PathToPdb.c_str());
260
261 //
262 // Load the pdb file (the validation of pdb file is checked into pdb
263 // parsing functions)
264 //
265 ScriptEngineLoadFileSymbolWrapper(BaseAddress, PathToPdb.c_str(), NULL);
266 }
267 else
268 {
269 ShowMessages("incorrect use of the '.sym'\n\n");
270 CommandSymHelp();
271 return;
272 }
273 }
274 else
275 {
276 ShowMessages("unknown parameter at '%s'\n\n", SplitCommand.at(1).c_str());
277 CommandSymHelp();
278 return;
279 }
280}
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
ConvertStringToUInt64
BOOLEAN ConvertStringToUInt64(string TextToConvert, PUINT64 Result)
check and convert string to a 64 bit unsigned integer and also check for special notations like 0x,...
Definition common.cpp:240
ConvertStringToUInt32
BOOLEAN ConvertStringToUInt32(string TextToConvert, PUINT32 Result)
check and convert string to a 32 bit unsigned it and also check for special notations like 0x etc.
Definition common.cpp:347
IsFileExistA
BOOLEAN IsFileExistA(const char *FileName)
check if a file exist or not (ASCII)
Definition common.cpp:619
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96
test-case-generator.NULL
NULL()
Definition test-case-generator.py:530
ScriptEngineUnloadAllSymbolsWrapper
UINT32 ScriptEngineUnloadAllSymbolsWrapper()
ScriptEngineUnloadAllSymbols wrapper.
Definition script-engine-wrapper.cpp:91
ScriptEngineLoadFileSymbolWrapper
UINT32 ScriptEngineLoadFileSymbolWrapper(UINT64 BaseAddress, const char *PdbFileName, const char *CustomModuleName)
ScriptEngineLoadFileSymbol wrapper.
Definition script-engine-wrapper.cpp:67
_ACTIVE_DEBUGGING_PROCESS::ProcessId
UINT32 ProcessId
Definition ud.h:51
_ACTIVE_DEBUGGING_PROCESS::IsActive
BOOLEAN IsActive
Definition ud.h:49
CommandSymHelp
VOID CommandSymHelp()
help of the .sym command
Definition sym.cpp:26
g_IsSerialConnectedToRemoteDebuggee
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest)
Definition globals.h:231
g_ActiveProcessDebuggingState
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
State of active debugging thread.
Definition globals.h:362
SymbolLoadOrDownloadSymbols
BOOLEAN SymbolLoadOrDownloadSymbols(BOOLEAN IsDownload, BOOLEAN SilentLoad)
Load or download symbols.
Definition symbol.cpp:299
SymbolReloadSymbolTableInDebuggerMode
BOOLEAN SymbolReloadSymbolTableInDebuggerMode(UINT32 ProcessId)
Update the symbol table from remote debuggee in debugger mode.
Definition symbol.cpp:1004
SymbolLocalReload
BOOLEAN SymbolLocalReload(UINT32 UserProcessId)
Locally reload the symbol table.
Definition symbol.cpp:50
SymbolBuildAndShowSymbolTable
VOID SymbolBuildAndShowSymbolTable()
Build and show symbol table details.
Definition symbol.cpp:264

◆ CommandSymHelp()

VOID CommandSymHelp ( )

help of the .sym command

Returns
VOID
27{
28 ShowMessages(".sym : performs the symbol actions.\n\n");
29
30 ShowMessages("syntax : \t.sym [table]\n");
31 ShowMessages("syntax : \t.sym [reload] [pid ProcessId (hex)]\n");
32 ShowMessages("syntax : \t.sym [download]\n");
33 ShowMessages("syntax : \t.sym [load]\n");
34 ShowMessages("syntax : \t.sym [unload]\n");
35 ShowMessages("syntax : \t.sym [add] [base Address (hex)] [path Path (string)]\n");
36
37 ShowMessages("\n");
38 ShowMessages("\t\te.g : .sym table\n");
39 ShowMessages("\t\te.g : .sym reload\n");
40 ShowMessages("\t\te.g : .sym reload pid 3a24\n");
41 ShowMessages("\t\te.g : .sym load\n");
42 ShowMessages("\t\te.g : .sym download\n");
43 ShowMessages("\t\te.g : .sym add base fffff8077356000 path c:\\symbols\\my_dll.pdb\n");
44 ShowMessages("\t\te.g : .sym unload\n");
45}

Variable Documentation

◆ g_ActiveProcessDebuggingState

ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
extern

State of active debugging thread.

362{0};

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest)