HyperDbg Debugger
Loading...
Searching...
No Matches
sym.cpp File Reference

.sym command More...

#include "pch.h"

Functions

VOID CommandSymHelp ()
 help of the .sym command
VOID CommandSym (vector< CommandToken > CommandTokens, string Command)
 .sym command handler

Variables

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest).
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
 State of active debugging thread.

Detailed Description

.sym command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2021-05-27

Function Documentation

◆ CommandSym()

VOID CommandSym ( vector< CommandToken > CommandTokens,
string Command )

.sym command handler

Parameters
CommandTokens
Command
Returns
VOID
57{
58 UINT64 BaseAddress = NULL;
59 UINT32 UserProcessId = NULL;
60 string PathToPdb;
61
62 if (CommandTokens.size() == 1)
63 {
64 ShowMessages("incorrect use of the '%s'\n\n",
65 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
67 return;
68 }
69
70 if (CompareLowerCaseStrings(CommandTokens.at(1), "table"))
71 {
72 //
73 // Validate params
74 //
75 if (CommandTokens.size() != 2)
76 {
77 ShowMessages("incorrect use of the '%s'\n\n",
78 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
80 return;
81 }
82
83 //
84 // Show symbol table
85 //
87 }
88 else if (CompareLowerCaseStrings(CommandTokens.at(1), "load") || CompareLowerCaseStrings(CommandTokens.at(1), "download"))
89 {
90 //
91 // Validate params
92 //
93 if (CommandTokens.size() != 2)
94 {
95 ShowMessages("incorrect use of the '%s'\n\n",
96 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
98 return;
99 }
100
101 //
102 // Load and download available symbols
103 //
104 if (CompareLowerCaseStrings(CommandTokens.at(1), "load"))
105 {
107 }
108 else if (CompareLowerCaseStrings(CommandTokens.at(1), "download"))
109 {
111 }
112 }
113 else if (CompareLowerCaseStrings(CommandTokens.at(1), "reload"))
114 {
115 //
116 // Validate params
117 //
118 if (CommandTokens.size() != 2 && CommandTokens.size() != 4)
119 {
120 ShowMessages("incorrect use of the '%s'\n\n",
121 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
123 return;
124 }
125
126 //
127 // Check for process id
128 //
129 if (CommandTokens.size() == 4)
130 {
131 if (CompareLowerCaseStrings(CommandTokens.at(2), "pid"))
132 {
133 if (!ConvertTokenToUInt32(CommandTokens.at(3), &UserProcessId))
134 {
135 //
136 // couldn't resolve or unknown parameter
137 //
138 ShowMessages("err, couldn't resolve error at '%s'\n\n",
139 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(3)).c_str());
141 return;
142 }
143 }
144 else
145 {
146 ShowMessages("incorrect use of the '%s'\n\n",
147 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
149 return;
150 }
151 }
152
153 //
154 // Refresh and reload symbols
155 //
157 {
158 //
159 // Update symbol table from remote debuggee in debugger-mode
160 //
162 }
163 else
164 {
165 //
166 // Check if user explicitly specified the process id
167 //
168 if (UserProcessId == NULL)
169 {
170 //
171 // User didn't explicitly specified the process id, so
172 // if it's a user-debugger process, we use the modules
173 // of the target user-debuggee's process, otherwise,
174 // the current process (HyperDbg's process) is specified
175 //
177 {
178 UserProcessId = g_ActiveProcessDebuggingState.ProcessId;
179 }
180 else
181 {
182 UserProcessId = GetCurrentProcessId();
183 }
184 }
185
186 //
187 // Build locally and reload it
188 //
189 if (SymbolLocalReload(UserProcessId))
190 {
191 ShowMessages("symbol table updated successfully\n");
192 }
193 }
194 }
195 else if (CompareLowerCaseStrings(CommandTokens.at(1), "unload"))
196 {
197 //
198 // Validate params
199 //
200 if (CommandTokens.size() != 2)
201 {
202 ShowMessages("incorrect use of the '%s'\n\n",
203 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
205 return;
206 }
207
208 //
209 // unload without any parameters, means that unload
210 // all the symbols
211 //
213
214 //
215 // Size is 3 there is module name (not working ! I don't know why)
216 //
217 // ScriptEngineUnloadModuleSymbolWrapper((char *)SplitCommand.at(2).c_str());
218 }
219 else if (CompareLowerCaseStrings(CommandTokens.at(1), "add"))
220 {
221 //
222 // Validate params
223 //
224 if (CommandTokens.size() < 6)
225 {
226 ShowMessages("incorrect use of the '%s'\n\n",
227 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
229 return;
230 }
231
232 if (CompareLowerCaseStrings(CommandTokens.at(2), "base"))
233 {
234 if (!ConvertTokenToUInt64(CommandTokens.at(3), &BaseAddress))
235 {
236 ShowMessages("please add a valid hex address to be used as the base address\n\n");
238 return;
239 }
240
241 //
242 // Base address is now valid, check if next parameter is path
243 //
244 if (!CompareLowerCaseStrings(CommandTokens.at(4), "path"))
245 {
246 ShowMessages("incorrect use of the '%s'\n\n",
247 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
249 return;
250 }
251
252 //
253 // The rest of command is pdb path
254 //
255 PathToPdb = GetCaseSensitiveStringFromCommandToken(CommandTokens.at(5));
256
257 //
258 // Check if pdb file exists or not
259 //
260 if (!IsFileExistA(PathToPdb.c_str()))
261 {
262 ShowMessages("pdb file not found\n");
263 return;
264 }
265
266 ShowMessages("loading module symbol at '%s'\n", PathToPdb.c_str());
267
268 //
269 // Load the pdb file (the validation of pdb file is checked into pdb
270 // parsing functions)
271 //
272 ScriptEngineLoadFileSymbolWrapper(BaseAddress, PathToPdb.c_str(), NULL);
273 }
274 else
275 {
276 ShowMessages("incorrect use of the '%s'\n\n",
277 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
279 return;
280 }
281 }
282 else
283 {
284 ShowMessages("unknown parameter at '%s'\n\n",
285 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(1)).c_str());
287 return;
288 }
289}
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest).
Definition globals.h:253
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
State of active debugging thread.
Definition globals.h:372
#define TRUE
Definition BasicTypes.h:114
#define FALSE
Definition BasicTypes.h:113
unsigned int UINT32
Definition BasicTypes.h:54
std::string GetCaseSensitiveStringFromCommandToken(CommandToken TargetToken)
Get case sensitive string from command token.
Definition common.cpp:467
BOOLEAN CompareLowerCaseStrings(CommandToken TargetToken, const CHAR *StringToCompare)
Compare lower case strings.
Definition common.cpp:503
BOOLEAN ConvertTokenToUInt64(CommandToken TargetToken, PUINT64 Result)
add ` between 64 bit values and convert them to string
Definition common.cpp:447
BOOLEAN ConvertTokenToUInt32(CommandToken TargetToken, PUINT32 Result)
check and convert command token to a 32 bit unsigned integer
Definition common.cpp:546
BOOLEAN IsFileExistA(const CHAR *FileName)
check if a file exist or not (ASCII)
Definition common.cpp:740
NULL()
Definition test-case-generator.py:530
UINT32 ScriptEngineLoadFileSymbolWrapper(UINT64 BaseAddress, const CHAR *PdbFileName, const CHAR *CustomModuleName)
ScriptEngineLoadFileSymbol wrapper.
Definition script-engine-wrapper.cpp:68
UINT32 ScriptEngineUnloadAllSymbolsWrapper()
ScriptEngineUnloadAllSymbols wrapper.
Definition script-engine-wrapper.cpp:92
VOID CommandSymHelp()
help of the .sym command
Definition sym.cpp:26
BOOLEAN SymbolLoadOrDownloadSymbols(BOOLEAN IsDownload, BOOLEAN SilentLoad)
Load or download symbols.
Definition symbol.cpp:298
BOOLEAN SymbolReloadSymbolTableInDebuggerMode(UINT32 ProcessId)
Update the symbol table from remote debuggee in debugger mode.
Definition symbol.cpp:1274
BOOLEAN SymbolLocalReload(UINT32 UserProcessId)
Locally reload the symbol table.
Definition symbol.cpp:49
VOID SymbolBuildAndShowSymbolTable()
Build and show symbol table details.
Definition symbol.cpp:263

◆ CommandSymHelp()

VOID CommandSymHelp ( )

help of the .sym command

Returns
VOID
27{
28 ShowMessages(".sym : performs the symbol actions.\n\n");
29
30 ShowMessages("syntax : \t.sym [table]\n");
31 ShowMessages("syntax : \t.sym [reload] [pid ProcessId (hex)]\n");
32 ShowMessages("syntax : \t.sym [download]\n");
33 ShowMessages("syntax : \t.sym [load]\n");
34 ShowMessages("syntax : \t.sym [unload]\n");
35 ShowMessages("syntax : \t.sym [add] [base Address (hex)] [path Path (string)]\n");
36
37 ShowMessages("\n");
38 ShowMessages("\t\te.g : .sym table\n");
39 ShowMessages("\t\te.g : .sym reload\n");
40 ShowMessages("\t\te.g : .sym reload pid 3a24\n");
41 ShowMessages("\t\te.g : .sym load\n");
42 ShowMessages("\t\te.g : .sym download\n");
43 ShowMessages("\t\te.g : .sym add base fffff8077356000 path c:\\symbols\\my_dll.pdb\n");
44 ShowMessages("\t\te.g : .sym add base fffff8077356000 path \"c:\\symbols files\\my_dll.pdb\"\n");
45 ShowMessages("\t\te.g : .sym unload\n");
46}

Variable Documentation

◆ g_ActiveProcessDebuggingState

ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
extern

State of active debugging thread.

372{0};

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest).