Listening for user debugger thread events. More...

#include "pch.h"

Functions
VOID	UdHandleUserDebuggerPausing (PDEBUGGEE_UD_PAUSED_PACKET PausePacket)
	Handle pause packets from user debugger.

Variables
ACTIVE_DEBUGGING_PROCESS	g_ActiveProcessDebuggingState
	State of active debugging thread.

DEBUGGER_SYNCRONIZATION_EVENTS_STATE	g_UserSyncronizationObjectsHandleTable [DEBUGGER_MAXIMUM_SYNCRONIZATION_USER_DEBUGGER_OBJECTS]
	In debugger (not debuggee), we save the handle of the user-mode listening thread for pauses here for user debugger.

Detailed Description

Listening for user debugger thread events.

Author: Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Version: 0.1

Date: 2022-01-28

Copyright: This project is released under the GNU Public License v3.

Function Documentation

◆ UdHandleUserDebuggerPausing()

VOID UdHandleUserDebuggerPausing ( PDEBUGGEE_UD_PAUSED_PACKET PausePacket )

Handle pause packets from user debugger.

Parameters

PausePacket

Returns: VOID

{
    //
    // Set the current active debugging process (thread)
    //
    UdSetActiveDebuggingProcess(PausePacket->ProcessDebuggingToken,
                                PausePacket->ProcessId,
                                PausePacket->ThreadId,
                                PausePacket->Is32Bit,
                                TRUE);
 
    //
    // Perform extra tasks for pausing reasons
    //
    switch (PausePacket->PausingReason)
    {
    case DEBUGGEE_PAUSING_REASON_DEBUGGEE_STARTING_MODULE_LOADED:
 
        ShowMessages("the target module is loaded and a breakpoint is set to the entrypoint\n"
                     "press 'g' to reach to the entrypoint of the main module...\n");
 
        break;
    case DEBUGGEE_PAUSING_REASON_DEBUGGEE_GENERAL_THREAD_INTERCEPTED:
 
        ShowMessages("\nthread: %x from process: %x intercepted\n",
                     PausePacket->ThreadId,
                     PausePacket->ProcessId);
 
        break;
 
    default:
        break;
    }
 
    //
    // Check if the instruction is received completely or not
    //
    if (PausePacket->ReadInstructionLen != MAXIMUM_INSTR_SIZE)
    {
        //
        // We check if the disassembled buffer has greater size
        // than what is retrieved
        //
        if (HyperDbgLengthDisassemblerEngine(PausePacket->InstructionBytesOnRip,
                                             MAXIMUM_INSTR_SIZE,
                                             PausePacket->Is32Bit ? FALSE : TRUE) > PausePacket->ReadInstructionLen)
        {
            ShowMessages("oOh, no! there might be a misinterpretation in disassembling the current instruction\n");
        }
    }
 
    if (!PausePacket->Is32Bit)
    {
        //
        // Show diassembles
        //
        HyperDbgDisassembler64(PausePacket->InstructionBytesOnRip,
                               PausePacket->Rip,
                               MAXIMUM_INSTR_SIZE,
                               1,
                               TRUE,
                               (PRFLAGS)&PausePacket->Rflags);
    }
    else
    {
        //
        // Show diassembles
        //
        HyperDbgDisassembler32(PausePacket->InstructionBytesOnRip,
                               PausePacket->Rip,
                               MAXIMUM_INSTR_SIZE,
                               1,
                               TRUE,
                               (PRFLAGS)&PausePacket->Rflags);
    }
 
    //
    // Unpause the user debugger to get commands
    //
    if (g_UserSyncronizationObjectsHandleTable
            [DEBUGGER_SYNCRONIZATION_OBJECT_USER_DEBUGGER_IS_DEBUGGER_RUNNING]
                .IsOnWaitingState == TRUE)
    {
        DbgReceivedUserResponse(DEBUGGER_SYNCRONIZATION_OBJECT_USER_DEBUGGER_IS_DEBUGGER_RUNNING);
    }
}

Variable Documentation

◆ g_ActiveProcessDebuggingState

ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState

extern

State of active debugging thread.

362{0};

◆ g_UserSyncronizationObjectsHandleTable

DEBUGGER_SYNCRONIZATION_EVENTS_STATE g_UserSyncronizationObjectsHandleTable[DEBUGGER_MAXIMUM_SYNCRONIZATION_USER_DEBUGGER_OBJECTS]

extern

In debugger (not debuggee), we save the handle of the user-mode listening thread for pauses here for user debugger.

176{0};