level 7
3
2014年11月14日 01点11分
level 7
黑色杰克史密斯
楼主
module wIn32_dEbUgGeR;
import std.c.windows.windows;
import mIkAlIsW.dEbUgGeR;
/*==============================
EXCEPTION_RECORD
==============================*/
struct EXCEPTION_RECORD {
DWORD ExceptionCode;
DWORD ExceptionFlags;
EXCEPTION_RECORD * ExceptionRecord;
PVOID ExceptionAddress;
DWORD NumberParameters;
ULONG_PTR ExceptionInformation[15];
} alias EXCEPTION_RECORD * PEXCEPTION_RECORD;
/*==============================
EXCEPTION_DEBUG_INFO
==============================*/
struct EXCEPTION_DEBUG_INFO {
EXCEPTION_RECORD ExceptionRecord;
DWORD dwFirstChance;
} alias EXCEPTION_DEBUG_INFO * LPEXCEPTION_DEBUG_INFO;
/*===================================================
PTHREAD_START_ROUTINE/LPTHREAD_START_ROUTINE
===================================================*/
extern (Windows)
typedef DWORD ( *PTHREAD_START_ROUTINE ) ( LPVOID lpThreadParameter );
alias PTHREAD_START_ROUTINE LPTHREAD_START_ROUTINE;
/*==============================
CREATE_THREAD_DEBUG_INFO
==============================*/
struct CREATE_THREAD_DEBUG_INFO {
HANDLE hThread;
LPVOID lpThreadLocalBase;
LPTHREAD_START_ROUTINE lpStartAddress;
} alias CREATE_THREAD_DEBUG_INFO * LPCREATE_THREAD_DEBUG_INFO;
/*==============================
CREATE_PROCESS_DEBUG_INFO
==============================*/
struct CREATE_PROCESS_DEBUG_INFO {
HANDLE hFile;
HANDLE hProcess;
HANDLE hThread;
LPVOID lpBaseOfImage;
DWORD dwDebugInfoFileOffset;
DWORD nDebugInfoSize;
LPVOID lpThreadLocalBase;
LPTHREAD_START_ROUTINE lpStartAddress;
LPVOID lpImageName;
WORD fUnicode;
} alias CREATE_PROCESS_DEBUG_INFO * LPCREATE_PROCESS_DEBUG_INFO;
/*==============================
EXIT_THREAD_DEBUG_INFO
==============================*/
struct EXIT_THREAD_DEBUG_INFO {
DWORD dwExitCode;
} alias EXIT_THREAD_DEBUG_INFO * LPEXIT_THREAD_DEBUG_INFO;
/*==============================
EXIT_PROCESS_DEBUG_INFO
==============================*/
struct EXIT_PROCESS_DEBUG_INFO {
DWORD dwExitCode;
} alias EXIT_PROCESS_DEBUG_INFO * LPEXIT_PROCESS_DEBUG_INFO;
/*==============================
LOAD_DLL_DEBUG_INFO
==============================*/
struct LOAD_DLL_DEBUG_INFO {
HANDLE hFile;
LPVOID lpBaseOfDll;
DWORD dwDebugInfoFileOffset;
DWORD nDebugInfoSize;
LPVOID lpImageName;
WORD fUnicode;
} alias LOAD_DLL_DEBUG_INFO * LPLOAD_DLL_DEBUG_INFO;
/*==============================
UNLOAD_DLL_DEBUG_INFO
==============================*/
struct UNLOAD_DLL_DEBUG_INFO {
LPVOID lpBaseOfDll;
} alias UNLOAD_DLL_DEBUG_INFO * LPUNLOAD_DLL_DEBUG_INFO;
/*==============================
OUTPUT_DEBUG_STRING_INFO
==============================*/
struct OUTPUT_DEBUG_STRING_INFO {
LPSTR lpDebugStringData;
WORD fUnicode;
WORD nDebugStringLength;
} alias OUTPUT_DEBUG_STRING_INFO * LPOUTPUT_DEBUG_STRING_INFO;
/*==============================
RIP_INFO
==============================*/
struct RIP_INFO {
DWORD dwError;
DWORD dwType;
} alias RIP_INFO * LPRIP_INFO;
/*==============================
DEBUG_EVENT
==============================*/
struct DEBUG_EVENT {
DWORD dwDebugEventCode;
DWORD dwProcessId;
DWORD dwThreadId;
union u {
EXCEPTION_DEBUG_INFO Exception;
CREATE_THREAD_DEBUG_INFO CreateThread;
CREATE_PROCESS_DEBUG_INFO CreateProcessInfo;
EXIT_THREAD_DEBUG_INFO ExitThread;
EXIT_PROCESS_DEBUG_INFO ExitProcess;
LOAD_DLL_DEBUG_INFO LoadDll;
UNLOAD_DLL_DEBUG_INFO UnloadDll;
OUTPUT_DEBUG_STRING_INFO DebugString;
RIP_INFO RipInfo;
}
} alias DEBUG_EVENT * LPDEBUG_EVENT;
/*==============================
FLOATING_SAVE_AREA
==============================*/
struct FLOATING_SAVE_AREA {
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
BYTE RegisterArea[80];
DWORD Cr0NpxState;
} alias FLOATING_SAVE_AREA * PFLOATING_SAVE_AREA;
/*==============================
CONTEXT
==============================*/
struct CONTEXT {
DWORD ContextFlags;
DWORD Dr0;
DWORD Dr1;
DWORD Dr2;
DWORD Dr3;
DWORD Dr6;
DWORD Dr7;
FLOATING_SAVE_AREA FloatSave;
DWORD SegGs;
DWORD SegFs;
DWORD SegEs;
DWORD SegDs;
DWORD Edi;
DWORD Esi;
DWORD Ebx;
DWORD Edx;
DWORD Ecx;
DWORD Eax;
DWORD E
bp
;
DWORD Eip;
DWORD SegCs; // MUST BE SANITIZED
DWORD EFlags; // MUST BE SANITIZED
DWORD Esp;
DWORD SegSs;
BYTE ExtendedRegisters[512];
} alias CONTEXT * PCONTEXT;
class win32_debugger : debugger
{
public:
this () nothrow
{
RtlZeroMemory = cast(typeof(RtlZeroMemory)) GetProcAddress ( GetModuleHandleA ("ntdll.dll"), "RtlZeroMemory" );
RtlZeroMemory ( &starupinfo, starupinfo.sizeof );
starupinfo.cb = starupinfo.sizeof;
RtlZeroMemory ( &process_infoformation, process_infoformation.sizeof );
}
~this () nothrow {}
override void start_debug () {};
override void show_registers () {};
override void stop_debug () {};
override void go () {};
override void dump () {};
override void show_source_lines () {};
override void break_point () {};
override void step_in () {};
override void step_over () {};
override void step_out () {};
override void show_local_variables () {};
override void show_global_variables () {};
override void format_memory () {};
override void show_stack_track () {};
BOOL open_process () nothrow
{
if (get_file_path ())
{
CreateProcessA( ( cast(char*) &szFileName ),
null, null,
null, FALSE,
DEBUG_ONLY_THIS_PROCESS |
CREATE_NEW_CONSOLE |
CREATE_SUSPENDED,
null, null,
&starupinfo,
&process_infoformation );
return TRUE;
}
else
return FALSE;
}
private:
char szFileName[260];
BOOL thread_status;
CONTEXT context;
STARTUPINFO starupinfo;
PROCESS_INFORMATION process_infoformation;
BOOL get_file_path () nothrow
{
char TempArray[260];
TempArray[0..$] = 0;
OPENFILENAMEA openfilenamea = {0};
openfilenamea.lStructSize = OPENFILENAMEA.sizeof;
openfilenamea.lpstrFilter = "pe files(*.exe)\0*.exe";
openfilenamea.lpstrFile = cast(char*)&TempArray;
openfilenamea.nMaxFile = 260;
openfilenamea.Flags = OFN_FILEMUSTEXIST | OFN_PATHMUSTEXIST;
if ( GetOpenFileNameA ( &openfilenamea ) )
{
asm
{
// push ESI ;
// push EDI ;
lea ESI,TempArray ;
mov EDI,this ;
add EDI,8 ;
main_loop:
cmp byte ptr[ESI],0 ;
je end_loop ;
cmp byte ptr[ESI],0x5C ;
je multi_copy ;
mov AL,byte ptr[ESI] ;
mov byte ptr[EDI],AL ;
inc ESI ;
inc EDI ;
jmp main_loop ;
multi_copy:
mov word ptr[EDI],0x5C5C ;
add EDI,2 ;
inc ESI ;
jmp main_loop ;
end_loop:
mov dword ptr[EDI],0 ;
}
return TRUE;
}
else
return FALSE;
}
extern(Windows) VOID function(
VOID *Destination, SIZE_T Length
) nothrow RtlZeroMemory;
//override
};
2014年11月18日 09点11分
11
import std.c.windows.windows;
import mIkAlIsW.dEbUgGeR;
/*==============================
EXCEPTION_RECORD
==============================*/
struct EXCEPTION_RECORD {
DWORD ExceptionCode;
DWORD ExceptionFlags;
EXCEPTION_RECORD * ExceptionRecord;
PVOID ExceptionAddress;
DWORD NumberParameters;
ULONG_PTR ExceptionInformation[15];
} alias EXCEPTION_RECORD * PEXCEPTION_RECORD;
/*==============================
EXCEPTION_DEBUG_INFO
==============================*/
struct EXCEPTION_DEBUG_INFO {
EXCEPTION_RECORD ExceptionRecord;
DWORD dwFirstChance;
} alias EXCEPTION_DEBUG_INFO * LPEXCEPTION_DEBUG_INFO;
/*===================================================
PTHREAD_START_ROUTINE/LPTHREAD_START_ROUTINE
===================================================*/
extern (Windows)
typedef DWORD ( *PTHREAD_START_ROUTINE ) ( LPVOID lpThreadParameter );
alias PTHREAD_START_ROUTINE LPTHREAD_START_ROUTINE;
/*==============================
CREATE_THREAD_DEBUG_INFO
==============================*/
struct CREATE_THREAD_DEBUG_INFO {
HANDLE hThread;
LPVOID lpThreadLocalBase;
LPTHREAD_START_ROUTINE lpStartAddress;
} alias CREATE_THREAD_DEBUG_INFO * LPCREATE_THREAD_DEBUG_INFO;
/*==============================
CREATE_PROCESS_DEBUG_INFO
==============================*/
struct CREATE_PROCESS_DEBUG_INFO {
HANDLE hFile;
HANDLE hProcess;
HANDLE hThread;
LPVOID lpBaseOfImage;
DWORD dwDebugInfoFileOffset;
DWORD nDebugInfoSize;
LPVOID lpThreadLocalBase;
LPTHREAD_START_ROUTINE lpStartAddress;
LPVOID lpImageName;
WORD fUnicode;
} alias CREATE_PROCESS_DEBUG_INFO * LPCREATE_PROCESS_DEBUG_INFO;
/*==============================
EXIT_THREAD_DEBUG_INFO
==============================*/
struct EXIT_THREAD_DEBUG_INFO {
DWORD dwExitCode;
} alias EXIT_THREAD_DEBUG_INFO * LPEXIT_THREAD_DEBUG_INFO;
/*==============================
EXIT_PROCESS_DEBUG_INFO
==============================*/
struct EXIT_PROCESS_DEBUG_INFO {
DWORD dwExitCode;
} alias EXIT_PROCESS_DEBUG_INFO * LPEXIT_PROCESS_DEBUG_INFO;
/*==============================
LOAD_DLL_DEBUG_INFO
==============================*/
struct LOAD_DLL_DEBUG_INFO {
HANDLE hFile;
LPVOID lpBaseOfDll;
DWORD dwDebugInfoFileOffset;
DWORD nDebugInfoSize;
LPVOID lpImageName;
WORD fUnicode;
} alias LOAD_DLL_DEBUG_INFO * LPLOAD_DLL_DEBUG_INFO;
/*==============================
UNLOAD_DLL_DEBUG_INFO
==============================*/
struct UNLOAD_DLL_DEBUG_INFO {
LPVOID lpBaseOfDll;
} alias UNLOAD_DLL_DEBUG_INFO * LPUNLOAD_DLL_DEBUG_INFO;
/*==============================
OUTPUT_DEBUG_STRING_INFO
==============================*/
struct OUTPUT_DEBUG_STRING_INFO {
LPSTR lpDebugStringData;
WORD fUnicode;
WORD nDebugStringLength;
} alias OUTPUT_DEBUG_STRING_INFO * LPOUTPUT_DEBUG_STRING_INFO;
/*==============================
RIP_INFO
==============================*/
struct RIP_INFO {
DWORD dwError;
DWORD dwType;
} alias RIP_INFO * LPRIP_INFO;
/*==============================
DEBUG_EVENT
==============================*/
struct DEBUG_EVENT {
DWORD dwDebugEventCode;
DWORD dwProcessId;
DWORD dwThreadId;
union u {
EXCEPTION_DEBUG_INFO Exception;
CREATE_THREAD_DEBUG_INFO CreateThread;
CREATE_PROCESS_DEBUG_INFO CreateProcessInfo;
EXIT_THREAD_DEBUG_INFO ExitThread;
EXIT_PROCESS_DEBUG_INFO ExitProcess;
LOAD_DLL_DEBUG_INFO LoadDll;
UNLOAD_DLL_DEBUG_INFO UnloadDll;
OUTPUT_DEBUG_STRING_INFO DebugString;
RIP_INFO RipInfo;
}
} alias DEBUG_EVENT * LPDEBUG_EVENT;
/*==============================
FLOATING_SAVE_AREA
==============================*/
struct FLOATING_SAVE_AREA {
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
BYTE RegisterArea[80];
DWORD Cr0NpxState;
} alias FLOATING_SAVE_AREA * PFLOATING_SAVE_AREA;
/*==============================
CONTEXT
==============================*/
struct CONTEXT {
DWORD ContextFlags;
DWORD Dr0;
DWORD Dr1;
DWORD Dr2;
DWORD Dr3;
DWORD Dr6;
DWORD Dr7;
FLOATING_SAVE_AREA FloatSave;
DWORD SegGs;
DWORD SegFs;
DWORD SegEs;
DWORD SegDs;
DWORD Edi;
DWORD Esi;
DWORD Ebx;
DWORD Edx;
DWORD Ecx;
DWORD Eax;
DWORD E
bp
;
DWORD Eip;
DWORD SegCs; // MUST BE SANITIZED
DWORD EFlags; // MUST BE SANITIZED
DWORD Esp;
DWORD SegSs;
BYTE ExtendedRegisters[512];
} alias CONTEXT * PCONTEXT;
class win32_debugger : debugger
{
public:
this () nothrow
{
RtlZeroMemory = cast(typeof(RtlZeroMemory)) GetProcAddress ( GetModuleHandleA ("ntdll.dll"), "RtlZeroMemory" );
RtlZeroMemory ( &starupinfo, starupinfo.sizeof );
starupinfo.cb = starupinfo.sizeof;
RtlZeroMemory ( &process_infoformation, process_infoformation.sizeof );
}
~this () nothrow {}
override void start_debug () {};
override void show_registers () {};
override void stop_debug () {};
override void go () {};
override void dump () {};
override void show_source_lines () {};
override void break_point () {};
override void step_in () {};
override void step_over () {};
override void step_out () {};
override void show_local_variables () {};
override void show_global_variables () {};
override void format_memory () {};
override void show_stack_track () {};
BOOL open_process () nothrow
{
if (get_file_path ())
{
CreateProcessA( ( cast(char*) &szFileName ),
null, null,
null, FALSE,
DEBUG_ONLY_THIS_PROCESS |
CREATE_NEW_CONSOLE |
CREATE_SUSPENDED,
null, null,
&starupinfo,
&process_infoformation );
return TRUE;
}
else
return FALSE;
}
private:
char szFileName[260];
BOOL thread_status;
CONTEXT context;
STARTUPINFO starupinfo;
PROCESS_INFORMATION process_infoformation;
BOOL get_file_path () nothrow
{
char TempArray[260];
TempArray[0..$] = 0;
OPENFILENAMEA openfilenamea = {0};
openfilenamea.lStructSize = OPENFILENAMEA.sizeof;
openfilenamea.lpstrFilter = "pe files(*.exe)\0*.exe";
openfilenamea.lpstrFile = cast(char*)&TempArray;
openfilenamea.nMaxFile = 260;
openfilenamea.Flags = OFN_FILEMUSTEXIST | OFN_PATHMUSTEXIST;
if ( GetOpenFileNameA ( &openfilenamea ) )
{
asm
{
// push ESI ;
// push EDI ;
lea ESI,TempArray ;
mov EDI,this ;
add EDI,8 ;
main_loop:
cmp byte ptr[ESI],0 ;
je end_loop ;
cmp byte ptr[ESI],0x5C ;
je multi_copy ;
mov AL,byte ptr[ESI] ;
mov byte ptr[EDI],AL ;
inc ESI ;
inc EDI ;
jmp main_loop ;
multi_copy:
mov word ptr[EDI],0x5C5C ;
add EDI,2 ;
inc ESI ;
jmp main_loop ;
end_loop:
mov dword ptr[EDI],0 ;
}
return TRUE;
}
else
return FALSE;
}
extern(Windows) VOID function(
VOID *Destination, SIZE_T Length
) nothrow RtlZeroMemory;
//override
};
level 7
黑色杰克史密斯
楼主
module wIn32_dEbUgGeR;
import std.c.windows.windows;
import mIkAlIsW.dEbUgGeR;
import mIkAlIsW.gRaPhIeNgInE;
/*==============================
EXCEPTION_RECORD
==============================*/
struct EXCEPTION_RECORD {
DWORD ExceptionCode;
DWORD ExceptionFlags;
EXCEPTION_RECORD * ExceptionRecord;
PVOID ExceptionAddress;
DWORD NumberParameters;
ULONG_PTR ExceptionInformation[15];
} alias EXCEPTION_RECORD * PEXCEPTION_RECORD;
/*==============================
EXCEPTION_DEBUG_INFO
==============================*/
struct EXCEPTION_DEBUG_INFO {
EXCEPTION_RECORD ExceptionRecord;
DWORD dwFirstChance;
} alias EXCEPTION_DEBUG_INFO * LPEXCEPTION_DEBUG_INFO;
/*===================================================
PTHREAD_START_ROUTINE/LPTHREAD_START_ROUTINE
===================================================*/
extern (Windows)
typedef DWORD ( *PTHREAD_START_ROUTINE ) ( LPVOID lpThreadParameter );
alias PTHREAD_START_ROUTINE LPTHREAD_START_ROUTINE;
/*==============================
CREATE_THREAD_DEBUG_INFO
==============================*/
struct CREATE_THREAD_DEBUG_INFO {
HANDLE hThread;
LPVOID lpThreadLocalBase;
LPTHREAD_START_ROUTINE lpStartAddress;
} alias CREATE_THREAD_DEBUG_INFO * LPCREATE_THREAD_DEBUG_INFO;
/*==============================
CREATE_PROCESS_DEBUG_INFO
==============================*/
struct CREATE_PROCESS_DEBUG_INFO {
HANDLE hFile;
HANDLE hProcess;
HANDLE hThread;
LPVOID lpBaseOfImage;
DWORD dwDebugInfoFileOffset;
DWORD nDebugInfoSize;
LPVOID lpThreadLocalBase;
LPTHREAD_START_ROUTINE lpStartAddress;
LPVOID lpImageName;
WORD fUnicode;
} alias CREATE_PROCESS_DEBUG_INFO * LPCREATE_PROCESS_DEBUG_INFO;
/*==============================
EXIT_THREAD_DEBUG_INFO
==============================*/
struct EXIT_THREAD_DEBUG_INFO {
DWORD dwExitCode;
} alias EXIT_THREAD_DEBUG_INFO * LPEXIT_THREAD_DEBUG_INFO;
/*==============================
EXIT_PROCESS_DEBUG_INFO
==============================*/
struct EXIT_PROCESS_DEBUG_INFO {
DWORD dwExitCode;
} alias EXIT_PROCESS_DEBUG_INFO * LPEXIT_PROCESS_DEBUG_INFO;
/*==============================
LOAD_DLL_DEBUG_INFO
==============================*/
struct LOAD_DLL_DEBUG_INFO {
HANDLE hFile;
LPVOID lpBaseOfDll;
DWORD dwDebugInfoFileOffset;
DWORD nDebugInfoSize;
LPVOID lpImageName;
WORD fUnicode;
} alias LOAD_DLL_DEBUG_INFO * LPLOAD_DLL_DEBUG_INFO;
/*==============================
UNLOAD_DLL_DEBUG_INFO
==============================*/
struct UNLOAD_DLL_DEBUG_INFO {
LPVOID lpBaseOfDll;
} alias UNLOAD_DLL_DEBUG_INFO * LPUNLOAD_DLL_DEBUG_INFO;
/*==============================
OUTPUT_DEBUG_STRING_INFO
==============================*/
struct OUTPUT_DEBUG_STRING_INFO {
LPSTR lpDebugStringData;
WORD fUnicode;
WORD nDebugStringLength;
} alias OUTPUT_DEBUG_STRING_INFO * LPOUTPUT_DEBUG_STRING_INFO;
/*==============================
RIP_INFO
==============================*/
struct RIP_INFO {
DWORD dwError;
DWORD dwType;
} alias RIP_INFO * LPRIP_INFO;
/*==============================
DEBUG_EVENT
==============================*/
struct DEBUG_EVENT {
DWORD dwDebugEventCode;
DWORD dwProcessId;
DWORD dwThreadId;
union u {
EXCEPTION_DEBUG_INFO Exception;
CREATE_THREAD_DEBUG_INFO CreateThread;
CREATE_PROCESS_DEBUG_INFO CreateProcessInfo;
EXIT_THREAD_DEBUG_INFO ExitThread;
EXIT_PROCESS_DEBUG_INFO ExitProcess;
LOAD_DLL_DEBUG_INFO LoadDll;
UNLOAD_DLL_DEBUG_INFO UnloadDll;
OUTPUT_DEBUG_STRING_INFO DebugString;
RIP_INFO RipInfo;
}
} alias DEBUG_EVENT * LPDEBUG_EVENT;
/*==============================
FLOATING_SAVE_AREA
==============================*/
struct FLOATING_SAVE_AREA {
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
BYTE RegisterArea[80];
DWORD Cr0NpxState;
} alias FLOATING_SAVE_AREA * PFLOATING_SAVE_AREA;
2014年11月18日 13点11分
12
import std.c.windows.windows;
import mIkAlIsW.dEbUgGeR;
import mIkAlIsW.gRaPhIeNgInE;
/*==============================
EXCEPTION_RECORD
==============================*/
struct EXCEPTION_RECORD {
DWORD ExceptionCode;
DWORD ExceptionFlags;
EXCEPTION_RECORD * ExceptionRecord;
PVOID ExceptionAddress;
DWORD NumberParameters;
ULONG_PTR ExceptionInformation[15];
} alias EXCEPTION_RECORD * PEXCEPTION_RECORD;
/*==============================
EXCEPTION_DEBUG_INFO
==============================*/
struct EXCEPTION_DEBUG_INFO {
EXCEPTION_RECORD ExceptionRecord;
DWORD dwFirstChance;
} alias EXCEPTION_DEBUG_INFO * LPEXCEPTION_DEBUG_INFO;
/*===================================================
PTHREAD_START_ROUTINE/LPTHREAD_START_ROUTINE
===================================================*/
extern (Windows)
typedef DWORD ( *PTHREAD_START_ROUTINE ) ( LPVOID lpThreadParameter );
alias PTHREAD_START_ROUTINE LPTHREAD_START_ROUTINE;
/*==============================
CREATE_THREAD_DEBUG_INFO
==============================*/
struct CREATE_THREAD_DEBUG_INFO {
HANDLE hThread;
LPVOID lpThreadLocalBase;
LPTHREAD_START_ROUTINE lpStartAddress;
} alias CREATE_THREAD_DEBUG_INFO * LPCREATE_THREAD_DEBUG_INFO;
/*==============================
CREATE_PROCESS_DEBUG_INFO
==============================*/
struct CREATE_PROCESS_DEBUG_INFO {
HANDLE hFile;
HANDLE hProcess;
HANDLE hThread;
LPVOID lpBaseOfImage;
DWORD dwDebugInfoFileOffset;
DWORD nDebugInfoSize;
LPVOID lpThreadLocalBase;
LPTHREAD_START_ROUTINE lpStartAddress;
LPVOID lpImageName;
WORD fUnicode;
} alias CREATE_PROCESS_DEBUG_INFO * LPCREATE_PROCESS_DEBUG_INFO;
/*==============================
EXIT_THREAD_DEBUG_INFO
==============================*/
struct EXIT_THREAD_DEBUG_INFO {
DWORD dwExitCode;
} alias EXIT_THREAD_DEBUG_INFO * LPEXIT_THREAD_DEBUG_INFO;
/*==============================
EXIT_PROCESS_DEBUG_INFO
==============================*/
struct EXIT_PROCESS_DEBUG_INFO {
DWORD dwExitCode;
} alias EXIT_PROCESS_DEBUG_INFO * LPEXIT_PROCESS_DEBUG_INFO;
/*==============================
LOAD_DLL_DEBUG_INFO
==============================*/
struct LOAD_DLL_DEBUG_INFO {
HANDLE hFile;
LPVOID lpBaseOfDll;
DWORD dwDebugInfoFileOffset;
DWORD nDebugInfoSize;
LPVOID lpImageName;
WORD fUnicode;
} alias LOAD_DLL_DEBUG_INFO * LPLOAD_DLL_DEBUG_INFO;
/*==============================
UNLOAD_DLL_DEBUG_INFO
==============================*/
struct UNLOAD_DLL_DEBUG_INFO {
LPVOID lpBaseOfDll;
} alias UNLOAD_DLL_DEBUG_INFO * LPUNLOAD_DLL_DEBUG_INFO;
/*==============================
OUTPUT_DEBUG_STRING_INFO
==============================*/
struct OUTPUT_DEBUG_STRING_INFO {
LPSTR lpDebugStringData;
WORD fUnicode;
WORD nDebugStringLength;
} alias OUTPUT_DEBUG_STRING_INFO * LPOUTPUT_DEBUG_STRING_INFO;
/*==============================
RIP_INFO
==============================*/
struct RIP_INFO {
DWORD dwError;
DWORD dwType;
} alias RIP_INFO * LPRIP_INFO;
/*==============================
DEBUG_EVENT
==============================*/
struct DEBUG_EVENT {
DWORD dwDebugEventCode;
DWORD dwProcessId;
DWORD dwThreadId;
union u {
EXCEPTION_DEBUG_INFO Exception;
CREATE_THREAD_DEBUG_INFO CreateThread;
CREATE_PROCESS_DEBUG_INFO CreateProcessInfo;
EXIT_THREAD_DEBUG_INFO ExitThread;
EXIT_PROCESS_DEBUG_INFO ExitProcess;
LOAD_DLL_DEBUG_INFO LoadDll;
UNLOAD_DLL_DEBUG_INFO UnloadDll;
OUTPUT_DEBUG_STRING_INFO DebugString;
RIP_INFO RipInfo;
}
} alias DEBUG_EVENT * LPDEBUG_EVENT;
/*==============================
FLOATING_SAVE_AREA
==============================*/
struct FLOATING_SAVE_AREA {
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
BYTE RegisterArea[80];
DWORD Cr0NpxState;
} alias FLOATING_SAVE_AREA * PFLOATING_SAVE_AREA;
level 7
黑色杰克史密斯
楼主
class win32_debugger : debugger
{
public:
this ( HWND hwnd_ ) nothrow
{
text_plotter = new graphic_engine (hwnd_);
rtl_zero_memory = cast(typeof(rtl_zero_memory)) GetProcAddress ( GetModuleHandleA ("ntdll.dll"), "RtlZeroMemory" );
starupinfo.cb = starupinfo.sizeof;
rtl_zero_memory ( &process_infoformation, process_infoformation.sizeof );
rtl_zero_memory ( &starupinfo, starupinfo.sizeof );
debugger_status = DEBUGGER_FROZEN;
thread_status = THREAD_UNALIVE;
}
~this () nothrow {}
override void start_debug () {};
override void show_registers () {};
override void stop_debug () {};
override void go () {};
override void dump () {};
override void show_source_lines () {};
override void break_point () {};
override void step_in () {};
override void step_over () {};
override void step_out () {};
override void show_local_variables () {};
override void show_global_variables () {};
override void format_memory () {};
override void show_stack_track () {};
void thraed_thaw () nothrow { thread_status = THREAD_BRISK; }
void thread_forzen () nothrow { thread_status = THREAD_SUSPEND; }
void debugger_thaw () nothrow { debugger_status = DEBUGGER_ACTIVE; }
void debugger_frozen () nothrow { debugger_status = DEBUGGER_FROZEN; }
void debugger_nomask () nothrow { debugger_status = DEBUGGER_FIRST; }
void debugger_do_frame () nothrow { }
BOOL open_process () nothrow
{
if (get_file_path ())
{
CreateProcessA( ( cast(char*) &szFileName ),
null, null,
null, FALSE,
DEBUG_ONLY_THIS_PROCESS |
CREATE_NEW_CONSOLE |
CREATE_SUSPENDED,
null, null,
&starupinfo,
&process_infoformation );
return TRUE;
}
else
return FALSE;
}
private:
char szFileName[260];
CONTEXT context;
STARTUPINFO starupinfo;
graphic_engine text_plotter;
PROCESS_INFORMATION process_infoformation;
BOOL thread_status,
debugger_status;
enum
{
THREAD_UNALIVE = 0,
THREAD_SUSPEND = 1,
THREAD_BRISK = 2,
DEBUGGER_FROZEN = 3,
DEBUGGER_ACTIVE = 4,
DEBUGGER_START = 5,
DEBUGGER_TERMI = 6,
DEBUGGER_FIRST = 7
}
BOOL get_file_path () nothrow
{
char TempArray[260];
rtl_zero_memory ( &TempArray,TempArray.sizeof );
OPENFILENAMEA openfilenamea = {0};
openfilenamea.lStructSize = OPENFILENAMEA.sizeof;
openfilenamea.lpstrFilter = "pe files(*.exe)\0*.exe";
openfilenamea.lpstrFile = cast(char*)&TempArray;
openfilenamea.nMaxFile = 260;
openfilenamea.Flags = OFN_FILEMUSTEXIST | OFN_PATHMUSTEXIST;
if ( GetOpenFileNameA ( &openfilenamea ) )
{
asm
{
// push ESI ;
// push EDI ;
lea ESI,TempArray ;
mov EDI,this ;
add EDI,8 ;
main_loop:
cmp byte ptr[ESI],0 ;
je end_loop ;
cmp byte ptr[ESI],0x5C ;
je multi_copy ;
mov AL,byte ptr[ESI] ;
mov byte ptr[EDI],AL ;
inc ESI ;
inc EDI ;
jmp main_loop ;
multi_copy:
mov word ptr[EDI],0x5C5C ;
add EDI,2 ;
inc ESI ;
jmp main_loop ;
end_loop:
mov dword ptr[EDI],0 ;
}
return TRUE;
}
else
return FALSE;
}
extern(Windows) VOID function(
VOID *Destination, SIZE_T Length
) nothrow rtl_zero_memory;
//override
};
2014年11月18日 13点11分
14
{
public:
this ( HWND hwnd_ ) nothrow
{
text_plotter = new graphic_engine (hwnd_);
rtl_zero_memory = cast(typeof(rtl_zero_memory)) GetProcAddress ( GetModuleHandleA ("ntdll.dll"), "RtlZeroMemory" );
starupinfo.cb = starupinfo.sizeof;
rtl_zero_memory ( &process_infoformation, process_infoformation.sizeof );
rtl_zero_memory ( &starupinfo, starupinfo.sizeof );
debugger_status = DEBUGGER_FROZEN;
thread_status = THREAD_UNALIVE;
}
~this () nothrow {}
override void start_debug () {};
override void show_registers () {};
override void stop_debug () {};
override void go () {};
override void dump () {};
override void show_source_lines () {};
override void break_point () {};
override void step_in () {};
override void step_over () {};
override void step_out () {};
override void show_local_variables () {};
override void show_global_variables () {};
override void format_memory () {};
override void show_stack_track () {};
void thraed_thaw () nothrow { thread_status = THREAD_BRISK; }
void thread_forzen () nothrow { thread_status = THREAD_SUSPEND; }
void debugger_thaw () nothrow { debugger_status = DEBUGGER_ACTIVE; }
void debugger_frozen () nothrow { debugger_status = DEBUGGER_FROZEN; }
void debugger_nomask () nothrow { debugger_status = DEBUGGER_FIRST; }
void debugger_do_frame () nothrow { }
BOOL open_process () nothrow
{
if (get_file_path ())
{
CreateProcessA( ( cast(char*) &szFileName ),
null, null,
null, FALSE,
DEBUG_ONLY_THIS_PROCESS |
CREATE_NEW_CONSOLE |
CREATE_SUSPENDED,
null, null,
&starupinfo,
&process_infoformation );
return TRUE;
}
else
return FALSE;
}
private:
char szFileName[260];
CONTEXT context;
STARTUPINFO starupinfo;
graphic_engine text_plotter;
PROCESS_INFORMATION process_infoformation;
BOOL thread_status,
debugger_status;
enum
{
THREAD_UNALIVE = 0,
THREAD_SUSPEND = 1,
THREAD_BRISK = 2,
DEBUGGER_FROZEN = 3,
DEBUGGER_ACTIVE = 4,
DEBUGGER_START = 5,
DEBUGGER_TERMI = 6,
DEBUGGER_FIRST = 7
}
BOOL get_file_path () nothrow
{
char TempArray[260];
rtl_zero_memory ( &TempArray,TempArray.sizeof );
OPENFILENAMEA openfilenamea = {0};
openfilenamea.lStructSize = OPENFILENAMEA.sizeof;
openfilenamea.lpstrFilter = "pe files(*.exe)\0*.exe";
openfilenamea.lpstrFile = cast(char*)&TempArray;
openfilenamea.nMaxFile = 260;
openfilenamea.Flags = OFN_FILEMUSTEXIST | OFN_PATHMUSTEXIST;
if ( GetOpenFileNameA ( &openfilenamea ) )
{
asm
{
// push ESI ;
// push EDI ;
lea ESI,TempArray ;
mov EDI,this ;
add EDI,8 ;
main_loop:
cmp byte ptr[ESI],0 ;
je end_loop ;
cmp byte ptr[ESI],0x5C ;
je multi_copy ;
mov AL,byte ptr[ESI] ;
mov byte ptr[EDI],AL ;
inc ESI ;
inc EDI ;
jmp main_loop ;
multi_copy:
mov word ptr[EDI],0x5C5C ;
add EDI,2 ;
inc ESI ;
jmp main_loop ;
end_loop:
mov dword ptr[EDI],0 ;
}
return TRUE;
}
else
return FALSE;
}
extern(Windows) VOID function(
VOID *Destination, SIZE_T Length
) nothrow rtl_zero_memory;
//override
};
level 7
![[不高兴]](/static/emoticons/u4e0du9ad8u5174.png)
我暖贴你还笑我![[委屈]](/static/emoticons/u59d4u5c48.png)
100块钱都不给我,我抢劫你什么,我是抢劫的人吗?![[哭着跑]](/static/emoticons/u54edu7740u8dd1.png)
一百块钱都不给我 ![[喷]](/static/emoticons/u55b7.png)
一毛钱都不给我! 臭不要脸还要笑 ![[打滚]](/static/emoticons/u6253u6eda.png)
给你暖贴还在笑!你笑个毛啊![[怒]](/static/emoticons/u6012.png)
你不丢人我丢人,你骗了我,你还要打我 ![[寻死]](/static/emoticons/u5bfbu6b7b.png)
好恶心的这种人![[大哭]](/static/emoticons/u5927u54ed.png)
一百块都不给我![[泪奔]](/static/emoticons/u6ceau5954.png)
,好坏好坏好坏的
![[滑稽]](/static/emoticons/u6ed1u7a3d.png)
![[呵呵]](/static/emoticons/u5475u5475.png)