bp.c File Reference

#include "remods.h"
#include "precomp.h"

Include dependency graph for bp.c:

Go to the source code of this file.

Functions
PSW_BP	FindSwBp (ULONG ulAddress)
PSW_BP	FindEmptySwBpSlot (void)
PSW_BP	FindVirtualSwBp (LPSTR ModName, LPSTR szFunctionName)
BOOLEAN	IsSwBpAtAddressInstalled (ULONG ulAddress)
BOOLEAN	IsSwBpAtAddress (ULONG ulAddress)
BOOLEAN	NeedToReInstallSWBreakpoints (ULONG ulAddress, BOOLEAN bUseAddress)
BOOLEAN	ReInstallSWBreakpoint (ULONG ulAddress)
BOOLEAN	InstallSWBreakpoint (ULONG ulAddress, BOOLEAN bPermanent, void(*SWBreakpointCallback)(void))
BOOLEAN	InstallVirtualSWBreakpoint (LPSTR ModName, LPSTR FunctionName)
void	TryToInstallVirtualSWBreakpoints (void)
BOOLEAN	RemoveSWBreakpoint (ULONG ulAddress)
BOOLEAN	DeInstallSWBreakpoint (ULONG ulAddress)
BOOLEAN	RemoveAllSWBreakpoints (BOOLEAN bEvenPermanents)
PSW_BP	IsPermanentSWBreakpoint (ULONG ulAddress)
void	ListSWBreakpoints (void)
void	RevirtualizeBreakpointsForModule (PDEBUG_MODULE pMod)
	__asm__ ("\n\t \ NewInt3Handler:\n\t \ pushl $" STR(REASON_INT3) "\n\t \ // call debugger loop\n\t \ jmp NewInt31Handler\n\t \ ")
void	InstallInt3Hook (void)
void	DeInstallInt3Hook (void)

Variables
char	tempBp [1024]
ULONG	OldInt3Handler =0
SW_BP	aSwBreakpoints [64] ={{0,0,0,0},}

Function Documentation

__asm__()

__asm__

(

"\n\t \NewInt3Handler:\n\t \ pushl $" STR(REASON_INT3) "\n\t \ // call debugger loop\n\t \ jmp NewInt31Handler\n\t \"

)

Referenced by __addfsbyte(), __addfsdword(), __addfsword(), __break(), __cpuid(), __cpuidex(), __debugbreak(), __declspec(), __DestructExceptionObject(), __emul(), __emulu(), __fp_unordered_compare(), __fpclassify(), __fpclassifyf(), __fpclassifyl(), __halt(), __inbyte(), __inbytestring(), __incfsbyte(), __incfsdword(), __incfsword(), __indword(), __indwordstring(), __int2c(), __invlpg(), __inword(), __inwordstring(), __isnan(), __isnanf(), __isnanl(), __lidt(), __ll_lshift(), __ll_rshift(), __movsb(), __movsd(), __movsw(), __nop(), __outbyte(), __outbytestring(), __outdword(), __outdwordstring(), __outword(), __outwordstring(), __rdtsc(), __readcr0(), __readcr2(), __readcr3(), __readcr4(), __readdr(), __readeflags(), __readfsbyte(), __readfsdword(), __readfsword(), __readmsr(), __readpmc(), __readsdr1(), __segmentlimit(), __sidt(), __signbit(), __signbitf(), __signbitl(), __stack_chk_fail(), __stosb(), __stosd(), __stosw(), __ud2(), __ull_rshift(), __wbinvd(), __writecr0(), __writecr3(), __writecr4(), __writedr(), __writeeflags(), __writefsbyte(), __writefsdword(), __writefsword(), __writemsr(), __writesdr1(), __yield(), _BitScanForward(), _BitScanReverse(), _bittest(), _bittestandcomplement(), _bittestandreset(), _bittestandset(), _byteswap_uint64(), _byteswap_ulong(), _byteswap_ushort(), _clearfp(), _control87(), _disable(), _enable(), _fpreset(), _InterlockedAddLargeStatistic(), _interlockedbittestandreset(), _interlockedbittestandset(), _InterlockedCompareExchange(), _InterlockedCompareExchange16(), _InterlockedCompareExchange64(), _InterlockedCompareExchange8(), _InterlockedCompareExchangePointer(), _InterlockedExchange(), _InterlockedExchange16(), _InterlockedExchange8(), _InterlockedExchangeAdd(), _InterlockedExchangeAdd16(), _InterlockedExchangeAdd8(), _InterlockedExchangePointer(), _lrintf(), _lrotl(), _lrotr(), _mm_lfence(), _mm_mfence(), _mm_pause(), _ReadWriteBarrier(), _rotl(), _rotl16(), _rotl8(), _rotr(), _rotr16(), _rotr8(), _SEH2Except(), _SEH2Finally(), _SEH2GlobalUnwind(), _sgdt(), _statusfp(), ArchTrapNoProcess(), atomic_add(), atomic_add_negative(), atomic_dec(), atomic_dec_and_test(), atomic_inc(), atomic_inc_and_test(), atomic_sub(), atomic_sub_and_test(), BlpArchInitialize(), call_test(), COMMAND_PROTOTYPE(), d3d_fpu_setup(), DIB_16BPP_ColorFill(), DIB_16BPP_HLine(), DIB_24BPP_ColorFill(), get_native_fpcw(), GetGDTPtr(), GetLinearAddress(), HalSweepDcache(), InitPICE(), InstallInt3Hook(), InvalidateLB(), KeArmCacheRegisterGet(), KeArmControlRegisterGet(), KeArmControlRegisterSet(), KeArmDomainRegisterSet(), KeArmFaultAddressRegisterGet(), KeArmFaultStatusRegisterGet(), KeArmFlushIcache(), KeArmFlushTlb(), KeArmHaltProcessor(), KeArmIdCodeRegisterGet(), KeArmInstructionFaultStatusRegisterGet(), KeArmInvalidateAllCaches(), KeArmInvalidateTlbEntry(), KeArmLockdownRegisterGet(), KeArmLockdownRegisterSet(), KeArmStatusRegisterGet(), KeArmTranslationTableRegisterGet(), KeArmTranslationTableRegisterSet(), KeArmWaitForInterrupt(), KeGetCurrentProcessorNumber(), KeMemoryBarrier(), KiIret(), KiIsNpxErrataPresent(), KiSwitchToBootStack(), llrint(), llrintf(), llrintl(), logb(), logbf(), logbl(), lrint(), lrintf(), lrintl(), main(), NmiClearFlag(), NtCurrentTeb(), pice_ioctl(), PiceKbdIsr(), RestoreIdt(), rint(), rintf(), rintl(), RtlUlongByteSwap(), RtlWalkFrameChain(), set_fpu_control_word(), set_native_fpcw(), SetGlobalInt(), SetHardwareBreakPoint(), SetHardwareBreakPoints(), setup_fpu(), TakeIdtSnapshot(), TestSSEExceptions(), VarCyFromR8(), wined3d_pause(), ZSTD_compressBlock_lazy_extDict_generic(), ZSTD_compressBlock_lazy_generic(), and ZSTD_cpuid().

DeInstallInt3Hook()

void DeInstallInt3Hook

(

void

)

Definition at line 736 of file bp.c.

{
    ENTER_FUNC();
    DPRINT((0,"enter DeInstallInt3Hook()...\n"));

    MaskIrqs();
    if(OldInt3Handler)
    {
        RemoveAllSWBreakpoints(TRUE);
        SetGlobalInt(0x03,(ULONG)OldInt3Handler);
        OldInt3Handler=0;
    }
    UnmaskIrqs();

    DPRINT((0,"leave DeInstallInt3Hook()...\n"));
    LEAVE_FUNC();
}

Referenced by CleanUpPICE().

DeInstallSWBreakpoint()

BOOLEAN DeInstallSWBreakpoint

(

ULONG

ulAddress

)

Definition at line 428 of file bp.c.

{
    PSW_BP p;
    BOOLEAN bResult = FALSE;

    ENTER_FUNC();
    DPRINT((0,"DeInstallSWBreakpoint()\n"));

    if( (p = FindSwBp(ulAddress)) )
    {
        if(IsAddressValid(ulAddress) && p->bInstalled == TRUE && p->bVirtual==FALSE)
        {
            BOOLEAN isWriteable;
            if( !( isWriteable = IsAddressWriteable(ulAddress) ) )
                SetAddressWriteable(ulAddress,TRUE);
            // restore original opcode
            *(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode;
            if( !isWriteable )
                SetAddressWriteable(ulAddress,FALSE);
        }

        p->bInstalled = FALSE;

        bResult = TRUE;
    }

    LEAVE_FUNC();

    return bResult;
}

Referenced by COMMAND_PROTOTYPE(), DeInstallPrintkHook(), and RealIsr().

FindEmptySwBpSlot()

PSW_BP FindEmptySwBpSlot

(

void

)

Definition at line 69 of file bp.c.

{
    ULONG i;

    for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++)
    {
        if(aSwBreakpoints[i].bUsed == FALSE)
        {
            return &aSwBreakpoints[i];
        }
    }

    return NULL;
}

Referenced by InstallSWBreakpoint(), and InstallVirtualSWBreakpoint().

FindSwBp()

PSW_BP FindSwBp

(

ULONG

ulAddress

)

Definition at line 52 of file bp.c.

{
    ULONG i;

    for(i=0;i<DIM(aSwBreakpoints);i++)
    {
        if(aSwBreakpoints[i].ulAddress == ulAddress && aSwBreakpoints[i].bUsed==TRUE && aSwBreakpoints[i].bVirtual==FALSE)
            return &aSwBreakpoints[i];
    }

    return NULL;
}

Referenced by DeInstallSWBreakpoint(), InstallSWBreakpoint(), and RemoveSWBreakpoint().

FindVirtualSwBp()

PSW_BP FindVirtualSwBp	(	LPSTR	ModName,
		LPSTR	szFunctionName
	)

Definition at line 88 of file bp.c.

{
    ULONG i;
    PSW_BP p;

    for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++)
    {
        p = &aSwBreakpoints[i];

        if(p->bUsed == TRUE &&
           p->bVirtual == TRUE &&
           PICE_strcmpi(p->szModName,ModName)==0 &&
           PICE_strcmpi(p->szFunctionName,szFunctionName)==0)
        {
            return p;
        }
    }

    return NULL;
}

Referenced by TryToInstallVirtualSWBreakpoints().

InstallInt3Hook()

void InstallInt3Hook

(

void

)

Definition at line 709 of file bp.c.

{
    ULONG LocalInt3Handler;

    ENTER_FUNC();
    DPRINT((0,"enter InstallInt3Hook()...\n"));

    MaskIrqs();
    if(!OldInt3Handler)
    {
        PICE_memset(aSwBreakpoints,0,sizeof(aSwBreakpoints));
        __asm__("mov $NewInt3Handler,%0"
            :"=r" (LocalInt3Handler)
            :
            :"eax");
        OldInt3Handler=SetGlobalInt(0x03,(ULONG)LocalInt3Handler);
    }
    UnmaskIrqs();

    DPRINT((0,"leave InstallInt3Hook()...\n"));
    LEAVE_FUNC();
}

Referenced by InitPICE().

InstallSWBreakpoint()

BOOLEAN InstallSWBreakpoint	(	ULONG	ulAddress,
		BOOLEAN	bPermanent,
		void(*)(void)	SWBreakpointCallback
	)

Definition at line 236 of file bp.c.

{
    PSW_BP p;
    BOOLEAN bResult = FALSE;

    ENTER_FUNC();
    DPRINT((0,"InstallSWBreakpoint()\n"));

    // check if page is present
    // TODO: must also check if it's a writable page
    if(IsAddressValid(ulAddress) )
    {
        DPRINT((0,"InstallSWBreakpoint(): %.8X is valid, writable? %d\n",ulAddress,IsAddressWriteable(ulAddress)));
        DPRINT((0,"pde: %x, pte: %x\n", *(ADDR_TO_PDE(ulAddress)), *(ADDR_TO_PTE(ulAddress))));
        if((p = FindSwBp(ulAddress))==NULL)
        {
            DPRINT((0,"InstallSWBreakpoint(): %.8X is free\n",ulAddress));
            if( (p=FindEmptySwBpSlot()) )
            {
                BOOLEAN isWriteable;
                DPRINT((0,"InstallSWBreakpoint(): found empty slot\n"));
                DPRINT((0,"InstallSWBreakpoint(): %x value: %x", ulAddress, *(PUCHAR)ulAddress));
                p->ucOriginalOpcode = *(PUCHAR)ulAddress;
                //allow writing to page
                if( !( isWriteable = IsAddressWriteable(ulAddress) ) )
                    SetAddressWriteable(ulAddress,TRUE);
                DPRINT((0,"writing breakpoint\n"));
                *(PUCHAR)ulAddress = 0xCC;
                DPRINT((0,"restoring page access\n"));
                if( !isWriteable )
                    SetAddressWriteable(ulAddress,FALSE);
                p->bUsed = TRUE;
                p->bInstalled = TRUE;
                // find next address
                p->ulAddress = ulAddress;
                Disasm(&ulAddress,(PUCHAR)&tempBp);
                p->ulNextInstr = ulAddress;
                p->bPermanent = bPermanent;
                if(bPermanent)
                    p->Callback = SWBreakpointCallback;
                else
                    p->Callback = NULL;
                bResult = TRUE;
            }
        }
        else
        {
            DPRINT((0,"InstallSWBreakpoint(): %.8X is already used\n",ulAddress));
            if(p->bPermanent)
            {
                DPRINT((0,"InstallSWBreakpoint(): %.8X is a permanent breakpoint\n",ulAddress));
            }
        }
    }

    LEAVE_FUNC();

    return bResult;
}

Referenced by COMMAND_PROTOTYPE(), and InstallPrintkHook().

InstallVirtualSWBreakpoint()

BOOLEAN InstallVirtualSWBreakpoint	(	LPSTR	ModName,
		LPSTR	FunctionName
	)

Definition at line 300 of file bp.c.

{
    PSW_BP p;
    BOOLEAN bResult = FALSE;

    ENTER_FUNC();
    DPRINT((0,"InstallVirtualSWBreakpoint(%s!%s)\n",ModName,FunctionName));

    if( (p=FindEmptySwBpSlot()) )
    {
        DPRINT((0,"InstallVirtualSWBreakpoint(): found empty slot\n"));

        p->bUsed = TRUE;
        p->bInstalled = TRUE;
        p->bVirtual = TRUE;
        p->Callback = NULL;
        PICE_strcpy(p->szModName,ModName);
        PICE_strcpy(p->szFunctionName,FunctionName);

        bResult = TRUE;
    }

    LEAVE_FUNC();

    return bResult;
}

Referenced by COMMAND_PROTOTYPE().

IsPermanentSWBreakpoint()

PSW_BP IsPermanentSWBreakpoint

(

ULONG

ulAddress

)

Definition at line 520 of file bp.c.

{
    PSW_BP p;
    ULONG i;

    ENTER_FUNC();
    DPRINT((0,"IsPermanentSWBreakpoint(%.8X)\n",ulAddress));

    for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(aSwBreakpoints[0]));i++)
    {
        p = &aSwBreakpoints[i];
        if(p->ulAddress == ulAddress &&
           p->bUsed == TRUE &&
           p->bPermanent == TRUE)
        {
            LEAVE_FUNC();
            return p;
        }
    }

    LEAVE_FUNC();

    return NULL;
}

Referenced by RealIsr().

IsSwBpAtAddress()

BOOLEAN IsSwBpAtAddress

(

ULONG

ulAddress

)

Definition at line 133 of file bp.c.

{
    ULONG i;

    for(i=0;i<DIM(aSwBreakpoints);i++)
    {
        if(aSwBreakpoints[i].ulAddress == ulAddress && aSwBreakpoints[i].bUsed==TRUE && aSwBreakpoints[i].bVirtual==FALSE)
            return TRUE;
    }

    return FALSE;
}

Referenced by COMMAND_PROTOTYPE().

IsSwBpAtAddressInstalled()

BOOLEAN IsSwBpAtAddressInstalled

(

ULONG

ulAddress

)

Definition at line 113 of file bp.c.

{
    ULONG i;

    for(i=0;i<DIM(aSwBreakpoints);i++)
    {
        if(aSwBreakpoints[i].ulAddress == ulAddress &&
           aSwBreakpoints[i].bUsed == TRUE &&
           aSwBreakpoints[i].bInstalled &&
           aSwBreakpoints[i].bVirtual == FALSE)
            return TRUE;
    }

    return FALSE;
}

Referenced by COMMAND_PROTOTYPE(), and RealIsr().

ListSWBreakpoints()

void ListSWBreakpoints

(

void

)

Definition at line 549 of file bp.c.

{
    PSW_BP p;
    ULONG i;
    LPSTR pSymbolName;
    PDEBUG_MODULE pMod;

    ENTER_FUNC();
    DPRINT((0,"ListSWBreakpoints()\n"));

    for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++)
    {
        p = &aSwBreakpoints[i];
        if(p->bUsed == TRUE && p->bVirtual == FALSE)
        {
            if((pSymbolName = FindFunctionByAddress(p->ulAddress,NULL,NULL)) )
            {
                pMod = FindModuleFromAddress(p->ulAddress);
                PICE_sprintf(tempBp,"[%u] %.8X (%S!%s) %s\n",i,p->ulAddress,pMod->name,pSymbolName,p->bPermanent?"PERMANENT":"");
            }
            else
            {
                if(ScanExportsByAddress(&pSymbolName,p->ulAddress))
                    PICE_sprintf(tempBp,"[%u] %.8X (%s) %s\n",i,p->ulAddress,pSymbolName,p->bPermanent?"PERMANENT":"");
                else
                    PICE_sprintf(tempBp,"[%u] %.8X (no symbol) %s\n",i,p->ulAddress,p->bPermanent?"PERMANENT":"");
            }
            Print(OUTPUT_WINDOW,tempBp);
        }
        else if(p->bUsed == TRUE)
        {
            PICE_sprintf(tempBp,"[%u] xxxxxxxx (%s!%s) VIRTUAL\n",i,p->szModName,p->szFunctionName);
            Print(OUTPUT_WINDOW,tempBp);
        }
    }

    LEAVE_FUNC();
}

Referenced by COMMAND_PROTOTYPE().

NeedToReInstallSWBreakpoints()

BOOLEAN NeedToReInstallSWBreakpoints	(	ULONG	ulAddress,
		BOOLEAN	bUseAddress
	)

Definition at line 150 of file bp.c.

{
    PSW_BP p;
    BOOLEAN bResult = FALSE;
    ULONG i;

    ENTER_FUNC();
    DPRINT((0,"NeedToReInstallSWBreakpoint() for %x (bUseAddress = %s)\n",ulAddress,bUseAddress?"TRUE":"FALSE"));

    for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++)
    {
        p = &aSwBreakpoints[i];
        if(bUseAddress)
        {
            if(p->bUsed == TRUE && p->bInstalled == FALSE && p->ulAddress==ulAddress && p->bVirtual==FALSE)
            {
                if(IsAddressValid(p->ulAddress))
                {
                    DPRINT((0,"NeedToReInstallSWBreakpoint(): [1] found BP\n"));
                    bResult = TRUE;
                    break;
                }
            }
        }
        else
        {
            if(p->bUsed == TRUE && p->bInstalled == FALSE && p->bVirtual == FALSE)
            {
                if(IsAddressValid(p->ulAddress))
                {
                    DPRINT((0,"NeedToReInstallSWBreakpoint(): [2] found BP\n"));
                    bResult = TRUE;
                    break;
                }
            }
        }
    }

    LEAVE_FUNC();

    return bResult;
}

Referenced by RealIsr().

ReInstallSWBreakpoint()

BOOLEAN ReInstallSWBreakpoint

(

ULONG

ulAddress

)

Definition at line 197 of file bp.c.

{
    PSW_BP p;
    BOOLEAN bResult = FALSE;
    ULONG i;

    ENTER_FUNC();
    DPRINT((0,"ReInstallSWBreakpoint()\n"));

    for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++)
    {
        p = &aSwBreakpoints[i];
        if(p->bUsed == TRUE && p->bInstalled == FALSE && p->ulAddress == ulAddress && p->bVirtual == FALSE)
        {
            if(IsAddressValid(p->ulAddress))
            {
                BOOLEAN isWriteable;

                if( !( isWriteable = IsAddressWriteable(p->ulAddress) ) )
                    SetAddressWriteable(p->ulAddress,TRUE);
                *(PUCHAR)(p->ulAddress) = 0xCC;
                if( !isWriteable )
                    SetAddressWriteable(p->ulAddress,FALSE);
                p->bInstalled = TRUE;
                bResult = TRUE;
            }
        }
    }

    LEAVE_FUNC();

    return bResult;
}

Referenced by COMMAND_PROTOTYPE(), and RealIsr().

RemoveAllSWBreakpoints()

BOOLEAN RemoveAllSWBreakpoints

(

BOOLEAN

bEvenPermanents

)

Definition at line 463 of file bp.c.

{
    PSW_BP p;
    BOOLEAN bResult = FALSE;
    ULONG i;

    ENTER_FUNC();
    DPRINT((0,"RemoveAllSWBreakpoint()\n"));

    for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++)
    {
        p = &aSwBreakpoints[i];
        if(p->bUsed == TRUE)
        {
            if(bEvenPermanents)
            {
                if(IsAddressValid(p->ulAddress) && p->bVirtual==FALSE)
                {
                    BOOLEAN isWriteable;
                    if( !( isWriteable = IsAddressWriteable(p->ulAddress) ) )
                        SetAddressWriteable(p->ulAddress,TRUE);
                    *(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode;
                    if( !isWriteable )
                        SetAddressWriteable(p->ulAddress,FALSE);
                    bResult = TRUE;
                }
                PICE_memset(p,0,sizeof(*p));
            }
            else
            {
                if(!p->bPermanent)
                {
                    if(IsAddressValid(p->ulAddress) && p->bVirtual==FALSE)
                    {
                        BOOLEAN isWriteable;
                        if( !( isWriteable = IsAddressWriteable(p->ulAddress) ) )
                            SetAddressWriteable(p->ulAddress,TRUE);
                        *(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode;
                        if( !isWriteable )
                            SetAddressWriteable(p->ulAddress,FALSE);
                        bResult = TRUE;
                    }
                    PICE_memset(p,0,sizeof(*p));
                }
            }
        }
    }

    LEAVE_FUNC();

    return bResult;
}

Referenced by COMMAND_PROTOTYPE(), DeInstallDblFltHook(), DeInstallGPFaultHook(), and DeInstallInt3Hook().

RemoveSWBreakpoint()

BOOLEAN RemoveSWBreakpoint

(

ULONG

ulAddress

)

Definition at line 392 of file bp.c.

{
    PSW_BP p;
    BOOLEAN bResult = FALSE;

    ENTER_FUNC();
    DPRINT((0,"RemoveSWBreakpoint()\n"));

    if( (p = FindSwBp(ulAddress)) )
    {
        if(IsAddressValid(ulAddress) && p->bInstalled == TRUE && p->bVirtual==FALSE)
        {
            BOOLEAN isWriteable;
            if( !( isWriteable = IsAddressWriteable(ulAddress) ) )
                SetAddressWriteable(ulAddress,TRUE);
            // restore original opcode
            *(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode;
            if( !isWriteable )
                SetAddressWriteable(ulAddress,FALSE);
        }

        PICE_memset(p,0,sizeof(*p));

        bResult = TRUE;
    }

    LEAVE_FUNC();

    return bResult;
}

RevirtualizeBreakpointsForModule()

void RevirtualizeBreakpointsForModule

(

PDEBUG_MODULE

pMod

)

Definition at line 592 of file bp.c.

{
    ULONG i,start,end;
    PSW_BP p;
    char temp[DEBUG_MODULE_NAME_LEN];

    DPRINT((0,"RevirtualizeBreakpointsForModule(%x)\n",(ULONG)pMod));

    if(IsRangeValid((ULONG)pMod,sizeof(DEBUG_MODULE)) )
    {
        start = (ULONG)pMod->BaseAddress;
        end = (ULONG)pMod->BaseAddress+pMod->size;

        DPRINT((0,"RevirtualizeBreakpointsForModule(): module %x (%x-%x)\n",(ULONG)pMod,start,end));
        // go through all breakpoints
        for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++)
        {
            p = &aSwBreakpoints[i];
            // if it's used and installed and not virtual
            if(p->bUsed && p->bInstalled && p->bVirtual == FALSE)
            {
                // make sure we're in module's bound
                if(p->ulAddress>=start && p->ulAddress<end)
                {
                    LPSTR pFind;
                    ULONG ulFunctionAddress;

                    DPRINT((0,"RevirtualizeBreakpointsForModule(): module breakpoint %u\n",i));
                    // find the function in which this breakpoint resides
                    if(ScanExportsByAddress(&pFind,p->ulAddress))
                    {
                        // from now on it's virtual again
                        p->bVirtual = TRUE;
                        if(IsAddressValid(p->ulAddress) )
                        {
                            BOOLEAN isWriteable;
                            if( !( isWriteable = IsAddressWriteable(p->ulAddress) ) )
                                SetAddressWriteable(p->ulAddress,TRUE);
                            DPRINT((0,"RevirtualizeBreakpointsForModule(): restoring original opcode @ %x\n",p->ulAddress));
                            *(PUCHAR)(p->ulAddress) = p->ucOriginalOpcode;
                            if( !isWriteable )
                                SetAddressWriteable(p->ulAddress,FALSE);
                        }
                        else
                        {
                            DPRINT((0,"RevirtualizeBreakpointsForModule(): could not restore original opcode @ %x\n",p->ulAddress));
                        }
                        // skip past the module separator
                        while(*pFind!='!')pFind++;
                        pFind++;
                        // remember the function and the module for reinstallation
                        CopyWideToAnsi(temp,pMod->name);
                        PICE_strcpy(p->szModName,temp);
                        PICE_strcpy(p->szFunctionName,pFind);
                        DPRINT((0,"RevirtualizeBreakpointsForModule(): %s!%s\n",p->szModName,p->szFunctionName));
                        // if function name contains a '+' it's an offset
                        pFind = p->szFunctionName;
                        while(*pFind!=0)
                        {
                            DPRINT((0,"RevirtualizeBreakpointsForModule(): [1] %s\n",pFind));
                            // found any offset to function
                            if(*pFind=='+')
                            {
                                *pFind=0;
                                break;
                            }
                            pFind++;
                        }

                        DPRINT((0,"RevirtualizeBreakpointsForModule(): [2] %s\n",p->szFunctionName));
                        if(ScanExports(p->szFunctionName,&ulFunctionAddress))
                        {
                            p->ulAddress -= ulFunctionAddress;
                            DPRINT((0,"RevirtualizeBreakpointsForModule(): [1] function @ %x offset = %x\n",ulFunctionAddress,p->ulAddress));
                        }
                        else
                        {
                            if((ulFunctionAddress = FindFunctionInModuleByName(p->szFunctionName,pMod)) )
                            {
                                p->ulAddress -= ulFunctionAddress;
                                DPRINT((0,"RevirtualizeBreakpointsForModule(): [2] function @ %x offset = %x\n",ulFunctionAddress,p->ulAddress));
                            }
                            else
                            {
                                DPRINT((0,"RevirtualizeBreakpointsForModule(): Breakpoint %u could not be virtualized properly!\n",i));
                                PICE_sprintf(tempBp,"Breakpoint %u could not be virtualized properly!\n",i);
                                Print(OUTPUT_WINDOW,tempBp);
                            }
                        }
                    }
                    else
                    {
                        DPRINT((0,"RevirtualizeBreakpointsForModule(): function for %x not found!\n",p->ulAddress));
                        PICE_memset(p,0,sizeof(*p));
                    }
                }
            }
        }
    }
}

Referenced by other_module_cleanup_module().

TryToInstallVirtualSWBreakpoints()

void TryToInstallVirtualSWBreakpoints

(

void

)

Definition at line 331 of file bp.c.

{
    ULONG i,ulAddress;
    PDEBUG_MODULE pMod;
    PSW_BP p;

    DPRINT((0,"TryToInstallVirtualSWBreakpoints()\n"));

    for(i=0;i<(sizeof(aSwBreakpoints)/sizeof(SW_BP));i++)
    {
        p = &aSwBreakpoints[i];
        if(p->bUsed == TRUE && p->bVirtual)
        {
            if((pMod = IsModuleLoaded(p->szModName)))
            {
                if((ulAddress = FindFunctionInModuleByName(p->szFunctionName,pMod)))
                {
                    if((p = FindVirtualSwBp(p->szModName,p->szFunctionName)))
                    {
                        ULONG ulAddressWithOffset = ulAddress+p->ulAddress;
                        DPRINT((0,"TryToInstallVirtualSWBreakpoints(): ulAddressWithOffset = %x (offset = %x)\n",ulAddressWithOffset,p->ulAddress));

                        if(IsAddressValid(ulAddressWithOffset))
                        {
                            BOOLEAN isWriteable;
                            DPRINT((0,"TryToInstallVirtualSWBreakpoints(): installing...\n"));
                            p->ucOriginalOpcode = *(PUCHAR)ulAddressWithOffset;
                            //allow writing to page
                            if( !( isWriteable = IsAddressWriteable(ulAddressWithOffset) ) )
                                SetAddressWriteable(ulAddressWithOffset,TRUE);
                            *(PUCHAR)ulAddressWithOffset = 0xCC;
                            if( !isWriteable )
                                SetAddressWriteable(ulAddressWithOffset,FALSE);
                            p->bUsed = TRUE;
                            p->bInstalled = TRUE;
                            p->bVirtual = FALSE;
                            // find next address
                            p->ulAddress = ulAddressWithOffset;
                            Disasm(&ulAddressWithOffset,(PUCHAR)&tempBp);
                            p->ulNextInstr = ulAddressWithOffset;
                            p->bPermanent = FALSE;
                            p->Callback = NULL;
                        }
                        else
                        {
                            DPRINT((0,"TryToInstallVirtualSWBreakpoints(): not valid address\n"));
                            PICE_memset(p,0,sizeof(*p));
                        }
                    }

                }
            }
        }
    }
}

Referenced by RealIsr().

Variable Documentation

aSwBreakpoints

SW_BP aSwBreakpoints[64] ={{0,0,0,0},}

Definition at line 46 of file bp.c.

Referenced by FindEmptySwBpSlot(), FindSwBp(), FindVirtualSwBp(), InstallInt3Hook(), IsPermanentSWBreakpoint(), IsSwBpAtAddress(), IsSwBpAtAddressInstalled(), ListSWBreakpoints(), NeedToReInstallSWBreakpoints(), ReInstallSWBreakpoint(), RemoveAllSWBreakpoints(), RevirtualizeBreakpointsForModule(), and TryToInstallVirtualSWBreakpoints().

OldInt3Handler

ULONG OldInt3Handler =0

Definition at line 44 of file bp.c.

Referenced by DeInstallInt3Hook(), and InstallInt3Hook().

tempBp

char tempBp[1024]

Definition at line 42 of file bp.c.

Referenced by InstallSWBreakpoint(), ListSWBreakpoints(), RevirtualizeBreakpointsForModule(), and TryToInstallVirtualSWBreakpoints().