archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/sdktools/appverif/debugger.cpp

861 lines
22 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1989-2000 Microsoft Corporation
  5. Module Name:
  7. Debugger.cpp
  9. Abstract:
  11. This module implements the AppVerifier.exe debugger.
  13. Author:
  15. clupu created 01/25/2001
  17. Revision History:
  19. --*/
  21. #include "stdafx.h"
  22. #include "appverif.h"
  24. #include "Log.h"
  26. #include <memory.h>
  27. #include <stdlib.h>
  28. #include "wdbgexts.h"
  30. #include "Debugger.h"
  31. #include "Setting.h"
  32. #include "UserDump.h"
  33. #include "DbgHelp.h"
  34. #include "ChooseExe.h"
  36. #ifdef BP_SIZE
  37. ULONG g_BpSize = BP_SIZE;
  38. #endif
  39. #ifdef BP_INSTR
  40. ULONG g_BpInstr = BP_INSTR;
  41. #endif
  43. typedef void (*PFNDBGEXT)(HANDLE hCurrentProcess,
  44. HANDLE hCurrentThread,
  45. DWORD dwUnused,
  46. PWINDBG_EXTENSION_APIS lpExtensionApis,
  47. LPSTR lpArgumentString);
  51. PFNDBGEXT g_pfnPhextsInit;
  53. BOOL g_bInitialBreakpoint = TRUE;
  55. PROCESS_INFORMATION g_ProcessInformation;
  57. WINDBG_EXTENSION_APIS ExtensionAPIs;
  60. typedef struct tagLOADEDDLL
  61. {
  62. struct tagLOADEDDLL* pNext;
  63. LPTSTR pszName;
  64. LPVOID lpBaseOfDll;
  65. } LOADEDDLL, *PLOADEDDLL;
  67. PLOADEDDLL g_pFirstDll;
  70. PPROCESS_INFO g_pProcessHead = NULL;
  71. PPROCESS_INFO g_pFirstProcess = NULL;
  74. //
  75. // BUGBUG: what's this for ?
  76. //
  77. TCHAR g_szDbgString[1024];
  80. //
  81. // Local function prototypes
  82. //
  84. void DebuggerLoop(void);
  88. DWORD WINAPI ExecuteAppThread( LPVOID lParam )
  89. /*++
  90. Return: TRUE if successful, FALSE otherwise.
  92. Desc: Launch the debuggee.
  93. --*/
  94. {
  95. BOOL bRet;
  96. STARTUPINFO StartupInfo;
  98. ZeroMemory(&StartupInfo, sizeof(StartupInfo));
  99. StartupInfo.cb = sizeof(StartupInfo);
  101. //
  102. // Set some pageheap flags
  103. //
  104. AVSetVerifierFlagsForExe(g_szAppShortName, (DWORD)(LPARAM)lParam);
  106. bRet = CreateProcess(NULL,
  107. g_szAppFullPath,
  108. NULL,
  109. NULL,
  110. FALSE,
  111. CREATE_SEPARATE_WOW_VDM | DEBUG_ONLY_THIS_PROCESS,
  112. NULL,
  113. NULL,
  114. &StartupInfo,
  115. &g_ProcessInformation);
  117. if ( !bRet )
  118. {
  119. LogMessage(LOG_ERROR, _T("[ExecuteApp] Couldn't start \"%s\""), g_szAppFullPath);
  120. return 0;
  121. }
  123. LogMessage(LOG_INFO,
  124. _T("[ExecuteApp] CreateProcess hProcess 0x%X. \"%s\""),
  125. g_ProcessInformation.hProcess,
  126. g_szAppFullPath);
  128. if ( g_ProcessInformation.hProcess != NULL )
  129. {
  131. //
  132. // Start the debugger loop.
  133. //
  134. DebuggerLoop();
  136. //
  137. // Free the memory.
  138. //
  139. PPROCESS_INFO pProcess = g_pProcessHead;
  140. PPROCESS_INFO pProcessNext;
  142. while ( pProcess != NULL )
  143. {
  144. pProcessNext = pProcess->pNext;
  146. PTHREAD_INFO pThread = pProcess->pFirstThreadInfo;
  147. PTHREAD_INFO pThreadNext;
  149. while ( pThread != NULL )
  150. {
  151. pThreadNext = pThread->pNext;
  153. HeapFree(GetProcessHeap(), 0, pThread);
  155. pThread = pThreadNext;
  156. }
  158. HeapFree(GetProcessHeap(), 0, pProcess);
  160. pProcess = pProcessNext;
  161. }
  163. g_pProcessHead = NULL;
  165. PLOADEDDLL pDll = g_pFirstDll;
  166. PLOADEDDLL pDllNext;
  168. while ( pDll != NULL )
  169. {
  170. pDllNext = pDll->pNext;
  172. HeapFree(GetProcessHeap(), 0, pDll->pszName);
  173. HeapFree(GetProcessHeap(), 0, pDll);
  175. pDll = pDllNext;
  176. }
  178. g_pFirstDll = NULL;
  180. g_bDebuggeeExited = TRUE;
  182. CloseHandle(g_ProcessInformation.hProcess);
  183. CloseHandle(g_ProcessInformation.hThread);
  185. ZeroMemory(&g_ProcessInformation, sizeof(PROCESS_INFORMATION));
  186. }
  188. //
  189. // Delete the pageheap flags
  190. //
  191. AVSetVerifierFlagsForExe(g_szAppShortName, 0);
  193. return 1;
  194. }
  197. PPROCESS_INFO GetProcessInfo( HANDLE hProcess )
  198. {
  199. PPROCESS_INFO pProcess = g_pProcessHead;
  201. while ( pProcess != NULL )
  202. {
  203. if ( pProcess->hProcess == hProcess )
  204. {
  205. return pProcess;
  206. }
  207. }
  209. return NULL;
  210. }
  212. SIZE_T
  213. ReadMemoryDbg(
  214. HANDLE hProcess,
  215. LPVOID Address,
  216. LPVOID Buffer,
  217. SIZE_T Length
  218. )
  219. {
  220. SIZE_T cbRead;
  221. LPVOID AddressBp;
  222. PPROCESS_INFO pProcess;
  224. if ( !ReadProcessMemory(hProcess,
  225. Address,
  226. Buffer,
  227. Length,
  228. &cbRead) )
  229. {
  230. return 0;
  231. }
  233. pProcess = GetProcessInfo(hProcess);
  235. if ( pProcess == NULL )
  236. {
  237. return 0;
  238. }
  239. #if defined(BP_INSTR) && defined(BP_SIZE)
  240. for ( int i = 0; i < MAX_BREAKPOINTS; i++ )
  241. {
  243. AddressBp = pProcess->bp[i].Address;
  245. if ( (ULONG_PTR)AddressBp >= (ULONG_PTR)Address &&
  246. (ULONG_PTR)AddressBp < (ULONG_PTR)Address + Length )
  247. {
  249. CopyMemory((LPVOID)((ULONG_PTR)Buffer + (ULONG_PTR)AddressBp - (ULONG_PTR)Address),
  250. &pProcess->bp[i].OriginalInstr,
  251. g_BpSize);
  252. }
  253. }
  254. #endif
  256. return cbRead;
  257. }
  259. BOOL
  260. WriteMemoryDbg(
  261. HANDLE hProcess,
  262. PVOID Address,
  263. PVOID Buffer,
  264. SIZE_T Length
  265. )
  266. {
  267. SIZE_T cb = 0;
  268. BOOL bSuccess;
  270. bSuccess = WriteProcessMemory(hProcess, Address, Buffer, Length, &cb);
  272. if ( !bSuccess || cb != Length )
  273. {
  274. return FALSE;
  275. }
  277. return TRUE;
  278. }
  280. BOOL
  281. GetImageName(
  282. HANDLE hProcess,
  283. ULONG_PTR ImageBase,
  284. PVOID ImageNamePtr,
  285. LPTSTR ImageName,
  286. DWORD ImageNameLength
  287. )
  288. /*++
  289. Return: TRUE if successful, FALSE otherwise.
  291. Desc: BUGBUG: give details here
  292. --*/
  293. {
  294. DWORD_PTR i;
  295. BYTE UnicodeBuf[256 * 2];
  296. IMAGE_DOS_HEADER dh;
  297. IMAGE_NT_HEADERS nh;
  298. IMAGE_EXPORT_DIRECTORY expdir;
  300. if ( !ReadMemoryDbg(hProcess,
  301. (ULONG*)ImageNamePtr,
  302. &i,
  303. sizeof(i)) )
  304. {
  306. goto GetFromExports;
  307. }
  309. if ( !ReadMemoryDbg(hProcess,
  310. (ULONG*)i,
  311. (ULONG*)UnicodeBuf,
  312. sizeof(UnicodeBuf)) )
  313. {
  315. goto GetFromExports;
  316. }
  318. ZeroMemory(ImageName, ImageNameLength);
  320. #ifdef UNICODE
  321. lstrcpyW(ImageName, (LPCWSTR)UnicodeBuf);
  322. #else
  323. WideCharToMultiByte(CP_ACP,
  324. 0,
  325. (LPWSTR)UnicodeBuf,
  326. wcslen((LPWSTR)UnicodeBuf),
  327. ImageName,
  328. ImageNameLength,
  329. NULL,
  330. NULL);
  331. #endif // UNICODE
  333. if ( lstrlen(ImageName) == 0 )
  334. {
  335. goto GetFromExports;
  336. }
  338. return TRUE;
  340. GetFromExports:
  342. if ( !ReadMemoryDbg(hProcess,
  343. (ULONG*)ImageBase,
  344. (ULONG*)&dh,
  345. sizeof(IMAGE_DOS_HEADER)) )
  346. {
  347. return FALSE;
  348. }
  350. if ( dh.e_magic != IMAGE_DOS_SIGNATURE )
  351. {
  352. return FALSE;
  353. }
  355. if ( !ReadMemoryDbg(hProcess,
  356. (ULONG*)(ImageBase + dh.e_lfanew),
  357. (ULONG*)&nh,
  358. sizeof(IMAGE_NT_HEADERS)) )
  359. {
  360. return FALSE;
  361. }
  363. if ( nh.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress == 0 )
  364. {
  365. return FALSE;
  366. }
  368. if ( !ReadMemoryDbg(hProcess,
  369. (ULONG*)(ImageBase +
  370. nh.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress),
  371. (ULONG*)&expdir,
  372. sizeof(IMAGE_EXPORT_DIRECTORY)) )
  373. {
  374. return FALSE;
  375. }
  377. if ( !ReadMemoryDbg(hProcess,
  378. (ULONG*)(ImageBase + expdir.Name),
  379. #ifdef UNICODE
  380. (ULONG*)UnicodeBuf,
  381. #else
  382. (ULONG*)ImageName,
  383. #endif // UNICODE
  384. ImageNameLength) )
  385. {
  386. return FALSE;
  387. }
  389. #ifdef UNICODE
  390. MultiByteToWideChar(CP_ACP,
  391. 0,
  392. (LPCSTR)UnicodeBuf,
  393. -1,
  394. ImageName,
  395. ImageNameLength);
  396. #endif // UNICODE
  398. return TRUE;
  399. }
  401. void
  402. AddDll(
  403. LPVOID lpBaseOfDll,
  404. LPCTSTR pszDllName
  405. )
  406. /*++
  407. Return: void.
  409. Desc: BUGBUG: give details here
  410. --*/
  411. {
  412. PLOADEDDLL pDll;
  414. pDll = (PLOADEDDLL)HeapAlloc(GetProcessHeap(), 0, sizeof(LOADEDDLL));
  416. if ( pDll == NULL )
  417. {
  418. LogMessage(LOG_ERROR, _T("[AddDll] Failed to allocate %d bytes"), sizeof(LOADEDDLL));
  419. return;
  420. }
  422. pDll->pszName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, (lstrlen(pszDllName) + 1) * sizeof(TCHAR));
  424. if ( pDll->pszName == NULL )
  425. {
  426. HeapFree(GetProcessHeap(), 0, pDll);
  427. LogMessage(LOG_ERROR,
  428. _T("[AddDll] Failed to allocate %d bytes"),
  429. (lstrlen(pszDllName) + 1) * sizeof(TCHAR));
  430. return;
  431. }
  433. lstrcpy(pDll->pszName, pszDllName);
  435. pDll->lpBaseOfDll = lpBaseOfDll;
  437. pDll->pNext = g_pFirstDll;
  438. g_pFirstDll = pDll;
  439. }
  441. LPTSTR GetDll( LPVOID lpBaseOfDll )
  442. /*++
  443. Return: The name of the DLL with the specified base address.
  445. Desc: BUGBUG
  446. --*/
  447. {
  448. PLOADEDDLL pDll = g_pFirstDll;
  450. while ( pDll != NULL )
  451. {
  452. if ( pDll->lpBaseOfDll == lpBaseOfDll )
  453. {
  454. return pDll->pszName;
  455. }
  456. pDll = pDll->pNext;
  457. }
  459. return NULL;
  460. }
  462. void RemoveDll( LPVOID lpBaseOfDll )
  463. /*++
  464. Return: void.
  466. Desc: BUGBUG: give details here
  467. --*/
  468. {
  469. PLOADEDDLL* ppDll = &g_pFirstDll;
  470. PLOADEDDLL pDllFree;
  472. while ( *ppDll != NULL )
  473. {
  475. if ( (*ppDll)->lpBaseOfDll == lpBaseOfDll )
  476. {
  478. HeapFree(GetProcessHeap(), 0, (*ppDll)->pszName);
  479. pDllFree = *ppDll;
  481. *ppDll = (*ppDll)->pNext;
  483. HeapFree(GetProcessHeap(), 0, pDllFree);
  484. break;
  485. }
  486. ppDll = &((*ppDll)->pNext);
  487. }
  488. }
  491. BOOL ProcessModuleLoad( PPROCESS_INFO pProcess, DEBUG_EVENT* pde )
  493. /*++
  494. Return: TRUE on success, FALSE otherwise
  496. Desc: Process all module load debug events, create process & dll load.
  497. The purpose is to allocate a MODULEINFO structure, fill in the
  498. necessary values, and load the symbol table.
  499. --*/
  501. {
  502. HANDLE hFile=NULL;
  503. DWORD_PTR dwBaseOfImage;
  505. if ( pde->dwDebugEventCode == CREATE_PROCESS_DEBUG_EVENT )
  506. {
  508. hFile = pde->u.CreateProcessInfo.hFile;
  509. dwBaseOfImage = (DWORD_PTR)pde->u.CreateProcessInfo.lpBaseOfImage;
  511. SymInitialize(pProcess->hProcess, NULL, FALSE);
  513. }
  514. else if ( pde->dwDebugEventCode == LOAD_DLL_DEBUG_EVENT )
  515. {
  516. hFile = pde->u.LoadDll.hFile;
  517. dwBaseOfImage = (DWORD_PTR)pde->u.LoadDll.lpBaseOfDll;
  518. }
  520. if ( hFile == NULL || hFile == INVALID_HANDLE_VALUE )
  521. {
  522. return FALSE;
  523. }
  525. if ( dwBaseOfImage==(DWORD_PTR)NULL )
  526. {
  527. return FALSE;
  528. }
  530. if ( !SymLoadModule(pProcess->hProcess, hFile, NULL, NULL, dwBaseOfImage, 0) )
  531. {
  532. return FALSE;
  533. }
  535. return TRUE;
  536. }
  538. void DebuggerLoop( void )
  539. /*++
  540. Return: void.
  542. Desc: BUGBUG: give details here
  543. --*/
  544. {
  545. DEBUG_EVENT DebugEv; // debugging event information
  546. DWORD dwContinueStatus = DBG_CONTINUE; // exception continuation
  547. PPROCESS_INFO pProcess = NULL;
  548. PTHREAD_INFO pThread = NULL;
  550. while ( TRUE )
  551. {
  553. //
  554. // Wait for a debugging event to occur. The second parameter indicates
  555. // that the function does not return until a debugging event occurs.
  556. //
  557. WaitForDebugEvent(&DebugEv, INFINITE);
  559. //
  560. // Update the processes and threads lists.
  561. //
  562. pProcess = g_pProcessHead;
  563. while ( pProcess != NULL )
  564. {
  565. if ( pProcess->dwProcessId == DebugEv.dwProcessId )
  566. {
  567. break;
  568. }
  569. pProcess = pProcess->pNext;
  570. }
  572. if ( pProcess == NULL )
  573. {
  574. //
  575. // New process.
  576. //
  577. pProcess = (PPROCESS_INFO)HeapAlloc(GetProcessHeap(),
  578. HEAP_ZERO_MEMORY,
  579. sizeof(PROCESS_INFO));
  580. if ( pProcess == NULL )
  581. {
  582. LogMessage(LOG_ERROR,
  583. _T("[DebuggerLoop] Failed to allocate memory for the new process. Fatal !"));
  584. break;
  585. }
  587. pProcess->dwProcessId = DebugEv.dwProcessId;
  588. pProcess->pNext = g_pProcessHead;
  589. g_pProcessHead = pProcess;
  590. }
  592. pThread = pProcess->pFirstThreadInfo;
  594. while ( pThread != NULL )
  595. {
  596. if ( pThread->dwThreadId == DebugEv.dwThreadId )
  597. {
  598. break;
  599. }
  600. pThread = pThread->pNext;
  601. }
  603. if ( pThread == NULL )
  604. {
  605. //
  606. // New thread.
  607. //
  608. pThread = (PTHREAD_INFO)HeapAlloc(GetProcessHeap(),
  609. HEAP_ZERO_MEMORY,
  610. sizeof(THREAD_INFO));
  611. if ( pThread == NULL )
  612. {
  613. LogMessage(LOG_ERROR,
  614. _T("[DebuggerLoop] Failed to allocate memory for the new thread. Fatal !"));
  615. break;
  616. }
  618. pThread->dwThreadId = DebugEv.dwThreadId;
  619. pThread->pNext = pProcess->pFirstThreadInfo;
  620. pProcess->pFirstThreadInfo = pThread;
  621. }
  623. dwContinueStatus = DBG_CONTINUE;
  625. if ( DebugEv.dwDebugEventCode == EXIT_PROCESS_DEBUG_EVENT )
  626. {
  627. goto EndProcess;
  628. }
  630. switch ( DebugEv.dwDebugEventCode )
  631. {
  633. case EXCEPTION_DEBUG_EVENT:
  635. switch ( DebugEv.u.Exception.ExceptionRecord.ExceptionCode )
  636. {
  637. case EXCEPTION_BREAKPOINT:
  639. //
  640. // Hit a breakpoint.
  641. //
  642. if ( !pProcess->bSeenLdrBp )
  643. {
  645. pProcess->bSeenLdrBp = TRUE;
  647. //
  648. // When the initial breakpoint is hit all the
  649. // staticly linked DLLs are already loaded so
  650. // we can go ahead and set breakpoints.
  651. //
  652. LogMessage(LOG_INFO, _T("[DebuggerLoop] Hit initial breakpoint."));
  654. //
  655. // Now it would be a good time to initialize the debugger extensions.
  656. //
  657. break;
  658. }
  660. LogMessage(LOG_INFO, _T("[DebuggerLoop] Hit breakpoint."));
  662. LogAVStatus(AVS_PAGEHEAP_DOUBLEFREE);
  664. if ( MessageBox(NULL,
  665. _T("An Access Violation occured. Do you want to create")
  666. _T(" a crash dump file so you can later debug this problem ?"),
  667. _T("Error"),
  668. MB_ICONEXCLAMATION | MB_YESNO | MB_DEFBUTTON1) == IDYES )
  669. {
  671. pProcess->DebugEvent = DebugEv;
  672. GenerateUserModeDump(g_szCrashDumpFile,
  673. pProcess,
  674. &DebugEv.u.Exception);
  675. }
  677. if ( MessageBox(NULL,
  678. _T("Do you want to continue running the program ?"),
  679. _T("Error"),
  680. MB_ICONEXCLAMATION | MB_YESNO | MB_DEFBUTTON1) != IDYES )
  681. {
  682. goto EndProcess;
  683. }
  685. dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
  686. break;
  688. case STATUS_SINGLE_STEP:
  689. LogMessage(LOG_INFO, _T("[DebuggerLoop] Hit single step breakpoint."));
  690. break;
  692. case EXCEPTION_ACCESS_VIOLATION:
  693. LogMessage(LOG_INFO,
  694. _T("[DebuggerLoop] AV. Addr: 0x%08X, firstChance %d"),
  695. DebugEv.u.Exception.ExceptionRecord.ExceptionAddress,
  696. DebugEv.u.Exception.dwFirstChance);
  698. LogAVStatus(AVS_PAGEHEAP_DOUBLEFREE);
  700. if ( MessageBox(NULL,
  701. _T("An Access Violation occured. Do you want to create")
  702. _T(" a crash dump file so you can later debug this problem ?"),
  703. _T("Error"),
  704. MB_ICONEXCLAMATION | MB_YESNO | MB_DEFBUTTON1) == IDYES )
  705. {
  707. pProcess->DebugEvent = DebugEv;
  708. GenerateUserModeDump(g_szCrashDumpFile,
  709. pProcess,
  710. &DebugEv.u.Exception);
  711. }
  713. if ( MessageBox(NULL,
  714. _T("Do you want to continue running the program ?"),
  715. _T("Error"),
  716. MB_ICONEXCLAMATION | MB_YESNO | MB_DEFBUTTON1) != IDYES )
  717. {
  718. goto EndProcess;
  719. }
  721. dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
  723. break;
  725. default:
  726. LogMessage(LOG_INFO, _T("[DebuggerLoop] Unknown debugger exception."));
  728. dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
  729. break;
  730. }
  731. break;
  733. case CREATE_THREAD_DEBUG_EVENT:
  734. pThread->hProcess = pProcess->hProcess;
  735. pThread->hThread = DebugEv.u.CreateThread.hThread;
  737. LogMessage(LOG_INFO,
  738. _T("[DebuggerLoop] new thread. StartAddress: 0x%x"),
  739. DebugEv.u.CreateThread.lpStartAddress);
  740. break;
  742. case EXIT_THREAD_DEBUG_EVENT:
  743. LogMessage(LOG_INFO,
  744. _T("[DebuggerLoop] exiting thread with code: 0x%x"),
  745. DebugEv.u.ExitThread.dwExitCode);
  746. break;
  748. case CREATE_PROCESS_DEBUG_EVENT:
  750. pProcess->hProcess = DebugEv.u.CreateProcessInfo.hProcess;
  751. pThread->hProcess = pProcess->hProcess;
  752. pThread->hThread = DebugEv.u.CreateProcessInfo.hThread;
  754. if ( g_pFirstProcess == NULL )
  755. {
  756. g_pFirstProcess = pProcess;
  757. }
  759. pProcess->EntryPoint = DebugEv.u.CreateProcessInfo.lpStartAddress;
  761. ProcessModuleLoad(pProcess, &DebugEv);
  763. LogMessage(LOG_INFO,
  764. _T("[DebuggerLoop] new process. BaseImage: 0x%x StartAddress: 0x%x"),
  765. DebugEv.u.CreateProcessInfo.lpBaseOfImage,
  766. DebugEv.u.CreateProcessInfo.lpStartAddress);
  767. break;
  769. case LOAD_DLL_DEBUG_EVENT:
  770. {
  771. TCHAR szAsciiBuf[256];
  772. TCHAR szDllName[128];
  773. TCHAR szExt[16];
  774. BOOL bRet;
  776. bRet = GetImageName(pProcess->hProcess,
  777. (ULONG_PTR)DebugEv.u.LoadDll.lpBaseOfDll,
  778. DebugEv.u.LoadDll.lpImageName,
  779. szAsciiBuf,
  780. sizeof(szAsciiBuf));
  781. if (!bRet) {
  782. LogMessage(LOG_INFO,
  783. _T("[DebuggerLoop] DLL LOADED. BaseDll: 0x%X cannot get the name."),
  784. DebugEv.u.LoadDll.lpBaseOfDll);
  785. AddDll(DebugEv.u.LoadDll.lpBaseOfDll, NULL);
  786. } else {
  787. _tsplitpath(szAsciiBuf, NULL, NULL, szDllName, szExt);
  788. lstrcat(szDllName, szExt);
  790. AddDll(DebugEv.u.LoadDll.lpBaseOfDll, szDllName);
  792. LogMessage(LOG_INFO,
  793. _T("[DebuggerLoop] DLL LOADED. BaseDll: 0x%X \"%s\"."),
  794. DebugEv.u.LoadDll.lpBaseOfDll,
  795. szDllName);
  796. }
  798. ProcessModuleLoad(pProcess, &DebugEv);
  800. CloseHandle(DebugEv.u.LoadDll.hFile);
  802. break;
  803. }
  805. case UNLOAD_DLL_DEBUG_EVENT:
  806. {
  807. LPTSTR pszName = GetDll(DebugEv.u.UnloadDll.lpBaseOfDll);
  809. if ( pszName == NULL )
  810. {
  811. LogMessage(LOG_INFO,
  812. _T("[DebuggerLoop] DLL UNLOADED. BaseDll: 0x%X unknown."),
  813. DebugEv.u.UnloadDll.lpBaseOfDll);
  814. }
  815. else
  816. {
  817. LogMessage(LOG_INFO,
  818. _T("[DebuggerLoop] DLL UNLOADED. BaseDll: 0x%X \"%s\"."),
  819. DebugEv.u.UnloadDll.lpBaseOfDll, pszName);
  820. }
  822. RemoveDll(DebugEv.u.UnloadDll.lpBaseOfDll);
  824. break;
  825. }
  827. case OUTPUT_DEBUG_STRING_EVENT:
  828. ReadMemoryDbg(pThread->hProcess,
  829. DebugEv.u.DebugString.lpDebugStringData,
  830. g_szDbgString,
  831. DebugEv.u.DebugString.nDebugStringLength);
  833. #ifdef UNICODE
  834. LogMessage(LOG_INFO, _T("DPF - %S"), g_szDbgString);
  835. #else
  836. LogMessage(LOG_INFO, _T("DPF - %s"), g_szDbgString);
  837. #endif // UNICODE
  838. break;
  840. default:
  841. LogMessage(LOG_ERROR,
  842. _T("[DebuggerLoop] Unknown event 0x%X"),
  843. DebugEv.dwDebugEventCode);
  844. break;
  845. }
  847. //
  848. // Resume executing the thread that reported the debugging event.
  849. //
  850. ContinueDebugEvent(DebugEv.dwProcessId,
  851. DebugEv.dwThreadId,
  852. dwContinueStatus);
  853. }
  855. EndProcess:
  856. LogMessage(LOG_INFO, _T("[DebuggerLoop] The debugged process has exited."));
  858. LogAVStatus(AVS_APP_TERMINATED);
  859. }