Rev 113 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 40 | halyavin | 1 | ; diamond, 2006 |
| 2 | sys_debug_services: |
||
| 66 | diamond | 3 | cmp eax, 9 |
| 40 | halyavin | 4 | ja @f |
| 5 | jmp dword [sys_debug_services_table+eax*4] |
||
| 6 | @@: ret |
||
| 7 | sys_debug_services_table: |
||
| 8 | dd debug_set_event_data |
||
| 9 | dd debug_getcontext |
||
| 10 | dd debug_setcontext |
||
| 11 | dd debug_detach |
||
| 12 | dd debug_suspend |
||
| 13 | dd debug_resume |
||
| 14 | dd debug_read_process_memory |
||
| 15 | dd debug_write_process_memory |
||
| 16 | dd debug_terminate |
||
| 66 | diamond | 17 | dd debug_set_drx |
| 40 | halyavin | 18 | |
| 19 | debug_set_event_data: |
||
| 20 | ; in: ebx = pointer |
||
| 21 | ; destroys eax |
||
| 22 | mov eax, [0x3000] |
||
| 23 | shl eax, 8 |
||
| 115 | poddubny | 24 | mov [eax+0x80000+APPDATA.dbg_event_mem], ebx |
| 40 | halyavin | 25 | ret |
| 26 | |||
| 27 | get_debuggee_slot: |
||
| 28 | ; in: ebx=PID |
||
| 29 | ; out: CF=1 if error |
||
| 30 | ; CF=0 and eax=slot*0x20 if ok |
||
| 31 | ; out: interrupts disabled |
||
| 32 | cli |
||
| 33 | mov eax, ebx |
||
| 34 | call pid_to_slot |
||
| 35 | test eax, eax |
||
| 36 | jz .ret_bad |
||
| 37 | shl eax, 5 |
||
| 38 | push ebx |
||
| 39 | mov ebx, [0x3000] |
||
| 115 | poddubny | 40 | cmp [0x80000+eax*8+APPDATA.debugger_slot], ebx |
| 40 | halyavin | 41 | pop ebx |
| 42 | jnz .ret_bad |
||
| 43 | ; clc ; automatically |
||
| 44 | ret |
||
| 45 | .ret_bad: |
||
| 46 | stc |
||
| 47 | ret |
||
| 48 | |||
| 49 | debug_detach: |
||
| 50 | ; in: ebx=pid |
||
| 51 | ; destroys eax,ebx |
||
| 52 | call get_debuggee_slot |
||
| 53 | jc .ret |
||
| 115 | poddubny | 54 | and dword [eax*8+0x80000+APPDATA.debugger_slot], 0 |
| 40 | halyavin | 55 | call do_resume |
| 56 | .ret: |
||
| 57 | sti |
||
| 58 | ret |
||
| 59 | |||
| 60 | debug_terminate: |
||
| 61 | ; in: ebx=pid |
||
| 62 | call get_debuggee_slot |
||
| 63 | jc debug_detach.ret |
||
| 64 | mov ebx, eax |
||
| 65 | shr ebx, 5 |
||
| 66 | push 2 |
||
| 67 | pop eax |
||
| 68 | jmp sys_system |
||
| 69 | |||
| 70 | debug_suspend: |
||
| 71 | ; in: ebx=pid |
||
| 72 | ; destroys eax,ebx |
||
| 73 | call get_debuggee_slot |
||
| 74 | jc .ret |
||
| 115 | poddubny | 75 | mov bl, [0x3000+eax+TASKDATA.state] ; process state |
| 40 | halyavin | 76 | test bl, bl |
| 77 | jz .1 |
||
| 78 | cmp bl, 5 |
||
| 79 | jnz .ret |
||
| 80 | mov bl, 2 |
||
| 115 | poddubny | 81 | .2: mov [0x3000+eax+TASKDATA.state], bl |
| 40 | halyavin | 82 | .ret: |
| 83 | sti |
||
| 84 | ret |
||
| 85 | .1: |
||
| 86 | inc ebx |
||
| 87 | jmp .2 |
||
| 88 | |||
| 89 | do_resume: |
||
| 115 | poddubny | 90 | mov bl, [0x3000+eax+TASKDATA.state] |
| 40 | halyavin | 91 | cmp bl, 1 |
| 92 | jz .1 |
||
| 93 | cmp bl, 2 |
||
| 94 | jnz .ret |
||
| 95 | mov bl, 5 |
||
| 115 | poddubny | 96 | .2: mov [0x3000+eax+TASKDATA.state], bl |
| 40 | halyavin | 97 | .ret: ret |
| 98 | .1: dec ebx |
||
| 99 | jmp .2 |
||
| 100 | |||
| 101 | debug_resume: |
||
| 102 | ; in: ebx=pid |
||
| 103 | ; destroys eax,ebx |
||
| 104 | call get_debuggee_slot |
||
| 105 | jc .ret |
||
| 106 | call do_resume |
||
| 107 | .ret: sti |
||
| 108 | ret |
||
| 109 | |||
| 110 | debug_getcontext: |
||
| 111 | ; in: |
||
| 112 | ; ebx=pid |
||
| 113 | ; ecx=sizeof(CONTEXT) |
||
| 114 | ; edx->CONTEXT |
||
| 115 | ; destroys eax,ecx,edx,esi,edi |
||
| 116 | cmp ecx, 28h |
||
| 117 | jnz .ret |
||
| 118 | add edx, std_application_base_address |
||
| 119 | push ebx |
||
| 120 | mov ebx, edx |
||
| 121 | call check_region |
||
| 122 | pop ebx |
||
| 123 | dec eax |
||
| 124 | jnz .ret |
||
| 125 | call get_debuggee_slot |
||
| 126 | jc .ret |
||
| 127 | imul eax, tss_step/32 |
||
| 128 | add eax, tss_data |
||
| 129 | mov edi, edx |
||
| 130 | cmp [l.cs - tss_sceleton + eax], app_code |
||
| 131 | jnz .ring0 |
||
| 132 | lea esi, [l.eip - tss_sceleton + eax] |
||
| 133 | shr ecx, 2 |
||
| 134 | rep movsd |
||
| 135 | jmp .ret |
||
| 136 | .ring0: |
||
| 137 | ; note that following code assumes that all interrupt/exception handlers |
||
| 138 | ; saves ring-3 context by push ds es, pushad in this order |
||
| 139 | mov esi, [l.esp0 - tss_sceleton + eax] |
||
| 140 | ; top of ring0 stack: ring3 stack ptr (ss+esp), iret data (cs+eip+eflags), ds, es, pushad |
||
| 141 | sub esi, 8+12+8+20h |
||
| 142 | lodsd |
||
| 143 | mov [edi+24h], eax |
||
| 144 | lodsd |
||
| 145 | mov [edi+20h], eax |
||
| 146 | lodsd |
||
| 147 | mov [edi+1Ch], eax |
||
| 148 | lodsd |
||
| 149 | lodsd |
||
| 150 | mov [edi+14h], eax |
||
| 151 | lodsd |
||
| 152 | mov [edi+10h], eax |
||
| 153 | lodsd |
||
| 154 | mov [edi+0Ch], eax |
||
| 155 | lodsd |
||
| 156 | mov [edi+8], eax |
||
| 157 | add esi, 8 |
||
| 158 | lodsd |
||
| 159 | mov [edi], eax |
||
| 160 | lodsd |
||
| 161 | lodsd |
||
| 162 | mov [edi+4], eax |
||
| 163 | lodsd |
||
| 164 | mov [edi+18h], eax |
||
| 165 | .ret: |
||
| 166 | sti |
||
| 167 | ret |
||
| 168 | |||
| 169 | debug_setcontext: |
||
| 170 | ; in: |
||
| 171 | ; ebx=pid |
||
| 172 | ; ecx=sizeof(CONTEXT) |
||
| 173 | ; edx->CONTEXT |
||
| 174 | ; destroys eax,ecx,edx,esi,edi |
||
| 175 | cmp ecx, 28h |
||
| 176 | jnz .ret |
||
| 177 | add edx, std_application_base_address |
||
| 178 | push ebx |
||
| 179 | mov ebx, edx |
||
| 180 | call check_region |
||
| 181 | pop ebx |
||
| 182 | dec eax |
||
| 183 | jnz .ret |
||
| 184 | call get_debuggee_slot |
||
| 185 | jc .stiret |
||
| 186 | imul eax, tss_step/32 |
||
| 187 | add eax, tss_data |
||
| 188 | mov esi, edx |
||
| 189 | cmp [l.cs - tss_sceleton + eax], app_code |
||
| 190 | jnz .ring0 |
||
| 191 | lea edi, [l.eip - tss_sceleton + eax] |
||
| 192 | shr ecx, 2 |
||
| 193 | rep movsd |
||
| 194 | jmp .stiret |
||
| 195 | .ring0: |
||
| 196 | mov edi, [l.esp0 - tss_sceleton + eax] |
||
| 197 | sub edi, 8+12+8+20h |
||
| 198 | mov eax, [esi+24h] |
||
| 199 | stosd |
||
| 200 | mov eax, [esi+20h] |
||
| 201 | stosd |
||
| 202 | mov eax, [esi+1Ch] |
||
| 203 | stosd |
||
| 204 | scasd |
||
| 205 | mov eax, [esi+14h] |
||
| 206 | stosd |
||
| 207 | mov eax, [esi+10h] |
||
| 208 | stosd |
||
| 209 | mov eax, [esi+0Ch] |
||
| 210 | stosd |
||
| 211 | mov eax, [esi+8] |
||
| 212 | stosd |
||
| 213 | add edi, 8 |
||
| 214 | mov eax, [esi] |
||
| 215 | stosd |
||
| 216 | scasd |
||
| 217 | mov eax, [esi+4] |
||
| 218 | stosd |
||
| 219 | mov eax, [esi+18h] |
||
| 220 | stosd |
||
| 221 | .stiret: |
||
| 222 | sti |
||
| 223 | .ret: |
||
| 224 | ret |
||
| 225 | |||
| 66 | diamond | 226 | debug_set_drx: |
| 227 | call get_debuggee_slot |
||
| 228 | jc .errret |
||
| 229 | mov ebp, eax |
||
| 115 | poddubny | 230 | lea eax, [eax*8+0x80000+APPDATA.dbg_regs] |
| 66 | diamond | 231 | ; [eax]=dr0, [eax+4]=dr1, [eax+8]=dr2, [eax+C]=dr3 |
| 232 | ; [eax+10]=dr7 |
||
| 233 | add edx, std_application_base_address |
||
| 234 | jc .errret |
||
| 235 | cmp cl, 3 |
||
| 236 | ja .errret |
||
| 237 | mov ebx, dr7 |
||
| 238 | shr ebx, cl |
||
| 239 | shr ebx, cl |
||
| 240 | test ebx, 2 ; bit 1+2*index = G0..G3, global break enable |
||
| 241 | jnz .errret2 |
||
| 242 | test ch, ch |
||
| 243 | jns .new |
||
| 244 | ; clear breakpoint |
||
| 245 | movzx ecx, cl |
||
| 246 | add ecx, ecx |
||
| 247 | and dword [eax+ecx*2], 0 ; clear DR |
||
| 248 | btr dword [eax+10h], ecx ; clear L bit |
||
| 249 | test byte [eax+10h], 55h |
||
| 250 | jnz .okret |
||
| 251 | imul eax, ebp, tss_step/32 |
||
| 252 | and byte [eax + tss_data + l.trap - tss_sceleton], not 1 |
||
| 253 | .okret: |
||
| 254 | and dword [esp+36], 0 |
||
| 255 | sti |
||
| 256 | ret |
||
| 257 | .errret: |
||
| 258 | sti |
||
| 259 | mov dword [esp+36], 1 |
||
| 260 | ret |
||
| 261 | .errret2: |
||
| 262 | sti |
||
| 263 | mov dword [esp+36], 2 |
||
| 264 | ret |
||
| 265 | .new: |
||
| 266 | ; add new breakpoint |
||
| 267 | ; cl=ind |