Recommit

README.TXT

@@ -1,40 +1,40 @@
-
-
-  DBGCB Engine
-
-  by Oleksiuk Dmytro (aka Cr4sh), Esage Lab
-
-  http://d-olex.blogspot.com/
-  mailto:dmitry@esagelab.com
-
-================================= 
-
-Engine for communication with remote kernel debugger (WinDBG, KD) from drivers or user mode application.
-
-./dbgcb.dll - WinDbg extension, that must be loaded in remote kernel debugger
-./common/ - dbgcb client code (can be used in your own applications)
-./_Examples/dbgcb_drv.sys - Sample driver
-./_Examples/dbgcb_app.exe - Sample user mode application
-
-Engine working scheme: ./dbgcb_scheme.png
-Engine with test driver (dbgcb_drv.sys): ./dbgcb_in_work.png
-
-
-  Currently supported functions (see ./common/dbgcb_api.h):
-
-/**
- * Execute debuuger command (IDebugControl::Execute()).
- */
-BOOLEAN dbg_exec(PCHAR lpFormat, ...);
-
-/**
- * Evaluate debuuger expression (IDebugControl::Evaluate()).
- */
-PVOID dbg_eval(PCHAR lpFormat, ...);
-
-/**
- * Get offset of the some structure field
- */
-LONG dbg_field_offset(PCHAR lpFormat, ...);
-
-
+
+
+  DBGCB Engine
+    
+  by Oleksiuk Dmytro (aka Cr4sh), Esage Lab
+
+  http://d-olex.blogspot.com/
+  mailto:dmitry@esagelab.com
+
+================================= 
+
+Engine for communication with remote kernel debugger (WinDBG, KD) from drivers or user mode application.
+ 
+./dbgcb.dll - WinDbg extension, that must be loaded in remote kernel debugger
+./common/ - dbgcb client code (can be used in your own applications)
+./_Examples/dbgcb_drv.sys - Sample driver
+./_Examples/dbgcb_app.exe - Sample user mode application
+
+Engine working scheme: ./dbgcb_scheme.png
+Engine with test driver (dbgcb_drv.sys): ./dbgcb_in_work.png
+
+
+  Currently supported functions (see ./common/dbgcb_api.h):
+  
+/**
+ * Execute debuuger command (IDebugControl::Execute()).
+ */
+BOOLEAN dbg_exec(PCHAR lpFormat, ...);
+
+/**
+ * Evaluate debuuger expression (IDebugControl::Evaluate()).
+ */
+PVOID dbg_eval(PCHAR lpFormat, ...);
+
+/**
+ * Get offset of the some structure field
+ */
+LONG dbg_field_offset(PCHAR lpFormat, ...);
+
+

_Examples/dbgcb_app/dbgcb_app.cpp

@@ -1,91 +1,91 @@
-#include <stdio.h>
-#include <conio.h>
-#include <Windows.h>
-
-#include "../../common/dbgcb_api.h"
-//--------------------------------------------------------------------------------------
-void DbgPrint(char *lpszMsg, ...)
-{
-    va_list mylist;
-    va_start(mylist, lpszMsg);
-
-    size_t len = _vscprintf(lpszMsg, mylist) + 0x100;
-
-    char *lpszBuff = (char *)LocalAlloc(LMEM_FIXED, len);
-    if (lpszBuff == NULL)
-    {
-        va_end(mylist);
-        return;
-    }
-
-    vsprintf_s(lpszBuff, len, lpszMsg, mylist);	
-    va_end(mylist);
-
-    OutputDebugString(lpszBuff);
-
-    HANDLE hStd = GetStdHandle(STD_OUTPUT_HANDLE);
-    if (hStd != INVALID_HANDLE_VALUE)
-    {
-        DWORD dwWritten = 0;
-        WriteFile(hStd, lpszBuff, strlen(lpszBuff), &dwWritten, NULL);    
-    }
-
-    LocalFree(lpszBuff);
-}
-//--------------------------------------------------------------------------------------
-int
-__cdecl
-main(
-    __in ULONG argc,
-    __in_ecount(argc) PCHAR argv[])
-{
-    UNREFERENCED_PARAMETER(argc);
-    UNREFERENCED_PARAMETER(argv);
-
-    printf("*******************************************************\n\n");
-    printf("  KERNEL DEBUGGER COMMUNICATION ENGINE\n");
-    printf("  Test application\n\n");
-    printf("  Developed by: Oleksiuk Dmytro (aka Cr4sh), Esage Lab\n\n");
-    printf("  mailto:dmitry@esagelab.com\n\n");
-    printf("*******************************************************\n\n");
-
-    // Test debugger command execution.
-    if (dbg_exec(".printf /D \"<b>Hello from " __FUNCTION__ "(), PID=%d</b>\\n\"", GetCurrentProcessId()))
-    {
-        DbgPrint("Reloading debug symbols and executing 'kb' in debugger...\n");
-        dbg_exec(".reload;kb");
-
-        // Test symbol querying.
-        PVOID Addr = dbg_eval("ntdll!KiUserCallbackDispatcher");
-        if (Addr)
-        {
-            DbgPrint("<?dml?><b>ntdll!KiUserCallbackDispatcher() is at "IFMT"</b>\n", Addr);
-        }        
-        else
-        {
-            DbgPrint(__FUNCTION__"() ERROR: dbg_eval() fails\n");
-        }
-
-        // Test structure field offset querying.
-        LONG Offset = dbg_field_offset("ntdll!_PEB::KernelCallbackTable");
-        if (Offset >= 0)
-        {
-            DbgPrint("<?dml?><b>_PEB::KernelCallbackTable offset is 0x%x</b>\n", Offset);
-        }
-        else
-        {
-            DbgPrint(__FUNCTION__"() ERROR: dbg_field_offset() fails\n");
-        }
-    }    
-    else
-    {
-        DbgPrint(__FUNCTION__"() WARNING: dbgcb extension is not loaded or no connection to remote kernel debugger\n");
-    }
-
-    printf("\nPress any key to quit...\n");
-    _getch();
-
-    return 0;
-}
-//--------------------------------------------------------------------------------------
-// EoF
+#include <stdio.h>
+#include <conio.h>
+#include <Windows.h>
+
+#include "../../common/dbgcb_api.h"
+//--------------------------------------------------------------------------------------
+void DbgPrint(char *lpszMsg, ...)
+{
+    va_list mylist;
+    va_start(mylist, lpszMsg);
+
+    size_t len = _vscprintf(lpszMsg, mylist) + 0x100;
+
+    char *lpszBuff = (char *)LocalAlloc(LMEM_FIXED, len);
+    if (lpszBuff == NULL)
+    {
+        va_end(mylist);
+        return;
+    }
+
+    vsprintf_s(lpszBuff, len, lpszMsg, mylist);	
+    va_end(mylist);
+
+    OutputDebugString(lpszBuff);
+
+    HANDLE hStd = GetStdHandle(STD_OUTPUT_HANDLE);
+    if (hStd != INVALID_HANDLE_VALUE)
+    {
+        DWORD dwWritten = 0;
+        WriteFile(hStd, lpszBuff, strlen(lpszBuff), &dwWritten, NULL);    
+    }
+
+    LocalFree(lpszBuff);
+}
+//--------------------------------------------------------------------------------------
+int
+__cdecl
+main(
+    __in ULONG argc,
+    __in_ecount(argc) PCHAR argv[])
+{
+    UNREFERENCED_PARAMETER(argc);
+    UNREFERENCED_PARAMETER(argv);
+
+    printf("*******************************************************\n\n");
+    printf("  KERNEL DEBUGGER COMMUNICATION ENGINE\n");
+    printf("  Test application\n\n");
+    printf("  Developed by: Oleksiuk Dmytro (aka Cr4sh), Esage Lab\n\n");
+    printf("  mailto:dmitry@esagelab.com\n\n");
+    printf("*******************************************************\n\n");
+
+    // Test debugger command execution.
+    if (dbg_exec(".printf /D \"<b>Hello from " __FUNCTION__ "(), PID=%d</b>\\n\"", GetCurrentProcessId()))
+    {
+        DbgPrint("Reloading debug symbols and executing 'kb' in debugger...\n");
+        dbg_exec(".reload;kb");
+
+        // Test symbol querying.
+        PVOID Addr = dbg_eval("ntdll!KiUserCallbackDispatcher");
+        if (Addr)
+        {
+            DbgPrint("<?dml?><b>ntdll!KiUserCallbackDispatcher() is at "IFMT"</b>\n", Addr);
+        }        
+        else
+        {
+            DbgPrint(__FUNCTION__"() ERROR: dbg_eval() fails\n");
+        }
+
+        // Test structure field offset querying.
+        LONG Offset = dbg_field_offset("ntdll!_PEB::KernelCallbackTable");
+        if (Offset >= 0)
+        {
+            DbgPrint("<?dml?><b>_PEB::KernelCallbackTable offset is 0x%x</b>\n", Offset);
+        }
+        else
+        {
+            DbgPrint(__FUNCTION__"() ERROR: dbg_field_offset() fails\n");
+        }
+    }    
+    else
+    {
+        DbgPrint(__FUNCTION__"() WARNING: dbgcb extension is not loaded or no connection to remote kernel debugger\n");
+    }
+
+    printf("\nPress any key to quit...\n");
+    _getch();
+
+    return 0;
+}
+//--------------------------------------------------------------------------------------
+// EoF

_Examples/dbgcb_app/dbgcb_stub.cpp

@@ -1,2 +1,2 @@
-
-#include "../../common/dbgcb_client.cpp"
+
+#include "../../common/dbgcb_client.cpp"

_Examples/dbgcb_app/makefile

@@ -1,7 +1,7 @@
-#
-# DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
-# file to this component.  This file merely indirects to the real make file
-# that is shared by all the driver components of the Windows NT DDK
-#
-
-!INCLUDE $(NTMAKEENV)\makefile.def
+#
+# DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
+# file to this component.  This file merely indirects to the real make file
+# that is shared by all the driver components of the Windows NT DDK
+#
+
+!INCLUDE $(NTMAKEENV)\makefile.def

_Examples/dbgcb_app/sources

@@ -1,22 +1,22 @@
-
-!if "$(_BUILDARCH)"=="AMD64"
-TARGETNAME = ..\..\..\dbgcb_app_x64
-!else
-TARGETNAME = ..\..\..\dbgcb_app
-!endif
-
-TARGETTYPE = PROGRAM
-
-TARGETLIBS = \
-        $(SDK_LIB_PATH)\kernel32.lib \
-        $(SDK_LIB_PATH)\user32.lib
-
-UMTYPE = console
-
-USE_MSVCRT = 1
-
-SOURCES = \
-        dbgcb_stub.cpp \
-        dbgcb_app.cpp
-
-_NT_TARGET_VERSION = $(_NT_TARGET_VERSION_WINXP)
+
+!if "$(_BUILDARCH)"=="AMD64"
+TARGETNAME = ..\..\..\dbgcb_app_x64
+!else
+TARGETNAME = ..\..\..\dbgcb_app
+!endif
+
+TARGETTYPE = PROGRAM
+
+TARGETLIBS = \
+        $(SDK_LIB_PATH)\kernel32.lib \
+        $(SDK_LIB_PATH)\user32.lib
+
+UMTYPE = console
+
+USE_MSVCRT = 1
+
+SOURCES = \
+        dbgcb_stub.cpp \
+        dbgcb_app.cpp
+
+_NT_TARGET_VERSION = $(_NT_TARGET_VERSION_WINXP)

_Examples/dbgcb_drv.bat

@@ -1,24 +1,24 @@
-@echo off
-
-set SRCPATH=dbgcb_drv.sys
-set DSTPATH=%SystemRoot%\system32\drivers\dbgcb_drv.sys
-
-:: copy driver to the system directory
-copy %SRCPATH% %DSTPATH% /Y
-
-:: create service
-sc create dbgcb_drv binPath= %DSTPATH% type= kernel start= demand
-
-:: start service
-sc start dbgcb_drv
-
-:: stop service
-sc stop dbgcb_drv
-
-:: delete service
-sc delete dbgcb_drv
-
-:: delete file
-del %DSTPATH%
-
-pause
+@echo off
+
+set SRCPATH=dbgcb_drv.sys
+set DSTPATH=%SystemRoot%\system32\drivers\dbgcb_drv.sys
+
+:: copy driver to the system directory
+copy %SRCPATH% %DSTPATH% /Y
+
+:: create service
+sc create dbgcb_drv binPath= %DSTPATH% type= kernel start= demand
+
+:: start service
+sc start dbgcb_drv
+
+:: stop service
+sc stop dbgcb_drv
+
+:: delete service
+sc delete dbgcb_drv
+
+:: delete file
+del %DSTPATH%
+
+pause