New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

when simple trace ,handles increase by steps #2037

Open
yyusea opened this Issue Oct 8, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@yyusea

yyusea commented Oct 8, 2018

  • Debugger version (2018/10/7,x64).
  • Brief description of the issue:
    when simple trace ,handles increase by steps
    so if tracelog lots,
    x64dbg will crash.
@yyusea

This comment has been minimized.

Show comment
Hide comment
@yyusea

yyusea Oct 9, 2018

Maybe problem is in TitanEngine\TitanEngine.Debugger.Control.cpp

__declspec(dllexport) void TITCALL StepInto(LPVOID StepCallBack)
{
    ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
    unsigned char instr[16];
    MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
    char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
    if(strstr(DisassembledString, "PUSHF"))
        StepOver(StepCallBack);
    else if(strstr(DisassembledString, "POP SS") || strstr(DisassembledString, "MOV SS")) //prevent the 'PUSH SS', 'POP SS' step trick
    {
        ueCurrentPosition += StaticLengthDisassemble((void*)instr);
        SetBPX(ueCurrentPosition, UE_BREAKPOINT_TYPE_INT3 + UE_SINGLESHOOT, StepCallBack);
    }
    else
    {
        CONTEXT myDBGContext;
        HANDLE hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId);
        myDBGContext.ContextFlags = CONTEXT_CONTROL;
        GetThreadContext(hActiveThread, &myDBGContext);
        myDBGContext.EFlags |= UE_TRAP_FLAG;
        SetThreadContext(hActiveThread, &myDBGContext);
        engineStepActive = true;
        engineStepCallBack = StepCallBack;
        engineStepCount = 0;
		if (hActiveThread)CloseHandle(hActiveThread);//!!!!! this should be add
    }
}

yyusea commented Oct 9, 2018

Maybe problem is in TitanEngine\TitanEngine.Debugger.Control.cpp

__declspec(dllexport) void TITCALL StepInto(LPVOID StepCallBack)
{
    ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
    unsigned char instr[16];
    MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
    char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
    if(strstr(DisassembledString, "PUSHF"))
        StepOver(StepCallBack);
    else if(strstr(DisassembledString, "POP SS") || strstr(DisassembledString, "MOV SS")) //prevent the 'PUSH SS', 'POP SS' step trick
    {
        ueCurrentPosition += StaticLengthDisassemble((void*)instr);
        SetBPX(ueCurrentPosition, UE_BREAKPOINT_TYPE_INT3 + UE_SINGLESHOOT, StepCallBack);
    }
    else
    {
        CONTEXT myDBGContext;
        HANDLE hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId);
        myDBGContext.ContextFlags = CONTEXT_CONTROL;
        GetThreadContext(hActiveThread, &myDBGContext);
        myDBGContext.EFlags |= UE_TRAP_FLAG;
        SetThreadContext(hActiveThread, &myDBGContext);
        engineStepActive = true;
        engineStepCallBack = StepCallBack;
        engineStepCount = 0;
		if (hActiveThread)CloseHandle(hActiveThread);//!!!!! this should be add
    }
}

@mrexodia

This comment has been minimized.

Show comment
Hide comment
@mrexodia

mrexodia Oct 9, 2018

Member

@yyusea This should be fixed with x64dbg/GleeBug#48 can you review the code? https://github.com/x64dbg/GleeBug/blob/2ee4dc0f83c38df14115f5e800f1de91ef3ec926/GleeBug/Debugger.Thread.Registers.cpp It will use the DEBUG_EVENT.CREATE_THREAD_DEBUG_INFO.hThread which will be freed by the OS.

Member

mrexodia commented Oct 9, 2018

@yyusea This should be fixed with x64dbg/GleeBug#48 can you review the code? https://github.com/x64dbg/GleeBug/blob/2ee4dc0f83c38df14115f5e800f1de91ef3ec926/GleeBug/Debugger.Thread.Registers.cpp It will use the DEBUG_EVENT.CREATE_THREAD_DEBUG_INFO.hThread which will be freed by the OS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment