Documents & code‎ > ‎

Idebug2 - LOAD_DLL_DEBUG_EVENT, UNLOAD_DLL_DEBUG_EVENT

Idebug2 - LOAD_DLL_DEBUG_EVENT, UNLOAD_DLL_DEBUG_EVENT   
post id81 
post length7188 
post datetime5/7/2011 8:30:09 PM 
post ip10.10.10.254 

IDebug2

    LOAD_DLL_DEBUG_EVENT, UNLOAD_DLL_DEBUG_EVENT 


IDebug, DebugActiveProcess, LOAD_DLL_DEBUG_EVENT, UNLOAD_DLL_DEBUG_EVENT 

 



Option Strict Off : Option Explicit On 

#Region " Imports 

Imports System.Runtime.InteropServices _ 
      , System.Threading _ 
      , System.Security _ 
      , System.Text 

#End Region 

<SuppressUnmanagedCodeSecurity()> _ 
Public NotInheritable Class IDebug 

#Region " .ctor " 

    Public Shared Event DataReceived(ByRef Message As String) 

#End Region 

#Region " .Event`s " 

    Public Shared Sub OnDataReceived(ByRef Message As String) 
        ' 
        RaiseEvent DataReceived(Message) 
        '' 
    End Sub 

#End Region 

#Region " D E B U G " 

    <DllImport("kernel32")> _ 
    Public Shared Function DebugActiveProcess(ByVal PID As UInt32) As UInt32 
    End Function 
    <DllImport("kernel32")> _ 
    Public Shared Function DebugActiveProcessStop(ByVal PID As UInt32) As UInt32 
    End Function 
    <DllImport("kernel32")> _ 
    Public Shared Function WaitForDebugEvent(<Out()> ByVal LpDebugEvent As [IntPtr] _ 
                                           , <[In]()> ByVal TTL As UInt32) As Boolean 
    End Function 
    <DllImport("kernel32")> _ 
    Public Shared Function ContinueDebugEvent(ByVal dwProcessId As UInt32 _ 
                                            , ByVal dwThreadId As UInt32 _ 
                                            , ByVal dwContinueStatus As UInt32 _ 
                                            ) As UInt32 
    End Function 

    <DllImport("ntdll.dll", CallingConvention:=CallingConvention.StdCall _ 
    , CharSet:=CharSet.Auto, SetLastError:=True)> _ 
    Public Shared Function ZwQueryInformationFile( _ 
          <[In]()> ByVal FileHandle As Integer _ 
        , <[Out]()> ByVal IoStatusBlock As [IntPtr] _ 
        , <[Out]()> ByVal FileInformation As [IntPtr] _ 
        , <[In]()> ByVal Length As Integer _ 
        , <[In]()> ByVal FileInformationClass As Integer _ 
        ) As Integer 
    End Function 

#End Region 

    <SuppressUnmanagedCodeSecurity()> _ 
    Public NotInheritable Class DEBUG_PROCESSING 

#Region " .ctor " 

        Public Event DataReceived(ByRef Message As String) 

        Public Shared PID As UInt32 
        Sub New(ByVal T As UInt32) 
            PID = T 
        End Sub 

#End Region 

        Public Function GET_NAME_BY_HANDLE_ALL(ByVal IHandle As [Int32], ByVal IGrantedAccess As Integer) AsString 
            ' 
            Dim Ret As String = "" 
            ' 
            If Not (IGrantedAccess = &H100000) And Not (IGrantedAccess = &H12019F) Then 
                ' 
                '|-------------- 
                '|  Get [FNI]  | 
                '|---------------     
                Dim FNI As IntPtr = Marshal.AllocHGlobal(512) _ 
                ' 
                If ZwQueryInformationFile(IHandle, Marshal.AllocHGlobal(8), FNI, 512, 9) = 0 Then 
                    ' 
                    With Encoding.ASCII 
                        ' 
                        Ret = Marshal.PtrToStringBSTR( _ 
                                New IntPtr(FNI.ToInt32 + 4)) _ 
                                .Split(.GetChars(New Byte() {0} _ 
                                , 0, 1))(0) 
                        ' 
                    End With 
                    ' 
                End If 
                ' 
                Marshal.FreeHGlobal(FNI) 
                ' 
            End If 
            ' 
            Return Ret 
            '' 
        End Function 

        Public Function ReceiveCallback() 
            ' 
            If Not (DebugActiveProcess(PID) = 0) Then 
                ' 
                Dim IPtr As [IntPtr] _ 
                        = Marshal.AllocHGlobal(10000) 
                ' 
                While Not (WaitForDebugEvent(IPtr, 100000) = 0) 
                    ' 
                    Dim dwDebugEventCode As Int32 _ 
                            = Marshal.ReadInt32(IPtr, 0) _ 
                      , dwProcessId As Int32 _ 
                            = Marshal.ReadInt32(IPtr, 4) _ 
                      , dwThreadId As Int32 _ 
                            = Marshal.ReadInt32(IPtr, 8) _ 
                      , EventHandle As [IntPtr] = Nothing _ 
                      , EventObject As String = Nothing _ 
                      , EventCode As String = Nothing 
                    ' 
                    Select Case dwDebugEventCode 
                        Case 6UI 
                            ' 
                            EventCode = "LOAD_DLL_DEBUG_EVENT" _ 
                                  : EventHandle = Marshal.ReadInt32(IPtr, 12) _ 
                                      : EventObject = GET_NAME_BY_HANDLE_ALL(EventHandle, Nothing
                            ' 
                        Case 7UI 
                            ' 
                            ' 
                    End Select 
                    ' 
                    RaiseEvent DataReceived(String.Concat(EventCode, " | ", Process.GetProcessById(dwProcessId).ProcessName, " | ", EventHandle, " | ", EventObject)) 
                    ' 
                    ContinueDebugEvent(dwProcessId, dwThreadId, &H10002L) 
                    ' 
                End While 
                ' 
                DebugActiveProcessStop(PID) 
                ' 
            End If 
            ' 
            Return Nothing 
            '' 
        End Function 

    End Class 

    Public Shared Sub Processing(ByVal PID As Integer) 
        ' 
        With New DEBUG_PROCESSING(PID) 
            ' 
            AddHandler .DataReceived, AddressOf OnDataReceived 
            Dim th As Thread _ 
                = New Thread(AddressOf .ReceiveCallback) 
            ' 
            th.Priority = ThreadPriority.Lowest 
            ' 
            th.Start() 
            ' 
        End With 
        '' 
    End Sub 

End Class 




--------------------------- 


Module Main 

#Region "...Invoke" 

    Delegate Sub GetDataInvoke(ByRef Message As String) 

    Public Sub DataMessage(ByRef Message As String) 
        ' 
        Try 
            ' 
            If Me.InvokeRequired Then 
                ' 
                Dim As New GetDataInvoke(AddressOf DataMessage) 
                ' 
                Me.Invoke(d, New Object() {Message}) 
                ' 
            Else 
                ' 
                ICase.Text = String.Concat(ICase.Text, Message, vbCrLf) 
                ' 
            End If 
            ' 
        Catch ex As Exception 
        End Try 
        '' 
    End Sub 

#End Region 

#Region " .Event`s " 

    Public Sub OnDataReceived(ByRef Message As String) 
        ' 
        DataMessage(Message) 
        '' 
    End Sub 

#End Region 

    Sub Main() 
        ' 
        AddHandler IDebug.DataReceived, AddressOf OnDataReceived 
        ' 
        IDebug.Processing(Process.GetProcessesByName("ProcName")(0).Id) 
        '' 
    End Sub 

End Module 


ċ
IDebug2.zip
(2k)
DMITRY MENSHOV,
Sep 4, 2013, 9:02 AM
Comments