This repository was archived by the owner on Nov 4, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathSelfDebugger.cpp
More file actions
85 lines (72 loc) · 2.12 KB
/
SelfDebugger.cpp
File metadata and controls
85 lines (72 loc) · 2.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#include"SelfDebugger.h"
extern bool isDebugged;
extern HANDLE FirstStartEvent;
bool SelfDebugging::IsDebugged()
{
WCHAR wszFilePath[MAX_PATH], wszCmdLine[MAX_PATH];
STARTUPINFO si = { sizeof(si) };
PROCESS_INFORMATION pi;
HANDLE hDbgEvent;
hDbgEvent = CreateEventW(NULL, FALSE, FALSE, EVENT_SELFDBG_EVENT_NAME);
if (!hDbgEvent)
return false;
if (!GetModuleFileNameW(NULL, wszFilePath, _countof(wszFilePath)))
return false;
swprintf_s(wszCmdLine, L"%s %d", wszFilePath, GetCurrentProcessId());
if (CreateProcessW(NULL, wszCmdLine, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi))
{
WaitForSingleObject(pi.hProcess, INFINITE);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
return WAIT_OBJECT_0 == WaitForSingleObject(hDbgEvent, 0);
}
return false;
}
bool SelfDebugging::EnableDebugPrivilege()
{
bool bResult = false;
HANDLE hToken = NULL;
DWORD ec = 0;
do
{
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
break;
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid))
break;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL))
break;
bResult = true;
} while (0);
if (hToken)
CloseHandle(hToken);
return bResult;
}
void SelfDebugging::start(int argc,char** argv)
{
if (argc < 2)
{
if (IsDebugged())
{
isDebugged = true;
std::cout << "SelfDebugging find the Debugger " << std::endl;
return;
}
}
else
{
DWORD dwParentPid = atoi(argv[1]);
HANDLE hEvent = OpenEventW(EVENT_MODIFY_STATE, FALSE, EVENT_SELFDBG_EVENT_NAME);
if (hEvent && EnableDebugPrivilege())
{
if (FALSE == DebugActiveProcess(dwParentPid))
SetEvent(hEvent);
else
DebugActiveProcessStop(dwParentPid);
}
}
// ...
return;
}