ragweed 0.2.0.pre2 → 0.2.0.pre3

data/VERSION

@@ -1 +1 @@
-0.2.0.pre2
+0.2.0.pre3

data/lib/ragweed/debugger32.rb

@@ -305,6 +305,7 @@ class Ragweed::Debugger32
   def on_heap_corruption(ev)      end
   def on_buffer_overrun(ev)       end
   def on_invalid_disposition(ev)  end
+  def on_attach()                 end
 
   ## Read through me to see all the random events
   ## you can hook in a subclass.
@@ -382,6 +383,7 @@ class Ragweed::Debugger32
     Ragweed::Wrap32::debug_active_process(@p.pid)
     Ragweed::Wrap32::debug_set_process_kill_on_exit
     @attached = true
+    try(:on_attach)
     @breakpoints.each_pair do |k, bp|
       bp.install
     end

data/lib/ragweed/debuggertux.rb

@@ -13,7 +13,7 @@ module Ragweed; end
 ##     that Debuggertux already handles, call "super", too.
 class Ragweed::Debuggertux
   attr_reader :pid, :status, :exited, :signal
-  attr_accessor :breakpoints, :mapped_regions
+  attr_accessor :breakpoints, :mapped_regions, :process
 
   ## Class to handle installing/uninstalling breakpoints
   class Breakpoint
@@ -78,6 +78,8 @@ class Ragweed::Debuggertux
     @mapped_regions = Hash.new
     @breakpoints = Hash.new
     @opts.each { |k, v| try(k) if v }
+
+    @process = Ragweed::Process.new(@pid)
   end
 
   def self.find_by_regex(rx)
@@ -462,6 +464,7 @@ class Ragweed::Debuggertux
   def print_registers
     regs = get_registers
     puts "eip %08x" % regs.eip
+    puts "ebp %08x" % regs.ebp
     puts "esi %08x" % regs.esi
     puts "edi %08x" % regs.edi
     puts "esp %08x" % regs.esp

data/lib/ragweed/wrap32/debugging.rb

@@ -13,6 +13,10 @@ module Ragweed::Wrap32
     UNLOAD_DLL = 7
   end
 
+  module PagePermissions
+    PAGE_EXECUTE_READWRITE = 0x40
+  end
+
   module ExceptionCodes
     ACCESS_VIOLATION = 0xC0000005
     GUARD_PAGE = 0x80000001
@@ -136,85 +140,154 @@ class Ragweed::Wrap32::DebugEventU < FFI::Union
 end
 
 class Ragweed::Wrap32::DebugEvent < FFI::Struct
-    include Ragweed::FFIStructInclude
-
-    layout :code, :ulong,
-    :pid, :ulong,
-    :tid, :ulong,
-    :u, Ragweed::Wrap32::DebugEventU
-
-    ## We have rubified this FFI structure by creating a bunch of instance
-    ## variables that are normally only accessible via self.u.x.y which is
-    ## a lot to type. You can still use that method however these instance
-    ## variables should allow for considerably clearer code
-    attr_accessor :base_of_dll, :base_of_image, :debug_info_file_offset, :debug_info_size, :exception_address, :exception_code,
-                  :exception_flags, :exception_record, :exit_code, :file_handle, :image_name, :number_of_parameters, :parameters,
-                  :process_handle, :rip_error, :rip_type, :start_address, :thread_local_base, :thread_handle, :thread_local_base,
-                  :unicode
-
-  def initialize(buf)
-    super buf
-
-    case self.code
-    when Ragweed::Wrap32::DebugCodes::CREATE_PROCESS 
-      @file_handle = self.u.create_process_debug_info.file_handle
-      @process_handle = self.u.create_process_debug_info.process_handle
-      @thread_handle = self.u.create_process_debug_info.thread_handle
-      @base_of_image = self.u.create_process_debug_info.base_of_image
-      @debug_info_file_offset = self.u.create_process_debug_info.debug_info_file_offset
-      @debug_info_size = self.u.create_process_debug_info.debug_info_size
-      @thread_local_base = self.u.create_process_debug_info.thread_local_base
-      @start_address = self.u.create_process_debug_info.start_address
-      @image_name = self.u.create_process_debug_info.image_name
-      @unicode = self.u.create_process_debug_info.unicode
-
-    when Ragweed::Wrap32::DebugCodes::CREATE_THREAD 
-      @thread_handle = self.u.create_thread_debug_info.thread_handle
-      @thread_local_base = self.u.create_thread_debug_info.thread_local_base
-      @start_address = self.u.create_thread_debug_info.start_address
-
-    when Ragweed::Wrap32::DebugCodes::EXCEPTION
-      @exception_code = self.u.exception_debug_info.exception_record.exception_code
-      @exception_flags = self.u.exception_debug_info.exception_record.exception_flags
-      @exception_record = self.u.exception_debug_info.exception_record.exception_record
-      @exception_address = self.u.exception_debug_info.exception_record.exception_address
-      @number_of_parameters = self.u.exception_debug_info.exception_record.number_of_parameters
-
-      @parameters = []
-
-      self.number_of_parameters.times do |i|
-            @parameters << self.u.exception_debug_info.exception_record.exception_information[i]
+  include Ragweed::FFIStructInclude
+
+  layout :DebugEventCode, :ulong,
+  :ProcessId, :ulong,
+  :ThreadId, :ulong,
+  :u, Ragweed::Wrap32::DebugEventU
+
+  # backwards compatability
+  def code; self[:DebugEventCode]; end
+  def code=(cd); self[:DebugEventCode] = cd; end
+  def pid; self[:ProcessId]; end
+  def pid=(pd); self[:ProcessId]= pd; end
+  def tid; self[:ThreadId]; end
+  def tid=(td); self[:ThreadId] = td; end
+  
+  # We have rubified this FFI structure by creating a bunch of proxy
+  # methods that are normally only accessible via self.u.x.y which is
+  # a lot to type. You can still use that method however these instance
+  # variables should allow for considerably clearer code
+  if RUBY_VERSION < "1.9"
+    def methods regular=true
+      ret = super + self.members.map{|x| [x.to_s, x.to_s + "="]}
+      ret += case self[:DebugEventCode]
+      when Ragweed::Wrap32::DebugCodes::CREATE_PROCESS
+        self[:u][:create_process_debug_info].members.map{|x| [x.to_s, x.to_s + "="]}
+      when Ragweed::Wrap32::DebugCodes::CREATE_THREAD
+        self[:u][:create_thread_debug_info].members.map{|x| [x.to_s, x.to_s + "="]}
+      when Ragweed::Wrap32::DebugCodes::EXIT_PROCESS
+        self[:u][:exit_process_debug_info].members.map{|x| [x.to_s, x.to_s + "="]}
+      when Ragweed::Wrap32::DebugCodes::EXIT_THREAD
+        self[:u][:exit_thread_debug_info].members.map{|x| [x.to_s, x.to_s + "="]}
+      when Ragweed::Wrap32::DebugCodes::LOAD_DLL
+        self[:u][:load_dll_debug_info].members.map{|x| [x.to_s, x.to_s + "="]}
+      when Ragweed::Wrap32::DebugCodes::OUTPUT_DEBUG_STRING
+        self[:u][:output_debug_string_info].members.map{|x| [x.to_s, x.to_s + "="]}
+      when Ragweed::Wrap32::DebugCodes::RIP
+        self[:u][:rip_info].members.map{|x| [x.to_s, x.to_s + "="]}
+      when Ragweed::Wrap32::DebugCodes::UNLOAD_DLL
+        self[:u][:unload_dll_debug_info].members.map{|x| [x.to_s, x.to_s + "="]}
+      when Ragweed::Wrap32::DebugCodes::EXCEPTION
+        self[:u][:exception_debug_info].members.map{|x| [x.to_s, x.to_s + "="]} + self[:u][:exception_debug_info][:exception_record].members.map{|x| [x.to_s, x.to_s + "="]}
+      else
+        []
       end
+      ret.flatten
+    end
+  else
+    def methods regular=true
+      ret = super + self.members.map{|x| [x, (x.to_s + "=").intern]}
+      ret += case self[:DebugEventCode]
+      when Ragweed::Wrap32::DebugCodes::CREATE_PROCESS
+        self[:u][:create_process_debug_info].members.map{|x| [x, (x.to_s + "=").intern]}
+      when Ragweed::Wrap32::DebugCodes::CREATE_THREAD
+        self[:u][:create_thread_debug_info].members.map{|x| [x, (x.to_s + "=").intern]}
+      when Ragweed::Wrap32::DebugCodes::EXIT_PROCESS
+        self[:u][:exit_process_debug_info].members.map{|x| [x, (x.to_s + "=").intern]}
+      when Ragweed::Wrap32::DebugCodes::EXIT_THREAD
+        self[:u][:exit_thread_debug_info].members.map{|x| [x, (x.to_s + "=").intern]}
+      when Ragweed::Wrap32::DebugCodes::LOAD_DLL
+        self[:u][:load_dll_debug_info].members.map{|x| [x, (x.to_s + "=").intern]}
+      when Ragweed::Wrap32::DebugCodes::OUTPUT_DEBUG_STRING
+        self[:u][:output_debug_string_info].members.map{|x| [x, (x.to_s + "=").intern]}
+      when Ragweed::Wrap32::DebugCodes::RIP
+        self[:u][:rip_info].members.map{|x| [x, (x.to_s + "=").intern]}
+      when Ragweed::Wrap32::DebugCodes::UNLOAD_DLL
+        self[:u][:unload_dll_debug_info].members.map{|x| [x, (x.to_s + "=").intern]}
+      when Ragweed::Wrap32::DebugCodes::EXCEPTION
+        self[:u][:exception_debug_info].members.map{|x| [x, (x.to_s + "=").intern]} + self[:u][:exception_debug_info][:exception_record].members.map{|x| [x, (x.to_s + "=").intern]}
+      else
+        []
+      end
+      ret.flatten
+    end
+  end
 
-    when Ragweed::Wrap32::DebugCodes::EXIT_PROCESS 
-        @exit_code = self.u.exit_process_debug_info.exit_code
-
-    when Ragweed::Wrap32::DebugCodes::EXIT_THREAD 
-        @exit_code = self.u.exit_thread_debug_info.exit_code
-
-    when Ragweed::Wrap32::DebugCodes::LOAD_DLL
-        @file_handle = self.u.load_dll_debug_info.file_handle
-        @base_of_dll = self.u.load_dll_debug_info.base_of_dll
-        @debug_info_file_offset = self.u.load_dll_debug_info.debug_info_file_offset
-        @debug_info_size = self.u.load_dll_debug_info.debug_info_size
-        @image_name = self.u.load_dll_debug_info.image_name
-        @unicode = self.u.load_dll_debug_info.unicode
-
-    when Ragweed::Wrap32::DebugCodes::OUTPUT_DEBUG_STRING 
-        ## 
-
-    when Ragweed::Wrap32::DebugCodes::RIP 
-        @rip_error = self.u.rip_info.rip_error
-        @rip_type = self.u.rip_info.rip_type
-
-    when Ragweed::Wrap32::DebugCodes::UNLOAD_DLL 
-        @base_of_dll = self.u.unload_dll_debug_info.base_of_dll
-
+  def method_missing meth, *args
+    super unless self.respond_to? meth
+    if meth.to_s =~ /=$/
+      mth = meth.to_s.gsub(/=$/,'').intern
+      if self.members.include? mth
+        # don't proxy
+        self.__send__(:[]=, mth, *args)
+      else
+        case self[:DebugEventCode]
+        when Ragweed::Wrap32::DebugCodes::CREATE_PROCESS
+          self[:u][:create_process_debug_info].__send__(:[]=, mth, *args)
+        when Ragweed::Wrap32::DebugCodes::CREATE_THREAD
+          self[:u][:create_thread_debug_info].__send__(:[]=, mth, *args)
+        when Ragweed::Wrap32::DebugCodes::EXIT_PROCESS
+          self[:u][:exit_process_debug_info].__send__(:[]=, mth, *args)
+        when Ragweed::Wrap32::DebugCodes::EXIT_THREAD
+          self[:u][:exit_thread_debug_info].__send__(:[]=, mth, *args)
+        when Ragweed::Wrap32::DebugCodes::LOAD_DLL
+          self[:u][:load_dll_debug_info].__send__(:[]=, mth, *args)
+        when Ragweed::Wrap32::DebugCodes::OUTPUT_DEBUG_STRING
+          self[:u][:output_debug_string_info].__send__(:[]=, mth, *args)
+        when Ragweed::Wrap32::DebugCodes::RIP
+          self[:u][:rip_info].__send__(:[]=, mth, *args)
+        when Ragweed::Wrap32::DebugCodes::UNLOAD_DLL
+          self[:u][:unload_dll_debug_info].__send__(:[]=, mth, *args)
+        when Ragweed::Wrap32::DebugCodes::EXCEPTION
+          case mth
+          when :exception_record, :first_chance
+            self[:u][:exception_debug_info].__send__(:[]=, mth, *args)
+          else # it's in the exception_record -- gross, I know but...
+            self[:u][:exception_debug_info][:exception_record].__send__(meth, *args)
+          end
+        end
+      end
     else
-      raise WinX.new(:wait_for_debug_event)
+      if self.members.include? meth
+        # don't proxy
+        self.__send__(:[], meth, *args)
+      else
+        case self[:DebugEventCode]
+        when Ragweed::Wrap32::DebugCodes::CREATE_PROCESS
+          self[:u][:create_process_debug_info].__send__(:[], meth, *args)
+        when Ragweed::Wrap32::DebugCodes::CREATE_THREAD
+          self[:u][:create_thread_debug_info].__send__(:[], meth, *args)
+        when Ragweed::Wrap32::DebugCodes::EXIT_PROCESS
+          self[:u][:exit_process_debug_info].__send__(:[], meth, *args)
+        when Ragweed::Wrap32::DebugCodes::EXIT_THREAD
+          self[:u][:exit_thread_debug_info].__send__(:[], meth, *args)
+        when Ragweed::Wrap32::DebugCodes::LOAD_DLL
+          self[:u][:load_dll_debug_info].__send__(:[], meth, *args)
+        when Ragweed::Wrap32::DebugCodes::OUTPUT_DEBUG_STRING
+          self[:u][:output_debug_string_info].__send__(:[], meth, *args)
+        when Ragweed::Wrap32::DebugCodes::RIP
+          self[:u][:rip_info].__send__(:[], meth, *args)
+        when Ragweed::Wrap32::DebugCodes::UNLOAD_DLL
+          self[:u][:unload_dll_debug_info].__send__(:[], meth, *args)
+        when Ragweed::Wrap32::DebugCodes::EXCEPTION
+          case meth
+          when :exception_record, :first_chance
+            self[:u][:exception_debug_info].__send__(:[], meth, *args)
+          else # it's in the exception_record -- gross, I know but...
+            self[:u][:exception_debug_info][:exception_record].__send__(meth, *args)
+          end
+        end
+      end
     end
   end
 
+  def respond_to? meth, include_priv=false
+    # mth = meth.to_s.gsub(/=$/,'')
+    !((self.methods & [meth, meth.to_s]).empty?) || super
+  end
+
   def inspect_code(c)
     Ragweed::Wrap32::DebugCodes.to_key_hash[c].to_s || c.to_i
   end

data/lib/ragweed/wrap32/hooks.rb

@@ -25,7 +25,7 @@ class Ragweed::Debugger32
       ## get an idea of where the instruction
       ## is mapped.
       eip = ctx.eip
-      if esp != 0 and esp > (eip & 0xf0000000)
+      if esp != 0 #and esp > (eip & 0xf0000000)
         breakpoint_set(esp) do |ev,ctx|
           callable.call(ev, ctx, :leave, args)
           breakpoint_clear(esp)

data/lib/ragweed/wrap32/wrap32.rb

@@ -117,6 +117,8 @@ module Ragweed::Wrap32
     attach_function 'DeviceIoControl', [ :long, :long, :pointer, :long, :pointer, :long, :pointer, :pointer ], :long
     attach_function 'GetOverlappedResult', [ :long, :pointer, :pointer, :long ], :long
     attach_function 'WaitForMultipleObjects', [ :long, :pointer, :long, :long ], :long
+    attach_function 'CreateProcessA', [ :pointer, :pointer, :pointer, :pointer, :long, :long, :pointer, :pointer, :pointer, :pointer ], :long
+    attach_function 'CreateProcessW', [ :pointer, :pointer, :pointer, :pointer, :long, :long, :pointer, :pointer, :pointer, :pointer ], :long
 
     ffi_lib 'ntdll'
     ffi_convention :stdcall

data/lib/ragweed/wraposx/thread_context.rb

@@ -255,6 +255,80 @@ EOM
     FLAVOR = 7
     layout :tsh, Ragweed::Wraposx::ThreadContext::X86StateHdr,
            :uts, Ragweed::Wraposx::ThreadContext::UnionThreadState
+
+    # We have rubified this FFI structure by creating a bunch of proxy
+    # methods that are normally only accessible via self.v.x.y which is
+    # a lot to type. You can still use that method however these proxy
+    # methods should allow for considerably clearer code
+    if RUBY_VERSION < "1.9"
+      def methods regular=true
+        ret = super + self.members.map{|x| [x.to_s, x.to_s + "="]}
+        ret += self[:tsh].members.map{|x| [x.to_s, x.to_s + "="]}
+        ret + case self[:tsh][:flavor]
+        when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE32
+          self[:uts].ts32.members.map{|x| [x.to_s, x.to_s + "="]}
+        when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE64
+          self[:uts].ts64.members.map{|x| [x.to_s, x.to_s + "="]}
+        else
+          []
+        end
+        ret.flatten
+      end
+    else
+      def methods regular=true
+        ret = super + self.members.map{|x| [x, (x.to_s + "=").intern]}
+        ret += self[:tsh].members.map{|x| [x, (x.to_s + "=").intern]}
+        ret + case self[:tsh][:flavor]
+        when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE32
+          self[:uts].ts32.members.map{|x| [x, (x.to_s + "=").intern]}
+        when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE64
+          self[:uts].ts64.members.map{|x| [x, (x.to_s + "=").intern]}
+        else
+          []
+        end
+        ret.flatten
+      end
+    end
+
+    def method_missing meth, *args
+      super unless self.respond_to? meth
+      if meth.to_s =~ /=$/
+        mth = meth.to_s.gsub(/=$/,'').intern
+        if self.members.include? mth
+          # don't proxy
+          self.__send__(:[]=, mth, *args)
+        elsif self[:tsh].members.include? meth
+          self[:tsh].__send__(:[]=, mth, *args)
+        else
+          case self[:tsh][:flavor]
+          when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE32
+            self[:uts].ts32.__send__(:[]=, mth, *args)
+          when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE64
+            self[:uts].ts64.__send__(:[]=, mth, *args)
+          end
+        end
+      else
+        if self.members.include? meth
+          # don't proxy
+          self.__send__(:[], meth, *args)
+        elsif self[:tsh].members.include? meth
+          self[:tsh].__send__(:[], meth, *args)
+        else
+          case self[:tsh][:flavor]
+          when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE32
+            self[:uts].ts32.__send__(:[], meth, *args)
+          when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE64
+            self[:uts].ts64.__send__(:[], meth, *args)
+          end
+        end
+      end
+    end
+
+    def respond_to? meth, include_priv=false
+      mth = meth.to_s.gsub(/=$/,'') # may not be needed anymore
+      self.methods.include? mth || super
+    end
+
   end
 
   # _STRUCT_X86_DEBUG_STATE32
@@ -352,6 +426,79 @@ EOM
     FLAVOR = 12
     layout :dsh, Ragweed::Wraposx::ThreadContext::X86StateHdr,
            :uds, Ragweed::Wraposx::ThreadContext::UnionDebugState
+
+    # We have rubified this FFI structure by creating a bunch of proxy
+    # methods that are normally only accessible via self.v.x.y which is
+    # a lot to type. You can still use that method however these proxy
+    # methods should allow for considerably clearer code
+    if RUBY_VERSION < "1.9"
+      def methods regular=true
+        ret = super + self.members.map{|x| [x.to_s, x.to_s + "="]}
+        ret += self[:dsh].members.map{|x| [x.to_s, x.to_s + "="]}
+        ret + case self[:dsh][:flavor]
+        when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE32
+          self[:uds].ds32.members.map{|x| [x.to_s, x.to_s + "="]}
+        when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE64
+          self[:uds].ds64.members.map{|x| [x.to_s, x.to_s + "="]}
+        else
+          []
+        end
+        ret.flatten
+      end
+    else
+      def methods regular=true
+        ret = super + self.members.map{|x| [x, (x.to_s + "=").intern]}
+        ret += self[:dsh].members.map{|x| [x, (x.to_s + "=").intern]}
+        ret + case self[:dsh][:flavor]
+        when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE32
+          self[:uds].ds32.members.map{|x| [x, (x.to_s + "=").intern]}
+        when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE64
+          self[:uds].ds64.members.map{|x| [x, (x.to_s + "=").intern]}
+        else
+          []
+        end
+        ret.flatten
+      end
+    end
+
+    def method_missing meth, *args
+      super unless self.respond_to? meth
+      if meth.to_s =~ /=$/
+        mth = meth.to_s.gsub(/=$/,'').intern
+        if self.members.include? mth
+          # don't proxy
+          self.__send__(:[]=, mth, *args)
+        elsif self[:dsh].members.include? meth
+          self[:dsh].__send__(:[]=, mth, *args)
+        else
+          case self[:dsh][:flavor]
+          when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE32
+            self[:uds].ds32.__send__(:[]=, mth, *args)
+          when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE64
+            self[:uds].ds64.__send__(:[]=, mth, *args)
+          end
+        end
+      else
+        if self.members.include? meth
+          # don't proxy
+          self.__send__(:[], meth, *args)
+        elsif self[:dsh].members.include? meth
+          self[:dsh].__send__(:[], meth, *args)
+        else
+          case self[:dsh][:flavor]
+          when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE32
+            self[:uds].ds32.__send__(:[], meth, *args)
+          when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE64
+            self[:uds].ds64.__send__(:[], meth, *args)
+          end
+        end
+      end
+    end
+
+    def respond_to? meth, include_priv=false
+      mth = meth.to_s.gsub(/=$/,'') # may not be needed anymore
+      self.methods.include? mth || super
+    end
   end
 
   # _STRUCT_X86_EXCEPTION_STATE32
@@ -419,6 +566,81 @@ EOM
     FLAVOR = 9
     layout :esh, Ragweed::Wraposx::ThreadContext::X86StateHdr,
            :ues, Ragweed::Wraposx::ThreadContext::UnionExceptionState
+
+    #comment
+    # We have rubified this FFI structure by creating a bunch of proxy
+    # methods that are normally only accessible via self.v.x.y which is
+    # a lot to type. You can still use that method however these proxy
+    # methods should allow for considerably clearer code
+    if RUBY_VERSION < "1.9"
+      def methods regular=true
+        ret = super + self.members.map{|x| [x.to_s, x.to_s + "="]}
+        ret += self[:esh].members.map{|x| [x.to_s, x.to_s + "="]}
+        ret + case self[:esh][:flavor]
+        when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE32
+          self[:ues].es32.members.map{|x| [x.to_s, x.to_s + "="]}
+        when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE64
+          self[:ues].es64.members.map{|x| [x.to_s, x.to_s + "="]}
+        else
+          []
+        end
+        ret.flatten
+      end
+    else
+      def methods regular=true
+        ret = super + self.members.map{|x| [x, (x.to_s + "=").intern]}
+        ret += self[:esh].members.map{|x| [x, (x.to_s + "=").intern]}
+        ret + case self[:esh][:flavor]
+        when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE32
+          self[:ues].es32.members.map{|x| [x, (x.to_s + "=").intern]}
+        when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE64
+          self[:ues].es64.members.map{|x| [x, (x.to_s + "=").intern]}
+        else
+          []
+        end
+        ret.flatten
+      end
+    end
+
+    def method_missing meth, *args
+      super unless self.respond_to? meth
+      if meth.to_s =~ /=$/
+        mth = meth.to_s.gsub(/=$/,'').intern
+        if self.members.include? mth
+          # don't proxy
+          self.__send__(:[]=, mth, *args)
+        elsif self[:esh].members.include? meth
+          self[:esh].__send__(:[]=, mth, *args)
+        else
+          case self[:esh][:flavor]
+          when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE32
+            self[:ues].es32.__send__(:[]=, mth, *args)
+          when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE64
+            self[:ues].es64.__send__(:[]=, mth, *args)
+          end
+        end
+      else
+        if self.members.include? meth
+          # don't proxy
+          self.__send__(:[], meth, *args)
+        elsif self[:esh].members.include? meth
+          self[:esh].__send__(:[], meth, *args)
+        else
+          case self[:esh][:flavor]
+          when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE32
+            self[:ues].es32.__send__(:[], meth, *args)
+          when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE64
+            self[:ues].es64.__send__(:[], meth, *args)
+          end
+        end
+      end
+    end
+
+    def respond_to? meth, include_priv=false
+      mth = meth.to_s.gsub(/=$/,'') # may not be needed anymore
+      self.methods.include? mth || super
+    end
+    
   end
 
   # _STRUCT_X86_FLOAT_STATE32

data/lib/ragweed/wraptux/constants.rb

@@ -90,3 +90,9 @@ module Ragweed::Wraptux::Wait
     CONTINUED = 10
     NOWWAIT = 20
 end
+
+module Ragweed::Wraptux::PagePermissions
+    PROT_READ  = 0x1
+    PROT_WRITE = 0x2
+    PROT_EXEC  = 0x4
+end

data/lib/ragweed/wraptux/process.rb

@@ -0,0 +1,35 @@
+class Ragweed::Process
+
+    include Ragweed
+    attr_reader :pid
+
+    def initialize(pid); @pid = pid; end
+
+    ## Read/write ranges of data or fixnums to/from the process by address.
+    def read(off, sz=4096)
+        a = []
+        while off < off+sz
+            a.push(Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::PEEK_TEXT, @pid, off, 0))
+            return a.pack('L*') if a.last == -1 and FFI.errno != 0
+            off+=4
+        end
+        a.pack('L*')
+    end
+
+    ## ptrace sucks, writing 8 or 16 bytes will probably
+    ## result in failure unless you PTRACE_POKE first and
+    ## get the rest of the original value at the address
+    def write(off, data)
+        while off < data.size
+            Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::POKE_TEXT, @pid, off, data[off,4].unpack('L').first)
+            off += 4
+        end
+    end
+
+    def read32(off); read(off, 4).unpack("L").first; end
+    def read16(off); read(off, 2).unpack("v").first; end
+    def read8(off); read(off, 1)[0]; end
+    def write32(off, v); write(off, [v].pack("L")); end
+    def write16(off, v); write(off, [v].pack("v")); end
+    def write8(off, v); write(off, v.chr); end
+end

data/lib/ragweed.rb

@@ -75,11 +75,11 @@ end  # module Ragweed
 module Ragweed::FFIStructInclude
   if RUBY_VERSION < "1.9"
     def methods regular=true
-      super + self.offsets.map{|x| x.first.to_s}
+      (super + self.members.map{|x| [x.to_s, x.to_s+"="]}).flatten
     end
   else
     def methods regular=true
-      super + self.offsets.map{|x| x.first}
+      (super + self.members.map{|x| [x, (x.to_s+"=").intern]}).flatten
     end
   end
 
@@ -93,8 +93,8 @@ module Ragweed::FFIStructInclude
   end
 
   def respond_to? meth, include_priv=false
-    mth = meth.to_s.gsub(/=$/,'')
-    self.offsets.map{|x| x.first.to_s}.include? mth || super
+    # mth = meth.to_s.gsub(/=$/,'')
+    !((self.methods & [meth, meth.to_s]).empty?) || super
   end
 end
 

data/ragweed.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{ragweed}
-  s.version = "0.2.0.pre2"
+  s.version = "0.2.0.pre3"
 
   s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
   s.authors = ["tduehr", "struct", "tqbf"]
-  s.date = %q{2011-02-14}
+  s.date = %q{2011-03-09}
   s.description = %q{General debugging tool written in Ruby for OSX/Win32/Linux}
   s.email = %q{td@matasano.com}
   s.extra_rdoc_files = [
@@ -64,7 +64,7 @@ Gem::Specification.new do |s|
     "lib/ragweed/wraposx/wraposx.rb",
     "lib/ragweed/wraptux.rb",
     "lib/ragweed/wraptux/constants.rb",
-    "lib/ragweed/wraptux/struct_helpers.rb",
+    "lib/ragweed/wraptux/process.rb",
     "lib/ragweed/wraptux/threads.rb",
     "lib/ragweed/wraptux/wraptux.rb",
     "ragweed.gemspec",
@@ -75,7 +75,7 @@ Gem::Specification.new do |s|
   s.homepage = %q{http://github.com/tduehr/ragweed}
   s.rdoc_options = ["--inline-source", "--line-numbers", "--main", "README.rdoc"]
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.7}
+  s.rubygems_version = %q{1.5.2}
   s.summary = %q{Scriptable debugger}
   s.test_files = [
     "examples/hittracertux.rb",
@@ -89,7 +89,6 @@ Gem::Specification.new do |s|
   ]
 
   if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification 
 name: ragweed
 version: !ruby/object:Gem::Version 
-  hash: -1876988175
-  prerelease: true
+  hash: 1923831951
+  prerelease: 6
   segments: 
   - 0
   - 2
   - 0
-  - pre2
-  version: 0.2.0.pre2
+  - pre
+  - 3
+  version: 0.2.0.pre3
 platform: ruby
 authors: 
 - tduehr
@@ -18,7 +19,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-14 00:00:00 -06:00
+date: 2011-03-09 00:00:00 -06:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -93,7 +94,7 @@ files:
 - lib/ragweed/wraposx/wraposx.rb
 - lib/ragweed/wraptux.rb
 - lib/ragweed/wraptux/constants.rb
-- lib/ragweed/wraptux/struct_helpers.rb
+- lib/ragweed/wraptux/process.rb
 - lib/ragweed/wraptux/threads.rb
 - lib/ragweed/wraptux/wraptux.rb
 - ragweed.gemspec
@@ -135,7 +136,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.7
+rubygems_version: 1.5.2
 signing_key: 
 specification_version: 3
 summary: Scriptable debugger

data/lib/ragweed/wraptux/struct_helpers.rb

@@ -1,25 +0,0 @@
-module Ragweed::FFIStructInclude
-  if RUBY_VERSION < "1.9"
-    def methods regular=true
-      super + self.offsets.map{|x| x.first.to_s}
-    end
-  else
-    def methods regular=true
-      super + self.offsets.map{|x| x.first}
-    end
-  end
-
-  def method_missing meth, *args
-    super unless self.respond_to? meth
-    if meth.to_s =~ /=$/
-      self.__send__(:[]=, meth.to_s.gsub(/=$/,'').intern, *args)
-    else
-      self.__send__(:[], meth, *args)
-    end
-  end
-
-  def respond_to? meth, include_priv=false
-    mth = meth.to_s.gsub(/=$/,'')
-    self.offsets.map{|x| x.first.to_s}.include? mth || super
-  end
-end