tduehr-ragweed 0.1.7 → 0.1.7.1

data/History.txt

@@ -1,3 +1,8 @@
+== 0.1.7.1 / 2009-08-03
+
+* added Rasm::Subl to avoid conflict in Bblock with Kernel#sub
+* setup for call tramolines in osx
+
 == 0.1.7 / 2009-08-03
 
 * bug fixes (Wraposx#RegionInfo should now fully work)

data/Rakefile

@@ -23,10 +23,12 @@ PROJ.ignore_file = '.gitignore'
 PROJ.authors = 'tduehr, tqbf, struct'
 PROJ.email = 'td@matasano.com'
 PROJ.description = 'General debugging tool written in Ruby for OSX/Win32/Linux'
+PROJ.summary = 'Scriptable debugger'
+PROJ.exclude << %w(old$)
 PROJ.url = 'http://github.com/tduehr/ragweed/tree/master'
 PROJ.version = Ragweed::VERSION
-# PROJ.rubyforge.name = 'ragweed'
-
+PROJ.rdoc.opts << "--inline-source"
+PROJ.rdoc.opts << "--line-numbers"
 PROJ.spec.opts << '--color'
 
 # EOF

data/examples/tux-example.rb

@@ -2,7 +2,7 @@
 
 ## Simple example of attaching to a process and letting it run
 
-require 'pp'
+require 'rubygems' # Yah I know its bad
 require 'ragweed'
 
 pid = Ragweed::Debuggertux.find_by_regex(/gcalctool/)

data/lib/ragweed/debugger32.rb

@@ -35,14 +35,14 @@ class Ragweed::Debugger32
       @orig = process.read8(@addr)
       if(@orig != INT3)
         process.write8(@addr, INT3) 
-        Wrap32::flush_instruction_cache(@bp.process.handle)
+        Ragweed::Wrap32::flush_instruction_cache(@bp.process.handle)
       end
     end
 
     def uninstall
       if(@orig != INT3)
         process.write8(@addr, @orig) 
-        Wrap32::flush_instruction_cache(@bp.process.handle)
+        Ragweed::Wrap32::flush_instruction_cache(@bp.process.handle)
       end
     end
 
@@ -57,7 +57,7 @@ class Ragweed::Debugger32
   # on the image name of the process.
   #    d = Debugger.find_by_regex /notepad/i
   def self.find_by_regex(rx)
-    Wrap32::all_processes do |p|
+    Ragweed::Wrap32::all_processes do |p|
       if p.szExeFile =~ rx
         return self.new(p.th32ProcessID)
       end
@@ -69,12 +69,12 @@ class Ragweed::Debugger32
   # pass this either a PID or a Process object.
   def initialize(p)
     # grab debug privilege at least once.
-    @@token ||= Wrap32::ProcessToken.new.grant("seDebugPrivilege")
+    @@token ||= Ragweed::Wrap32::ProcessToken.new.grant("seDebugPrivilege")
 
     p = Process.new(p) if p.kind_of? Numeric
     @p = p
     @steppers = []
-    @handled = Wrap32::ContinueCodes::UNHANDLED
+    @handled = Ragweed::Wrap32::ContinueCodes::UNHANDLED
     @first = true
     @attached = false
 
@@ -107,8 +107,8 @@ class Ragweed::Debugger32
   # for an example of how to use this.
   def step(tid, callable)
     if @steppers.empty?
-      Wrap32::open_thread(tid) do |h|
-        ctx = Wrap32::ThreadContext.get(h)
+      Ragweed::Wrap32::open_thread(tid) do |h|
+        ctx = Ragweed::Wrap32::ThreadContext.get(h)
         ctx.single_step(true)
         ctx.set(h)
       end
@@ -122,8 +122,8 @@ class Ragweed::Debugger32
   def unstep(tid, callable)
     @steppers = @steppers.reject {|x| x == callable}
     if @steppers.empty?
-      Wrap32::open_thread(tid) do |h|
-        ctx = Wrap32::ThreadContext.get(h)
+      Ragweed::Wrap32::open_thread(tid) do |h|
+        ctx = Ragweed::Wrap32::ThreadContext.get(h)
         ctx.single_step(false)
         ctx.set(h)
       end
@@ -137,7 +137,7 @@ class Ragweed::Debugger32
     else
       tid = tid_or_event
     end
-    Wrap32::open_thread(tid) {|h| Wrap32::ThreadContext.get(h)}
+    Ragweed::Wrap32::open_thread(tid) {|h| Ragweed::Wrap32::ThreadContext.get(h)}
   end
 
   # set a breakpoint given an address, which can also be a string in the form
@@ -218,7 +218,7 @@ class Ragweed::Debugger32
       end)) 
 
       # put execution back where it's supposed to be...
-      Wrap32::open_thread(ev.tid) do |h|
+      Ragweed::Wrap32::open_thread(ev.tid) do |h|
         ctx = context(ev)
         ctx.eip = eip # eip was ev.exception_address
         ctx.set(h)
@@ -226,13 +226,13 @@ class Ragweed::Debugger32
     end
   
     # tell the target to stop handling this event
-    @handled = Wrap32::ContinueCodes::CONTINUE
+    @handled = Ragweed::Wrap32::ContinueCodes::CONTINUE
   end
 
   # handle a single-step event  
   def on_single_step(ev)
     ctx = context(ev)
-    Wrap32::open_thread(ev.tid) do |h|
+    Ragweed::Wrap32::open_thread(ev.tid) do |h|
       # re-enable the trap flag before our handler, which may
       # choose to disable it.
       ctx.single_step(true)
@@ -241,7 +241,7 @@ class Ragweed::Debugger32
     
     @steppers.each {|s| s.call(ev, ctx)}
         
-    @handled = Wrap32::ContinueCodes::CONTINUE
+    @handled = Ragweed::Wrap32::ContinueCodes::CONTINUE
   end
 
   # this is sort of insane but most of my programs are just
@@ -259,54 +259,54 @@ class Ragweed::Debugger32
   def wait
     self.attach() if not @attached
 
-    ev = Wrap32::wait_for_debug_event
+    ev = Ragweed::Wrap32::wait_for_debug_event
     return if not ev
     case ev.code
-    when Wrap32::DebugCodes::CREATE_PROCESS
+    when Ragweed::Wrap32::DebugCodes::CREATE_PROCESS
       try(:on_create_process, ev)
-    when Wrap32::DebugCodes::CREATE_THREAD
+    when Ragweed::Wrap32::DebugCodes::CREATE_THREAD
       try(:on_create_thread, ev)
-    when Wrap32::DebugCodes::EXIT_PROCESS
+    when Ragweed::Wrap32::DebugCodes::EXIT_PROCESS
       try(:on_exit_process, ev)
-    when Wrap32::DebugCodes::EXIT_THREAD
+    when Ragweed::Wrap32::DebugCodes::EXIT_THREAD
       try(:on_exit_thread, ev)
-    when Wrap32::DebugCodes::LOAD_DLL
+    when Ragweed::Wrap32::DebugCodes::LOAD_DLL
       try(:on_load_dll, ev)
-    when Wrap32::DebugCodes::OUTPUT_DEBUG_STRING
+    when Ragweed::Wrap32::DebugCodes::OUTPUT_DEBUG_STRING
       try(:on_output_debug_string, ev)
-    when Wrap32::DebugCodes::RIP
+    when Ragweed::Wrap32::DebugCodes::RIP
       try(:on_rip, ev)
-    when Wrap32::DebugCodes::UNLOAD_DLL
+    when Ragweed::Wrap32::DebugCodes::UNLOAD_DLL
       try(:on_unload_dll, ev)
-    when Wrap32::DebugCodes::EXCEPTION
+    when Ragweed::Wrap32::DebugCodes::EXCEPTION
       case ev.exception_code
-      when Wrap32::ExceptionCodes::ACCESS_VIOLATION
+      when Ragweed::Wrap32::ExceptionCodes::ACCESS_VIOLATION
         try(:on_access_violation, ev)
-      when Wrap32::ExceptionCodes::BREAKPOINT 
+      when Ragweed::Wrap32::ExceptionCodes::BREAKPOINT 
         try(:on_breakpoint, ev)
-      when Wrap32::ExceptionCodes::ALIGNMENT  
+      when Ragweed::Wrap32::ExceptionCodes::ALIGNMENT  
         try(:on_alignment, ev)
-      when Wrap32::ExceptionCodes::SINGLE_STEP 
+      when Ragweed::Wrap32::ExceptionCodes::SINGLE_STEP 
         try(:on_single_step, ev)
-      when Wrap32::ExceptionCodes::BOUNDS 
+      when Ragweed::Wrap32::ExceptionCodes::BOUNDS 
         try(:on_bounds, ev)
-      when Wrap32::ExceptionCodes::DIVIDE_BY_ZERO 
+      when Ragweed::Wrap32::ExceptionCodes::DIVIDE_BY_ZERO 
         try(:on_divide_by_zero, ev)
-      when Wrap32::ExceptionCodes::INT_OVERFLOW 
+      when Ragweed::Wrap32::ExceptionCodes::INT_OVERFLOW 
         try(:on_int_overflow, ev)
-      when Wrap32::ExceptionCodes::INVALID_HANDLE 
+      when Ragweed::Wrap32::ExceptionCodes::INVALID_HANDLE 
         try(:on_invalid_handle, ev)
-      when Wrap32::ExceptionCodes::PRIV_INSTRUCTION 
+      when Ragweed::Wrap32::ExceptionCodes::PRIV_INSTRUCTION 
         try(:on_priv_instruction, ev)
-      when Wrap32::ExceptionCodes::STACK_OVERFLOW 
+      when Ragweed::Wrap32::ExceptionCodes::STACK_OVERFLOW 
         try(:on_stack_overflow, ev)
-      when Wrap32::ExceptionCodes::INVALID_DISPOSITION 
+      when Ragweed::Wrap32::ExceptionCodes::INVALID_DISPOSITION 
         try(:on_invalid_disposition, ev)
       end
     end
 
-    Wrap32::continue_debug_event(ev.pid, ev.tid, @handled)
-    @handled = Wrap32::ContinueCodes::UNHANDLED
+    Ragweed::Wrap32::continue_debug_event(ev.pid, ev.tid, @handled)
+    @handled = Ragweed::Wrap32::ContinueCodes::UNHANDLED
   end
 
   # debug loop.
@@ -319,8 +319,8 @@ class Ragweed::Debugger32
   # this is called implicitly by Debugger#wait.
   # Attaches to the child process for debugging
   def attach
-    Wrap32::debug_active_process(@p.pid)
-    Wrap32::debug_set_process_kill_on_exit
+    Ragweed::Wrap32::debug_active_process(@p.pid)
+    Ragweed::Wrap32::debug_set_process_kill_on_exit
     @attached = true
     @breakpoints.each do |k, v|
       v.install
@@ -329,7 +329,7 @@ class Ragweed::Debugger32
 
   # let go of the target.
   def release
-    Wrap32::debug_active_process_stop(@p.pid)
+    Ragweed::Wrap32::debug_active_process_stop(@p.pid)
     @attached = false
     @breakpoints.each do |k, v|
       v.uninstall

data/lib/ragweed/debuggerosx.rb

@@ -346,6 +346,16 @@ class Ragweed::Debuggerosx
     Ragweed::Wraposx::task_threads(@task)
   end
 
+  # decrement our tasks suspend count
+  def resume_task
+    Ragweed::Wraposx::task_resume(@task)
+  end
+
+  # increment our tasks suspend count
+  def suspend_task
+    Ragweed::Wraposx::task_suspend(@task)
+  end
+
   # returns a Ragweed::Wraposx::ThreadContext object containing the register states
   # thread: thread to get the register state of
   def get_registers(thread=nil)
@@ -396,10 +406,8 @@ class Ragweed::Debuggerosx
 
     # Extended and Top info flavors are included in case Apple re implements them
     when :extended
-      warn "VM Region Extended Info not implemented by Apple. Returning RegionBasicInfo"
       return Ragweed::Wraposx::RegionExtendedInfo.get(@task, addr)
     when :top
-      warn "VM Region Top Info not implemented be Apple. Returning RegionBasicInfo"
       return Ragweed::Wraposx::RegionTopInfo.get(@task, addr)
     else
       warn "Unknown flavor requested. Returning RegionBasicInfo."

data/lib/ragweed/debuggertux.rb

@@ -13,7 +13,7 @@ module Ragweed; end
 ##     debugger and define your own on_whatever events. If you handle an event
 ##     that Debuggertux already handles, call "super", too.
 class Ragweed::Debuggertux
-  include Ragweed
+  # include Ragweed
 
   attr_reader :pid
   attr_reader :status
@@ -99,16 +99,16 @@ class Ragweed::Debuggertux
 
   ## This is crude!
   def self.find_by_regex(rx)
-	a = Dir.entries("/proc/")
-    a.delete_if do |x| x == '.' end
-    a.delete_if do |x| x == '..' end
-	a.delete_if do |x| x =~ /[a-z]/ end
-	  a.each do |x|
-		f = File.read("/proc/#{x}/cmdline")
-		if f =~ rx
-			return x
-	    end
-	  end
+    a = Dir.entries("/proc/")
+    a.delete_if do |x| x == '.'; end
+    a.delete_if do |x| x == '..'; end
+    a.delete_if do |x| x =~ /[a-z]/; end
+    a.each do |x|
+      f = File.read("/proc/#{x}/cmdline")
+      if f =~ rx
+        return x
+      end
+    end
   end
 
   def install_bps
@@ -128,24 +128,24 @@ class Ragweed::Debuggertux
   ## Attach calls install_bps so dont forget to call breakpoint_set
   ## BEFORE attach or explicitly call install_bps
   def attach(opts=@opts)
-    Wraptux::ptrace(Ragweed::Wraptux::Ptrace::ATTACH, @pid, 0, 0)
+    Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::ATTACH, @pid, 0, 0)
     @attached = true
     self.install_bps if (opts[:install] and not @installed)
   end
 
   def continue
     on_continue
-    Wraptux::ptrace(Ragweed::Wraptux::Ptrace::CONTINUE, @pid, 0, 0)
+    Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::CONTINUE, @pid, 0, 0)
   end
 
   def detach
     on_detach
-    Wraptux::ptrace(Ragweed::Wraptux::Ptrace::DETACH, @pid, 0, 0)
+    Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::DETACH, @pid, 0, 0)
   end
 
   def stepp
 	on_stepp
-    ret = Wraptux::ptrace(Ragweed::Wraptux::Ptrace::STEP, @pid, 1, 0)
+    ret = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::STEP, @pid, 1, 0)
   end
 
   ## Adds a breakpoint to be installed
@@ -205,7 +205,7 @@ class Ragweed::Debuggertux
   ## originally stored with it. If its a different signal,
   ## then process it accordingly and move on
   def wait(opts = 0)
-    r = Wraptux::waitpid(@pid,opts)
+    r = Ragweed::Wraptux::waitpid(@pid,opts)
     status = r[1]
     wstatus = status & 0x7f
     signal = status >> 8
@@ -218,13 +218,13 @@ class Ragweed::Debuggertux
       when wstatus != 0x7f ##WIFSIGNALED
         @exited = false
         self.on_signal
-      when signal == Wraptux::Signal::SIGINT
+      when signal == Ragweed::Wraptux::Signal::SIGINT
         self.continue
-      when signal == Wraptux::Signal::SIGSEGV
+      when signal == Ragweed::Wraptux::Signal::SIGSEGV
         self.on_segv
-      when signal == Wraptux::Signal::SIGILL
+      when signal == Ragweed::Wraptux::Signal::SIGILL
         self.on_illegalinst
-      when signal == Wraptux::Signal::SIGTRAP
+      when signal == Ragweed::Wraptux::Signal::SIGTRAP
         ## Check if EIP matches a breakpoint we have set
         r = self.get_registers
         eip = r[:eip]
@@ -236,9 +236,9 @@ class Ragweed::Debuggertux
           puts "We got a SIGTRAP but not at our breakpoint... continuing"
         end
         self.continue
-      when signal == Wraptux::Signal::SIGCONT
+      when signal == Ragweed::Wraptux::Signal::SIGCONT
         self.continue
-      when signal == Wraptux::Signal::SIGSTOP
+      when signal == Ragweed::Wraptux::Signal::SIGSTOP
         self.continue
       else
         raise "Add more signal handlers (##{signal})"
@@ -249,23 +249,23 @@ class Ragweed::Debuggertux
   ## Return an array of thread PIDs
   def self.threads(pid)
     a = Dir.entries("/proc/#{pid}/task/")
-    a.delete_if do |x| x == '.' end
-    a.delete_if do |x| x == '..' end
+    a.delete_if { |x| x == '.' }
+    a.delete_if { |x| x == '..' }
   end
 
   ## Gets the registers for the given process
   def get_registers
-    size = Wraptux::SIZEOFLONG * 17
+    size = Ragweed::Wraptux::SIZEOFLONG * 17
     regs = Array.new(size)
     regs = regs.to_ptr
     regs.struct!('LLLLLLLLLLLLLLLLL', :ebx,:ecx,:edx,:esi,:edi,:ebp,:eax,:xds,:xes,:xfs,:xgs,:orig_eax,:eip,:xcs,:eflags,:esp,:xss)
-    Wraptux::ptrace(Ragweed::Wraptux::Ptrace::GETREGS, @pid, 0, regs.to_i)
+    Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::GETREGS, @pid, 0, regs.to_i)
     return regs
   end
 
   ## Sets registers for the given process
   def set_registers(r)
-    Wraptux::ptrace(Ragweed::Wraptux::Ptrace::SETREGS, @pid, 0, r.to_i)
+    Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::SETREGS, @pid, 0, r.to_i)
   end
 
   ## Here we need to do something about the bp
@@ -284,14 +284,14 @@ class Ragweed::Debuggertux
       set_registers(r)
       stepp
       ## ptrace peektext returns -1 upon reinstallation of bp without calling
-	  ## waitpid() if that occurs the breakpoint cannot be reinstalled
-      Wraptux::waitpid(@pid, 0)
+      ## waitpid() if that occurs the breakpoint cannot be reinstalled
+      Ragweed::Wraptux::waitpid(@pid, 0)
       @breakpoints[eip].first.install
     end
   end
 
   def print_regs
-	regs = self.get_registers
+    regs = self.get_registers
     puts "eip %08x" % regs[:eip]
     puts "edi %08x" % regs[:esi]
     puts "edi %08x" % regs[:edi]
@@ -332,15 +332,15 @@ class Ragweed::Debuggertux
   end
 
   def on_stepp
-	#puts "single stepping"
+    #puts "single stepping"
   end
 
   def on_segv
-	print_regs
+    print_regs
     exit
   end
 
   def default_opts(opts)
-	@opts = @opts.merge(opts)
+    @opts = @opts.merge(opts)
   end
 end

data/lib/ragweed/rasm/bblock.rb

@@ -0,0 +1,68 @@
+module Ragweed; end
+module Ragweed::Rasm
+  # Ruby inline assembler.
+  class Bblock
+    # Don't call this directly; use Bblock#make
+    def initialize
+      @insns = Ragweed::Rasm::Subprogram.new
+    end
+
+    # Wrap the methods of Rasm::Subprogram we care about:
+
+    # Assemble the instructions, which also calculates appropriate
+    # jump labels.
+    def assemble; @insns.assemble; end
+
+    # Disassemble the block (after it's been assembled) into
+    # Frasm objects.
+    def disassemble; @insns.disassemble; end
+
+    # Generate a human-readable assembly listing.
+    def listing; @insns.dump_disassembly; end
+
+    # Append more instructions to a previously created block;
+    # see Bblock#make
+    def add(&block)
+      instance_eval(&block)
+    end
+
+    # Takes a block argument, containing (mostly) assembly
+    # instructions, as interpreted by Rasm. For example:
+    #
+    #     Bblock.make {
+    #         push ebp
+    #         mov  ebp, esp
+    #         push ebx
+    #         xor ebx, ebx
+    #         addl esp, 4
+    #         pop ebp
+    #         ret
+    #     }
+    #
+    # Each of those instructions is in fact the name of a class
+    # in Rasm, lowercased; Bblock has a method_missing that catches
+    # and instantiates them.
+    #
+    # Your block can contain arbitrary Ruby, but remember that it
+    # runs in the scope of an anonymous class and so cannot directly
+    # reference instance variables.
+    def self.make(&block)
+      c = Bblock.new
+      c.instance_eval(&block)
+      c
+    end
+
+    def method_missing(meth, *args)
+      k = Ragweed::Rasm.const_get(meth.to_s.capitalize)
+
+      # If it's a class, it's an assembly opcode; otherwise,
+      # it's a register or operand.
+      if k.class == Class
+        @insns << (k = k.new(*args))
+      else
+        k
+      end
+      k
+    end
+  end
+end

data/lib/ragweed/rasm/isa.rb

@@ -174,7 +174,7 @@ module Ragweed::Rasm
     # labels. Produces raw instruction stream.
     def assemble
       patches = {}
-      buf = Sbuf.new
+      buf = Ragweed::Sbuf.new
 
       each do |i|
         if i.kind_of? Instruction
@@ -248,7 +248,7 @@ module Ragweed::Rasm
     def coerce(v)
       if v
         v = v.derive
-        v = v.to_i if v.kind_of? Ptr
+        v = v.to_i if v.kind_of? Ragweed::Ptr
         if v.kind_of? Array
           v = v[0].clone
           v.indir = true
@@ -263,7 +263,7 @@ module Ragweed::Rasm
 
     # Never called directly (see subclasses below)
     def initialize(x=nil, y=nil)
-      @buf = Sbuf.new
+      @buf = Ragweed::Sbuf.new
       self.src = y
       self.dst = x
       @loc = nil
@@ -472,6 +472,27 @@ module Ragweed::Rasm
       super
     end
   end
+  
+  ## ------------------------------------------------------------------------
+
+  # Push the registers onto the stack
+  #   not valid for 64bit mode
+  class Pushad < Instruction
+    def to_s
+      add(0x60)
+      super
+    end
+  end
+
+  ## ------------------------------------------------------------------------
+
+  # Pop the registers off the stack
+  class Popad < Instruction
+    def to_s
+      add(0x61)
+      super
+    end
+  end
 
   ## ------------------------------------------------------------------------
 
@@ -599,6 +620,7 @@ module Ragweed::Rasm
       @x = Ebp.clone
     end
   end
+  Subl = Sub
 
   ## ------------------------------------------------------------------------
 
@@ -1019,10 +1041,11 @@ module Ragweed::Rasm
   class Pushf < Instruction
       # 9c pushfd
 
-      def initialize; end
+      # def initialize; end
       def to_s
           raise(TooMan, "too many arguments") if @src or @dst
           add(0x9c)
+          super
       end
   end
 
@@ -1031,15 +1054,25 @@ module Ragweed::Rasm
   class Popf < Instruction
       # 9d popfd
 
-      def initialize; end
+      # def initialize; end
       def to_s
           raise(TooMan, "too many arguments") if @src or @dst
           add(0x9d)
+          super
       end
   end
 
   ## ------------------------------------------------------------------------
 
+  class Iret < Instruction
+    def to_s
+      add(0xcf)
+      super
+    end
+  end
+
+  ## ------------------------------------------------------------------------
+
   # INT 3, mostly, but will do INT X
   class Int < Instruction
     ## cc int 3

data/lib/ragweed/rasm.rb

@@ -5,7 +5,7 @@ module Ragweed; end
 module Ragweed::Rasm
 
   # :stopdoc:
-  VERSION = '0.1.7'
+  VERSION = '0.1.7.1'
   LIBPATH = ::File.expand_path(::File.dirname(__FILE__)) + ::File::SEPARATOR
   PATH = ::File.dirname(LIBPATH) + ::File::SEPARATOR
   # :startdoc:

data/lib/ragweed/sbuf.rb

@@ -138,7 +138,7 @@ class Ragweed::Sbuf
   def eof?; @position >= length; end
   def clear!; @content = "" and reset; end
   def remainder(n = position); @content[n..-1] || ""; end
-  def remainder_as_buffer(t=Sbuf); t.new(:content => remainder); end
+  def remainder_as_buffer(t=Ragweed::Sbuf); t.new(:content => remainder); end
 
   def self.szl64; 8; end
   def self.szb64; 8; end

data/lib/ragweed/trampoline.rb

@@ -57,9 +57,9 @@ class Ragweed::Trampoline
       s = @shim.assemble
       base.write(s)
 
-      th = Wrap32::create_remote_thread(@p.handle, base, argm)
-      Wrap32::wait_for_single_object(th) if @wait
-      Wrap32::close_handle(th)
+      th = Ragweed::Wrap32::create_remote_thread(@p.handle, base, argm)
+      Ragweed::Wrap32::wait_for_single_object(th) if @wait
+      Ragweed::Wrap32::close_handle(th)
       ret = @p.read32(cur)
       if ret == 0xDEADBEEF
         ret = nil
@@ -91,12 +91,12 @@ class Trevil
             "WaitForSingleObject"].
       map {|x| @p.get_proc("kernel32!#{x}").to_i}.
       pack("LLLLL")
-    state = [Wrap32::get_current_process_id, @ev1.handle, @ev2.handle].
+    state = [Ragweed::Wrap32::get_current_process_id, @ev1.handle, @ev2.handle].
       pack("LLL")
 
     data.write(swch + state)
     base.write(event_pair_stub(:debug => false).assemble)
-    Wrap32::create_remote_thread(@p.handle, base, data)
+    Ragweed::Wrap32::create_remote_thread(@p.handle, base, data)
     @ev1.wait
     @ev2
   end