From f3fdfcf44082427d652cc42ed873ca02338ea7fd Mon Sep 17 00:00:00 2001
From: thejoelpatrol <jcretan@gmail.com>
Date: Fri, 10 Feb 2023 14:14:20 -0500
Subject: [PATCH] add DbgChild for x64dbg

---
 .../tools/chocolateyinstall.ps1               | 62 +++++++++++++++++++
 .../tools/chocolateyuninstall.ps1             | 15 +++++
 .../x64dbg.dbgchild.vm.nuspec                 | 13 ++++
 scripts/test/lint.py                          |  1 +
 4 files changed, 91 insertions(+)
 create mode 100644 packages/x64dbg.dbgchild.vm/tools/chocolateyinstall.ps1
 create mode 100644 packages/x64dbg.dbgchild.vm/tools/chocolateyuninstall.ps1
 create mode 100644 packages/x64dbg.dbgchild.vm/x64dbg.dbgchild.vm.nuspec

diff --git a/packages/x64dbg.dbgchild.vm/tools/chocolateyinstall.ps1 b/packages/x64dbg.dbgchild.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..a2b471bf7
--- /dev/null
+++ b/packages/x64dbg.dbgchild.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,62 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+try {
+    $tempDownloadDir = Join-Path ${Env:chocolateyPackageFolder} "temp_$([guid]::NewGuid())"
+    $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} 'x64dbg\release' -Resolve
+    $packageArgs = @{
+        packageName   = ${Env:ChocolateyPackageName}
+        unzipLocation = $tempDownloadDir
+        url           = 'https://github.com/therealdreg/DbgChild/releases/download/beta10/DbgChild.Beta.10.zip'
+        checksum      = 'f17f588795d8f5f94d71335a8acfa58946bb03a94a5637be7f3e804c652ea2b4'
+        checksumType  = 'sha256'
+    }
+
+    VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder}
+    Install-ChocolateyZipPackage @packageArgs
+    $unzippedDir = (Get-ChildItem -Directory $tempDownloadDir | Where-Object {$_.PSIsContainer} | Select-Object -f 1).FullName
+    VM-Assert-Path $unzippedDir
+
+    $archs = @("x32", "x64")
+    foreach ($arch in $archs) {
+        $archDstDir = Join-Path $toolDir "${arch}" -Resolve
+        $pluginDstDir = Join-Path $archDstDir 'plugins'
+        if (-Not (Test-Path $pluginDstDir -PathType Container)) {
+            New-Item -ItemType directory $pluginDstDir -Force -ea 0 | Out-Null
+        }
+        VM-Assert-Path $pluginDstDir
+
+        # Move 32/64-bit plugin DLL itself into the arch directory
+        $pluginSrcPath = Join-Path $unzippedDir "release\${arch}\plugins" -Resolve
+        Get-ChildItem -Path $pluginSrcPath -File | Move-Item -Destination $pluginDstDir -Force
+
+        # Note that we don't simply move all children including directories, because we don't want to overwrite plugins
+
+        # Move all the other arch-specific files
+        $archSrcPath = Join-Path $unzippedDir "release\${arch}" -Resolve
+        Get-ChildItem -Path $archSrcPath -File | Move-Item -Destination $archDstDir -Force
+        if (-Not(Test-Path "${archDstDir}\CPIDS" -PathType Container)) {
+            New-Item -ItemType directory "${archDstDir}\CPIDS" -Force -ea 0 | Out-Null
+        }
+    }
+
+    # Move the NewProcessWatcher and text files into the main x64dbg directory
+    $releaseSrcDir = Join-Path $unzippedDir 'release'
+
+    Get-ChildItem -Path $releaseSrcDir -File | Move-Item -Destination $toolDir -Force
+    if (-Not(Test-Path "${toolDir}\dbgchildlogs" -PathType Container)) {
+        Move-Item -Path "${releaseSrcDir}\dbgchildlogs" -Destination $toolDir
+    }
+
+    # Make sure at least one of the files in each dir ended up in the right place
+    VM-Assert-Path "${toolDir}\NewProcessWatcher.exe"
+    VM-Assert-Path "${toolDir}\x32\CreateProcessPatch.exe"
+    VM-Assert-Path "${toolDir}\x64\CreateProcessPatch.exe"
+    VM-Assert-Path "${toolDir}\x32\plugins\dbgchild.dp32"
+    VM-Assert-Path "${toolDir}\x64\plugins\dbgchild.dp64"
+
+    # $unzippedDir is in $tempDownloadDir, so this should clean up both of them
+    Remove-Item $tempDownloadDir -Recurse -Force -ea 0
+} catch {
+    VM-Write-Log-Exception $_
+}
diff --git a/packages/x64dbg.dbgchild.vm/tools/chocolateyuninstall.ps1 b/packages/x64dbg.dbgchild.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..5c7aba586
--- /dev/null
+++ b/packages/x64dbg.dbgchild.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,15 @@
+$ErrorActionPreference = 'Continue'
+
+$toolDir = Join-Path ${Env:RAW_TOOLS_DIR} 'x64dbg\release'
+foreach ($file in $("NewProcessWatcher.exe", "readme_dbgchild.txt", "x64_post.unicode.txt", "x64_pre.unicode.txt", "x86_post.unicode.txt", "x86_pre.unicode.txt", "dbgchildlogs")) {
+    Remove-Item "${toolDir}\${file}" -Recurse -Force
+}
+
+$archFiles = @("CreateProcessPatch.exe", "DbgChildHookDLL.dll", "NTDLLEntryPatch.exe", "CPIDS")
+foreach ($arch in @("32", "64")) {
+    $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} "x64dbg\release\x${arch}"
+    foreach ($file in $archFiles) {
+        Remove-Item "${toolDir}\${file}" -Recurse -Force
+    }
+    Remove-Item "${toolDir}\plugins\dbgchild.dp${arch}" -Force
+}
\ No newline at end of file
diff --git a/packages/x64dbg.dbgchild.vm/x64dbg.dbgchild.vm.nuspec b/packages/x64dbg.dbgchild.vm/x64dbg.dbgchild.vm.nuspec
new file mode 100644
index 000000000..8f1f58325
--- /dev/null
+++ b/packages/x64dbg.dbgchild.vm/x64dbg.dbgchild.vm.nuspec
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>x64dbg.dbgchild.vm</id>
+    <version>10</version>
+    <description>DbgChild is an x64dbg plugin to automatically attach to spawned child processes.</description>
+    <authors>Dreg (David Reguera Garcia)</authors>
+    <dependencies>
+      <dependency id="common.vm" />
+      <dependency id="x64dbg.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/scripts/test/lint.py b/scripts/test/lint.py
index bbeccc404..0141d7e8c 100644
--- a/scripts/test/lint.py
+++ b/scripts/test/lint.py
@@ -304,6 +304,7 @@ class UsesInvalidCategory(Lint):
     EXCLUSIONS = [
         ".ollydumpex.vm",
         ".scyllahide.vm",
+        ".dbgchild.vm",
         "common.vm",
         "debloat.vm",
         "dokan.vm",