Matrix Posted August 22, 2008 Posted August 22, 2008 Hi Friends How I Can Set A "Hardware BreakPoint On Execute" Into A Process With A Loader That Writen By VB Or Delphi ? Please Give Me An Example Source Code Tnx
metr0 Posted August 22, 2008 Posted August 22, 2008 You'll need to debug the child process (mind possible debugger detections!), then you can set the hwbp via Get-/SetThreadContext (modifying Dr0 - Dr3 and Dr6/7). I do not really think this is the way to go if there's any way to use Int3 or even EB FE since hwbps make the whole thing more difficult (like I said, anti-debug, you'll need a minimalistic debugging engine etc).If you really want to do so, a good starting point is the Intel manual for sure, as well as some sources floating around - last but not least, MSDN will help you out (CreateProcess, Get-/SeThreadContext).
Nacho_dj Posted August 22, 2008 Posted August 22, 2008 Maybe this tut would give you some clues...Tutorial: ASProtect Analysis Of Hardware Breakpoint Clearing FeatureAuthor: ThunderPwrDescription:ASProtect analysis of the Hardware Breakpoint clearing feature (universal AsProtect debugger tool included)Get it at:_http://arteam.accessroot.com/tutorials.htmlCheersNacho_dj
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now