SuperCRacker Posted December 4, 2008 Posted December 4, 2008 Hi I am trying to play a little bit with Win32 Debug apis. I tried to debug a target using the DebugActiveProcess API, the problem is that the target freezes right after and I can't resume its execution (I'm looking for the equivalent of F9 in OllyDbg). I tried many things ResumeThread, ContinueDebugEvent ... but no one worked. Maybe someone has got a suggestion Thanks, SC.
What Posted December 4, 2008 Posted December 4, 2008 (edited) Continuously handling WaitForDebugEvent? Basically saying debugger handled 80000003 exceptions and the rest the debuggee handles. Combined the with ContinueDebugEvent should work. You cant actually just resume execution something has to handle the exceptions each time. Edited December 4, 2008 by What
Ziggy Posted December 4, 2008 Posted December 4, 2008 The Iczelion MASM Debug API tuts 28-30 are very helpful to understand the debug APIs work.http://win32assembly.online.fr/tutorials.htmlcheersZ
SuperCRacker Posted December 4, 2008 Author Posted December 4, 2008 I've checked the tut28 yesterday before posting here, and I don't know actually where to put my WaitForDebugEvent routine. Do I have to create a new thread that handles exceptions each time the debugee send exceptions messages? I presume that the routine must be called continuesly to detect all exceptions sent. What's the time to consider between two consecutive calls to WaitForDebugEvent? Also there's a "TimeOut" parameter to consider in WaitForDebugEvent API, do I have to set it to 0, 1000 or INFINITE? I'm saying this because I tried yesterday all of these combinations and none of them worked.Thanks,SC.
metr0 Posted December 4, 2008 Posted December 4, 2008 Just set TimeOut to INFINITE and quit the WaitForDebugEvent loop if EXIT_PROCESS_DEBUG_EVENT is sent. That worked fine for me, if you need some example source, let me know.
SuperCRacker Posted December 5, 2008 Author Posted December 5, 2008 Thanks metr0, I will try to implement what you said later on this week end. I'll tell you then if I need a source example ... SC.
Ziggy Posted December 5, 2008 Posted December 5, 2008 Setting the timeout to INFINITE should work as long as you break from the debug loop on EXIT_PROCESS_DEBUG_EVENT But I suspect your problem is with the handling of the first EXCEPTIONAt the first EXCEPTION_BREAKPOINT I recall you need to use "ContinueDebugEvent" with the flag DBG_CONTINUE. This is the system breakpoint.At the subsequent EXCEPTIONs you need to use "ContinueDebugEvent" with the flag DBG_EXCEPTION_NOT_HANDLEDcheersZ
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now