Jump to content
Tuts 4 You

Resuming a debugger after attaching to a target


SuperCRacker

Recommended Posts

Hi :rolleyes:

I am trying to play a little bit with Win32 Debug apis. I tried to debug a target using the DebugActiveProcess API, the problem is that the target freezes right after and I can't resume its execution (I'm looking for the equivalent of F9 in OllyDbg). I tried many things ResumeThread, ContinueDebugEvent ... but no one worked. Maybe someone has got a suggestion :wub:

Thanks,

SC.

Link to comment

Continuously handling WaitForDebugEvent? Basically saying debugger handled 80000003 exceptions and the rest the debuggee handles. Combined the with ContinueDebugEvent should work. You cant actually just resume execution something has to handle the exceptions each time.

Edited by What
Link to comment

I've checked the tut28 yesterday before posting here, and I don't know actually where to put my WaitForDebugEvent routine. Do I have to create a new thread that handles exceptions each time the debugee send exceptions messages? I presume that the routine must be called continuesly to detect all exceptions sent. What's the time to consider between two consecutive calls to WaitForDebugEvent? Also there's a "TimeOut" parameter to consider in WaitForDebugEvent API, do I have to set it to 0, 1000 or INFINITE? I'm saying this because I tried yesterday all of these combinations and none of them worked.

Thanks,

SC.

Link to comment

Just set TimeOut to INFINITE and quit the WaitForDebugEvent loop if EXIT_PROCESS_DEBUG_EVENT is sent. That worked fine for me, if you need some example source, let me know.

Link to comment

Thanks metr0, I will try to implement what you said later on this week end. I'll tell you then if I need a source example ...

SC.

Link to comment

Setting the timeout to INFINITE should work as long as you break from the debug loop on EXIT_PROCESS_DEBUG_EVENT

But I suspect your problem is with the handling of the first EXCEPTION

At the first EXCEPTION_BREAKPOINT I recall you need to use "ContinueDebugEvent" with the flag DBG_CONTINUE. This is the system breakpoint.

At the subsequent EXCEPTIONs you need to use "ContinueDebugEvent" with the flag DBG_EXCEPTION_NOT_HANDLED

cheers

Z

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...