Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Writing a Simply debugger

ragdog
ragdog
in Programming and Coding

Featured Replies

Posted

Hi

I Write a simply debugger in masm32

now have i a problem why crash it the Target If set a Bp by other Address

Test Target if "crackme.upx.exe" from Apox

Set i a BP by 004082AF works it fine

But set i a bp by 004082A8 or other address if my Bp not reached and the target crash it


;004082A6   .^\EB E1 		JMP SHORT 00408289
;004082A8   >  FF96 54850000 CALL DWORD PTR DS:[ESI+8554]
;004082AE   >  61        	POPAD
;004082AF   .- E9 0C90FFFF   JMP 004012C0
;004082B4  	00        	DB 00
 	mov eax,004082A8h
 	mov [bpAddress],eax	invoke SetBP,eax ;Set a Int3 Breakpoint 	;from winhex if INT3 written ?
 	;and Yes if written
 	;EBE1(CC)965485	.while TRUE
			invoke WaitForDebugEvent,ADDR DBE,INFINITE
			.if DBE.dwDebugEventCode==EXCEPTION_DEBUG_EVENT
				.if DBE.u.Exception.pExceptionRecord.ExceptionCode==EXCEPTION_BREAKPOINT
				;-----------------------------------------------------------------------
				;-----------------------------------------------------------------------
		  			mov pContext.ContextFlags,CONTEXT_CONTROL
		           invoke GetThreadContext,pProcessInfo.hThread,addr pContext
		  			mov eax,pContext.regEip
		  			.if eax==[bpAddress]
                      	invoke wsprintf,addr hStatus,CTEXT ("Breakpoint %08X"),eax
                      	invoke MessageBox,hWnd,addr hStatus,0,MB_OK
		    			.break
		  			.endif
				;-----------------------------------------------------------------------
				;-----------------------------------------------------------------------
		           invoke ContinueDebugEvent,DBE.dwProcessId,DBE.dwThreadId,DBG_CONTINUE
				.endif
			.elseif DBE.dwDebugEventCode==EXIT_PROCESS_DEBUG_EVENT
				.break
			.endif
			invoke ContinueDebugEvent,DBE.dwProcessId,DBE.dwThreadId,DBG_EXCEPTION_NOT_HANDLED
		.endw
SetBP  proc  dwBpAddress:DWORD
	pushad
	dec [dwBpAddress] 	
	invoke  ReadProcessMemory, pProcessInfo.hProcess,dwBpxAddress, addr oldbyte, 1, 0 
	invoke WriteProcessMemory,pProcessInfo.hProcess,dwBpxAddress,addr INT3,1,addr NbByteWr 
	popad
	ret
SetBP endp

Greets,

Edited by ragdog

look at this exemple by Mouradpr of AT4RE

AT4RE Debug.rar

  • Author

Hey spider :turned:

No this im not really what i need

Thanks for your reply

remove:

dec [dwBpAddress]

  • Author

Yes this is it

And a other Mistake with this offset 004082A8h

I have load the target in Olly and have set a BP on it and lol i see this if not used (Reached) by Olly :turned:

Thanks

When your code hits the first breakpoint, it will exit out of the loop, never calling ContinueDebugEvent. The 'break' you set in the breakpoint handler actually breaks out of the 'while' loop, not the switch condition testing, by default it will fall through to the bottom of the loop if you don't use the 'break' keyword.

Not saying the following snippet will be perfect for your needs but it may help show what i mean:

LOCAL dwContinueStat:DWORD
LOCAL bContinue:DWORD; Set bContinue to TRUE
mov bContinue,TRUE.while bContinue  invoke WaitForDebugEvent,ADDR DBE,INFINITE
  .if ZERO?
    mov bContinue,FALSE
  .endif  mov dwContinueStat,DBG_EXCEPTION_NOT_HANDLED ; Default behaviour, mark ALL events as unhandled and then adjust later if necessary  .if DBE.dwDebugEventCode==EXCEPTION_DEBUG_EVENT     .if DBE.u.Exception.pExceptionRecord.ExceptionCode==EXCEPTION_BREAKPOINT 
    ;----------------------------------------------------------------------- 
    ;-----------------------------------------------------------------------       mov eax,DBE.u.Exception.pExceptionRecord.ExceptionAddress ; The address of the exception is passed as part of the exception record     .if eax==[bpAddress] 
       invoke wsprintf,addr hStatus,CTEXT ("Breakpoint %08X"),eax 
       invoke MessageBox,hWnd,addr hStatus,0,MB_OK
       mov dwContinueStat,DBG_CONTINUE ; Set status so process knows breakpoint was handled
     .endif     ; Fall through to bottom of while loop where it will call ContinueDebugEvent again
    ;----------------------------------------------------------------------- 
    ;----------------------------------------------------------------------- 
  .elseif DBE.dwDebugEventCode==EXIT_PROCESS_DEBUG_EVENT
    invoke MessageBox,hWnd,CTEXT("Process exited."),0,MB_OK 
    mov bContinue,FALSE
  .endif 
  invoke ContinueDebugEvent, DBE.dwProcessId, DBE.dwThreadId, dwContinueStatus 
.endw

HR,

Ghandi

Edited by ghandi

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.