I'm working on a debugger. The idea is to get the running processes, modules used by them and so on. To obtain this information I'm using "CreateToolhelp32Snapshot" API + "Process32First".
So far so good. Now the question(s). How can I find :
-where the program starts in memory ("the entry point" )-for "ReadProcessMemory"
-more info about "base address"
-how to set breakpoints and single step (are int1 & modyfing the trap flag the only options?)
And the last one would be:
- how can I get the source code of an exe? I know : disassembling. But I'm trying to get it from the process's memory when it's running. I know the codification of the inst. (ex "ret" is 55h) but how are the codifications made?
I'm new with debugging & I want to know more.
0 · ·