Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

creating a debugger - breakpoint on entry

myrounmyroun Member Posts: 4
Hello, I'm programming a debugger and I want it to set breakpoint to the entrypoint of debugged application. I don't want to physically modify the exe file nor use any undocumented or unreliable techniques (for ex. setting hardware breakpoins from ring0 etc.).

I wanted to set software breakpoint on CREATE_PROCESS_DEBUG_EVENT, but under winXP I cannot write to the process' memory as the process is not somehow initialised yet.

Does anybody have some experience with that?

Comments

  • manucpmanucp Member Posts: 34
    You must check the debug events until the module is loaded then you can overwrite the code in the memory with a call to DebugBreak() using WriteProcessMemory() but you must ensure the instruction cache is empty by flushing it. This is tricky, I think you should use the debug events to simulate a break stop at the beginning and break at the real source lines.



    : Hello, I'm programming a debugger and I want it to set breakpoint to
    : the entrypoint of debugged application. I don't want to physically
    : modify the exe file nor use any undocumented or unreliable
    : techniques (for ex. setting hardware breakpoins from ring0 etc.).
    :
    : I wanted to set software breakpoint on CREATE_PROCESS_DEBUG_EVENT,
    : but under winXP I cannot write to the process' memory as the process
    : is not somehow initialised yet.
    :
    : Does anybody have some experience with that?
    :
  • myrounmyroun Member Posts: 4
    But I still cannot write to memory of target process. WriteProcessMemory doesn't write anythig when called from CREATE_PROCESS_DEBUG_EVENT handler as I mentioned earlier.

    > you must ensure the instruction cache is empty by flushing it

    Is it really requiered if I'm setting the breakpoint on the first instruction of target process? I think that it shouldn't be in the cache when I'm calling WriteProcessMemory.

    : You must check the debug events until the module is loaded then you
    : can overwrite the code in the memory with a call to DebugBreak()
    : using WriteProcessMemory() but you must ensure the instruction cache
    : is empty by flushing it. This is tricky, I think you should use the
    : debug events to simulate a break stop at the beginning and break at
    : the real source lines.
    :
    :
    :
    : : Hello, I'm programming a debugger and I want it to set breakpoint to
    : : the entrypoint of debugged application. I don't want to physically
    : : modify the exe file nor use any undocumented or unreliable
    : : techniques (for ex. setting hardware breakpoins from ring0 etc.).
    : :
    : : I wanted to set software breakpoint on CREATE_PROCESS_DEBUG_EVENT,
    : : but under winXP I cannot write to the process' memory as the process
    : : is not somehow initialised yet.
    : :
    : : Does anybody have some experience with that?
    : :
    :

Sign In or Register to comment.