Hi,

I wrote a small and simple debugger which doesn't use the debugger api. Instead I set breakpoints with 0xEBFE which works quite ok.

Now I have a problem, I patched a DLL function with 0xEBFE and start the process which stops at that JMP EIP command, I attach with another debugger tool which uses the windows debugger api which works without problems.

After attaching I want to remove the JMP EIP and want to run the program under the debugger. Writing the original opcodes back seems to work as I don't get any errors but the program seems to hang.

Does anyone has an idea why this happen?

Thx
Tr1stan

did you tried "ResumeThread" function? prob. after attaching debugger it is need..

Hi,

thanks for the info...but I found the problem, it was a bug in my debugger which didn't use the correct address of the "jmp eip" i forgot to add the image base to the address
So everything seems to work as expected

tr1stan

In the meanwhile you could have a look at http://www.deneke.biz/deneke/obsidian/, a nice EBFE-based debugger,
cited also in Collaborative RCE Tool Library...

Best regards, bilbo