Log in

View Full Version : DebugActiveProcess

pix
December 22nd, 2004, 09:41
Hello,

how can i have a pointer to a PROCESS_INFORMATION structure after using DebugActiveProcess?

I can't have a GetThreadContext working because i dont find how to do that:

GetThreadContext(pi.hThread,&TempContext);

Thx
Nukacola
December 22nd, 2004, 10:43
look at my source i'm using the debug API's (pure masm32 assembler). I think it is self explaining how to use the structure.

h**p://phalcon.net/masm32/debug3.asm

Feel free to ask if you don't understand.

sincerly nukacola
pix
December 22nd, 2004, 13:17
Thx

And how can i set a breakpoint on access? is it the same as the int3?
pix
December 22nd, 2004, 16:27
please could someone check that and help me to fix it?

My target is a little .exe i made with 1 button. When i push it a variable is incremented after a if comparaison. For my tests I directly modified the code of the .exe at address 401824 where the result of the comparison is and i did set an int3 instruction. For each breakpoint a message box appear.

No matter what i do i have this:
1 message box : windows breakpoint
1 message box : Breakpoint ok
2 message boxes : Access violation
1 message box: exiting
proggys both exit



Code:
DebugActiveProcess(pid);

for(;

{

	(WaitForDebugEvent (&DebugEv, INFINITE));

	{

		switch (DebugEv.dwDebugEventCode)

		{ 

		case EXCEPTION_DEBUG_EVENT:

			switch (DebugEv.u.Exception.ExceptionRecord.ExceptionCode)

			{

			case EXCEPTION_BREAKPOINT:

				if (DoneOnce == FALSE)//Breakpoint sent by windows

				{	

					MessageBox(NULL, "windows breakpoint", "warning!", MB_OK);

					dwContinueStatus = DBG_CONTINUE;

					DoneOnce = TRUE;

					break;

				}

				if (DoneOnce == TRUE)

				{

					if (DebugEv.u.Exception.ExceptionRecord.ExceptionAddress==((LPVOID)0x00401824))

					// If the breakpoint come from 0x401824 address then Message Box breakpoint ok

					{

						MessageBox(NULL, "Breakpoint ok!!!", "warning!", MB_OK);

						Context.ContextFlags = CONTEXT_CONTROL;

						//WriteProcessMemory(hand, (void*)0x00401824, &OriginalByte,1, &bytes);

						//GetThreadContext(DebugEv.u.CreateProcessInfo.hThread, &Context);

						//Context.Eip--;

						//SetThreadContext(DebugEv.u.CreateProcessInfo.hThread, &Context);

						dwContinueStatus = DBG_CONTINUE;

						break;

					}

					else // Message box Breakpoint not handled

					{

						MessageBox(NULL, "breakpoint Not handled", "warning!", MB_OK);

						dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;

						break;

					}

				}

				break;

			case EXCEPTION_ACCESS_VIOLATION:// Message box access violation

				MessageBox(NULL, "Access Violation", "warning!", MB_OK);

				dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;

				break;

			case EXCEPTION_SINGLE_STEP:// Never raise

				MessageBox(NULL, "SingleStep", "warning!", MB_OK);

				dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;

				break;

			default:

				// Handle other exceptions

				MessageBox(NULL, "Other exception", "warning!", MB_OK);

				dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;

				break;

			}

			break;

			case EXIT_PROCESS_DEBUG_EVENT: //Exit message box

				MessageBox(NULL, "Exiting", "warning!", MB_OK);

				dwContinueStatus = DBG_CONTINUE;

				exit(1);

				break;

		}

	}

	ContinueDebugEvent (DebugEv.dwProcessId,DebugEv.dwThreadId,dwContinueStatus);

}