News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

suspending thread during debugging

Started by terb, May 01, 2005, 07:30:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

terb

May 01, 2005, 07:30:27 PM
Hey guys

Great to be back after a long break from coding  :bg Anyway, I have a problem concerning suspending a thread duing debugging.
When a thread is created in my debugger I make it jump to my CreateThread procedure.

Example:
   assume ebx:ptr CREATE_THREAD_DEBUG_INFO
   mov eax, [ebx].hThread

As far as I can read EAX now contains the handle of the thread created, right ??? But how do I suspend it, instead of running it or if I wanna suspend it later on in the debugging process ??? Invoke SuspendThread, [ebx].hThread wont work... Probably cause I dont have the ThreadId or ???

Any surgestion/hint is useful !! Thx !!

Terb

James Ladd

#1
May 01, 2005, 08:42:47 PM
terb,
As far as I know ...
you need a debugger that supports this function. The only way to do it without a debugger is to change the code to pause the thread.
Typically you need to pause the thread by making it block on an event object and wait for you to release/signal it.

terb

#2
May 01, 2005, 09:40:10 PM
Well I coded my own debugger... When the CREATE_THREAD occurs I trap it

hThread = Handle to the thread that created the debugging event
lpThreadLocalBase = Pointer to a block of data
lpStartAddress = Pointer to the starting address of the thread

however... I haven't managed to suspend the thread at this point (when the thread is created) nor later ... My question is still HOW TO ???  :bg

raymond

#4
May 02, 2005, 02:44:08 AM
Whenever you create a thread, there should be some means of communication between that thread and the main process. You must already know that one of the easiest ways is to have some global variables (accessible to both) which can be modified and polled by either one.

If you are set up that way, you should be able to modify the proper global variable with your debugger so that the thread will get the required message.

Raymond
When you assume something, you risk being wrong half the time
http://www.ray.masmcode.com

PellesC

#5
May 02, 2005, 11:58:23 AM
The thread handle that is needed for SuspendThread() is part of CREATE_THREAD_DEBUG_INFO. If it's not working, maybe ebx is pointing to the wrong place?!

Pelle

AeroASM

#6
May 04, 2005, 06:34:24 AM
Quote from: win32.hlp
Windows NT: The handle must have THREAD_SUSPEND_RESUME access.

Farabi

#7
May 05, 2005, 06:07:45 AM Last Edit: May 07, 2005, 06:18:07 AM by Farabi
Hi. Try to execute it from the memory. Dont forgot to place a 0xc3 at the end of your instruction. Im still try it on my computer. I dont know what opcode I must use, ret or retn opcode.
Those who had universe knowledges can control the world by a micro processor.
http://www.wix.com/farabio/firstpage

"Etos siperi elegi"

AeroASM

#8
May 05, 2005, 06:11:49 AM
retn means return near, and retf means return far.

ret is an inbuilt macro which checks whether the proc is near or far and  how many bytes to balance the stack with and puts the right code like retn 10h

If it is not in a proc, ret defaults to retn.
Print
Go Up Pages1
User actions