Debugger Coding Problems

AsmFreak · December 06, 2008, 09:23:09 AM

Hi i have problems to code a little debugger.
I have read Iczelions Win32Asm Tutorials Debug Apis.

I did it for people my debugger with my test program connects, but if I now want to trace the context of the eip register, I always get the ntdll displayed thus address the 74.......
I wanted the EIP register as a pointer to assume there will breakpoints in place so as to register setting. How do I go?

Sorry for my bad bad english.

BlackVortex · December 06, 2008, 11:56:16 AM

I didn't quite understand, but I think you're tracing the app after you receive the "system breakpoint" signal, that's why you're still inside ntdll.dll.
That's too early, you want to start tracing after the app's entry point.

AsmFreak · December 06, 2008, 04:19:19 PM

how can I change the queue at the entry point, I can trace?

Can i use the eip register to set a breakpoint on an offset to read the register vars?

I would be grateful for a small source code

Greetz AsmFreak

BlackVortex · December 06, 2008, 05:02:54 PM

Well, you can get the entry point of the proggy from the PE header. Then you can use a software breakpoint there. (hardware breakpoints are unreliable during process/dll initialization because stupid windows messes with the process's context and the debug registers are reset.

The way I use a software breakpoint on entry point is that I save the original byte and replace with CC etc.

News:

Debugger Coding Problems

AsmFreak

BlackVortex

AsmFreak

BlackVortex