Print Page - suspending thread during debugging

Title: suspending thread during debugging
Post by: terb on May 01, 2005, 07:30:27 PM

Hey guys

Great to be back after a long break from coding :bg Anyway, I have a problem concerning suspending a thread duing debugging.
When a thread is created in my debugger I make it jump to my CreateThread procedure.

Example:
assume ebx:ptr CREATE_THREAD_DEBUG_INFO
mov eax, [ebx].hThread

As far as I can read EAX now contains the handle of the thread created, right ??? But how do I suspend it, instead of running it or if I wanna suspend it later on in the debugging process ??? Invoke SuspendThread, [ebx].hThread wont work... Probably cause I dont have the ThreadId or ???

Any surgestion/hint is useful !! Thx !!

Terb

Title: Re: suspending thread during debugging
Post by: James Ladd on May 01, 2005, 08:42:47 PM

terb,
As far as I know ...
you need a debugger that supports this function. The only way to do it without a debugger is to change the code to pause the thread.
Typically you need to pause the thread by making it block on an event object and wait for you to release/signal it.

Title: Re: suspending thread during debugging
Post by: terb on May 01, 2005, 09:40:10 PM

Well I coded my own debugger... When the CREATE_THREAD occurs I trap it

hThread = Handle to the thread that created the debugging event
lpThreadLocalBase = Pointer to a block of data
lpStartAddress = Pointer to the starting address of the thread

however... I haven't managed to suspend the thread at this point (when the thread is created) nor later ... My question is still HOW TO ??? :bg

Title: Re: suspending thread during debugging
Post by: James Ladd on May 01, 2005, 10:23:46 PM

Well if you have the thread handle try Suspend and Resume thread.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/suspending_thread_execution.asp

Title: Re: suspending thread during debugging
Post by: raymond on May 02, 2005, 02:44:08 AM

Whenever you create a thread, there should be some means of communication between that thread and the main process. You must already know that one of the easiest ways is to have some global variables (accessible to both) which can be modified and polled by either one.

If you are set up that way, you should be able to modify the proper global variable with your debugger so that the thread will get the required message.

Raymond

Title: Re: suspending thread during debugging
Post by: PellesC on May 02, 2005, 11:58:23 AM

The thread handle that is needed for SuspendThread() is part of CREATE_THREAD_DEBUG_INFO. If it's not working, maybe ebx is pointing to the wrong place?!

Pelle

Title: Re: suspending thread during debugging
Post by: AeroASM on May 04, 2005, 06:34:24 AM

Quote from: win32.hlp
Windows NT: The handle must have THREAD_SUSPEND_RESUME access.

Title: Re: suspending thread during debugging
Post by: Farabi on May 05, 2005, 06:07:45 AM

Hi. Try to execute it from the memory. Dont forgot to place a 0xc3 at the end of your instruction. Im still try it on my computer. I dont know what opcode I must use, ret or retn opcode.

Title: Re: suspending thread during debugging
Post by: AeroASM on May 05, 2005, 06:11:49 AM

retn means return near, and retf means return far.

ret is an inbuilt macro which checks whether the proc is near or far and how many bytes to balance the stack with and puts the right code like retn 10h

If it is not in a proc, ret defaults to retn.

The MASM Forum Archive 2004 to 2012

General Forums => The Campus => Topic started by: terb on May 01, 2005, 07:30:27 PM