debugging 如何通过中的步骤跟踪程序?

pcrecxhr  于 2023-08-06  发布在  其他
关注(0)|答案(1)|浏览(89)

主要问题:

我试图编写自己的跟踪程序,但我找不到任何关于如何跟踪程序本身的材料,msdn中没有关于EXCEPTION_SINGLE_STEP以及如何调用它的信息。同样,据我所知,我需要以某种方式调用EXCEPTION_SINGLE_STEP,但如何调用呢?在第一个EXCEPTION_BREAKPOINT异常之后,我的应用程序只是启动并继续,直到它的任何操作被执行。如果我只是在每条指令前放置一个断点,然后删除它,那么我将不断生成EXCEPTION_BREAKPOINT,而不是EXCEPTION_SINGLE_STEP,
1)Debug loop link

我的代码:

BOOL TraceProcess(PEInformation& PEInformation)
{
    DEBUG_EVENT debugEvent; Regs Regs;

    bool IsRunning = true;     
    CONTEXT Context{}; Context.ContextFlags = CONTEXT_ALL;
    HANDLE hThread;
    while (IsRunning)
    {
        if (!WaitForDebugEvent(&debugEvent, INFINITE))
        {
            // Error handling
            DebugActiveProcessStop(PEInformation.processInfo.dwProcessId);
            return FALSE;
        } 

        // Process the debug event based on its type
        switch (debugEvent.dwDebugEventCode)
        {
        case EXCEPTION_DEBUG_EVENT:
            switch (debugEvent.u.Exception.ExceptionRecord.ExceptionCode)
            {
            case EXCEPTION_BREAKPOINT:
                hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, debugEvent.dwThreadId);
                if (!GetThreadContext(hThread, &Context))
                {
                    std::cerr << "GetThreadContext failed: " << GetLastError() << std::endl;
                    break;
                }

                std::cout << "rip: " << std::hex << Context.Rip << std::endl;
                break;
            case EXCEPTION_SINGLE_STEP:
                hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, debugEvent.dwThreadId);
                if (!GetThreadContext(hThread, &Context))
                {
                    std::cerr << "GetThreadContext failed: " << GetLastError() << std::endl;
                    break;
                }

                std::cout << "rip: " << std::hex << Context.Rip << std::endl;
                break;
            }
            break;

        case CREATE_THREAD_DEBUG_EVENT:
            // Handle newly created threads
            // Process debugEvent.u.CreateThread for detailed information
            break;

        case CREATE_PROCESS_DEBUG_EVENT:
            // Handle newly created processes (main thread)
            // Process debugEvent.u.CreateProcessInfo for detailed information
            break;

        case EXIT_THREAD_DEBUG_EVENT:
            // Handle thread exit
            // Process debugEvent.u.ExitThread for detailed information
            break;

        case EXIT_PROCESS_DEBUG_EVENT:
            // Handle process exit
            // Process debugEvent.u.ExitProcess for detailed information
            DebugActiveProcessStop(PEInformation.processInfo.dwProcessId);
            return TRUE;

        case LOAD_DLL_DEBUG_EVENT:
            // Handle DLL loading
            // Process debugEvent.u.LoadDll for detailed information
            break;

        case UNLOAD_DLL_DEBUG_EVENT:
            // Handle DLL unloading
            // Process debugEvent.u.UnloadDll for detailed information
            break;

        case OUTPUT_DEBUG_STRING_EVENT:
            // Handle output of debug strings
            // Process debugEvent.u.DebugString for detailed information
            break;
            // Handle other debug events as needed

        }

        // Continue execution of the traced process
        ContinueDebugEvent(debugEvent.dwProcessId, debugEvent.dwThreadId, DBG_CONTINUE);
    }

    return true;
}

字符串

z4iuyo4d

z4iuyo4d1#

评论中的家伙都是很棒的家伙)谢谢@Wyck和@RbMm

解决方案

BOOL TraceProcess()
{
    DEBUG_EVENT debugEvent;

    bool IsRunning = true;     
    CONTEXT Context{}; Context.ContextFlags = CONTEXT_ALL;
    while (IsRunning)
    {
        if (!WaitForDebugEvent(&debugEvent, INFINITE))
        {
            // Error handling
            DebugActiveProcessStop(debugEvent.dwProcessId);
            return FALSE;
        } 

        HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, debugEvent.dwThreadId);
        if (!hThread) { std::cerr << "hThread is NULL" << std::endl; return false; }

        // Process the debug event based on its type
        switch (debugEvent.dwDebugEventCode)
        {
        case EXCEPTION_DEBUG_EVENT:
            switch (debugEvent.u.Exception.ExceptionRecord.ExceptionCode)
            {
            case EXCEPTION_BREAKPOINT:
                if (!GetThreadContext(hThread, &Context))
                {
                    std::cerr << "GetThreadContext failed: " << GetLastError() << std::endl;
                    break;
                }

                Context.EFlags |= 0x100;

                if (!SetThreadContext(hThread, &Context))
                {
                    std::cerr << "SetThreadContext failed: " << GetLastError() << std::endl;
                    break;
                }

                std::cout << "rip: " << std::hex << Context.Rip << std::endl;
                CloseHandle(hThread);
                break;
            case EXCEPTION_SINGLE_STEP:
                if (!GetThreadContext(hThread, &Context))
                {
                    std::cerr << "GetThreadContext failed: " << GetLastError() << std::endl;
                    break;
                }
                std::bitset<32> flags(Context.EFlags);

                if (!flags[8])
                {
                    Context.EFlags |= 0x100;
                    if (!SetThreadContext(hThread, &Context))
                    {
                        std::cerr << "SetThreadContext failed: " << GetLastError() << std::endl;
                        break;
                    }
                }
                CloseHandle(hThread);
                break;
            }
            break;

        case CREATE_THREAD_DEBUG_EVENT:
            // Handle newly created threads
            // Process debugEvent.u.CreateThread for detailed information
            break;

        case CREATE_PROCESS_DEBUG_EVENT:
            // Handle newly created processes (main thread)
            // Process debugEvent.u.CreateProcessInfo for detailed information
            break;

        case EXIT_THREAD_DEBUG_EVENT:
            // Handle thread exit
            // Process debugEvent.u.ExitThread for detailed information
            break;

        case EXIT_PROCESS_DEBUG_EVENT:
            // Handle process exit
            // Process debugEvent.u.ExitProcess for detailed information
            DebugActiveProcessStop(debugEvent.dwProcessId);
            return TRUE;

        case LOAD_DLL_DEBUG_EVENT:
            // Handle DLL loading
            // Process debugEvent.u.LoadDll for detailed information
            break;

        case UNLOAD_DLL_DEBUG_EVENT:
            // Handle DLL unloading
            // Process debugEvent.u.UnloadDll for detailed information
            break;

        case OUTPUT_DEBUG_STRING_EVENT:
            // Handle output of debug strings
            // Process debugEvent.u.DebugString for detailed information
            break;
            // Handle other debug events as needed

        }

        // Continue execution of the traced process
        ContinueDebugEvent(debugEvent.dwProcessId, debugEvent.dwThreadId, DBG_CONTINUE);
    }

    return true;
}

字符串

相关问题