I'm trying to write a debugger with the help of Iczelion's tutorial 28.
My problem is, debuggee windows is left open even after the ExitProcess in it is called. Debugger receives EXIT_PROCESS_DEBUG_EVENT, but debuggee window is still visible and does not react to anything. It does goes away with the closing of debugger though.
Last edited by vivik on 31 Oct 2016, 06:16; edited 4 times in total
I had to call ContinueDebugEvent for the last time, found help on a different forum. I wonder if it's a bug in tutorial itself, or masm's ".break" does a different thing from what I expect. Or there is just a different case of usage. Whatever.
Iczelion tutorial says something about the context.regFlag field, but my C headers don't have this field. They have EFlags instead, is that it? Edit: yes, EFlags==regFlag, they both are fourth from the end. Installed masm to check.
I've not see documentation on CONTEXT structure - I do know it has changed with almost every new Windows version. Probably best to look at other tools using debug interfaces.
It changes with each CPU. It is different for ARM, PPC, x86, etc. And even within x86 with the newer registers being added (i.e. XMM, YMM, ZMM) is must be updated to allow for the extra registers each time the CPU is upgraded.
Please note that hProcess and hThread may not have the same handle values we have received in pi (PROCESS_INFORMATION). The process-ID and the thread-ID would, however, be the same. Each handle you get by Windows (for the same resource) is different from other handles, and has a different purpose. So, the debugger may choose to display either the handles or the IDs.
If I had to assume, I would say the handles have different permissions.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum