flat assembler
Message board for the users of flat assembler.

Index > Windows > Debug Api

Author
Thread Post new topic Reply to topic
Everhest



Joined: 26 Jun 2008
Posts: 83
Location: Russia
Everhest 09 Sep 2013, 18:56
Hi. Forgive for my bad English and HELP ME PLEASE!!!

Why this code not working? Im testing with WinXP and Win7.

Debugger
Code:
include 'win32ax.inc'

        EXCEPTION_NONCONTINUABLE = 0x1
        EXCEPTION_MAXIMUM_PARAMETERS = 15
        EXCEPTION_DEBUG_EVENT = 1
        CREATE_THREAD_DEBUG_EVENT = 2
        CREATE_PROCESS_DEBUG_EVENT = 3
        EXIT_THREAD_DEBUG_EVENT = 4
        EXIT_PROCESS_DEBUG_EVENT = 5
        LOAD_DLL_DEBUG_EVENT = 6
        UNLOAD_DLL_DEBUG_EVENT = 7
        OUTPUT_DEBUG_STRING_EVENT = 8
        RIP_EVENT = 9

struct OUTPUT_DEBUG_STRING_INFO
  lpDebugStringData     dd ?;LPSTR
  fUnicode              dw ?;WORD 
  nDebugStringLength    dw ?;WORD 
ends

struct DEBUG_EVENT
  dwDebugEventCode dd ?
  dwProcessId      dd ?
  dwThreadId       dd ?
  u                rb 96-(3*4)
ends

        INFINITE equ 0FFFFFFFFh

        DBG_CONTINUE equ 0x00010002

.data
        hProcess        dd FALSE
        ProcessFinished dd TRUE
        BPAddr          dd FALSE
        RestoreBreak    dd FALSE

        NumbOfByteRead  dd ?


        startinfo       STARTUPINFO
        pi              PROCESS_INFORMATION
        DBEvent         DEBUG_EVENT

        buffer          rb MAX_PATH

.code
        start:
                stdcall OpenForDebug, <"app.exe">
        loop_debug:
                invoke  WaitForDebugEvent, DBEvent, INFINITE
                cmp     [DBEvent.dwDebugEventCode], EXIT_PROCESS_DEBUG_EVENT
                je      dbgapp_exit
                cmp     [DBEvent.dwDebugEventCode], CREATE_PROCESS_DEBUG_EVENT
                je      dbgapp_creat
                cmp     [DBEvent.dwDebugEventCode], OUTPUT_DEBUG_STRING_EVENT
                je      dbgapp_string
        continue_debug:
                invoke  ContinueDebugEvent, [DBEvent.dwProcessId], [DBEvent.dwThreadId], DBG_CONTINUE
                jmp     loop_debug
        dbgapp_string:
                mov     ebx, DBEvent.u
                virtual at 0
                        DebugString OUTPUT_DEBUG_STRING_INFO
                end virtual
                invoke  ReadProcessMemory, [hProcess], [ebx+DebugString.lpDebugStringData], buffer, [ebx+DebugString.nDebugStringLength], NumbOfByteRead
                invoke  MessageBox, 0, buffer , <"DEBUG APP OUT COMMAND"> , 0
                jmp     continue_debug
        dbgapp_exit:
              ;  invoke  MessageBox, 0, <"ExitProc">, 0, 0
                invoke  ContinueDebugEvent, [DBEvent.dwProcessId], [DBEvent.dwThreadId], DBG_CONTINUE
                jmp     close
        dbgapp_creat:
               ; invoke  MessageBox, 0, <"Event">, 0, 0
                jmp     continue_debug
        close:
                invoke  ExitProcess, 0

proc OpenForDebug, szFileName

        invoke  GetStartupInfo, startinfo
        invoke  CreateProcess, [szFileName], NULL, NULL, NULL, FALSE, PROCESS_QUERY_INFORMATION+DEBUG_PROCESS, NULL, NULL, startinfo, pi
        mov     eax, [pi.hProcess]
        mov     [hProcess],    eax
        ret
endp

.end start
    


and app for debug
Code:
include 'win32ax.inc'

.code
        start:
                invoke  MessageBox, 0, <"Hello World!">, <"Title">, MB_ICONINFORMATION
                invoke  OutputDebugString, <'invoke  MessageBox, 0, <"Hello World!">, <"Title">, MB_ICONINFORMATION'>
                invoke  ExitProcess, 0

.end start                                  
    


hProcess is valid return in CreateProcess, In ReadProcessMemory raised exception (Access Violation) why? Please help me!!! Im not understand!!! Question Sad

_________________
Forgive for my bad english, I from russia...
Post 09 Sep 2013, 18:56
View user's profile Send private message ICQ Number Reply with quote
Everhest



Joined: 26 Jun 2008
Posts: 83
Location: Russia
Everhest 09 Sep 2013, 19:12
its work^

Code:
        dbgapp_string:
                virtual at DBEvent.u
                        DebugString OUTPUT_DEBUG_STRING_INFO
                end virtual
                invoke  ReadProcessMemory, [hProcess], [DebugString.lpDebugStringData], buffer, dword[DebugString.nDebugStringLength], NumbOfByteRead
                invoke  MessageBox, 0, buffer , <"DEBUG APP OUT COMMAND"> , 0
                jmp     continue_debug       
Post 09 Sep 2013, 19:12
View user's profile Send private message ICQ Number Reply with quote
Everhest



Joined: 26 Jun 2008
Posts: 83
Location: Russia
Everhest 10 Sep 2013, 03:31
What is different dword[DebugString.nDebugStringLength] and [DebugString.nDebugStringLength]?

if im write first then nice. If im write [DebugString.nDebugStringLength] then app crashed 0_o Why?
Post 10 Sep 2013, 03:31
View user's profile Send private message ICQ Number Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6115
Location: Poland
MHajduk 10 Sep 2013, 08:27
Everhest wrote:
What is different dword[DebugString.nDebugStringLength] and [DebugString.nDebugStringLength]?

if im write first then nice. If im write [DebugString.nDebugStringLength] then app crashed 0_o Why?
The reason is 'nDebugStringLength' structure field stores a word while the 'ReadProcessMemory' function most probably expects dword. If you put there just '[DebugString.nDebugStringLength]' instead of 'dword[DebugString.nDebugStringLength]' the stack is unbalanced and application crashes, IMHO.
Post 10 Sep 2013, 08:27
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.