Index
> Windows > Writing a debugger...[solved] |
| Author |
|
|
vivik 29 Oct 2016, 08:04
Thought about using DebugActiveProcessStop instead of just CloseHandle how tutorial suggests, but got "undefined reference". Looking for cause now. I'm using MinGW, if that's important.
|
|||
29 Oct 2016, 08:04 |
|
|
vivik 29 Oct 2016, 11:36
I had to call ContinueDebugEvent for the last time, found help on a different forum. I wonder if it's a bug in tutorial itself, or masm's ".break" does a different thing from what I expect. Or there is just a different case of usage. Whatever.
|
|||
|
29 Oct 2016, 11:36 |
|
|
vivik 29 Oct 2016, 16:05
Where can I find documentation about the CONTEXT structure? I found this https://msdn.microsoft.com/en-us/library/windows/desktop/ms679284(v=vs.85).aspx , but it tells pretty much nothing useful.
Iczelion tutorial says something about the context.regFlag field, but my C headers don't have this field. They have EFlags instead, is that it? Edit: yes, EFlags==regFlag, they both are fourth from the end. Installed masm to check. |
|||
|
29 Oct 2016, 16:05 |
|
|
bitRAKE 30 Oct 2016, 01:58
Here are a few thread that might help:
https://board.flatassembler.net/topic.php?p=134491#134491 https://board.flatassembler.net/topic.php?p=109624#109624 I've not see documentation on CONTEXT structure - I do know it has changed with almost every new Windows version. Probably best to look at other tools using debug interfaces. |
|||
|
30 Oct 2016, 01:58 |
|
|
revolution 30 Oct 2016, 02:03
bitRAKE wrote: I've not see documentation on CONTEXT structure - I do know it has changed with almost every new Windows version. Probably best to look at other tools using debug interfaces. |
|||
|
30 Oct 2016, 02:03 |
|
|
vivik 30 Oct 2016, 17:42
I have the PROCESS_INFORMATION pi , which I receive from the CreateProcess call, and I have the DEBUG_EVENT DBEvent, which I receive from the WaitForDebugEvent call.
What's the difference between pi.hProcess and DBEvent.u.CreateProcessInfo.hProcess ? I expected them to be the same thing, but they are different. Thanks for info btw, very interesting. |
|||
|
30 Oct 2016, 17:42 |
|
|
bitRAKE 30 Oct 2016, 19:44
Not sure why Windows creates a different handle:
http://www.codeproject.com/Articles/43682/Writing-a-basic-Windows-debugger Quote: Please note that hProcess and hThread may not have the same handle values we have received in pi (PROCESS_INFORMATION). The process-ID and the thread-ID would, however, be the same. Each handle you get by Windows (for the same resource) is different from other handles, and has a different purpose. So, the debugger may choose to display either the handles or the IDs. |
|||
|
30 Oct 2016, 19:44 |
|
< Last Thread | Next Thread > |
Forum Rules:
|