MinDBG: Win32
, 32- Windows (Win32) , . -,
createProcess (
dwCreationFlags)
DEBUG_ONLY_THIS_PROCESS.
, , , . ,
, DEBUG_ONLY_THIS_PROCESS :reateProcess
DEBUG_PROCESS.
, API Win32 , Win32 . (wild memory writes) , . ( 16- Windows Macintosh , , .)
, , API-
v/aitForDebugEvent, . ,
:ontinueDebugEvent. , , :reateProcess , API-. , , Win32-oxnafl4HK:
void main ( void)
CreateProcess ( ..., DEBUG_ONLY_THIS_PROCESS, ...);
while ( 1 == WaitForDebugEvent ( ...))
{
if ( EXIT_PROCESS)
{
break;
}
ContinueDebugEvent ( ...);
}
}
, 32- Win- , , - . API Win32
, .
, , . (
DEBUG_EVENT),
WaitForDebugEvent, .
typedef struct _DEBUG_EVENT {
DWORD dwDebugEventCode;
DWORD dwProcessId;
DWORD dwThreadld;
union {
EXCEPTION_DEBUG_INFO Exception;
CREATE_THREAD_DEBUG_INFO CreateThread;
CREATE_PROCESS_DEBUG_INFO CreateProcessInfo;
EXIT_THREAD_DEBUG_INFO ExitThread;
EXIT_PROCESS_DEBUG_INFO ExitProcess;
LOAD_DLL_DEBUG_INFO LoadDll;
UNLOAD_DLL_DEBUG_INFO UnloadDll;
OUTPUT_DEBUG_STRING_INFO DebugString;
RIP_INFO Riplnfo;
} u;
} DEBUG_EVENT
.
- CREATE_PROCESS_DEBUG_EVENT
, . , , .
DEBUG_EVENT
CREATE_PROCESS_DEBUG_INFO.
, , , .
PROCESS_VM_READ
PROCESS_VM_WRITE. , ,
ReadProcessMemory WriteProcessMemory.
GENERIC_READ
(read-sharing).
THREAD_GET_CONTEXT, THREAD_SET_CONTEXT
THREAD_SUSPEND_RESUME. , ()
, GetThreadContext
SetThreadContext, ,
ResumeThread
SuspendThread.
- CREATE_THREAD_DEBUG_EVENT
,
. , .
DEBUG_EVENT
CREATE_THREAD_DEBUG_INFO.
.
THREAD_GET_CONTEXT, THKEAD_SET_ CONTEXT
THREAD_SUSPEND_RESUME. , () ,
GetThreadContext SetThreadContext,
, ResumeThread
SuspendThread.
, . , , 0 , "Structured
Exception Handling" ( )
Platform SDK.
DEBUG_EVENT
EXCEPTION_DEBUG_INFO. , .
, .
DBG_CONTROL_C,
<Ctrl>+<C>.
<Ctrl>+<C> . . . , .
DBG_CONTROL_C, . (
MSDN SetConsoleCtrlHandler.)
, . ,
DLL .
DEBUG_EVENT
EXIT_PROCESS_DEBUG_INFO,
.
, . , .
, , . , .
DEBUG_EVENT
EXIT_THREAD_DEBUG_INFO,
.
, . , .
, .
EXIT_PROCESS_DEBUG_EVENT.
,
DLL. ,
DLL
LoadLibrary. ,
DLL. DLL
0, DLL . DLL .
DEBUG_EVENT
LOAD_DLL_DEBUG_INFO.
DLL, DLL, ,
DLL.
, ,
DLL.
- OUTPUT_DEBUG_STRING_EVENT
,
OutputDebugString.
DEBUG_EVENT
OUTPUT_DEBUG_STRING_INFO.
, .
,
DLL,
FreeLibrary. ,
DLL (. .
DLL 0).
DEBUG_EVENT
UNLOAD_DLL_DEBUG_INFO.
DLL ,
DLL.
, ,
DLL.
,
DLL ,
UNLOAD_DLL_DEBUG _EVENT.
Windows 98 , , , , .
,
:.TaitForDebugEvent,
, , ,
continueoebugEvent. ,
ReadProcessMemory WriteProcessMemory.
"--",
virtuaiProtect, .
WriteProcessMemory,
FlushinstructionCache, .
FlushinstructionCache, , , , , , CPU, .
FlushinstructionCache . CPU,
GetThreadContext SetThreadContext.
Win32, , .
CREATE_PROCESS_DEBUG_VENT LOAD_DLL_DEBUG_EVENT
,
EXCEPTION_DEBUG_EVENT.
(loader breakpoint). ,
CREATE_PROCESS_DEBUG_EVENT , , , . , .
(real-world) (, ) , , .
1 , , Visual Basic, Visual C++ .
, , . , ( ), CPU. Intel Pentium ,
ContinueDebugEvent
DBG_CONTINUE, .
4-2 " "
MinDBG. .
MinDBG , , , ,
DLL. , "" "".
4-2. MINDBG.CPP
/*- - - - - - - - - - - - - -
- - - - - - - - - -
Win32
- - - - - - - - - - - - - - -
- - - - - - - - - - */
/*//////////////////////////////////////////////////////////////
#include
//////////////////////////////////////////////////////////////*/
#include "stdafx.h"
/*///////////////////////////////////////////////////
////////////////////////////////////////////////////////*/
// Shows the minimal help.
void ShowHelp ( void);
// Display-
void DisplayCreateProcessEvent ( CREATE_PROCESS_DEBUG_INFO & stCPDI);
void DisplayCreateThreadEvent ( CREATE_THREAD_DEBUG_INFO & stCTDI);
void DisplayExitThreadEvent ( EXIT_THREAD_DEBUG_INFO & stETDI);
void DisplayExitProcessEvent ( EXIT_PROCESS_DEBUG_INFO & stEPDI);
void DisplayDllLoadEvent ( LOAD_DLL_DEBUG_INFO & stLDDI);
void DisplayDllUnLoadEvent ( UNLOAD_DLL_DEBUG_INFO & stULDDI);
void DisplayODSEvent ( HANDLE hProcess,
OUTPUT_DEBUG_STRING_INFO & stODSI );
void DisplayExceptionEvent ( EXCEPTION_DEBUG_INFO & stEDI);
/*////////////////////////////////////////////////////////////
!
/////////////////////////////////////////////////////////////*/
void main ( int argc, char * argv[ ])
// .
if ( 1 == argc)
{
ShowHelp ();
return;
}
// .
TCHAR szCmdLine[ _ ];
szCmdLine[ 0 ] = '\0';
for ( int i = 1; i < argc; i++)
{ strcat ( szCmdLine, argv[ i ]);
if ( i < argc)
{
strcat ( szCmdLine, " ");
}
}
// .
// CreateProcess,
//
// DEBUG_ONLY_THIS_PROCESS.
STARTUPINFO stStartlnfo ;
PROCESS_INFORMATION stProcessInfo ;
memset ( sstStartlnfo , NULL, sizeof ( STARTUPINFO ));
memset ( SstProcessInfo, NULL, sizeof ( PROCESS_INFORMATION));
stStartlnfo.cb = sizeof ( STARTUPINFO);
BOOL bRet = CreateProcess ( NULL ,
szCmdLine ,
NULL
NULL ,
FALSE ,
CREATE_NEW_CONSOLE |
DEBUG__ONLY_THIS_PROCESS,
NULL ,
NULL ,
&stStartlnfo ,
&stProcessInfo ) ;
// , .
if ( FALSE == bRet)
{
printf ( "Unable to start %s\n", szCmdLine);
return;
}
// , .
DEBUG_EVENT stDE
BOOL bSeenlnitialBP = FALSE ;
BOOL bContinue = TRUE ;
HANDLE hProcess = INVALID_HANDLE_VALUE;
DWORD dwContinueStatus
// while.
while ( TRUE == bContinue)
{
// , .
bContinue = WaitForDebugEvent ( &stDE, INFINITE);
// . -
// MinDBG ,
// .
switch ( stDE.dwDebugEventCode)
{
case CREATE_PROCESS_DEBUG_EVENT :
{
DisplayCreateProcessEvent ( stDE.u.CreateProcessInfo);
// ,
//
. hProcess = stDE.u.CreateProcessInfo.hProcess;
dwContinueStatus = DBG_CONTINUE;
}
break;
case 'EXIT_PROCESS_DEBUG_EVENT :
{
DisplayExitProcessEvent ( stDE.u.ExitProcess);
bContinue = FALSE;
dwContinueStatus =
DBG_CONTINUE;
}
break;
case LOAD_DLL_DEBUG_EVENT :
{
DisplayDllLoadEvent ( stDE.u.LoadDll);
dwContinueStatus = DBG_CONTINUE;
}
break;
case UNLOAD_DLL_DEBUG_EVENT :
{
DisplayDllUnLoadEvent ( stDE.u.UnloadDll);
dwContinueStatus = DBG_CONTINUE;
}
break;
case CREATE_THREAD_DEBUG_EVENT :
{
DisplayCreateThreadEvent ( stDE.u.CreateThread);
dwContinueStatus = DBG_CONTINUE;
}
break;
case EXIT_THREAD_DEBUG_EVENT :
{
DisplayExitThreadEvent ( stDE.u.ExitThread);
dwContinueStatus = DBG_CONTINUE;
}
break;
case OUTPUT_DEBUG_STRING_EVENT :
{
DisplayODSEvent ( hProcess, stDE.u.DebugString);
dwContinueStatus = DBG_CONTINUE;
}
break;
case RIPR_VENT :
dwContinueStatus = DBG_CONTINUE;
}
break;
case EXCEPTION_DEBUG_EVENT :
{
DisplayExceptionEvent ( stDE.u.Exception);
// ,
// -,
// , .
switch ( stDE.u.Exception.ExceptionRecord.ExceptionCode)
{
case EXCEPTION_BREAKPOINT :
{
//
// , ;
// ,
//
if ( FALSE == bSeenlnitialBP)
{
bSeenlnitialBP = TRUE;
dwContinueStatus = DBG_CONTINUE;
}
else {
// , !
dwContinueStatus =
DBG_EXCEPTION_NOT_HANDLED;
}
}
break;
//
// ,
default :
{
dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
}
break;
}
}
break;
// ,
default :
{
dwContinueStatus = DBG_CONTINUE;
}
break;
}
// .
ContinueDebugEvent ( stDE.dwProcessId,
stDE.dwThreadld ,
dwContinueStatus );
}
}
/*/////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////*/
void ShowHelp ( void)
{
printf ( "MinDBG <program to debug> "
"<program's command-line options>\n");
}
void DisplayCreateProcessEvent ( CREATE_PROCESS_DEBUG_INFO & stCPDI)
{
printf ( "Create Process Event :\n");
printf (." hFile : Ox%08X\n",
stCPDI.hFile );
printf ( " hProcess :
0x%08X\n",
stCPDI.hProcess );
printf ( " hThread :
0x%08X\n",
stCPDI.hThread);
printf ("
lpBaseOfImage :0x%08X\n",
stCPDI.lpBaseOfImage);
printf("dwDebugInfoFileOffset:
0x%08X\n",
stCPDI.dwDebugInfoFileOffset);
printf("nDebugInfoSize:
0x%08X\n",
stCPDI.nDebugInfoSize);
printf ( " IpThreadLocalBase : Ox%08X\n",
stCPDI.IpThreadLocalBase );
printf ( " IpStartAddress : Ox%08X\n",
stCPDI.IpStartAddress ) ;
printf ( " IpImageName : Ox%08X\n",
stCPDI.IpImageName );
printf ( " fUnicode : Ox%08X\n",
stCPDI.fUnicode );
}
void DisplayCreateThreadEvent ( CREATE_THREAD_DEBUG_INFO &
stCTDI)
{
printf ( "Create Thread Event :\n");
printf ( " hThread : Ox%08X\n",
stCTDI.hThread );
printf ( " IpThreadLocalBase : Ox%08X\n",
stCTDI.IpThreadLocalBase );
printf ( " IpStartAddress : Ox%08X\n",
stCTDI.IpStartAddress );
}
void DisplayExitThreadEvent ( EXIT_THREAD_DEBUG_INFO &
stETDI)
{
printf ( "Exit Thread Event :\n");
printf ( " dwExitCode : Ox%08X\n",
stETDI.dwExitCode );
}
void DisplayExitPrpcessEvent ( EXIT_PROCESS_DEBUG_INFO &
stEPDI)
{
printf ( "Exit Process Event :\n");
printf ( " dwExitCode ' : Ox%08X\n",
stEPDI.dwExitCode );
}
void DisplayDllLoadEvent ( LOAD_DLL_DEBUG_INFO &
stLDDI)
{
printf ( "DLL Load Event :\n");
printf ( " hFile : Ox%08X\n",
stLDDI.hFile );
printf ( " IpBaseOfDll : Ox%08X\n",
stLDDI.IpBaseOfDll );
printf ( " dwDebuglnfoFileOffset : Ox%08X\n",
stLDDI.dwDebuglnfoFileOffset );
printf ( " nDebuglnfoSize : Ox%08X\n",
stLDDI.nDebuglnfoSize );
printf ( " IpImageName : Ox%08X\n",
stLDDI.IpImageName );
printf ( " fUnicode : Ox%08X\n",
stLDDI.fUnicode );
}
void DisplayDllUnLoadEvent ( UNLOAD_DLL_DEBUG_INFO &
stULDDI)
{
printf ( "DLL Unload Event :\n");
printf ( " IpBaseOfDll : Ox%08X\n",
stULDDI.IpBaseOfDll );
}
void DisplayODSEvent { HANDLE
hProcess,
OUTPUT_DEBUG STRING INFO & stODSI )
{
printf ( "OutputDebugString Event :\n");
printf ( " IpDebugStringData : Ox%08X\n",
stODSI.IpDebugStringData );
printf ( " fUnicode : Ox%08X\n",
stODSI.fUnicode );
printf ( " nDebugStringLength : Ox%08X\n",
stODSI.nDebugStringLength );
printf ( " String :\n"); char szBuff[ 512 ];
if ( stODSI.nDebugStringLength > 512)
{
return;
}
DWORD dwRead;
BOOL bRet;
bRet = ReadProcessMemory ( hProcess
stODSI.IpDebugStringData ,
szBuff ,
stODSI.nDebugStringLength ,
SdwRead );
printf ( "%s", szBuff);
}
void DisplayExceptionEvent ( EXCEPTION_DEBUG INFO &
stEDI)
{
printf ( "Exception Event :\n");
printf ( " dwFirstChance : Ox%08X\n",
stEDI.dwFirstChance );
printf ( " ExceptionCode : Ox%08X\n",
stEDI.ExceptionRecord.ExceptionCode );
printf ( " ExceptionFlags : Ox%08X\n",
stEDI.ExceptionRecord.ExceptionFlags );
printf ( " ExceptionRecord : Ox%08X\n",
stEDI.ExceptionRecord.ExceptionRecord );
printf ( " ExceptionAddress : Ox%08X\n",
stEDI.ExceptionRecord.ExceptionAddress );
printf ( " NumberParameters : Ox%08X\n",
stEDI.ExceptionRecord.NumberParameters );
}
, - , . , .
| | 10.11.2021 - 12:37: - Personalias -> WHO IS WHO - - _.
10.11.2021 - 12:36: - Conscience -> . ? - _.
10.11.2021 - 12:36: , , - Upbringing, Inlightening, Education -> ... - _.
10.11.2021 - 12:35: - Ecology -> - _.
10.11.2021 - 12:34: , - War, Politics and Science -> - _.
10.11.2021 - 12:34: , - War, Politics and Science -> . - _.
10.11.2021 - 12:34: , , - Upbringing, Inlightening, Education -> , - _.
10.11.2021 - 09:18: - New Technologies -> , 5G- - _.
10.11.2021 - 09:18: - Ecology -> - _.
10.11.2021 - 09:16: - Ecology -> - _.
10.11.2021 - 09:15: , , - Upbringing, Inlightening, Education -> - _.
10.11.2021 - 09:13: , , - Upbringing, Inlightening, Education -> - _.
|
