英文:
How can I trace a program by step in?
问题
主要问题:
我正在尝试编写自己的追踪器,但我找不到关于如何追踪程序本身的任何材料,msdn中没有关于EXCEPTION_SINGLE_STEP以及如何调用它的信息。再次理解,我需要以某种方式调用EXCEPTION_SINGLE_STEP,但如何呢?在第一个EXCEPTION_BREAKPOINT异常之后,我的应用程序就启动并继续执行,直到执行其任何操作。如果我只是在每个指令之前设置断点,然后再移除它,那么我将不断生成EXCEPTION_BREAKPOINT,而不是EXCEPTION_SINGLE_STEP。
1)调试循环链接
我的代码:
BOOL TraceProcess(PEInformation& PEInformation)
{
DEBUG_EVENT debugEvent;
Regs Regs;
bool IsRunning = true;
CONTEXT Context{};
Context.ContextFlags = CONTEXT_ALL;
HANDLE hThread;
while (IsRunning)
{
if (!WaitForDebugEvent(&debugEvent, INFINITE))
{
// 错误处理
DebugActiveProcessStop(PEInformation.processInfo.dwProcessId);
return FALSE;
}
// 根据调试事件的类型处理调试事件
switch (debugEvent.dwDebugEventCode)
{
case EXCEPTION_DEBUG_EVENT:
switch (debugEvent.u.Exception.ExceptionRecord.ExceptionCode)
{
case EXCEPTION_BREAKPOINT:
hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, debugEvent.dwThreadId);
if (!GetThreadContext(hThread, &Context))
{
std::cerr << "GetThreadContext failed: " << GetLastError() << std::endl;
break;
}
std::cout << "rip: " << std::hex << Context.Rip << std::endl;
break;
case EXCEPTION_SINGLE_STEP:
hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, debugEvent.dwThreadId);
if (!GetThreadContext(hThread, &Context))
{
std::cerr << "GetThreadContext failed: " << GetLastError() << std::endl;
break;
}
std::cout << "rip: " << std::hex << Context.Rip << std::endl;
break;
}
break;
case CREATE_THREAD_DEBUG_EVENT:
// 处理新创建的线程
// 处理详细信息debugEvent.u.CreateThread
break;
case CREATE_PROCESS_DEBUG_EVENT:
// 处理新创建的进程(主线程)
// 处理详细信息debugEvent.u.CreateProcessInfo
break;
case EXIT_THREAD_DEBUG_EVENT:
// 处理线程退出
// 处理详细信息debugEvent.u.ExitThread
break;
case EXIT_PROCESS_DEBUG_EVENT:
// 处理进程退出
// 处理详细信息debugEvent.u.ExitProcess
DebugActiveProcessStop(PEInformation.processInfo.dwProcessId);
return TRUE;
case LOAD_DLL_DEBUG_EVENT:
// 处理DLL加载
// 处理详细信息debugEvent.u.LoadDll
break;
case UNLOAD_DLL_DEBUG_EVENT:
// 处理DLL卸载
// 处理详细信息debugEvent.u.UnloadDll
break;
case OUTPUT_DEBUG_STRING_EVENT:
// 处理调试字符串的输出
// 处理详细信息debugEvent.u.DebugString
break;
// 根据需要处理其他调试事件
}
// 继续追踪过程的执行
ContinueDebugEvent(debugEvent.dwProcessId, debugEvent.dwThreadId, DBG_CONTINUE);
}
return true;
}
以上是您提供的代码的翻译。
英文:
Main problem:
I'm trying to write my own tracer, but I can't find any material on how I can trace the program itself,
there is no information in msdn about EXCEPTION_SINGLE_STEP and how it can be called. Again, as far as I understand, I
need to somehow call EXCEPTION_SINGLE_STEP, but how? After the first EXCEPTION_BREAKPOINT exception, my application
just starts and continues until any of its actions are performed. If I just put a breakpoint before each instruction, and then remove it,
then I will constantly generate EXCEPTION_BREAKPOINT, and not EXCEPTION_SINGLE_STEP,
MY CODE:
BOOL TraceProcess(PEInformation& PEInformation)
{
DEBUG_EVENT debugEvent; Regs Regs;
bool IsRunning = true;
CONTEXT Context{}; Context.ContextFlags = CONTEXT_ALL;
HANDLE hThread;
while (IsRunning)
{
if (!WaitForDebugEvent(&debugEvent, INFINITE))
{
// Error handling
DebugActiveProcessStop(PEInformation.processInfo.dwProcessId);
return FALSE;
}
// Process the debug event based on its type
switch (debugEvent.dwDebugEventCode)
{
case EXCEPTION_DEBUG_EVENT:
switch (debugEvent.u.Exception.ExceptionRecord.ExceptionCode)
{
case EXCEPTION_BREAKPOINT:
hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, debugEvent.dwThreadId);
if (!GetThreadContext(hThread, &Context))
{
std::cerr << "GetThreadContext failed: " << GetLastError() << std::endl;
break;
}
std::cout << "rip: " << std::hex << Context.Rip << std::endl;
break;
case EXCEPTION_SINGLE_STEP:
hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, debugEvent.dwThreadId);
if (!GetThreadContext(hThread, &Context))
{
std::cerr << "GetThreadContext failed: " << GetLastError() << std::endl;
break;
}
std::cout << "rip: " << std::hex << Context.Rip << std::endl;
break;
}
break;
case CREATE_THREAD_DEBUG_EVENT:
// Handle newly created threads
// Process debugEvent.u.CreateThread for detailed information
break;
case CREATE_PROCESS_DEBUG_EVENT:
// Handle newly created processes (main thread)
// Process debugEvent.u.CreateProcessInfo for detailed information
break;
case EXIT_THREAD_DEBUG_EVENT:
// Handle thread exit
// Process debugEvent.u.ExitThread for detailed information
break;
case EXIT_PROCESS_DEBUG_EVENT:
// Handle process exit
// Process debugEvent.u.ExitProcess for detailed information
DebugActiveProcessStop(PEInformation.processInfo.dwProcessId);
return TRUE;
case LOAD_DLL_DEBUG_EVENT:
// Handle DLL loading
// Process debugEvent.u.LoadDll for detailed information
break;
case UNLOAD_DLL_DEBUG_EVENT:
// Handle DLL unloading
// Process debugEvent.u.UnloadDll for detailed information
break;
case OUTPUT_DEBUG_STRING_EVENT:
// Handle output of debug strings
// Process debugEvent.u.DebugString for detailed information
break;
// Handle other debug events as needed
}
// Continue execution of the traced process
ContinueDebugEvent(debugEvent.dwProcessId, debugEvent.dwThreadId, DBG_CONTINUE);
}
return true;
}
答案1
得分: 1
以下是您要翻译的代码部分:
BOOL TraceProcess()
{
DEBUG_EVENT debugEvent;
bool IsRunning = true;
CONTEXT Context{}; Context.ContextFlags = CONTEXT_ALL;
while (IsRunning)
{
if (!WaitForDebugEvent(&debugEvent, INFINITE))
{
// 错误处理
DebugActiveProcessStop(debugEvent.dwProcessId);
return FALSE;
}
HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, debugEvent.dwThreadId);
if (!hThread) { std::cerr << "hThread is NULL" << std::endl; return false; }
// 根据调试事件的类型处理调试事件
switch (debugEvent.dwDebugEventCode)
{
case EXCEPTION_DEBUG_EVENT:
switch (debugEvent.u.Exception.ExceptionRecord.ExceptionCode)
{
case EXCEPTION_BREAKPOINT:
if (!GetThreadContext(hThread, &Context))
{
std::cerr << "GetThreadContext 失败: " << GetLastError() << std::endl;
break;
}
Context.EFlags |= 0x100;
if (!SetThreadContext(hThread, &Context))
{
std::cerr << "SetThreadContext 失败: " << GetLastError() << std::endl;
break;
}
std::cout << "rip: " << std::hex << Context.Rip << std::endl;
CloseHandle(hThread);
break;
case EXCEPTION_SINGLE_STEP:
if (!GetThreadContext(hThread, &Context))
{
std::cerr << "GetThreadContext 失败: " << GetLastError() << std::endl;
break;
}
std::bitset<32> flags(Context.EFlags);
if (!flags[8])
{
Context.EFlags |= 0x100;
if (!SetThreadContext(hThread, &Context))
{
std::cerr << "SetThreadContext 失败: " << GetLastError() << std::endl;
break;
}
}
CloseHandle(hThread);
break;
}
break;
case CREATE_THREAD_DEBUG_EVENT:
// 处理新创建的线程
// 处理 debugEvent.u.CreateThread 以获取详细信息
break;
case CREATE_PROCESS_DEBUG_EVENT:
// 处理新创建的进程(主线程)
// 处理 debugEvent.u.CreateProcessInfo 以获取详细信息
break;
case EXIT_THREAD_DEBUG_EVENT:
// 处理线程退出
// 处理 debugEvent.u.ExitThread 以获取详细信息
break;
case EXIT_PROCESS_DEBUG_EVENT:
// 处理进程退出
// 处理 debugEvent.u.ExitProcess 以获取详细信息
DebugActiveProcessStop(debugEvent.dwProcessId);
return TRUE;
case LOAD_DLL_DEBUG_EVENT:
// 处理 DLL 加载
// 处理 debugEvent.u.LoadDll 以获取详细信息
break;
case UNLOAD_DLL_DEBUG_EVENT:
// 处理 DLL 卸载
// 处理 debugEvent.u.UnloadDll 以获取详细信息
break;
case OUTPUT_DEBUG_STRING_EVENT:
// 处理调试字符串的输出
// 处理 debugEvent.u.DebugString 以获取详细信息
break;
// 根据需要处理其他调试事件
}
// 继续执行被跟踪进程
ContinueDebugEvent(debugEvent.dwProcessId, debugEvent.dwThreadId, DBG_CONTINUE);
}
return true;
}
请注意,我已经将代码中的 HTML 实体编码(如 & 和 <<)还原为正常的 C++ 代码,并进行了适当的翻译。如果您需要更多的帮助或有其他问题,请随时告诉我。
英文:
The guys in the comments are great guys) Thanks @Wyck and @RbMm
SOLUTION
BOOL TraceProcess()
{
DEBUG_EVENT debugEvent;
bool IsRunning = true;
CONTEXT Context{}; Context.ContextFlags = CONTEXT_ALL;
while (IsRunning)
{
if (!WaitForDebugEvent(&debugEvent, INFINITE))
{
// Error handling
DebugActiveProcessStop(debugEvent.dwProcessId);
return FALSE;
}
HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, debugEvent.dwThreadId);
if (!hThread) { std::cerr << "hThread is NULL" << std::endl; return false; }
// Process the debug event based on its type
switch (debugEvent.dwDebugEventCode)
{
case EXCEPTION_DEBUG_EVENT:
switch (debugEvent.u.Exception.ExceptionRecord.ExceptionCode)
{
case EXCEPTION_BREAKPOINT:
if (!GetThreadContext(hThread, &Context))
{
std::cerr << "GetThreadContext failed: " << GetLastError() << std::endl;
break;
}
Context.EFlags |= 0x100;
if (!SetThreadContext(hThread, &Context))
{
std::cerr << "SetThreadContext failed: " << GetLastError() << std::endl;
break;
}
std::cout << "rip: " << std::hex << Context.Rip << std::endl;
CloseHandle(hThread);
break;
case EXCEPTION_SINGLE_STEP:
if (!GetThreadContext(hThread, &Context))
{
std::cerr << "GetThreadContext failed: " << GetLastError() << std::endl;
break;
}
std::bitset<32> flags(Context.EFlags);
if (!flags[8])
{
Context.EFlags |= 0x100;
if (!SetThreadContext(hThread, &Context))
{
std::cerr << "SetThreadContext failed: " << GetLastError() << std::endl;
break;
}
}
CloseHandle(hThread);
break;
}
break;
case CREATE_THREAD_DEBUG_EVENT:
// Handle newly created threads
// Process debugEvent.u.CreateThread for detailed information
break;
case CREATE_PROCESS_DEBUG_EVENT:
// Handle newly created processes (main thread)
// Process debugEvent.u.CreateProcessInfo for detailed information
break;
case EXIT_THREAD_DEBUG_EVENT:
// Handle thread exit
// Process debugEvent.u.ExitThread for detailed information
break;
case EXIT_PROCESS_DEBUG_EVENT:
// Handle process exit
// Process debugEvent.u.ExitProcess for detailed information
DebugActiveProcessStop(debugEvent.dwProcessId);
return TRUE;
case LOAD_DLL_DEBUG_EVENT:
// Handle DLL loading
// Process debugEvent.u.LoadDll for detailed information
break;
case UNLOAD_DLL_DEBUG_EVENT:
// Handle DLL unloading
// Process debugEvent.u.UnloadDll for detailed information
break;
case OUTPUT_DEBUG_STRING_EVENT:
// Handle output of debug strings
// Process debugEvent.u.DebugString for detailed information
break;
// Handle other debug events as needed
}
// Continue execution of the traced process
ContinueDebugEvent(debugEvent.dwProcessId, debugEvent.dwThreadId, DBG_CONTINUE);
}
return true;
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论