locked
Set Hardware BP on execute in other process globally RRS feed

  • Question

  • Hi.

    So I am learning on writing debuggers and I have tried and it works when I set up a software BP injecting 0xCC in the code. I use DebugActiveProcess and the PID of the process and I have it controlled.

    The problem I am facing now is when I tried to setup a hardware breakpoint. I have some questions:

    1) I have read that you need to set up a breakpoint by thread. But in IDA or Olly you can set a BP in a specific address and each time that address is being executed it breaks and gives the controll to the debugger. Because the program I want to debug creates a thread for each new connection ¿how can I create a BP for the whole process when that address is being executed (just as IDA or Olly do)?

    2) I know that to set Hw BP I need to set the registers D0-D4 with the address where I want to set the BP and use D7 to set the kind of BP (REad, Write, Execute...) but what is the value for execute? 

    3) I have used: http://www.codeproject.com/Articles/28071/Toggle-hardware-data-read-execute-breakpoints-prog code in my code applying it to a remote process but it does not work. Maybe it is because I am having the problem I said in the point 1). Here the relevant part of my code:

    ////Get process id
    	DWORD pid = FindProcessId(L"hello.exe");
    	DWORD thread_id = ListProcessThreads(pid); // Returns the last thread id of the process
    
    	int *breakpoint_address = (int*)0x0051653A;
    	HANDLE thread_handle = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, FALSE, thread_id);
    	HANDLE hX3 = SetHardwareBreakpoint(thread_handle, HWBRK_TYPE_CODE, HWBRK_SIZE_1, breakpoint_address);
    DebugActiveProcess(pid);
    
    	DEBUG_EVENT DBEvent;
    	int flag = 0;
    	int counter = 0;
    	while (flag == 0)
    	{
    		WaitForDebugEvent(&DBEvent, INFINITE);
    		switch (DBEvent.dwDebugEventCode)
    		{
    		case EXCEPTION_SINGLE_STEP:
    			printf("aaaaaaaa");
    			MessageBoxA(0, "yesssssssss", "", 0);
    
    		case EXCEPTION_DEBUG_EVENT:
    			switch (DBEvent.u.Exception.ExceptionRecord.ExceptionCode)
    			{
    			case EXCEPTION_SINGLE_STEP:
    				printf("aaaaaaaa");
    				MessageBoxA(0, "yesssssssss", "", 0);
    
    
    			case EXCEPTION_BREAKPOINT:
    				MessageBoxA(0, "3333", "", 0);
    						}
    			break;
    		}
    
    		ContinueDebugEvent(DBEvent.dwProcessId, DBEvent.dwThreadId, DBG_CONTINUE);
    		if (flag != 0){
    			if (!DebugActiveProcessStop(pid)){
    				DWORD error_code = GetLastError();
    				printf("Error detaching the process %d\n", error_code);
    				system("pause");
    				return 0;
    			}
    			return 0;
    		}
    	}

     

     

    • Moved by Shu 2017 Wednesday, March 25, 2015 2:54 AM from C++ forum
    Monday, March 23, 2015 8:26 PM

All replies

  • Hi JhonSnow,

    Thanks for posting in MSDN forum.

    This issue would be better post to windwos desktop debugging forum, I will move this issue to there for better support. Thanks for your understanding.

    Best regards,

    Shu Hu 


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, March 25, 2015 2:53 AM