I am in the process of writting my own simple little debugger and have run into a problem.. I downloaded iczelions tuts 28 - 30 on writting a debugger but it's not quite detailed enough to help me figure out how to write specific breakpoints.. Like for writeprocessmemory (like when you write bpx writeprocessmemory in softice and it tells you which offset was changed).. If anyone knows where I can find a tutorial that explains this I would appreciate a link or any helpful advice to point me in the right path would be appreciated! ;)
Posted on 2001-10-08 10:36:46 by DAMASTA
If you're writing a ring3 debugger that "loads" a file (CreateProcess
in suspended mode, for instance), as opposed to attaching to a process
that is alreayd running, you can set application-wide API breakpoint
by patching the import table... see icz' PE tuts, and the LUEVELSMEYER
PE document. This will not work with GetProcAddress (or even
sneakier) import methods, only with implicitly linked DLLs.
Posted on 2001-10-08 11:00:59 by f0dder