HOw can i make breakpoint in a dll already loaded into memory like kernel32.dll ??
I want a way that work with both win9x and winNT
thanks for your time.
I want a way that work with both win9x and winNT
thanks for your time.
It depends on what debugger you are using.
Be aware that you will receive little or no help from the members of this forum on this particular topic, as you are close to reverse engineering, which is specifically disallowed here.
Be aware that you will receive little or no help from the members of this forum on this particular topic, as you are close to reverse engineering, which is specifically disallowed here.
hi sluggy,
thanks for replay.
i am not asking about how to make it using debugger. i know how to make it using softice .
i am asking how to code it . ??
i want a way that work with both win9x and winNT
i want to learn :(
thanks.
thanks for replay.
i am not asking about how to make it using debugger. i know how to make it using softice .
i am asking how to code it . ??
i want a way that work with both win9x and winNT
i want to learn :(
thanks.
I think it depends on where you want to put your bpx opcode (CC in hex)
If your plan is to trace a function you could simply :
yourprocEntry =GetProcAddr
VirtualProtect-> yourprocEntry (deprotect )
WriteProcessMemoryA ->yourprocEntry "CC"
...
Hope this helps...
Axial
BTW: GetProcAddress inside debugger doens't return the TRUE offset , remember that...
If your plan is to trace a function you could simply :
yourprocEntry =GetProcAddr
VirtualProtect-> yourprocEntry (deprotect )
WriteProcessMemoryA ->yourprocEntry "CC"
...
Hope this helps...
Axial
BTW: GetProcAddress inside debugger doens't return the TRUE offset , remember that...
thanks Axial,
i have a qe . does VirtualProtect allow me to set PAGE_NOACCESS on a dll already loaded like kernel32.dll ??
i have no time now to test it now ( i have an exam tommorw :mad: ) .
if you know a place where i can get source code from related to this subject , i will be so glad.
i think this will help me if god will.
thanks alot for information.
i have a qe . does VirtualProtect allow me to set PAGE_NOACCESS on a dll already loaded like kernel32.dll ??
i have no time now to test it now ( i have an exam tommorw :mad: ) .
if you know a place where i can get source code from related to this subject , i will be so glad.
i think this will help me if god will.
thanks alot for information.
Be carefull, what you talk about on this Board.... for now it's ok, but we're watching you :)
As far as I remember, you cannot use VirtualProtect on system DLLs,
so it might be a bit hard to set the breakpoint :). For other DLLs
it should work though - and because of copy-on-write the breakpoint
will only be present in the process you're debugging.
If you're writing a debugger, you might want to have a look at the
debugging API, and search for net walkers minidebugger.
Bazik, no need to be nazi before the guy has done anything wrong...
I don't see you questioning iczelion's tut28,29,30 ;).
so it might be a bit hard to set the breakpoint :). For other DLLs
it should work though - and because of copy-on-write the breakpoint
will only be present in the process you're debugging.
If you're writing a debugger, you might want to have a look at the
debugging API, and search for net walkers minidebugger.
Bazik, no need to be nazi before the guy has done anything wrong...
I don't see you questioning iczelion's tut28,29,30 ;).
Hmm Interesting.. I need to find out the parameters that are passed to a specific function .. I wonder if that would work for me :)