Re: Initiation of a Debugger using CreateProcess

---

• From: "Jacky Luk" <jl@xxxxxxxxxx>
• Date: Sat, 25 Jun 2005 16:55:41 +0800

---

Sorry, typo the address of wndproc
Thanks
Jack

"Jacky Luk" <jl@xxxxxxxxxx> ¼¶¼g©ó¶l¥ó·s»D:%23Mzb9GWeFHA.1456@xxxxxxxxxxxxxxxxxxxxxxx
> For example,
>
> void main (void)
> {
> CreateProcess ("Debuggee.exe"...);
> BaseAddress = abc.baseaddress; // context of the debuggee
> return;
>
> }
>
>
> "Jacky Luk" <jl@xxxxxxxxxx> ¼¶¼g©ó¶l¥ó·s»D:%23cpCe$VeFHA.2844@xxxxxxxxxxxxxxxxxxxxxxx
>> Sorry, What I meant by "started with CreateProcess" was the debuggee
>> instead of starting the debugger in a remote process... Thanks
>> Jack
>>
>> "Jacky Luk" <jl@xxxxxxxxxx> ¼¶¼g©ó¶l¥ó·s»D:O8Mzv5VeFHA.1040@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hi,
>>> I'm intending to write a private debugger for my own use, but it must be
>>> started with CreateProcess, how can I retrieve and control its "context"
>>> such as the base address loaded by the Windows Loader? Is it possible to
>>> disassemble the exe in this way? Also, how can I implement the feature
>>> of VB6 debugger (called JIT?)such that I can control the context outside
>>> the debugger when the debugger is waiting on an event? (so that I can
>>> switch to other programs) I have encountered this problem when using
>>> Softice... For example, when Softice is "doing" something, other
>>> processes are freezed and you jump out of it (Ctrl-D) and come back
>>> later, (because of its sticky feature), the current address of the
>>> debuggee would have changed, and it is looking at something else than
>>> what I was doing before.... quite subtle, hope you understand...
>>> Thanks
>>> Jack
>>>
>>
>>
>
>


.

---

• Follow-Ups:
  • Re: Initiation of a Debugger using CreateProcess
    • From: Ivan Brugiolo [MSFT]

• References:
  • Initiation of a Debugger using CreateProcess
    • From: Jacky Luk
  • Re: Initiation of a Debugger using CreateProcess
    • From: Jacky Luk
  • Re: Initiation of a Debugger using CreateProcess
    • From: Jacky Luk

• Prev by Date: Re: Initiation of a Debugger using CreateProcess
• Next by Date: Re: Initiation of a Debugger using CreateProcess
• Previous by thread: Re: Initiation of a Debugger using CreateProcess
• Next by thread: Re: Initiation of a Debugger using CreateProcess
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Loading exe at fixed preferred address ... Après mure réflexion, Jack a écrit: ... I am building a kernel debugger. ... >> preferred load address of the module is 0x401000, ... (microsoft.public.win32.programmer.kernel) Re: strtok ... There seems to be a problem on this line (from the debugger) ... Where I defined g_pMappedFileBase as PBYTE ... Jack ... > Hi Jacky! ... (microsoft.public.vc.language) Re: Initiation of a Debugger using CreateProcess ... debuggee based on the context... ... Jack ... >> instead of starting the debugger in a remote process... ... >>> later, (because of its sticky feature), the current address of the ... (microsoft.public.win32.programmer.kernel) Re: Initiation of a Debugger using CreateProcess ... void main ... What I meant by "started with CreateProcess" was the debuggee ... > instead of starting the debugger in a remote process... ... >> its sticky feature), the current address of the debuggee would have ... (microsoft.public.win32.programmer.kernel) Re: Initiation of a Debugger using CreateProcess ... What I meant by "started with CreateProcess" was the debuggee instead ... of starting the debugger in a remote process... ... Jack ... > to other programs) I have encountered this problem when using Softice... ... (microsoft.public.win32.programmer.kernel)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)