void test(void)
{
std::list<PROCESSENTRY32> lProcess;
std::list<MODULEENTRY32> lModules;
DWORD dwPid = 0;
std::list<MEMORY_BASIC_INFORMATION> lMemBI;
std::list<THREADENTRY32> lThreads;
std::list<LPCVOID> lAddress;
DWORD dwBaseAddress = 0;
IMAGE_DOS_HEADER DosHeader;
IMAGE_NT_HEADERS NTHeader;
lProcess = GetProcessList();
PrintProcessList(lProcess);
dwPid = GetPidProcess("notepad++.exe");
PrintPidProcess("notepad++.exe", dwPid);
lModules = GetModuleList(dwPid);
PrintModulesList(lModules);
lMemBI = GetMemoryInformation(dwPid);
PrintMemoryInfo(lMemBI);
lThreads = GetThreadsList(dwPid);
PrintThreadsInfo(lThreads);
SuspendAllThread(dwPid);
Sleep(1000);
ResumeAllThread(dwPid);
lAddress = ScanPattern("\x42\x42\x42", 3, dwPid);
PrintPatternMatch(lAddress);
dwBaseAddress = GetRemoteBaseAddress(dwPid);
printf("BaseAddress = %08X\n", dwBaseAddress);
DosHeader = GetDosHeader(dwPid);
PrintDosHeader(&DosHeader);
NTHeader = GetNTHeader(dwPid);
PrintNTHeader(&NTHeader);
}
//设置指令单步异常
bool CODebugger::SetSingleStep(HANDLE hThread)
{
CONTEXT ct;
//得到线程上下文
ct.ContextFlags = CONTEXT_FULL;
if(hThread && GetThreadContext(hThread, &ct))
{
//暂停所有其他线程,保证单步执行不被其他线程中断
SuspendAllThread(hThread);
//设置单步运行
ct.EFlags |= EFLAGS_TRAP;
//设置线程的上下文信息
SetThreadContext(hThread, &ct);
return true;
}
return false;
}
// 中断处理程序
BOOL CODebugger::OnDebugException(DEBUG_EVENT& deDebugEvent)
{
unsigned long ulAddress = (unsigned long)deDebugEvent.u.Exception.ExceptionRecord.ExceptionAddress;
//处理异常
switch (deDebugEvent.u.Exception.ExceptionRecord.ExceptionCode)
{
//断点异常
case EXCEPTION_BREAKPOINT:
{
//发生断点异常的地址
DEBUGGER_BREAKPOINT* pBreakPoint = m_breakPointListUser.Search(ulAddress); //搜索断点
if(pBreakPoint == NULL) //断点不在断点列表内
{
break;
}
m_ulCurBreakPointAddr = ulAddress;
//断点发生
E_Breakpoint(&deDebugEvent);
if(bpfunc != NULL)
{
(*bpfunc)(&deDebugEvent);
}
//得到线程
HANDLE hThread = m_debuggerThread.Search(deDebugEvent.dwThreadId)->m_hThread;
CONTEXT ct;
//得到线程上下文
ct.ContextFlags = CONTEXT_FULL;
if(hThread && GetThreadContext(hThread, &ct))
{
//将原来的代码写回
RestoreBreakPoint(pBreakPoint);
//暂停所有其他线程,保证单步执行不被其他线程中断
SuspendAllThread(hThread);
//Eip指针减1,指向原来代码的运行处
ct.Eip--;
//设置单步运行
ct.EFlags |= EFLAGS_TRAP;
//添加单步执行
if(pBreakPoint->m_bIsSingleLineBP == false)
{
DEBUGGER_SINGLE_STEP singleStep;
singleStep.m_uiAddress = ulAddress;
singleStep.m_uiThreadID = deDebugEvent.dwThreadId;
m_singleStepList.Add(singleStep);
}
//设置线程的上下文信息
SetThreadContext(hThread, &ct);
return true;
}
break;
}
//单步异常
case EXCEPTION_SINGLE_STEP:
{
E_SingleStep(&deDebugEvent);
//得到单步断点的指针
DEBUGGER_SINGLE_STEP* pSingleStep = NULL;
pSingleStep = m_singleStepList.SearchThread(deDebugEvent.dwThreadId);
if(pSingleStep)
{
//重新设置断点
DEBUGGER_BREAKPOINT* pDbp = m_breakPointListUser.Search(pSingleStep->m_uiAddress);
if(pDbp && (pDbp->m_bIsSingleLineBP == false))
{
SetBreakPoint(pDbp);
}
m_singleStepList.RemoveData(pSingleStep);
ResumeAllThread(deDebugEvent.dwThreadId);
}
break;
}
//
//下面的异常事件不关心,按默认处理
//
//违规访问
case EXCEPTION_ACCESS_VIOLATION:
{
E_AccessViolation(&deDebugEvent);
if (deDebugEvent.u.Exception.dwFirstChance)
{
if(unhfunc != NULL)
{
(*unhfunc)(&deDebugEvent);
}
else
{
default_unhandled(&deDebugEvent);
}
}
break;
}
case EXCEPTION_PRIV_INSTRUCTION:
{
if ((deDebugEvent.u.Exception.dwFirstChance == 0) ||
(deDebugEvent.u.Exception.ExceptionRecord.ExceptionFlags == EXCEPTION_NONCONTINUABLE) )
{
if(unhfunc != NULL)
{
(*unhfunc)(&deDebugEvent);
}
else
{
default_unhandled(&deDebugEvent);
}
}
break;
}
/*
case EXCEPTION_DATATYPE_MISALIGNMENT:
//按Ctrl+C 键
case DBG_CONTROL_C:
case EXCEPTION_ARRAY_BOUNDS_EXCEEDED:
case EXCEPTION_ILLEGAL_INSTRUCTION:
case EXCEPTION_IN_PAGE_ERROR:
case EXCEPTION_INT_DIVIDE_BY_ZERO:
case EXCEPTION_INT_OVERFLOW:
case EXCEPTION_STACK_OVERFLOW:
*/
default:
{
if(deDebugEvent.u.Exception.dwFirstChance == 0)
{
if(unhfunc != NULL)
{
(*unhfunc)(&deDebugEvent);
}
else
{
default_unhandled(&deDebugEvent);
}
}
return FALSE;
}
}
return TRUE;
}
