硬件断点EXCEPTION_SINGLE_STEP所有的时间 [英] Hardware breakpoints EXCEPTION_SINGLE_STEP all the time
问题描述
我有一个程序,作为一个调试器。我设置一个hw bp的线程设置dr0到我想要bp的地址,dr7为1,因为我想要bp每次执行地址时产生一个事件。
它工作,但现在的问题是,我不停止接收EXCEPTION_SINGLE_STEP所有的时间。我使用WaitForDebugEvent创建了一个循环:
DebugActiveProcess
while(flag == 0)
{
WaitForDebugEvent(& DBEvent,INFINITE);
if(first_time){
setHWBPInCurrentThreads(pid,breakpoint_address);
first_time = 0;
}
switch(DBEvent.dwDebugEventCode)
{
//这里我们检查是否创建了一个新线程,并为它们设置了一个BP
case CREATE_THREAD_DEBUG_EVENT :
{
HANDLE thread_handle = DBEvent.u.CreateProcessInfo.hProcess;
HANDLE hX3 = SetHardwareBreakpoint(thread_handle,HWBRK_TYPE_CODE,HWBRK_SIZE_1,breakpoint_address);
}断点;
case EXCEPTION_DEBUG_EVENT:
{
switch(DBEvent.u.Exception.ExceptionRecord.ExceptionCode)
{
case EXCEPTION_SINGLE_STEP:
{
printf(%d\\\
,DBEvent.dwThreadId);
/// MessageBoxA(0,yesssssssss,,0);
} break;
case EXCEPTION_BREAKPOINT:
{
// MessageBoxA(0,Found break point,,0);
} break;
}
} break;
}
ContinueDebugEvent(DBEvent.dwProcessId,DBEvent.dwThreadId,DBG_CONTINUE);
}
这里有什么问题?
我们应该怎么做才能让异常去下一次才能获得控制权?实现只是继续调试事件,即使在中断点被击中之后,这将再次在无限循环中跳过断点。
正确的实现需要不同地处理,对您使用的环境。如果您在比Windows XP更新的环境中调试,处理断点的方式是:
- 设置恢复标志)。
- 禁用断点(Dr7)。
- 设置陷阱标志(EFLAG)。
- 继续调试事件(ContinueDebugEvent)。
- 等待陷阱标志引起的EXCEPTION_SINGLE_STEP (您现在在下一条指令)。
- 启用断点(Dr7)。
- 继续调试事件(ContinueDebugEvent) li>
- Set the Resume Flag (EFLAG).
- Continue the debug event (ContinueDebugEvent).
- Disable the break point (Dr7).
- Set the Trap Flag (EFLAG).
- Continue the debug event (ContinueDebugEvent).
- Wait for the EXCEPTION_SINGLE_STEP caused by the Trap Flag (you are now at the next instruction).
- Enable the break point (Dr7).
- Continue the debug event (ContinueDebugEvent).
$ b
Windows XP环境,您的实现需要更改为:
很抱歉,这个旧线程是正确的实现。
I have a program that acts as a debugger. I set a hw bp for a thread setting dr0 to the address I want to bp to be in and dr7 as 1 because I want the bp to generate an event each time that address is executed.
It works but the problem now is that I don't stop receiving the EXCEPTION_SINGLE_STEP all the time. I created a loop with WaitForDebugEvent as normal:
DebugActiveProcess(pid);
while (flag == 0)
{
WaitForDebugEvent(&DBEvent, INFINITE);
if (first_time){
setHWBPInCurrentThreads(pid, breakpoint_address);
first_time = 0;
}
switch (DBEvent.dwDebugEventCode)
{
// Here we check if a new thread is created and we set a BP for all of them
case CREATE_THREAD_DEBUG_EVENT:
{
HANDLE thread_handle = DBEvent.u.CreateProcessInfo.hProcess;
HANDLE hX3 = SetHardwareBreakpoint(thread_handle, HWBRK_TYPE_CODE, HWBRK_SIZE_1, breakpoint_address);
}break;
case EXCEPTION_DEBUG_EVENT:
{
switch (DBEvent.u.Exception.ExceptionRecord.ExceptionCode)
{
case EXCEPTION_SINGLE_STEP:
{
printf("%d\n", DBEvent.dwThreadId);
///MessageBoxA(0, "yesssssssss", "", 0);
}break;
case EXCEPTION_BREAKPOINT:
{
//MessageBoxA(0, "Found break point", "", 0);
}break;
}
}break;
}
ContinueDebugEvent(DBEvent.dwProcessId, DBEvent.dwThreadId, DBG_CONTINUE);
}
What is wrong here? What should I do to let the exception go and only get the control the next time that the address is being executed?
Your implementation simply continues the debug event even after the break point is hit, which will trip the break point again in an infinite loop.
The correct implementation needs to be handled differently depending on the environment you work with. If you are debugging in a newer environment than Windows XP, the way you handle a break point would be:
If you do work in a Windows XP environment, your implementation needs to be changed to:
Sorry to bump this old thread, however, these are the correct implementations.
这篇关于硬件断点EXCEPTION_SINGLE_STEP所有的时间的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
