参照网上已有的代码防写了一个小调试工具,调试自己写的测试程序已经通过(int3断点,drX断点),可拿同样的代码去调试XX游戏时却出现问题:如果用线程去调试,DebugActiveProcess成功后,游戏马上自己结束!如果不用线程,游戏窗体消失,进程还存在!
代码: (并未对游戏做任何操作!不是权限问题.加了权限也一样)
调试按扭单击事件:
void CDebugMapleDlg::OnButton1()
{
HANDLE hThread;
DWORD ThreadID;
hThread=CreateThread(NULL,0, (LPTHREAD_START_ROUTINE)debugThreadFun,NULL,0,&ThreadID); //线程调试
// debugThreadFun(); //直接调用调试
}
debugThreadFun调试函数:
BOOL debugThreadFun()
{
CString windowName="XXX";
DWORD pid;
HWND hwnd=FindWindow(NULL,windowName);
if (hwnd==NULL)
{
MessageBox(NULL,"游戏未启动","提示",0);
return false;
}
GetWindowThreadProcessId(hwnd,&pid);
HANDLE hd=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
if (hd==NULL)
{
MessageBox(NULL,"打开进程失败","提示",0);
return false;
}
if (!DebugActiveProcess(pid))
{
MessageBox(NULL,"绑定游戏进程失败","",0);
return false;
}else{
MessageBox(NULL,"绑定游戏进程成功","",0);
}
DEBUG_EVENT dbe;
HANDLE m_hDebug;
HANDLE dwThread;
BOOL proin=FALSE;
CONTEXT ct;
ct.ContextFlags=CONTEXT_FULL;
while(TRUE)
{ if (WaitForDebugEvent(&dbe, INFINITE))
{
// 如果是退出消息,调试监视结束
if(dbe. dwDebugEventCode == EXIT_PROCESS_DEBUG_EVENT)
break;
// 进入调试监视处理
switch(dbe.dwDebugEventCode)
{
case CREATE_PROCESS_DEBUG_EVENT:
m_hDebug = dbe.u.CreateProcessInfo.hProcess;
// 记录线程ID和线程句柄的关系
dwThread = dbe.u.CreateProcessInfo.hThread;
break;
case CREATE_THREAD_DEBUG_EVENT:
// 记录线程ID和线程句柄的关系
dwThread = dbe.u.CreateThread.hThread;
break;
case EXCEPTION_DEBUG_EVENT:
// 中断处理程序
void* pBreakAdd = dbe.u.Exception.ExceptionRecord.ExceptionAddress;
DWORD code = dbe.u.Exception.ExceptionRecord.ExceptionCode;
switch(code)
{
case EXCEPTION_BREAKPOINT:
{
break;
}
case EXCEPTION_SINGLE_STEP:
{
break;
}
}
proin=TRUE;
break;
}
}
if(proin)
ContinueDebugEvent(dbe.dwProcessId , dbe.dwThreadId , DBG_CONTINUE );
else
ContinueDebugEvent(dbe.dwProcessId , dbe.dwThreadId,DBG_EXCEPTION_NOT_HANDLED);
}
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
