-
-
[讨论]无视DebugPort清零
-
2011-5-4 20:11
-
可行否。。
实现太琐碎了,不行不写了
实现太琐碎了,不行不写了
DEBUG_OBJECT g_DebugObject; //only Debugger! just for test.
//
//HookRoutine of DbgkForwardException
//
BOOLEAN
DbgForwardException(
IN PEXCEPTION_RECORD ExceptionRecord,
IN BOOLEAN DebugException,
IN BOOLEAN SecondChance
)
{
BOOLEAN Handled = FALSE;
if(!DebugException)
return OrgDbgForwardException(ExceptionRecord,DebugException,SecondChange);
//
//Queue the DebugEvent and Wakeup the Debugger
//
//
//Wait For DebugEvent->ContinueEvent
//
//
//return whether the Exception was Handled
//TRUE - handled
//
return Handled;
}
//
//HookRoutine of NtWaitForDebugEvent
//
NTSTATUS
DbgWaitForDebugEvent (
IN HANDLE DebugObjectHandle,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Timeout OPTIONAL,
OUT PDBGUI_WAIT_STATE_CHANGE WaitStateChange
)
{
NTSTATUS Status;
KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
PDEBUG_OBJECT DebugObject = &g_DebugObject;
//
//Waiting For wakeup
//
//
//Get DebugEvent and Convert to WaitStateChange
//
return Status;
}
//
//HookRoutine of NtDebugContinue
//
NTSTATUS
DbgDebugContinue (
IN HANDLE DebugObjectHandle,
IN PCLIENT_ID ClientId,
IN NTSTATUS ContinueStatus
)
{
//
//wakeup the Debuggee
//
}
//
//HookRoutine of NtCreateDebugObject
//
NTSTATUS
DbgCreateDebugObject (
OUT PHANDLE DebugObjectHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG Flags
)
{
//
//initialize the g_DebugObject and just return Success
//
}
//
//HookRoutine of NtDebugActiveProcess
//
NTSTATUS
DbgDebugActiveProcess (
IN HANDLE ProcessHandle,
IN HANDLE DebugObjectHandle
)
{
//
//initialize the g_DebugObject and just return Success
//
}
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
有人研究了。ms只有1000水帖的人会
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
