Menu
I have a program that acts as a debugger. I set a hw bp for a thread setting dr0 to the address I want to bp to be in and dr7 as 1 because I want the bp to generate an event each time that address is executed.
It works but the problem now is that I don't stop receiving the EXCEPTION_SINGLE_STEP all the time. I created a loop with WaitForDebugEvent as normal:
DebugActiveProcess(pid);
while (flag == 0)
{
WaitForDebugEvent(&DBEvent, INFINITE);
if (first_time){
setHWBPInCurrentThreads(pid, breakpoint_address);
first_time = 0;
}
switch (DBEvent.dwDebugEventCode)
{
// Here we check if a new thread is created and we set a BP for all of them
case CREATE_THREAD_DEBUG_EVENT:
{
HANDLE thread_handle = DBEvent.u.CreateProcessInfo.hProcess;
HANDLE hX3 = SetHardwareBreakpoint(thread_handle, HWBRK_TYPE_CODE, HWBRK_SIZE_1, breakpoint_address);
}break;
case EXCEPTION_DEBUG_EVENT:
{
switch (DBEvent.u.Exception.ExceptionRecord.ExceptionCode)
{
case EXCEPTION_SINGLE_STEP:
{
printf("%d\n", DBEvent.dwThreadId);
///MessageBoxA(0, "yesssssssss", "", 0);
}break;
case EXCEPTION_BREAKPOINT:
{
//MessageBoxA(0, "Found break point", "", 0);
}break;
}
}break;
}
ContinueDebugEvent(DBEvent.dwProcessId, DBEvent.dwThreadId, DBG_CONTINUE);
}
What is wrong here? What should I do to let the exception go and only get the control the next time that the address is being executed?
374
Your implementation simply continues the debug event even after the break point is hit, which will trip the break point again in an infinite loop.
The correct implementation needs to be handled differently depending on the environment you work with. If you are debugging in a newer environment than Windows XP, the way you handle a break point would be:
If you do work in a Windows XP environment, your implementation needs to be changed to:
Sorry to bump this old thread, however, these are the correct implementations.
105
answered Nov 17 '25 12:11
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
