3GL   4GL   5GL  

MinDBG: Win32

, 32- Windows (Win32) , . -, createProcess ( dwCreationFlags)   DEBUG_ONLY_THIS_PROCESS. , , , . , , DEBUG_ONLY_THIS_PROCESS :reateProcess DEBUG_PROCESS.

, API Win32 , Win32 . (wild memory writes) , . ( 16- Windows Macintosh , , .)

, , API- v/aitForDebugEvent, . , :ontinueDebugEvent. , , :reateProcess , API-. , , Win32-oxnafl4HK:

void main ( void)

CreateProcess ( ..., DEBUG_ONLY_THIS_PROCESS, ...);

while ( 1 == WaitForDebugEvent ( ...))

 {

if ( EXIT_PROCESS) 

{

break;

 }

ContinueDebugEvent ( ...); 

}

}

, 32- Win- , , - . API Win32 , .

, , . ( DEBUG_EVENT), WaitForDebugEvent, .

typedef struct _DEBUG_EVENT { 

DWORD dwDebugEventCode; 

DWORD dwProcessId;

 DWORD dwThreadld;

 union {

EXCEPTION_DEBUG_INFO Exception;

CREATE_THREAD_DEBUG_INFO CreateThread;

CREATE_PROCESS_DEBUG_INFO CreateProcessInfo;

EXIT_THREAD_DEBUG_INFO ExitThread;

EXIT_PROCESS_DEBUG_INFO ExitProcess;

LOAD_DLL_DEBUG_INFO LoadDll;

UNLOAD_DLL_DEBUG_INFO UnloadDll;

OUTPUT_DEBUG_STRING_INFO DebugString;

RIP_INFO Riplnfo;

 } u;

 } DEBUG_EVENT

.

, . , , .

DEBUG_EVENT    CREATE_PROCESS_DEBUG_INFO.

, , , .

PROCESS_VM_READ PROCESS_VM_WRITE. , , ReadProcessMemory WriteProcessMemory.

GENERIC_READ (read-sharing).

THREAD_GET_CONTEXT, THREAD_SET_CONTEXT THREAD_SUSPEND_RESUME. , () ,   GetThreadContext  SetThreadContext, , ResumeThread SuspendThread

, . , .

DEBUG_EVENT CREATE_THREAD_DEBUG_INFO. . THREAD_GET_CONTEXT, THKEAD_SET_ CONTEXT THREAD_SUSPEND_RESUME. , () , GetThreadContext SetThreadContext, , ResumeThread SuspendThread.

, . , , 0 , "Structured Exception Handling" ( ) Platform SDK.

DEBUG_EVENT EXCEPTION_DEBUG_INFO. , .

, . DBG_CONTROL_C, <Ctrl>+<C>. <Ctrl>+<C> . . . , .

DBG_CONTROL_C, . ( MSDN SetConsoleCtrlHandler.)

, . , DLL .

DEBUG_EVENT EXIT_PROCESS_DEBUG_INFO, .

, . , .

, , . , .

DEBUG_EVENT   EXIT_THREAD_DEBUG_INFO, .

, . , .

, . EXIT_PROCESS_DEBUG_EVENT.

, DLL. , DLL LoadLibrary. , DLL. DLL 0, DLL . DLL .

DEBUG_EVENT  LOAD_DLL_DEBUG_INFO. DLL, DLL, , DLL.

, , DLL.

, OutputDebugString.

DEBUG_EVENT OUTPUT_DEBUG_STRING_INFO. , .

, DLL, FreeLibrary. , DLL (. . DLL 0).

DEBUG_EVENT UNLOAD_DLL_DEBUG_INFO. DLL , DLL.

, , DLL.

, DLL , UNLOAD_DLL_DEBUG _EVENT

Windows 98 , , , , .

, :.TaitForDebugEvent, , , , continueoebugEvent. , ReadProcessMemory WriteProcessMemory. "--", virtuaiProtect, . WriteProcessMemory, FlushinstructionCache, . FlushinstructionCache, , , , , , CPU, . FlushinstructionCache . CPU, GetThreadContext SetThreadContext.

Win32, , . CREATE_PROCESS_DEBUG_VENT LOAD_DLL_DEBUG_EVENT , EXCEPTION_DEBUG_EVENT. (loader breakpoint). , CREATE_PROCESS_DEBUG_EVENT , , , . , . (real-world) (, ) , , .

1 , , Visual Basic, Visual C++ .

, , . , ( ), CPU. Intel Pentium , ContinueDebugEvent DBG_CONTINUE, .

4-2 " " MinDBG. . MinDBG , , , , DLL. , "" "".

 

4-2. MINDBG.CPP

/*- - - - - - - - - - - - - - - - - - - - - - - -

Win32 

- - - - - - - - - - - - - - - - - - - - - - - - - */

/*//////////////////////////////////////////////////////////////

#include

//////////////////////////////////////////////////////////////*/ 

#include "stdafx.h"

/*///////////////////////////////////////////////////

////////////////////////////////////////////////////////*/

// Shows the minimal help.

void ShowHelp ( void);

// Display-

void DisplayCreateProcessEvent ( CREATE_PROCESS_DEBUG_INFO & stCPDI);

void DisplayCreateThreadEvent ( CREATE_THREAD_DEBUG_INFO & stCTDI);

void DisplayExitThreadEvent ( EXIT_THREAD_DEBUG_INFO & stETDI);

void DisplayExitProcessEvent ( EXIT_PROCESS_DEBUG_INFO & stEPDI);

void DisplayDllLoadEvent ( LOAD_DLL_DEBUG_INFO & stLDDI);

void DisplayDllUnLoadEvent ( UNLOAD_DLL_DEBUG_INFO & stULDDI);

void DisplayODSEvent ( HANDLE hProcess,

OUTPUT_DEBUG_STRING_INFO & stODSI );

void DisplayExceptionEvent ( EXCEPTION_DEBUG_INFO & stEDI);

 /*////////////////////////////////////////////////////////////

/////////////////////////////////////////////////////////////*/

void main ( int argc, char * argv[ ])

// .

if ( 1 == argc)

{

ShowHelp (); 

return;

}

// .

TCHAR szCmdLine[ _ ];

szCmdLine[ 0 ] = '\0';

for ( int i = 1; i < argc; i++)

{ strcat ( szCmdLine, argv[ i ]);

 if ( i < argc) 

{

strcat ( szCmdLine, " "); 

}

}

// .

// CreateProcess,

//

// DEBUG_ONLY_THIS_PROCESS.

STARTUPINFO stStartlnfo ;

PROCESS_INFORMATION stProcessInfo ;

memset ( sstStartlnfo , NULL, sizeof ( STARTUPINFO ));

memset ( SstProcessInfo, NULL, sizeof ( PROCESS_INFORMATION));

stStartlnfo.cb = sizeof ( STARTUPINFO);

BOOL bRet = CreateProcess ( NULL ,

szCmdLine , 

NULL

NULL , 

FALSE , 

CREATE_NEW_CONSOLE |

DEBUG__ONLY_THIS_PROCESS,

 NULL , 

NULL , 

&stStartlnfo ,

 &stProcessInfo ) ;

// , .

if ( FALSE == bRet)

{

printf ( "Unable to start %s\n", szCmdLine); 

return;

}

// , .

DEBUG_EVENT stDE

BOOL bSeenlnitialBP = FALSE ;

BOOL bContinue = TRUE ;

HANDLE hProcess = INVALID_HANDLE_VALUE;

DWORD dwContinueStatus

// while.

while ( TRUE == bContinue)

{

// , .

bContinue = WaitForDebugEvent ( &stDE, INFINITE);

// . -

// MinDBG ,

// .

switch ( stDE.dwDebugEventCode)

{

case CREATE_PROCESS_DEBUG_EVENT : 

{

DisplayCreateProcessEvent ( stDE.u.CreateProcessInfo);

 // ,

 //

. hProcess = stDE.u.CreateProcessInfo.hProcess;

 dwContinueStatus = DBG_CONTINUE;

 }

break;

case 'EXIT_PROCESS_DEBUG_EVENT : 

{

DisplayExitProcessEvent ( stDE.u.ExitProcess);

 bContinue = FALSE; 

dwContinueStatus = DBG_CONTINUE;

 }

break;

case LOAD_DLL_DEBUG_EVENT : 

{

DisplayDllLoadEvent ( stDE.u.LoadDll); 

dwContinueStatus = DBG_CONTINUE; 

 break;

case UNLOAD_DLL_DEBUG_EVENT :

 {

DisplayDllUnLoadEvent ( stDE.u.UnloadDll); 

dwContinueStatus = DBG_CONTINUE; 

}

break;

case CREATE_THREAD_DEBUG_EVENT : 

{

DisplayCreateThreadEvent ( stDE.u.CreateThread);

 dwContinueStatus = DBG_CONTINUE; 

}

break;

case EXIT_THREAD_DEBUG_EVENT :

{

DisplayExitThreadEvent ( stDE.u.ExitThread);

dwContinueStatus = DBG_CONTINUE;

 }

break;

case OUTPUT_DEBUG_STRING_EVENT : 

{

DisplayODSEvent ( hProcess, stDE.u.DebugString);

dwContinueStatus = DBG_CONTINUE;

 }

break;

case RIPR_VENT : 

 

dwContinueStatus = DBG_CONTINUE;

 }

break;

case EXCEPTION_DEBUG_EVENT : 

{

DisplayExceptionEvent ( stDE.u.Exception);

// ,

// -,

// , .

switch ( stDE.u.Exception.ExceptionRecord.ExceptionCode)

{

case EXCEPTION_BREAKPOINT :

{

//

// , ;

// ,

//

if ( FALSE == bSeenlnitialBP)

{

bSeenlnitialBP = TRUE;

 dwContinueStatus = DBG_CONTINUE; 

}

else {

// , ! 

dwContinueStatus =

DBG_EXCEPTION_NOT_HANDLED; 

break;

//

 // , 

default :

 {

dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;

 }

break; 

}

 }

break;

// ,

 default :

 {

dwContinueStatus = DBG_CONTINUE;

 }

break; 

}

// . 

ContinueDebugEvent ( stDE.dwProcessId, 

stDE.dwThreadld , 

dwContinueStatus );

 } 

}

/*/////////////////////////////////////////////////////////

/////////////////////////////////////////////////////////*/ 

void ShowHelp ( void)

{

printf ( "MinDBG <program to debug> "

"<program's command-line options>\n");

 }

void DisplayCreateProcessEvent ( CREATE_PROCESS_DEBUG_INFO & stCPDI)

 {

printf ( "Create Process Event :\n"); 

printf (." hFile : Ox%08X\n",

stCPDI.hFile ); 

printf ( " hProcess : 0x%08X\n",

stCPDI.hProcess ); 

printf ( " hThread : 0x%08X\n",

stCPDI.hThread);

printf (" lpBaseOfImage :0x%08X\n",

stCPDI.lpBaseOfImage);

printf("dwDebugInfoFileOffset: 0x%08X\n",

stCPDI.dwDebugInfoFileOffset);

printf("nDebugInfoSize: 0x%08X\n",

stCPDI.nDebugInfoSize);

printf ( " IpThreadLocalBase : Ox%08X\n",

stCPDI.IpThreadLocalBase ); 


printf ( " IpStartAddress : Ox%08X\n",

stCPDI.IpStartAddress ) ;  

printf ( " IpImageName : Ox%08X\n",

stCPDI.IpImageName );

printf ( " fUnicode : Ox%08X\n",

stCPDI.fUnicode );

}

void DisplayCreateThreadEvent ( CREATE_THREAD_DEBUG_INFO & stCTDI)

{

printf ( "Create Thread Event :\n");

printf ( " hThread : Ox%08X\n",

stCTDI.hThread );

printf ( " IpThreadLocalBase : Ox%08X\n",

stCTDI.IpThreadLocalBase );

printf ( " IpStartAddress : Ox%08X\n",

stCTDI.IpStartAddress );

}

void DisplayExitThreadEvent ( EXIT_THREAD_DEBUG_INFO & stETDI)

{

printf ( "Exit Thread Event :\n");

printf ( " dwExitCode : Ox%08X\n",

stETDI.dwExitCode );

}

void DisplayExitPrpcessEvent ( EXIT_PROCESS_DEBUG_INFO & stEPDI)

{

printf ( "Exit Process Event :\n");

printf ( " dwExitCode ' : Ox%08X\n",

stEPDI.dwExitCode );

}

void DisplayDllLoadEvent ( LOAD_DLL_DEBUG_INFO & stLDDI)

{

printf ( "DLL Load Event :\n");

printf ( " hFile : Ox%08X\n",

stLDDI.hFile );

printf ( " IpBaseOfDll : Ox%08X\n",

stLDDI.IpBaseOfDll );

printf ( " dwDebuglnfoFileOffset : Ox%08X\n",

stLDDI.dwDebuglnfoFileOffset );

printf ( " nDebuglnfoSize : Ox%08X\n",

stLDDI.nDebuglnfoSize );

printf ( " IpImageName : Ox%08X\n",

stLDDI.IpImageName );

printf ( " fUnicode : Ox%08X\n",

stLDDI.fUnicode ); 

}

void DisplayDllUnLoadEvent ( UNLOAD_DLL_DEBUG_INFO & stULDDI)

{

printf ( "DLL Unload Event :\n"); 

printf ( " IpBaseOfDll : Ox%08X\n",

stULDDI.IpBaseOfDll ); 

}

 void DisplayODSEvent { HANDLE hProcess,

OUTPUT_DEBUG STRING INFO & stODSI ) 

{

printf ( "OutputDebugString Event :\n");

 printf ( " IpDebugStringData : Ox%08X\n",

stODSI.IpDebugStringData ); 

printf ( " fUnicode : Ox%08X\n",

stODSI.fUnicode );

  printf ( " nDebugStringLength : Ox%08X\n",

stODSI.nDebugStringLength ); 

printf ( " String :\n"); char szBuff[ 512 ];

if ( stODSI.nDebugStringLength > 512)

 {

return; 

}

DWORD dwRead; 

BOOL bRet; 

bRet = ReadProcessMemory ( hProcess

stODSI.IpDebugStringData ,

 szBuff ,

 stODSI.nDebugStringLength , 

SdwRead )

printf ( "%s", szBuff); 

}

void DisplayExceptionEvent ( EXCEPTION_DEBUG INFO & stEDI)

 {

printf ( "Exception Event :\n");

 printf ( " dwFirstChance : Ox%08X\n",

stEDI.dwFirstChance );

printf ( " ExceptionCode : Ox%08X\n",

stEDI.ExceptionRecord.ExceptionCode );

 printf ( " ExceptionFlags : Ox%08X\n",

stEDI.ExceptionRecord.ExceptionFlags );

 printf ( " ExceptionRecord : Ox%08X\n",

stEDI.ExceptionRecord.ExceptionRecord );

printf ( " ExceptionAddress : Ox%08X\n",

stEDI.ExceptionRecord.ExceptionAddress );

printf ( " NumberParameters : Ox%08X\n",

stEDI.ExceptionRecord.NumberParameters ); 

}

        3GL   4GL   5GL  

, - , . , , , .. , . . , " ".




 10.11.2021 - 12:37: - Personalias -> WHO IS WHO - - _.
10.11.2021 - 12:36: - Conscience -> . ? - _.
10.11.2021 - 12:36: , , - Upbringing, Inlightening, Education -> ... - _.
10.11.2021 - 12:35: - Ecology -> - _.
10.11.2021 - 12:34: , - War, Politics and Science -> - _.
10.11.2021 - 12:34: , - War, Politics and Science -> . - _.
10.11.2021 - 12:34: , , - Upbringing, Inlightening, Education -> , - _.
10.11.2021 - 09:18: - New Technologies -> , 5G- - _.
10.11.2021 - 09:18: - Ecology -> - _.
10.11.2021 - 09:16: - Ecology -> - _.
10.11.2021 - 09:15: , , - Upbringing, Inlightening, Education -> - _.
10.11.2021 - 09:13: , , - Upbringing, Inlightening, Education -> - _.
Bourabai Research -  XXI Bourabai Research Institution