|
Hi im trying me on Debugger
I´ve injected a dll into a Application. I can see the assambler code ( using engine to convert from binary code ) and I can list all dlls that this app uses.
My next step is to getting all thread of an application. I searched here and looked on MSDN but i cant get the information i searched.
How to get the ThreadID, ThreadEntry and Data Block of all thread in a process ?
|
|
|
|
|
How about the Thread32First() /Thread32Next() pair?
"Ideas are a dime a dozen. People who put them into action are priceless." - Unknown
|
|
|
|
|
What are you doing with a DLL injected into the process?
1. Why don't you use the supplied OS APIs that enable you to debug?
Debugging API[^]
These APIs enable you to write a debugger, they don't write it for you. So it's no easier using them than it is doing what you are currently doing. The only thread you would ever need to create in the process would be "debugbreakpoint" to break into the application and debug it. Sure you could manually attempt to freeze all threads and things without the debug API, however those are trivial tasks that are already implemented. Why not spend your time enabling features than implementing the most basic of functionalities.
2. You shouldn't be calling any "debugging" functions from inside the process.
Why? Because this application is being debugged. You don't know the state of the process and you are affecting it by being in the same memory space. If you freeze all the threads as well (Which is what generally occurs with debugging) you then have the problem that if one thread is say holding a heap lock in the middle of an allocation, you could deadlock your debugging thread. The debugger should be seperate from the application.
Creating a basic debugger[^]
8bc7c0ec02c0e404c0cc0680f7018827ebee
|
|
|
|
|
If you already are using the debug API, then like I said everything you are doing can be accomplished from a seperate process no need for DLL Injection.
8bc7c0ec02c0e404c0cc0680f7018827ebee
|
|
|
|
|
Well I never informed me about the debug api. In my oppinion it was the easiest way. With my Method theres no need to reset the debugging flag ( There are many Apps that detect if a debugger is active ). But after reading the Article you´ve post i must think about my concept. Thx for help.
|
|
|
|
|
You can use the debugger to set the debug flag to 0, so you can fool those apps. What's the difference? Well, certain breaks will be skipped however any break points will be hit. But, some debug code may check the flag before doing an int 3, that's the only thing you loose (Which may have a problem when attempting to hard-break into the process, if this flag is checked.) otherwise, it doesn't really mean anything and doesn't make it so you can't debug. The debugport is an LPC that is actually on the kernel data structure, so unless they have a driver that checks the internal kernel process structure, they wouldn't know if they were being debugged after you unset the debug "boolean" in the PEB.
8bc7c0ec02c0e404c0cc0680f7018827ebee
|
|
|
|
|
I have an app I'm developing that is experiencing problems when I am shutting down threads. It IS NOT MFC. I have created my threads using CreateThread().
The problem only happens in release mode. Since, my last release, I added several new threads. Here's a rough example.
Thread A creates Thread B. Thread B creates threads C, D, and E. Threads C, D, and E are timed threads. One checks disk space every 5 minutes, the other two perform a filter match check every 1/2 second and 2 seconds.
The problem is that Thread A, tells Thread B to quit. Thread B tells threads C, D, and E, to quit exactly the same as how they were created. But, my timed threads are written as:
while ( !fDone && !rtnState )
{
dwRes = ::WaitForSingleObject(ghThreadExitEvent, 300000);
switch(dwRes)
{
case WAIT_TIMEOUT :
if(gbRecording)
rtnState = CheckDiskSpace();
.
.
.
.
So, you can see that I am using WAIT_TIMEOUT and then exiting upon a ThreadExitEvent (my event). I thought that if I SetEvent() the ThreadExitEvent, that it would exit, but it's not. I also tried using a global boolean variable to flag that its time to exit to no avail.
Consequently, I started reading and I came across something that said there was a bug with WaitForSingleObject() and that WaitForMultipleObjects() was better.
So, I started looking at semaphores and mutexes. But, the example I found for semaphores was CSemaphore (MFC). Acckkk! But, I did find a sample for mutexes which sounded cool but was confused as to how I can use this object to signal that I wanted to kill an individual thread. I understand that it can start out signalled and threads can claim ownership and upon calling ReleaseMutex(), that it will transition from the non-signalled to the signalled state. Then, another thread can claim ownership, ad nauseum. But, what I want is some sort of synchronization device that will stay non-signalled until my main thread, puts it in a signalled state, and then all threads WaitingForMultipleObjects() can see it and exit the program.
Any suggestions or clarifications???
|
|
|
|
|
My immediate guess is that you've made ghThreadExitEvent an auto reset event, not a manual reset event.
I know of no bug in WaitForSingleObject() and have used it quite extensively using the very technique you are using.
Anyone who thinks he has a better idea of what's good for people than people do is a swine.
- P.J. O'Rourke
|
|
|
|
|
Yes, I did set it for auto reset event. Bear with me because I've never used manual reset, so, If I set it to manual, I'd have to call ResetEvent() in each thread that is getting killed, before it actually exits the thread. Does that mean I also have to call SetEvent() again from within that same exiting thread or so that the other threads see the same event?
I'm confused as to if u set an event, does one or more threads see the event or does only the first thread that handles it (gobbles it up so that) the other threads waiting for the same event don't see it.
|
|
|
|
|
This is from MSDN:
When the state of a manual-reset event object is signaled, it remains signaled until it is explicitly reset to nonsignaled by the ResetEvent function. Any number of waiting threads, or threads that subsequently begin wait operations for the specified event object, can be released while the object's state is signaled.
When the state of an auto-reset event object is signaled, it remains signaled until a single waiting thread is released; the system then automatically resets the state to nonsignaled. If no threads are waiting, the event object's state remains signaled.
Seems like if you make a manual-reset event, all your threads will get the 'exit' signal.
|
|
|
|
|
Thank you both, Blake and Joe. This explanation makes sense. Now, I understand why it didn't work for an auto-reset event.
|
|
|
|
|
Hello all. How can I export a template class from a simple DLL? I'm using Visual C++ 7.
One day you'll find
that I have gone,
for tomorrow may rain, so
I'll follow the sun...
|
|
|
|
|
A template is an abstraction and cannot be exported. You can either declare explict types of uses or write a non-template base class, export that and use the template as a wrapper. (I've used both methods.)
Anyone who thinks he has a better idea of what's good for people than people do is a swine.
- P.J. O'Rourke
|
|
|
|
|
You can only export template instantiations. The syntax is odd, and it's not standard C++ (the compiler tells you it isn't)
Good music: In my rosary[^]
|
|
|
|
|
I think that we have to wait for visual studio 2006 or something, since exporting templates from a object file is still not supported in VS2005 . Support for the standard and especially templates is very great though.
Behind every great black man...
... is the police. - Conspiracy brother
Blog[^]
|
|
|
|
|
Templates are kinda inline functions, which cannot be exported!
Don't try it, just do it!
|
|
|
|
|
I have a toolar resource to incorporate with my SDI Application and in mainfrm.cpp I attempt to create it by:
if(!m_wndToolBarStd.Create(this, WS_CHILD | WS_VISIBLE
| CBRS_TOP | CBRS_GRIPPER | CBRS_TOOLTIPS
| CBRS_FLYBY | CBRS_SIZE_DYNAMIC, IDR_TRUACT) || !m_wndToolBarStd.LoadToolBar(IDR_MAINFRAME))
{
TRACE0("Failed to create toolbar\n");
return -1; // Fail to create
}
It compiles fine, but when I try to start my application I get a couple error messages with "Debug Assertion Failed". (For reference, the assertion failures were at winocc.cpp/line 301 and afxwin2.ini/line 118.) Any input on how I can get this tool bar to work?
Danny
|
|
|
|
|
Hi there,
I'm looking for a way to create a new code/data section with a #define directive.
The problem is, that the compiler does not allow #pragma directives within a #define directive.
Example:
#define SECTION() #pragma data_seg( ".x" )
Is there another solution?
Regards,
Alex
Don't try it, just do it!
|
|
|
|
|
What about:
#define SECTION_NAME ".X"<br />
#pragma data_seg( SECTION_NAME )
I am pretty sure anyplace you did not WANT the named section, you could just use
#pragma data_seg()
I am pretty sure this resets it to the default data segment or has no effect if the data segment was not changed from the default in the first place.
|
|
|
|
|
The problem is that I want to set a new named section!
It is quite easy:
I create a new section with an array inside, which consists of many arrays from multiple cpp files.
When compiling I merge the section with the data section and so it's possible to read the whole array from only one function (it's the same thing as the CRT does with e.g. constructors of static classes).
I want to use a macro for that new section statement and the start of an array because it saves time when typing the code .
Don't try it, just do it!
|
|
|
|
|
There is no super shortcut, but you can organize these. This is an example of how I do it:
#ifndef _TEXTSEG<br />
#define _TEXTSEG(name) ".text$" #name<br />
#endif<br />
<br />
#ifndef MY_CORE_SEG<br />
#define MY_CORE_SEG _TEXTSEG(MYS_CORE)<br />
#define MY_GDI_SEG _TEXTSEG(MYS_GDI)<br />
#endif
Then at the top of the source files I add the following as appropriate:
#ifdef MY_GDI_SEG<br />
#pragma code_seg(MY_GDI_SEG)<br />
#endif
Anyone who thinks he has a better idea of what's good for people than people do is a swine.
- P.J. O'Rourke
|
|
|
|
|
I need to be able to convert a small (say 150px x 30px) 24-bit BMP image to some sort of compressed image - say GIF, JPG or PNG to use on a web page.
I have tried compiling the latest version of GD2 but it leaves a lot to be desired and its probably not quite compatible with VC5. It compiles with oodles of warnings then fails to link. The lib batch file says it works but compiles a microscopic LIB file. I've tried the extern "C" wrappers and stuff but to be honest if the code is this messy then its not what I need for a quick solution. Its far too complex.
I need something fairly simple just to do the basic job - no frills. Perhaps along the line of BMPtoGif(FILE* stream) or BMPtoGif(object*). I'd prefer code which doesn't load from file but could hack it if needed as I already have the BMP in an buffer in memory.
I see there's a definite lack of GIF routines thanks to UniSys - even though the patents have now expired so I expect there ought to be shed loads of BMP2PNG code out there. Hours of Googling have drawn few actual examples of code in the public domain.
Anyone got any pointers to something fairly simple. The app I'm writing is a freeware Win32 CGI console app.
Failing that it means a week or so reading the GD2 code and extracting the relevant parts that work and create my own libarary. I have a feeling its gonna go that way.
|
|
|
|
|
We have routines that do exactly this for our web-based charting module. From memory to memory or disk. Reply to this message so we can start an off-board email and perhaps I can get you the code.
onwards and upwards...
|
|
|
|
|
OK thanks - much appreciated. I was looking for public domain code as I almost certainly won't be selling the application it will be freeware. Its hard enough even giving software away!. I can't even recall anyone even emailing to say "thanks" for any of the stuff I've written!. Good job its an interesting hobby.
I would have thought there would be some GNU Linux-based routines suitable for conversion to Win32.
The code is intended for a small freeware, web-based CGI countdown counter for Apache/Win32 which I have been writing as an excercise in moving away from VB to Visual "C". The counter is working fine but the 24-bit BMP images produced, at 13-15k per image are a bit large - especially if you have several on a page.
Regards
PS Its my first post on this site so I'm not sure if you'd get acess to my email through it. I'd rather not publish it on the net as I already get about 300 spams a day!.
|
|
|
|
|
there are a few articles on Code Project that might be able to help (you'll probably have to convert them back to VC5, though). see the Bitmaps and Palettes section.
or, i know where you can find a nice inexpensive DLL...
Cleek | Image Toolkits | Thumbnail maker
|
|
|
|