From 2296d9ed5ff8b1da042e2cd557da8d41b57a5ef6 Mon Sep 17 00:00:00 2001
From: "Mr. eXoDia" <mr.exodia.tpodt@gmail.com>
Date: Wed, 9 Mar 2016 11:09:28 +0100
Subject: [PATCH] changed DetachAndBreak back to allocating a new memory page
 with INT3; RET and move GIP there + adjust the stack

---
 GleeBug/Debugger.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/GleeBug/Debugger.cpp b/GleeBug/Debugger.cpp
index 1defc66..fe0c703 100644
--- a/GleeBug/Debugger.cpp
+++ b/GleeBug/Debugger.cpp
@@ -72,7 +72,14 @@ namespace GleeBug
             return false;
         
         //set the trap flag to trigger an exception
-        mRegisters->TrapFlag = true;
+        auto gip = mRegisters->Gip();
+        auto codePtr = ptr(VirtualAllocEx(mProcess->hProcess, nullptr, 0x1000, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE));
+        unsigned char code[2] = { 0xCC, 0xC3 };
+        mProcess->MemWriteUnsafe(codePtr, code, sizeof(code));
+
+        mRegisters->Gsp -= sizeof(ptr);
+        mProcess->MemWriteUnsafe(mRegisters->Gsp(), &gip, sizeof(gip));
+        mRegisters->Gip = codePtr;
         mThread->RegWriteContext();
         
         //detach from the process