x64dbg
/
GleeBug
mirror of https://github.com/x64dbg/GleeBug
1
0
Fork 0
Code Releases Activity

changed DetachAndBreak back to allocating a new memory page with INT3; RET and move GIP there + adjust the stack

This commit is contained in:
Mr. eXoDia 2016-03-09 11:09:28 +01:00
parent 48dada8945
commit 2296d9ed5f
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
GleeBug/Debugger.cpp
View File

@ -72,7 +72,14 @@ namespace GleeBug
return false; return false;
//set the trap flag to trigger an exception //set the trap flag to trigger an exception
mRegisters->TrapFlag = true; auto gip = mRegisters->Gip();
auto codePtr = ptr(VirtualAllocEx(mProcess->hProcess, nullptr, 0x1000, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE));
unsigned char code[2] = { 0xCC, 0xC3 };
mProcess->MemWriteUnsafe(codePtr, code, sizeof(code));
mRegisters->Gsp -= sizeof(ptr);
mProcess->MemWriteUnsafe(mRegisters->Gsp(), &gip, sizeof(gip));
mRegisters->Gip = codePtr;
mThread->RegWriteContext(); mThread->RegWriteContext();
//detach from the process //detach from the process