x64dbg
/
GleeBug
mirror of https://github.com/x64dbg/GleeBug
1
0
Fork 0
Code Releases Activity

different way to break GleeBug for JIT debugging

This commit is contained in:
mrexodia 2016-02-15 18:57:08 +01:00
parent cd78578ae1
commit 7953590d00
1 changed files with 3 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
GleeBug/Debugger.cpp
View File

@ -71,25 +71,8 @@ namespace GleeBug
if (!mProcess || !mThread || !mRegisters) //fail when there is no process or thread currently specified if (!mProcess || !mThread || !mRegisters) //fail when there is no process or thread currently specified
return false; return false;
//write the code that breaks the process //set the trap flag to trigger an exception
auto codePtr = ptr(VirtualAllocEx(mProcess->hProcess, nullptr, 0x1000, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE)); mRegisters->TrapFlag = true;
if (!codePtr)
{
cbInternalError("Debugger::UnsafeDetachAndBreak, VirtualAllocEx failed!");
return false;
}
uint8 code[] = { 0xCC, 0xC3 };
mProcess->MemWriteUnsafe(codePtr, code, sizeof(code));
//push the return address (current GIP) on the stack
mRegisters->Gsp -= sizeof(ptr);
auto gip = mRegisters->Gip();
mProcess->MemWriteUnsafe(mRegisters->Gsp(), &gip, sizeof(gip));
//change the GIP to the code
mRegisters->Gip = codePtr;
//flush the register cache (needed here explicitly because control will be out of the debugger after this).
mThread->RegWriteContext(); mThread->RegWriteContext();
//detach from the process //detach from the process
@ -102,7 +85,7 @@ namespace GleeBug
mDetach = false; mDetach = false;
//unset the trap flag when set by GleeBug //unset the trap flag when set by GleeBug
if (mThread->isInternalStepping) if (mThread->isInternalStepping || mThread->isSingleStepping)
mRegisters->TrapFlag = false; mRegisters->TrapFlag = false;
} }
}; };