newuser2 How do I cheat? Reputation: 0
Joined: 21 Oct 2021 Posts: 1
|
Posted: Thu Oct 21, 2021 2:07 am Post subject: How does CE handle stepping through instructions for VEH? |
|
|
I am trying to embed debugger-like code within my project for a remote process - not writing a full-blown debugger, I just need specific functionality:
I add a vectored exception handler and then I register a software breakpoint (int 3, 0xCC) at a specific memory address.
The exception handler receives EXCEPTION_BREAKPOINT, and then I handle it by removing the breakpoint, then performing this operation on eflags:
to set the tracer flag
After this I flush the instruction cache, call SetThreadContext, and return EXCEPTION_CONTINUE_EXECUTION.
Following this, I receive EXCEPTION_SINGLE_STEP
the result of EXCEPTION_SINGLE_STEP are what happened after the instruction executed instead of prior to execution (as expected.)
Then I set the resume flag and clear the trap flag as otherwise I get into an infinite loop on that address:
Code: | EFlags ^= 1 << 16
EFlags &= !(1 << 8) |
These are my questions:
How do I set the tracer flag so that say, I breakpoint on address 0x00000001, it transitions to single step mode.
And then it steps to 0x00000002, handles that
steps to 0x00000003, handles that, etc.
Basically, how do I capture single step operations for every subsequent instruction until I tell it to stop? Currently what I am doing is disassembling the instruction, getting the size, and doing:
Code: | IP += instruction.size() |
However this would not be sufficient for conditional operations. What is the best way to go about handling this?
|
|