Snowflag How do I cheat? Reputation: 0
Joined: 31 Aug 2018 Posts: 3
|
Posted: Fri Aug 31, 2018 10:08 am Post subject: Trying to rebuild VEH, problem singlestepexception |
|
|
Hi Dark Byte!
I'm trying to rebuild your VEH debugger in C# (client side). I've got pretty much everything running so far but on initialization it behaves differently than in CE. Target is notepad++ 64bit.
The following events I receive from the injected VEH dll:
Quote: | DEBUG -> create process (0xce000000)
DEBUG -> create thread (0xce000001)
DEBUG -> create thread (0xce000001)
DEBUG -> create thread (0xce000001)
DEBUG -> create thread (0xce000001)
DEBUG -> create thread (0xce000001)
DEBUG -> create thread (0xce000001)
DEBUG -> create thread (0xce000001)
DEBUG -> BP! (0x80000003) RIP is 0, I set it to 1 same as in CE
DEBUG -> Debug print exception (0x40010006)
DEBUG -> Debug print exception (0x40010006) |
up to this everything is the same as with CE. But then CE would receive a third debug print exception and then continues waiting for a debug event (initialization done).
But on my code I only receive these two debugprintexceptions and then I receive constantly a SingleStepException. Do you have any idea what I've done wrong?
Output of the OutputDebugString:
Quote: | [32588] VEHDebug init
[32588] ConfigName="{be10267c-8278-48d6-9516-1902ab98251f}"
[32588] fm=000002D8
[32588] VEHSharedMem=2AEA8010000
[32588] HasDebugEvent=000001FC
[32588] HasHandledDebugEvent=00000200
[32588] @HasDebugEvent=2AEA8012000
[32588] @HasHandledDebugEvent=2AEA8012008
[32588] Testing if it handles normal debug events
[32588] 1
[32588] 2
[32588] 3
[32588] Calling EmulateInitializeEvents
[32588] Registering exception handler
[32588] returned from EmulateInitializeEvents
[32588] Created exception handler:2AEA7E7FAF0 |
//edit: Nvm, after looking at your source again I found out I didn't cleared some registers.
|
|