问题描述

我想在特定地址调试程序。我用c ++编写了一个调试器。我附上了一个外部程序/过程。 

当我使用函数DebugActiveProcess时，我无法使用我附加的程序，因为它停止了或它冻结了。任务经理说程序运行正常。
所以我不能在附加的程序中做一些事情来触发断点。我的代码中有错误吗？如何才能访问附加的程序？

//... attached program ...
    HANDLE handle = fProcess.__HandleProcess; //attached processhandle

    DWORD_PTR eax = 0;
    DWORD_PTR address = 0x0045D000;  //Debug address

    DebugActiveProcess(fProcess.__gameProcess.th32ProcessID);  //here stop the attached program

    DebugSetProcessKillOnExit(false);

    DWORD_PTR dwThreadID = fProcess.getThreadByProcess(fProcess.__gameProcess.th32ProcessID);

    HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, dwThreadID);

    CONTEXT ctx = { 0 };
    ctx.ContextFlags = CONTEXT_DEBUG_REGISTERS | CONTEXT_INTEGER;
    ctx.Dr0 = address;
    ctx.Dr7 = 0x00000001;

    SetThreadContext(hThread, &ctx);

    DEBUG_EVENT dbgEvent;
    while (true)
    {
        if (WaitForDebugEvent(&dbgEvent, INFINITE) == 0)
            break;

        if (dbgEvent.dwDebugEventCode == EXCEPTION_DEBUG_EVENT &&
            dbgEvent.u.Exception.ExceptionRecord.ExceptionCode == EXCEPTION_SINGLE_STEP) // EXCEPTION_BREAKPOINT
        {
            if (dbgEvent.u.Exception.ExceptionRecord.ExceptionAddress == (LPVOID)address)
            {
                GetThreadContext(hThread, &ctx);
                eax = ctx.Eax; // eax get
                std::cout << eax << "\n";
                ctx.Dr0 = ctx.Dr6 = ctx.Dr7 = 0;
                SetThreadContext(hThread, &ctx);
                ContinueDebugEvent(dbgEvent.dwProcessId, dbgEvent.dwThreadId, DBG_CONTINUE);
                break;
            }

        }

        ContinueDebugEvent(dbgEvent.dwProcessId, dbgEvent.dwThreadId, DBG_CONTINUE);
    }

    DebugActiveProcessStop(fProcess.__gameProcess.th32ProcessID);

感谢您的帮助

推荐答案

这篇关于DebugActiveProcess冻结/停止附加过程“的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！