Hello there,
I began to write a small debugger. All works fine with some bugs on exceptions handling. Current phase is... spying api's :)
Here are three classes: CBreakpointCollection, CBasic- and CAdvanced- Debugger.
Planned class for strings for handling duplicates.
I don't know if this stuff can be posted here:
screen: http://img147.imageshack.us/my.php?image=debugger8ti.jpg
Wow, that looks very interesting. Thanks for sharing.
okey, I don't see "no" ;D
here are three programs: debugme - simple debugger detector, it checks existence of debugger by calling IsDebuggerPresent, then scans TIB block (fs:0)
If debugger is detected - it displays red message, if not - green (I'm not a cracker yet ;) )
Number of methods for detecting and hidding debugger is ..9^9^9
project basicdebugger - nothing special, it shows only loaded dll's
project advanceddebugger -
- can hide debugger in "ultra private thread address space"
- can fake any api - overwrite entry with return x
- can display arguments sent to and returned from functions
- having apispy it can detect memory leaks and other bugs
Main debugger loop is located in CBasicDebugger.src - WaitForEvents. All methods are virtual so you can override them - look in *_test.src
class CDebugTest : CAdvancedDebugger
{
ÂÃ, Ã‚Ã, declare OnCreateProcess(HANDLE hFile, HANDLE hProcess, HANDLE hThread),BOOL;
ÂÃ, Ã‚Ã, declare OnLoadDll(string szDllFullPath, string szDllName, HANDLE hFile, void *lpBaseOfDll),BOOL;
ÂÃ, Ã‚Ã, declare OnDebugString(string szMessage),BOOL;
ÂÃ, Ã‚Ã, declare OnException(BOOL FirstChance, DWORD ExceptionCode, void *ExceptionAddress, CONTEXT ctx),BOOL;
}
CDebugTest :: OnLoadDll(...)
{
ÂÃ, Ã‚Ã, printf("loading %s\n", szDllName);
ÂÃ, Ã‚Ã, // do something here
ÂÃ, Ã‚Ã, return CBasicDebugger!!OnLoadDll(szD ...); // close handles, free heaps
}
do not crack not_compilled_with_Aurora programs!
If this source breaks any laws, just remove it.
Always fun to see what you come up with ;)