debugingEx

[sapero]

Hello there,
I began to write a small debugger. All works fine with some bugs on exceptions handling. Current phase is... spying api's
Here are three classes: CBreakpointCollection, CBasic- and CAdvanced- Debugger.
Planned class for strings for handling duplicates.
I don't know if this stuff can be posted here:

screen: http://img147.imageshack.us/my.php?image=debugger8ti.jpg

[Parker]

Wow, that looks very interesting. Thanks for sharing.

[sapero]

okey, I don't see "no"
here are three programs: debugme - simple debugger detector, it checks existence of debugger by calling IsDebuggerPresent, then scans TIB block (fs:0)
If debugger is detected - it displays red message, if not - green (I'm not a cracker yet )
Number of methods for detecting and hidding debugger is ..9^9^9

project basicdebugger - nothing special, it shows only loaded dll's
project advanceddebugger -
- can hide debugger in "ultra private thread address space"
- can fake any api - overwrite entry with return x
- can display arguments sent to and returned from functions
- having apispy it can detect memory leaks and other bugs

Main debugger loop is located in CBasicDebugger.src - WaitForEvents. All methods are virtual so you can override them - look in *_test.src

Code Select Expand

class CDebugTest : CAdvancedDebugger
{
ÂÃ,  ÂÃ, declare OnCreateProcess(HANDLE hFile, HANDLE hProcess, HANDLE hThread),BOOL;
ÂÃ,  ÂÃ, declare OnLoadDll(string szDllFullPath, string szDllName, HANDLE hFile, void *lpBaseOfDll),BOOL;
ÂÃ,  ÂÃ, declare OnDebugString(string szMessage),BOOL;
ÂÃ,  ÂÃ, declare OnException(BOOL FirstChance, DWORD ExceptionCode, void *ExceptionAddress, CONTEXT ctx),BOOL;
}

CDebugTest :: OnLoadDll(...)
{
ÂÃ,  ÂÃ, printf("loading %s\n", szDllName);
ÂÃ,  ÂÃ, // do something here
ÂÃ,  ÂÃ, return CBasicDebugger!!OnLoadDll(szD ...); // close handles, free heaps
}

do not crack not_compilled_with_Aurora programs!
If this source breaks any laws, just remove it.

[Ionic Wind Support Team]

Always fun to see what you come up with