如何在DR寄存器中设置好断点地址,然后当被调试程序执行到断点地址以后处理,用以下的网上找的代码改了一下,可是它会一直弹出那个对话框
#include <windows.h>
#include <winbase.h>
#include <tchar.h>
#include <stdio.h>
#include <string>int APIENTRY _tWinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
STARTUPINFO sif ;
PROCESS_INFORMATION pi ;
::ZeroMemory(&sif, sizeof(STARTUPINFO)) ;
::ZeroMemory(&pi, sizeof(PROCESS_INFORMATION)) ;
sif.cb = sizeof(STARTUPINFO) ;
bool STOP ;
::CreateProcess (_T("1st.exe"), NULL, NULL, NULL, NULL, DEBUG_PROCESS, NULL, NULL, &sif, &pi) ;DEBUG_EVENT DBEvent ;
CONTEXT Regs ;
DWORD dwState, dwBpCnt, dwSSCnt, dwAddrProc;
static const DWORD dwBreakAddr = 0x00401009 ;
static const DWORD dwBreakAddr2 = 0x00401011 ; unsigned int iTotalCommandNum ;
TCHAR tBuffer[256] ;
dwBpCnt = dwSSCnt = 0 ;
iTotalCommandNum = 0 ;
STOP = false ; Regs.ContextFlags = CONTEXT_FULL | CONTEXT_DEBUG_REGISTERS ; do
{
::WaitForDebugEvent (&DBEvent, INFINITE) ;
dwState = DBG_EXCEPTION_NOT_HANDLED ;
switch (DBEvent.dwDebugEventCode)
{
case EXCEPTION_DEBUG_EVENT:
{
switch (DBEvent.u.Exception.ExceptionRecord.ExceptionCode)
{
case EXCEPTION_BREAKPOINT:
{
// ++dwBpCnt ;
// if (dwBpCnt == 1)
// {
::GetThreadContext(pi.hThread, &Regs) ;
Regs.Dr0 = (DWORD)(::GetProcAddress(::GetModuleHandle(_T("ntdll.dll")), _T("NtContinue")) );
Regs.Dr7 = 0x101 ;
::SetThreadContext(pi.hThread, &Regs) ;
dwState = DBG_CONTINUE ;
// }
break ;
}
case EXCEPTION_SINGLE_STEP:
{
++dwSSCnt ;
if (dwSSCnt == 1)
{
::GetThreadContext(pi.hThread, &Regs) ;
Regs.Dr0 = Regs.Dr7 = 0 ;
::SetThreadContext(pi.hThread, &Regs) ;
::ReadProcessMemory(pi.hProcess, (LPCVOID)(Regs.Esp+4), &dwAddrProc, sizeof(DWORD), NULL) ;
::ReadProcessMemory(pi.hProcess, (LPCVOID)dwAddrProc, &Regs, sizeof(CONTEXT), NULL) ;
Regs.Dr0 = dwBreakAddr ;
Regs.Dr7 = 0x101 ;
//Regs.EFlags |= 0x0 ;
::WriteProcessMemory(pi.hProcess, (LPVOID)dwAddrProc, &Regs, sizeof(CONTEXT), NULL) ;
dwState = DBG_CONTINUE ; }
else //if (dwSSCnt == 2)
{
::GetThreadContext(pi.hThread, &Regs) ;
++iTotalCommandNum ;
dwState = DBG_CONTINUE ;
char key2[256];
sprintf(key2, "你的License是:%d", Regs.Eax);
MessageBox(NULL, key2, "序列号",0);
} break ;
}
}
break ;
}//case EXCEPTION_DEBUG_EVENT:
case EXIT_PROCESS_DEBUG_EVENT :
{
STOP = TRUE ;
::sprintf(tBuffer, _T("程序总指令数: %08lX"), iTotalCommandNum) ;
::MessageBox(NULL, tBuffer, _T("结束"), MB_OK) ;
::ExitProcess(-1) ;
break ;
}
}
if (!STOP)
{
::ContinueDebugEvent(pi.dwProcessId, pi.dwThreadId, dwState) ;
}
} while (!STOP) ; ::CloseHandle(pi.hProcess) ;
::CloseHandle(pi.hThread) ;
::ExitProcess(0) ;
}
#include <windows.h>
#include <winbase.h>
#include <tchar.h>
#include <stdio.h>
#include <string>int APIENTRY _tWinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
STARTUPINFO sif ;
PROCESS_INFORMATION pi ;
::ZeroMemory(&sif, sizeof(STARTUPINFO)) ;
::ZeroMemory(&pi, sizeof(PROCESS_INFORMATION)) ;
sif.cb = sizeof(STARTUPINFO) ;
bool STOP ;
::CreateProcess (_T("1st.exe"), NULL, NULL, NULL, NULL, DEBUG_PROCESS, NULL, NULL, &sif, &pi) ;DEBUG_EVENT DBEvent ;
CONTEXT Regs ;
DWORD dwState, dwBpCnt, dwSSCnt, dwAddrProc;
static const DWORD dwBreakAddr = 0x00401009 ;
static const DWORD dwBreakAddr2 = 0x00401011 ; unsigned int iTotalCommandNum ;
TCHAR tBuffer[256] ;
dwBpCnt = dwSSCnt = 0 ;
iTotalCommandNum = 0 ;
STOP = false ; Regs.ContextFlags = CONTEXT_FULL | CONTEXT_DEBUG_REGISTERS ; do
{
::WaitForDebugEvent (&DBEvent, INFINITE) ;
dwState = DBG_EXCEPTION_NOT_HANDLED ;
switch (DBEvent.dwDebugEventCode)
{
case EXCEPTION_DEBUG_EVENT:
{
switch (DBEvent.u.Exception.ExceptionRecord.ExceptionCode)
{
case EXCEPTION_BREAKPOINT:
{
// ++dwBpCnt ;
// if (dwBpCnt == 1)
// {
::GetThreadContext(pi.hThread, &Regs) ;
Regs.Dr0 = (DWORD)(::GetProcAddress(::GetModuleHandle(_T("ntdll.dll")), _T("NtContinue")) );
Regs.Dr7 = 0x101 ;
::SetThreadContext(pi.hThread, &Regs) ;
dwState = DBG_CONTINUE ;
// }
break ;
}
case EXCEPTION_SINGLE_STEP:
{
++dwSSCnt ;
if (dwSSCnt == 1)
{
::GetThreadContext(pi.hThread, &Regs) ;
Regs.Dr0 = Regs.Dr7 = 0 ;
::SetThreadContext(pi.hThread, &Regs) ;
::ReadProcessMemory(pi.hProcess, (LPCVOID)(Regs.Esp+4), &dwAddrProc, sizeof(DWORD), NULL) ;
::ReadProcessMemory(pi.hProcess, (LPCVOID)dwAddrProc, &Regs, sizeof(CONTEXT), NULL) ;
Regs.Dr0 = dwBreakAddr ;
Regs.Dr7 = 0x101 ;
//Regs.EFlags |= 0x0 ;
::WriteProcessMemory(pi.hProcess, (LPVOID)dwAddrProc, &Regs, sizeof(CONTEXT), NULL) ;
dwState = DBG_CONTINUE ; }
else //if (dwSSCnt == 2)
{
::GetThreadContext(pi.hThread, &Regs) ;
++iTotalCommandNum ;
dwState = DBG_CONTINUE ;
char key2[256];
sprintf(key2, "你的License是:%d", Regs.Eax);
MessageBox(NULL, key2, "序列号",0);
} break ;
}
}
break ;
}//case EXCEPTION_DEBUG_EVENT:
case EXIT_PROCESS_DEBUG_EVENT :
{
STOP = TRUE ;
::sprintf(tBuffer, _T("程序总指令数: %08lX"), iTotalCommandNum) ;
::MessageBox(NULL, tBuffer, _T("结束"), MB_OK) ;
::ExitProcess(-1) ;
break ;
}
}
if (!STOP)
{
::ContinueDebugEvent(pi.dwProcessId, pi.dwThreadId, dwState) ;
}
} while (!STOP) ; ::CloseHandle(pi.hProcess) ;
::CloseHandle(pi.hThread) ;
::ExitProcess(0) ;
}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货