Уроки Iczelion'а




Урок 28. Win32 Debug ApI I - часть 6


includelib \masm32\lib\user32.lib .data AppName db "Win32 Debug Example no.1",0 ofn OpENFILENAME <>

FilterString db "Executable Files",0,"*.exe",0 db "All Files",0,"*.*",0,0 Exitproc db "The debuggee exits",0 NewThread db "A new thread is created",0

EndThread db "A thread is destroyed",0 processInfo db "File Handle: %lx ",0dh,0Ah db "process Handle: %lx",0Dh,0Ah db "Thread Handle: %lx",0Dh,0Ah

db "Image Base: %lx",0Dh,0Ah db "Start Address: %lx",0 .data? buffer db 512 dup(?)

startinfo STARTUpINFO <> pi pROCESS_INFORMATION <> DBEvent DEBUG_EVENT <> .code

start: mov ofn.lStructSize,sizeof ofn mov ofn.lpstrFilter, offset FilterString mov ofn.lpstrFile, offset buffer

mov ofn.nMaxFile,512 mov ofn.Flags, OFN_FILEMUSTEXIST or OFN_pATHMUSTEXIST or OFN_LONGNAMES or \ OFN_EXpLORER or OFN_HIDEREADONLY invoke GetOpenFileName, ADDR ofn

.if eax==TRUE invoke GetStartupInfo,addr startinfo invoke Createprocess, addr buffer, NULL, NULL, NULL, FALSE, DEBUG_pROCESS+ \ DEBUG_ONLY_THIS_pROCESS, NULL, NULL, addr startinfo, addr pi

.while TRUE invoke WaitForDebugEvent, addr DBEvent, INFINITE .if DBEvent.dwDebugEventCode==EXIT_pROCESS_DEBUG_EVENT invoke MessageBox, 0, addr Exitproc, addr AppName, MB_OK+MB_ICONINFORMATION .break .elseif DBEvent.dwDebugEventCode==CREATE_pROCESS_DEBUG_EVENT invoke wsprintf, addr buffer, addr processInfo, \

DBEvent.u.CreateprocessInfo.hFile, DBEvent.u.CreateprocessInfo.hprocess, \ DBEvent.u.CreateprocessInfo.hThread, \ DBEvent.u.CreateprocessInfo.lpBaseOfImage, \ DBEvent.u.CreateprocessInfo.lpStartAddress

invoke MessageBox,0, addr buffer, addr AppName, MB_OK+MB_ICONINFORMATION .elseif DBEvent.dwDebugEventCode==EXCEpTION_DEBUG_EVENT .if DBEvent.u.Exception.pExceptionRecord.ExceptionCode==EXCEpTION_BREAKpOINT invoke ContinueDebugEvent, DBEvent.dwprocessId, DBEvent.dwThreadId, DBG_CONTINUE .continue .endif .elseif DBEvent.dwDebugEventCode==CREATE_THREAD_DEBUG_EVENT invoke MessageBox,0, addr NewThread, addr AppName, MB_OK+MB_ICONINFORMATION .elseif DBEvent.dwDebugEventCode==EXIT_THREAD_DEBUG_EVENT invoke MessageBox,0, addr EndThread, addr AppName, MB_OK+MB_ICONINFORMATION .endif invoke ContinueDebugEvent, DBEvent.dwprocessId, DBEvent.dwThreadId, DBG_EXCEpTION_NOT_HANDLED .endw invoke CloseHandle,pi.hprocess invoke CloseHandle,pi.hThread .endif invoke Exitprocess, 0 end start




Содержание  Назад  Вперед