PureBasic Forums - English

code is excellent loads the program up pretty quick but doesnt work 100% for all 32 bit windows sotware, some programs have debugger detection etc........ I wrote this code here because I was building a debugger thought anyone that was building one would definately want my source code..... use the ...

I looked up script kiddy I wrote that source code studying windows debugging all by myself because I was going to build a debugger. script kiddys are people into hacking on the net by definition

What is a script kiddy?

Hereis cleaned up code far better functioning version of the dis assembler debugger program



Global ph
Global SysInfo.SYSTEM_INFO

Structure LV_HITTESTINFOEX
Pt.POINT
Flags.l
iItem.l
iSubItem.l
iGroup.l
EndStructure

#NbProcessesMax = 10000
Structure REX_Struct
W_.b
R_.b
X_.b
B_.b
state ...

well, what it was about is to find the start of the code in memory, which when calculated looks different from the addressing of for example the current EIP in the context of the currently debugged thread (process thread)...... I'll try and figure it out...... the start code of an EXE is usually ...

what im looking for is to convert whatever type of addressing the exceptionaddress is of a debug breakpoint for example, which seems to always be the same as EIP register while the program is running, into the other type of addressing, virtual or physical, i dont have a complete grasp of windows ...

the debugger was returning the value zero when i tried it with notepad.exe running and then tried it with another program called tordns.exe
I wonder why it returned the value zero instead of the base address.... thanks for the code btw I just can't figure out why it doesnt work for some reason ...

what i am looking for is convert the current EIP address during a breakpoint exception into the process's virtual address (if i speak that correctly)

I can't figure out how to find a base address or virtual process address of EIP during a breakpoint in a debugger session debugging a program....

the "getthreadselectorentry" code below doesn't work to give me data about the con\eip address... anybody know anything about this stuff?




global con ...

here is a little program that assembles a big instruction into proper machine opcodes.....


Structure t_asmmodel; { // Model To search For assembler command
code.c[15]; // Binary code
mask.c[15]; // Mask for binary code (0: bit ignored)
length.i; // Length of code, bytes (0: empty)
jmpsize ...

http://sandsprite.com/CodeStuff/olly_dll.html

this is where i found what i was looking for to assemble instructions to proper machine op codes......... it assembles instructions and disassemles them as well......

Below is my dissasembler while execution of a windows 32 bit application.... Excellent source code for those writing a debugger in purebasic..... please give me feedback on what you think of it.......

the code i wrote from the c++ source executes the program that is being debugged fine except when i try to use single step exception flag set in the thread's context of the process being debugged.

http://www.codeproject.com/KB/system/writing_debugger_1.aspx

is where i got the c++ source code........

for example:



DEBUG_EVENT debug_event = {0};
for(;;)
{
if (!WaitForDebugEvent(&debug_event, INFINITE))
return;
ProcessDebugEvent(&debug_event); // User-defined function, not API ...

Here is code that works except instead of running the program smoothly while the single step flag is set it endlessly loops showing and endless loop of exectution addresses or to say exceptionaddresses in a loop endlessly.... if i take out the code the induces single step the program runs fine ...