#1
|
|||
|
|||
Code to efficiently break on entering code section???
Hello,
I'm writing a small tool and was wondering what might be the most efficient approach to break on entering the code section. Using EXCEPTION_SINGLE_STEP and checking at every step if EIP is in the code section is indeed slow. OllyDbg does this very efficiently, so there must be a better/faster way of doing it. How? Thx. yaa |
#2
|
||||
|
||||
maybe try to use VirtualProtectEx with PAGE_NOACCESS
then check EXCEPTION_ACCESS_VIOLATION Exception.pExceptionRecord.ExceptionAddress Last edited by cyberbob; 05-07-2005 at 21:49. |
#3
|
|||
|
|||
What do you mean "Olly does this efficiently", in what manner do you mean..the first BPX olly does in all programs is actually a system supplied breakpoint since Olly is a debugger. Not sure if you are referring to something else. ??
-Lunar |
#4
|
|||
|
|||
Hello Lunar_Dust,
I was not thinking of the initial breakpoint at the entry point of an application. I was thinking of a breakpoint placed for example on the .text section of a packed application. OllyDbg is for sure not using EXCEPTION_SINGLE_STEP to break when you place a breakpoint on a PE section. It is too fast. I was then wondering how else you could accomplish such a task. yaa Last edited by yaa; 05-08-2005 at 08:11. |
#5
|
|||
|
|||
Read help
Lemme read it for you for a sec.... Do VirtualProtectEx with PAGE_GUARD on. STATUS_GUARD_PAGE exception will occur. I think thats what Olly does also. So, first do VirtualQuery to get size of section you want, and then protect whole section... |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Addison.Wesley.Pub.Exploiting.Software.How.to.Break.Code | SOLAR | General Discussion | 13 | 12-24-2004 01:18 |