Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-07-2005, 18:57
yaa
 
Posts: n/a
Question Code to efficiently break on entering code section???

Hello,

I'm writing a small tool and was wondering what might be the most efficient approach to break on entering the code section. Using EXCEPTION_SINGLE_STEP and checking at every step if EIP is in the code section is indeed slow. OllyDbg does this very efficiently, so there must be a better/faster way of doing it. How?

Thx.


yaa
Reply With Quote
  #2  
Old 05-07-2005, 21:42
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 93
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 6
Thanks Rcvd at 30 Times in 14 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
maybe try to use VirtualProtectEx with PAGE_NOACCESS
then check EXCEPTION_ACCESS_VIOLATION
Exception.pExceptionRecord.ExceptionAddress

Last edited by cyberbob; 05-07-2005 at 21:49.
Reply With Quote
  #3  
Old 05-08-2005, 02:00
Lunar_Dust
 
Posts: n/a
What do you mean "Olly does this efficiently", in what manner do you mean..the first BPX olly does in all programs is actually a system supplied breakpoint since Olly is a debugger. Not sure if you are referring to something else. ??

-Lunar
Reply With Quote
  #4  
Old 05-08-2005, 05:19
yaa
 
Posts: n/a
Hello Lunar_Dust,

I was not thinking of the initial breakpoint at the entry point of an application. I was thinking of a breakpoint placed for example on the .text section of a packed application.
OllyDbg is for sure not using EXCEPTION_SINGLE_STEP to break when you place a breakpoint on a PE section. It is too fast. I was then wondering how else you could accomplish such a task.


yaa

Last edited by yaa; 05-08-2005 at 08:11.
Reply With Quote
  #5  
Old 05-08-2005, 05:29
nikola nikola is offline
Friend
 
Join Date: Jan 2004
Location: Your head
Posts: 115
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
nikola Reputation: 0
Read help
Lemme read it for you for a sec....

Do VirtualProtectEx with PAGE_GUARD on. STATUS_GUARD_PAGE exception will occur. I think thats what Olly does also. So, first do VirtualQuery to get size of section you want, and then protect whole section...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Addison.Wesley.Pub.Exploiting.Software.How.to.Break.Code SOLAR General Discussion 13 12-24-2004 01:18


All times are GMT +8. The time now is 08:53.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )