|
Code to efficiently break on entering code section???
Hello,
I'm writing a small tool and was wondering what might be the most efficient approach to break on entering the code section. Using EXCEPTION_SINGLE_STEP and checking at every step if EIP is in the code section is indeed slow. OllyDbg does this very efficiently, so there must be a better/faster way of doing it. How? Thx. yaa |
maybe try to use VirtualProtectEx with PAGE_NOACCESS
then check EXCEPTION_ACCESS_VIOLATION Exception.pExceptionRecord.ExceptionAddress |
What do you mean "Olly does this efficiently", in what manner do you mean..the first BPX olly does in all programs is actually a system supplied breakpoint since Olly is a debugger. Not sure if you are referring to something else. ??
-Lunar |
Hello Lunar_Dust,
I was not thinking of the initial breakpoint at the entry point of an application. I was thinking of a breakpoint placed for example on the .text section of a packed application. OllyDbg is for sure not using EXCEPTION_SINGLE_STEP to break when you place a breakpoint on a PE section. It is too fast. I was then wondering how else you could accomplish such a task. yaa |
Read help ;)
Lemme read it for you for a sec.... Do VirtualProtectEx with PAGE_GUARD on. STATUS_GUARD_PAGE exception will occur. I think thats what Olly does also. So, first do VirtualQuery to get size of section you want, and then protect whole section... |
| All times are GMT +8. The time now is 16:26. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX