基本的调试器框架

逻辑

关键的API、数据结构

//调试事件typedef struct _DEBUG_EVENT {  DWORD dwDebugEventCode;  DWORD dwProcessId;  DWORD dwThreadId;  union {    EXCEPTION_DEBUG_INFO Exception;    CREATE_THREAD_DEBUG_INFO CreateThread;    CREATE_PROCESS_DEBUG_INFO CreateProcessInfo;    EXIT_THREAD_DEBUG_INFO ExitThread;    EXIT_PROCESS_DEBUG_INFO ExitProcess;    LOAD_DLL_DEBUG_INFO LoadDll;    UNLOAD_DLL_DEBUG_INFO UnloadDll;    OUTPUT_DEBUG_STRING_INFO DebugString;    RIP_INFO RipInfo;  } u;} DEBUG_EVENT, *LPDEBUG_EVENT;

CreateProcess

WaitForDebugEvent

ContinueDebugEvent

效果

代码

#include "stdafx.h"#include <iostream>#include <Windows.h>using namespace std;void main(){    PROCESS_INFORMATION process_info;    STARTUPINFO startup_info;    memset(&process_info, 0, sizeof(process_info));    memset(&startup_info, 0, sizeof(startup_info));    startup_info.cb = sizeof(STARTUPINFO);    if(CreateProcess(TEXT("E:\\myCode\\helloworld\\Debug\\helloworld.exe"),NULL, NULL, NULL, FALSE,        DEBUG_ONLY_THIS_PROCESS | CREATE_NEW_CONSOLE,NULL, NULL, &startup_info, &process_info)){            //ResumeThread(process_info.hThread);            while(true){                DEBUG_EVENT debug_info;                if(!WaitForDebugEvent(&debug_info, INFINITE))                    break;                switch (debug_info.dwDebugEventCode)                {                case CREATE_PROCESS_DEBUG_EVENT://创建进程                    cout<<"CREATE_PROCESS_DEBUG_EVENT"<<endl;                    break;                case CREATE_THREAD_DEBUG_EVENT://创建线程                    cout<<"CREATE_THREAD_DEBUG_EVENT"<<endl;                    break;                case EXIT_THREAD_DEBUG_EVENT://退出线程                    cout<<"EXIT_THREAD_DEBUG_EVENT"<<endl;                    break;                case EXIT_PROCESS_DEBUG_EVENT://退出进程                    cout<<"EXIT_PROCESS_DEBUG_EVENT"<<endl;                    break;                case EXCEPTION_DEBUG_EVENT://发生异常                    cout<<"EXCEPTION_DEBUG_EVENT"<<endl;                    break;                case OUTPUT_DEBUG_STRING_EVENT://调用OutputDebugString函数                    cout<<"OUTPUT_DEBUG_STRING_EVENT"<<endl;                    break;                case RIP_EVENT://发生系统调试错误                    cout<<"RIP_EVENT"<<endl;                    break;                case LOAD_DLL_DEBUG_EVENT://加载dll                    cout<<"LOAD_DLL_DEBUG_EVENT"<<endl;                    break;                case UNLOAD_DLL_DEBUG_EVENT://卸载dll                    cout<<"UNLOAD_DLL_DEBUG_EVENT"<<endl;                    break;                }                if(debug_info.dwDebugEventCode == EXIT_PROCESS_DEBUG_EVENT)                    break;                ContinueDebugEvent(debug_info.dwProcessId, debug_info.dwThreadId, DBG_CONTINUE);            }            CloseHandle(process_info.hThread);            CloseHandle(process_info.hProcess);    }else{        cout<<"Can't create process."<<endl;    }}