Hi Guru,
I have an application which injects the DLL A.dll to the game application. The application alters the import address table of another DLL B.dll loaded by the game to hook the functions exported by the B.dll.
In this case, how can I use the Windbg to do debugging? I tried to attach either the application or the game application but I don’t see the debugger break.
Any thoughts?
Thanks,
Marshall
hmm. if i understand you correctly and assuming that you’ve already
defeated the antidebugging mechanisms, if any, you can try one of
these:
- in the target process, do “sxe ld ” so that the debugger
can notify you when the dll is loaded. then you can set breakpoints
inside that DLL accordingly.
2. if you already have the injected DLL on disk, patch its entry point
(or a function that you know it will execute) with 0xcc and set windbg
as default post-mortem debugger.
3. if you already know which function will be patched, set a hardware
breakpoint on it (ba w1 )
hope that helps.
–bruce
On Sun, Dec 12, 2010 at 10:44 PM, wrote:
> Hi Guru,
>
> I have an application which injects the DLL A.dll to the game application. The application alters the import address table of another DLL B.dll loaded by the game to hook the functions exported by the B.dll.
>
> In this case, how can I use the Windbg to do debugging? I tried to attach either the application or the game application but I don’t see the debugger break.
>
> Any thoughts?
>
> Thanks,
> Marshall
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>