DLL loading:
Case Load_dll_debug_event:
Read The debugging information included in the newly
Loaded DLL. Be sure to close the handle to the loaded DLL
With CloseHandle.
This event occurs when a DLL is loaded
Dwcontinuestatus = Onloaddlldebugevent (DebugEvent);
Break
DWORD onloaddlldebugevent (const lpdebug_event DebugEvent)
{
We can get a handle to the DLL through Debugevent->u.loaddll.hfile
However, without the API directly from the Handle->path, code conversions are required
The specific method is easy to find, here is not introduced.
Getfilenamefromhandle (Debugevent->u.loaddll.hfile);
return dbg_continue;
}
Read Memory:
Read the memory API we have already introduced readprocessmemory.
Part of the code:
Address Read by Addr
Size = sizeof (BYTE)
void *lpbuff;
Lpbuff = malloc (Size);
size_t Bytesread;
for (i = 0; i <; i++)
{
if ((i% 8) = = 0)//Output 4 rows 8 columns
printf ("\n%x", Addr);
if (FALSE = = ReadProcessMemory (g_process, Addr, Lpbuff, Size, &bytesread))
{
printf ("??"); Read failure on output "?? "
}
Else
{
printf ("%.2x", * (byte*) lpbuff);
}
ADDR = Addr + Size;
}
Free (lpbuff);
Effect:
This chapter is about so much ... A soft breakpoint is explained in detail in the next section.
Implementation of the Simple Debugger (iii) perfecting the debugger