Hmm have a test yourself. :< Since you are writing a debugger you can wait for the breakpoint. The system generates an exception with code EXCEPTION_BREAKPOINT and your debugger should handle it. Otherwise your program would be terminated.
------------------ Best regards, lh_mouse 2014-11-14 ------------------------------------------------------------- 发件人:Vincent Torri <vincent.to...@gmail.com> 发送日期:2014-11-14 23:49 收件人:mingw-w64-public@lists.sourceforge.net 抄送: 主题:Re: [Mingw-w64-public] Help required about process and dll injection Hey, thanks for the answer. coments below On Fri, Nov 14, 2014 at 3:35 PM, lh_mouse <lh_mo...@126.com> wrote: > Possible solution: > 0) Load the debugee in suspended mode; > 1) Calculate the address of its entry point (typically mainCRTStartup or > WinMainCRTStartup) from its PE header, since its header should now have been > loaded into RAM; I guess that I call CreateFilemapping() like that : CreateFilemapping(pi.hProcess, NULL, PAGE_READWRITE, 0, 0, NULL); with pi the PROCESS_INFORMATION structure passed to CreateProcess() ? > 2) Overwrite the byte at that address with 0xCC (a.k.a. int3 instruction on > both x86 and x64); > 3) Resume the process and it should hit the breakpoint, after all > statically-linked DLLs have been loaded successfully, before any static > constructors are invoked; shouldn't I have to wait a bit so that all the DLL are loaded ? It might take some time to load them, no ? That's what is done in the link that i have posted ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk _______________________________________________ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public