How to fix "DebugActiveProcess stop attached process"

Question

How to fix "DebugActiveProcess stop attached process"

I want to debug a program at a specific address. I have wrote a debugger with c++. I attached a extern program/process.
When I use the function DebugActiveProcess, I cannot use my attached program because it stopped or it freezed. The task manager said the programm run normal. So I cannot do something in the attached program to trigger the breakpoint. Have I do something wrong in my code? How can i get access to the attached programm?

I try the code without setting a breakpoint. Then the game don't freeze. When I set the breakpoint later, then the problem still exists.

 //... attached program ...
    HANDLE handle = fProcess.__HandleProcess; //attached processhandle

    DWORD_PTR eax = 0;
    DWORD_PTR address = 0x0045D000;  //Debug address

    DebugActiveProcess(fProcess.__gameProcess.th32ProcessID);  //here stop the attached program

    DebugSetProcessKillOnExit(false);

    DWORD_PTR dwThreadID = fProcess.getThreadByProcess(fProcess.__gameProcess.th32ProcessID);

    HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, dwThreadID);

    CONTEXT ctx = { 0 };
    ctx.ContextFlags = CONTEXT_DEBUG_REGISTERS | CONTEXT_INTEGER;
    ctx.Dr0 = address;
    ctx.Dr7 = 0x00000001;

    SetThreadContext(hThread, &ctx);

    DEBUG_EVENT dbgEvent;
    while (true)
    {
        if (WaitForDebugEvent(&dbgEvent, INFINITE) == 0)
            break;

        Sleep(10000);

        if (dbgEvent.dwDebugEventCode == EXCEPTION_DEBUG_EVENT &&
            dbgEvent.u.Exception.ExceptionRecord.ExceptionCode == EXCEPTION_SINGLE_STEP) // EXCEPTION_BREAKPOINT
        {
            if (dbgEvent.u.Exception.ExceptionRecord.ExceptionAddress == (LPVOID)address)
            {
                GetThreadContext(hThread, &ctx);
                eax = ctx.Eax; // eax get
                std::cout << eax << "\n";
                ctx.Dr0 = ctx.Dr6 = ctx.Dr7 = 0;
                SetThreadContext(hThread, &ctx);
                ContinueDebugEvent(dbgEvent.dwProcessId, dbgEvent.dwThreadId, DBG_CONTINUE);
                break;
            }

        }

        ContinueDebugEvent(dbgEvent.dwProcessId, dbgEvent.dwThreadId, DBG_CONTINUE);
    }

    DebugActiveProcessStop(fProcess.__gameProcess.th32ProcessID);

Thanks for help

c++

debugging

process

reverse-engineering

breakpoints

asked on Stack Overflow Dec 21, 2018 by

Daragoth • edited Dec 25, 2018 by

Daragoth

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0