| View previous topic :: View next topic |
| Author |
Message |
igoticecream
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 23 Apr 2006
Posts: 1807
Location: 0x00400000
|
 Posted: Mon Sep 20, 2010 9:22 pm Post subject: Help, my INT 3 is not working |
 |
|
Does anybody knows the reason why, after INT 3 instruction is executed, my VEH does not handle it?
It can handle exceptions like divide by zero, but not breakpoints exceptions. Here's the code:
| Code: |
#define BUFFER_SIZE 512
#define BREAKPOINT _asm int 3
VOID DbgPrint(LPCTSTR Format, ...)
{
va_list Arguments;
va_start(Arguments, Format);
TCHAR Buffer[BUFFER_SIZE];
_vstprintf_s(Buffer, BUFFER_SIZE, Format, Arguments);
va_end(Arguments);
OutputDebugString(Buffer);
OutputDebugString(TEXT("\r\n"));
}
LONG WINAPI VectoredExceptionHandler(PEXCEPTION_POINTERS pExceptionInfo)
{
if (pExceptionInfo->ExceptionRecord->ExceptionCode == EXCEPTION_BREAKPOINT)
{
DbgPrint(_T("-BREAKPOINT-"));
DbgPrint(_T("EAX: 0x%08X"),pExceptionInfo->ContextRecord->Eax);
DbgPrint(_T("EBX: 0x%08X"),pExceptionInfo->ContextRecord->Ebx);
DbgPrint(_T("ECX: 0x%08X"),pExceptionInfo->ContextRecord->Ecx);
DbgPrint(_T("EDX: 0x%08X"),pExceptionInfo->ContextRecord->Edx);
DbgPrint(_T("EDI: 0x%08X"),pExceptionInfo->ContextRecord->Edi);
DbgPrint(_T("ESI: 0x%08X"),pExceptionInfo->ContextRecord->Esi);
DbgPrint(_T("EBP: 0x%08X"),pExceptionInfo->ContextRecord->Ebp);
DbgPrint(_T("ESP: 0x%08X"),pExceptionInfo->ContextRecord->Esp);
DbgPrint(_T("EIP: 0x%08X"),pExceptionInfo->ContextRecord->Eip);
return EXCEPTION_CONTINUE_EXECUTION;
}
return EXCEPTION_CONTINUE_SEARCH;
}
int _tmain(int argc, _TCHAR* argv[])
{
PVOID pExceptionHandler = AddVectoredExceptionHandler(1,(PVECTORED_EXCEPTION_HANDLER)VectoredExceptionHandler);
__asm
{
xor eax, eax
BREAKPOINT
inc eax
BREAKPOINT
xor eax, eax
BREAKPOINT
}
_getch();
return 0;
}
|
Thanks guys.
_________________
+~ |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Mon Sep 20, 2010 9:33 pm Post subject: |
|
|
Not sure, exactly what is happening or not happening?
also, make sure you do NOT have a debugger attached. If a debugger is attached the breakpoint will not get handled by the exception handler (debug comes before exception handler)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
igoticecream
Grandmaster Cheater Supreme
Reputation: 0
Joined: 23 Apr 2006
Posts: 1807
Location: 0x00400000
|
| Posted: Mon Sep 20, 2010 9:44 pm Post subject: |
|
|
I ran it without any debugger attached to it, and what I expect the program do:
Execute: "xor eax, eax"
Execute: "int 3"
Output: "EAX: 0x00000000" (and the others registers, but im focus on this one)
Execute: "inc eax"
Execute: "int 3"
Output: "EAX: 0x00000001"
Execute: "xor eax, eax"
Execute: "int 3"
Output: "EAX: 0x00000000"
But my VEH does not handle the breakpoint exception (that should be generated by int 3, right?)
_________________
+~ |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Mon Sep 20, 2010 9:51 pm Post subject: |
|
|
try changing
| Code: |
if (pExceptionInfo->ExceptionRecord->ExceptionCode == EXCEPTION_BREAKPOINT)
|
with:
| Code: |
if (pExceptionInfo->ExceptionRecord->ExceptionCode != DBG_PRINTEXCEPTION_C)
|
That way the OutputDebugString shouldn't cause an infinite loop.
Perhaps int3 doesn't return EXCEPTION_BREAKPOINT but an intermediate kind of breakpoint (e.g : STATUS_WX86_BREAKPOINT )
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
igoticecream
Grandmaster Cheater Supreme
Reputation: 0
Joined: 23 Apr 2006
Posts: 1807
Location: 0x00400000
|
| Posted: Mon Sep 20, 2010 10:07 pm Post subject: |
|
|
You are right Dark Byte, OutputDebugString is causing infinite loop and my VEH gets spammed with 0x40010006 exception code (DBG_PRINTEXCEPTION_C). Can you explain this event? I'm so lost why OutputDebugString cause this.
EDIT: If i remove every call to OutputDebugString my code runs fine.
_________________
+~ |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Mon Sep 20, 2010 10:10 pm Post subject: |
 |
|
That's just how it works. OutputDebugString raises a debug event which is either handled by the exception handler, or handled by the debugger
So just filter out those exceptions(You can just continue when you get them, just don't call DbgPrint while there)
also, if you're interested:
ExceptionInformation[0] contains stringlength
ExceptionInformation[1] contains the pointer to the string
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
igoticecream
Grandmaster Cheater Supreme
Reputation: 0
Joined: 23 Apr 2006
Posts: 1807
Location: 0x00400000
|
| Posted: Mon Sep 20, 2010 10:16 pm Post subject: |
|
|
Ok now is running just fine, thanks for the info dark byte... i didn't know how OutputDebugString worked and yea, that's explain the infinite loop... REP+
Also, i forgot a line of code
"pExceptionInfo->ContextRecord->Eip++;"
_________________
+~ |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
