Implementing Debug Event Handlers
For our debugger to take action upon certain events, we need to establish handlers for each debugging event that can occur. If we
refer back to the WaitForDebugEvent()
function, we
know that it returns a populated DEBUG_EVENT
structure whenever a debugging event occurs. Previously we were ignoring
this struct and just automatically continuing the process, but now we
are going to use information contained within the struct to determine
how to handle a debugging event. The DEBUG_EVENT
structure is defined like this:
typedef struct DEBUG_EVENT { DWORD dwDebugEventCode; DWORD dwProcessId; DWORD dwThreadId; union { EXCEPTION_DEBUG_INFO Exception; CREATE_THREAD_DEBUG_INFO CreateThread; CREATE_PROCESS_DEBUG_INFO CreateProcessInfo; ...
Get Gray Hat Python now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.