Results 1 to 4 of 4

Thread: Debugging a process with 0xEBFE

  1. #1

    Debugging a process with 0xEBFE

    Hi,

    I wrote a small and simple debugger which doesn't use the debugger api. Instead I set breakpoints with 0xEBFE which works quite ok.

    Now I have a problem, I patched a DLL function with 0xEBFE and start the process which stops at that JMP EIP command, I attach with another debugger tool which uses the windows debugger api which works without problems.

    After attaching I want to remove the JMP EIP and want to run the program under the debugger. Writing the original opcodes back seems to work as I don't get any errors but the program seems to hang.

    Does anyone has an idea why this happen?

    Thx
    Tr1stan

  2. #2
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,490
    Blog Entries
    1
    did you tried "ResumeThread" function? prob. after attaching debugger it is need..

  3. #3
    Hi,

    thanks for the info...but I found the problem, it was a bug in my debugger which didn't use the correct address of the "jmp eip" i forgot to add the image base to the address
    So everything seems to work as expected

    tr1stan

  4. #4
    son of Bungo & Belladonna bilbo's Avatar
    Join Date
    Mar 2004
    Location
    Rivendell
    Posts
    310
    In the meanwhile you could have a look at http://www.deneke.biz/deneke/obsidian/, a nice EBFE-based debugger,
    cited also in Collaborative RCE Tool Library...

    Best regards, bilbo
    Last edited by bilbo; January 15th, 2012 at 03:27.
    Non quia difficilia sunt, non audemus, sed quia non audemus, difficilia sunt.[Seneca, Epistulae Morales 104, 26]

Similar Threads

  1. Debugging an .msi .dll
    By tachyon in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: February 23rd, 2010, 19:13
  2. Debugging
    By w_a_r_1 in forum The Newbie Forum
    Replies: 4
    Last Post: July 25th, 2009, 17:26
  3. Debugging not possible
    By Anson in forum The Newbie Forum
    Replies: 7
    Last Post: December 7th, 2006, 06:46
  4. The Zen of JIT Debugging
    By Kayaker in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: January 17th, 2006, 03:27
  5. Debugging only one DLL
    By MasTool in forum OllyDbg Support Forums
    Replies: 2
    Last Post: February 12th, 2005, 21:35

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •