Wednesday, August 24, 2005, 6:20:40 AM, Kuba Ober wrote:
On Tuesday 23 August 2005 20:05, Vitaliy Margolen wrote:
As of todays CVS Delphi 5 debugger is fixed.
Well, ok, there are still some bugs. One is a minor bug (Module view reports all modules as a project executable name), but all exports are there. You can even try to disassemble them. But here is where the major problems start. Debugger segfaults on that. This is because NtQueryVirtualMemory and NtProtectVirtualMemory currently don't work on other processes.
What are the problems with implementing those using SIGSTOP/SIGCONT and ptrace(2)? I imagine that for example changing memory protection for another process could be achieved as follows:
- SIGSTOP to the process
- inject code that invokes mprotect() and stops execution
- change EIP, ESP, etc. then SIGCONT
- wait(pid,&status,WUNTRACED) on the child
- remove the injected code, restore registers, SIGCONT
I have never implemented such a beast so I might be way off, nevertheless it'd be interesting to hear what the problems are. phrack might also be a useful read in that respect.
Hmm, that looks familiar. Something like that safedisc uses, that currently doesn't work. The only difference - safedisc limited to win API. I guess I can give it a try to see if it will work.
Vitaliy