MuTek BugTrapper. Win32 API Debugging support IMAGEHLP.

Slides:



Advertisements
Similar presentations
Hand-Held Devices and Embedded Systems Course Student: Tomás Sánchez López Student ID:
Advertisements

Message Queue Dumping MPI Side Document. History MPIR and MQD were designed around 1995 MPIR: Process discovery Formally described in the MPIR document.
XS - Platform What is XS – Manager ?
An implementation overview By Aldo Núñez.  What is debugging?  What is a debugger?  What is Mago?  Execution Agent  Expression Evaluator  Symbol.
E-Glue Application Merging executables in WIN32 environment By : Gil Arbeli, Ran Didi Instructor : Gal Badishi Softlab – June 2006.
Nullcon Goa 2010http://nullcon.net Intelligent Debugging and in-memory Fuzzers By Vishwas Sharma Amandeep Bharti Rohan Thakur.
Operating-System Structures
Lab#1 (14/3/1431h) Introduction To java programming cs425
Modified from Silberschatz, Galvin and Gagne ©2009 Lecture 7 Chapter 4: Threads (cont)
2010 Microsoft Student Partners. T OPICS - User Interface and Editor Improvements - New windows: Call Hierarchy, Navigate To - IntelliSense - Generate.
Threads - Definition - Advantages using Threads - User and Kernel Threads - Multithreading Models - Java and Solaris Threads - Examples - Definition -
BINA RAMAMURTHY UNIVERSITY AT BUFFALO System Structure and Process Model 5/30/2013 Amrita-UB-MSES
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
“Automate Anything You See” Uses image recognition to identify and control GUI components Useful when there is no easy access to a GUI's internal or source.
Benefits of PL/SQL. 2 home back first prev next last What Will I Learn? In this lesson, you will learn to: –List and explain the benefits of PL/SQL –List.
Session 1 - Introduction and Data Access Layer
Part 3: Advanced Dynamic Analysis Chapter 8: Debugging.
Win32 Programming Lesson 22: DLL Magic Part Deux All your base are belong to us…
Windows 2000 Course Summary Computing Department, Lancaster University, UK.
INDUSTRIAL PROJECT (234313) ULTRASOUND SCANNER EMBEDDED ONLINE PROFILER Students: Liat Peterfreund, Hagay Myr Supervisor: Mr. Tomer Gal (GE Healthcare)
FLUKA GUI Status FLUKA Meeting CERN, 10/7/2006.
Digital curation activities enhance access and retrieval, maintain quality, add value, and facilitate use and re-use over time. This poster demonstrates.
Presented by IBM developer Works ibm.com/developerworks/ 2006 January – April © 2006 IBM Corporation. Making the most of The Eclipse debugger.
CSE 232: C++ Programming in Visual Studio Graphical Development Environments for C++ Eclipse –Widely available open-source debugging environment Available.
CSE 332: C++ debugging Why Debug a Program? When your program crashes –Finding out where it crashed –Examining program memory at that point When a bug.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Computer Science Faculty School of Software Engineering C INTERPRETER AND DEBUGGER (ISO/IEC 9899:2011) Developer: student of 203SE group: Lukyanov Dmitry.
Using the humec Tools 20 th March 2006 Robert Pointon.
Page 1 – Autumn 2009Steffen Vissing Andersen SDJ I1, Autumn 2009 Agenda: Java API Documentation Code Documenting (in javadoc format) Debugging.
ViPER Video Performance Evaluation Toolkit viper-toolkit.sf.net.
“Hello World” In Java Mehdi Einali Advanced Programming in Java 1.
Chapter 2. System Structures
Windows workshop 2010 Understanding Software Dependencies in Windows Roland Yap School of Computing National University of Singapore Singapore
Open project in Microsoft Visual Studio → build program in “Release” mode.
Bruno Cabral “Reflection, Code Generation and Instrumentation in the.NET platform” University of Coimbra.
13/July/1999Third USENIX Windows NT Symposium1 Detours: Binary Interception of Win32 Functions Galen Hunt and Doug Brubacher Systems and Networking Group.
Lecture 11 Example Rootkit. Intel internship Intel CTG (Corporate Technology Group) –Advanced research & development –System integrity services using.
Overview of Windows Driver Development Reference: us/gstart/hh/gstart/gs_intro_031j.asp.
CSE 332: C++ expressions Expressions: Operators and Operands Operators obey arity, associativity, and precedence int result = 2 * 3 + 5; // assigns 11.
“Hello World” In Java Mehdi Einali Advanced Programming in Java 1.
Image from
Object Files & Linking. Object Sections Compiled code store as object files – Linux : ELF : Extensible Linking Format – Windows : PE : Portable Execution.
Radare Easing binary analysis for fun and profit.
Chapter 4: Threads Modified by Dr. Neerja Mhaskar for CS 3SH3.
Introduction to threads
Operating System Debugging Support and How Win32 Debuggers Work
CE-105 Spring 2007 Engr. Faisal ur Rehman
CLR MD A New Swiss Army Knife tool for Advanced Debugging
System Structure and Process Model
Chapter 3: Windows7 Part 1.
Chapter 3 The .NET Framework Class Library (FCL)
Tips Need to Consider When Organizing a College Event
System Structure and Process Model
YG - CS170.
Image #1 Image Analysis: What do you think is going on in this picture? Which person, thing, or event does this image relate to (which Word Wall term)?
System Structure B. Ramamurthy.
System Structure and Process Model
זכויות סוציאליות.
ماجستير إدارة المعارض من بريطانيا
Python’s Standard library part I
When your program crashes
Testing, debugging, and using support libraries
Social Media And Global Computing Creating DLLs with Visual Studio
[Robert W. Sebesta, “Programming the World Wide Web
Debugging Support for Charm++
PROGRAM AT RUNTIME Subject code: CSCI-620
CSC 497/583 Advanced Topics in Computer Security
Following Malware Execution in IDA
Presentation transcript:

MuTek BugTrapper

Win32 API Debugging support IMAGEHLP

Debugging support Run process from the debugger or attach to an active process. Control process execution applying debug events. Get exception notification.

Debugging API CreateProcess(), DebugActiveProcess() WaitForDebugEvent() ContinueDebugEvent() ReadProcessMemory(), WriteProcessMemory() OutputDebugString()

Debug events Exception Process/Thread create Process/Thread exit Load/Unload DLL Debug string

CreateProcess( … ) / DebugActiveProcess( … ) while ( 1 ) { DEBUG_EVENT Evnt; WaitForDebugEvent( &Evnt ); /* Treat debug event */ ContinueDebugEvent( &Evnt ); }

IMAGEHLP DLL Win32 -based executable (image) files are structured according to the Portable Executable (PE) format. The ImageHlp library provides API to manipulate with the PE images.

ImageHlp functions SymInitialize(), SymCleanup() MapDebugInformation(), SymLoadModule() SymGetModuleInfo(), SymEnumerateSymbols() SymGetSymFromName(), SymGetSymFromAddr() StackWalk()

Summary The debugging support and ImageHlp DLL provide simple and efficient method of testing and debugging tools creation for the Win32 applications.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.