windowsR3下调试器源码资源-CSDN文库

共57个文件

h：12个

obj：12个

sbr：11个

需积分: 9 79 浏览量 2013-03-14 13:48:14 上传评论收藏 3.29MB RAR 举报

在Windows R3环境下，调试器是一种至关重要的工具，它允许开发者深入系统内部，对程序运行进行跟踪、分析和故障排查。TzdnerC是这款调试器的源代码，旨在实现软硬件断点、内存断点以及监控加载模块等多种功能。通过理解和学习这个源码，我们可以深入了解Windows操作系统内部的工作原理，提升在调试方面的技能。 1. **软硬件断点**： - **软件断点**：这是通过修改目标程序内存中的指令来实现的。当程序执行到该位置时，CPU会遇到无法执行的指令（通常是`int 3`），从而触发调试事件。 - **硬件断点**：利用CPU的调试寄存器（如x86架构下的DR0-DR7）设置断点，一旦目标地址被访问，就会触发调试中断。硬件断点通常不受内存大小限制，且不会改变程序的原始指令。 2. **内存断点**： - 内存断点允许我们在程序试图读写特定内存区域时暂停执行。这在追踪内存泄漏、检测数据变化或理解内存操作流程时非常有用。 3. **监视加载模块**： - 这一功能可以让我们跟踪程序运行过程中动态链接库（DLL）的加载情况。这对于理解程序依赖性、调试动态加载问题或防止恶意软件注入非常有价值。 4. **TzdnerC调试器的实现**： - 源码可能包含对Windows API的调用，如`CreateToolhelp32Snapshot`和`Module32Next`用于遍历进程和模块，`WriteProcessMemory`和`ReadProcessMemory`用于内存操作，以及`SetDebugPrivileges`来获取调试权限。 - 使用调试API，如`DebugActiveProcess`来附加到目标进程，`ContinueDebugEvent`来处理调试事件，以及`WaitForDebugEvent`来监听调试事件。 - 源码可能还包括对调试事件的处理，例如`CREATE_PROCESS_DEBUG_EVENT`、`EXIT_PROCESS_DEBUG_EVENT`、`LOAD_DLL_DEBUG_EVENT`等。 5. **调试技术**： - 学习TzdnerC的源码可以让我们了解如何实现调试循环，如何处理不同类型的调试事件，以及如何在调试过程中安全地暂停和恢复目标进程。 6. **逆向工程**： - 通过深入理解调试器的源码，开发者还可以提升逆向工程的能力，能够更有效地分析和理解未知或恶意代码的行为。 7. **性能优化**： - 调试器设计中要考虑性能问题，如减少不必要的内存读写，优化断点检查机制等。TzdnerC的源码将揭示这些优化策略。 TzdnerC调试器的源码提供了学习和研究Windows调试技术的宝贵资源。通过对这个项目的研究，开发者不仅可以提升自身的编程技巧，还能增强对操作系统和程序行为的理解。无论是为了工作中的问题解决，还是个人技能提升，深入挖掘TzdnerC都将是一次受益匪浅的旅程。

资源推荐

资源详情

资源评论

收起资源包目录

TzdnerDebug.rar （57个子文件）

TzdnerDebug

CStcmd.cpp 13KB

GlobalFunction.cpp 18KB

Debug

TzdnerDebug.pdb 2.93MB

TzdnerDebug.bsc 3.88MB

GlobalFunction.sbr 0B

vc60.pdb 100KB

BreakPoint.obj 25KB

TzdnerDebug.obj 14KB

TzdnerClassOfPE.sbr 0B

CStcmd.sbr 0B

vc60.idb 209KB

TzdnerClassOfPE.obj 46KB

EventHandling.sbr 0B

BreakPoint.sbr 0B

MyUI.sbr 0B

TzdnerDebug.sbr 0B

CurrentState.obj 14KB

TzdnerDebug.pch 3.79MB

CUserFace.sbr 0B

CStcmd.obj 52KB

TzdnerDebug.ilk 1.91MB

MyUI.obj 37KB

CUserFace.obj 38KB

BreakProint.obj 1KB

MsgMap.sbr 0B

MsgMap.obj 66KB

TzdnerDebug.exe 1.45MB

GlobalFunction.obj 56KB

CurrentState.sbr 0B

EventHandling.obj 36KB

inteldis.obj 218KB

inteldis.sbr 0B

MyUI.cpp 9KB

TzdnerDebug.dsp 5KB

CUserFace.cpp 6KB

TzdnerDebug.opt 58KB

MyUI.h 1KB

TzdnerClassOfPE.h 3KB

CStcmd.h 1KB

EventHandling.h 1019B

TzdnerClassOfPE.cpp 22KB

BreakPoint.h 5KB

TzdnerDebug.plg 256B

GlobalFunciton.h 3KB

CurrentState.h 2KB

TzdnerDebug.dsw 545B

CurrentState.cpp 2KB

EventHandling.cpp 12KB

BreakPoint.cpp 8KB

TzdnerDebug.cpp 2KB

inteldis.h 10KB

TzdnerDebug.ncb 177KB

inteldis.cpp 163KB

TzdnerDebug.h 131B

StdAfx.h 0B

inteldef.h 25KB

CUserFace.h 4KB

#include "StdAfx.h" #include "stdio.h" #include "string.h" #include "inteldef.h" #include "inteldis.h" #include "windows.h" LOCKREPXX LockRepxx[]= { {"LOCK " ,0xf0}, {"REP " ,0xf3}, {"REPZ " ,0xf3}, {"REPE " ,0xf3}, {"REPNE " ,0xf2}, {"REPNZ " ,0xf2} }; OPDATAWIDE OpDataWide[]= { {1, "SHORT PTR" }, {2, "NEAR PTR" }, {4, "FAR PTR" }, {1, "BYTE PTR" }, {2, "WORD PTR" }, {4, "DWORD PTR" }, {6, "FWORD PTR" }, {8, "QWORD PTR" } }; char *RegAddr16[]= { "[BX+SI]" , "[SI+BX]" , "[BX][SI]" , "[SI][BX]", "[BX+DI]" , "[DI+BX]" , "[BX][DI]" , "[DI][BX]", "[BP+SI]" , "[SI+BP]" , "[BP][SI]" , "[SI][BP]", "[BP+DI]" , "[DI+BP]" , "[BP][DI]" , "[DI][BP]", "[SI]" , "[SI]" , "[SI]" , "[SI]", "[DI]" , "[DI]" , "[DI]" , "[DI]", "[BP]" , "[BP]" , "[BP]" , "[BP]", "[BX]" , "[BX]" , "[BX]" , "[BX]" }; char *xxxxptr[] = { NULL, "BYTE", "WORD", NULL, "DWORD", NULL, "FWORD", NULL, "QWORD", NULL, "TWORD" }; BYTE SegmentValue[8] = { 0x26,0x2e,0x36,0x3e,0x64,0x65,0x00,0x00 }; char *SegReg[8] = { "ES","CS","SS","DS","FS","GS","??","??" }; char *RegByte[8] = { "AL","CL","DL","BL","AH","CH","DH","BH" }; char *RegWord[8] = { "AX","CX","DX","BX","SP","BP","SI","DI" }; char *RegDWord[8] = { "EAX","ECX","EDX","EBX","ESP","EBP","ESI","EDI" }; char *FlagS[2][8]= { {"NV","UP","DI","PL","NZ","NA","PO","NC"}, {"OV","DN","EI","NG","ZR","AC","PE","CY"} }; char *FlagICE[2][8]= { {"o","d","i","s","z","a","p","c"}, {"O","D","I","S","Z","A","P","C"} }; BYTE Segment[8] = { 0x26,0x2e,0x36,0x3e,0x64,0x65,0x00,0x00 }; char *CtrReg[8] = { "IP","EIP","FLAGS","FLAG","FL","EFLAGS","EFLAG","EFL" }; char *RegName[][8] = { {"ES","CS","SS","DS","FS","GS","??","??"}, {"AL","CL","DL","BL","AH","CH","DH","BH"}, {"AX","CX","DX","BX","SP","BP","SI","DI"}, {"EAX","ECX","EDX","EBX","ESP","EBP","ESI","EDI"} }; char *Emblem[0x200] = { "ES","CS","SS","DS","FS","GS", "AL","CL","DL","BL","AH","CH","DH","BH", "AX","CX","DX","BX","SP","BP","SI","DI", "EAX","ECX","EDX","EBX","ESP","EBP","ESI","EDI", //---------------------------------- "IP","EIP","FLAGS","EFLAGS", //---------------------------------- "BYTE","WORD","DWORD","FWORD","QWORD","TWORD", //---------------------------------- "SHORT","NEAR","FAR","PTR", //---------------------------------- "ADD","ADC","SUB","SBB","MUL","IDIV", "XOR","AND","OR" ,"NOT","NEG","TEST" }; //--------------------------------------------------------------- //intel 指令表格 //---------------------------------------------------------------- DIS_OPCODE_T Group0x80[] = //immediate group { {R_M |Immediate_Ib, C_ADD, D__Eb, D__Ib, D__NONE, "ADD", }, //0x0 {R_M |Immediate_Ib, C_OR, D__Eb, D__Ib, D__NONE, "OR", }, //0x1 {R_M |Immediate_Ib, C_ADC, D__Eb, D__Ib, D__NONE, "ADC", }, //0x2 {R_M |Immediate_Ib, C_SBB, D__Eb, D__Ib, D__NONE, "SBB", }, //0x3 {R_M |Immediate_Ib, C_AND, D__Eb, D__Ib, D__NONE, "AND", }, //0x4 {R_M |Immediate_Ib, C_SUB, D__Eb, D__Ib, D__NONE, "SUB", }, //0x5 {R_M |Immediate_Ib, C_XOR, D__Eb, D__Ib, D__NONE, "XOR", }, //0x6 {R_M |Immediate_Ib, C_CMP, D_rEb, D__Ib, D__NONE, "CMP", } //0x7 }; DIS_OPCODE_T Group0x81[] = //immediate group { {R_M |Immediate_Iv, C_ADD, D__Ev, D__Iv, D__NONE, "ADD", }, //0x0 {R_M |Immediate_Iv, C_OR, D__Ev, D__Iv, D__NONE, "OR", }, //0x1 {R_M |Immediate_Iv, C_ADC, D__Ev, D__Iv, D__NONE, "ADC", }, //0x2 {R_M |Immediate_Iv, C_SBB, D__Ev, D__Iv, D__NONE, "SBB", }, //0x3 {R_M |Immediate_Iv, C_AND, D__Ev, D__Iv, D__NONE, "AND", }, //0x4 {R_M |Immediate_Iv, C_SUB, D__Ev, D__Iv, D__NONE, "SUB", }, //0x5 {R_M |Immediate_Iv, C_XOR, D__Ev, D__Iv, D__NONE, "XOR", }, //0x6 {R_M |Immediate_Iv, C_CMP, D_rEv, D__Iv, D__NONE, "CMP", } //0x7 }; DIS_OPCODE_T Group0x82[] = //immediate group { {R_M |Immediate_Ib, C_ADD, D__Eb, D__Ib, D__NONE, "ADD", }, //0x0 {R_M |Immediate_Ib, C_OR, D__Eb, D__Ib, D__NONE, "OR", }, //0x1 {R_M |Immediate_Ib, C_ADC, D__Eb, D__Ib, D__NONE, "ADC", }, //0x2 {R_M |Immediate_Ib, C_SBB, D__Eb, D__Ib, D__NONE, "SBB", }, //0x3 {R_M |Immediate_Ib, C_AND, D__Eb, D__Ib, D__NONE, "AND", }, //0x4 {R_M |Immediate_Ib, C_SUB, D__Eb, D__Ib, D__NONE, "SUB", }, //0x5 {R_M |Immediate_Ib, C_XOR, D__Eb, D__Ib, D__NONE, "XOR", }, //0x6 {R_M |Immediate_Ib, C_CMP, D_rEb, D__Ib, D__NONE, "CMP", } //0x7 }; DIS_OPCODE_T Group0x83[] = //immediate group { {R_M |Immediate_sIb, C_ADD, D__Ev, D_sIb, D__NONE, "ADD", }, //0x0 {R_M |Immediate_sIb, C_OR, D__Ev, D_sIb, D__NONE, "OR", }, //0x1 {R_M |Immediate_sIb, C_ADC, D__Ev, D_sIb, D__NONE, "ADC", }, //0x2 {R_M |Immediate_sIb, C_SBB, D__Ev, D_sIb, D__NONE, "SBB", }, //0x3 {R_M |Immediate_sIb, C_AND, D__Ev, D_sIb, D__NONE, "AND", }, //0x4 {R_M |Immediate_sIb, C_SUB, D__Ev, D_sIb, D__NONE, "SUB", }, //0x5 {R_M |Immediate_sIb, C_XOR, D__Ev, D_sIb, D__NONE, "XOR", }, //0x6 {R_M |Immediate_sIb, C_CMP, D_rEv, D_sIb, D__NONE, "CMP", } //0x7 }; DIS_OPCODE_T Group0xc0[] = //shift group { {R_M |Immediate_Ib, C_ROL, D__Eb, D__Ib, D__NONE, "ROL", }, //0x0 {R_M |Immediate_Ib, C_ROR, D__Eb, D__Ib, D__NONE, "ROR", }, //0x1 {R_M |Immediate_Ib, C_RCL, D__Eb, D__Ib, D__NONE, "RCL", }, //0x2 {R_M |Immediate_Ib, C_RCR, D__Eb, D__Ib, D__NONE, "RCR", }, //0x3 {R_M |Immediate_Ib, C_SHL, D__Eb, D__Ib, D__NONE, "SHL", }, //0x4 {R_M |Immediate_Ib, C_SHR, D__Eb, D__Ib, D__NONE, "SHR", }, //0x5 {R_M |Immediate_Ib, C_SAL, D__Eb, D__Ib, D__NONE, "SAL", }, //0x6 {R_M |Immediate_Ib, C_SAR, D__Eb, D__Ib, D__NONE, "SAR", } //0x7 }; DIS_OPCODE_T Group0xc1[] = //shift group { {R_M |Immediate_Ib, C_ROL, D__Ev, D__Ib, D__NONE, "ROL", }, //0x0 {R_M |Immediate_Ib, C_ROR, D__Ev, D__Ib, D__NONE, "ROR", }, //0x1 {R_M |Immediate_Ib, C_RCL, D__Ev, D__Ib, D__NONE, "RCL", }, //0x2 {R_M |Immediate_Ib, C_RCR, D__Ev, D__Ib, D__NONE, "RCR", }, //0x3 {R_M |Immediate_Ib, C_SHL, D__Ev, D__Ib, D__NONE, "SHL", }, //0x4 {R_M |Immediate_Ib, C_SHR, D__Ev, D__Ib, D__NONE, "SHR", }, //0x5 {R_M |Immediate_Ib, C_SAL, D__Ev, D__Ib, D__NONE, "SAL", }, //0x6 {R_M |Immediate_Ib, C_SAR, D__Ev, D__Ib, D__NONE, "SAR", } //0x7 }; DIS_OPCODE_T Group0xc6[] = //mov group { {R_M |Immediate_Ib, C_MOV, D_wEb, D__Ib, D__NONE, "MOV", }, //0x0 {R_M, C_NULL }, //0x1 {R_M, C_NULL }, //0x2 {R_M, C_NULL }, //0x3 {R_M, C_NULL }, //0x4 {R_M, C_NULL }, //0x5 {R_M, C_NULL }, //0x6 {R_M, C_NULL }, //0x7 }; DIS_OPCODE_T Group0xc7[] = //mov group { {R_M |Immediate_Iv, C_MOV, D_wEv, D__Iv, D__NONE, "MOV", }, //0x0 {R_M, C_NULL }, //0x1 {R_M, C_NULL }, //0x2 {R_M, C_NULL }, //0x3 {R_M, C_NULL }, //0x4 {R_M, C_NULL }, //0x5 {R_M, C_NULL }, //0x6 {R_M, C_NULL }, //0x7 }; DIS_OPCODE_T Group0xd0[] = //shift group { {R_M |Immediate_1, C_ROL, D__Eb, D__1, D__NONE, "ROL", }, //0x0 {R_M |Immediate_1, C_ROR, D__Eb, D__1, D__NONE, "ROR", }, //0x1 {R_M |Immediate_1, C_RCL, D__Eb, D__1, D__NONE, "RCL", }, //0x2 {R_M |Immediate_1, C_RCR, D__Eb, D__1, D__NONE, "RCR", }, //0x3 {R_M |Immediate_1, C_SHL, D__Eb, D__1, D__NONE, "SHL", }, //0x4 {R_M |Immediate_1, C_SHR, D__Eb, D__1, D__NONE, "SHR", }, //0x5 {R_M |Immediate_1, C_SAL, D__Eb, D__1, D__NONE, "SAL", }, //0x6 {R_M |Immediate_1, C_SAR, D__Eb, D__1, D__NONE, "SAR", } //0x7 }; DIS_OPCODE_T Group0xd1[] = //shift group { {R_M |Immediate_1, C_ROL, D__Ev, D__1, D__NONE, "ROL", }, //0x0 {R_M |Immediate_1, C_ROR, D__Ev, D__1

评论收藏

内容反馈