Trap flag, debuggers and misc

This is my first question in Stack Overflow, since up until now, I always managed to find my answers.

So.. I’m writing a debbuger (for Windows, in python, using WinAppDbg library) that should trace the program execution, and encountered some problems.

I’m setting the trap flag, so I could stop every single step.
First problem – sometimes the execution flow goes through a Windows api, which goes to the kernel. When it returns, obviously the trap flag is off, and the execution of the thread may continue millions of instructions without my debbuger tracing every step of it.

Chance of solution – before a Windows api is called, I set the next addresses permissions as guard page, thus when the call returns, I get a guard page exception, setting the trap flag again, and continue tracing. But this cause a different problem (I call it “second problem”)

Second problem – since I’m setting the trap flag of my main thread, all I see is a loop of that thread (I guess it’s the Windows gui loop), and the program execution isn’t advancing (for example, there should be new threads created, but I don’t see them).

So what am I looking for?
A debugger’s source code that can handle the problems I’ve described.
Or better yet, a solution to my problems. What am I doing wrong?

Thank you all!


Source: windows

Leave a Reply