从外部源将调试事件发送到 Windows 调试器

发布于 2024-11-25 06:17:51 字数 743 浏览 2 评论 0原文

我创建了一组多平台 C++ 组件来加载和管理各种类型的数字签名共享库。它处理加载和初始化的所有方面,包括将它们映射到调用进程、应用分支修复、绑定任何导入以及调用初始化入口点。组件不能使用 LoadLibrary(),因为它是特定于平台的,并且并非所有共享库都是 PE 格式。

我面临的少数剩余问题之一是为目标平台和开发环境提供适当的调试器支持。在 MS Windows 环境中,这包括让调试器加载编译器和链接器生成的符号信息(或从其他源转换的符号信息)。由于库的加载和初始化发生在内核外部,因此调试器永远不会收到 LOAD_DLL_DEBUG_EVENT 和 UNLOAD_DLL_DEBUG_EVENT 事件。这导致了以下问题:

  1. 是否有 API 或系统调用允许将 LOAD_DLL_DEBUG_EVENT 等事件直接发送到调试器?
  2. 是否有记录的方法可以直接与程序或会话调试管理器或机器调试管理器服务进行通信?
  3. 是否有 API 或系统调用可用于通知内核以及随后的调试器 DLL 已加载?由于 PE 文件是主要支持的格式之一,因此这是最理想的选择。它还具有允许库出现在进程的模块列表中的潜在好处。
  4. WinDBG SDK是否适用于整个Windows上的调试?是否可以使用WinDBG扩展来指示调试器加载符号信息?

我广泛搜索了有关上述主题的信息,但一无所获。我找到了一些有关 Windows 调试器使用的数据结构的信息,但与我的具体情况无关。

我对 API/系统调用和已记录或未记录的方法以及需要提升权限才能运行的方法持开放态度。

I have created a set of multi-platform C++ components to load and manage various types of digitally signed shared libraries. This handles all aspects of loading and initialziation including mapping them into the calling process, applying branch fix-ups, binding any imports and calling the initialization entry point. The components cannot use LoadLibrary() as it is platform specific and not all of the shared libraries are in PE format.

One of the few remaining issues I am faced with is providing appropriate debugger support for targeted platforms and development environments. In MS Windows environments this includes getting the debuggers to load symbol information generated by the compiler and linker (or converted from other source). Because the loading and initialization of the libraries occurs outside of the kernel, the debugger never receives LOAD_DLL_DEBUG_EVENT and UNLOAD_DLL_DEBUG_EVENT events. This leads to the following questions:

  1. Is there an API or system call that allows events such as LOAD_DLL_DEBUG_EVENT to be sent directly to the debugger?
  2. Is there a documented way to communicate directly with the program or session debug managers or with the machine debug manager service?
  3. Is there an API or system call available to notify the kernel and subsequently the debugger that a DLL has been loaded? Since PE files are one of the primary supported formats this is the most desirable option. It also has the potential benefit of allowing the library to appear in the module list of the process.
  4. Does the WinDBG SDK apply to debugging on Windows as a whole and can WinDBG extensions be used to instruct the debugger to load the symbol information?

I have search extensively for information on the above mentioned topics but have come up short. I have located a bit of information about the data structures used by the Windows debugger but nothing relevant to my specific situation.

I am open to API/system calls and approaches that are documented or undocumented and those requiring elevated privileges to function.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

冷情 2024-12-02 06:17:51

我认为没有办法直接将您想要的事件类型(例如 LOAD_DLL_DEBUG_EVENT)发送到进程,至少不容易。
为什么不简单地将库包装在 Windows 中的普通 DLL 中呢?也许您将自定义模块加载机制嵌入到每个“代理”DLL 中,这样您就不需要复制操作系统已经为您提供的那么多功能。

I don't think that there is a way to directly send the kind of events that you want (like LOAD_DLL_DEBUG_EVENT) to a process, at least not easily.
Why don't you simply wrap your libraries inside normal DLLs in Windows? Maybe you embed your custom module loading mechanism inside each "proxy" DLL, in this way you would not need to replicate so much functionality that the OS already provides for you.

素食主义者 2024-12-02 06:17:51

如果我理解这个问题,您可能会看到:

  1. 编写基本的 Windows 调试器
  2. 编写 Windows 调试器(详细)

If I understood the problem, you may see:

  1. Writing a basic Windows Debuggers
  2. Writing Windows Debugger (Detailed)
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文