执行地址时引发异常,而无需直接对其进行修改
[英]Raise an exception when an address is executed without modifying it directly
问题描述
I would like to raise an exception when code at a given address is executed, without making it visible in the code. 
我想在执行给定地址的代码时引发异常,而不会使其在代码中可见。
I know that using a hardware breakpoint is a possibility, but these would get removed if someone were to attach a debugger that uses them and I wouldn't have a way of detecting if they are missing and replacing them. 我知道使用硬件断点是可能的,但是如果有人要附加使用它们的调试器,这些断点将被删除,而我将无法检测到它们是否丢失并更换它们。 What other options are there? 还有什么其他选择?
Speed is a concern, ie: I cannot do PAGE_GUARD single stepping; 速度是一个问题,即:我无法执行PAGE_GUARD单步执行; the user would lag to death. 用户将死于死亡。
I'm on Windows and using VC 2012 w/ C++. 我在Windows上并使用带有C ++的VC 2012。
1 个解决方案
解决方案1
1 已采纳 2013-02-03 05:57:18
If exception handling is too costly, the only other solution is to emulate the code as the CPU would do. 如果异常处理的成本太高,则唯一的解决方案是像CPU一样模拟代码。
There are a few caveats, though: 但是,有一些警告:
- There are a lot of instructions and decoding and emulating them correctly is a big undertaking. 指令很多,解码并正确模拟它们是一项艰巨的任务。 Switching between emulation and execution will cost you extra CPU cycles. 在仿真和执行之间切换会花费您额外的CPU周期。
- You won't be able to emulate everything and will have to execute a number of instructions (eg FPU/MMX/SSE instructions) in a "playground/sandbox" because of that. 因此,您将无法模拟所有内容,因此必须在“游乐场/沙盒”中执行许多指令(例如FPU / MMX / SSE指令)。
- To handle system calls properly, you'll actually have to prepare the CPU state and execute them and then go back into the emulator. 为了正确处理系统调用,您实际上必须准备CPU状态并执行它们,然后返回仿真器。 You'll probably have to generate code on the fly here. 您可能需要在此处即时生成代码。
- If the emulated code causes CPU exceptions and uses SEH to handle them (or throws and catches C++ exceptions as CPU exceptions, again via SEH), you are very likely to break the code as stack unwinding won't work on the foreign (emulator's) stack. 如果仿真的代码导致CPU异常并使用SEH来处理它们(或者再次通过SEH抛出并捕获C ++异常作为CPU异常),则您很可能会破坏代码,因为堆栈展开无法在外部(仿真器的)上进行堆。
- Things will get tricky with multi-threaded code, especially so on multi-processor systems. 多线程代码会使事情变得棘手,尤其是在多处理器系统上。 You'll have to catch thread creation/destroying and create/destroy individual instances of the emulator and deal with memory sharing between the threads and deal with atomicity of emulated/executed instructions. 您将必须捕获线程的创建/销毁,并创建/销毁仿真器的各个实例,并处理线程之间的内存共享,并处理仿真/执行的指令的原子性。
- Whatever I've forgotten to think of. 无论我忘记了什么。
- Things may still work too slowly or not work at all. 事情可能仍然运行太慢或根本无法工作。
Another, perhaps more practical, option would be to patch the executable at that address of interest, divert execution to your code (with the jmp instruction), do whatever you need there and then go back. 另一个可能更实际的选择是在该目标地址处修补可执行文件,将执行转移到您的代码中(使用jmp指令),在其中执行所需的任何操作,然后返回。 You'll have to take care of all context preservation/restoration and also emulate the instructions damaged by the jmp instruction written on top of them. 您将必须注意所有上下文的保存/恢复,并模拟被其上写的jmp指令损坏的指令。 There are caveats here as well. 这里也有一些警告。 Those overwritten instructions may be jumped to from elsewhere in the code. 这些被覆盖的指令可能会从代码中的其他地方跳转到。 You'll have to either choose the address in such a way that there're no jumps into the middle of your jmp or you'll have to deal with them somehow (not sure how yet). 您必须以一种不会跳到jmp中间的方式选择地址,或者必须以某种方式处理它们(不确定如何)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.