Wednesday, August 24, 2005, 6:20:40 AM, Kuba Ober wrote: > On Tuesday 23 August 2005 20:05, Vitaliy Margolen wrote: >> As of todays CVS Delphi 5 debugger is fixed. >> >> Well, ok, there are still some bugs. One is a minor bug (Module view >> reports all modules as a project executable name), but all exports are >> there. You can even try to disassemble them. But here is where the major >> problems start. Debugger segfaults on that. This is because >> NtQueryVirtualMemory and >> NtProtectVirtualMemory currently don't work on other processes.
> What are the problems with implementing those using SIGSTOP/SIGCONT and > ptrace(2)? I imagine that for example changing memory protection for another > process could be achieved as follows: > 1. SIGSTOP to the process > 2. inject code that invokes mprotect() and stops execution > 3. change EIP, ESP, etc. then SIGCONT > 4. wait(pid,&status,WUNTRACED) on the child > 5. remove the injected code, restore registers, SIGCONT > I have never implemented such a beast so I might be way off, nevertheless it'd > be interesting to hear what the problems are. phrack might also be a useful > read in that respect. Hmm, that looks familiar. Something like that safedisc uses, that currently doesn't work. The only difference - safedisc limited to win API. I guess I can give it a try to see if it will work. Vitaliy
