-
Member
HWBP is constantly triggered
Hello, I tried to use HWBP, but there seems to be hooked already exists in ntdll by wow. Because I did another local test program completely normal.
My HWBP can normally trigger VEH and can also receive and modify Rip to its own function normally.
but.. when I am in WOW and execute SetThreadContext, it starts immediately, even without me actively triggering the bp I set.
At present, I have tried to hook NtSetContextThread NtGetContextThread NtContinue KiUserExceptionDispatcher
nd try to adjust or repair registers dr0 dr6 dr7 and ContextFlags and EFlags in various places, but the Dr0 address I set will be triggered always.
I have been researching for many days but I still haven't solved it. There is really no way. Help, I hope someone can provide some guidance.
THANKS
Last edited by 34D; 04-19-2021 at 03:08 AM.
-
Contributor
I told you in a PM. They make syscalls, your hooks wont work...... The only hook that will work is KiUserExceptionDispatcher. The rest will be bypassed. If they have another thread checking for DRs set. your are toast.
You are now starting to get into their antidebug checks. You need to pass them all if you want to be able to handle HWBPs. Id suggest you read more into anti debug.
Last edited by aeo; 04-19-2021 at 08:52 AM.
-
Member
Originally Posted by
aeo
I told you in a PM. They make syscalls, your hooks wont work...... The only hook that will work is KiUserExceptionDispatcher. The rest will be bypassed. If they have another thread checking for DRs set. your are toast.
You are now starting to get into their antidebug checks. You need to pass them all if you want to be able to handle HWBPs. Id suggest you read more into anti debug.
Thank you, I will look for relevant information
-
Contributor
this guy is very slow in learning)
-
Contributor
Originally Posted by
air999
this guy is very slow in learning)
He's shown quite a bit of growth over the last few months so I don't see why you are purposefully trying to flame someone who's actually trying to learn.
-
Post Thanks / Like - 2 Thanks