Any help to start using sample code find at C++/CLI Win32 debugger library for x86 to monitor process exceptions.
Some code I made is :
using System;
using DebugLibrary;
namespace DebugTeste01
{
class Program
{
static void Main(string[] args)
{
DebugUtil.DebugActiveProcess(4932);
DebugEvent de = new DebugEvent();
ThreadContext tc = new ThreadContext();
LDTEntry ldte = new LDTEntry();
do
{
debug_evt = DebugUtil.WaitForDebugEvent(0xffffffff);
de = (DebugEvent)debug_evt;
Process proc = Process.GetProcessById(de.processId);
object meminfo = DebugUtil.GetMemoryInfo(proc.Handle);
//...
object modinf = DebugUtil.GetModuleInfo(proc.Handle);
//...
switch (debug_evt.GetType().ToString())
{
case "DebugLibrary.DebugEvent_CreateProcess":
{
DebugEvent_CreateProcess decp = (DebugEvent_CreateProcess)debug_evt;
//some action, logging, etc.
}
break;
case "DebugLibrary.DebugEvent_LoadDll":
{
DebugEvent_LoadDll dect = (DebugEvent_LoadDll)debug_evt;
//some action, logging, etc.
}
break;
case "DebugLibrary.DebugEvent_CreateThread":
{
DebugEvent_CreateThread dect = (DebugEvent_CreateThread)debug_evt;
//some action, logging, etc.
}
break;
case "DebugLibrary.DebugEvent_ExitThread":
{
DebugEvent_ExitThread dect = (DebugEvent_ExitThread)debug_evt;
//some action, logging, etc.
}
break;
case "DebugLibrary.DebugEvent_Exception":
{
DebugEvent_Exception dect = (DebugEvent_Exception)debug_evt;
ExceptionRecord exbp = dect.exceptionRecord;
switch (exbp.GetType().ToString())
{
case "Breakpoint":
{
//some action, logging, etc.
exbp = null;
}
break;
case "AccessViolation":
{
//some action, logging, etc.
exbp = null;
}
break;
//more case
}
}
break;
default:
{
//some action, logging, etc.
debug_evt = null;
}
break;
}
try
{
DebugUtil.ContinueDebugEvent(de.processId, de.threadId, false);
}
catch
{
break;
}
}
while ( true );
}
}
}
[EDIT] 03/14/2012
Good article: Using the Windows Debugging API
[EDIT] 03/14/2012
Improvements in implementation.
Now it has an initial skeleton construction for a final application.
