2

I do a lot "academic" security projects mostly targeted at Linux platforms but recently I've had some interest in Windows. So what I'm I've done is make some small tools like an app to crash other apps and such, just to provoke behavior. So I've had to use WINDBG a lot for stepping through processes, which is been pretty useful, way cooler than GDB(linux).

So the tool I'm trying to make now is essentially just like the stepping feature in WINDBG. What I can do is launch a process as a System.Diagnostis.Process object, and look at all the threads and such. But what I need to do next is where I've hit a wall.

How would one programmatically "step through" a process using C#, and preferably using the System.Diagnostics.Process class.

What I'm trying to achieve would essentially be the same kind of information one would get from WINDBG. The hope is I'd be able to make a "macro" system for stepping through programs automatically.

user3816764
  • 489
  • 5
  • 22
  • The `Process` class is not really designed for that scenario. Take a look at the `IDebugClient` interfaces instead (http://msdn.microsoft.com/en-us/library/windows/hardware/ff549827(v=vs.85).aspx) – Brian Rasmussen Aug 05 '14 at 16:43
  • 1
    Creating an *unmanaged* debugger is feasible, you get a lot of help from the built-in support for debugging in the winapi and the DbgHelp api. But these are unmanaged apis, doing this from C# just makes it harder. Check [this web page](http://www.codeproject.com/Articles/132742/Writing-Windows-Debugger-Part), there ought to be a part #1 somewhere too. And do check the to-do list. – Hans Passant Aug 05 '14 at 17:03
  • 1
    Google SysInternals. And there are 2 books on the matter by those authors . I just dropped 2 tons of fun on you. – SingleStepper Aug 05 '14 at 18:32

1 Answers1

2

http://www.codeproject.com/Articles/371137/A-Mixed-Mode-Stackwalk-with-the-IDebugClient-Inter

Your question's pretty complex, there's really no simple answer.

Here's a project by Mattias Högström to get you started. His project handles unmanaged code in a way using the IDebugClient class he can walk a call stack. With some of that knowledge and and The Debugger reference you can write a CLR (c++), and an interface for it so you can access it from your native C# app.

Aage Torleif
  • 1,907
  • 1
  • 20
  • 37