Exit Process Event
{
printf ( " Exit Process Event :\n");
printf ( " dwExitCode ' : Ox%08X\n",
stEPDI.dwExitCode );
}
void DisplayDllLoadEvent ( LOAD_DLL_DEBUG_INFO & stLDDI)
{
printf ( "DLL Load Event :\n");
printf ( " hFile : Ox%08X\n",
stLDDI.hFile );
printf ( " IpBaseOfDll : Ox%08X\n",
stLDDI.IpBaseOfDll );
printf ( " dwDebuglnfoFileOffset : Ox%08X\n",
stLDDI.dwDebuglnfoFileOffset );
printf ( " nDebuglnfoSize : Ox%08X\n",
stLDDI.nDebuglnfoSize );
printf ( " IpImageName : Ox%08X\n",
stLDDI.IpImageName );
printf ( " fUnicode : Ox%08X\n",
stLDDI.fUnicode );
}
void DisplayDllUnLoadEvent ( UNLOAD_DLL_DEBUG_INFO & stULDDI)
{
printf ( "DLL Unload Event :\n");
printf ( " IpBaseOfDll : Ox%08X\n",
stULDDI.IpBaseOfDll );
}
void DisplayODSEvent { HANDLE hProcess,
OUTPUT_DEBUG STRING INFO & stODSI )
{
printf ( "OutputDebugString Event :\n");
printf ( " IpDebugStringData : Ox%08X\n",
stODSI.IpDebugStringData );
printf ( " fUnicode : Ox%08X\n",
stODSI.fUnicode );
printf ( " nDebugStringLength : Ox%08X\n",
stODSI.nDebugStringLength );
printf ( " String :\n"); char szBuff[ 512 ];
if ( stODSI.nDebugStringLength > 512)
{
return;
}
DWORD dwRead;
BOOL bRet;
bRet = ReadProcessMemory ( hProcess
stODSI.IpDebugStringData ,
szBuff ,
stODSI.nDebugStringLength ,
SdwRead );
printf ( "%s", szBuff);
}
void DisplayExceptionEvent ( EXCEPTION_DEBUG INFO & stEDI)
{
printf ( "Exception Event :\n");
printf ( " dwFirstChance : Ox%08X\n",
stEDI.dwFirstChance );
printf ( " ExceptionCode : Ox%08X\n",
stEDI.ExceptionRecord.ExceptionCode );
printf ( " ExceptionFlags : Ox%08X\n",
stEDI.ExceptionRecord.ExceptionFlags );
printf ( " ExceptionRecord : Ox%08X\n",
stEDI.ExceptionRecord.ExceptionRecord );
printf ( " ExceptionAddress : Ox%08X\n",
stEDI.ExceptionRecord.ExceptionAddress );
printf ( " NumberParameters : Ox%08X\n",
stEDI.ExceptionRecord.NumberParameters );
}
Содержание Назад Вперед