static void Main(string[] args) { NIStartupOptions opts = new NIStartupOptions(); opts.executable = @"C:\Users\Timothy\Documents\Visual Studio 2013\Projects\HelloCPP\x64\Release\HelloCPP.exe"; opts.resumeOnCreate = false; debug.Execute(opts); ChangeAllSetText(); Console.WriteLine("Press any key to exit..."); Console.ReadKey(); }
static void Main(string[] args) { NIStartupOptions opts = new NIStartupOptions(); opts.executable = @"c:\windows\system32\notepad.exe"; opts.resumeOnCreate = false; debug.Execute(opts); Console.WriteLine("Installing VEH"); debug.InstallHardVEH(); Console.WriteLine("Setting HWBP on Execute"); debug.SetHardBreakPoint(0xc562a8, HWBP_MODE.MODE_LOCAL, HWBP_TYPE.TYPE_EXECUTE, HWBP_SIZE.SIZE_1); Console.WriteLine("Generating Hello World String in Target"); uint memoryCave; debug.AllocateMemory(100, out memoryCave); debug.WriteString(memoryCave, "Welcome to NIDebugger HWBPs", Encoding.Unicode); Console.WriteLine("Running..."); debug.Continue(); // hope and pray Console.WriteLine("Our EIP after HWBP is: " + debug.Context.Eip.ToString("X8")); Console.WriteLine("Setting EAX to new String address"); String oldString; debug.ReadString(debug.Context.Eax, 100, Encoding.Unicode, out oldString); debug.Context.Eax = memoryCave; debug.Detach(); //debug.Detach(); //ChangeAllSetText(); Console.WriteLine("Press any key to exit..."); // Console.ReadKey(); }
static void Main(string[] args) { NIStartupOptions opts = new NIStartupOptions(); opts.executable = @"C:\Windows\System32\notepad.exe"; opts.resumeOnCreate = false; NIDebugger64 debug = new NIDebugger64(); debug.AutoClearBP = true; debug.StepIntoCalls = true; debug.Execute(opts); ulong memoryCave; debug.AllocateMemory(100, out memoryCave); debug.WriteString(memoryCave, "Welcome to NIDebugger64", Encoding.Unicode); ulong setWindowTextW = debug.FindProcAddress("user32.dll", "SetWindowTextW"); debug.SetBreakpoint(setWindowTextW); debug.Continue(); debug.SingleStep(); debug.SingleStep(); debug.SingleStep(); uint len = debug.GetInstrLength(); byte[] data = debug.GetInstrOpcodes(); debug.Context.Rdx = memoryCave; debug.Detach(); int i = 0; }