问题描述:

let us assume that there is a application (i have its executable) that reads a file (of some unknown format). I want to trace the input (e.g. a file) that is parsed by a executable i.e. I want to know when a input is read and how is it "consumed" by the executable. Is there a generic way to setting breakpoints to do so? I asked for a generic method because I may not be using a particular debugger.

thanks

-Sanjay

网友答案:

The generic way for settings the breakpoints could be as follows:

  1. Load the executable in the debugger.
  2. Get a list of all intermodular calls in the executable.
  3. At least some of the calls in the list are Windows API functions. The most common functions that are used for reading a file are ReadFile and ReadFileEx. The executable might also use NtReadFile. Set breakpoints on these functions.
相关阅读:
Top