调试执行流程
DebugActiveProcesscall DbgUiConnectToDbg
call ZwCreateDebugObject
call DbgUiDebugActiveProcess
call ntdll.NtDebugActiveProcess
call ntdll.DbgUiIssueRemoteBreakin
call ntdll.RtlpCreateUserThreadEx---->ntdll!DbgUiRemoteBreakin
ntdll!DbgUiRemoteBreakin,它用来触发挂起目标的断点,并向我们的调试器发出事件。
页:
[1]