Writing debuggers

Question

I am very dissatisfied at how little info is available on writing Windows debuggers.

Most of the code I have was made by a long process of trial and error, the documentation obviously "thinks" most of the topics are too trivial while explaining in much detail obvious and useless things.

I found 2 articles or so on it but not much stuff I didn't already know came out of it.

Is there any documentation at all, and I mean complete documentation, or some GOOD article (not how to change a byte to 0xCC in vb.NET but real world stuff) about debuggers? Advanced debuggers with memory breakpoints.

For now I didn't find a way for example how to find out how many bytes were being written in a GUARD_PAGE_VIOLATION. I just make a buffer before and after the code executes and compare.

Also where to find info what lies in debug_event.u.Exception.ExceptionRecord.ExceptionInformation? (among other things that lay in debug_event)

Do I really have to reverse the reversing environment myself?

Answer 1

This is indeed some information available.

DEBUG_EVENT (and the rest of the Debug API) is officially described in MSDN here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms679308(v=vs.85).aspx

There is a nice CodeProject article: Writing a basic Windows debugger and its sequel: Writing Windows Debugger - Part 2

And finally, a complete list of references from Devon Strawn: How to write a (Windows) debugger - References