Debugger doesn't resume thread after WriteProcessMemory | Together C & C++ | Page 1

stable atlas Jan 27, 2024, 8:21 PM

#

I'm trying to edit the memory of a process I've attached to using DebugActiveProcess, and if I run WaitForDebugEvent and immediately call ContinueDebugEvent, everything is fine and the process continues, but if I add a WriteProcessMemory between these 2 calls, the process freezes and doesn't continue until the debugger is closed (with DebugSetProcessKillOnExit set to false).

I'm pretty sure I'm skipping a pretty large step. I thought maybe I needed to use ResumeThread on the threads caught by the CREATE_THREAD_DEBUG event, but that doesn't seem to be it. Any ideas are appreciated!

normal finchBOT Jan 27, 2024, 8:21 PM

#

When your question is answered use !solved to mark the question as resolved.

Remember to ask specific questions, provide necessary details, and reduce your question to its simplest form. For tips on how to ask a good question use !howto ask.

stable atlas Jan 27, 2024, 8:39 PM

#

From learn.microsoft.com: "Note that while reporting debug events, all threads within the reporting process are frozen. Debuggers are expected to use the SuspendThread and ResumeThread functions to limit the set of threads that can execute within a process. By suspending all threads in a process except for the one reporting a debug event, it is possible to "single step" a single thread. The other threads are not released by a continue operation if they are suspended."

I was using ResumeThread on the thread coming in, I needed to resume the others

#

!solved

#Debugger doesn't resume thread after WriteProcessMemory