Code Injection with Image File Execution Options

Saturday, April 9, 2016

A well-known features of Windows is the Image File Execution Options registry key located in HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options. Under that key, key names with executable files (e.g. Notepad.exe) can be created and various options can be set. These options are observed when a process with the key name (from any directory) is about to be created. A convenient tool to set these options is the Gflags.exe utility, available as part of the Debugging Tools for Windows. One of the useful values is "Debugger" that allows another process (typically a debugger) to be launched when the specific executable is...
3 comments

Writing a Simple Debugger with DbgEng.Dll

Monday, July 27, 2015

In my post on using CLRMD’s debugger engine wrappers to “debug” a dump file, I’ve shown how we can take advantage of the documented API of DbgEng.Dll – the debugger engine that drives the Microsoft debuggers – CDB, NTSD, KD and WinDbg. In this post, we’ll take a step further and create a basic functioning user mode debugger that is able to attach to a process and do “normal” debugging, somewhat similar to CDB/NTSD but with some small colorful bonuses. As you may recall, I’ve taken the CLRMD project and made some enhancements to the callback interop types...
no comments

Data Binding for a WPF TreeView

Saturday, July 12, 2014

Although the Windows Runtime (WinRT) is all the hype these days (in the Microsoft world at least), WPF is still in heavy use in the “desktop apps” space. To me, WPF is the inspiration for everything XAML-based that came out after it – mainly Silverlight and WinRT. WinRT (and Silverlight before it) still plays catchup to all the WPF features (although WinRT has some nice features not present in the current version of WPF) – there’s even a “user voice” asking to bring some of WPF’s features to WinRT, such as multi bindings, binding in style setters, data typed...
one comment

Debugger Visualizer for Non-Serializable Types

Wednesday, March 19, 2014

A debugger visualizer provides a rich way to “visualize” in some sense a .NET object within Visual Studio while debugging. Writing a basic debugger visualizer is simple enough: create a Class Library project with a class that derives from DialogDebuggerVisualizer and override the Show method. Inside the Show method, a call to IVisualizerObjectProvider.GetObject method (the interface is provided in an argument to Show) retrieves the object in question. The next step would be to create the actual “visualizer”and show it with a call to IDialogVisualizerService.ShowDialog method. To actually advertise the existence of the visualizer, an assembly level attribute...
no comments