How to create BreakPoint at original entry point automatically

  c++, debugging, packed, reverse-engineering, winapi

My friend and I are writing a hot patcher in C++, and we want to save the patch file. The problem is that the patching isn’t saved after we exit from the program. My friend suggested to put a Hardware breakpoint in the entry point, to force the program to stop at a certain point.

I’ll elaborate: We have some kind of packed file, and we want to run on the program and stop just when the unpacking is done.

Is there a good and simple way to do this? It needs to be done automatically and not by hand.

We thought about this technique after we realized that the infamous "esp trick" is slightly problematic, since it only works in specific packing algorithms.

Does anyone here have a better idea?

If not, can you please guide us on our current idea?

Source: Windows Questions C++

LEAVE A COMMENT