ntdll.dbgUserBreakPoint (another fix)

How to eliminate those annoying ntdll.dbgUserBreakPoints

PatchINT3 is based on code from Pete Morris



Add this procedure to your unit, and also the initialisation

section below. At runtime, the offending INT3 will be replaced

by a NOP instruction.



procedure PatchINT3;

var

    NOP : Byte;

    BytesWritten : DWORD;

    NtDll : THandle;

    P : Pointer;

begin

    if Win32Platform <> VER_PLATFORM_WIN32_NT then

        Exit;



    NtDll := GetModuleHandle('NTDLL.DLL');

    if NtDll = 0 then

        Exit;



    P := GetProcAddress(NtDll, 'DbgBreakPoint');

    if P = nil then

        Exit;



    try


        if Char(P^) <> #$CC then

            Exit;



        NOP := $90;

        if WriteProcessMemory(GetCurrentProcess, P, @NOP, 1,

                              BytesWritten) and

           (BytesWritten = 1) then

            FlushInstructionCache(GetCurrentProcess, P, 1);

    except

        //Do not panic if you see an EAccessViolation here,

        // it is perfectly harmless!

        on EAccessViolation do ;

        else raise;

    end;

end;



initialization

    PatchINT3;

 

Share this article!

Follow us!

Find more helpful articles: