Hardware Breakpoints: Using RemoteHook and custom HWBPs at the same time

[alemariusnexus]

I'm looking into ways to create an access/write hardware breakpoint in a remote process, in order to e.g. find instructions that access certain memory locations. It looks like BlackBone can do this through Thread::AddHWBP() with hwbp_access/hwbp_write, but there's the problem of catching the breakpoint events when they happen. Currently, it seems like the logic for this is completely inside RemoteHook, which uses a separate thread to poll for debug events.

Unfortunately, RemoteHook only handles hwbp_execute (obviously, because it's used for hooking), so I can't use it for my purposes. I would like to write my own class that sets a remote HWBP and queries it, but RemoteHook claims exclusive access to the debugger resources: RemoteHook::EnsureDebug() fails if someone other than RemoteHook itself has already attached a debugger, and there's no support for custom handling of debug events. This means that it's currently not possible to use both RemoteHook and additional HWBPs at the same time.

I think the ideal solution would be to pull out the core HWBP code from RemoteHook and into a separate class that allows registering custom debug event handlers from multiple sources. That would probably be some major refactoring.

Until then, can you think of another way to make RemoteHook cooperate with custom HWBPs?