The Stub and the UI - more than the sum of its parts

 

Thread Validator has two main parts - the stub and the user interface.

 

The stub is typically injected into the target program and communicates with the Thread Validator user interface.

 

The stub is injected into the target program using the CreateProcess() or CreateRemoteThread() Win32 function. Communication between the stub and the user interface is via named pipes. There is no human readable data sent between the two parts of the program. Both the stub and the user interface are multi-threaded. If required the stub can be linked into the program so that it doesn't need to be injected into the program.

 

The stub walks the entire program image detecting the start of each source code line using PDB and/or MAP files.

 

The stub rewrites the DLL import address table to make functions call into the stub's hooks. Each function is checked to see if it can safely be hooked without corrupting the code for another line or function, or changing the function of the program. The line is hooked if possible, otherwise the user interface is informed of the function hook failure.

 

The stub monitors thread and lock related data and stores the information in data structures to be displayed by the user interface.