Example code (put conditional breakpoint on
I don't know if this information is useful for you, but in case it is you know it now ;)
The thing i noticed additionally is that sometimes it breaks with EXCEPTION_ACCESS_VIOLATION on EIP = RtlFreeHeap+1. Looking with cheat engine at the memory location there is the 0xCC in the right place and the stuff after 0xCC disassembles to a call dword ptr to nowhere in my case which is the reason of the access violation.
Second thing is that sometimes it breaks with "Breakpoint not in list" at RtlFreeHeap-1.
Hope this helps =)
The only possible fix for this issue (that I can see) is to redirect EIP/RIP to a separately allocated section in the debuggee.
The requirement for this is to correctly relocate instructions, which requires quite a significant effort.
It would look like this:
This kind of functionality is difficult to implement completely transparently for the debuggee and is not dissimilar to what tools like PIN or DynamoRIO do. However, if it works it is also possible to emulate the instruction instead.
Another attempted solution is to suspend all other threads once a breakpoint is hit, but this does not affect debug events that are already queued, so suspending a thread will (in theory) stop it, but in practice there could already be debug events for those threads in the queue, giving very confusing results.
You can try this way,like InlineHook's Trampoline,Example:
005521CD | A1 78563412 | mov eax,dword ptr 
Now set the breakpoint at 0x005521CD,the debugger calls the "VirtualAllocEx" API,Within 2GB of the module memory address,Allocate a temporary memory,
0600000 | A1 xxxxxxxx | mov eax,dword ptr 
When the trigger breakpoint at 0x005521CD, do not restore the "0xCC" command of 0x005521CD,When the thread wants to resume running, set RIP = 0066000 (call SetThreadContext API) and continue running.
This is the only way to resolve thread concurrency