View previous topic :: View next topic |
Author |
Message |
toffler Cheater Reputation: 0
Joined: 27 Sep 2012 Posts: 38
|
Posted: Mon Jan 15, 2018 12:38 am Post subject: How a recurring BP is implemented? |
|
|
I'm trying to understand how this debugger works in case I set a BP and the program being debugged keeps hitting it every time it comes to it. If you use int3 then after a BP is hit and all scripts are processed you need to decrement EIP and restore the first byte of the command from 0xCC to the original and let the program run, right? How do you go from there and reset the BP?
Thank you!
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Mon Jan 15, 2018 3:11 am Post subject: |
|
|
normally CE uses hardware breakpoints (so not CC) and uses the Resume Flag in EFlags to skip the breakpoint (win vista and later)
but when CE does use a software breakpoint (cc) , or win xp, it removes the breakpoint, sets the Trap Flag in eflags so it breaks on the next instruction and on that next instructionbreak put the breakpoint back and continue running (Note that with software breakpoints it can theoretically happen that the same code is executed by multiple threads, and that in the time between removing the breakpoint, the single step, and restoring the breakpoint, the code can have been executed by a different cpu)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
toffler Cheater Reputation: 0
Joined: 27 Sep 2012 Posts: 38
|
Posted: Mon Jan 15, 2018 7:44 am Post subject: |
|
|
Thank you!
|
|
Back to top |
|
|
|