Consider setting a software breakpoint for the virtual address such as the debugger (normal x86 ring3 debugger such as Oli, IDA, GDB ...)
This is done from 0x1234 to 0xCC, which has been completed by replacing the opcode. Now we believe that the debugee process runs this 0xcc instructions and the software raises an exception and the debugger catches it.
Debugger inspects the memory contents, registers and does some stuff .. And now it wants to resume the lean process.
It is as far as I know.
Debugger connects the debugger's EIP to the DUDI's contact point to the recovered instruction.
The debugger handles the exception and now, the debews starts with the breakpoint.
But the debugger breakpoints wants to stay and how can Debugger manage this?
To answer the original question directly:
When user To continue, GDB will restore the original instruction, the single-phase will rejoin the trap, and will continue.
No comments:
Post a Comment