Board view
Mix viewConfusing DEBUG (Miscellaneous)
posted by ecm 
, Düsseldorf, Germany, 16.08.2010, 04:11
Fact: DEBUG's G command isn't reliably able to tell whether an interrupt 03h it received really comes from one of the breakpoints it set.
On return, the G command of DEBUG just looks whether the current CS:(E)IP fits, i.e. points behind one of the breakpoints it set. By forging an interrupt 03h invocation via pushf and a faked far call to the handler you can define the return address on the stack for that interrupt, making DEBUG believe that you executed the CCh breakpoint byte it set... but you didn't! DEBUG then incorrectly decrements (E)IP. Your program could theoretically detect that.
Uses? I dunno. That's why I'm posting it here 
---
l
Complete thread:
- Confusing DEBUG - ecm, 16.08.2010, 04:11 (Miscellaneous)
![[Board]](img/board_d.gif "Open in board view")
![[Mix]](img/mix_d.gif "Open in mix view")
- Confusing DEBUG - Japheth, 19.08.2010, 00:52
- Confusing DEBUG - EDIT - ecm, 19.08.2010, 01:19
- Confusing DEBUG - EDIT - Japheth, 19.08.2010, 10:17
- Confusing DEBUG - ecm, 19.08.2010, 11:00
- Confusing DEBUG - EDIT - Japheth, 19.08.2010, 10:17
- Confusing DEBUG - EDIT - ecm, 19.08.2010, 01:19
- Confusing DEBUG - Japheth, 19.08.2010, 00:52
