Debuggers : Soft breakpoint
Question
I'm currently studying debuggers. I've read that the debuggers have software breakpoints ( apparently these are the most commonly used breakpoints). These work by replacing the first byte of the opcode by Int 3 (opcode 0xcc).
I've read that the text (/code) segment of a program is read only (If this segment need not be read only what is stopping the code to modify its own instructions, self modifying code). My question is how can the debugger modify the instruction when it is read only. Am I missing something here. Any comments on this or pointers to theory on this are appreciated.
Thanks.
1 answers
solution1
1 ACCPTED 2012-12-07 14:47:10
On Windows desktop and server platforms, memory page protection can be changed using the VirtualProtect function exported by kernel32.dll. So, for example, if a debugger wants to write 0xcc at some address but that address resides in a page marked read-only, then the debugger can set that page's protection to read-write (assuming it has enough privilege) and then write the value.
A side effect of doing this is that it causes a copy-on-write (COW) fault for that page of memory and now the debugee process will have it's own physical copy of the page. This prevents the breakpoint from being set in all processes that were sharing that physical page.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.