Laugher
August 19th, 2012, 06:47
Hello,
I googled this and searched the Olly help file but could not find any info... is it possible to view control registers (specifically wanting to view CR3) using a user mode debugger such as Olly? I believe every process context has their own cr3 value (not necessarily unique depending on how/where it is mapped?) that is pushed/popped by kernel when context switch happens, but is it possible to view this?
Why I ask is because I'm reading a book that in first few chapters talks how IA32 handles segmentation and paging, and goes into detail later about how windows handles it with PD->PT->Physical mem, and if windows uses flat memory model I want to see cr3 changing while looking at logical mem layout of a few different procs in usermode just to "see" the windows implementation happening. I can always do Windbg kernel debugging if I have to, but just curious if quick and easy way to simply read the values of control registers using olly. Will have to fire it up eventually to trace the mapping but just want to know if I'm missing something.
Thanks!
tl;dr I don't see control registers in register window of Olly, possible to view in user mode debugger?
I googled this and searched the Olly help file but could not find any info... is it possible to view control registers (specifically wanting to view CR3) using a user mode debugger such as Olly? I believe every process context has their own cr3 value (not necessarily unique depending on how/where it is mapped?) that is pushed/popped by kernel when context switch happens, but is it possible to view this?
Why I ask is because I'm reading a book that in first few chapters talks how IA32 handles segmentation and paging, and goes into detail later about how windows handles it with PD->PT->Physical mem, and if windows uses flat memory model I want to see cr3 changing while looking at logical mem layout of a few different procs in usermode just to "see" the windows implementation happening. I can always do Windbg kernel debugging if I have to, but just curious if quick and easy way to simply read the values of control registers using olly. Will have to fire it up eventually to trace the mapping but just want to know if I'm missing something.
Thanks!
tl;dr I don't see control registers in register window of Olly, possible to view in user mode debugger?
