naceur
January 18th, 2004, 01:54
please what you mean with hardware breakpoint and there is an equivalente with win98 ( way is not possible ?)
View Full Version : hardware bp
naceur
January 18th, 2004, 01:55
please what you mean with hardware breakpoint and there is an equivalente with win98 ( way is not possible ?)
Ricardo Narvaja
January 18th, 2004, 03:43
If you are and OLLYDBG user don't think more, change to XP, is a different world for ollydbg, in 98 ollydbg is very very limited, not only for not have HARDWARE BPX.
CHANGE TO XP realliy and forget 98
Ricardo Narvaja
CHANGE TO XP realliy and forget 98
Ricardo Narvaja
focht
January 18th, 2004, 04:37
Greetings,
by reading ollydbg FAQ one can get a short answer
<pre>
Can I set hardware breakpoints under Windows 95? - No! Windows 95/98 doesn't update debug registers when switching tasks or processing interrupts. This means that hardware breakpoint you set in debugged program will appear in all other processes, including OllyDbg and operating system itself. Note that 95-based Windows ME does support HW breakpoints.
</pre>
Ok ... for interested one i might explain this statement a little bit more
From the 386 processor on, there exist 32 bit registers for implementing hardware breakpoint without using an in-circut emulator.
The debug registers are DR0-3, DR6 and DR7.
DR0 to 3 are the four linear addresses watchpoints and DR6 (status register) and DR7 (control register) are used for indicating type and size of the different breakpoints. Breakpoint comparisons are made before physical address translation occurs.
Ollydbg uses the thread context approach to modify hardware bpts (which is the preferred one).
User-level debug registers exist per thread. DR0..3, DR6 and DR7 can be accessed by supplying CONTEXT_DEBUG_REGISTERS flags to GetThreadContext() call.
Breakpoints operate per thread (normally - exception comes later )
If one read intel manuals you might come across the DR7 L[n] (local enable) and G[n] (global enable) flags/bits.
The low-order eight bits of DR7 (L0 through L3 and G0 through G3) selectively enable the four address breakpoint conditions.
There are two levels of enabling: the local (L0 through L3) and global (G0 through G3) levels. The local enable bits are automatically reset by the processor at every task switch to avoid unwanted breakpoint conditions in the new task. The global enable bits are not reset by a task switch; therefore, they can be used for conditions that are global to all tasks.
The LE and GE bits control the "exact data breakpoint match" feature of the processor. If either LE or GE is set, the processor slows execution so that data breakpoints are reported on the instruction that causes them. It is recommended that one of these bits be set whenever data breakpoints are armed. The processor clears LE at a task switch but does not clear GE.
Armed with this knownledge one might understand the statement.
The thread context structure data itself are just a snapshot of the thread's values at the time it got suspended.
If olly says "doesn't update debug registers when switching tasks or processing interrupts" it probably means the DRx data register contents that got modified by a thread arent restored on next thread switch (using per thread context data).
Now one might ask why exist per thread "local data" when debug register contents are "global resource"?
Well i dont know ... it might be due to some braindamaged engineers at [censored].
I dont even consider Win9X an operating system (diehard NT fan for almost a decade now)
Regards,
A. Focht
by reading ollydbg FAQ one can get a short answer
<pre>
Can I set hardware breakpoints under Windows 95? - No! Windows 95/98 doesn't update debug registers when switching tasks or processing interrupts. This means that hardware breakpoint you set in debugged program will appear in all other processes, including OllyDbg and operating system itself. Note that 95-based Windows ME does support HW breakpoints.
</pre>
Ok ... for interested one i might explain this statement a little bit more
From the 386 processor on, there exist 32 bit registers for implementing hardware breakpoint without using an in-circut emulator.
The debug registers are DR0-3, DR6 and DR7.
DR0 to 3 are the four linear addresses watchpoints and DR6 (status register) and DR7 (control register) are used for indicating type and size of the different breakpoints. Breakpoint comparisons are made before physical address translation occurs.
Ollydbg uses the thread context approach to modify hardware bpts (which is the preferred one).
User-level debug registers exist per thread. DR0..3, DR6 and DR7 can be accessed by supplying CONTEXT_DEBUG_REGISTERS flags to GetThreadContext() call.
Breakpoints operate per thread (normally - exception comes later
) If one read intel manuals you might come across the DR7 L[n] (local enable) and G[n] (global enable) flags/bits.
The low-order eight bits of DR7 (L0 through L3 and G0 through G3) selectively enable the four address breakpoint conditions.
There are two levels of enabling: the local (L0 through L3) and global (G0 through G3) levels. The local enable bits are automatically reset by the processor at every task switch to avoid unwanted breakpoint conditions in the new task. The global enable bits are not reset by a task switch; therefore, they can be used for conditions that are global to all tasks.
The LE and GE bits control the "exact data breakpoint match" feature of the processor. If either LE or GE is set, the processor slows execution so that data breakpoints are reported on the instruction that causes them. It is recommended that one of these bits be set whenever data breakpoints are armed. The processor clears LE at a task switch but does not clear GE.
Armed with this knownledge one might understand the statement.
The thread context structure data itself are just a snapshot of the thread's values at the time it got suspended.
If olly says "doesn't update debug registers when switching tasks or processing interrupts" it probably means the DRx data register contents that got modified by a thread arent restored on next thread switch (using per thread context data).
Now one might ask why exist per thread "local data" when debug register contents are "global resource"?
Well i dont know ... it might be due to some braindamaged engineers at [censored].
I dont even consider Win9X an operating system (diehard NT fan for almost a decade now)
Regards,
A. Focht
naceur
January 18th, 2004, 07:11
very thanks RICARDO "vous etes le roi des tut"
naceur
January 18th, 2004, 07:12
and thx to focht
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.