Hacker News new | past | comments | ask | show | jobs | submit login

Could you elaborate on your "jump to (address+1)" argument? Why does this make a single-byte "int 3" necessary?



Give a sequence like (using Intel mnemonics):

        mov eax,[x]
        or  eax,eax
        jz  foo
        dec eax
    foo call bar
The instruction "dec eax" is one byte in size. If you want to place a breakpoint there, and you used the two byte form of "int 3", then when the code did the "jz foo" (jump if the previous result was zero to location foo) the "call bar" instruction would be partially overwritten and form a new instruction. If the condition leading the breakpoint isn't taken, you now have some other instruction (it ends up being an "add" instruction) which is bad.

That's why there's a one byte version of "int 3", because there are one byte instructions.


Yep, this is what I meant in my own comment: http://news.ycombinator.net/item?id=2132005

Just thought you're referring to something else. Thanks for clearing this up; I hope you don't mind if I use your example in the next part of the series. :-)


Consider this sequence:

     0041301E  33 D2     xor edx, edx
     00413020  83 E8 02  sub eax, 2
     00413023  74 01     jz loc_00413026
     00413025  4A        dec edx
     00413026  ...
Without a single-byte int 3, a break on dec edx will mess up everything if that branch is not taken.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: