Give a sequence like (using Intel mnemonics): mov eax,[x] or eax,eax jz foo dec ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

spc476 on Jan 23, 2011 | parent | context | favorite | on: How debuggers work: Part 1

Give a sequence like (using Intel mnemonics):

        mov eax,[x]
        or  eax,eax
        jz  foo
        dec eax
    foo call bar

The instruction "dec eax" is one byte in size. If you want to place a breakpoint there, and you used the two byte form of "int 3", then when the code did the "jz foo" (jump if the previous result was zero to location foo) the "call bar" instruction would be partially overwritten and form a new instruction. If the condition leading the breakpoint isn't taken, you now have some other instruction (it ends up being an "add" instruction) which is bad.

That's why there's a one byte version of "int 3", because there are one byte instructions.

eliben on Jan 23, 2011 [–]

Yep, this is what I meant in my own comment: http://news.ycombinator.net/item?id=2132005

Just thought you're referring to something else. Thanks for clearing this up; I hope you don't mind if I use your example in the next part of the series. :-)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact