Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

1

Share

Download to read offline

Breakpoints

Download to read offline

These slides cover how a debugger sets breakpoints on a debuggee process. I presented these slides at the Thursday evening 5-minutes-presentations at Recurse Center.

Here's a more detailed explanation on the topic - http://majantali.net/2016/10/how-breakpoints-are-set/

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Breakpoints

  1. 1. Breakpoints The secrets behind them
  2. 2. A breakpoint makes your program stop whenever a certain point in the program is reached What’s a breakpoint?
  3. 3. How are they implemented? Using the following steps...
  4. 4. What’s a debugger? A debugger or debugging tool is a computer program that is used to test and debug other programs (the "target" program). Before that….
  5. 5. A basic debugger Fork the debugee process in run_child function by calling “exec” Now the debugger is the parent process and the debugee the child
  6. 6. Step - 1 Identify the memory address you want to set a breakpoint at. Access that memory address Set the instruction “int 3” at the first byte of that memory address
  7. 7. Ooh! What do they even mean? Identify the memory address you want to set a breakpoint at
  8. 8. Identify the memory address Here’s a sample program I want to debug -
  9. 9. Identify the memory address And here’s the objdump result -
  10. 10. And what about? Access the memory address
  11. 11. Access the memory address Using ptrace calls The ptrace() system call provides a means by which one process (the "tracer") may observe and control the execution of another process (the "tracee"), and examine and change the tracee's memory and registers. It is primarily used to implement breakpoint debugging and system call tracing.
  12. 12. I don’t even... Set the instruction “int 3” at the first byte of the memory address
  13. 13. int 3 Assembly language instruction for generating software interrupt int 3 is used by the debuggers The opcode for int 3 is - 0xCC
  14. 14. Set the “int 3” at the first byte
  15. 15. What happens now? The child process is modified and is now being executed. The instruction pointer loads the memory address at 0x80483e9 And it gets an interrupt And the parent process (which is the debugger) gets an interrupt. What does the parent process do? Handle the breakpoint
  16. 16. Step 2 Revert the value that we modified at the first byte of the address on which the breakpoint is set Back the instruction pointer one address up
  17. 17. Revert the value Remember we had put “int 3” opcode at the first byte of the address 0x80483e9 Let’s change it back to original instructions
  18. 18. Back the IP one step up We haven’t actually executed the original instruction at the address 0x80483e9 Let’s execute it by setting the EIP/RIP register to the memory address
  19. 19. Step 3 Let the user do what she wants to do once the breakpoint has been hit
  • trietptm

    Oct. 19, 2016

These slides cover how a debugger sets breakpoints on a debuggee process. I presented these slides at the Thursday evening 5-minutes-presentations at Recurse Center. Here's a more detailed explanation on the topic - http://majantali.net/2016/10/how-breakpoints-are-set/

Views

Total views

841

On Slideshare

0

From embeds

0

Number of embeds

6

Actions

Downloads

10

Shares

0

Comments

0

Likes

1

×