Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Breakpoints

442 views

Published on

These slides cover how a debugger sets breakpoints on a debuggee process. I presented these slides at the Thursday evening 5-minutes-presentations at Recurse Center.

Here's a more detailed explanation on the topic - http://majantali.net/2016/10/how-breakpoints-are-set/

Published in: Engineering
  • Be the first to comment

Breakpoints

  1. 1. Breakpoints The secrets behind them
  2. 2. A breakpoint makes your program stop whenever a certain point in the program is reached What’s a breakpoint?
  3. 3. How are they implemented? Using the following steps...
  4. 4. What’s a debugger? A debugger or debugging tool is a computer program that is used to test and debug other programs (the "target" program). Before that….
  5. 5. A basic debugger Fork the debugee process in run_child function by calling “exec” Now the debugger is the parent process and the debugee the child
  6. 6. Step - 1 Identify the memory address you want to set a breakpoint at. Access that memory address Set the instruction “int 3” at the first byte of that memory address
  7. 7. Ooh! What do they even mean? Identify the memory address you want to set a breakpoint at
  8. 8. Identify the memory address Here’s a sample program I want to debug -
  9. 9. Identify the memory address And here’s the objdump result -
  10. 10. And what about? Access the memory address
  11. 11. Access the memory address Using ptrace calls The ptrace() system call provides a means by which one process (the "tracer") may observe and control the execution of another process (the "tracee"), and examine and change the tracee's memory and registers. It is primarily used to implement breakpoint debugging and system call tracing.
  12. 12. I don’t even... Set the instruction “int 3” at the first byte of the memory address
  13. 13. int 3 Assembly language instruction for generating software interrupt int 3 is used by the debuggers The opcode for int 3 is - 0xCC
  14. 14. Set the “int 3” at the first byte
  15. 15. What happens now? The child process is modified and is now being executed. The instruction pointer loads the memory address at 0x80483e9 And it gets an interrupt And the parent process (which is the debugger) gets an interrupt. What does the parent process do? Handle the breakpoint
  16. 16. Step 2 Revert the value that we modified at the first byte of the address on which the breakpoint is set Back the instruction pointer one address up
  17. 17. Revert the value Remember we had put “int 3” opcode at the first byte of the address 0x80483e9 Let’s change it back to original instructions
  18. 18. Back the IP one step up We haven’t actually executed the original instruction at the address 0x80483e9 Let’s execute it by setting the EIP/RIP register to the memory address
  19. 19. Step 3 Let the user do what she wants to do once the breakpoint has been hit

×