Starting point for writing Debuggers
Author
I was wondering how difficult is it to write your own debuggers? I'm interested in writing something cheap like Debug.com, but a 32 bit version. Has anyone done this and if so what is a good starting point?
< AFAIK>
I assume you mean a Protected Mode version. This is quite a bit more difficult than it would be in Real Mode, because you need to take advantage of the provided hardware support. I also assume you want to do this on a x86 processor.
There are 8 debug registers DR0 to DR7. DR0 to DR3 contain addresses of breakpoints. DR6 and DR7 contain various flags. These control what should be done with these addresses. (You can wait for reads/writes or program execution).
Some debug-exception (probably int1 or int3) will be generated to inform you about these events.
You also need to make sure you're running in Ring 0 for this. How to do this depends on your operating system.
This should get your [GOOGLE]-mission started (or scare you away [SMILE])
</AFAIK>
I assume you mean a Protected Mode version. This is quite a bit more difficult than it would be in Real Mode, because you need to take advantage of the provided hardware support. I also assume you want to do this on a x86 processor.
There are 8 debug registers DR0 to DR7. DR0 to DR3 contain addresses of breakpoints. DR6 and DR7 contain various flags. These control what should be done with these addresses. (You can wait for reads/writes or program execution).
Some debug-exception (probably int1 or int3) will be generated to inform you about these events.
You also need to make sure you're running in Ring 0 for this. How to do this depends on your operating system.
This should get your [GOOGLE]-mission started (or scare you away [SMILE])
</AFAIK>
The Windows debugging API: http://msdn.microsoft.com/library/en-us/debug/base/basic_debugging.asp
Basically you have to do a DebugActiveProcess call and then sit in a loop calling WaitForDebugEvent. Use ReadProcessMemory() to access the memory of the debuggee. You can use WriteProcessMemory() with a value of 0x3 (INT3) to set a breakpoint. GetThreadContext() will give you access to the registers.
Of course, the hard part is to get the symbols for the debuggee so you can figure out where variables and functions are stored in memory. The Debug Help API will be of help here.
The book "Debugging Applications for Microsoft .NET and Microsoft Windows" by John Robbins contains a code sample for a simple but functional debugger.
Basically you have to do a DebugActiveProcess call and then sit in a loop calling WaitForDebugEvent. Use ReadProcessMemory() to access the memory of the debuggee. You can use WriteProcessMemory() with a value of 0x3 (INT3) to set a breakpoint. GetThreadContext() will give you access to the registers.
Of course, the hard part is to get the symbols for the debuggee so you can figure out where variables and functions are stored in memory. The Debug Help API will be of help here.
The book "Debugging Applications for Microsoft .NET and Microsoft Windows" by John Robbins contains a code sample for a simple but functional debugger.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
