Sign in to follow this  

How do debuger set break point make control of program's stopping and running?

Recommended Posts

In the Intel architecture, you can specify breakpoints as addresses (of instructions) using debug registers. When the processor reaches the instruction in question, it generates a debug exception (an interrupt), which is then intercepted by the OS, which can forward it to the debugger.

Share this post

Link to post
Share on other sites
Original post by was2_0
BTW, how to make a program execute at privilege level 0?

You pretty much need the Driver Development Kit for that. You can technically do it without the DDK, but you'd be relying on hacks that could break any minute, and that's not good for stability if you know what I mean.
I beleive the free CD (only charge is shipping) version would be enough for basic ring-0 code.

If you're trying to actually debug something, you really should use a tool like OllyDbg(free) or IDA Pro(costly, but there is both a demo{time limit to each session, no saving} and freeware version{disassembly only, no debugging, older version}).
If you really need a kernel debugger, there are some utilities that come with the driver development kit, windows debugging tools, and several other downloads/cds straight from microsoft that can be helpful.
There is also the strongarm called SoftICE, but it's very expensive to get and is overkill unless you _really_ need priveleged debugging.

If you just want to learn the basics of making a debugger, you could always use one on another (I'd suggest not trying to reverse a high-end one like IDA or SoftICE using a debugger, but maybe OllyDBG would be reasonable)

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this