Software Debugging in INT 3

Chapter 4 breakpoint and one-step execution

Breakpoint and single-step execution are two frequently used debugging functions and are also the core functions of the debugger. This chapter describes how the IA-32 CPU supports breakpoint and one-step execution. The first two sections describe the software breakpoint and hardware breakpoint respectively. Section 4.3 describes the trap signs used to implement the single-step execution function. Based on the first three sections, Section 4.4 analyzes a real debugger program to see how it implements breakpoint and single-step execution functions.

4.1 software breakpoint

From Intel 8086, the first generation of X86 processors, an instruction specifically designed to support debugging, namely, INT 3. To put it simply, the purpose of this command is to break the CPU into the debugger, so that the operator can perform various analyses on the execution site. When we debug the program, We can insert an int 3 command in the case where there may be a problem, so that the CPU stops executing this command. This is a frequently used breakpoint function in software debugging. Therefore, the INT 3 command is also called a breakpoint command.

4.1.1 feel INT 3

Next, let's take a look at the working principle of the INT 3 command through a small experiment. Create a simple helloworld console program hiint3 in Visual C ++ Studio 6.0 (vc6), and insert an int 3 command through Embedded Assembly at the beginning of the main () function:

int main(INT argc, char* argv[]) { // manual breakpoint _asm INT 3; printf("Hello INT 3!\n"); return 0; }

When the above program is executed in the VC environment, the dialog box shown in Figure 4-1 is displayed. Click OK, and the program stops at the position of the INT 3 command. From this point of view, the line (_ asm int 3) We just inserted is equivalent to setting a breakpoint there. In fact, this is also the method of manually setting breakpoints by injecting code. This method is also very useful in debugging some special programs.

Figure 4-1 when the CPU encounters an int 3 command, the execution right is handed over to the debugger.

In the Disassembly window, we can see that the memory address 00401028 is indeed an int 3 command:

10:       _asm INT 3; 00401028   int         3

Open the register window and you can see that the value of the program pointer register is also 00401028.

EAX = CCCCCCCC EBX = 7FFDE000 ECX = 00000000 EDX = 00371588 ESI = 00000000 EDI = 0012FF80 EIP = 00401028 ESP = 0012FF34 EBP = 0012FF80 ……

According to the introduction in Chapter 3rd, breakpoint exception (INT 3) is a trap exception. When a CPU exception occurs, its program Pointer Points to the next instruction that causes the exception. However, we have observed that the result is directed to the command that causes exceptions. Why? To put it simply, the operating system adjusted the program pointer to support debugging. We will reveal the answer later.