생각해보니 디버거가 메모리상에 소프트웨어 브레이크포인트로 0xCC 를 박아놓고
exception handling 을 자기가 하므로써, 프로그램 실행흐름을 중단하고 가로챘을때
실제 명령어를 수행하려면 0xCC 를 다시 원상복귀 시켜놓고
실행흐름을 넘겨야한다.
그렇다면 브레이크를 걸어놓은뒤 실행흐름이 거기서 멈췄다가
다시 resume 하게되면.. 브레이크포인트가 풀려야되는거아닌가?? -_-;
어떻게 다시 거는거지??
stackoverflow 에서 다음과 같은 글 발견.
When you want to continue execution after the breakpoint fires, you have two possibilities: either the breakpoint was only supposed to fire once, or it was supposed to be persistent. If it was only supposed to fire once, you restore the original value you overwrote with your breakpoint instruction, manually adjust the address to that instruction's address (remember, regardless of what instruction was there, whatexecuted was your single-byte breakpoint, so the adjustment is always trivial). Then you continue execution.
If it was supposed to be a persistent breakpoint, there's one added wrinkle: before you continue execution, you set the single-step (aka trap) bit in the flags on the stack. That means only the one instruction where the breakpoint was set will execute, then you'll get a breakpoint interrupt again. You respond to that by restoring the int 3 byte you had just patched to the first byte of the original instruction, and (again) continue execution.
'Crap' 카테고리의 다른 글
| HDCON prob 2 (2) | 2013.07.02 |
|---|---|
| apt-get install APM (0) | 2013.06.27 |
| DEFCON 2013 CTF Qualification (0) | 2013.06.17 |
| Reversing multiplication (0) | 2013.04.18 |
| Ollydgb Attach Bug (0) | 2013.01.26 |
