Back to home page

DOS ain't dead

Forum index page

Log in | Register

Back to the forum
Board view  Mix view

Confusing DEBUG (Miscellaneous)

posted by cm(R) Homepage E-mail, Düsseldorf, Germany, 16.08.2010, 04:11

Fact: DEBUG's G command isn't reliably able to tell whether an interrupt 03h it received really comes from one of the breakpoints it set.

On return, the G command of DEBUG just looks whether the current CS:(E)IP fits, i.e. points behind one of the breakpoints it set. By forging an interrupt 03h invocation via pushf and a faked far call to the handler you can define the return address on the stack for that interrupt, making DEBUG believe that you executed the CCh breakpoint byte it set... but you didn't! DEBUG then incorrectly decrements (E)IP. Your program could theoretically detect that.

Uses? I dunno. That's why I'm posting it here :-D



Complete thread:

Back to the forum
Board view  Mix view
15296 Postings in 1378 Threads, 254 registered users, 12 users online (0 registered, 12 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum