Advanced Breakpoints for Native Applications.ppt

Chapter 7b – Assembly Debugging Mithun Shanbhag Advanced Breakpoints for Native Applications Advanced Breakpoint Syntax Viewing Register Contents Pseudo – Registers Thread Information Block Debugging Injected Code Exception Monitoring Hardware Breakpoints Advanced Breakpoint Syntax The advanced breakpoint syntax is composed of two parts – Context (think SCOPE). Location. Context - {[function],[source file],[binary module]} Location - Expressed as source lines or function names. Advanced Breakpoint Syntax (cont’d) Simple Example – In VS .NET, to set a breakpoint on line 20 of a file ‘TEST.CPP’, the CONTEXT LOCATION would be specified as – {, TEST.CPP, }@20 Viewing Register Contents The VS .NET debugger groups the Register Sets as follows - CPU (GPR) General purpose integer registers CPU Segments Segment Registers Floating Point General purpose floating-point registers MMX Pentium-Pro specific registers SSE Streaming SIMD Extensions (SSE) Registers (P3) SSE-2 Streaming SIMD Extensions (SSE) Registers (P4) 3DNow! Registers specific to AMD K6 and its successors Register Stack Groups of 8 registers for rapid floating-point math Application Registers Miscellaneous 64-bit registers Branch Registers 64 bit registers for branching information Flags 1 bit control / status flags Effective Address Registers used in Effective Address mode Viewing Register Contents Pseudo – Registers Pseudo-Registers are not actual hardware registers. Can be used in the ‘Watch’ window. Can be used to set conditional breakpoints. $ERR Last error value; the same value returned by the GetLastError() API function. $TIB Thread information block for the current thread. $CLK Undocumented clock register; usable only in the Watch window. $HANDLES numbers of open handles in the current process. $VFRAME virtual frame pointer. Pseudo – Registers (cont’d) $ERR is a Pseudo-Register, which displays the last error code for current thread. Works like the Win32 API call GetLastError(). Can be used with “, h