Jump to content
Moopler
Sign in to follow this  
Taku

Other Debugging Challenge

Recommended Posts

You break on access at some unknown location in memory, and the resulting hit is an instruction that doesn't access that location. Explain what might've happened.

Edited by Taku

Share this post


Link to post

Well, let's assume the instruction is 'dec'. For the 'dec' instruction to be a hit with any break-on-access breakpoints, the instruction must have a memory type operand. That is to say, the instruction must have the form of 'dec unknown ptr [...]'. if this is the case, the only reason I can imagine, is that the address is actually pointed to by a temporary variable, that we're decreasing, which changes after the loop.

Or the memory is a null-pointer, and the memory points to an unallocated 0x00000000 address. However, this is not compatible with what you said in the OP: "... the resulting hit is an instruction that doesn't access that location".

Share this post


Link to post

Good answer, however, "For the [...] instruction to be a hit with any break-on-access breakpoints, the instruction must have a memory type operand. " is not necessarily true. It's from here things start to get a bit eccentric. The following are examples of instructions that can be found from a break on access trace:

jae rel32
shr r32,imm8

 

Share this post


Link to post

proof that this is an actual thing and can happen in practice for those who think I have lost sanity.7457345.png.afe149269e63f26240cb18cff3e00625.png

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×