"int 3"真正应该做什么? [英] What is `int 3` really supposed to do?

问题描述

根据此 int 3在用户空间中用于生成SIGTRAP.

According this int 3 is used from userspace to generate SIGTRAP.

但是在用户空间特权下该怎么办?

But what is that supposed to do from privileged under userspace?

还有更多可以从用户空间SIGTRAP生成类似内容的东西吗?

Are there more stuff that can generate such from userspace SIGTRAP?

推荐答案

操作码 int 3 对Unix约定(例如SIGTRAP)一无所知.整数3生成一个通过索引3引导的异常.通常将其视为调试异常，实际上，调试寄存器还将通过同一索引生成异常.

The opcode int 3 knows nothing of unix conventions, such as SIGTRAP. Int 3 generates an exception, which is vectored through index 3. It is conventionally considered a debug exception, and in fact the debug registers will also generate exceptions through the same index.

Int 3有点特殊，因为它是一个单字节操作码.与其他需要2的int $ n指令不同，因为它是一个字节，所以可以通过重写现有操作码的第一个字节来在程序中放置断点. 从技术上讲，您可以使用多字节操作码来执行此操作，但程序文本中的下一个字节可能是重要的数据或可能会损坏的跳转表.

Int 3 is a bit special because it is a single byte opcode; unlike the other int $n instructions which require 2. Because it is a single byte, it can be used to place breakpoints in programs by rewriting an existing opcode's first byte with it. While technically you could use a multi-byte opcode for doing this, it is possible that the next byte in the program text is an important piece of data or a jump table which you might corrupt.

按照惯例，在遇到此操作码时，Unix派生的OS将发出信号(SIGTRAP).这为调试器(或内核中的调试模块)提供了查找违规地址的机会，以查看其先前是否已在该地址设置断点(或监视点).如果是这样，它将执行通常的调试器工作.如果不是这样，它很可能会将SIGTRAP传播到有问题的过程.

By convention, unix derived OSes will raise a signal (SIGTRAP) when this opcode is encountered; that provides the opportunity for a debugger (or a debug module in the kernel) to look up the offending address to see if it had previously set a breakpoint (or watchpoint) at this address. If so, it would do the usual debugger stuff. If not, it would likely propagate the SIGTRAP to the offending process.

在特权(内核)代码中遇到断点的情况下，处理没有太大不同，但是可以预期内核调试器是活动的，并且它将遵循与上述类似的处理，除了没有挂起的断点的结果可能会使控制台上出现一堆有趣的数字，从而使系统停止运行.

In the case where the breakpoint was encountered in privileged (kernel) code, the processing is not much different, but there would be an expectation that a kernel debugger was active, and it would follow similar processing as above, except that the result of no pending breakpoint would probably to halt the system with a bunch of funny numbers on the console.

这篇关于"int 3"真正应该做什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！