在gdb中打破特定操作码的指令 [英] Break on instruction with specific opcode in gdb
问题描述
我不知道内存中代码的地址。
当指令与输入的指令匹配时,是否可以使gdb中断? / p>
例如,我希望gdb在gdb达到此指令时中断:
leaq 0x000008eb(%rip),%rax
否这是不可能的,执行效率也是非常低的。
调试器通常支持两种断点:
- 硬件断点:调试器要求CPU在发生某些事件时引发特殊的异常中断,如内存中的某些位置更改。
- 软件断点:调试器使用特殊的陷阱指令来替换断点地址上的操作码(
int 3/0xcc在x86架构上)。
匹配当前指令的操作码要求CPU支持插入硬件断点,或者调试器需要知道使用软件断点的地址。
理论上,调试器可以搜索指令的字节序列的整个存储器,但是由于字节序列也可能发生在指令或数据的中间,它可能会产生误报。
指令是可变长度的,控制可以跳转到任意地址或代码可以自行修改,反汇编整个内存区域以找到一些特定的指令也是不重要的。
所以基本上,在任意汇编代码中可靠地查找指令的唯一方法是通过单步执行指令级别。这将是非常昂贵的,即使一个简单的库调用,如 printf()可能需要几分钟在今天的硬件,如果你一步一步的每个指令。
I have the assembly code of some code that will be executed at a point in the program. I don't know the address of the code in memory.
Is it possible to make gdb break when the current instruction matches with an inputted instruction?
For example I want gdb to break whenever gdb reaches this instruction:
leaq 0x000008eb(%rip),%rax
No, this is not possible and it would also be very inefficient to implement.
Debugger's typically support two kinds of breakpoints:
- Hardware Breakpoints: The debugger asks the CPU to raise a special exception interrupt when some event occurs, like some location in memory is changed.
- Software Breakpoints: The debugger replaces the opcode at the breakpoint's address with a special "trap" instruction (
int 3/0xccon the x86 architecture).
Matching the current instruction's opcode would either require CPU support to insert a hardware breakpoint or the debugger needs to know the address to use a software breakpoint.
In theory, the debugger could just search the entire memory for the instruction's byte sequence, but since the byte sequence could also occur in the middle of an instruction or in data, it may get false positives.
Since assembly instructions are variable-length, control could jump to any arbitrary address or code could modify itself, it's also not trivial to disassemble an entire region of memory to find some particular instruction.
So basically, the only way of reliably finding the instruction in arbitrary assembly code would be by single-stepping on the instruction level. And this would be extremely expensive, even a trivial library call such as printf() could take minutes on today's hardware if you single-step every instruction.
这篇关于在gdb中打破特定操作码的指令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
