Hacker Bits, Issue 11
HACKER BITS is the monthly magazine that gives you the hottest technology stories crowdsourced by the readers of Hacker News. We select from the top voted stories and publish them in an easy-to-read magazine format. Get HACKER BITS delivered to your inbox every month! For more, visit https://hackerbits.com/issue11.
HACKER BITS is the monthly magazine that gives you the hottest technology stories crowdsourced by the readers of Hacker News. We select from the top voted stories and publish them in an easy-to-read magazine format.
Get HACKER BITS delivered to your inbox every month! For more, visit https://hackerbits.com/issue11.
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
cuted the instruction at the address where we had out “int 3”.<br />
To make the processor execute the original instruction in the debuggee process, we need to set the<br />
value of the program counter – %eip (in case of x86 machines) or %rip (in case of x86 64 machines) of<br />
the debuggee process to the address again.<br />
And how can we set the instruction pointer of the debuggee process?<br />
Using ptrace()! ptrace() has this super awesome capability of letting us “change the tracee’s memory<br />
and registers.” PTRACE_GETREGS makes ptrace copy the general purpose registers of the debuggee<br />
process into a struct. And PTRACE_SETREGS modifies the debuggee process’s general purpose registers.<br />
Here’s the code that does that:<br />
Once the debugger restored the debuggee process’s program counter it let’s the process continue and<br />
the way to do that is following:<br />
And that’s how a debugger can set breakpoints.<br />
The full code of the debugger can be found here.<br />
I presented on this topic at the Thursday evening presentation at RC. Here’s the link to the slides. •<br />
Reprinted with permission of the original author. First appeared at majantali.net.<br />
46 hacker bits
Change language