Some DRx Questions [Archive] - RCE Messageboard's Regroupment

Lenus

December 22nd, 2004, 09:20

as we known,in OD the hardware breakpoint use the DR0-DR3.
my questions are
1. F8 and F4 are also use these debug registers,but they still work after i set 4 hardware breakpoints.how can OD do?
2. when i set a memory breakpoint,it apprea in the DR0,but it is overlayed by another hardware breakpoint after i set the hardware breakpoint.fortunately the memory breakpoint still work. where is it?
3.at the memory map,we can set a memory breakpoint to a section with F2 or "right button" .what is the difference?
4.when set a memory breakpoint to a section,how can OD do?i means whether the OD use the DRx debug registers or not.if no,how can OD do it?
thx

Lord_Looser

December 22nd, 2004, 11:28

3. OllyDbg help file:
Set break-on-access (F2, available only under Windows NT/2000) - protects the whole memory block. After break happens, OllyDbg stops debugged program and removes breakpoint. This breakpoint is especially useful if you want to catch call or return to some module.

Remove break-on-access (F2) - removes break-on-access protection from the memory block.

Set memory breakpoint on access - sets memory breakpoint on the whole memory block. Program will stop each time memory block is accessed. OllyDbg supports only one memory breakpoint. Under Windows 95/98, debugged program may crash when system routines access memory blocks containing memory breakpoint. Use it as a last resort.

others:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/memor y/base/virtualprotectex.asp ("http://msdn.microsoft.com/library/default.asp?url=/library/en-us/memory/base/virtualprotectex.asp")

Lenus

December 22nd, 2004, 21:54

it is very kind of u,Lord_Looser.
i do learn a lot of things from your reply.i think i must read the OllyDbg help file first and carefully.although there r some thing i still can't understand,thank u!!

focht

December 31st, 2004, 04:19

Hi,

just some addendum ...
Memory breakpoint management based on page protection attributes (PAGE_GUARD) needs some polish-up in newer versions.

It is not clear if statement "OllyDbg supports only one memory breakpoint." refers to "per block/page" or whole section or whole mapped process address space.
Technically ollydbg should be able to support one memory bp per page.
This type of memory breakpoint should assigned an extra "show breakpoints" menu (to manage it).
Another option could be mixed view with traditional style bp's but extra info row to indicate its type.

Also the page protection attributes should be correctly displayed with "page guard" enabled when using this kind of memory breakpont ("memory map" view).

Regards