4399, 4414) Implemented by overwriting INT 3 (0xcc) into opcode of instruction (Table 8-1, p. Set at virtual memory address of instruction or at source line Allows one to examine the state of the machine at critical execution points File creation (Listing 8-4, Figure 8-1, p, Loc. One machine instruction or source line at a time Stepping-over: calls to functions executed all at once before control returned to debugger (next instruction) Stepping-into: calls to functions followed (enters callee) one machine instruction at a time (step instruction) Stepping-out: execute until return back to calling function (finish)ħ Debugging functions Breakpoints (software) Map machine execution to corresponding source code lines Allow setting of breakpoints at source-code lines Assembly-level Strictly operate at machine instruction level Main debugger used for malwareĥ Types of debuggers User mode Kernel modeĭebug one program via another program all in user space Examples: OllyDbg, gdb Kernel mode Debugging a kernel requires a second machine Must configure target OS to allow kernel debugging Examples: WinDbg Presentation on theme: "Part 3: Advanced Dynamic Analysis"- Presentation transcript:ģ Debugger Hardware or software used to examine execution of another program Disassembler: static snapshot of what code looks like before execution Debugger: dynamic snapshot of what code does during executionĤ Types of debuggers Source-level Assembly-level Debug while coding
0 kommentar(er)
