[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [exelist] Re: Q: What mechanism SoftICE BPR uses?

To: exelist@egroups.com
Subject: Re: [exelist] Re: Q: What mechanism SoftICE BPR uses?
From: "Ptasiek" <ptasiek@...>
Date: Fri, 18 Aug 2000 11:40:49 +0200
In-reply-to: <8ng8tv+5rji@...>
References: <8ng8tv+5rji@...>

Hi

 00-08-17 o 08:49 czasu letniego nmotohiko@... napisal:

[..]
>Probably, SoftICE fool me. s/u flag must be set to s.
>

SI really fools you because it doesn't show any modyfications
which it mades itself. That's why you don't see CC's in the code 
or changed attributes of the page.
BTW SI shows PT through PAGE command.

>>From test cases, BPR mechanism is supposed to be the following steps.
>
>(step1) When BPR command entered, SoftICE set s to u/s flag of the PTE of
the page.
>(step2) When the page is accessed from the user-mode application, Page
Fault raise. 
>(step3) When SoftICE receive Page Fault Exception of a page and if the
page is on BPR page list. 
>The address of the current opcode and operands is checked. if the address
is in the BPR range. SoftICE popup.   

Yep it works in this way i think, AFAIK SoftIce uses a simple
SEH(structured handling exception)
to control all the faults and after comparing it with its own virtual
breakpoints list it gives the control
to the debugger - user.


Ptasiek/CrackPL <ptasiek@...>
WWW: http://www.ptasiek.px.pl
"Obcym agentom i prowokatorom mowimy NIE"

References:
- Re: Q: What mechanism SoftICE BPR uses?
  - From: nmotohiko@...

Prev by Date: Re: [exelist] RecSmall 1.05 + RecAV 1.05
Next by Date: Re: Q: What mechanism SoftICE BPR uses?
Previous by thread: Re: Q: What mechanism SoftICE BPR uses?
Next by thread: Re: Q: What mechanism SoftICE BPR uses?
Index(es):
- Date
- Thread