[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Q: What mechanism SoftICE BPR uses?

To: exelist@egroups.com
Subject: Re: Q: What mechanism SoftICE BPR uses?
From: exitik@...
Date: Mon, 21 Aug 2000 07:29:39 -0000
User-agent: eGroups-EW/0.82

Hello,

for finding classics BRPs I know 2 ways:
 
1.
Search in program for 0CCh (you must know where you have 0ccg in 
program, because you will find this places too)

2.
Use CRC and if is BRP set, is CRC bad.


for debug breakpoints:
Soft-Ice use debug registers for them.

You can read debug registers (mov eax, dr0 etc.) but it is working 
only in RING0.
Other way is Context. There are some good informations. It working 
for winNT and 2k, too.

Bye Exit

Follow-Ups:
- Re: Q: What mechanism SoftICE BPR uses?
  - From: nmotohiko@...
- Re: [exelist] Re: Q: What mechanism SoftICE BPR uses?
  - From: "Ptasiek" <ptasiek@...>

Prev by Date: Re: [exelist] Re: Q: What mechanism SoftICE BPR uses?
Next by Date: Re: Q: What mechanism SoftICE BPR uses?
Previous by thread: Re: [exelist] Re: Q: What mechanism SoftICE BPR uses?
Next by thread: Re: Q: What mechanism SoftICE BPR uses?
Index(es):
- Date
- Thread