Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Cannot Set 4 Byte Hardware Breakpoint Windbg

Tags:

c++

debugging

reverse-engineering

windbg

I cannot set 4 byte read / write access hardware breakpoint using windbg. 

0:000> dd 02e80dcf
02e80dcf  13121110 17161514 1a191800 1e1d1c1b
02e80ddf  011c171f c7be7df1 00000066 4e454900

Actually I have to check when the value 0x13121110 (at address 0x02e80dcf)is getting changed/overwritten by the program.

So When I'm trying to set a 4 byte write access hardware breakpoint @ 0x02e80dcf, I'm getting Data breakpoint must be aligned Error. 

0:000> ba w 4 02e80dcf
Data breakpoint must be aligned
                     ^ Syntax error in 'ba w 4 02e80dcf'
0:000> ba r 4 02e80dcf
Data breakpoint must be aligned
                     ^ Syntax error in 'ba r 4 02e80dcf'
0:000> ba w 1 02e80dcf
breakpoint 0 redefined

I'm able to set 1 byte write access breakpoint at the address, But it not getting triggered when the pointer @ address 0x02e80dcf is getting overwritten.

And also if anyone could suggest any other way to detect the address overwritten thing would be really helpful.

Note : The problem I'm facing for a particular program. I'm able to set 4 byte hardware break point in the same debugging environment.

like image 849
Dev.K. Avatar asked Oct 29 '25 00:10

Dev.K.

1 Answers

As a side note, this particular behavior is from the CPU architecture itself (not from the system or the debugger).

x86 and x86-64 (IA32 and IA32-e in Intel lingo) architecture use Drx (Debug Registers) to handle hardware breakpoints.

Dr7 LENn field will set the length of a breakpoint and Dr0 to Dr3 will hold the breakpoint addresses.

from Intel Manual 3B - Chapter 18.2.5. "Breakpoint Field Recognition":

The LENn fields permit specification of a 1-, 2-, 4-, or 8-byte range, beginning at the linear address specified in the corresponding debug register (DRn).

In the same chapter it is explicitly stated:

Two-byte ranges must be aligned on word boundaries; 4-byte ranges must be aligned on doubleword boundaries.

If you cover the desired address with a data breakpoint with a big enough length, then it will trap (breakpoint will be hit):

A data breakpoint for reading or writing data is triggered if any of the bytes participating in an access is within the range defined by a breakpoint address register and its LENn field.

The manual then goes on giving a tip to trap on unaligned address and gives an example table:

A data breakpoint for an unaligned operand can be constructed using two breakpoints, where each breakpoint is byte-aligned and the two breakpoints together cover the operand.

Hardware brakpoints help table

like image 76
Neitsa Avatar answered Oct 31 '25 14:10

Neitsa
Sign in to Comment

Related questions

Why does sizeof(array) return three times more than indexes in the array?
Convert max integer to floating point without precision loss
Why `operator->` in std::optional result in a UB when `*this` is not valid?
How to simplify these function template specializations?
GCC preprocessor macro and "#pragma GCC unroll"
How to find an element in std::map with structures that has at least one data member equal to the key
How to set the number of CPU cores engaged in a calculation (C++ and OpenMP)
Is there named parameters in modern C++? [duplicate]
Can operator= may be not a member?
error expected primary-expression before ';'token c++
What is the purpose of libSDL2main.a?
Is there a fundamental type for natural numbers in C/C++?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!