flat assembler
Message board for the users of flat assembler.

Index > Windows > cdb.exe misinterpretation

Author
Thread Post new topic Reply to topic
lemask



Joined: 04 Oct 2010
Posts: 19
lemask
Dear readers!

While working with cdb.exe, several misinterpretations of the disassembly by this debugging application, which is part of the MS Debugging Tools for Windows Set, may occur. Does anyone of you can give me some hints how to get rid of these misinterpretations (while still using cdb.exe, of course!)?

Part of program:
Code:
    wmsg    equ dword[ebp+0x18+4]
       mov     eax,wmsg
    cmp     ax,0x110
    


Misinterpretation:
Code:
038b451c663d       add     ecx,dword ptr [ebx+0x3D661C45]
1001          adc     byte ptr [ecx],al
    


Thank you in advance for any info!
Post 05 Oct 2010, 06:56
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17284
Location: In your JS exploiting you and your system
revolution
lemask: You probably have either some data before the instruction, or you have tried to disassemble within the middle of an instruction.

Basically your disassembler has begun disassembly at the wrong place. Just shift the disassembly start position forward by one byte.
Post 05 Oct 2010, 09:20
View user's profile Send private message Visit poster's website Reply with quote
lemask



Joined: 04 Oct 2010
Posts: 19
lemask
That is exactly the problem; the disassembler starts in the middle of an "int 3" instruction. When i skip forward one byte, disassembling works fine. So i tried to insert a "nop" after "int 3", but it won't work either (of course).
Is this a feature of cdb.exe or is my program misaligned?
Post 05 Oct 2010, 09:25
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17284
Location: In your JS exploiting you and your system
revolution
Try using the int3 opcode (that's without the space, all one word).
Post 05 Oct 2010, 09:30
View user's profile Send private message Visit poster's website Reply with quote
lemask



Joined: 04 Oct 2010
Posts: 19
lemask
Yeah!!! Work's fine! Thank you (once) again, revolution!
Everytime i ask something in this forum, i can count on your problem-solving answer!
Post 05 Oct 2010, 09:37
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Seems the incorrectly presume breakpoint is always generated by CC (int3), never CD 03 (int 3). Not a surprising bug, really. From my experiences, it would be waste of time trying to report this.
Post 05 Oct 2010, 10:14
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
lemask



Joined: 04 Oct 2010
Posts: 19
lemask
Well, i don't really care wether to use int3 or "int 3"; i just didn't know about that! Probably it is a feature.
Post 05 Oct 2010, 11:31
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Quote:

Seems the incorrectly presume breakpoint is always generated by CC (int3), never CD 03 (int 3). Not a surprising bug, really. From my experiences, it would be waste of time trying to report this.
They may take some months but eventually they will acknowledge the bug. At least I've tried and succeeded Razz (the bug remains unfixed though).
Post 05 Oct 2010, 13:47
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.