flat assembler
Message board for the users of flat assembler.

Index > Main > Problem with "int 3" and debugging

Author
Thread Post new topic Reply to topic
StrenoJr



Joined: 13 Mar 2014
Posts: 22
Location: Slovakia
StrenoJr
Hello.
I haven't seen a this like problem. I even began thinking that this error is not mine. Could it be GRDB's or fasm's?

Without the int 3 instruction it ends when executing second time the for loop (at int 0x21).
Inside the GRDB (with int3 as on the picture) it ends at int 0x21 when first time in the loop.

When I make it to run everywhere but the for loop, it works fine.

Instead of being
Code:
int 3
mov cx, 128    
it became
Code:
add di, bx+di+0x80    
.
The instruction CD 03 (int 3) became a part of the mov cx forming add di, ...

Thanks for reading, have a nice day.


Description:
Filesize: 80.8 KB
Viewed: 2993 Time(s)

shot.PNG


Post 28 Aug 2014, 21:36
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17714
Location: In your JS exploiting you and your system
revolution
Use "int3", not "int 3" (note the lack of space in int3). Many debuggers can't properly deal with the long form of int3.
Post 28 Aug 2014, 21:43
View user's profile Send private message Visit poster's website Reply with quote
neville



Joined: 13 Jul 2008
Posts: 507
Location: New Zealand
neville
And note that fasm assembles INT 3 (with the space) as CD 03 as you've found, but assembles INT3 as the single-byte equivalent CC.

However, GRDB does not support the INT3 mnemonic at all. It requires the INT 3 syntax but assumes the single-byte encoding version equivalent to INT3 in fasm!

_________________
FAMOS - the first memory operating system
Post 28 Aug 2014, 22:00
View user's profile Send private message Visit poster's website Reply with quote
StrenoJr



Joined: 13 Mar 2014
Posts: 22
Location: Slovakia
StrenoJr
Thanks for you replies.

Do you know why there are two forms of int3?
Post 29 Aug 2014, 08:30
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17714
Location: In your JS exploiting you and your system
revolution
StrenoJr wrote:
Do you know why there are two forms of int3?
One form is the generic int X, where X is any 8 bit value. And the other is a special single byte int3 especially designed for debuggers to be able to overwrite only a single byte in the code stream.
Post 29 Aug 2014, 08:35
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
There is also even more silly INT1 instruction ($F1) ... AKA ICEBP http://www.rcollins.org/secrets/opcodes/ICEBP.html
Post 19 Sep 2014, 09:16
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.