Discussion:
Finding address of n-th instruction in memory ...
(too old to reply)
Zaharije
2009-08-24 17:39:01 UTC
Permalink
Hi,
i'm writing small debugger for native x86 code. It's working fine when I
read whole debuggee code into memory and disassemble it, but now I'm trying
to do more dynamically way (not dissembling whole code into).

What I need is to read ONLY portion of code which user can see in
disassemble window and just to decode that part.

My problem is how to find correct address for n-th instruction. I need this
because i'm using virtual list control. In general, i have request to show
(e.g.) 20 instruction starting from instruction 123. My problem is how to
find starting address of instruction 123?

Thx
j***@cix.compulink.co.uk
2009-08-24 19:09:06 UTC
Permalink
Post by Zaharije
My problem is how to find correct address for n-th instruction. I
need this because i'm using virtual list control. In general, i have
request to show (e.g.) 20 instruction starting from instruction 123.
My problem is how to find starting address of instruction 123?
You need to find an address that you know is an instruction start and
disassemble from there. One possible way would be to use the debug
information to find the start address of the current procedure/function,
and disassemble from there.

Apart from that, the relocation table information might be useful, if it
tells you what kind of value is being fixed up.
--
John Dallman ***@cix.co.uk
"C++ - the FORTRAN of the early 21st century."
Zaharije
2009-08-24 19:31:01 UTC
Permalink
I had something similar in mind - only once to parse whole memory *only for
instruction length, not full decode) and to remember those addresses or every
n-th. With this i will end having table and can interpolate from that where
n-th instruction is. My only problem with that approach is self-modify and
self-expandable code. How to address that issue?
j***@cix.compulink.co.uk
2009-08-25 17:45:45 UTC
Permalink
Post by Zaharije
I had something similar in mind - only once to parse whole memory
*only for instruction length, not full decode) and to remember those
addresses or every n-th. With this i will end having table and can
interpolate from that where n-th instruction is.
The problem with that is that - at least with code from a C compiler -
functions do not follow each other immediately in memory. There are some
padding bytes to place them on 4-byte or 8-byte boundaries. I don't know
why, but it happens.
Post by Zaharije
My only problem with that approach is self-modify and self-expandable
code. How to address that issue?
Do you need to? You haven't said why you're writing a debugger.
--
John Dallman ***@cix.co.uk
"C++ - the FORTRAN of the early 21st century."
Ben Voigt [C++ MVP]
2009-10-16 01:30:06 UTC
Permalink
Post by Zaharije
I had something similar in mind - only once to parse whole memory *only for
instruction length, not full decode) and to remember those addresses or every
n-th. With this i will end having table and can interpolate from that where
n-th instruction is. My only problem with that approach is self-modify and
self-expandable code. How to address that issue?
mark the VM page as read-only
catch the resulting exception (don't pass it along to the debuggee)
every time the exception occurs, clear your cache of instruction addresses
for that page
either do the memory write operation that failed, or mark the page as
writable (it can stay that way until you build your cache again) and let
your exception handler request that the failed instruction is retried
Post by Zaharije
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4512 (20091015) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus signature database 4512 (20091015) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

Loading...