From: Gary G. Little [glittle@inland.net] Sent: Saturday, December 29, 2001 2:33 AM To: NT Developers Interest List Subject: [ntdev] Re: How system debuger works? Strange --- how things change. When I started in this industry "to hack" was an honored title ... it meant the ability to do things with light panes and card chaff not many others could. It was an honor "to hack". Gary -----Original Message----- From: bounce-ntdev-3122@lists.osr.com [mailto:bounce-ntdev-3122@lists.osr.com] On Behalf Of Moreira, Alberto Sent: Friday, December 28, 2001 11:54 AM To: NT Developers Interest List Subject: [ntdev] Re: How system debuger works? Actually, we don't really add our stuff to the kernel - we rather interpose ourselves between the kernel and the hardware. We do much of our stuff at hardware level, most of the time we talk directly to the iron. When you type ctrl-D, we ARE the kernel, give or take a few. And not much that we do deserves that "hack" title ! SoftICE is rather a high quality machine that works with clockwork precision. That level of precision and quality is necessary to reliably run single-machine debugging. Also remember that SoftICE works in real mode too, and also in Win9x, and it can easily and routinely cross the real/protected mode boundary: that's one more reason for us to be as independent of the OS kernel as possible. SoftICE occupies more or less the same structural level as VMWare does, it sits between the hardware and the OS. In fact, it shouldn't be that hard to turn it into a virtual memory operating system ! We already handle most of the hardware on our own anyway. Doing breakpoints is relatively simple: one replaces the target machine instruction with an int 1 or int 3, and redirect the ISR to the debugger. Upon exit from the debugger, one executes the frigged instruction. Actually, one could use just about any interrupt vector, but both int 1 and int 3 are one-instruction interrupts, which makes the hooking simpler. One could also use the debug registers, but then you'd be limited in the number of breakpoints you could handle. Alberto. -----Original Message----- From: Maxim S. Shatskih [mailto:maxim@storagecraft.com] Sent: Friday, December 28, 2001 1:42 PM To: NT Developers Interest List Subject: [ntdev] Re: How system debuger works? SoftICE - by adding hacks, patches and breakpoints to the kernel. WinDbg uses native KD which was embedded in the kernel by Microsoft. Max ----- Original Message ----- From: "Crasher" To: "NT Developers Interest List" Sent: Friday, December 28, 2001 5:27 PM Subject: [ntdev] How system debuger works? > ntdevHi,All! > How the system debuger like Softice or WinDbg works? > Thanks for help! > > Crasher > guodongzi@163.net > 2001-12-28 > b??.??\????????????+i???{.n???wZnV???h??{]z??b?(?( --- You are currently subscribed to ntdev as: alberto.moreira@compuware.com To unsubscribe send a blank email to leave-ntdev-247T@lists.osr.com --- You are currently subscribed to ntdev as: glittle@inland.net To unsubscribe send a blank email to leave-ntdev-247T@lists.osr.com --- You are currently subscribed to ntdev as: GlennEverhart@FirstUSA.com To unsubscribe send a blank email to leave-ntdev-247T@lists.osr.com