DBG C XchngOpcode: Difference between revisions
Created page with "Debug Command 29 - Exchange Opcode and Go Command ;Parameters *Pid= Process ID of debuggee *Tid= Thread ID of thread *Cmd= DBG_C_XchngOpcode *Value= Opcode 1 for Single ..." |
mNo edit summary |
||
| Line 1: | Line 1: | ||
Debug Command 29 - Exchange Opcode and Go Command | {{DISPLAYTITLE:DBG_C_XchngOpcode}} | ||
Debug Command 29 - Exchange Opcode and Go Command | |||
;Parameters | ;Parameters | ||
*Pid= Process ID of debuggee | *Pid= Process ID of debuggee | ||
*Tid= Thread ID of thread | *Tid= Thread ID of thread | ||
*Cmd= DBG_C_XchngOpcode | *Cmd= DBG_C_XchngOpcode | ||
*Value= Opcode 1 for Single Step | *Value= Opcode 1 for Single Step | ||
*Addr= Opcode 2 for Go | *Addr= Opcode 2 for Go | ||
;Returns | ;Returns | ||
The sequence of operations for this Debug command is: | |||
# Replace the code at the EIP (instruction pointer) with opcode 1. | |||
# Single-step the thread specified by the Tid field. Do not execute other threads. If the single-step operation goes into ring 0 code, consider the single-step operation complete at the first ring 0 instruction. | |||
# Replace the code at the original EIP with opcode 2. | |||
# Issue a Debug Go command on all non-frozen threads. | |||
If an exception that DosDebug is to be notified about occurs during the single-step operation of this Debug command, opcode 2 is placed at the original EIP, and DosDebug is notified of the exception. When the debugger issues the Debug Continue command, the child process continues execution. | |||
;Note: If an exception that DosDebug is not to be notified about occurs, then the DBG_C_XchngOpcode command executes as if no exception took place. | |||
If opcode 1 and opcode 2 are identical, this Debug command executes only operations 3 and 4 above. There is no need to single-step the thread specified by the Tid field. This would be a "replace opcode and go" sequence using only one DosDebug function instead of two. | |||
If opcode 1 and opcode 2 are identical, this Debug command executes only operations 3 and 4 above. There is no need to single-step the thread specified by the Tid field. This would be a "replace opcode and go" sequence using only one DosDebug function instead of two. | |||
Revision as of 14:04, 10 March 2020
Debug Command 29 - Exchange Opcode and Go Command
- Parameters
- Pid= Process ID of debuggee
- Tid= Thread ID of thread
- Cmd= DBG_C_XchngOpcode
- Value= Opcode 1 for Single Step
- Addr= Opcode 2 for Go
- Returns
The sequence of operations for this Debug command is:
- Replace the code at the EIP (instruction pointer) with opcode 1.
- Single-step the thread specified by the Tid field. Do not execute other threads. If the single-step operation goes into ring 0 code, consider the single-step operation complete at the first ring 0 instruction.
- Replace the code at the original EIP with opcode 2.
- Issue a Debug Go command on all non-frozen threads.
If an exception that DosDebug is to be notified about occurs during the single-step operation of this Debug command, opcode 2 is placed at the original EIP, and DosDebug is notified of the exception. When the debugger issues the Debug Continue command, the child process continues execution.
- Note
- If an exception that DosDebug is not to be notified about occurs, then the DBG_C_XchngOpcode command executes as if no exception took place.
If opcode 1 and opcode 2 are identical, this Debug command executes only operations 3 and 4 above. There is no need to single-step the thread specified by the Tid field. This would be a "replace opcode and go" sequence using only one DosDebug function instead of two.