题
I'm writing a debugger on Windows. And I have this little useless assembly code I debug with it:
https://stackoverflow.com/questions/18788481
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian global _start
section .text
_start:
mov eax, 1
mov ebx, 2
mov ecx, 3
mov edx, [myVar]
push 0
hlt
section .data
myVar dw 1234h
Of course it will crash at hlt.
I write debugging events on the console, after running and continuing twice I have these:
Process created.
DLL loaded: ntdll.dll
DLL loaded: C:\WINDOWS\system32\kernel32.dll
Exception happened.
First chance exception.
>>> 0x7c90120e EXCEPTION_BREAKPOINT
Exception happened.
First chance exception.
>>> 0x00401017 EXCEPTION_PRIV_INSTRUCTION
Exception happened.
First chance exception.
>>> 0x00401017 EXCEPTION_PRIV_INSTRUCTION
Now the question is, why I get that breakpoint exception? I expect to get exceptions only for the privileged instruction.
解决方案
The Windows debugging API always injects a breakpoint exception as soon as a debugger is attached. This pauses the debugged application and gives the debugger a chance to access the application and do any initialization it needs to.
From the DebugActiveProcess documentation:
The system arranges for the first thread in the process to execute a breakpoint instruction after it resumes. Continuing this thread causes it to return to doing the same thing as before the debugger is attached.
