Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Whether IDA can set memory breakpoint when use Remote Linux debugger? (https://forum.exetools.com/showthread.php?t=16167)

bridgeic 09-10-2014 11:26
Whether IDA can set memory breakpoint when use Remote Linux debugger?
 
Whether IDA can set memory breakpoint when use Remote Linux debugger?

I want to observe and catch which instruction modify the content of some memory block.

Storm Shadow 09-10-2014 13:45
Yes its possible, there are some ways.
If adress is known you can set them when debugging and restart.
Or if its a condition, make new breakpoint and under condition file set future condition, and breakpoint type.
i like the script way, but thats just me.

simple BP script
Code:
ea = GetEntryPoint(1) # entrypoint or adress
ea2 = MaxEA
LoadDebugger("gdb", 1) # typedebugger and remote
AddBptEx(0x020000, 0x1, BPT_BRK) #adress or condition, lenght
SetDebuggerOptions(DOPT_BPT_MSGS) #debugger atributes
path = GetInputFilePath()
args = ''
sdir = ''
StartDebugger(path, args, sdir)
https://www.hex-rays.com/products/ida/support/idadoc/1076.shtml

It might be usefull if you wanna see how it modifyes, and use trace replayer.

sendersu 09-10-2014 14:10
>I want to observe and catch which instruction modify the content of some memory block.
Does the HW breakpoint work in your case?

Storm Shadow 09-10-2014 14:23
You can opserve what instructions are been modified with trace replayer.
havent used it much , but the modifications shows there.Trace replayer can trace functions / instructions and basic blocks

bridgeic 09-10-2014 17:11
Quote:
Originally Posted by sendersu (Post 94506)
>I want to observe and catch which instruction modify the content of some memory block.
Does the HW breakpoint work in your case?
Dear sendersu,

How to set HW breakpoing in IDA? Would you give more details?

I'll search google at the same time, thank you.

bridgeic 09-10-2014 17:13
Quote:
Originally Posted by Storm Shadow (Post 94505)
Yes its possible, there are some ways.
If adress is known you can set them when debugging and restart.
Or if its a condition, make new breakpoint and under condition file set future condition, and breakpoint type.
i like the script way, but thats just me.

simple BP script
......

https://www.hex-rays.com/products/ida/support/idadoc/1076.shtml

It might be usefull if you wanna see how it modifyes, and use trace replayer.
Dear Storm,

I'll study it, seems it's more complex than that in OD.

sendersu 09-10-2014 17:58
Set regular BP (F2)
Edit that BP (right click on red dot and go to Edit breakpoint menu item
than you'll see this: http://prntscr.com/4lfwfa
check the HW checkbox and the rest of options!

Storm Shadow 09-10-2014 18:07
Quote:
Originally Posted by bridgeic (Post 94510)
Dear Storm,

I'll study it, seems it's more complex than that in OD.
Well it sounds more complex than it is. :D


All times are GMT +8. The time now is 11:52.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX