Whether IDA can set memory breakpoint when use Remote Linux debugger?

[bridgeic]

Whether IDA can set memory breakpoint when use Remote Linux debugger?

I want to observe and catch which instruction modify the content of some memory block.

[Storm Shadow]

Yes its possible, there are some ways.
If adress is known you can set them when debugging and restart.
Or if its a condition, make new breakpoint and under condition file set future condition, and breakpoint type.
i like the script way, but thats just me.

simple BP script

Code:

ea = GetEntryPoint(1) # entrypoint or adress
ea2 = MaxEA
LoadDebugger("gdb", 1) # typedebugger and remote
AddBptEx(0x020000, 0x1, BPT_BRK) #adress or condition, lenght 
SetDebuggerOptions(DOPT_BPT_MSGS) #debugger atributes
path = GetInputFilePath()
args = ''
sdir = ''
StartDebugger(path, args, sdir)

https://www.hex-rays.com/products/ida/support/idadoc/1076.shtml

It might be usefull if you wanna see how it modifyes, and use trace replayer.

[bridgeic]

Quote:

Originally Posted by Storm Shadow

Yes its possible, there are some ways.
If adress is known you can set them when debugging and restart.
Or if its a condition, make new breakpoint and under condition file set future condition, and breakpoint type.
i like the script way, but thats just me.

simple BP script
......

https://www.hex-rays.com/products/ida/support/idadoc/1076.shtml

It might be usefull if you wanna see how it modifyes, and use trace replayer.

Dear Storm,

I'll study it, seems it's more complex than that in OD.

[Storm Shadow]

Quote:

Originally Posted by bridgeic

Dear Storm,

I'll study it, seems it's more complex than that in OD.

Well it sounds more complex than it is.

[sendersu]

>I want to observe and catch which instruction modify the content of some memory block.
Does the HW breakpoint work in your case?

[bridgeic]

Quote:

Originally Posted by sendersu

>I want to observe and catch which instruction modify the content of some memory block.
Does the HW breakpoint work in your case?

Dear sendersu,

How to set HW breakpoing in IDA? Would you give more details?

I'll search google at the same time, thank you.

[Storm Shadow]

You can opserve what instructions are been modified with trace replayer.
havent used it much , but the modifications shows there.Trace replayer can trace functions / instructions and basic blocks

[sendersu]

Set regular BP (F2)
Edit that BP (right click on red dot and go to Edit breakpoint menu item
than you'll see this: http://prntscr.com/4lfwfa
check the HW checkbox and the rest of options!