I have been researching setting a hardware break point in Olly.
I found this.
Andy
Hardware breakpoint (available only when running Debugger under Windows ME, NT, 2000 or XP). 80x86-compatible processors allow to set 4 hardware breakpoints. Unlike memory breakpoint, hardware breakpoints do not slow down the execution speed, but cover only up to 4 bytes. OllyDbg can use hardware breakpoints instead of INT3 when stepping or tracing through the code.
Is there a question here ? DRX breakpoints are well documented in the IA32 manual and as far as I can tell work fine in Olly. If you're asking why have two types of breakpoints its mainly because INT3 breakpoints will only work inside running code while a hardware breakpoint can be inserted into any memory address and can trigger when that address is read from or written to. If you're asking why only 4 hardware breakpoints can be set its because there are only 4 DR registers of the 6 that can be used to hold breakpoints (DR6 and DR7 are status and control respectively).
Quote from: Donkey on December 19, 2012, 03:22:02 PM
Is there a question here ? DRX breakpoints are well documented in the IA32 manual and as far as I can tell work fine in Olly. If you're asking why have two types of breakpoints its mainly because INT3 breakpoints will only work inside running code while a hardware breakpoint can be inserted into any memory address and can trigger when that address is read from or written to. If you're asking why only 4 hardware breakpoints can be set its because there are only 4 DR registers of the 6 that can be used to hold breakpoints (DR6 and DR7 are status and control respectively).
You know me well.
I have a pretty good idea who is comfortable helping me.
It is a shame. There is no reason for it.
Andy
Quote from: Magnum on December 19, 2012, 06:24:31 PM
It is a shame. There is no reason for it.
Hi Andy,
Well, there is a very good reason for hardware breakpoints, the classic example is if you want to break execution when your program reads from a particular address outside of the code segment, say in the data segment for example, INT3 is useless and page watches don't have the necessary granularity. The only tool that is available for the task is DRX breakpoints. I have used them and they are extremely effective when debugging a program. Also when you use INT3 (software) breakpoints in Olly the debugger will insert INT3 into the code saving the original BYTE, when it is encountered the program breaks to the debugger and the original BYTE is re-inserted and execution allowed to continue for a single step after which the INT3 is re-inserted. This takes time and slows execution, hardware breakpoints don't have that liability.
I need to set some hardware breakpoints, but I can't figure out how to do it in Olly.
Andy
i found a 2-part Olly tutorial...
http://thelegendofrandom.com/files/tuts/R4ndom_tutorial_3.zip (http://thelegendofrandom.com/files/tuts/R4ndom_tutorial_3.zip)
http://thelegendofrandom.com/files/tuts/R4ndom_tutorial_4.zip (http://thelegendofrandom.com/files/tuts/R4ndom_tutorial_4.zip)