Setting a Hardware breakpoint to a OS data

NTDEV
1

Hi

I have 2 questions about hardware breakpoint and debug registers

1-) It writes: "The debug registers are privileged resources; the MOV instructions that access them can only be executed at privilege level zero. An attempt to read or write the debug registers when executing at any other privilege level causes a general protection exception. "

But in that project:
http://www.codeproject.com/KB/debug/hardwarebreakpoint.aspx
Author did it by using GetThreadContext-SetThreadContext and no general protection exception.??

2-) How can i register a hardware breakpoint handler for OS data or remote process?
I mean, i can’t add _try _except to other process, i couldn’t figure out how it can be done…

Thanks…

2

1.) SetThreadContext apparently takes care of that. The docs indicate that there is some sort of magic going on that is far to sensitive to tell mortals like ourselves, but I guess it’s in there somewhere.

2.) I’m not entirely sure what you’re after here, but you might want to take a look at the "Debugging and Error Handling’ portion of the SDK docs. In particular, ‘Creating a Basic Debugger.’

Good luck,

mm

3

To be exact, the kernel sets up the registers on behalf of user mode after validating their contents so that you cannot interfere with the kernel by configuring the register set badly. The actual reading and writing to dr0, etc happens at cpl=0.

  • S

-----Original Message-----
From: xxxxx@evitechnology.com
Sent: Wednesday, September 09, 2009 08:41
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Setting a Hardware breakpoint to a OS data

1.) SetThreadContext apparently takes care of that. The docs indicate that there is some sort of magic going on that is far to sensitive to tell mortals like ourselves, but I guess it’s in there somewhere.

2.) I’m not entirely sure what you’re after here, but you might want to take a look at the "Debugging and Error Handling’ portion of the SDK docs. In particular, ‘Creating a Basic Debugger.’

Good luck,

mm


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer