0

I'm writing a debugger on Windows. And I have this little useless assembly code I debug with it:

    global _start
section .text
_start:
    mov eax, 1
    mov ebx, 2
    mov ecx, 3
    mov edx, [myVar]
    push 0
    hlt
section .data
    myVar dw 1234h

Of course it will crash at hlt.

I write debugging events on the console, after running and continuing twice I have these:

Process created.
DLL loaded: ntdll.dll
DLL loaded: C:\WINDOWS\system32\kernel32.dll
Exception happened.
First chance exception.
>>> 0x7c90120e EXCEPTION_BREAKPOINT
Exception happened.
First chance exception.
>>> 0x00401017 EXCEPTION_PRIV_INSTRUCTION
Exception happened.
First chance exception.
>>> 0x00401017 EXCEPTION_PRIV_INSTRUCTION

Now the question is, why I get that breakpoint exception? I expect to get exceptions only for the privileged instruction.

4

1 回答 1

3

附加调试器后,Windows 调试 API 总是会立即注入断点异常。这会暂停已调试的应用程序,并让调试器有机会访问应用程序并进行所需的任何初始化。

DebugActiveProcess文档:

系统安排进程中的第一个线程在恢复后执行断点指令。继续这个线程会导致它返回到执行与附加调试器之前相同的事情。

于 2013-09-13T14:20:38.827 回答