About 6.4.2 Single stepping from page 181
p-jaholkowski opened this issue · 0 comments
6.4.2 Single stepping
When breakpoint is implemented,it is easy to implement single stepping: a debugger simply places another int 3 opcode in the next instruction. So, when a programmer sets a breakpoint at an instruction, the next instruction is automatically set by the debugger, thus enable instruction by instruction debugging. Similarly, source line by line debugging is just the placements of the very first opcodes in the two statements with two int 3 opcodes.
It is possible to write debugger which implements single stepping that way. However in x86-64 processor atchitecture debuggers do it diffrent way.
Debugger sets trap flag bit in eflags register.
Description from Intel Manual volume 3 part 1 page 71
Trap (bit 8) — Set to enable single-step mode for debugging; clear to disable single-step mode. In single-step mode, the processor generates a debug exception after each instruction. This allows the execution state of a program to be inspected after each instruction. If an application program sets the TF flag using POPF, POPFD, or IRET instruction, a debug exception is generated after the instruction that follows the POPF, POPFD, or IRE
Implementation of book description is more complicated. First you need to emulate all condition jump instructions. Set the breakpoint
at the memory which usually involves changing page access from read-execute to write then switching it back to previous page access and
after instruction execution restoring instruction opcode to previous form.