Welcome to the new Woodmann RCE Messageboards Regroupment

This Forum is now strictly read-only. New Memberships and Postings have stopped.

Remember that under the RCE Links tab are the classic sites:

Fravia's Archive of Reverse Engineering
Fravia's Searchlores
CrackZ's Reverse Engineering Page
Yates - Reverse-Engineering.info

Enjoy 20+ years of Reverse Engineering discussions!
So Long.

Hardware memory breakpoints

Support forums for OllyDbg 32-bit Assembler-Level Debugger.
Developed by Oleh Yuschuk (http://www.ollydbg.de)
Junior Member
Posts: 1
Joined: Sat Jul 13, 2013 6:34 pm

Hardware memory breakpoints

Post by remdynamic »


When I have a certain byte or range of bytes of which I know it will contain certain interesting data at some point, I usually set a hardware breakpoint on it.

However, I noticed that it doesn't always break. For example, now I want to keep an eye on the byte at DS:[9F2020], so I set a hardware BP there. However

(EAX = 9F2020)

won't cause Olly to break. However

(EDI = 9F2024)

will cause Olly to break.

Am I misinterpreting the adressing system in Olly? I assume that

009F2020 | 00 00
__________^this is the byte on 009F2020

Do I need just to set my breakpoint a byte or 4 bytes before that?
Senior Member
Posts: 1536
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

how did you set hardware breakpoint
for memory read and write
you either need to set
hardware bp->memory on access->byte // word // dword or
hardware bp -> memory on write ->byte // word // dword

if you had set an execute break it will not break on access of that memory

i dont see any problems in hw bp

Code: Select all

00401000 >MOV     EAX, 403000
00401005  NOP
00401006  NOP
00401007  MOV     DWORD PTR DS:[EAX], EBP
00401009  MOV     DWORD PTR DS:[EAX], EBP
0040100B  NOP
0040100C  NOP
0040100D  NOP
0040100E  CALL    00403000
00401013  JMP     SHORT 00401013
Log data
Address Message

Code: Select all

00401009   Hardware breakpoint 2 at msgbox.00401009		<----------------- second breakpoint @401009 hit
						 	first 401007 did not hit though eax contains 403000
00403000   Hardware breakpoint 1 at msgbox.MsgCaption               execution hw bp hit