Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Hardware memory breakpoints

Support forums for OllyDbg 32-bit Assembler-Level Debugger.
Developed by Oleh Yuschuk (http://www.ollydbg.de)
Locked
remdynamic
Junior Member
Posts: 1
Joined: Sat Jul 13, 2013 6:34 pm

Hardware memory breakpoints

Post by remdynamic »

Hi!

When I have a certain byte or range of bytes of which I know it will contain certain interesting data at some point, I usually set a hardware breakpoint on it.

However, I noticed that it doesn't always break. For example, now I want to keep an eye on the byte at DS:[9F2020], so I set a hardware BP there. However

(EAX = 9F2020)
MOV DWORD PTR DS:[EAX],EBP

won't cause Olly to break. However

(EDI = 9F2024)
REP STOS DWORD PTR ES:[EDI]

will cause Olly to break.

Am I misinterpreting the adressing system in Olly? I assume that

009F2020 | 00 00
__________^this is the byte on 009F2020

Do I need just to set my breakpoint a byte or 4 bytes before that?
blabberer
Senior Member
Posts: 1536
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

how did you set hardware breakpoint
for memory read and write
you either need to set
hardware bp->memory on access->byte // word // dword or
hardware bp -> memory on write ->byte // word // dword

if you had set an execute break it will not break on access of that memory

i dont see any problems in hw bp

Code: Select all

00401000 >MOV     EAX, 403000
00401005  NOP
00401006  NOP
00401007  MOV     DWORD PTR DS:[EAX], EBP
00401009  MOV     DWORD PTR DS:[EAX], EBP
0040100B  NOP
0040100C  NOP
0040100D  NOP
0040100E  CALL    00403000
00401013  JMP     SHORT 00401013
Log data
Address Message

Code: Select all

00401009   Hardware breakpoint 2 at msgbox.00401009		<----------------- second breakpoint @401009 hit
						 	first 401007 did not hit though eax contains 403000
00403000   Hardware breakpoint 1 at msgbox.MsgCaption               execution hw bp hit 
Locked