Gdb toggling breakpoints in self-modifying code

Question

I have a program which modifies its own code while running. When I'm trying to set a breakpoint in the code, it never breaks because the modification of the code deletes the breakpoint somehow.

I've heard of hardware breakpoints, but it's written in gdb that they're not supported by my hardware. Is there any other way to break in a self modifying code?

Answer 1

There are two ways in which GDB places a breakpoint. One is by setting certain special registers to instruct the CPU to break (raise an interrupt, which the kernel then translates into a signal to the debugger) when that line is executed. These are what GDB refers to as "hardware break points". If they are not supported on your hardware, then they are not supported.

The other way is to actually modify the code, and replace the first instruction of the line in which to break with a command to raise said interrupt. For example, under Intel X86, the command to raise an interrupt, say "int 5", is two bytes long, but the command to raise interrupt 3 is only one byte long. This is so it can be used for precisely this purpose.

The debugger replaces the instruction with the breaking one, and once the break point is hit, replaces that code back with what it had before the debugger interfered. Yes, this technique does not work with self modifying code (nor, I should mention, with code in read only memory, such as written to flash).

If your code is orderly enough (and, obviously, it is not particularly orderly), you can break once right after the code is written to memory, and only then place a second break point at the right location. If you study GDB's scripting capabilities hard enough, you can even make that automatic, so that you will not be bothered with the first break point.

All in all, if you are writing self modifying code, you are off the trodden path. Good luck. You're going to need it.

Shachar