edb-debugger icon indicating copy to clipboard operation
edb-debugger copied to clipboard
verified publisher icon eteran

Segment awareness

Open GoogleCodeExporter opened this issue 10 years ago • 2 comments 

EDB only resolves FS and GS virtual addresses, other segments are ignored which 
can become a problem, at least on Windows.
I'm not sure about Linux, but on Windows (x86) you can define a new segment 
with some defined baseaddress (e.g. 1000000h) and assign that segment to CS.
When tracing or encountering an exception inside that segment you will get the 
offset into the segment as EIP value.
AFAIK this is not possible on Windows x64 as their is no LDT to which to add 
segments. Only FS and GS are used there.

Here is a link describing the issue and a possible fix:
http://j00ru.vexillium.org/?p=866

It's an easy fix, I'm just not entirely sure which part of the code should 
calculate the virtual address.

Original issue reported on code.google.com by evan.teran on 3 Oct 2012 at 3:21

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

GoogleCodeExporter avatar Mar 29 '15 00:03 GoogleCodeExporter

I'm not 100% sure, but I think @10110111 may have fixed this.

eteran avatar Jun 07 '16 03:06 eteran

My commits have mostly fixed it, but there're some things which aren't segment-aware: e.g. symbols in disassembly. But this part is a bit harder than it looks at first: we don't know what segment the instruction refers to until we know it's the next instruction to execute. I think it's a similar reason why Bochs doesn't show symbolic addresses for any instruction but current in its debugger's disassembler.

10110111 avatar Jun 07 '16 05:06 10110111