how to set a new EIP in the debugger ?

[440bx]

Hello,

Is it possible to set a new EIP (instruction pointer) while single stepping  in the debugger ? if yes, how ?  (this is useful for those times when skipping one or more instructions is necessary.)

Thank you for your help.

[Cyrax]

By pressing F4 keyboard button on desired line?

[440bx]

By pressing F4 keyboard button on desired line?

I tried it and, unfortunately, it didn't work (it inserts - or tries to insert - a breakpoint, not set the EIP to the line on the cursor.)  Thank you for the suggestion though.

[Cyrax]

AFAIK you can't set EIP directly, only by doing something at the code.

Example 1:

Code: Pascal  [Select][+][-]

1. asm
2.   push $00000001  // needs full address to "return"
3.   ret
4. end;

Example 2:

Code: Pascal  [Select][+][-]

1. asm
2.   jmp $00000001   // relative jump or direct jump (full address)
3. end;

Are you sure that  your code in that location where you are trying to jump, is even reachable by your code?

[440bx]

@Cyrax:

I'm trying to skip some code that is in kernel32.dll that behaves differently when an application is debugged than when it is not.  In some kernel32 functions, if the app is being debugged, kernel32 generates an exception to alert the debugger (an unfortunate choice), the debugger is supposed to do whatever it wants with the "alert" and resume execution at the next instruction.

With the VS debugger it's not a problem because in the worst case one can manually set the instruction where execution should resume but, when setting the EIP manually is not an option, these "messages" to the debugger become a real headache.

[Cyrax]

@Cyrax:

I'm trying to skip some code that is in kernel32.dll that behaves differently when an application is debugged than when it is not.  In some kernel32 functions, if the app is being debugged, kernel32 generates an exception to alert the debugger (an unfortunate choice), the debugger is supposed to do whatever it wants with the "alert" and resume execution at the next instruction.

With the VS debugger it's not a problem because in the worst case one can manually set the instruction where execution should resume but, when setting the EIP manually is not an option, these "messages" to the debugger become a real headache.

Can you give some names of those kernel32 functions?

[engkin]

set $pc=0xAddressInHex

[440bx]

Can you give some names of those kernel32 functions?

Sure, among them just about all the IsBadXXX family of functions, such as, IsBadCodePtr, IsBadReadPtr, IsBadStringPtr, etc.

MS screwed up their implementation (they potentially mess up stack's guard pages.) Instead of fixing the functions (which would not be hard), they made them difficult to use under a debugger (which is a strong way of discouraging people from using them.) 

Got to love the way they go about it too, the documentation states that the exception generated when running a debugger is "by design".  Some people are genuinely brilliant at creating gratuitous problems and, unfortunately, not so brilliant at solving any.

[440bx]

set $pc=0xAddressInHex

Where do I issue that command in the Lazarus IDE ? or is this available only when running GDB directly from a console ?

[marcov]

j *<expression for an address> in the debugger terminal

[440bx]

j *<expression for an address> in the debugger terminal

I get the impression that what you and Engkin suggest is available when running GDB from the command line.  I'd like to avoid doing that if possible.

I'd really like to know if there is a way of setting a new EIP when using GDB from Lazarus.  Is it possible ?, if so, how ?

Thank you.

[engkin]

Yes, set $pc is for the command line. Not sure, but I assume Marco is referring to:
View - Debug Window - Debug Output

[Martin_fr]

The IDE does not currently have such a feature. (Its on the todo list, among many other things)

There is a way to archive this.
But first, this is not an official feature. Therefore this comes on a strict "as is" base.

Compile the IDE with DBG_WITH_DEBUGGER_DEBUG defined: -dDBG_WITH_DEBUGGER_DEBUG

Menu: View > Ide Internals > Debug Output
This window will now have an input field. It allows to directly send commands to gdb. (By pressing the "execute" button)

1) You can only sent commands, when the app is paused.
2) You can NOT sent any commands that will run or step the target => This will mess up the IDE state, and your debug session will be lost.

But you can send commands to modify the register.
Note that the IDE will not update any debug windows. Register/Asm/... will still show the old value.

[440bx]

@Engkin:

Thank you for clarifying that.

@Martin:

... <snip> ... strict "as is" base.

Compile the IDE with DBG_WITH_DEBUGGER_DEBUG defined: -dDBG_WITH_DEBUGGER_DEBUG

Menu: View > Ide Internals > Debug Output
This window will now have an input field. It allows to directly send commands to gdb. (By pressing the "execute" button)

1) You can only sent commands, when the app is paused.
2) You can NOT sent any commands that will run or step the target => This will mess up the IDE state, and your debug session will be lost.

But you can send commands to modify the register.
Note that the IDE will not update any debug windows. Register/Asm/... will still show the old value.

Perfect.  I'll gladly take it "as is"   I don't need it very often but, there are a few times when not having it is a show-stopper.

Thank you.  Much appreciated.