this post was submitted on 21 May 2024
1610 points (98.8% liked)

Programmer Humor

32720 readers
519 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 24 points 7 months ago* (last edited 7 months ago) (1 children)

https://en.wikipedia.org/wiki/INT_(x86_instruction) (scroll down to INT3)

https://stackoverflow.com/a/61946177

The TL;DR is that it's used by debuggers to set a breakpoint in code.

For example, if you're familiar with gdb, one of the simplest ways to make code stop executing at a particular point in the code is to add a breakpoint there.

Gdb replaces the instruction at the breakpoint with 0xCC, which happens to be the opcode for INT 3


generate interrupt 3. When the CPU encounters the instruction, it generates interrupt 3, following which the kernel's interrupt handler sends a signal (SIGTRAP) to the debugger. Thus, the debugger will know it's meant to start a debugging loop there.

[โ€“] [email protected] 2 points 7 months ago (1 children)

Hey thank you!

Not what I thought it was for sure ๐Ÿ˜ƒ

How does it work if an instruction gets replaced by the INT3 though?

[โ€“] [email protected] 4 points 7 months ago* (last edited 7 months ago) (1 children)

Excellent question!

Before replacing the instruction with INT 3, the debugger keeps a note of what instruction was at that point in the code. When the CPU encounters INT 3, it hands control to the debugger.

When the debugging operations are done, the debugger replaces the INT 3 with the original instruction and makes the instruction pointer go back one step, thereby ensuring that the original instruction is executed.

[โ€“] [email protected] 1 points 7 months ago (1 children)

Whoo that seems complicated, I mean you akready compile a debug version.

Thanks for the explanation!

[โ€“] [email protected] 3 points 7 months ago* (last edited 7 months ago) (1 children)

The debug version you compile doesn't affect the code; it just stores more information about symbols. The whole shtick about the debugger replacing instructions with INT3 still happens.

You can validate that the code isn't affected yourself by running objdump on two binaries, one compiled with debug symbols and one without. Otherwise if you're lazy (like me ๐Ÿ˜„):

https://stackoverflow.com/a/8676610

And for completeness: https://gcc.gnu.org/onlinedocs/gcc-14.1.0/gcc/Debugging-Options.html

[โ€“] [email protected] 1 points 7 months ago

Thanks, excellent information!

How come debug exes are bigger? Is the nifty stuff tucked on at the end?