0

Breakpoints can only be used to count the number of read/write/execute, but I want to create a group where one file descriptor does the counting (eg HW instructions) and another one to disable the counting when we read a memory address for the first time. Is there a way to do that?

Right now my only option seems to be register_wide_hw_breakpoint, but I don't have access to that from python.

Ahmad Khaled
  • 21
  • 1
  • 3
  • Could you add some examples of what you did try and explain what do you want to achieve? Basically breakpoints allow to stop program execution (interrupt) on some event like executing int3 or accessing some address for hw watchpoint. On interrupt some handler will be called (gdb, or perf_event kernel subsystem), which should handle the event as it wants. I think there is no exact mechanism in current version of perf_event in kernel, but it theoretically can be rewritten (patched) to do what you want. Also you can try to use perf_event_open + ioctl from your parent process as debugger. – osgx Jun 12 '20 at 00:17
  • Yes, that's what I already did when I noticed the limitation. See [here](https://stackoverflow.com/questions/8941711/is-it-possible-to-set-a-gdb-watchpoint-programmatically) for what I did so far. The child sets the breakpoint in the parent. I'm currently trying to use the software breakpoint. The same as proposed [here](https://blog.tartanllama.xyz/writing-a-linux-debugger-breakpoints/). I haven't looked at the kernel code yet, but I prefer to keep that untouched. – Ahmad Khaled Jun 12 '20 at 14:32

0 Answers0