Possible to trap write to address (x86 - linux)

Question

I want to be able to detect when a write to memory address occurs -- for example by setting a callback attached to an interrupt. Does anyone know how?

I\'d like to b

Answer 1

What you need is access to the X86 debug registers: http://en.wikipedia.org/wiki/Debug_register

You'll need to set the breakpoint address in one of DR0 to DR3, and then the condition (data write) in DR7. The interrupt will occur and you can run your debug code to read DR6 and find what caused the breakpoint.

If GDB doesn't work, you might try a simpler/smaller debugger such as http://sourceforge.net/projects/minibug/ - if that isn't working, you can at least go through the code and understand how to use the debugging hardware on the processor yourself.

Also, there's a great IBM developer resource on mastering linux debugging techniques which should provide some additional options:

http://www.ibm.com/developerworks/linux/library/l-debug/

A reasonably good article on doing this is windows is here (I know you're running on linux, but others might come along to this question wanting to do it in windows):

http://www.codeproject.com/KB/debug/hardwarebreakpoint.aspx

-Adam