Why Single Stepping Instruction on X86?

Question

So there is \"int 3\" which is an interrupt instruction used for breakpoints in debuggers.

But then there is also \"int 1\" which is used for single stepping. But wh

Answer 1

You are confusing the INT and INT 3 instructions with the interrupt vectors through which those instructions would call if the instruction were invoked. There is no single-step instruction.

The INT 3 (or "breakpoint instruction") will call the debugger if it is present (or rather, the debugger will hook the INT 3 vector so that when an INT 3 happens, the debugger will be called).

If the debugger sets the TF (trace flag), then every instruction will cause the #1 interrupt to occur. This will cause whatever address is in that interrupt vector to be called. Hopefully, this will be the single-step routine of a debugger. Eventually, the debugger will clear the TF, causing single-step interrupts to cease.