Debugging Instruction Pointer when IP points to 0

Suppose you are running a program with interrupts handling enabled on a processor. Instruction Pointer points to zero. How can we get to know the cause that caused the Instruction Pointer to point to 0.

I'm not clear whether is it something related to the location of ISRs? As far as I know in some of the processors, IP=0 means the reset address. But why would a running program goto the address?

What all could be the reasons causing IP to be pointing to 0?


Basically all jmp instructions and ret can jump to 0. Examples:

 jnz 0          ;; encoded as relative jump JNZ -(next IP)
 jmp 00000000   ;; absolute jump
 mov ebx, 0
 jmp ebx        ;; indirect jump
 call 0
 mov ecx,0
 push ecx
 ret            ;; jump through stack

In C one can (try to) jump through NULL/uninitialized function pointer, as well as through corrupting stack. Some esoteric tricks would be to insert an exception handler (signal) to point to null, or use longjmp.

In x86 architecture (real mode) pointers to the interrupt handlers start at address 0:0, but one doesn't jump there. Instead the table contains 'segment:offset' pairs to be jumped to indirectly.

Debugging methods include bisecting the code with breakpoints, until the next instruction you run, causes your error. Inspecting stack should tell what was the last function that was executed. Sometimes the stack is still valid to show the complete callback trace.

链接地址: http://www.djcxy.com/p/14104.html

上一篇: 堆栈:返回地址

下一篇: 调试指令IP指向0时的指针