xusheng6
commented
1 month ago Thx for letting me know about this bug, I will fix it ASAP
Open 0xFDFDFDFD opened 1 month ago
xusheng6
commented
1 month ago Thx for letting me know about this bug, I will fix it ASAP
xusheng6
commented
1 month ago Per my testing, the target is properly stopped -- I tried to interact with the VM and the guest system hangs. Also, it seems only the first time when you run "r", you get a different value, the subsequent values are all the same. I will look into it further but this may not be a bug
0xFDFDFDFD
commented
1 month ago Yes it is only the first time i get a different value. Also the RIP changes from nt!DbgBreakPointWithStatus to nt!HalProcessorIdle where it stays. This behavior only happens in the binary ninja debugger not when i debug the kernel with windbg. And its not only the r command also commands like dd @r8 or any other command are changing the state.
xusheng6
commented
1 month ago Right, there is definitely something unusual going on, and I need to figure that out
The Windows Kernel debugger doesn't properly pause execution. Because when we pause the execution and we execute the
rcommand twice without unpausing, the content of the registers changes:The expected behavior should be like this in windbg:
After breaking none of the values are changing.