torusrxxx
commented
3 years ago When the target instruction of bpgoto overlaps the breakpoint, there could be wrong behaviour. To fix it we need a disassembler to determine if the target instruction could overlap the breakpoint.
This change makes the bpgoto (change EIP to a new location every time the breakpoint is hit) and the NOP breakpoint (breakpoint on the 0x90 NOP instruction) thread-safe. It restores the original breakpoint bytes after the callback is executed. Then it only restores the original breakpoint bytes if the breakpointed instruction must be executed and it is not a NOP instruction.
The user can create a thread-safe breakpoint at any location by copying the breakpointed instruction to a shell code space, put a bpgoto breakpoint on the original location so that it will jump to our shell code with a NOP instruction. Then put a breakpoint on the NOP instruction in our shell code. The shell code consists of a NOP instruction, the original breakpointed instruction and a JMP instruction.