|
|
|
|
|
|
by dkopi
3530 days ago
|
|
|
I agree with the first part, it's kind of a self reinforcing decision.
Intel wanted INT 3 to be for break points so they gave it a single byte instruction, and because INT 3 is a single byte instruction - it's the only one that makes sense for debug breakpoints. Lets say you have a lot of single byte opcodes: 40 INC EAX
43 INC EBX
41 INC ECX
C3 RET
And you want to set a breakpoint on INC EAX.
If you replace "40" with "CD03" - you'll overwrite INC EBX as well.
That can cause your program to crash if there are control flows that end up jumping to INC EBX without going through INC EAX first.That's the main reason why 0xCD, 0x03 isn't used. |
|
|