how to debug ??

[aladdin]

i want to add a debuger to my page fault handler, and i want to read the value of EIP.
I know that when a PF occure, eip is stored in the stack right after the error code, but when I try this code

Code: Select all

mov ebx, esp
add ebx, 4
mov eax, [ebx]

eax contain a wrong value (i compared it with bochs values)
i'va tried the same code with : add ebx, 8 ... 1024 ::)
but i can't find the right eip value.

[Pype.Clicker]

it all depends on your exception's 'prologue' part. If for instance you have

Code: Select all

exc_handler:
     pusha
     push ds
     push es
     push gs
      ...
     ; more code

you need 11*4 bytes of offset to retrieve the proper value. The cleanest way i've found is to have a structure describing the whole stack frame format as caught by the handler

Code: Select all

typedef struct excCpuState{
  dword es,ds,fs,gs,ss;
  dword edi,esi,ebp,esp,ebx,edx,ecx,eax;
  dword number,errcode;
  dword eip,cs,flags;
} excCpuState;

and passing the proper pointer to the C handler:

Code: Select all

;; a zero error code is pushed by software if no error code
;; is used by this exception for consistency.
processException:
        pushad
        mpush ss,gs,fs,ds,es ;; macro, same as a collection of pushes :)
        mov ebp,esp
        push ebp ;; C parameter = pointer to the frame structure.
        call _processExcList
        add esp,4
        ;; ...

hope it helps.

If that doesn't work at first, i suggest you simply dump N bytes of the stack from the current esp value ...

Also make sure the value reported by BOCHS is an offset within CS and *not* a linear or physical address.