问题
As a workaround with x86 instructions, I used an opcode looks like .byte 0xf1, 0xc1 and tried to execute that inside gdb. the disassembly of that line shows
f1 icebp
So, when first byte which is F1 is fetched it is recognized as an instruction called icebp. This is known to be an undocumented instruction. The only thing I found in the SDM, is a footnote in INT sections saying
The mnemonic ICEBP has also been used for the instruction with opcode F1
Continuing with gdb, it says
Cannot access memory at address 0x1ffffc20
So, what is that address? How it is generated? Is it physical or virtual? and how can I test its real functionality?
UPDATE:
GDB operations are shown below:
(gdb) list
1 void main()
2 {
3 __asm__(".byte 0xf1, 0xc1");
4 }
(gdb) set disassembly-flavor intel
(gdb) disass /r main
Dump of assembler code for function main:
0x00000000004004ed <+0>: 55 push rbp
0x00000000004004ee <+1>: 48 89 e5 mov rbp,rsp
0x00000000004004f1 <+4>: f1 icebp
0x00000000004004f2 <+5>: c1 5d c3 66 rcr DWORD PTR [rbp-0x3d],0x66
End of assembler dump.
(gdb) b main
Breakpoint 1 at 0x4004f3: file machine2.c, line 4.
(gdb) run
Starting program: /home/mahmood/Documents/./machine2
Program received signal SIGTRAP, Trace/breakpoint trap.
0x00000000004004f2 in main () at machine2.c:2
2 {
Missing separate debuginfos, use: debuginfo-install glibc-2.17-196.el7.x86_64
(gdb) x/i $pc
=> 0x4004f2 <main+5>: rcr DWORD PTR [rbp-0x3d],0x66
(gdb) n
Cannot access memory at address 0x1ffffc20
(gdb) x/i $pc
=> 0x4004f5: nop WORD PTR cs:[rax+rax*1+0x0]
UDPATE2:
After removing c1, the debugger is not able to set the breakpoint at the asm line.
(gdb) list
1 void main()
2 {
3 __asm__(".byte 0xf1");
4 }
(gdb) b machine2.c:3
Breakpoint 1 at 0x4004f2: file machine2.c, line 3.
(gdb) run
Starting program: /home/mahmood/Documents/./machine2
Breakpoint 1, main () at machine2.c:4
4 }
Missing separate debuginfos, use: debuginfo-install glibc-2.17-196.el7.x86_64
来源:https://stackoverflow.com/questions/56819296/icebp-assembly-instruction