Comments on: Counterfactual Debugging: Data Ordering https://www.dumpanalysis.org/blog/index.php/2009/09/15/counterfactual-debugging-data-ordering/ Structural and Behavioral Patterns for Software Diagnostics, Forensics and Prognostics Wed, 06 May 2026 23:59:45 +0000 http://wordpress.org/?v=2.3.3 By: Dmitry Vostokov https://www.dumpanalysis.org/blog/index.php/2009/09/15/counterfactual-debugging-data-ordering/#comment-95300 Dmitry Vostokov Tue, 22 Sep 2009 16:43:38 +0000 https://www.dumpanalysis.org/blog/index.php/2009/09/15/counterfactual-debugging-data-ordering/#comment-95300 Adding pastebin.com to my tool list Adding pastebin.com to my tool list

]]> By: Dmitry Vostokov https://www.dumpanalysis.org/blog/index.php/2009/09/15/counterfactual-debugging-data-ordering/#comment-95299 Dmitry Vostokov Tue, 22 Sep 2009 16:42:09 +0000 https://www.dumpanalysis.org/blog/index.php/2009/09/15/counterfactual-debugging-data-ordering/#comment-95299 There also can be just an exception when clearing the fixpoint if we change char c to int c and char *pc to int *pc: <code>0:000> uf wmain StackErasure!wmain: 8 00e91010 push ebp 8 00e91011 mov ebp,esp 8 00e91013 sub esp,8 10 00e91016 lea eax,[ebp-8] 10 00e91019 mov dword ptr [ebp-4],eax StackErasure!wmain+0xc: 11 00e9101c mov ecx,1 11 00e91021 test ecx,ecx 11 00e91023 je StackErasure!wmain+0x29 (00e91039) StackErasure!wmain+0x15: 13 00e91025 mov edx,dword ptr [ebp-4] 13 00e91028 mov dword ptr [edx],0 14 00e9102e mov eax,dword ptr [ebp-4] 14 00e91031 add eax,4 14 00e91034 mov dword ptr [ebp-4],eax 15 00e91037 jmp StackErasure!wmain+0xc (00e9101c) StackErasure!wmain+0x29: 17 00e91039 xor eax,eax 18 00e9103b mov esp,ebp 18 00e9103d pop ebp 18 00e9103e ret</code> There also can be just an exception when clearing the fixpoint if we change char c to int c and char *pc to int *pc:

0:000> uf wmain
StackErasure!wmain:
8 00e91010 push ebp
8 00e91011 mov ebp,esp
8 00e91013 sub esp,8
10 00e91016 lea eax,[ebp-8]
10 00e91019 mov dword ptr [ebp-4],eax

StackErasure!wmain+0xc:
11 00e9101c mov ecx,1
11 00e91021 test ecx,ecx
11 00e91023 je StackErasure!wmain+0x29 (00e91039)

StackErasure!wmain+0x15:
13 00e91025 mov edx,dword ptr [ebp-4]
13 00e91028 mov dword ptr [edx],0
14 00e9102e mov eax,dword ptr [ebp-4]
14 00e91031 add eax,4
14 00e91034 mov dword ptr [ebp-4],eax
15 00e91037 jmp StackErasure!wmain+0xc (00e9101c)

StackErasure!wmain+0x29:
17 00e91039 xor eax,eax
18 00e9103b mov esp,ebp
18 00e9103d pop ebp
18 00e9103e ret

]]> By: Sol_Ksacap https://www.dumpanalysis.org/blog/index.php/2009/09/15/counterfactual-debugging-data-ordering/#comment-94954 Sol_Ksacap Sat, 19 Sep 2009 23:42:51 +0000 https://www.dumpanalysis.org/blog/index.php/2009/09/15/counterfactual-debugging-data-ordering/#comment-94954 We think borderline case for this infinite loop can even produce overflow-like exception. For example, second 'wmain' function (with "lea eax, [ebp-5]; mov [ebp-4], eax") will trigger exception if esp on the function entry havest value 2bf008. Here's wmain with comments (too wide for wordpress, thus external link): http://pastebin.com/f22186d3b We think borderline case for this infinite loop can even produce overflow-like exception.

For example, second ‘wmain’ function (with “lea eax, [ebp-5]; mov [ebp-4], eax”) will trigger exception if esp on the function entry havest value 2bf008.
Here’s wmain with comments (too wide for wordpress, thus external link): http://pastebin.com/f22186d3b

]]>