I want to follow after a function in a program. How can I know when a specific function starts, and when is it just about to end? (or just have ended)
I have the function's start address and can check all the registers
If you wanted to know, how internally a function works, you should use a debugger in your platform. for example, if you are using the Windows operating system, you can use Windbg and IDA Pro to debug a function. If you are using Linux/Unix-based operating systems, you can use gdb debugger, hopper, and radare2. For example, To determine when a specific function starts and ends, you can follow the steps mentioned in the following section to achieve this with Windbg:
Attach the process to the Windbg debugger or open the program with it.
Set a breakpoint at the start address of the function you're interested in. For example bp main.
Run the program using the g command to continue execution until the breakpoint is hit.
Once the breakpoint is hit, you can examine the current state of the program, including the register values using the r command. This will show you the values of the processor registers.
Step through the function using the p command to execute one instruction at a time. This will allow you to observe the changes in register values and memory as the function executes.
You can set another breakpoint at the end of the function if you want to stop execution there as well. Use the bp command with the end address of the function.
Continue stepping through the function until you reach the end and see ret instruction in order to return to the caller stack frame.
By setting breakpoints at the start and end addresses of the function in the debuggers, and stepping through the instructions, you can track the execution flow and observe the changes in register values.