Set breakpoint commands in WinDBG

Command

============

~ 0 bp 02 sample! KBTest: maid "r esp"

Set a breakpoint on the Fibonacci_stdcall function of the KBTest class on the zero thread, and execute the "r esp" command when the breakpoint is triggered.

 

Bl

List all breakpoints that have been set

 

Bc *

Clear all breakpoints

 

Bp 02 sample! KBTest: maid "r esp; g"

Set breakpoints on all threads and execute the "resp; g" command when the breakpoint is triggered.

 

Bm 02 sample! * Kbtest *

The command bm can specify a symbolic mode in the parameter, so that a breakpoint will be set for all addresses that match the symbol. The command above uses bm to set breakpoints on all methods of KBTest.

 

Bu ole32! CoInitializeEx

The Windows operating system loads dynamic link libraries when necessary, and we often need to set breakpoints on a module that has not been loaded. the command bu can be used to set a delayed breakpoint. Only when the module where the breakpoint is located is loaded can the delayed breakpoint become a real breakpoint. the above command sets a latency breakpoint in the initialization function of DCOM.

 

Memory Access breakpoint

================

The name of the memory Access breakpoint is ba, that is, Break on Access.

User-mode command syntax:

[~Thread] ba[ID] Access Size [Options] [Address [Passes]] ["CommandString"]

Example:

Ba w4 gGlobal + 0

The above command sets a breakpoint to enable the processor to monitor write operations in four words starting from the gGlobal start address. Once an operation attempts to modify this address is found, it immediately enters the breakpoint.

 

Conditional breakpoint

==================

You can set a command on each breakpoint. When the debugging target penalizes this breakpoint, the debugger will execute this command. Through this function, we can create very useful conditional breakpoints.

We often encounter a function that fails only under certain conditions. Therefore, we hope that the program will stop when the function fails under certain conditions for further analysis. this can be achieved through conditional execution of g commands. if no error condition is detected after the function is executed, continue the execution. otherwise, stop.

Bp 02 sample! KBTest: maid "gu;. if (eax! = 1) {g }"

In the above command, we configured a breakpoint to break at the beginning of the binacci_stdcall function of the KBTest class, and then immediately executed the command gu (that is, Go Up, the target starts to execute until the current function ends. After the function is executed, the returned value (eax) of the function is detected. If it is not 1, it continues to execute (g). Otherwise, it enters the breakpoint.

 

References

==============

<AWD>