如何在Windbg中为参数值设置条件断点
How to set conditional breakpoint for parameter value in Windbg
我有这样的功能:
int fn(int a, int b)
{
int x, y;
x = a + 5;
y = a - b;
return x / y;
}
并且我需要在 Windbg 中设置一个条件断点,最好是 int x, y; 行(第 18 行),当 a 等于 5 时。到目前为止我已经尝试过但还没有
大获成功
bp `main.c:18` ".if (a==5) {} .else {gc}"
我也试过了
bp `main.c:18` ".if (a!=5) {gc} .else {}" 但这给了我一个语法错误。这是怎么回事?
需要使用poi运算符,否则在调试器中a是变量a的地址。
bp `main.c:18` ".if (poi(a) = 0n5) {} .else {gc}"
来自第 Conditional breakpoints in WinDbg
页
MASM expression syntax is used. In a MASM expression, MyVar is treated as an address. Thus, you need to use the poi operator to dereference it. (If your variable actually is a C pointer, you will need to dereference it twice--for example, poi(poi(MyPtr)).) The 0n prefix specifies that this number is decimal. For syntax details, see MASM Numbers and Operators.
#include <stdio.h>
int fn(int a, int b) {
int x, y;
x = a + 5;
y = a - b;
return x / y;
}
int main(void) {
int res =0;
for (int i = 10; i< 25; i++) {
res = fn(i,5);
printf("%d\n",res);
}
return res;
}
在 windbg 中
0:000> bp `wcbrk.cpp:3` ".if( @@(a) !=0n21) {?@@(a);gc}.else {}"
0:000> g
ModLoad: 6dc40000 6dc43000 C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL
Evaluate expression: 10 = 0000000a
Evaluate expression: 11 = 0000000b
Evaluate expression: 12 = 0000000c
Evaluate expression: 13 = 0000000d
Evaluate expression: 14 = 0000000e
Evaluate expression: 15 = 0000000f
Evaluate expression: 16 = 00000010
Evaluate expression: 17 = 00000011
Evaluate expression: 18 = 00000012
Evaluate expression: 19 = 00000013
Evaluate expression: 20 = 00000014
eax=00000015 ebx=7ffd3000 ecx=00000015 edx=00000038 esi=0041a760 edi=002c91b8
eip=003d1006 esp=001cf8b0 ebp=001cf8b8 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
wcbrk!fn+0x6:
003d1006 8b4508 mov eax,dword ptr [ebp+8] ss:0023:001cf8c0=00000015
0:000> dv
a = 0n21
b = 0n5
x = 0n0
y = 0n2
我有这样的功能:
int fn(int a, int b)
{
int x, y;
x = a + 5;
y = a - b;
return x / y;
}
并且我需要在 Windbg 中设置一个条件断点,最好是 int x, y; 行(第 18 行),当 a 等于 5 时。到目前为止我已经尝试过但还没有
bp `main.c:18` ".if (a==5) {} .else {gc}"
我也试过了
bp `main.c:18` ".if (a!=5) {gc} .else {}" 但这给了我一个语法错误。这是怎么回事?
需要使用poi运算符,否则在调试器中a是变量a的地址。
bp `main.c:18` ".if (poi(a) = 0n5) {} .else {gc}"
来自第 Conditional breakpoints in WinDbg
页MASM expression syntax is used. In a MASM expression, MyVar is treated as an address. Thus, you need to use the poi operator to dereference it. (If your variable actually is a C pointer, you will need to dereference it twice--for example, poi(poi(MyPtr)).) The 0n prefix specifies that this number is decimal. For syntax details, see MASM Numbers and Operators.
#include <stdio.h>
int fn(int a, int b) {
int x, y;
x = a + 5;
y = a - b;
return x / y;
}
int main(void) {
int res =0;
for (int i = 10; i< 25; i++) {
res = fn(i,5);
printf("%d\n",res);
}
return res;
}
在 windbg 中
0:000> bp `wcbrk.cpp:3` ".if( @@(a) !=0n21) {?@@(a);gc}.else {}"
0:000> g
ModLoad: 6dc40000 6dc43000 C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL
Evaluate expression: 10 = 0000000a
Evaluate expression: 11 = 0000000b
Evaluate expression: 12 = 0000000c
Evaluate expression: 13 = 0000000d
Evaluate expression: 14 = 0000000e
Evaluate expression: 15 = 0000000f
Evaluate expression: 16 = 00000010
Evaluate expression: 17 = 00000011
Evaluate expression: 18 = 00000012
Evaluate expression: 19 = 00000013
Evaluate expression: 20 = 00000014
eax=00000015 ebx=7ffd3000 ecx=00000015 edx=00000038 esi=0041a760 edi=002c91b8
eip=003d1006 esp=001cf8b0 ebp=001cf8b8 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
wcbrk!fn+0x6:
003d1006 8b4508 mov eax,dword ptr [ebp+8] ss:0023:001cf8c0=00000015
0:000> dv
a = 0n21
b = 0n5
x = 0n0
y = 0n2