tags:

views:

307

answers:

1
Q: 

Examine data in windbg when a break on address (ba) breakpoint is hit

I'd like to create a breakpoint such that it will create another one-time breakpoint that will 'dd' a certain memory address when that memory is written to.

So when the breakpoint is hit, I'd like to run a command like:

  ba w4 @ESP+4 /1 ''dd [memory address of this breakpoint]''

Since this breakpoint is being created by another breakpoint (and could potentially be called several times), I can't specify the breakpoint number. Otherwise I could use a pseudo register like '$bp3' to get the memory address of breakpoint #3

Would anyone have any thoughts on how to create a breakpoint command that can 'dd' the memory address of the breakpoint?

Thank you!

A: 

you can elaborate to make use of other general purpose pseudo-registers: t0..t19

bp your-address "r$t1=your-other-address; ba w4 @$t1 /1 \"dd @$t1;gc\""
 2009-12-22 14:10:22
If the 'your-address' breakpoint is hit twice (before the 'your-other-address' is hit), would this change the value of $t1 and cause both of the one-time breakpoints to dd @$t1 on the same address?Thank you!!!
IFacer  2009-12-22 15:45:04
In that case, keep the breakpoints to minimum. Knowing you have one on 'your-address', it can also reset all other bps. Use something like 'bc1-10' in its condition (provided the 'your-address' is on bp0!) to get rid of the last 10 breakpoints that did not yet get hit.
 2009-12-23 09:28:50
Alternatively, you can set $t1 to 0 (to make sure ;o) and reset it to 0 in the single-shot bp. Then simply test for 0 (or for other value) and only create a new single-shot bp if a certain condition (like it being 0) is met.
 2009-12-23 09:30:45

related questions

Application.Exit didn't kill a message pump?
Can I run a .NET garbage collection from WinDbg?
How do I find the lockholder (reader) of my ReaderWriterLock in windbg
Windbg help -> how can I read the code at this callstack?
How do I evaluate dependency properties in silverlight/WPF from S.O.S. ?
How can I abort a long operation in WinDbg?
Which Visual Studio debugger features are missing from WinDbg?
How do I debug a memory dump of a spiking ASP.NET process?
WinDbg outputs characters to console nonstop
With WinDbg, can I modify an item in memory while a process is running?
Windbg: How to set breakpoint on one of the overloads of a C++ function?
Debugging C++ STL containers in Windbg
Starting to learn Windbg
WinDbg Dr. Watson minidump - requires pdb/dll originally built for installed version?
ACCESS_VIOLATION_BAD_IP
What is your favourite Windbg tip/trick?
Dump CCWs and RCWs in a mixed managed/unmanaged process
Why use windbg vs the Visual Studio (VS) debugger ?
How do you resolve crashing Windbg Logger on Vista?
Finding GDI/User resource usage from a crash dump
Triggering a .NET garbage collection externally
Stack overflow from .NET code in IIS, but not in Winforms
Diagnosing Deadlocks in Win32 Program
Interpreting Stacks in Windows Minidumps
best technique for launching a windbg user-mode remote debugging session