Windbg + IDA: calculate an address in a module

Question

Hi all,

I'm debugging remotely a windows XP machine. One of my drivers is loaded at address 0xb2c4c000 up to 0xb2cb9680.

Now when I open my driver in IDA, the offset I want to set a breakpoint on is at 00017619.

How can I effectively match my IDA address into windbg?

I've tried the obvious which is to sum 0xb2c4c000 + 00017619 = 0xB2C635F7 and disassemble that address using the 'u' command in windbg. But the results did not match the assembly in IDA.

On the side question: is there a way to cancel a command that is running in windbg? Several times I've ran commands that took ages to process, I would like to be able to cancel them if needed. So I can keep working.

Thanks for your time.

Answer 1

The recent versions of IDA Pro allow you to debug device drivers through its WinDbg debugger plugin.

Another alternative is that you can rebase your database to match the base of the loaded module and like that you have one to one mapping between idb and windbg session.