• Welcome to Valhalla Legends Archive.
 

IDA ---> WinDBG offsets

Started by hi.times, March 15, 2005, 11:23 PM

Previous topic - Next topic

hi.times

hi all,

Sorry if this is the wrong place, but im having a few problems trying to breakpoint certain memory/addresses in a dll using WinDBG. My problem is i have some addresses in IDA, and would like to set a breakpoint on them in WinDBG, but they dont seem to work right.

Take for example this line in IDA:


.text:6FC015C0                 sub     esp, 10Ch


Now from this i would assume i need to do:


WinDBG Command Line -> bp 6FC015C0


But this does not work correctly, am i completely wrong here?

Also i would like to set a ba (break point on access memory), this also fails. Is some kind of base address conversion required for this to work?

Kp

Looks ok to me, but of course I can't say what's wrong since you forgot to post the error message you receive from windbg.  "does not work correctly" is extremely vague, and gives no hint as to whether windbg even accepts the command.  If it does accept it, you probably meant that the breakpoint doesn't seem to be triggered, which could just mean you've BP'd some useless function that's not being called.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

hi.times

I think the message thats printed when i do a bl confused me.


0 e 6fc0202c     0001 (0001)  0:*** D2Net!Ordinal10040+0x7c


Im not entirely sure what that message means, some kind of offset i think, but i thought Ordinal was used for representing exported functions.

The breakpoint on memory does not actually get called, am i wrong to do: ba r4 6FC0B2B4

This is the data section of the dll. I thought if a code line uses that offset in the data, it will break?

Adron

Ordinals are used for exported functions. Windbg shows you where your offset is in relation to the nearest symbol.


hi.times

Quote from: Adron on March 16, 2005, 09:55 AM
Ordinals are used for exported functions. Windbg shows you where your offset is in relation to the nearest symbol.



Ok, thankyou for clearing that up for me.