Windbg question

Eibro · June 14, 2004, 08:48 PM

I'm trying to set a conditional breakpoint on LoadLibraryA, where esp+4 is a string. Windbg documentation leads me to believe you can do this:

bp LoadLibraryA "j ($spat(poi(esp+4), "IX86*")) ''; 'g' "

But i'm getting a syntax error. I want break on LoadLibraryA if (char*)(esp+4) == "IX86*", is this possible?

Stwong · August 17, 2004, 12:19 AM

You're trying
bp LoadLibraryA "j ($spat(poi(esp+4), "IX86*")) ''; 'g' "
?

Try it with escaped ""'s inside the commandstring, may work better.

bp LoadLibraryA "j ($spat(poi(esp+4), \"IX86*\")) ''; 'g' "

Onto the next issue: You have 5 ""'s in that line.

bp LoadLibraryA "j ($spat(poi(esp+4), \"IX86*\")) '; 'g' "

The above may work a little better.

Skywing · August 17, 2004, 09:49 AM

Try this:

bp kernel32!LoadLibraryA "j dwo(esp+4) == 36385849 'k' ; 'g' "

Assuming you are using MASM syntax, of course.

Stwong · August 17, 2004, 09:59 AM

That may work even better. I was just looking at what might cause a syntax error, forgot to mention that I had no idea what the conditions for the J were meant to be.

Valhalla Legends Archive

Windbg question

Eibro

Stwong

Skywing

Stwong