如何在 WinDbg 中删除断点 ntdll!DbgBreakPoint+0x1 [英] How can I remove breakpoint ntdll!DbgBreakPoint+0x1 in WinDbg

问题描述

我正在调试一个崩溃的程序，WinDbg 设置为我的事后调试器.我在地址 77f7f571 设置了一个断点.当它被触发时，我曾经得到以下内容:

I'm debugging a program that's crashing with WinDbg set as my post-mortem debugger. I have set a breakpoint at address 77f7f571. When it's triggered, I used to get the following:

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\System32\ntdll.dll - 
ntdll!DbgBreakPoint+0x1:

然后我按照 http://www.osronline.com/ShowThread 中的说明进行操作.cfm?link=178221，现在我只知道

Then I followed the instructions from http://www.osronline.com/ShowThread.cfm?link=178221, and now I just get

ntdll!DbgBreakPoint+0x1:

我想删除此断点，但无法列出或删除它.bl、bc 或 bd 都没有输出:

I'd like to remove this breakpoint, but I can't get it to list or delete. There's no output for bl, nor for bc or bd:

0:002> bl 
0:002> bc * 
0:002> bd *

推荐答案

这不是基于行的断点，而是类似于以下程序中对 DebugBreak() 的手动调用:

This is not a line based breakpoint but looks like a manual call to DebugBreak() like in the following program:

#include "stdafx.h"
#include "windows.h"    
int _tmain()
{
    DebugBreak();
    return 0;
} 

在内部，该方法将抛出异常.要控制WinDbg 是否因异常而停止，使用sxe bpe 停止和sxi bpe 忽略异常.

Internally, the method will throw an exception. To control whether WinDbg stops due to the exception, use sxe bpe to stop and sxi bpe to ignore the exception.

要尝试此操作，请编译上述应用程序并在 WinDbg (Ctrl+E) 下运行它.在初始断点处，接管控制:

To try this, compile above application and run it under WinDbg (Ctrl+E). At the inital breakpoint, take over the control:

(1c2c.6a8): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=779d0000 edx=0020e218 esi=fffffffe edi=00000000
eip=773e12fb esp=0038f9e8 ebp=0038fa14 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2c:
773e12fb cc              int     3

0:000> sxe bpe; g
(1c2c.6a8): Break instruction exception - code 80000003 (first chance)
*** WARNING: Unable to verify checksum for DebugBreak.exe
eax=cccccccc ebx=7efde000 ecx=00000000 edx=00000001 esi=0038fd44 edi=0038fe10
eip=74d5322c esp=0038fd40 ebp=0038fe10 iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000206
KERNELBASE!DebugBreak+0x2:
74d5322c cc              int     3

0:000> g
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=77442100 edi=774420c0
eip=7735fd02 esp=0038fd78 ebp=0038fd94 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!ZwTerminateProcess+0x12:
7735fd02 83c404          add     esp,4

在这个实验之后，输入 .restart.然后用sxi bpe重复实验:

After this experiment, type .restart. Then repeat the experiment with sxi bpe:

(109c.1c1c): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=be9e0000 edx=0009e028 esi=fffffffe edi=00000000
eip=773e12fb esp=002ff890 ebp=002ff8bc iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2c:
773e12fb cc              int     3

0:000> sxi bpe; g
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=77442100 edi=774420c0
eip=7735fd02 esp=002ffc20 ebp=002ffc3c iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!ZwTerminateProcess+0x12:
7735fd02 83c404          add     esp,4

如您所见，WinDbg 不再因为异常而停止在 KERNELBASE!DebugBreak+0x2.

As you can see, WinDbg did not stop at KERNELBASE!DebugBreak+0x2 due to the exception any more.

这篇关于如何在 WinDbg 中删除断点 ntdll!DbgBreakPoint+0x1的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！