windbg设置条件断点 [英] windbg setting conditional breakpoint

问题描述

例如让我们说LoadLibrary API。

我想在Windbg中放一个条件断点。如果加载user32.dll，我该如何设置断点。

 > x kernel32！LoadLibraryW 
  

它会给一些地址[XXXX]

现在我可以把断点作为

 > bu [XXXX] 
  

但这将打针对所有调用LoadLibraryW。

任何建议。

解决方案

user32.dll上的一个条件断点，因为它相对较早地被映射到地址空间中，并且初始调试器的断点触发之后（据我所知）。

只要您可以跟踪user32.dll加载的时刻，您可以覆盖这样的模块休息：

  sxe ld user32.dll 
  

你可以做的是让你的应用程序开始一个boostrapper应用程序，然后让Windows调试器打破user32.dll加载。只需使用-o命令行选项或 .childdbg 1 扩展调用来启动子进程调试，并以cmd.exe启动，例如：

  windbg -csxe ld user32.dll; g-o cmd.exe / C yourapp.exe 
  

I want to put a conditional breakpoint in windbg.

For example lets say LoadLibrary API.

How can I put breakpoint such that it should it whenever user32.dll get loaded.

> x kernel32!LoadLibraryW

It will give some address [XXXX]

Now I can put breakpoint as

> bu [XXXX] 

but this will hit for all calls to LoadLibraryW.

Any suggestions.

解决方案

you can not set a conditional breakpoint on a user32.dll since it's being mapped into the address space relatively early and the initial debugger's breakpoint triggers after that (as far as i know).

provided you can track the moment user32.dll is loaded, you can override a module break like this:

sxe ld user32.dll

what you could do is have your app get started by a boostrapper application and then have windows debugger break on user32.dll load. just use -o command-line option or .childdbg 1 extension call to initiate debugging of child processes and have it started with cmd.exe, for instance:

windbg -c "sxe ld user32.dll;g" -o cmd.exe /C yourapp.exe

这篇关于windbg设置条件断点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！