All geek questions in one place

How to get return value from function in windbg?

I am trying to debug some win32API as Createthread, which returns a handle. How to get return values ​​in windbg?

I did some research and found that return values ​​are usually stored in the EAx register.

If I set a breakpoint on CreateThread, then I can enter the Createthread assembly and, ultimately, I will remove the ret statement, which means that Createthread is returning.

At this point, should I check the value of the EAX register to get the HANDLE value or some other way?

+4
source share
1 answer

There is no other way that is not basically the same as eax testing.

If you want to get pedantry:

eax works fine for 32 bits.

rax is what you want for 64-bit applications

ret0 is what itanium uses

$ retreg is a pseudo registry that you can use that will behave correctly in all cases.

eg.

  0: 028> r rax
 rax = 00000000fff02000
 0: 028> r eax
 eax = fff02000
 0: 028> r $ retreg 
 $ retreg = 00000000fff02000
+9
source

Source: https://habr.com/ru/post/1286558/

More articles:


All Articles