Windbg: set data breakpoint in dll + offset

Question

Windbg: set data breakpoint in dll + offset

I want to set the data write breakpoint to xul.dll + 0x7d760, hopefully using the script command.

I can print the base address of xul.dll using lm and manually set a breakpoint with

ba w (baseaddress + 0x7d760)

But I can not find a way to save the base address of xul.dll in pseudo-register so that I can do it automatically. Is there a way to somehow save or lm xul results in pseudo mode?

+4

windbg

bsmedberg May 13, '13 at 18:16

source share

2 answers

The module name minus the suffix can also be used to express the base address:

 0:000> lm mole32 start end module name 000007ff`344b0000 000007ff`3462e000 ole32 (deferred) 0:000> ? ole32 Evaluate expression: 8792675385344 = 000007ff`344b0000 0:000> ? ole32 + 0x7d760 Evaluate expression: 8792675899232 = 000007ff`3452d760 0:000> ? 000007ff`3452d760 - ole32 Evaluate expression: 513888 = 00000000`0007d760

+1

snoone May 24, '13 at 14:40

source share

Aaron klotz · Accepted Answer · 2013-05-13T19:34:19+0000

.foreach /pS 4 /ps 3 (modbase {lm pm xul}) {ba w 4 (${modbase} + 0x7d760)}

In this command, the base address of the module will be stored in ${modbase} . Replace xul for another module or edit the {ba w 4 (${modbase} + 0x7d760)} to replace another command or offset as needed.

Windbg: set data breakpoint in dll + offset

More articles: