windbg: set data breakpoint at dll + offset

About

Asked 13/5, 2013 at 18:16 Answered 24/5, 2013 at 14:40

I want to set a data-write breakpoint on the value of xul.dll+0x7d760, hopefully using a command script.

I can print the base address of xul.dll using lm, and manually set the breakpoint with

ba w (baseaddress + 0x7d760)

But I can't figure out a way to store the base address of xul.dll into a pseudo-register so that I could do this automatically. Is there a way to somehow store or parse the results of lm xul into a pseudo-register?

Inflexible answered 13/5, 2013 at 18:16 Comment(0)

.foreach /pS 4 /ps 3 (modbase {lm p m xul}) {ba w 4 (${modbase} + 0x7d760)}

In this command, the module's base address will be stored in ${modbase}. Substitute xul for another module, or edit the {ba w 4 (${modbase} + 0x7d760)} block to substitute a different command or offset as necessary.

Gateway answered 13/5, 2013 at 19:34 Comment(0)

The module name minus the suffix can also be used to express the base address:

0:000> lm mole32
start             end                 module name
000007ff`344b0000 000007ff`3462e000   ole32      (deferred)             
0:000> ? ole32
Evaluate expression: 8792675385344 = 000007ff`344b0000
0:000> ? ole32 + 0x7d760
Evaluate expression: 8792675899232 = 000007ff`3452d760
0:000> ? 000007ff`3452d760 - ole32
Evaluate expression: 513888 = 00000000`0007d760

Byer answered 24/5, 2013 at 14:40 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags