Login/Register
WinDBG View Passed Arguments to Any Function
Asked Answered
Solved debuggingwindbgcallstack
B

1

13

I'm using windbg to debug an Windows executable. I want to know how I can see arguments passed to any function using WinDBG.

For example If I wanna know the parameters passed to function Kernel32!CreatefileA using Immunity Debugger or Olly debugger I will set a break point at entry point of Kernel32!CreatefileA.

Now in bottom right corner of debugger window i could see nicely what are the parameters are getting passed to Kernel32!CreatefileA by the program. Like this screen shot.

![screenshot

So my question is how how can I get a similar view of passed parameters using WinDBG.Is thre any way??

Is there any plugin which can represent the stack visually like olly or immunity??

Thanks in Advance

Budge answered 2/9, 2013 at 16:29 Comment(0)
E
16

If you have private symbols, dv will show you locals and arguments. There is also a "Locals" window that can be opened with Alt+3 if you prefer to use the GUI.

If symbols are not available, it is not quite so easy. You can start with kv to see raw arguments and calling convention. Once you know the calling convention, you know where arguments are stored (stack and/or registers), and it is a matter of deciphering their layout in memory.

![Screenshot

Electrodialysis answered 2/9, 2013 at 21:24 Comment(4)
In my case I have private symbols still my std::string variables values are not showing, <Value Unavailable>Saintpierre
@Saintpierre You might have optimisations turned on. Certain optimisations can make it hard for the debugger to know where in memory or register to find a variable's value. If you step through the function to the point the variable is used, does it change from <Value Unavailable> to a value?Electrodialysis
yes might be possibleSaintpierre
Could you explain how you use kv to figure out what the arguments were?Quarrelsome

© 2022 - 2024 — McMap. All rights reserved.