Controlling the Program Execution in WinDbg using Breakpoints

Software Breakpoints

bp is used to set the breakpoint

0:009> **bp kernel32!writeFile**

0:009> **bl**
     0 e Disable Clear  7754c6d0     0001 (0001)  0:**** KERNEL32!WriteFile

Created a break point on write file and trying to add the content and save the notepad

0:009> bp kernel32!Writefile
0:009> bl
     0 e Disable Clear  7754c6d0     0001 (0001)  0:**** KERNEL32!WriteFile
0:009> 
     0 e Disable Clear  7754c6d0     0001 (0001)  0:**** KERNEL32!WriteFile
0:000> g
**Breakpoint 0 hit**
eax=008fedb0 ebx=02f783b0 ecx=2b9eda35 edx=02f783be esi=00000007 edi=075d32c8
eip=7754c6d0 esp=008fed90 ebp=008fedc4 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
KERNEL32!WriteFile:
7754c6d0 ff2590445a77    jmp     dword ptr [KERNEL32!_imp__WriteFile (775a4490)] ds:0023:775a4490={KERNELBASE!WriteFile (74d9b160)}   dword ptr [KERNEL32!_imp__WriteFile (775a4490)] ds:0023:775a4490={KERNELBASE!WriteFile (74d9b160)}

Break point can be disable using bd followed by ID

0:000> bd 0
0:000> bl
     0 d Enable Clear  7754c6d0     0001 (0001)  0:**** KERNEL32!WriteFile

Enabled existing break point using be followed by break point ID

0:000> be 0
0:000> bl
     0 e Disable Clear  7754c6d0     0001 (0001)  0:**** KERNEL32!WriteFile

Clear Break point using bc followed with ID or wild cat char “*”

0:000> bl
     0 e Disable Clear  7754c6d0     0001 (0001)  0:**** KERNEL32!WriteFile
0:000> bl
     0 e Disable Clear  7754c6d0     0001 (0001)  0:**** KERNEL32!WriteFile
0:000> bc 0
0:000> bl

0:000> bp kernel32!WriteFile
0:000> bl
     0 e Disable Clear  7754c6d0     0001 (0001)  0:**** KERNEL32!WriteFile
0:000> bc *
0:000> bl

Setting break point on read file

PreviousEditing CPU Registers in WinDbg

Last updated 2 years ago