Controlling the Program Execution in WinDbg using Breakpoints
Software Breakpoints
bp is used to set the breakpoint
0:009> **bp kernel32!writeFile**
0:009> **bl**
0 e Disable Clear 7754c6d0 0001 (0001) 0:**** KERNEL32!WriteFileCreated a break point on write file and trying to add the content and save the notepad
0:009> bp kernel32!Writefile
0:009> bl
0 e Disable Clear 7754c6d0 0001 (0001) 0:**** KERNEL32!WriteFile
0:009>
0 e Disable Clear 7754c6d0 0001 (0001) 0:**** KERNEL32!WriteFile
0:000> g
**Breakpoint 0 hit**
eax=008fedb0 ebx=02f783b0 ecx=2b9eda35 edx=02f783be esi=00000007 edi=075d32c8
eip=7754c6d0 esp=008fed90 ebp=008fedc4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
KERNEL32!WriteFile:
7754c6d0 ff2590445a77 jmp dword ptr [KERNEL32!_imp__WriteFile (775a4490)] ds:0023:775a4490={KERNELBASE!WriteFile (74d9b160)} dword ptr [KERNEL32!_imp__WriteFile (775a4490)] ds:0023:775a4490={KERNELBASE!WriteFile (74d9b160)}Break point can be disable using bd followed by ID
0:000> bd 0
0:000> bl
0 d Enable Clear 7754c6d0 0001 (0001) 0:**** KERNEL32!WriteFile
Enabled existing break point using be followed by break point ID
0:000> be 0
0:000> bl
0 e Disable Clear 7754c6d0 0001 (0001) 0:**** KERNEL32!WriteFileClear Break point using bc followed with ID or wild cat char “*”
0:000> bl
0 e Disable Clear 7754c6d0 0001 (0001) 0:**** KERNEL32!WriteFile
0:000> bl
0 e Disable Clear 7754c6d0 0001 (0001) 0:**** KERNEL32!WriteFile
0:000> bc 0
0:000> bl0:000> bp kernel32!WriteFile
0:000> bl
0 e Disable Clear 7754c6d0 0001 (0001) 0:**** KERNEL32!WriteFile
0:000> bc *
0:000> blSetting break point on read file
Last updated