WinDbg Basics Setting Breakpoints Homeoftester.com Aug. 2008
The AUT –PrimeHunter
PrimeHunter is a demo application to find prime numbers less than any given natural number
Breakpoint Cmds of WinDbg
Bp is the command to set one or more software breakpoints. It can be used to combine locations, conditions and options to set different kinds of software breakpoints.
Bl lists existing breakpoints
Bc clear existing breakpoints
Bp vs Bu and Bm
The bp , bu , and bm commands set new breakpoints, but they have different characteristics:
The bp (Set Breakpoint) command sets a new breakpoint at the address of the breakpoint location that is specified in the command. If the address expression of the breakpoint location is not resolvable when the breakpoint is set, the bp breakpoint is automatically converted to a bu breakpoint.
The bu (Set Unresolved Breakpoint) command sets a deferred or unresolved breakpoint . A bu breakpoint is set on a symbolic reference to the breakpoint location specified in the command (not on an address) and is activated whenever the module with the reference is resolved. Breakpoints set by using bu are saved in WinDbg workspaces.
The bm (Set Symbol Breakpoint) command sets a new breakpoint on symbols matching a specified pattern. This command can create more than one breakpoint. By default, after the pattern is matched, bm breakpoints are the same as bu breakpoints; they are deferred breakpoints that are set on a symbolic reference. However, a bm /d command creates one or more bp breakpoints. Each breakpoint is set on the address of a matched location and does not track module state.
The most important parameter: Address . It decides where to set the breakpoint
If Address is omitted, the current instruction pointer is used. (the register eip)
Advanced Bp (1)
Set a one-time breakpoint
/1 Creates a "one-shot" breakpoint. After this breakpoint is triggered, it is deleted from the breakpoint list.
bp PrimeHunter!printPrimes /1
Break based on the depth of Call Stack
/c MaxCallStackDepth Activates the breakpoint only when the call stack depth is less than MaxCallStackDepth . This option cannot be combined with /C .
/C MinCallStackDepth Activates the breakpoint only when the call stack depth is greater than MinCallStackDepth . This option cannot be combined with /c .
Bu PrimeHunter!printPrimes /c 1
Bu PrimeHunter!printPrimes /C 5
Advance Bp (2)
Set Conditional Breakpoints
A conditional breakpoint is created by combining a breakpoint command with j (Execute If - Else) and gc (Go from Conditional Breakpoint) to cause a break to occur only if a specific condition is satisfied.
bp PrimeHunter!printPrimes "j (poi(targetNumber)>0n5) '';'gc'"
Listing Breakpoints - BL
The bl command lists information about existing breakpoints.
bl [ Breakpoints ]
0 e 7c92120e 0001 (0001) 0:**** ntdll!DbgBreakPoint
Clear Breakpoints - BC
The bc command permanently removes previously set breakpoints from the system.
Disable/Enable Breakpoints –Bd and Be
Bd / Be
Specifies the ID numbers of the breakpoints to be disabled / enabled . Any number of breakpoints can be specified; multiple IDs must be separated by spaces or by commas. A range of breakpoint IDs can be specified with a hyphen. An asterisk ( * ) can be used to indicate all breakpoints.
Renumber breakpoints - Br
The br command renumbers one or more breakpoints.
br 0 2
Set a breakpoint on access - BA
The ba command sets a data breakpoint , which will be triggered when the specified memory is accessed.
ba r4 targetNumber
The size of the location, in bytes, to be monitored for access. On an x86 processor, this parameter can be 1, 2, or 4 — unless Access equals e , in which case Size must be 1. On an x64 processor, this parameter can be 1, 2, 4, or 8 — unless Access equals e , in which case Size must be 1. On an Itanium processor, this parameter can be any power of 2, from 1 to 0x80000000. There can be no space between Access and Size .
(Windows XP and later, kernel mode only, x86 only) Breaks into the debugger when the I/O port at the specified Address is accessed. i (i/o) Breaks into the debugger when the CPU writes at the specified address. w (write) Breaks into the debugger when the CPU reads or writes at the specified address. r (read/write) Breaks into the debugger when the CPU fetches an instruction from the specified address. e (execute) Action Option