Created
July 12, 2018 14:11
-
-
Save neitsa/8fb0f02ae084cf3012f4923763b18ebb to your computer and use it in GitHub Desktop.
Windbg j command ; C++ expression evaluation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Microsoft (R) Windows Debugger Version 10.0.16299.15 AMD64 | |
| Copyright (c) Microsoft Corporation. All rights reserved. | |
| CommandLine: C:\temp\testConsole\ConsoleApplication1\Release\ConsoleApplication1.exe world | |
| ************* Path validation summary ************** | |
| Response Time (ms) Location | |
| Deferred srv*g:\Symbols*https://msdl.microsoft.com/download/symbols | |
| Symbol search path is: srv*g:\Symbols*https://msdl.microsoft.com/download/symbols | |
| Executable search path is: | |
| ModLoad: 00000000`00d50000 00000000`00d58000 ConsoleApplication1.exe | |
| ModLoad: 00007fff`75830000 00007fff`75a11000 ntdll.dll | |
| ModLoad: 00000000`77a80000 00000000`77c10000 ntdll.dll | |
| ModLoad: 00000000`77a10000 00000000`77a62000 C:\WINDOWS\System32\wow64.dll | |
| ModLoad: 00000000`77990000 00000000`77a08000 C:\WINDOWS\System32\wow64win.dll | |
| (64ec.fbc): Break instruction exception - code 80000003 (first chance) | |
| ntdll!LdrpDoDebuggerBreak+0x30: | |
| 00007fff`758fce5c cc int 3 | |
| 0:000> .reload /f | |
| Reloading current modules | |
| .*** WARNING: Unable to verify checksum for ConsoleApplication1.exe | |
| .... | |
| 0:000> bp ConsoleApplication1!SayHello | |
| 0:000> bl | |
| 0 e Disable Clear x86 00000000`00d51420 0001 (0001) 0:**** ConsoleApplication1!SayHello | |
| 0:000> g | |
| ModLoad: 00000000`00620000 00000000`006d2000 WOW64_IMAGE_SECTION | |
| ModLoad: 00000000`74890000 00000000`74970000 WOW64_IMAGE_SECTION | |
| ModLoad: 00000000`00620000 00000000`007b0000 WOW64_IMAGE_SECTION | |
| ModLoad: 00000000`77a70000 00000000`77a7a000 C:\WINDOWS\System32\wow64cpu.dll | |
| ModLoad: 00000000`74890000 00000000`74970000 C:\WINDOWS\SysWOW64\KERNEL32.DLL | |
| ModLoad: 00000000`74620000 00000000`74804000 C:\WINDOWS\SysWOW64\KERNELBASE.dll | |
| ModLoad: 00000000`76a30000 00000000`76b4e000 C:\WINDOWS\SysWOW64\ucrtbase.dll | |
| ModLoad: 00000000`5bbb0000 00000000`5bbc4000 C:\WINDOWS\SysWOW64\VCRUNTIME140.dll | |
| (64ec.fbc): WOW64 breakpoint - code 4000001f (first chance) | |
| First chance exceptions are reported before any exception handling. | |
| This exception may be expected and handled. | |
| ntdll_77a80000!LdrpDoDebuggerBreak+0x2b: | |
| 77b28079 cc int 3 | |
| 0:000:x86> g | |
| Breakpoint 0 hit | |
| ConsoleApplication1!SayHello: | |
| 00d51420 55 push ebp | |
| 0:000:x86> t | |
| ConsoleApplication1!SayHello+0x2b: | |
| 00d5144b 51 push ecx | |
| 0:000:x86> r | |
| eax=004ffb48 ebx=003a5000 ecx=00637efc edx=11f73043 esi=76b3f0b0 edi=00637ea8 | |
| eip=00d5144b esp=004ffb20 ebp=004ffb54 iopl=0 nv up ei ng nz na po nc | |
| cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000282 | |
| ConsoleApplication1!SayHello+0x2b: | |
| 00d5144b 51 push ecx | |
| 0:000:x86> j (@@c++(@eip==0x00d5144b || @eip==0)) '.echo 5';'.echo 6' | |
| 5 | |
| 0:000:x86> .expr /s c++ | |
| Current expression evaluator: C++ - C++ source expressions | |
| 0:000:x86> j (@eip==0x00d5144b || @eip==0) '.echo 5';'.echo 6' | |
| 5 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment