我正在调试没有源的应用程序,我使用IDA PRO + Windbg作为调试器。我trting赶上调用CloseHandle与特定的句柄值,例如手柄= 0x14的Windbg条件断点忽略条件本身
我把一个条件断点,像这样:
bp kernel32!CloseHandle "j (poi(@esp+4)=0x00000014) ''; 'gc'"
断点通常设置,但它打破上每次调用CloseHandle,相反的是我想要,如果第一个参数等于0x14
只有打破你有失踪=条件等于运营商需要2 ==没有单=
0:000> bp kernel32!CloseHandle ".if(poi(@esp+4)!=0xcc) {? dwo(@esp+4);gc}.else{? dwo(@esp+4);.echo our handle;gc}"
0:000> g
Evaluate expression: 60 = 0000003c
Evaluate expression: 56 = 00000038
Evaluate expression: 204 = 000000cc <------
our handle <-------------
Evaluate expression: 200 = 000000c8
Evaluate expression: 256 = 00000100
Evaluate expression: 272 = 00000110
Evaluate expression: 280 = 00000118
Evaluate expression: 308 = 00000134
Evaluate expression: 312 = 00000138
Evaluate expression: 308 = 00000134
Evaluate expression: 324 = 00000144
Evaluate expression: 328 = 00000148
Evaluate expression: 324 = 00000144
你需要一个条件平等==不是一个单一= – blabb