我正在調試沒有源的應用程序,我使用IDA PRO + Windbg作爲調試器。我trting趕上調用CloseHandle與特定的句柄值,例如手柄= 0x14的Windbg條件斷點忽略條件本身
我把一個條件斷點,像這樣:
bp kernel32!CloseHandle "j (poi(@esp+4)=0x00000014) ''; 'gc'"
斷點通常設置,但它打破上每次調用CloseHandle,相反的是我想要,如果第一個參數等於0x14
只有打破你有失蹤=條件等於運營商需要2 ==沒有單=
0:000> bp kernel32!CloseHandle ".if(poi(@esp+4)!=0xcc) {? dwo(@esp+4);gc}.else{? dwo(@esp+4);.echo our handle;gc}"
0:000> g
Evaluate expression: 60 = 0000003c
Evaluate expression: 56 = 00000038
Evaluate expression: 204 = 000000cc <------
our handle <-------------
Evaluate expression: 200 = 000000c8
Evaluate expression: 256 = 00000100
Evaluate expression: 272 = 00000110
Evaluate expression: 280 = 00000118
Evaluate expression: 308 = 00000134
Evaluate expression: 312 = 00000138
Evaluate expression: 308 = 00000134
Evaluate expression: 324 = 00000144
Evaluate expression: 328 = 00000148
Evaluate expression: 324 = 00000144
你需要一個條件平等==不是一個單一= – blabb