Using Conditional Break Point in WinDBG

In this article, I want to discuss one of the usage of WinDBG conditional break-point.

In one of the executable (ie. no source code) debugging session, I already determine the specific WndProc to be examined. Below is the part of the sample WndProc to be examined :

;;Some WndProc to be examined
push ebp
mov ebp, esp
sub esp, 0000034C
mov eax, dword[ebp+0C] ;;uMsg (WM windows message)
mov ecx, dword[ebp+10]
mov edx, dword[ebp+14]
push ebx
push edi
mov edi, dword[ebp+08] ;;hWnd
xor ebx, ebx

The first thing that I tried is to register the breakpoint at the start of the routine (i.e. the push ebp command). But as soon as I activate the program using g command, the debugger immediately activated.

Because this is the executable only debugging, the problem is that, I want to locate specific command in this routine that handle the interaction with the user, such as when the user perform the mouse click.

The windows message is stored in eax register for further processing, via memory of ebp+0c (second parameter), the usual parameter given by windows OS to the WndProc created by application.

So, it would be nice if I can activate the break point when the user perform only when eax register contains specific value (i.e. specific WM command of interest).

In this case, I want to locate routine that handles the mouse left click by the user.

The WM command for mouse left click is defined in winuser.h as :

#define WM_LBUTTONDOWN 0x0201

So, the problem goes down to this :

I want the WinDBG breaks at specific point only when eax register is 0x201. This is when the conditional breakpoint become extremely useful. To resolve the above problem, I can write the conditional breakpoint as follows :

bp [address] “j @eax = 0x201 ”;’gc'”

Using this command, after executing g command, the application will continue un-interrupted until the user clicks certain object in active window. This will cause the WinDbg to break, and I can examine further to locate specific routine that handles this Windows Message.

Advertisements

4 Responses to “Using Conditional Break Point in WinDBG”

  1. Vilma Says:

    I used to be able to find good info from your content. Vilma, http:
    //www.jokotv.com/profile-13496/info/

  2. read make money online Says:

    Hmm it seems like your website ate my first comment (it was super long) so I guess I’ll just sum
    it up what I wrote and say, I’m thoroughly enjoying your blog.
    I too am an aspiring blog blogger but I’m still new to everything.
    Do you have any tips for first-time blog writers? I’d certainly appreciate it.

  3. arcane legends hack Says:

    Thanks on your marvelous posting! I truly enjoyed reading it, you will be a great author.I will ensure that I bookmark your blog and will come back at some point.
    I want to encourage that you continue your great posts, have a nice day!

  4. Tractari Says:

    Apreciez felul tau de a prezenta informatiile.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: