问题
I want to put a conditional breakpoint in windbg.
For example lets say LoadLibrary API.
How can I put breakpoint such that it should it whenever user32.dll get loaded.
> x kernel32!LoadLibraryW
It will give some address [XXXX]
Now I can put breakpoint as
> bu [XXXX]
but this will hit for all calls to LoadLibraryW.
Any suggestions.
回答1:
you can not set a conditional breakpoint on a user32.dll since it's being mapped into the address space relatively early and the initial debugger's breakpoint triggers after that (as far as i know).
provided you can track the moment user32.dll is loaded, you can override a module break like this:
sxe ld user32.dll
what you could do is have your app get started by a boostrapper application and then have windows debugger break on user32.dll load. just use -o command-line option or .childdbg 1 extension call to initiate debugging of child processes and have it started with cmd.exe, for instance:
windbg -c "sxe ld user32.dll;g" -o cmd.exe /C yourapp.exe
回答2:
I am a little confused by the text and header in your question. But assuming you want to set a conditional breakpoint you should take a look at the documentation cause it goes into plenty of detail on that subject.
来源:https://stackoverflow.com/questions/1366051/windbg-setting-conditional-breakpoint