conditionally break on $sicmp return value
Marc Sherman
Is it possible to set a conditional breakpoint based on a string value?
I found the $sicmp operator but I only seem to be able to use it with
string literals. Is it possible to substitute an address? For example,
bp <address> "j (0 = $sicmp(poi(esp+0x4), "hello")) ''; 'g'"
is what I'm trying to do but the above fails with a syntax error.
thanks,
Marc
![Jason Shay [MSFT]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Jason Shay [MSFT]
strings from memory into aliases via 'as', after which you can use string
comparisons on the results.
--
Jason Shay [MSFT]
js...@online.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Marc Sherman" <mshe...@go-eol.com> wrote in message
news:1104790318.9...@c13g2000cwb.googlegroups.com...
Pavel Lebedinsky
and using it in an expression requires two separate commands.
This seems to work for me:
0:000> bp kernel32!CreateEventW "$$< c:\\commands.txt"
// commands.txt
.if (poi(@esp+10) != 0) { as /mu EventName poi(@esp+10) }
.if ($spat("${EventName}", "Global*") == 0) { ad /q *; g } .else { ad /q
* }
This will break if the event name passed to CreateEventW
begins with "Global".
"Jason Shay [MSFT]" wrote:
> The string comparison functions only work with literals. You can read
> strings from memory into aliases via 'as', after which you can use string
> comparisons on the results.
>
Pavel Lebedinsky
used here to avoid problems with EventName literal being
replaced by the alias value, so here's a version that does
the same thing but doesn't delete all custom aliases on
each step:
0:000> bp kernel32!CreateEventW "$$< c:\\commands.txt"
// commands.txt
// watch for line wraps - the script below contains two lines
// each beginning with a .if statement
.if (poi(@esp+10) != 0) { as /mu ${/v:EventName} poi(@esp+10) } .else { ad
/q ${/v:EventName} }
.if ($spat("${EventName}", "Global*") == 0) { g } .else { .echo EventName }
Marc Sherman
so I have a few questions:
1. If ${/v:EventName) is not used, then "ad /q EventName" would
erroneously expand to "ad /q poi(@esp+10)". Is that correct?
2. Does $spat know that it's second argument should be interpreted as a
null terminated unicode string (since the EventName alias was defined
with /mu)?
thanks,
Marc
Pavel Lebedinsky
> 1. If ${/v:EventName) is not used, then "ad /q EventName" would
> erroneously expand to "ad /q poi(@esp+10)". Is that correct?
I think it would actually expand to the value of the alias (the name
of the event in this case) as it was before the current command
started executing (so on the first iteration EventName would not
be expanded at all, but on the second it would be replaced by
the value set during the previous iteration).
Normally you don't see these problems when using aliases because
the "as" and "ad" commands are special cased - if a command
starts with these characters then alias expansion is not
performed. So for example this works fine:
0:000> as name value
0:000> as name value
0:000> al
Alias Value
------- -------
name value
But this doesn't:
0:000> ad *
0:000> .if(1) { as name value }
0:000> .if(1) { as name value }
0:000> al
Alias Value
------- -------
name value
value value
All this is a bit confusing but the docs seem to accurately describe
how it works.
> 2. Does $spat know that it's second argument should be interpreted as a
> null terminated unicode string (since the EventName alias was defined
> with /mu)?
Most likely all strings are internally converted to Unicode but
I don't really know. Somebody from the WinDbg team might
be able to answer this.
Marc Sherman
Marc