Reputation: 39
Ignore some locations in Windbg Conditional breakpoints
I'm trying to set a conditional hardware breakpoint on Windows Kernel-Mode in Windbg by using the following syntax :
ba w1 ffff802312345678 "j(@rip==ffff802387654321 || @rip==ffff802387654330) 'gc';''"
I used the above command in order to ignore every access to my target location (ffff802312345678) from ffff802387654321 or ffff802387654330, so everytime access from somewhere else is taken, then I would be notified.
But the problem is, it still breaks on ffff802387654321 or ffff802387654330 among the other locations.
I also read it's official documents about "Conditional Breakpoints and Register Sign Extension" and also test something like this:
ba w1 ffff802312345678 "j((@rip & 0xffffffffffffffff)=ffff802387654321 || (@rip & 0xffffffffffffffff)=ffff802387654330) 'gc';''"
But it still won't work.
So my question is:
- What's wrong with the above command and how can I achieve the desired result ?
Upvotes: 2
Views: 154
Answers (1)
Reputation: 59633
There is no || MASM operator. It's or.
Use
ba w1 ffff802312345678 "j(@rip==ffff802387654321 or @rip==ffff802387654330) 'gc';''"
I have not reproduced your exact case, but a simpler example:
0:000> r rip
rip=0000000076db6fb0
0:000> j (@rip==0000000076db6fb0 || @rip==0) '.echo 5';'.echo 6"
Numeric expression missing from '| @rip==0) '.echo 5';'.echo 6"'
0:000> j (@rip==0000000076db6fb0 or @rip==0) '.echo 5';'.echo 6"
5
Upvotes: 1
Related Questions
- Windbg: add multiple unresolved breakpoints
- WinDbg conditional breakpoint after .NET GC
- conditional breakpoint does not work in windbg
- How to set conditional breakpoint for parameter value in Windbg
- WinDBG Conditional Breakpoint on NtCreateFile
- Windbg conditional breakpoints ignore condition itself
- Is there way to tell WinDbg to ignore program breakpoints?
- How to set conditional breakpoin based on parameter value using windbg
- Windbg Set Conditional Breakpoints that depends on Call Stack
- windbg setting conditional breakpoint