Manually setting breakpoints in WinDBG

Posted by chris on Stack Overflow See other posts from Stack Overflow or by chris
Published on 2012-05-25T18:29:46Z Indexed on 2012/06/01 22:40 UTC
Read the original article Hit count: 2498

Filed under:
|
|

I am trying to examine the assembly for an executable using WinDBG, but I am having a hard time getting to it. I want to set a breakpoint at the first instruction in my program, but when I try to do that manually (using the address of the module), WinDBG tells me that it is "unable to insert breakpoint" at that location due to an "Invalid access to memory location."

I notice that when I create a breakpoint through the source code GUI, the address is not the same as the first part of my module (In my example: "Win32FileOpen", a simple program I wrote.) Is there a header of some sort that requires adding an offset to the address of my module?

In another question, I saw the suggestion: "I would attempt to calculate the breakpoint address as: Module start + code start + code offset" but was unsure where to obtain those values. Can somebody please elaborate on this?

The reason I don't just use the source GUI is that I want to be able to do this with a program that I may not have the source/symbols for.

If there is an easier way to immediately start working with the executable I open, please let me know. (e.g. Opening an .exe Olly immediately shows me the assembly for that .exe, searching for referenced strings gives me results from that module, etc. WinDBG seems to start me off in ntdll.dll, which is not usually useful for me.)

0:000> lm
start             end                 module name
00000000`00130000 00000000`0014b000   Win32FileOpen C (private pdb symbols)  C:\cfinley\code\Win32FileOpen\Debug\Win32FileOpen.pdb
00000000`73bd0000 00000000`73c2c000   wow64win   (deferred)            
00000000`73c30000 00000000`73c6f000   wow64      (deferred)            
00000000`74fe0000 00000000`74fe8000   wow64cpu   (deferred)            
00000000`77750000 00000000`778f9000   ntdll      (pdb symbols)          c:\symbols\mssymbols\ntdll.pdb\15EB43E23B12409C84E3CC7635BAF5A32\ntdll.pdb
00000000`77930000 00000000`77ab0000   ntdll32    (deferred)            
0:000> bu 00000000`00130000
0:000> bl
 0 e x86 00000000`001413a0     0001 (0001)  0:**** Win32FileOpen!main              <-- One that is generated via GUI
 1 e x86 00000000`00130000     0001 (0001)  0:**** Win32FileOpen!__ImageBase       <-- One I tried to set manually
0:000> g
Unable to insert breakpoint 1 at 00000000`00130000, Win32 error 0n998
    "Invalid access to memory location."
bp1 at 00000000`00130000 failed
WaitForEvent failed
ntdll!LdrpDoDebuggerBreak+0x31:
00000000`777fcb61 eb00            jmp     ntdll!LdrpDoDebuggerBreak+0x33 (00000000`777fcb63)

© Stack Overflow or respective owner

Related posts about WinDbg

Related posts about breakpoints