Breakpoint type:
Breakpoints that are controlled by the processor at the request of the debugger are known as processor breakpoints or data breakpoints. Breakpoints that are controlled directly by the debugger are known as software breakpoints.
The bp, bu, and bm commands set one or more software breakpoints. You can combine locations, conditions, and options to set different kinds of software breakpoints.
There are three primary differences between bp breakpoints and bu breakpoints:
- A bp breakpoint location is always converted to an address. If a module change moves the code at which a bp breakpoint was set, the breakpoint remains at the same address. On the other hand, a bu breakpoint remains associated with the symbolic value (typically a symbol plus an offset) that was used, and it tracks this symbolic location even if its address changes.
- If a bp breakpoint address is found in a loaded module, and if that module is later unloaded, the breakpoint is removed from the breakpoint list. On the other hand, bubreakpoints persist after repeated unloads and loads.
- Breakpoints that you set with bp are not saved in WinDbg workspaces. Breakpoints that are set with bu are saved in workspaces.
The bm command is useful when you want to use wildcard characters in the symbol pattern for a breakpoint. The bm SymbolPattern syntax is equivalent to using xSymbolPattern and then using bu on each result. For example, to set breakpoints on all of the symbols in the Myprogram module that begin with the string "mem," use the following command. It will need private symbol to perform bu command.
0:000> bm myprogram!mem*
4: 0040d070 MyProgram!memcpy
5: 0040c560 MyProgram!memmove
6: 00408960 MyProgram!memset
4: 0040d070 MyProgram!memcpy
5: 0040c560 MyProgram!memmove
6: 00408960 MyProgram!memset
The bp, bu, and bm commands set software breakpoints by replacing the processor instruction with a break instruction. To debug read-only code or code that cannot be changed, use a ba e command, where e represents execute-only access.
The bc command permanently removes previously set breakpoints from the system.
The bd command disables, but does not delete, previously set breakpoints.
The be command restores one or more breakpoints that were previously disabled.
The bd command disables, but does not delete, previously set breakpoints.
The be command restores one or more breakpoints that were previously disabled.
1. Creates a "one-shot" breakpoint. After this breakpoint is triggered, it is deleted from the breakpoint list.
2. Specifies the number of the execution pass that the breakpoint is activated on.
bp <address> Passes
3. It is possible to specify a data address rather than a program address when using the bp or bm /a commands. if you are certain that the memory stored in that location will be used as executable code and not as program data. Otherwise, you should use the ba (Break on Access) command instead. For more details, see Processor Breakpoints (ba Breakpoints).
沒有留言:
張貼留言