English 中文(简体)
Windbg + IDA: calculate an address in a module
原标题:

I m debugging remotely a windows XP machine. One of my drivers is loaded at address 0xb2c4c000 up to 0xb2cb9680.

Now when I open my driver in IDA, the offset I want to set a breakpoint on is at 00017619.

How can I effectively match my IDA address into windbg?

I ve tried the obvious which is to sum 0xb2c4c000 + 00017619 = 0xB2C635F7 and disassemble that address using the u command in windbg. But the results did not match the assembly in IDA.

On the side question: is there a way to cancel a command that is running in windbg? Several times I ve ran commands that took ages to process, I would like to be able to cancel them if needed. So I can keep working.

Thanks for your time.

问题回答

The recent versions of IDA Pro allow you to debug device drivers through its WinDbg debugger plugin.

Another alternative is that you can rebase your database to match the base of the loaded module and like that you have one to one mapping between idb and windbg session.

时间:2010-08-12 11:14:02

You are adding incorrectly. Since IDA assumes 10000 as Entry point correct way to add is

0xb2c4c000 + 00007619 (10000 is substracted)

时间:2014-04-08 00:57:09


上一篇:
下一篇:


相关问题
Process memory increases much faster with gflags +ust

I ve got stuck in a problem with gflags when trying to find some memory leaks in a windows app. When I turn on the ust flag (in order to collect memory allocations stack traces) the memory of my ...

时间:2009-12-02 09:17:42 回答:2 展示:1
how to use windbg find out SqlConnection.ConnectionString?

I can use "!do" to dump the SqlConnection instance but not sure how to find out its ConnectionString: 0:018> !do 2fa7730 Name: System.Data.SqlClient.SqlConnection MethodTable: 000007fef4455968 ...

时间:2009-11-28 02:34:59 回答:1 展示:1
WinDbg .for loop

I am having trouble getting the WinDbg .for command to work. I would like to dump an array of c++ structs. ?? gpTranData->mpApplCodes[0] works for a single entry but I would like to loop through ...

时间:2009-11-17 15:41:28 回答:2 展示:1
What does "Eclipsed" mean in WinDbg?

In the "Locals" window of WinDbg there are several names with the value <Eclipsed>. In some cases the same name exists multiple times which one real value and the others are shown as <...

时间:2009-11-13 08:25:44 回答:1 展示:1
Tips for debugging a made-for-linux application on windows?

I m trying to find the source of a bug I have found in an open-source application. I have managed to get a build up and running on my Windows machine, but I m having trouble finding the spot in the ...

时间:2009-11-13 04:02:50 回答:4 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全