How can I remove breakpoint ntdll!DbgBreakPoint+0x

2019-07-01 20:02发布

站内问答 / 后端开发
433 1 4

I'm debugging a program that's crashing with WinDbg set as my post-mortem debugger. I have set a breakpoint at address 77f7f571. When it's triggered, I used to get the following:

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\System32\ntdll.dll - 
ntdll!DbgBreakPoint+0x1:

Then I followed the instructions from http://www.osronline.com/ShowThread.cfm?link=178221, and now I just get 

ntdll!DbgBreakPoint+0x1:

I'd like to remove this breakpoint, but I can't get it to list or delete. There's no output for bl, nor for bc or bd:

0:002> bl 
0:002> bc * 
0:002> bd *

标签: windbg
举报
1条回答
对你真心纯属浪费
2楼-- · 2019-07-01 20:23

This is not a line based breakpoint but looks like a manual call to DebugBreak() like in the following program:

#include "stdafx.h"
#include "windows.h"    
int _tmain()
{
    DebugBreak();
    return 0;
}

Internally, the method will throw an exception. To control whether WinDbg stops due to the exception, use sxe bpe to stop and sxi bpe to ignore the exception.

To try this, compile above application and run it under WinDbg (Ctrl+E). At the inital breakpoint, take over the control:

(1c2c.6a8): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=779d0000 edx=0020e218 esi=fffffffe edi=00000000
eip=773e12fb esp=0038f9e8 ebp=0038fa14 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2c:
773e12fb cc              int     3

0:000> sxe bpe; g
(1c2c.6a8): Break instruction exception - code 80000003 (first chance)
*** WARNING: Unable to verify checksum for DebugBreak.exe
eax=cccccccc ebx=7efde000 ecx=00000000 edx=00000001 esi=0038fd44 edi=0038fe10
eip=74d5322c esp=0038fd40 ebp=0038fe10 iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000206
KERNELBASE!DebugBreak+0x2:
74d5322c cc              int     3

0:000> g
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=77442100 edi=774420c0
eip=7735fd02 esp=0038fd78 ebp=0038fd94 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!ZwTerminateProcess+0x12:
7735fd02 83c404          add     esp,4

After this experiment, type .restart. Then repeat the experiment with sxi bpe:

(109c.1c1c): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=be9e0000 edx=0009e028 esi=fffffffe edi=00000000
eip=773e12fb esp=002ff890 ebp=002ff8bc iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2c:
773e12fb cc              int     3

0:000> sxi bpe; g
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=77442100 edi=774420c0
eip=7735fd02 esp=002ffc20 ebp=002ffc3c iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!ZwTerminateProcess+0x12:
7735fd02 83c404          add     esp,4

As you can see, WinDbg did not stop at KERNELBASE!DebugBreak+0x2 due to the exception any more.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)