Hi, All !
I’m using WinDbg 3.0.0020.0. I have break point (INT 3) in very frequently
called callback. Is there any way how to easy clear this intruction ?
(Basically, I need change 0xCC (int3) to 0x90 (nop)). If you don’t
understand me, something as “ZAP” command known from SoftICE is what I
need…
Thank you…
S. Kolar (xxxxx@tinysoftware.cz)
You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Hello,
“Stanislav Kolar” wrote:
>I’m using WinDbg 3.0.0020.0. I have break point (INT 3) in very frequently
>called callback. Is there any way how to easy clear this intruction ?
>(Basically, I need change 0xCC (int3) to 0x90 (nop)). If you don’t
have you tried the “EB” command?
EB address 90
Alternatively, you can open a dump of this particular address and
change the value in the dump.
HTH,
Spiro.
—
You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Thank you - I tried EB command and works well…
But I think the “ZAP” command is more operative - when debugger stops on
breakpoint, I must type “ZAP” only…
Isn’t it good idea to have it in some next version of WinDbg ?
S. Kolar (xxxxx@tinysoftware.cz)
----- Original Message -----
From: “Spiro Trikaliotis”
To: “Kernel Debugging Interest List”
Sent: Tuesday, November 13, 2001 5:01 PM
Subject: [windbg] Re: INT 3
> Hello,
>
> “Stanislav Kolar” wrote:
>
> >I’m using WinDbg 3.0.0020.0. I have break point (INT 3) in very
frequently
> >called callback. Is there any way how to easy clear this intruction ?
> >(Basically, I need change 0xCC (int3) to 0x90 (nop)). If you don’t
>
> have you tried the “EB” command?
>
> EB address 90
>
> Alternatively, you can open a dump of this particular address and
> change the value in the dump.
>
> HTH,
> Spiro.
>
>
> —
> You are currently subscribed to windbg as: xxxxx@tinysoftware.cz
> To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
—
You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You should be able to write a macro, most debuggers let you do that.
The command is eb eip-1 90. So make a zap macro that does this command,
and you are all set.
Toly
-----Original Message-----
From: Stanislav Kolar [mailto:xxxxx@tinysoftware.cz]
Sent: Tuesday, November 13, 2001 8:13
To: Kernel Debugging Interest List
Subject: [windbg] Re: INT 3
Thank you - I tried EB command and works well…
But I think the “ZAP” command is more operative - when debugger stops on
breakpoint, I must type “ZAP” only…
Isn’t it good idea to have it in some next version of WinDbg ?
S. Kolar (xxxxx@tinysoftware.cz)
----- Original Message -----
From: “Spiro Trikaliotis”
To: “Kernel Debugging Interest List”
Sent: Tuesday, November 13, 2001 5:01 PM
Subject: [windbg] Re: INT 3
> Hello,
>
> “Stanislav Kolar” wrote:
>
> >I’m using WinDbg 3.0.0020.0. I have break point (INT 3) in very
frequently
> >called callback. Is there any way how to easy clear this intruction ?
> >(Basically, I need change 0xCC (int3) to 0x90 (nop)). If you don’t
>
> have you tried the “EB” command?
>
> EB address 90
>
> Alternatively, you can open a dump of this particular address and
> change the value in the dump.
>
> HTH,
> Spiro.
>
>
> —
> You are currently subscribed to windbg as: xxxxx@tinysoftware.cz
> To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
—
You are currently subscribed to windbg as: xxxxx@nmwco.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
—
You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Check out the section on aliases in the docs to turn how to make
“marcos” in the debugger.
-----Original Message-----
From: Toly Menn [mailto:xxxxx@nmwco.com]
Sent: Tuesday, November 13, 2001 11:50 AM
To: Kernel Debugging Interest List
Subject: [windbg] Re: INT 3
You should be able to write a macro, most debuggers let you do that.
The command is eb eip-1 90. So make a zap macro that does this command,
and you are all set.
Toly
-----Original Message-----
From: Stanislav Kolar [mailto:xxxxx@tinysoftware.cz]
Sent: Tuesday, November 13, 2001 8:13
To: Kernel Debugging Interest List
Subject: [windbg] Re: INT 3
Thank you - I tried EB command and works well…
But I think the “ZAP” command is more operative - when debugger stops on
breakpoint, I must type “ZAP” only…
Isn’t it good idea to have it in some next version of WinDbg ?
S. Kolar (xxxxx@tinysoftware.cz)
----- Original Message -----
From: “Spiro Trikaliotis”
To: “Kernel Debugging Interest List”
Sent: Tuesday, November 13, 2001 5:01 PM
Subject: [windbg] Re: INT 3
> Hello,
>
> “Stanislav Kolar” wrote:
>
> >I’m using WinDbg 3.0.0020.0. I have break point (INT 3) in very
frequently
> >called callback. Is there any way how to easy clear this intruction ?
> >(Basically, I need change 0xCC (int3) to 0x90 (nop)). If you don’t
>
> have you tried the “EB” command?
>
> EB address 90
>
> Alternatively, you can open a dump of this particular address and
> change the value in the dump.
>
> HTH,
> Spiro.
>
>
> —
> You are currently subscribed to windbg as: xxxxx@tinysoftware.cz
> To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
—
You are currently subscribed to windbg as: xxxxx@nmwco.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
—
You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
—
You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
isn’t there something like the good old softice “i3here on/off” command,
that allows to temporarily enable or disable catching an int 3?
carsten
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Nathan Nesbit
Sent: Dienstag, 13. November 2001 22:47
To: Kernel Debugging Interest List
Subject: [windbg] Re: INT 3
Check out the section on aliases in the docs to turn how to make
“marcos” in the debugger.
-----Original Message-----
From: Toly Menn [mailto:xxxxx@nmwco.com]
Sent: Tuesday, November 13, 2001 11:50 AM
To: Kernel Debugging Interest List
Subject: [windbg] Re: INT 3
You should be able to write a macro, most debuggers let you do that.
The command is eb eip-1 90. So make a zap macro that does
this command,
and you are all set.
Toly
-----Original Message-----
From: Stanislav Kolar [mailto:xxxxx@tinysoftware.cz]
Sent: Tuesday, November 13, 2001 8:13
To: Kernel Debugging Interest List
Subject: [windbg] Re: INT 3
Thank you - I tried EB command and works well…
But I think the “ZAP” command is more operative - when
debugger stops on
breakpoint, I must type “ZAP” only…
Isn’t it good idea to have it in some next version of WinDbg ?
S. Kolar (xxxxx@tinysoftware.cz)
----- Original Message -----
From: “Spiro Trikaliotis”
> To: “Kernel Debugging Interest List”
> Sent: Tuesday, November 13, 2001 5:01 PM
> Subject: [windbg] Re: INT 3
>
>
> > Hello,
> >
> > “Stanislav Kolar” wrote:
> >
> > >I’m using WinDbg 3.0.0020.0. I have break point (INT 3) in very
> frequently
> > >called callback. Is there any way how to easy clear this
> intruction ?
> > >(Basically, I need change 0xCC (int3) to 0x90 (nop)). If you don’t
> >
> > have you tried the “EB” command?
> >
> > EB address 90
> >
> > Alternatively, you can open a dump of this particular address and
> > change the value in the dump.
> >
> > HTH,
> > Spiro.
> >
> >
> > —
> > You are currently subscribed to windbg as: xxxxx@tinysoftware.cz
> > To unsubscribe send a blank email to
> leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to windbg as: xxxxx@nmwco.com
> To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> —
> You are currently subscribed to windbg as: xxxxx@microsoft.com
> To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> —
> You are currently subscribed to windbg as: xxxxx@cityweb.de
> To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
—
You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
I3HERE ON/OFF isn’t too good on WinNT 
(When you have int 3 somewhere in your driver, and you switch i3here to off,
int 3 exception will be routed by SoftICE to original INT 3 handler in
ntoskrnl, which causes BSOD 
S. Kolar (xxxxx@tinysoftware.cz)
----- Original Message -----
From: “carsten schulz”
To: “Kernel Debugging Interest List”
Sent: Wednesday, November 14, 2001 12:04 PM
Subject: [windbg] Re: INT 3
> isn’t there something like the good old softice “i3here on/off” command,
> that allows to temporarily enable or disable catching an int 3?
>
> carsten
>
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Nathan Nesbit
> > Sent: Dienstag, 13. November 2001 22:47
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Re: INT 3
> >
> >
> > Check out the section on aliases in the docs to turn how to make
> > “marcos” in the debugger.
> >
> > -----Original Message-----
> > From: Toly Menn [mailto:xxxxx@nmwco.com]
> > Sent: Tuesday, November 13, 2001 11:50 AM
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Re: INT 3
> >
> > You should be able to write a macro, most debuggers let you do that.
> > The command is eb eip-1 90. So make a zap macro that does
> > this command,
> > and you are all set.
> >
> > Toly
> >
> > -----Original Message-----
> > From: Stanislav Kolar [mailto:xxxxx@tinysoftware.cz]
> > Sent: Tuesday, November 13, 2001 8:13
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Re: INT 3
> >
> > Thank you - I tried EB command and works well…
> > But I think the “ZAP” command is more operative - when
> > debugger stops on
> > breakpoint, I must type “ZAP” only…
> >
> > Isn’t it good idea to have it in some next version of WinDbg ?
> >
> > S. Kolar (xxxxx@tinysoftware.cz)
> > ----- Original Message -----
> > From: “Spiro Trikaliotis”
> > To: “Kernel Debugging Interest List”
> > Sent: Tuesday, November 13, 2001 5:01 PM
> > Subject: [windbg] Re: INT 3
> >
> >
> > > Hello,
> > >
> > > “Stanislav Kolar” wrote:
> > >
> > > >I’m using WinDbg 3.0.0020.0. I have break point (INT 3) in very
> > frequently
> > > >called callback. Is there any way how to easy clear this
> > intruction ?
> > > >(Basically, I need change 0xCC (int3) to 0x90 (nop)). If you don’t
> > >
> > > have you tried the “EB” command?
> > >
> > > EB address 90
> > >
> > > Alternatively, you can open a dump of this particular address and
> > > change the value in the dump.
> > >
> > > HTH,
> > > Spiro.
> > >
> > >
> > > —
> > > You are currently subscribed to windbg as: xxxxx@tinysoftware.cz
> > > To unsubscribe send a blank email to
> > leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> > >
> >
> >
> >
> > —
> > You are currently subscribed to windbg as: xxxxx@nmwco.com
> > To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
> > —
> > You are currently subscribed to windbg as: xxxxx@microsoft.com
> > To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
> > —
> > You are currently subscribed to windbg as: xxxxx@cityweb.de
> > To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
>
>
> —
> You are currently subscribed to windbg as: xxxxx@tinysoftware.cz
> To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
—
You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Check out the docs on the “sx” command which allow you to specify how
exceptions and events are handled. You can change it so the debugger
automaticly handles the break and tells the machine to continue.
-----Original Message-----
From: Stanislav Kolar [mailto:xxxxx@tinysoftware.cz]
Sent: Wednesday, November 14, 2001 4:01 AM
To: Kernel Debugging Interest List
Subject: [windbg] Re: INT 3
I3HERE ON/OFF isn’t too good on WinNT
(When you have int 3 somewhere in your driver, and you switch i3here to
off,
int 3 exception will be routed by SoftICE to original INT 3 handler in
ntoskrnl, which causes BSOD
S. Kolar (xxxxx@tinysoftware.cz)
----- Original Message -----
From: “carsten schulz”
To: “Kernel Debugging Interest List”
Sent: Wednesday, November 14, 2001 12:04 PM
Subject: [windbg] Re: INT 3
> isn’t there something like the good old softice “i3here on/off”
command,
> that allows to temporarily enable or disable catching an int 3?
>
> carsten
>
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Nathan Nesbit
> > Sent: Dienstag, 13. November 2001 22:47
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Re: INT 3
> >
> >
> > Check out the section on aliases in the docs to turn how to make
> > “marcos” in the debugger.
> >
> > -----Original Message-----
> > From: Toly Menn [mailto:xxxxx@nmwco.com]
> > Sent: Tuesday, November 13, 2001 11:50 AM
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Re: INT 3
> >
> > You should be able to write a macro, most debuggers let you do that.
> > The command is eb eip-1 90. So make a zap macro that does
> > this command,
> > and you are all set.
> >
> > Toly
> >
> > -----Original Message-----
> > From: Stanislav Kolar [mailto:xxxxx@tinysoftware.cz]
> > Sent: Tuesday, November 13, 2001 8:13
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Re: INT 3
> >
> > Thank you - I tried EB command and works well…
> > But I think the “ZAP” command is more operative - when
> > debugger stops on
> > breakpoint, I must type “ZAP” only…
> >
> > Isn’t it good idea to have it in some next version of WinDbg ?
> >
> > S. Kolar (xxxxx@tinysoftware.cz)
> > ----- Original Message -----
> > From: “Spiro Trikaliotis”
> > To: “Kernel Debugging Interest List”
> > Sent: Tuesday, November 13, 2001 5:01 PM
> > Subject: [windbg] Re: INT 3
> >
> >
> > > Hello,
> > >
> > > “Stanislav Kolar” wrote:
> > >
> > > >I’m using WinDbg 3.0.0020.0. I have break point (INT 3) in very
> > frequently
> > > >called callback. Is there any way how to easy clear this
> > intruction ?
> > > >(Basically, I need change 0xCC (int3) to 0x90 (nop)). If you
don’t
> > >
> > > have you tried the “EB” command?
> > >
> > > EB address 90
> > >
> > > Alternatively, you can open a dump of this particular address and
> > > change the value in the dump.
> > >
> > > HTH,
> > > Spiro.
> > >
> > >
> > > —
> > > You are currently subscribed to windbg as: xxxxx@tinysoftware.cz
> > > To unsubscribe send a blank email to
> > leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> > >
> >
> >
> >
> > —
> > You are currently subscribed to windbg as: xxxxx@nmwco.com
> > To unsubscribe send a blank email to
leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
> > —
> > You are currently subscribed to windbg as: xxxxx@microsoft.com
> > To unsubscribe send a blank email to
leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
> > —
> > You are currently subscribed to windbg as: xxxxx@cityweb.de
> > To unsubscribe send a blank email to
leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
>
>
> —
> You are currently subscribed to windbg as: xxxxx@tinysoftware.cz
> To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
—
You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
—
You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com