try making an alias for that ?? wchar whatever
like
t $t0 = as /ma or /mu {/v:whatever} this->whatever
try evaluating it independently before putting inside script with
? whatever
it should return the expected result
btw i find $ spat a bit more friendlier than $scmp scmp i think is case
sensitive
so i would suggest tyring
$spat( {foo} “*blah*”} == 0 {gc} ; .echo “eureka”
i earlier made a post but i cant retrieve it now in the forum 
ill paste the content here
Julian:
The only thing I know about conditional breakpoints is that I try to avoid
them because the syntax is just painful. Raj_r posted this a while back,
and I can’t seem to find it online, so here it is again (below). I don’t
recall the specifics, but I think it’s similar to what you’re looking for.
If not, my apologies, but this is as close as I’m willing to get to
anything involving WinDbg’s peculiar syntax.
Good luck,
mm
On 3/16/08, Martin O’Brien wrote:
> > I get where you’re headed, and it’s a good idea, but you lost me with
> > “$spat?” What is that?
you cant find it in index of help file isnt it welcome to arcane
pseudo whatever and even more arcane documentation
here it is quoted verbatim from help file doing a raw search
$spat(“String”, “Pattern”) Evaluates to TRUE or FALSE depending on
whether String matches Pattern. Pattern can contain a variety of
wildcard characters and specifiers. For more information about the
syntax, see String Wildcard Syntax.
here is the url for the page in windbg version 6.8.4.0
mk:@MSITStore:F:\misc<br>debugger.chm::/hh/Debugger/r13_syntax_eac65e6b-f13f-4fcb-8973-e64ba0ac8865.xml.htm
one more occurance can be located here
The $scmp, $sicmp, and $spat string operators in MASM syntax are
particularly useful. For more information about these operators, see
MASM Numbers and Operators.
whose url is
mk:@MSITStore
:F:\misc\debugger.chm::/hh/Debugger/r05_use_start_262edb22-df18-4102-a408-04f482aaac86.xml.htm
anyway this is how it is supposed to work
create a text file arbitrarily named spat.txt and put the following
contents in that file
0:002> .shell type spat.txt
==============================================
as /ma ${/v:foo} poi(esp+4);
j ( $spat( “${foo}”, “chm” ) == 0 ) gc ; da poi(esp+4)
=============================================
…shell: Process exited
run calc.exe in windbg
set a bp on kernel32!CreateFileA like this
0:006> bl
0 e 77e7b476 0001 (0001) 0: **** kernel32!CreateFileA "$<spat.txt>
and run the debugee with g
when its runnnig open help->help topics
and you will see windbg stopping on all chm file loads like below
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: c:\windows\system32\calc.exe
Symbol search path is:
SRVF:\misc\symbolshttp://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 01000000 0101f000 calc.exe
ModLoad: 77f50000 77ff7000 ntdll.dll
----------------snipped further modloads for brevity----------------------
(2ac.474): Break instruction exception - code 80000003 (first chance)
eax=00191eb4 ebx=7ffdf000 ecx=00000002 edx=77f6eb04 esi=00191eb4
edi=00191f48
eip=77f767cd esp=0006fb38 ebp=0006fc2c iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202
ntdll!DbgBreakPoint:
77f767cd cc int 3
0:000> rm 0
0:000> bp kernel32!CreateFileA "$<spat.txt>0:000> g
ModLoad: 71950000 71a34000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
----------------snipped further modloads for brevity----------------------
0:002> as /ma ${/v:foo} poi(esp+4);
0:002> j ( $spat( “${foo}”, “chm” ) == 0 ) gc ; da poi(esp+4)
0090ecd0 “C:\WINDOWS\Help\calc.chm”
0:002>
0090ecd0 “C:\WINDOWS\Help\calc.chm” <– true for the pattern broke here
kernel32!CreateFileA:
77e7b476 55 push ebp
0:002> g
0:002> as /ma ${/v:foo} poi(esp+4);
0:002> j ( $spat( “${foo}”, “chm” ) == 0 ) gc ; da poi(esp+4)
0:002> as /ma ${/v:foo} poi(esp+4);
On Wed, Jan 26, 2011 at 3:38 AM, Jonathon wrote:
> It tells me unexpected characters
>
> kd> g
> Unexpected character in ‘$scmp(??((WCHAR*)this->m_str), ‘myString’) !=
> 0) { g; }’
>
> also, is there a way to redirect the output of a windbg command to a text
> file?
>
> Thanks.
>
>
> On Tue, Jan 25, 2011 at 1:47 PM, Martin O’Brien
> wrote:
> > I guess it doesn’t work. What’s the output?
> >
> >
> > mm
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Jonathon
> > Sent: Tuesday, January 25, 2011 4:23 PM
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Conditional Breakpoints using String Matching
> >
> > Hello all,
> >
> > I am interested in setting a conditional breakpoint that matches a
> > string at a certain address using the c++ expression evaluator. For
> > example,
> > if I have a class that has a member variable “m_str”, how would I
> > compare this, for example, to the string “myString” each time the
> > breakpoint is hit. If it matches, I would like to stop, and if it
> > does not match, I would like to continue.
> >
> > This is what I have so far…
> >
> > bs 0 “.if ($scmp(??((WCHAR*)this->m_str), ‘myString’) != 0) { g; }”
> >
> > thanks.
> >
> > —
> > WINDBG is sponsored by OSR
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
> >
> > —
> > WINDBG is sponsored by OSR
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
> >
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
thanks and regards
raj_r</spat.txt></spat.txt>