memory address syntax

WINDBG
1

Hi,

I’m having an intermittent problem where a memory structure is
unexpectedly being cleared (set to all zeroes).

I’d like to break when this location is accessed, but continue if the
initial byte is not equal to 0.

I’ve tried numerous variations, but here’s one example (assuming the
memory location is 01ed0d05):
ba w1 01ed0d05 “.if ((BYTE)(*0x01ed0d05) != 0x00) {g}”

This returns the error:
Couldn’t resolve error at ‘ed0d05 “.if ((BYTE)(*0x01ed0d05) != 0x00) {g}”’

Any suggestions?

Thanks in advance.

Regards,
Dave.

2

I think it’s because you’re using the ‘c++’ expression evaluator by default. If you set it to use
‘masm,’ I think that should work:

.expr


.expr /s masm

Assuming that what I’ve written is correct, then there are other ways to solve this problem by
instructing windbg to process that particular statement differently, but, frankly, I don’t remember
them well enough off the top of my head.

Good luck,

mm

Dave Colter wrote:
> Hi,
>
> I’m having an intermittent problem where a memory structure is
> unexpectedly being cleared (set to all zeroes).
>
> I’d like to break when this location is accessed, but continue if the
> initial byte is not equal to 0.
>
> I’ve tried numerous variations, but here’s one example (assuming the
> memory location is 01ed0d05):
> ba w1 01ed0d05 “.if ((BYTE)(*0x01ed0d05) != 0x00) {g}”
>
> This returns the error:
> Couldn’t resolve error at ‘ed0d05 “.if ((BYTE)(*0x01ed0d05) != 0x00) {g}”’
>
> Any suggestions?
>
> Thanks in advance.
>
> Regards,
> Dave.
>
>

3

ba w1 01ed0d05 “.if (by(ptr) == 0x00) { .echo Hit it! ; } .else { gc ; }” would do the trick in masm expression mode, for reference.

  • S

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Thursday, March 19, 2009 8:51 AM
To: Kernel Debugging Interest List
Subject: Re:[windbg] memory address syntax

I think it’s because you’re using the ‘c++’ expression evaluator by default. If you set it to use
‘masm,’ I think that should work:

.expr


.expr /s masm

Assuming that what I’ve written is correct, then there are other ways to solve this problem by
instructing windbg to process that particular statement differently, but, frankly, I don’t remember
them well enough off the top of my head.

Good luck,

mm

Dave Colter wrote:
> Hi,
>
> I’m having an intermittent problem where a memory structure is
> unexpectedly being cleared (set to all zeroes).
>
> I’d like to break when this location is accessed, but continue if the
> initial byte is not equal to 0.
>
> I’ve tried numerous variations, but here’s one example (assuming the
> memory location is 01ed0d05):
> ba w1 01ed0d05 “.if ((BYTE)(*0x01ed0d05) != 0x00) {g}”
>
> This returns the error:
> Couldn’t resolve error at ‘ed0d05 “.if ((BYTE)(*0x01ed0d05) != 0x00) {g}”’
>
> Any suggestions?
>
> Thanks in advance.
>
> Regards,
> Dave.
>
>


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer