Valhalla Legends Forums Archive | Assembly Language (any cpu) | IDA ---> WinDBG offsets

AuthorMessageTime
hi.times
hi all,

Sorry if this is the wrong place, but im having a few problems trying to breakpoint certain memory/addresses in a dll using WinDBG. My problem is i have some addresses in IDA, and would like to set a breakpoint on them in WinDBG, but they dont seem to work right.

Take for example this line in IDA:

[code]
.text:6FC015C0                sub    esp, 10Ch
[/code]

Now from this i would assume i need to do:

[code]
WinDBG Command Line -> bp 6FC015C0
[/code]

But this does not work correctly, am i completely wrong here?

Also i would like to set a ba (break point on access memory), this also fails. Is some kind of base address conversion required for this to work?
March 16, 2005, 5:23 AM
Kp
Looks ok to me, but of course I can't say what's wrong since you forgot to post the error message you receive from windbg.  "does not work correctly" is extremely vague, and gives no hint as to whether windbg even accepts the command.  If it does accept it, you probably meant that the breakpoint doesn't seem to be triggered, which could just mean you've BP'd some useless function that's not being called.
March 16, 2005, 5:56 AM
hi.times
I think the message thats printed when i do a bl confused me.

[code]
0 e 6fc0202c    0001 (0001)  0:*** D2Net!Ordinal10040+0x7c
[/code]

Im not entirely sure what that message means, some kind of offset i think, but i thought Ordinal was used for representing exported functions.

The breakpoint on memory does not actually get called, am i wrong to do: ba r4 6FC0B2B4

This is the data section of the dll. I thought if a code line uses that offset in the data, it will break?
March 16, 2005, 6:24 AM
Adron
Ordinals are used for exported functions. Windbg shows you where your offset is in relation to the nearest symbol.

March 16, 2005, 3:55 PM
hi.times
[quote author=Adron link=topic=10935.msg104062#msg104062 date=1110988521]
Ordinals are used for exported functions. Windbg shows you where your offset is in relation to the nearest symbol.


[/quote]

Ok, thankyou for clearing that up for me.
March 17, 2005, 5:03 AM

Search