Hi.
I tried to use "break and trace" function with start condition
I first used it with some condition and I got a traced line of "lea rdx,[Game.exe+3216C8]" in the middle of all trace.
Game.exe+3216C8 was 7FF618F816C8 as a hex address at the moment.
So after a single line, I could check the address of rdx had been 7FF618F816C8.
So I wanted to use "RDX==0x7FF618F816C8" as a stop condition at the next break and trace so that I could see it at the last line.
But it doesn't stop at "lea rdx,[Game.exe+3216C8]" and proceed to the maximum count that I set..
What's wrong with it? RDX register cannot be used as a condition? or Base address cannot be used as a condition?
break and trace with condition doesn't work
Re: break and trace with condition doesn't work
How about you just ask your questions in one thread for example this one instead of cluttering the forum. People will see your question regardless if it's a new post or new topic.
Cheers
Cheers
Re: break and trace with condition doesn't work
Set the breakpoint 1 line below and it will work. Not on the line with the LEA. Breakpoints get hit BEFORE the instruction had a chance to run. In your case, RDX becomes that address AFTER the LEA line has been executed. Since you set the breakpoint there, RDX hasn't had the chance to update. So your condition will not work unless RDX was set to that address value BEFORE the LEA line.
Furthermore, I don't know why you're even bothering to set a conditional breakpoint on a line item which does the same thing every time.
LEA RDX,[addr] means load effective address of "addr" into RDX. So RDX will be "addr" every single time. Why bother put a conditional breakpoint when you know 100% what value RDX will always have? o__O
Re: break and trace with condition doesn't work
Really thanks for reply. But I got confused when asking...I was to ask to use the condition as start condition but I wrote as stop condition...
Set the breakpoint 1 line below and it will work. Not on the line with the LEA. Breakpoints get hit BEFORE the instruction had a chance to run. In your case, RDX becomes that address AFTER the LEA line has been executed. Since you set the breakpoint there, RDX hasn't had the chance to update. So your condition will not work unless RDX was set to that address value BEFORE the LEA line.
You are right, it really works as what u said. I also tried as what u said and it really worked like what u said. It showed 1 line after LEA blah blah at the last line. But I was to ask to use it as "start condition"
I think my problem was that the opcode of the breakpoint didn't include RDX register(the opcode of the breakpoint was mov [rsi],xmm0).
I set the breakpoint where opcode includes RDX directly and it worked.
So I concluded that when using break and trace function with "start" condition, I have to set breakpoint to the address where opcode writes sth directly to registers that I want to use.
(of course i don't know exactly why. I'm noobzor..)
Yeah I also thought "why am I doing this?" haha. I was back-tracing sth but the traced lines were over 1500 so I got confused where i was while doing back-tracing. And breakpoint shows us the "addresses" of the registers but does not show the "value" of those at the moment(except xmm/fpu registers) so those two reasons were why I had to set breakpoint with start condition.Furthermore, I don't know why you're even bothering to set a conditional breakpoint on a line item which does the same thing every time.
LEA RDX,[addr] means load effective address of "addr" into RDX. So RDX will be "addr" every single time. Why bother put a conditional breakpoint when you know 100% what value RDX will always have? o__O
Thanks for your opinion. Any recommendation really is helpful to noobs like me.
Who is online
Users browsing this forum: No registered users