How to skip a line from execution in windbg everytime it hits?

Question

Suppose I want to skip line 3 of function func everytime it is called

int func() {
     int a = 10, b =20;
     a = 25;
     b = 30;
     return a+b
}

so everytime It should be returning 40 (ie doesn't execute 3rd line a=25) Is there any similar command in windbg like jmp in gdb?

Answer 1

again a very late answer but if messing with assembly is not preferable
set a conditional breakpoint to skip executing one line

in the example below 401034 is the line you do not want to execute
so set a conditional breakpoint on that line to skip it

bp 401034 "r eip = @$eip + size of current instruction";gc"
7 in this case gc = go from conditionl break

jmptest:\>dir /b
jmptest.c

jmptest:\>type jmptest.c
#include <stdio.h>
int func()
{
    int a = 10 , b = 20;
    a = 25;
    b = 30;
    return a+b;
}
int main (void)
{
    int i , ret;
    for (i= 0; i< 10; i++)
    {
        ret = func();
        printf("we want 40 we get %d\n",ret);
    }
    return 0;
}
jmptest:\>cl /nologo /Zi jmptest.c
jmptest.c

jmptest:\>dir /b *.exe
jmptest.exe

jmptest:\>cdb -c "uf func;q" jmptest.exe | grep 401
00401020 55              push    ebp
00401021 8bec            mov     ebp,esp
00401023 83ec08          sub     esp,8
00401026 c745fc0a000000  mov     dword ptr [ebp-4],0Ah
0040102d c745f814000000  mov     dword ptr [ebp-8],14h
00401034 c745fc19000000  mov     dword ptr [ebp-4],19h
0040103b c745f81e000000  mov     dword ptr [ebp-8],1Eh
00401042 8b45fc          mov     eax,dword ptr [ebp-4]
00401045 0345f8          add     eax,dword ptr [ebp-8]
00401048 8be5            mov     esp,ebp
0040104a 5d              pop     ebp
0040104b c3              ret

jmptest:\>cdb -c "bp 401034 \"r eip = 0x40103b;gc\";g;q " jmptest.exe | grep wan
t
we want 40 we get 40
we want 40 we get 40
we want 40 we get 40
we want 40 we get 40
we want 40 we get 40
we want 40 we get 40
we want 40 we get 40
we want 40 we get 40
we want 40 we get 40
we want 40 we get 40

jmptest:\>

Answer 2

If you're familiar with assembly, you can use the a command to change the assembly (i.e. turn the opcodes for, "a = 25;" into all NOPs). This is what I typically do when I want to NOP out or otherwise change an instruction stream.

Occasionally people will rely on the fact that the byte code for the NOP instruction is 0x90 and use the e command to edit the memory (e.g. "ew @eip 0x9090"). This is the same result as using the a command.

Lastly, if you're hitting this operation infrequently and just want to manually skip the instruction you can use the, "Set Current Instruction" GUI operation:

http://msdn.microsoft.com/en-us/library/windows/hardware/ff542851(v=vs.85).aspx

Answer 3

There is a tutorial here that explains how to do this, you can set the offset so that it skips the line: http://cfc.kizzx2.com/index.php/tutorial-using-windbg-to-bypass-specific-functions-windbg-kung-fu-series/ and set the register eip to this value.

Also, you can set the breakpoint and put the command into the breakpoint to do the same: http://japrogbits.blogspot.co.uk/2010/01/using-breakpoints-to-skip-function-in.html and another blog: http://www.shcherbyna.com/?p=1234 and also you can use the .call to achieve the same: http://blogs.msdn.com/b/oldnewthing/archive/2007/04/27/2292037.aspx