Menu
I'm new to WinDbg, and I wanted to understand if it was possible to do a break-on-write on a kernel data structure (could be a structure or an array), similar to what can be done in gdb ?
746
Lets say the structure you are interested has a member that you want to break-in when it gets modified. Use:
ba w4 "address of structure + offset to interesting member"
ba = break on access
w4 = writing of anything from the start address provided for a length of 4 bytes.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
