12

I'm using windbg to debug an Windows executable. I want to know how I can see arguments passed to any function using WinDBG.

For example If I wanna know the parameters passed to function Kernel32!CreatefileA using Immunity Debugger or Olly debugger I will set a break point at entry point of Kernel32!CreatefileA.

Now in bottom right corner of debugger window i could see nicely what are the parameters are getting passed to Kernel32!CreatefileA by the program. Like this screen shot.

![screenshot

So my question is how how can I get a similar view of passed parameters using WinDBG.Is thre any way??

Is there any plugin which can represent the stack visually like olly or immunity??

Thanks in Advance

4

1 回答 1

16

如果您有私有符号,dv将向您显示本地人和参数。Alt+3如果您更喜欢使用 GUI ,还可以打开一个“Locals”窗口。

如果符号不可用,那就不是那么容易了。您可以从kv查看原始参数和调用约定开始。一旦你知道了调用约定,你就知道参数的存储位置(堆栈和/或寄存器),这就是破译它们在内存中的布局的问题。

![截屏

于 2013-09-02T21:24:08.690 回答