Conditional breakpoint in lldb according to value in memory?

Question

What is the syntax for setting a conditional breakpoint in lldb according to a value in memory?

Something like:

breakpoint modify -c "memory read -Gx $esp+4 == 0"

Alternatively, I guess I could set a breakpoint command to continue if the condition is false, but I failed to find the syntax for that as well :)

Answer 1

breakpoint modify's --condition argument takes a C++ expression, evaluates it when the breakpoint has been hit, and if the result is non-zero (true), the breakpoint stops.

(lldb) br s -n foo
Breakpoint 1: where = a.out`foo, address = 0x00001f30
(lldb) br mod -c '*(int*) ($esp+4) == 10'
(lldb) r
Process 11102 launched: '/private/tmp/a.out' (i386)
Process 11102 stopped
* thread #1: tid = 0x42c6f9, 0x00001f30 a.out`foo, queue = 'com.apple.main-thread, stop reason = breakpoint 1.1
    #0: 0x00001f30 a.out`foo
a.out`foo:
-> 0x1f30:  pushl  %ebp
   0x1f31:  movl   %esp, %ebp
   0x1f33:  pushl  %eax
   0x1f34:  movl   8(%ebp), %eax
(lldb) x/x $esp+4
0xbffffbf0: 0x0000000a
(lldb) 

The parenthesis around $esp+4 is to keep the pointer arithmetic from being size-of-int *. Without those parenthesis, the expression would dereference $esp+16.

On platforms where arguments are passed in registers (x86_64, armv7, arm64 for some number of arguments), lldb provides convenience register aliases, $arg1, $arg2, etc. which are handy for these kinds of breakpoint conditions.