Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Dump a dereferenced address in WinDbg

Tags:

windbg

I'm trying to evaluate the contents of a call stack in WindDbg using the d* commands. I know that the address to the data I want to dump is at [ebp+8]. However when using this command WinDbg is dumping the data at ebp with an 8 byte offset. I want to dump the data pointed to by ebp+8. I've been manually dd ebp then manually typing the address in a subsequent du address.

Is there a way to instruct WinDbg to automatically dereference a pointer when dumping data?

like image 395
Paul Alexander Avatar asked Oct 12 '11 08:10

Paul Alexander

1 Answers

you can use any d* command with the address poi(ebp+8)

like image 190
plodoc Avatar answered Oct 23 '22 15:10

plodoc
Sign in to Comment

Related questions

What's the meaning of 'Free' block of Large object heap when dump with WinDbg
How to read Import Address Table, in a driver, from a PEPROCESS?
sos.dll usage in visual studio 2013
live debugging a stack overflow
Can I display GUID in windbg?
Can WinDBG be made to find mscordacwks.dll in the symbol store?
publishing your own Symbol site for WinDbg
Windbg - dumping System.Guid
Error:Symbol File not found in WinDbg
How do I get windbg to save my session state?
Converting addresses to symbol + offset
Value of a variable using WinDbg
What are the differences between OllyDbg and WinDbg?
ntdll module not loading correctly in windbg, but why?
Windbg, how to check memory segment permission?
How to list running tasks in .net memory dump
Using windbg from Visual Studio
Windbg with SOS, How to dump a c# struct
Determining which objects ZwWaitForMultipleObjects is waiting on
Crash dump - resolve unmanaged code crash in a .NET application using WinDbg

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!