Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to get return value from a function in windbg?

Tags:

assembly

return-value

windbg

I am trying to debug some win32API's like Createthread which returns a handle. How to get the return values in windbg?

I did some research and found that return values generally stored in EAx register.

If I put breakpoint on CreateThread then I can step into assembly of Createthread and ultimatelyw I will hit ret statement which means Createthread is returning .

At this point should I check the value of EAX register to get the HANDLE value or is the some other way?

like image 574
anand Avatar asked Jun 22 '09 06:06

anand

People also ask

How do you get a return value from a function?

To return a value from a function, you must include a return statement, followed by the value to be returned, before the function's end statement. If you do not include a return statement or if you do not specify a value after the keyword return, the value returned by the function is unpredictable.

How does a function return a value give example?

A function defined with a return type must include an expression containing the value to be returned. In this example, the return statement initializes a variable of the returned type. The variable answer is initialized with the int value 30. The type of the returned expression is checked against the returned type.

Which statement sends back a value from a function?

A return statement ends the execution of a function, and returns control to the calling function. Execution resumes in the calling function at the point immediately following the call. A return statement can return a value to the calling function.

What happens when you return a value from a function?

A return statement, once executed, immediately terminates execution of a function, even if it is not the last statement in the function. In the following code, when line 3 executes, the value 5 is returned and assigned to the variable x, then printed.

1 Answers

There isn't another way that isn't basically the same as testing eax.

If you want to get pedantic:

eax works fine for 32 bit.

rax is what you'll want for 64 bit apps

ret0 is what itanium uses

$retreg is a pseudo register you can use that will behave properly in all cases.

e.g.

0:028> r rax
rax=00000000fff02000
0:028> r eax
eax=fff02000
0:028> r $retreg 
$retreg=00000000fff02000
like image 159
aaron Avatar answered Oct 26 '22 20:10

aaron
Sign in to Comment

Related questions

what is the purpose of mov %rax,%rax?
What is MASM ? which we generally use it for learning assembly language code?
Make file for larger directory structure
How to understand this?
manipulating 32 bit numbers with 16 bit registers in 8086
Variable swap with and without auxiliary variable - which is faster?
Assembly - shr instruction turn on carry flag?
Detail about MSR_GS_BASE in linux x86 64
How to disassemble movb instruction
Testing Shellcode From C - Bus Error 10
Delphi 64 bits asm compiling error
How can I find out what "processor family" an Intel processor is under?
16 colors for background in MCGA BIOS text mode (AL = 03h)
Writing to a file in assembler
How does a loader in operating system work? [closed]
What is the JCC instruction in x86
Why is ExitProcess necessary under Win32 when you can use a RET?
Is Intel® Transactional Synchronization Extensions New Instruction (TSX-NI) difference from Intel TSX?
Can we say that an x86 CPU has data types?
Can a UEFI machine use BIOS interrupts?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!