search

commial / ttd-bindings

Bindings for Microsoft WinDBG TTD
211 stars 31 forks source link

Mismatched value of the BP_FLAGS::READ #20

Closed YHZX2013 closed 2 years ago

YHZX2013 commented 2 years ago

Thanks for share your cool project.

During the test, I found the BP_FLAGS should be:

const enum BP_FLAGS {
    READ = 1,
    WRITE = 2,
    EXEC = 4
};

(The original BP_FLAGS::READ value is 3).

When I use:

TTD::TTD_Replay_MemoryWatchpointData data;
data.addr = 0;
data.size = 0xFFFFFFFFFFFFFFFF;
data.flags = 3;//New value of the TTD::BP_FLAGS::READ | TTD::BP_FLAGS::WRITE
ttdcursor.AddMemoryWatchpoint(&data);
ttdcursor.SetMemoryWatchpointCallback((TTD::PROC_MemCallback)memCallback, 0);

to replay:

Time Travel Position: B7:3C
TestProgram!_vfprintf_l+0x7d:
00007ff6`1eaa18cd c3              ret

Time Travel Position: B7:3D
TestProgram!printf+0x82:
00007ff6`1eaa1a82 894504          mov     dword ptr [rbp+4],eax ss:000000aa`12daf364=cccccccc

The memCallback can also get the memory read/write events:

[Mem] PC: 0x7ff61eaa18cd, Pos: 0xb7:0x3c, Addr: 0xaa12daf338, Length: 0x8, Flag: 0x0
0x0000027a1d59be00 | 82 1a aa 1e f6 7f 00 00 ?? ?? ?? ?? ?? ?? ?? ?? | ........????????

[Mem] PC: 0x7ff61eaa1a82, Pos: 0xb7:0x3d, Addr: 0xaa12daf364, Length: 0x4, Flag: 0x1
0x0000027a1d59be20 | 01 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? | ....????????????
commial commented 2 years ago

Hi, Thanks for notifying it. It indeed make more sense to have a bitfield instead of random looking constants.

I saw you already made a PR to fix it, perfect!

YHZX2013 commented 2 years ago

This issue is related with https://github.com/commial/ttd-bindings/pull/21