How to implement F5/F10/F11

[PromiseNoDieForever]

Very disturbing. I want to implement the function of using F5/F10/F11. How should I implement it? eg use code for g-/g+/t-/t+/p+/- in windbg

[commial]

Hi,

Not sure to properly understand the question, but I'll give a try.

Commands in WinDBG are actually wrappers for more complex functionalities. Some of them are easier than other, for instance:

• t+ and t- corresponds to ReplayForward(.., 1) and ReplayBackward(..., 1)
• g+ and g-, same but with the maximum number of instruction
• p+ and p- involves either detecting the call stack to find the callers ou disassembling until a ret is find. Then, a breakpoint is added, and the execution is continued. Another way to do it, maybe slower, would be to track the value of RSP or calls. There is actually a callback for that, look at example_calltree

Long story short, ttd-bindings wraps TTD, which provides "basic" functionalities. WinDBG builds its more advanced features by assembling them.

[PromiseNoDieForever]

OK Thanks,I will try it The main reason for asking this question is because I want to know whether you reverse engineered the code implemented on windbg.