ttd-bindings icon indicating copy to clipboard operation
ttd-bindings copied to clipboard
verified publisher icon commial

How to implement F5/F10/F11

Open PromiseNoDieForever opened this issue 2 years ago • 2 comments

Very disturbing. I want to implement the function of using F5/F10/F11. How should I implement it? eg use code for g-/g+/t-/t+/p+/- in windbg

PromiseNoDieForever avatar Nov 15 '23 06:11 PromiseNoDieForever

Hi,

Not sure to properly understand the question, but I'll give a try.

Commands in WinDBG are actually wrappers for more complex functionalities. Some of them are easier than other, for instance:

  • t+ and t- corresponds to ReplayForward(.., 1) and ReplayBackward(..., 1)
  • g+ and g-, same but with the maximum number of instruction
  • p+ and p- involves either detecting the call stack to find the callers ou disassembling until a ret is find. Then, a breakpoint is added, and the execution is continued. Another way to do it, maybe slower, would be to track the value of RSP or calls. There is actually a callback for that, look at example_calltree

Long story short, ttd-bindings wraps TTD, which provides "basic" functionalities. WinDBG builds its more advanced features by assembling them.

commial avatar Nov 20 '23 09:11 commial

OK Thanks,I will try it The main reason for asking this question is because I want to know whether you reverse engineered the code implemented on windbg.

PromiseNoDieForever avatar Nov 24 '23 06:11 PromiseNoDieForever