6

I am trying to debug calls to CreateFileA from a DLL that I do not have source code to. I can set the breakpoint in the kernel32.dll with no problem, and I know that the value pointed to by (esp + 4) is the address of the filename. What I'd like to do is to put a watch on the memory address pointed to by (esp + 4), however I cannot determine the correct watch syntax to use (providing it is even possible). For example, I've tried various patterns to the following:

(char *)&(esp + 4) -- error: operand types bad for this operation

Obviously, I can always fall back on having two memory windows open and manually enter the addresses every time the debugger breaks, but I am going for efficiency here. :)

4
  • 1
    Did you try this: (char*)(esp+4).
    – Mark Lakata
    Commented Apr 11, 2014 at 20:22
  • 1
    Yes, I have tried that. It simply returns the byte pointed to at the memory location for (esp + 4). So, if ESP is 0x01d00000 and the bytes at locations esp to (esp + 7) were "01 02 03 04 05 06 07 08", *(char *)(ESP + 4) would display 05.
    – Brian Davis
    Commented Apr 11, 2014 at 20:50
  • 1
    oops... misread a * in your comment. But I have tried the other way, too. (char *)(esp + 4) treats the memory location as the contents of the string ( (char *)(esp + 4) == the bytes, 05 06 07 08 etc). What I'm looking for is the contents of the address of esp + 4 (i.e. (char *)&0x08070605.)
    – Brian Davis
    Commented Apr 11, 2014 at 20:56
  • 4
    Not sure I understand, but I'm pretty sure that (char*)0x08070605 is the answer you are looking for. Visual Studio displays (char*) values as the pointer itself, and then the first few dozen characters of the string if it seems to be a string. If you meant a pointer to a pointer, then try *(char**)(esp+4)
    – Mark Lakata
    Commented Apr 14, 2014 at 1:00
Related questions
0
Visual Studio C++ Debugger, get value from address
4
How can I display the value of the register EAX as an object in the debugger?
3
How do you view segment-offset memory addresses in the Visual Studio debugger?
Load 7 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.