Windbg pykd memory breakpoint

0

I'm trying to make automation scripts with memory breakpoint function by using a pykd on windbg

and this is my script in short

class MemBpHandler(pykd.eventHandler):
    def setPageGuard(self, addr, size, guard=0x140): # Set PAGE_GUARD
        cmdVprotect = "!sdbgext.vprotect %x %x %x"
        cmdr = pykd.dbgCommand(cmdVprotect % (addr, size, guard))
        dbiprintf(cmdr)

    def onException(self, exceptInfo):
        dbiprintf("[!] Exception occured")
        if exceptInfo.exceptionCode == 0x80000001: # GUARD_PAGE_VIOLATION # Memory breakpoint
            dbiprintf("Hi MemBp!")

            # ...some procedures...

            return pykd.eventResult.NoChange # <=== NoChange but WinDbg breaks
        return pykd.eventResult.NoChange

when the GUARD_PAGE_VIOLATION occured,

"Hi MemBp!" is printed and WinDbg breaks the target process

with "First chance exceptions are reported before any exception handling. This exception may be expected and handled."

I hope to know why it breaks even I give a NoChange

and how to fix the script to works well

windbg
breakpoints
pykd
asked on Stack Overflow May 11, 2017 by Vanz

1 Answer

0

I solved my problem. It was just an exception filtering issue.

WinDBG - how to set all exception to be passed into app?

On the pykd, I cannot handle the WinDbg's process so I disabled it and the script works!

thank you

answered on Stack Overflow May 12, 2017 by Vanz • edited May 23, 2017 by Community

User contributions licensed under CC BY-SA 3.0