memory location or only when a write occurs. Restart the application under the
debugger and set a breakpoint in
DisplayError right before executing the call to
Sleep. Feed the same input parameters to the application, and after it breaks into
the debugger, use the following command to set the memory access breakpoint: 0:000> ba w4 0006fcf0
The command used is ba. The w stands for write followed by a 4, which indicates the
size in bytes of the memory location. The last parameter specified is the address of
the memory location to break on. Remember that the memory location specified is
the location of the return address when
SleepEx returns.
When you continue execution of the application, we almost immediately hit a
breakpoint:
0:000> g
Breakpoint 1 hit
eax=00000043 ebx=7ffde000 ecx=77c422b0 edx=77c61b78 esi=00191ffc edi=00191fc0
eip=7c80239c esp=0007fcf8 ebp=0007fd04 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
kernel32!SleepEx:
7c80239c 6a2c push 2Ch
0:000> kb
ChildEBP RetAddr Args to Child
0007fcf4 7c802451 00001770 00000000 0007fd10 kernel32!SleepEx
0007fd04 01001a7a 00001770 0007ff44 0100156a kernel32!Sleep+0xf
0007fd10 0100156a 0007fd2c 00000004 000007d0 05async!DisplayError+0x5a
这一段我不明白 ba w4 0006fcf0 的 0006fcf0 地址是如何获取的,请帮忙解析下,万分感谢
