Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Windbg HWND Extension x64

All-in-one reversing related discussions
Post Reply
WaxfordSqueers
Senior Member
Posts: 1001
Joined: Tue Apr 06, 2004 11:00 am

Windbg HWND Extension x64

Post by WaxfordSqueers »

EDIT: Posts moved from another thread into a new topic

Have you come across an extension in your travels that works on x64 and allows a hwnd and a windows message code to be use in a breakpoint?

I am thinking of the bmsg command in sice and I have seen at least two extensions with a similar function. Unfortunately neither work on my present x64 system.

ps. I'm sure it could be done manually using an .if/.else statement with a bp. I am still trying to get my head around poi.

I am thinking specifically of this statement I posted earlier:
.load sdbgext
bp @eip ".if (poi(poi(esp+4)+4) == 0x202) {!hwnd poi(poi(esp+4));gc } .else {gc}"
g
Unfortunately I need the extension sdbgext which I have been unable to load on x64.

This is a new release that's supposed to work on x64 but ironically not on my system.

http://www.nynaeve.net/?p=94
blabberer
Senior Member
Posts: 1535
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

i just cleaned up and put the extension and the relevent source here in github


this is a recompilation for hwnd command from skywings sdbgext for x64 architecture

usage

.load hwnd.dll
.chain
!hwnd
!hwnd {window Handle}
WaxfordSqueers
Senior Member
Posts: 1001
Joined: Tue Apr 06, 2004 11:00 am

Post by WaxfordSqueers »

blabberer wrote:i just cleaned up and put the extension and the relevent source here in github
Thanks blabbs. I am tied up helping a friend with a project and time is hard to come by. I will get into this soon.

Thanks again.
Post Reply