版權聲明:本文爲博主原創文章,未經博主允許不得轉載。 https://blog.csdn.net/autohacker/article/details/49076461
0x00 前言
發現網上很多關於ollydbg和windbg的條件斷點的設置是錯誤的,所以這裏總結下。
0x01 字符串條件斷點
ollydbg:
unicode字符串:
bp kernel32.CreateFileW, [UNICODE [esp+4]]=="C:\\4.txt"
ascii字符串:
bp kernel32.CreateFileA, [STRING [esp+4]]=="C:\\4.txt"
windbg:
unicode字符串:
bp kernel32!CreateFileW "$<F:\\script.txt"
其中,F:\script.txt的內容爲:
as /mu ${/v:fname} poi(esp+4)
.if ( $sicmp( "${fname}", "c:\3.txt" ) = 0 ) {.echo ${fname}} .else {gc}
ascii字符串:
bp kernel32!CreateFileA "$<F:\\script.txt"
其中,F:\script.txt的內容爲:
as /ma ${/v:fname} poi(esp+4)
.if ( $sicmp( "${fname}", "c:\3.txt" ) = 0 ) {.echo ${fname}} .else {gc}