Click here to Skip to main content
Rate this: bad
Please Sign up or sign in to vote.
See more: C# .NET Debugging Windbg
Hey all,
I am working on a WinDBG extension that can alter data of a running application.
At this point i am able to fetch the memory addresses of critical sections.
But my requirement is to get the memory address of a given function name.
Is there a way to do the same (a direct command or a set of commands).
Thanks in advance.
Posted 10-Dec-12 19:33pm
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

When you need to find the address at which a known function or a global variable resides, you can
use the x command of the windbg.exe debugger. This translation is often useful when trying to set
code or data breakpoints. For this to work, naturally, the module (DLL or main EXE) that contains the
function or global symbol should’ve already been loaded by the target process. Note that this command
also supports the wildcard character (*), which is often convenient for discovering the available
symbol (function or global variable) names that match a given pattern
0:000> x notepad!*main*
00151320 notepad!_imp____getmainargs = <no type information>
00151405 notepad!WinMain = <no type information>
00153689 notepad!WinMainCRTStartup = <no type information>
0:000> x notepad!g_*
0015c00c notepad!g_ftOpenedAs = <no type information>
0015e040 notepad!g_ftSaveAs = <no type information>
0015c100 notepad!g_wpOrig = <no type information>

reference : Inside Windows Debugging (Tarik Soulami)

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 605
1 Maciej Los 225
2 Abhinav S 171
3 Richard Deeming 160
4 Suvendu Shekhar Giri 159
0 Sergey Alexandrovich Kryukov 9,623
1 OriginalGriff 9,095
2 Peter Leow 5,044
3 Kornfeld Eliyahu Peter 3,373
4 Maciej Los 2,581

Advertise | Privacy | Mobile
Web02 | 2.8.150327.1 | Last Updated 12 Dec 2012
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100