WinDbg

我需要比较一个字符串，作为参数传递给WinDbg与来自内存的字符串。 怎么能实现这一目标？

例如，字符串位于加载的PE内的特定偏移量中。 所以，我可以通过执行da /c 100 <addr>轻松读取字符串。 但是，如何在WinDbg脚本中使用此字符串将其与arg1进行比较，使用.if ？ （和我猜的$SPAT() ）

我试图将da命令的输出读入别名或用户定义的寄存器 ，但我没有成功。

I need to compare a string, passed as an argument to WinDbg with a string from memory. How can this be achieved?

For example, the string is located in a specific offset within the loaded PE. So, I can easily read the string by executing da /c 100 <addr>. But, how can I use this string, to compare it with arg1, in a WinDbg script, using .if? (and $SPAT(), I guess)

I was trying to read the output of the da command into an Alias or a User-Defined Register, but I was unsuccessful.

您可以使用as /c将字符串分配给别名：

然后你可以使用$spat() ：

要从命令行控制模式，请使用-c命令行开关设置另一个别名：

You can assign a string to an alias using as /c:

You can then use $spat() on it:

To control the pattern from the command line, set another alias using the -c command line switch: