wrong variable value from debugger on x64

Hello everyone,


The command dv is not print the correct value for input parameters? Here is
my WinDbg debug on x64 platform and source code. Any ideas about how to
retrieve the correct value?

[Code]
0:000> bp foo
0:000> bl
0 e 00000001`40001020 0001 (0001) 0:**** Test64bitDebug!foo
0:000> g
Breakpoint 0 hit
Test64bitDebug!foo:
00000001`40001020 89542410 mov dword ptr [rsp+10h],edx
ss:00000000`0012fea8=cccccccc
0:000> dv
a = -858993460
b = -858993460


int foo (int a, int b)
{
return a+b;
}

int main()
{
int a1 = 100;
int b1 = a1 + 100;

foo (a1, b1);

return 0;
}
[/Code]


thanks in advance,
George

Tim
Fri Jul 11 23:48:16 CDT 2008

George <George@discussions.microsoft.com> wrote:
>
>
>The command dv is not print the correct value for input parameters? Here is
>my WinDbg debug on x64 platform and source code. Any ideas about how to
>retrieve the correct value?
>
>[Code]
>0:000> bp foo
>0:000> bl
> 0 e 00000001`40001020 0001 (0001) 0:**** Test64bitDebug!foo
>0:000> g
>Breakpoint 0 hit
>Test64bitDebug!foo:
>00000001`40001020 89542410 mov dword ptr [rsp+10h],edx
>ss:00000000`0012fea8=cccccccc
>0:000> dv
> a = -858993460
> b = -858993460

Try single-stepping into the function one line. Windbg uses the stack
frame to fund the local variable, and the stack frame isn't fully set up
until a couple of instructions into the function.
--
Tim Roberts, timr@probo.com
Providenza & Boekelheide, Inc.

George
Sun Jul 13 05:15:00 CDT 2008

Thanks Tim,


You are correct. I step one line using p command, and the variable values
are correctly setup. Do you think it is your expected solution?


regards,
George

Tim
Sun Jul 13 23:35:24 CDT 2008

George <George@discussions.microsoft.com> wrote:
>
>You are correct. I step one line using p command, and the variable values
>are correctly setup. Do you think it is your expected solution?

I'm not sure what you are asking. This is just something you have to do.
Windbg has to use the stack frame to locate the local variables, an the
stack frame isn't set up until a few instructions into the function.
--
Tim Roberts, timr@probo.com
Providenza & Boekelheide, Inc.

George
Mon Jul 14 02:23:00 CDT 2008

Thanks Tim,


Here is the related assembly code for function foo, how do you know after
which instruction the stack is properly setup?

--------------------
Test64bitDebug!foo:
00000001`40001020 89542410 mov dword ptr [rsp+10h],edx
ss:00000000`0012fea8=cccccccc
00000001`40001024 894c2408 mov dword ptr [rsp+8],ecx
00000001`40001028 57 push rdi
00000001`40001029 8b4c2418 mov ecx,dword ptr [rsp+18h]
00000001`4000102d 8b442410 mov eax,dword ptr [rsp+10h]
00000001`40001031 03c1 add eax,ecx
00000001`40001033 5f pop rdi
00000001`40001034 c3 ret
--------------------


regards,
George

George
Mon Jul 14 04:02:00 CDT 2008

Great Ivan!


1.

I feel I am short of knowledge about what means register homing, could you
describe it or recommend some documents to learn?

2.

"In this case, the prologue size is reflected in the function-entry record
for the function, and, it is 0x1f, that is immediately after the instruction
marked below." -- In the assembly code I posted before, how do you calculate
the number like 0x1f?


regards,
George

Hendrik
Mon Jul 14 07:29:03 CDT 2008

George wrote:
> Great Ivan!
>
>
> 1.
>
> I feel I am short of knowledge about what means register homing, could you
> describe it or recommend some documents to learn?
>
> 2.
>
> "In this case, the prologue size is reflected in the function-entry record
> for the function, and, it is 0x1f, that is immediately after the instruction
> marked below." -- In the assembly code I posted before, how do you calculate
> the number like 0x1f?

Read Matt Pietrek's "Just Enough Assembly Language to Get By".
http://www.microsoft.com/msj/0298/hood0298.aspx
http://www.microsoft.com/msj/0698/hood0698.aspx

> regards,
> George

Schobi

George
Wed Jul 16 05:08:43 CDT 2008

Thanks Schobi,


The article is good, but it does not cover,

- what is register homing?

- how to calculate prologue size.

Any ideas? (both direct answer or document referral are welcome.)


regards,
George