Is it possible with WinDbg? RRS feed

  • Question

  • I have a specific assembly instruction inside a program code and I want to know which instruction was executed right before it.

    Is it possible with WinDbg? Like to trace the program one step backwards?

    Friday, February 7, 2014 3:39 AM

All replies

  • One can use 'ub Address' cmd, which will start to disassemble some bytes before Address, but one cannot step backwards (no 'reverse/replay debugging').

    With kind regards

    Friday, February 7, 2014 7:49 AM
  • You can also create breakpoint to stop the execution on specific address.
    Forgotten to add that after breakpoint hit ub [Address ] command can be used.When not specifying [address] parameter current IP will be used.
    • Edited by iliyapolak Thursday, February 20, 2014 2:15 PM
    Thursday, February 20, 2014 12:54 PM
  • And what about bp [addr] instruction?

    [~Thread] bp[ID] [Options] [Address [Passes]] ["CommandString"]

    Thursday, February 20, 2014 1:58 PM