1

The environment is Windows XP SP3 32 bit with WinDBG:6.12.0002.633 X86. The programs was compiled with Visual C++ 2008 Express Edition. I have a problem with WinDBG, I tried to fix it unsuccessfully for a long time.

The initial disassembly:

ntdll!DbgBreakPoint:
7c90120e cc              int     3
7c90120f c3              ret
7c901210 8bff            mov     edi,edi

When I step or go this is what happens (even if there is a breakpoint in main):

0:000> t
Unable to insert breakpoint 0 at 00411000, Win32 error 0n299
    "Only part of a ReadProcessMemory or WriteProcessMemory request was completed."
bp0 at 00411000 failed
WaitForEvent failed
eax=00251eb4 ebx=7ffd6000 ecx=00000005 edx=00000020 esi=00251f48 edi=00251eb4
eip=7c90120f esp=0012fb20 ebp=0012fc94 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000302
ntdll!DbgBreakPoint+0x1:
7c90120f c3              ret

And eip = 7c90120f.

When I restart this is what happens:

0:000> .restart /f
CommandLine: C:\class\cdf\cdf_reader.exe C:\class\fuzzing\crash_docs\1536485595.1\crash_1.cdf
Symbol search path is: C:\class\cdf
Executable search path is: 
ModLoad: 00400000 00407000   cdf_reader.exe
Unable to insert breakpoint 0 at 00411000, Win32 error 0n299
    "Only part of a ReadProcessMemory or WriteProcessMemory request was completed."
bp0 at 00411000 failed
WaitForEvent failed
eax=00401613 ebx=7ffdb000 ecx=020fa685 edx=000000c2 esi=0090f7aa edi=0090f6ee
eip=7c8106f5 esp=0012fffc ebp=00000000 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000200
7c8106f5 ??              ???

And the disassembly:

No prior disassembly possible
7c8106f5 ??              ???
7c8106f6 ??              ???
7c8106f7 ??              ???

I thought at first that the problem is in the Symbol file path but I see that it is correct.

Can someone please instruct me on how to solve this problem?

Note that with OllyDBG and with Immunity Debugger I didn't encounter the problem.

alond22
  • 65
  • 6

1 Answers1

3

do you use a workspace ? it appears you have a spurious breakpoint saved

notice your module spans 

ModLoad: 00400000 00407000   cdf_reader.exe

but your breakpoint is at 

Unable to insert breakpoint 0 at 00411000,

which is out of the module limits

windbg is trying to set a breakpoint on probably a partial or non existant memory and failing

if you were using workspaces try deleting or refresing them

else try to clear all the breakpoints with bc * and try .restart

blabb
  • 8,674
  • 1
  • 18
  • 27
  • Thank you very much, I did not notice this detail in the error message. Another question - do you know how to make the saved workspace to appear every time I open WinDBG? Every time I have to press Ctrl+W and Enter to open the saved workspace (this time I will save the workspace more carefully). – alond22 Sep 10 '18 at 09:55
  • 1
    will you split this comment and ask the query in a new question (the answer to your query cannnot fit into comment and editing the answer to put in new unrelated information would make the answer cluttered – blabb Sep 11 '18 at 18:58
  • [Here is the question](https://stackoverflow.com/questions/52540737/windbg-default-workspace) – alond22 Sep 27 '18 at 15:48