-1

I have a Windows PE executable which I suspect is calling read with an incorrect byte count. Is it possible to set a break that will be triggered when the read function is called. I have looked in the winedbg manual but could not find anything relevant.

I have no strong reason for using winedbg beyond convenience. As I type this I am installing Visual Studio on a virtual Windows 7, so if winedbg is not suitable then I would be interested in other suggestions, either using Linux or Windows.

Chris Barry
  • 2,250
  • 1
  • 14
  • 8

1 Answers1

0

This was actually embarrassingly obvious. All I needed to do was

break ReadFile

and similarly for all the other API entry points. I suspect I was assuming, without really thinking about it, that the named procedures would be part of a library that was compiled into the main program, while access to the DLL would be by numbered entry points.

Chris Barry
  • 2,250
  • 1
  • 14
  • 8