WinDBG View Passed Arguments to Any Function

debugging windbg callstack
Dev.K. picture Dev.K. · Sep 2, 2013 · Viewed 16.9k times · Source

I'm using windbg to debug an Windows executable. I want to know how I can see arguments passed to any function using WinDBG.

For example If I wanna know the parameters passed to function Kernel32!CreatefileA using Immunity Debugger or Olly debugger I will set a break point at entry point of Kernel32!CreatefileA.

Now in bottom right corner of debugger window i could see nicely what are the parameters are getting passed to Kernel32!CreatefileA by the program. Like this screen shot.

![screenshot

So my question is how how can I get a similar view of passed parameters using WinDBG.Is thre any way??

Is there any plugin which can represent the stack visually like olly or immunity??

Thanks in Advance

Answer

Sean Cline picture Sean Cline · Sep 2, 2013

If you have private symbols, dv will show you locals and arguments. There is also a "Locals" window that can be opened with Alt+3 if you prefer to use the GUI.

If symbols are not available, it is not quite so easy. You can start with kv to see raw arguments and calling convention. Once you know the calling convention, you know where arguments are stored (stack and/or registers), and it is a matter of deciphering their layout in memory.

![Screenshot

Related questions

How to set up symbols in WinDbg?

I am using Debugging Tools for Windows and I get the following error message when starting WinDbg / cdb or ntsd: Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the …

Read More
ERROR: Symbol file could not be found. windbg.exe

I downloaded the symbols from http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx the package (Windows 7 RTM x86 retail symbols, all languages) but it still gives me the same error! Done .sympath but still not working .sympath C:\inetpub\…

Read More
WinDbg symbol resolution

When using WinDbg, where should the private symbol files (pdb?) be placed? My situation is: I have a DLL which I want to debug. I have the source code and symbol files for this DLL. This DLL is called by …

Read More