I wonder if there is a way in windbg to set a breakpoint in all over the code when one of the register get a specific value or point to specific value.
to be more specific, somewhere in the code return "Err". I want to set a breakpoint that whenever EAX or other registers point to somthing like "Err", stop the code.
also I must say that there is no way to find "Err" in disassemblers.
a break point is always tied to an address be it software breakpoint or hardware breakpoint
if you use a memory breakpoint it would be triggered on a page boundary (page_gaurd_violation)
other than that you have to single step
you can try windbgs wt (watch and trace command with a depth argument )
combined with a generic break-point address if You want to watch only eax (the return value of any call )
an example below
os windows 7 sp1 32 bit
windbg version 10.0.16299.15
debuggee calc.exe
generic breakpoint calc!WinMain
command used wt -l 8 -or
before windbg breaks it would have traced around 7500 calls in this depth
>wc -l foo.txt & head foo.txt
7679 foo.txt
0:000> bp calc!WinMain
0:000> wt -l 8 -or
3 0 [ 0] ntdll!LdrpDoDebuggerBreak
11 0 [ 1] ntdll!_SEH_epilog4 eax = 0
4 11 [ 0] ntdll!LdrpDoDebuggerBreak eax = 0
>> No match on ret
4 11 [ 0] ntdll!LdrpDoDebuggerBreak
12 0 [ 0] ntdll!LdrpInitializeProcess
*** ERROR: Module load completed but symbols could not be
1 0 [ 1] ntdll!NtQueryInformationProcess
and you know eax has 88 and you want to check for it you can employ some grep magic like this
>grep -i "eax = .*88" foo.txt
21 0 [ 7] msvcrt!_SEH_prolog4 eax = ef388
21 0 [ 8] KERNELBASE!_SEH_prolog4 eax = ee788
14 0 [ 8] ntdll!RtlpAllocateDebugInfo eax = 2c7b88
21 0 [ 7] ntdll!_SEH_prolog4 eax = ef388
44 0 [ 8] ntdll!RtlAllocateHeap eax = 2c88c0
57 0 [ 8] ntdll!RtlDebugAllocateHeap eax = 2c88c0
3 0 [ 8] ntdll!RtlpAllocateHeap eax = 2c88c0
15 0 [ 8] ntdll!RtlAllocateHeap eax = 2c88c0
6 0 [ 7] ole32!CPageAllocator::CPageAllocator eax = 76b88814
6 0 [ 7] ole32!CPageAllocator::CPageAllocator eax = 76b87688
6 0 [ 7] ole32!CPageAllocator::CPageAllocator eax = 76b86788
3 0 [ 6] ole32!`dynamic initializer for 'arDcomInterfaces'' eax = 76a87988
32 0 [ 8] ole32!_onexit eax = 76a7e88b
31 96 [ 7] ole32!ComVerifierSettings::ComVerifierSettings eax = 76b88aef
104 0 [ 8] ntdll!RtlDebugAllocateHeap eax = 2ca880
11 0 [ 8] ntdll!_SEH_epilog4 eax = 2ca880
33 136 [ 7] ntdll!RtlpAllocateHeap eax = 2ca880
44 169 [ 6] ntdll!RtlAllocateHeap eax = 2ca880
14 0 [ 5] WINMM!WPP_INIT_CONTROL_ARRAY eax = 68d68f88
7 0 [ 8] WINMM!soundPlay eax = ffffffff`f7d0ed88
7 0 [ 8] WINMM!soundPlay eax = ffffffff`fbf886bb
13 0 [ 8] KERNELBASE!GetTickCount eax = 346883
7 0 [ 8] WINMM!soundPlay eax = ffffffff`ff48a886
7 0 [ 8] WINMM!soundPlay eax = 3010388
once you narrow down set specific breaks based on the sample data gathered
here is a specific scenerio you know the error code is 0xc0000034 and you know you dont want NtOpenKey which returns that value but some other api
you can employ some thing like this notic there is only one avast hook which return the error which you can latch on
>grep -i "eax =.*c.*34" foo.txt | grep -v -iE "ntopen|query|Image"
18 0 [ 8] KERNELBASE!BaseGetProcessDllPath eax = 2c634c
51 0 [ 8] KERNELBASE!BasepGetCachedPath eax = 2c634c
18 80 [ 7] KERNELBASE!BaseGetProcessDllPath eax = 2c634c
99 0 [ 8] aswhookx eax = ffffffff`c0000034
Related
I'd like to get a trace of function calls inside comctl32.dll beginning when the left mouse button is pressed on a tree control item and while the mouse button is held down.
I can set a breakpoint on comctl32!TV_ButtonDown and then use wt when the breakpoint is hit but this requires me to release the mouse button and interact with WinDbg. When I try to use a command string for my breakpoint like this: bp comctl32!TV_ButtonDown "wt -m comctl32", the tracing stops immediately after starting upon hitting the breakpoint:
Tracing COMCTL32!TV_ButtonDown to return address 00007ffd`57a48f1d
0 instructions were executed in 0 events (0 from other threads)
Function Name Invocations MinInst MaxInst AvgInst
0 system calls were executed
COMCTL32!TV_ButtonDown+0x5:
00007ffd`57b03bd9 48896c2418 mov qword ptr [rsp+18h],rbp ss:000000b7`746f8b00=0000000000000201
Is what I am attempting possible? Are there any alternatives?
not 64 bit but 32 bit
supply the end address
( top of stack or return address is what i give #$ra and don't release the mouse
it is not mandatory that you give #$ra but you should be sure that you will reach the end address
eventually without releasing the mouse lsft button)
0:000> bl
0 e Disable Clear 6e57a2ee 0001 (0001) 0:**** COMCTL32!TV_ButtonDown "wt -m comctl32 #$ra"
0:000> g
17 0 [ 0] COMCTL32!TV_ButtonDown
10 0 [ 1] COMCTL32!GetMessagePosClient
3 0 [ 2] USER32!GetMessagePos
18 3 [ 1] COMCTL32!GetMessagePosClient
17 0 [ 2] USER32!ScreenToClient
25 20 [ 1] COMCTL32!GetMessagePosClient
20 45 [ 0] COMCTL32!TV_ButtonDown
22 0 [ 1] COMCTL32!TV_DismissEdit
14 0 [ 2] USER32!IsWindowVisible
26 14 [ 1] COMCTL32!TV_DismissEdit
10 0 [ 2] USER32!GetDlgCtrlID
33 24 [ 1] COMCTL32!TV_DismissEdit
10 0 [ 2] USER32!SetWindowLongW
48 34 [ 1] COMCTL32!TV_DismissEdit
16 0 [ 2] COMCTL32!TV_InvalidateItem
40 0 [ 3] COMCTL32!TV_GetItemRect
24 40 [ 2] COMCTL32!TV_InvalidateItem
4 0 [ 3] USER32!NtUserRedrawWindow
27 44 [ 2] COMCTL32!TV_InvalidateItem
52 105 [ 1] COMCTL32!TV_DismissEdit
4 0 [ 2] USER32!NtUserShowWindow
58 109 [ 1] COMCTL32!TV_DismissEdit
34 0 [ 2] COMCTL32!CCSendNotify
25 0 [ 3] USER32!GetParent
40 25 [ 2] COMCTL32!CCSendNotify
18 0 [ 3] USER32!GetWindow
44 43 [ 2] COMCTL32!CCSendNotify
10 0 [ 3] USER32!GetDlgCtrlID
57 53 [ 2] COMCTL32!CCSendNotify
24 0 [ 3] USER32!GetWindowThreadProcessId
60 77 [ 2] COMCTL32!CCSendNotify
1 0 [ 3] kernel32!GetCurrentProcessIdStub
1 0 [ 3] kernel32!GetCurrentProcessId
3 0 [ 3] KERNELBASE!GetCurrentProcessId
87 82 [ 2] COMCTL32!CCSendNotify
24 0 [ 3] USER32!SendMessageW
109 106 [ 2] COMCTL32!CCSendNotify
16 0 [ 3] COMCTL32!InOutAtoW
118 122 [ 2] COMCTL32!CCSendNotify
3 0 [ 3] COMCTL32!__security_check_cookie
120 125 [ 2] COMCTL32!CCSendNotify
67 354 [ 1] COMCTL32!TV_DismissEdit
4 0 [ 2] USER32!NtUserDestroyWindow
75 358 [ 1] COMCTL32!TV_DismissEdit
3 0 [ 2] COMCTL32!__security_check_cookie
77 361 [ 1] COMCTL32!TV_DismissEdit
27 483 [ 0] COMCTL32!TV_ButtonDown
3 0 [ 1] COMCTL32!__security_check_cookie
29 486 [ 0] COMCTL32!TV_ButtonDown
515 instructions were executed in 514 events (0 from other threads)
Function Name Invocations MinInst MaxInst AvgInst
COMCTL32!CCSendNotify 1 120 120 120
COMCTL32!GetMessagePosClient 1 25 25 25
COMCTL32!InOutAtoW 1 16 16 16
COMCTL32!TV_ButtonDown 1 29 29 29
COMCTL32!TV_DismissEdit 1 77 77 77
COMCTL32!TV_GetItemRect 1 40 40 40
COMCTL32!TV_InvalidateItem 1 27 27 27
COMCTL32!__security_check_cookie 3 3 3 3
KERNELBASE!GetCurrentProcessId 1 3 3 3
USER32!GetDlgCtrlID 2 10 10 10
USER32!GetMessagePos 1 3 3 3
USER32!GetParent 1 25 25 25
USER32!GetWindow 1 18 18 18
USER32!GetWindowThreadProcessId 1 24 24 24
USER32!IsWindowVisible 1 14 14 14
USER32!NtUserDestroyWindow 1 4 4 4
USER32!NtUserRedrawWindow 1 4 4 4
USER32!NtUserShowWindow 1 4 4 4
USER32!ScreenToClient 1 17 17 17
USER32!SendMessageW 1 24 24 24
USER32!SetWindowLongW 1 10 10 10
kernel32!GetCurrentProcessId 1 1 1 1
kernel32!GetCurrentProcessIdStub 1 1 1 1
0 system calls were executed
eax=00000000 ebx=00000201 ecx=422f0fd7 edx=77a370f4 esi=002d9590 edi=00000200
eip=6e542888 esp=0012fcc4 ebp=0012fd00 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
COMCTL32!TV_WndProc+0x577:
6e542888 e90a060000 jmp COMCTL32!TV_WndProc+0x5de (6e542e97)
I really don't understand PDL's input functions. Personally, I've been using the rcols feature to create pdls, as was recommended to me in various places around the web.
I have an input file like this :
3 -4 -1
0 5 2
3 5 6
2 5 2
5 5 5
5 5 6
which, I want to assign to a Piddle. When I assign it to a piddle like so,
my #pdls = rcols $in_fh, { COLSEP => "\\s" } ;
my $pdl = pdl(#pdls[1 .. $#pdls]);
When I print #pdls this is printed :
[
[ 3 0 3 2 5 5]
[-4 5 5 5 5 5]
[-1 2 6 2 5 6]
]
Which made me think it pulled my file by columns, and not rows. Which makes sense looking at the code, really. When I saved this output to a file(After stripping out all the brackets) this is how it looked. :
3 0 3 2 5 5
-4 5 5 5 5 5
-1 2 6 2 5 6
When I ran the same script on the new input file, the result does not follow the same process as before :
[
[ 0 -4 -1]
[ 3 0 0]
[ 0 5 2]
[ 0 0 0]
[ 0 5 6]
[ 3 0 0]
[ 0 5 2]
[ 2 0 0]
[ 0 5 5]
[ 5 0 0]
[ 0 5 6]
[ 5 0 0]
]
And I have no idea why it is doing so. In essence, I want to be able to read my text file into a piddle. Does anyone see what I'm missing, or able to offer any explanation?
Thanks for any help.
As is occasionally the case in PDL, the design of things with several dimensions can be a bit counter-intuitive. But it is designed overall so it's easy to just adjust dimensions. Here, rcols and wcols treat data in files in a FORTRAN-style column-major way. It is easy to adjust that using the transpose method:
pdl> p $x = sequence(3,4)
[
[ 0 1 2]
[ 3 4 5]
[ 6 7 8]
[ 9 10 11]
]
pdl> wcols($x->transpose, 'myfile')
pdl> p pdl(rcols('myfile', {colsep => qr/\s+/}))->transpose
Reading data into ndarrays of type: [ Double Double Double ]
Read in 4 elements.
[
[ 0 1 2]
[ 3 4 5]
[ 6 7 8]
[ 9 10 11]
]
Maybe its just better to make a "3,6 matrix of zeros" then set in each value individually, (which means putting the data from a file into a 1D pdl() first) I would use a open() to read it into a scaler then put that in a 1D piddle; which can be rather involved ... once you get it in a 1D piddle do this:
open(FILE,"yourfile"); while (<FILE>) { $x = $_; }
close FILE;
$y = zeros(3,6);
p $x = sequence(18);
[0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17]
for $c(0..5) { for $d(0..2) { $y($d,$c) .= $x($e++) }}
p $y
[ 0 1 2]
[ 3 4 5]
[ 6 7 8]
[ 9 10 11]
[12 13 14]
[15 16 17]
I try to write a function in which print this output:
1
2 4
3 6 9
4 8 12 16
5 10 15 20 25
I wrote this code, but I'm not getting the desired output:
rows = 5;
% there are 5 rows
for i=1:rows
for j=1:i
b=i*j;
end
fprintf('%d\n',b)
end
How to I need to correct this algorithm or can you tell me, if there are any other alternate methods to solve this?
I don't know what you mean by "print", but this is how you could start:
%// initial vector
a = 1:5;
A = tril( bsxfun(#plus,a(:)*[0:numel(a)-1],a(:)) )
%// or
A = tril(a.'*a) %'// thanks to Daniel!
mask = A == 0
out = num2cell( A );
out(mask) = {[]}
A =
1 0 0 0 0
2 4 0 0 0
3 6 9 0 0
4 8 12 16 0
5 10 15 20 25
out =
[1] [] [] [] []
[2] [ 4] [] [] []
[3] [ 6] [ 9] [] []
[4] [ 8] [12] [16] []
[5] [10] [15] [20] [25]
To print it to a file, you can use.
out = out.'; %'
fid = fopen('output.txt','w')
fprintf(fid,[repmat('%d \t',1,n) '\r\n'],out{:})
fclose(fid)
and you get:
just for the command window:
out = out.'; %'
fprintf([repmat('%d \t',1,n) '\r\n'],out{:})
will be sufficient. Choose your desired delimiter, if you don't like '\t'.
If you insist on a nested for loop, you can do it like this:
rows = 5;
% there are 5 rows
for ii = 1:rows
for jj = 1:ii
b = ii*jj;
if ii <= jj
fprintf('%d \n',b)
else
fprintf('%d ',b)
end
end
end
displays:
1
2 4
3 6 9
4 8 12 16
5 10 15 20 25
I am trying to understand the execution of the following code
template < class OP , ScanKind Kind , class T >
__device__ T scan_warp ( volatile T * ptr , const unsigned int idx = threadIdx.x )
{
const unsigned int lane = idx & 31; // index of thread in warp (0..31)
/*1*/if ( lane >= 1) ptr [ idx ] = OP :: apply ( ptr [ idx - 1] , ptr [ idx ]);
/*2*/if ( lane >= 2) ptr [ idx ] = OP :: apply ( ptr [ idx - 2] , ptr [ idx ]);
/*3*/if ( lane >= 4) ptr [ idx ] = OP :: apply ( ptr [ idx - 4] , ptr [ idx ]);
/*4*/if ( lane >= 8) ptr [ idx ] = OP :: apply ( ptr [ idx - 8] , ptr [ idx ]);
/*5*/if ( lane >= 16) ptr [ idx ] = OP :: apply ( ptr [ idx - 16] , ptr [ idx ]);
/*6*/if( Kind == inclusive ) return ptr [ idx ];
else return ( lane >0) ? ptr [ idx -1] : OP :: identity ();
}
by writing an example.
Example:
input: [ 3 4 5 2 1 7 8 9 ]
correct output: [ 3 7 12 14 15 22 30 39 ]
step1: threadIdx.x = 0, lane = 0, output: [ 3 4 5 2 1 7 8 9 ], (no if statement execution)
step2: threadIdx.x = 1, lane = 1, output: [ 3 7 5 2 1 7 8 9 ],(/* 1*/ executed)
step3: threadIdx.x = 2, lane = 2, outputTemp: [ 3 7 12 2 1 7 8 9 ],((/* 1*/ executed)) ,outputFinal: [ 3 7 15 2 1 7 8 9 ],(/* 2 */ executed)
In step3 the outputTemp is obtained from the output in step2 by applying the first if statement. The outputFinal is obtained by applying the second if statement in outputTemp. So in the third element of the final output there is an error. Instead of 12 we have 15.
Questions:
What is wrong with my skeptic in thread excecution? Could you please describe the thread execution?
Why do we use const unsigned int lane = idx & 31; to check the conditions in if statements and not the idx it self. I mean that if idx = [0 1...31] lane is also [0 1 2...31].
Is there any possible way to visualize the thread execution in matlab?
Thank you very much for your time.
The code you have shown is a warp scan operation, meaning that is it executed simultaneously by all 32 threads within a given warp. Assuming that OP::apply is an addition operation, this implies the following sequence of intermediate values
Input [ 3 4 5 2 1 7 8 9 ]
Step 1 [ 3 7 9 7 3 8 15 17] lanes 1,2,3,4,5,6,7 execute OP::apply( ptr[idx-1], ptr[idx])
Step 2 [ 3 7 12 14 12 15 18 25 ] lanes 2,3,4,5,6,7 execute OP::apply( ptr[idx-2], ptr[idx])
Step 3 [ 3 7 12 14 15 22 30 39 ] lanes 4,5,6,7 execute OP::apply( ptr[idx-4], ptr[idx])
Note also that this code expects there to be exactly 32 input values, so trying to run it on the example you supplied would produce a runtime error.
Because a typical block contains more than 32 threads (i.e. more then 1 warp), and the idea that the code can be used for any warp in a block. So the same calculation for threadIdx.x = 0..31 can also be used for threadIdx.x = 128..159 or threadIdx.x = 992..1023
Probably, but a pen and paper is a far better tool.
I have matrix X , mX2, I want to result a matrix S of size
size(unique(X(:,2),1) X size(unique(X(:,2),1)
for each S(i,j) I want to count how many times i,j appeared together.
for example:
X = [1 11 ;
2 11;
3 11;
5 23;
6 23;
1 23;
9 24;
9 25;
3 23;
10 23]
unique(X(:,2))
11
23
24
25
S should be:
0 2 0 0
0 0 0 0
0 0 0 1
0 0 0 0
(I don't care about diagonals, and it could either have them or not, also,S could be symmetric).
S(1,2) = 2
because 11 and 23 (which are in position 1,2) appeared together twice (i.e with the same value in X(:,1)).
Thanks
This is one way of doing it:
[~, ~, n1] = unique(X(:,1));
[~, ~, n2] = unique(X(:,2));
B = accumarray([n2 n1],1);
S = B*B';
This gives the full matrix:
>> S
S =
3 2 0 0
2 5 0 0
0 0 1 1
0 0 1 1
To remove the diagonal and lower triangle you can use
S = triu(B*B',1);
which yields
>> S
S =
0 2 0 0
0 0 0 0
0 0 0 1
0 0 0 0
Try the following:
% convert each columns to indices starting from 1
[a,~,aa] = unique(X(:,1));
[b,~,bb] = unique(X(:,2));
% group occurences of col2 according to values of col1
C = accumarray(aa, bb, [], #(x){x});
% keep only occurences of two or more values
C = C(cellfun(#numel,C) > 1);
% in case of three or more values co-occured, generate all pairs
C = cellfun(#(v) nchoosek(v,2), C, 'UniformOutput',false);
% concatenate all pairs
C = cell2mat(C);
% build count matrix
C = sparse(C(:,[1 2]), C(:,[2 1]), 1);
C = full(C);
The result in this case (obviously a symmetric matrix):
>> C
C =
0 2 0 0
2 0 0 0
0 0 0 1
0 0 1 0
or pretty-printed with row/column headers:
>> [{[]} num2cell(b'); num2cell(b) num2cell(C)]
ans =
[] [11] [23] [24] [25]
[11] [ 0] [ 2] [ 0] [ 0]
[23] [ 2] [ 0] [ 0] [ 0]
[24] [ 0] [ 0] [ 0] [ 1]
[25] [ 0] [ 0] [ 1] [ 0]