老师,您好
$peb是表示peb地址的伪寄存器,为什么不能直接用dt _PEB $peb:
0:000> dt _PEB $pebntdll!_PEBCannot find specified field members.
而必须用dt _PEB @$peb,
另还有那个问题,如果需要学好条件断点语法,能否推荐点,我希望慢慢入门,但能不走太多弯路,万分感谢
帮助文件中有的。
When you use a register in an expression, you should add an at sign ( @ ) before the register. This at sign tells the debugger that the following text is the name of a register.
If you are using MASM expression syntax, you can omit the at sign for certain very common registers. On x86-based systems, you can omit the at sign for the eax, ebx, ecx, edx, esi, edi, ebp, eip, and efl registers. However, if you specify a less common register without an at sign, the debugger first tries to interpret the text as a hexadecimal number. If the text contains non-hexadecimal characters, the debugger next interprets the text as a symbol. Finally, if the debugger does not find a symbol match, the debugger interprets the number as a register.
If you are using C++ expression syntax, the at sign is always required.