I'm having trouble getting user mode breakpoints to hit in windbg when I am kernel debugging. I know that I have to be in the target process's context to set a user mode breakpoint, but that still doesn't seem to work reliably. Sometimes it works, but I can't wrap my head around what the variable is that is making it work sometimes but not others. Here is what I am doing.

当我进行内核调试时，我无法在windbg中获取用户模式断点。我知道我必须在目标进程的上下文中设置用户模式断点，但这似乎仍然无法可靠地工作。有时候它会起作用，但是我无法解决变量是什么使它有时工作而不是其他变量。这就是我在做的事情。

1) !process <process> 0x17, then find a thread that I am curious 
   about.  See that the thread is in mixed user/kernel callstack, 
   identify return address I want to break on.

2) .process /r /p <process>, to change to the target process context

3) .thread <thread>, to change to the thread identified in step (1)

4) bp <addr>, to break on that particular address I care about

5) g

Sometimes the breakpoint hits. Sometimes it doesn't (except I have evidence that the thread has returned). This makes debugging really frustrating since I never know if things will work. Thanks for your help.

有时断点会发生。有时它没有（除了我有证据表明线程已经返回）。这使得调试真的令人沮丧，因为我从来不知道事情是否会奏效。谢谢你的帮助。

EDIT: this is not about thread-specific breakpoints, in my example I only change thread to take a callstack, because the callstack shows me the address I need to break on. In reality I want to break whenever that address is hit.

编辑：这不是关于特定于线程的断点，在我的例子中我只更改线程以获取一个callstack，因为callstack显示了我需要打破的地址。实际上，我想在该地址被击中时中断。

1 个解决方案

#1

---