标题: ntdll!RtlSetLastWin32Error()中的内置条件断点

https://scz.617.cn/windows/200707240000.txt

参看:

Debugger tricks: Break on a specific Win32 last error value in Windows Vista - [2007-07-24]
http://www.nynaeve.net/?p=147

ntdll!RtlSetLastWin32Error()有个内置条件断点:

--------------------------------------------------------------------------
void ntdll!RtlSetLastWin32Error ( unsigned int err )
{
    unsigned long long  sth;

    if ( g_dwLastErrorToBreakOn && err == g_dwLastErrorToBreakOn )
    {
        /*
         * 满足上述条件时，此处有个内置的int3
         */
        __debugbreak();
    }
    if ( NtCurrentTeb()->LastErrorValue != err )
    {
        NtCurrentTeb()->LastErrorValue  = err;
        if ( g_isErrorOriginProviderEnabled )
        {
            if ( err )
            {
                EtwEventWrite
                (
                    g_hUserDiagnosticProvider,
                    &SetLastWin32ErrorEvent,
                    1,
                    &sth,
                    &err,
                    4
                );
            }
        }
    }
}
--------------------------------------------------------------------------

"C:\Program Files\Windows Kits\10\Debuggers\x64\cdb.exe" -noinh -snul -hd -o -xe ld:ntdll "C:\Windows\System32\mspaint.exe"

> !pde.err 5
0x00000005 ( - ): Access is denied.

> ed ntdll!g_dwLastErrorToBreakOn 5
> g

(2314.25f0): Break instruction exception - code 80000003 (first chance)
ntdll!RtlSetLastWin32Error+0x61:
00007ffd`665d1631 cc              int     3
> kpn
 # Child-SP          RetAddr           Call Site
00 000000c9`be96dd80 00007ffd`63832e26 ntdll!RtlSetLastWin32Error+0x61
01 000000c9`be96ddd0 00007ffd`638555d2 KERNELBASE!BaseSetLastNTError+0x16
02 000000c9`be96de00 00007ffd`66238d42 KERNELBASE!AccessCheck+0x62
03 000000c9`be96de60 00007ffd`66238a7b KERNEL32!BasepIsServiceSidBlocked+0x1f6
04 000000c9`be96df90 00007ffd`663f57d6 KERNEL32!LoadAppInitDllsImplementation+0x4b
05 000000c9`be96dff0 00007ffd`663f5609 USER32!ClientThreadSetup+0x1a6
06 000000c9`be96e280 00007ffd`66633b14 USER32!_ClientThreadSetup+0x9
07 000000c9`be96e2b0 00007ffd`634d67a4 ntdll!KiUserCallbackDispatcherContinue
08 000000c9`be96e308 00007ffd`62a4cecd win32u!NtGdiInit+0x14
09 000000c9`be96e310 00007ffd`663e1e17 gdi32full!GdiDllInitialize+0x4d
0a 000000c9`be96e340 00007ffd`665a1473 USER32!_UserClientDllInitialize+0x427
0b 000000c9`be96eab0 00007ffd`665f6622 ntdll!LdrpCallInitRoutine+0x6f
0c 000000c9`be96eb20 00007ffd`665f646b ntdll!LdrpInitializeNode+0x15a
0d 000000c9`be96ec40 00007ffd`665f6491 ntdll!LdrpInitializeGraphRecurse+0x73
0e 000000c9`be96ec80 00007ffd`665f4525 ntdll!LdrpInitializeGraphRecurse+0x99
0f 000000c9`be96ecc0 00007ffd`665f42f9 ntdll!LdrpInitializeShimDllDependencies+0xd9
10 000000c9`be96edf0 00007ffd`665f4167 ntdll!LdrpLoadShimEngine+0x141
11 000000c9`be96ef10 00007ffd`66665ff6 ntdll!LdrpInitShimEngine+0x157
12 000000c9`be96f330 00007ffd`666575b3 ntdll!LdrpInitializeProcess+0x1cda
13 000000c9`be96f770 00007ffd`6660920b ntdll!_LdrpInitialize+0x4e393
14 000000c9`be96f7f0 00007ffd`666091be ntdll!LdrpInitialize+0x3b
15 000000c9`be96f820 00000000`00000000 ntdll!LdrInitializeThunk+0xe