Conditional breakpoint that tests multiple stack variables

Question

I'm debugging an application at a point where it uses a dialog box to get some information from the user, and then does some processing on that information. By setting a breakpoint on USER32!CreateDialogParamW I have found the address of its dialog procedure.

At first I just wanted to break when the procedure receives a WM_COMMAND message, so I used the following command: bp 00cfa1c0 "j (dwo(esp+8) == 0x111) ''; 'gc'"

This is unfortunately not enough as the dialog procedure for some reason receives WM_COMMAND messages even when ALT-TABbing between WinDbg and the application. So, now I want it to break when it receives WM_COMMAND with a notification code of BN_CLICKED from the OK button on the dialog. The control ID of the button in the dialog template is 1, and BN_CLICKED is defined as 0 in winuser.h. This means the WPARAM argument of the dialog procedure should be 1 when clicking the OK button.

I tried the following command: bp 00cfa1c0 "j (dwo(esp+8) == 0x111 && dwo(esp+12) == 0x1) ''; 'gc'". This is initially accepted, but when the breakpoint is evaluated it complains: Numeric expression missing from '& dwo(esp+12) == 0x1) ''; 'gc''

Surrounding the 2 expressions with ()'s did not help. I had a look at the help file, but to be honest that confuses me even more. I'm pretty new to WinDbg and English is not my native language. Can someone point me in the right direction?

Thanks in advance.

PS: This is a 32-bit application for which I do not have the source code.

Answer 1

Use a single & - the default syntax for expressions is MASM. && is part of C++ syntax.

The following expressions would work for you:

(dwo(@esp+8) == 0x111 & dwo(@esp+12) == 0x1)

or

@@c++(*(int*)(@esp+8) == 0x111 && *(int*)(@esp+12) == 0x1)