How to get return value from a function in windbg?

Question

I am trying to debug some win32API's like Createthread which returns a handle. How to get the return values in windbg?

I did some research and found that return values generally stored in EAx register.

If I put breakpoint on CreateThread then I can step into assembly of Createthread and ultimatelyw I will hit ret statement which means Createthread is returning .

At this point should I check the value of EAX register to get the HANDLE value or is the some other way?

Answer 1

There isn't another way that isn't basically the same as testing eax.

If you want to get pedantic:

eax works fine for 32 bit.

rax is what you'll want for 64 bit apps

ret0 is what itanium uses

$retreg is a pseudo register you can use that will behave properly in all cases.

e.g.

0:028> r rax
rax=00000000fff02000
0:028> r eax
eax=fff02000
0:028> r $retreg 
$retreg=00000000fff02000