The incredible collection of commands in Windbg never fails to impress me whenever i come across a new one.  Just found a new command to disable opcode display from openrce forum.

I have avoided the opcodes till now or putting it another way the opcodes never bothered me 😉 but windbg provides options to disable opcodes in console during debugging as well.

.asm no_code_bytes

The no_code_bytes option for the .asm command disables display of opcodes. The documentation says that this is for x86 target only. The following dump was from x64 vista so think the document is yet to be updated. here is the example of this command

0:000> u
ntdll!ZwTerminateProcess+0xa:
00000000`7727053a    c3                          ret
00000000`7727053b    666690              xchg    ax,ax
00000000`7727053e    6690                    xchg    ax,ax
ntdll!ZwSetEventBoostPriority:
00000000`77270540   4c8bd1                 mov     r10,rcx
00000000`77270543   b82a000000    mov     eax,2Ah
00000000`77270548   0f05                      syscall

00000000`7727054a    c3                          ret
00000000`7727054b    666690              xchg    ax,ax

0:000> .asm no_code_bytes
Assembly options: no_code_bytes
0:000> u
ntdll!ZwSetEventBoostPriority+0xe:
00000000`7727054e     xchg       ax,ax
ntdll!ZwReadFileScatter:
00000000`77270550    mov        r10,rcx
00000000`77270553    mov        eax,2Bh
00000000`77270558    syscall
00000000`7727055a    ret
00000000`7727055b    xchg       ax,ax
00000000`7727055e    xchg       ax,ax

Also checkout following related command 🙂

.prompt_allow (options)

bye for now

Update: corrected typo of parameter from no_opcode_bytes to no_code_bytes

Advertisements