What is the syntax for setting a conditional breakpoint in lldb according to a value in memory?
Something like:
breakpoint modify -c "memory read -Gx $esp+4 == 0"
Alternatively, I guess I could set a breakpoint command to continue if the condition is false, but I failed to find the syntax for that as well :)
breakpoint modify's --condition argument takes a C++ expression, evaluates it when the breakpoint has been hit, and if the result is non-zero (true), the breakpoint stops.
(lldb) br s -n foo
Breakpoint 1: where = a.out`foo, address = 0x00001f30
(lldb) br mod -c '*(int*) ($esp+4) == 10'
(lldb) r
Process 11102 launched: '/private/tmp/a.out' (i386)
Process 11102 stopped
* thread #1: tid = 0x42c6f9, 0x00001f30 a.out`foo, queue = 'com.apple.main-thread, stop reason = breakpoint 1.1
#0: 0x00001f30 a.out`foo
a.out`foo:
-> 0x1f30: pushl %ebp
0x1f31: movl %esp, %ebp
0x1f33: pushl %eax
0x1f34: movl 8(%ebp), %eax
(lldb) x/x $esp+4
0xbffffbf0: 0x0000000a
(lldb)
The parenthesis around $esp+4 is to keep the pointer arithmetic from being size-of-int *. Without those parenthesis, the expression would dereference $esp+16.
On platforms where arguments are passed in registers (x86_64, armv7, arm64 for some number of arguments), lldb provides convenience register aliases, $arg1, $arg2, etc. which are handy for these kinds of breakpoint conditions.