I'm trying to set a conditional hardware breakpoint on Windows Kernel-Mode in Windbg by using the following syntax :
ba w1 ffff802312345678 "j(@rip==ffff802387654321 || @rip==ffff802387654330) 'gc';''"
I used the above command in order to ignore every access to my target location (ffff802312345678) from ffff802387654321 or ffff802387654330, so everytime access from somewhere else is taken, then I would be notified.
But the problem is, it still breaks on ffff802387654321 or ffff802387654330 among the other locations.
I also read it's official documents about "Conditional Breakpoints and Register Sign Extension" and also test something like this:
ba w1 ffff802312345678 "j((@rip & 0xffffffffffffffff)=ffff802387654321 || (@rip & 0xffffffffffffffff)=ffff802387654330) 'gc';''"
But it still won't work.
So my question is:
There is no || MASM operator. It's or.
Use
ba w1 ffff802312345678 "j(@rip==ffff802387654321 or @rip==ffff802387654330) 'gc';''"
I have not reproduced your exact case, but a simpler example:
0:000> r rip
rip=0000000076db6fb0
0:000> j (@rip==0000000076db6fb0 || @rip==0) '.echo 5';'.echo 6"
Numeric expression missing from '| @rip==0) '.echo 5';'.echo 6"'
0:000> j (@rip==0000000076db6fb0 or @rip==0) '.echo 5';'.echo 6"
5