change function return value

I have a .net application that is doing COM interop and calling some native library APIs. One of these APIs are returning some data that is unexpected and causing headaches for me. I am looking for some way of forcing the return value of the managed API. This is not going to solve my problem but help me narrow a few things down. I am simplifying things a bit below.

Keeping all this in mind, Let's say my managed class name MyClass and it has two methods ParentMethod() and ChildMethod(). ParentMethod calls ChildMethod which internally calls those native APIs. The ChildMethod itself returns a bool.

After breaking into my app via Windbg I first ran !dumpheap -type MyClass command that gave me following output

0:027> !dumpheap -type MyClass

Address MT Size

0ac7e7e4 04ac5030 100

total 0 objects

Statistics:

MT Count TotalSize Class Name

04ac5030 1 100 MyNamespace.MyClass

Total 1 objects

I then ran following command trying to get the address of the methods in this class.

0:027> !dumpmt -md 04ac5030

EEClass: 04ac1b20

Module: 04ac49c8

Name: MyNamespace.MyClass

mdToken: 02000002

File: MyAssemblyName, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null

BaseSize: 0x64

ComponentSize: 0x0

Slots in VTable: 61

Number of IFaces in IFaceMap: 4

MethodDesc Table

Entry MethodDesc JIT Name

04b20270 04ac4fd0 JIT MyNamespace.MyClass..ctor()

04b20230 04ac4ffc JIT MyNamespace.MyClass..cctor()

04acc081 04ac4fd8 NONE MyNamespace.MyClass.ParentMethod()

04acc085 04ac4fe4 NONE MyNamespace.MyClass.ChildMethod()

04b202c0 04ac4ff0 JIT MyNamespace.MyClass.InitializeComponent()

I have found Naveen's blog entry where he describes some technique of doing something along the same line but I couldn't figure out what exact step should I ta开发者_如何学Cke from here. Any help will be highly appreciated.

Here are simple steps

1. bp 04acc085 - Which is the ChildMethod
2. When the break-point hits then issue the command bp poi(@esp) which sets the break-point on return register
3. And the when the second break-point hits you could change the value to true using r eax=00000001 . The eax register stores the return value in x86

Or another way is to bp 04acc085 "gu;r eax=00000001;gc" which will do the same in one line