I have a .NET 3.5 disassembled code, and I'm attempting to cause a NullReferenceException, to try and mimic a behavior I see in some dumps.
For example, I can see the following command:
mov byte ptr [rdi],0
I assume that by setting rdi<-0, I could cause dereference to address 0x0.
However, I'm unable to edit any register value.
In MSDN, they claim 'Registers' window have the power to edit registers:
https://msdn.microsoft.com/en-us/library/9dfstwbe.aspx
But this doesn't work to me in Visual Studio 2012.
Any help or other workaround?
It is possible only while debugging C/C++ code. Tested it on a mixed solution C# + C++, C#-side it was readonly, C++ side I could overwrite the text (note that the window "appearance" doesn't change... it is always something like the notepad)
When debugging a C/C++ app, you can even write
EAX(oreax, it isn't case sensitive) in the watch window and you can edit it from there.