// === break on load module ===mov sApi, "ReadFile"mov sDLL, "kernel32"gpa sA

1. // === break on load module ===
2. mov sApi, "ReadFile"
3. mov sDLL, "kernel32"
4. gpa sApi, sDLL
5.  
6. // store address
7. mov handle, $RESULT
8. log handle
9. cmp handle, 0
10. je abort
11.  
12.  
13.  
14. lbl_bp:
15. // run
16. go handle
17.  
18. mov adrRet, [esp]
19. mov hFile, [esp+4.]
20. mov InBuffer, [esp+8.]
21. mov nNumberOfBytesToRead, [esp+12.]
22. mov lpNumberOfBytesRead, [esp+16.]
23. mov lpOverlapped, [esp+20.]
24.  
25. log InBuffer
26. log hFile
27. log nNumberOfBytesToRead
28. log lpNumberOfBytesRead
29. log lpOverlapped
30.  
31. cmp InBuffer,0
32. je noIn
33.  
34. mov INN, [InBuffer], nNumberOfBytesToRead
35. log INN
36.  
37.  
38.  
39. jmp lbl_bp
40.  
41. noIn:
42. jmp lbl_bp
43.  
44. abort: