I've looked at this a couple times, but here's another way to break when the error code you're looking at is being returned.

.while(@eax != 0xc0000005) { t ; reax }

If you want to avoid the output noise, you can do something like this:

.while(@eax != 0xc0000005) { t ; r @eip = @eip}; r eax


All postings are provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm