好的,这是我的问题。在我将一个变量推入堆栈然后为局部变量创建空间之后。 在从程序返回之前,如何使用DumpMem显示堆栈?
include irvine32.inc
.data
X sdword 10, -10, 20, -20, 30, -30, 40, -40
.code
begin:
mov ecx, offset x
push ecx
call StackProcedure
StackProcedure PROC
push ebp
mov ebp, esp
sub esp, 32
lea esi, [ebp-32]
mov ecx, 32
L1: mov BYTE PTR [esi], '*'
inc esi
loop L1
add esp, 32
pop ebp
ret
StackProcedure ENDP
finfin:
invoke exitProcess,0
end begin
答案 0 :(得分:1)
Irvine的DumpMem只需要寄存器中的三个值。只有这些寄存器被附加,其他一切(寄存器,存储器,堆栈)在函数返回时不变。所以,它的使用很简单:
include irvine32.inc
.data
X sdword 10, -10, 20, -20, 30, -30, 40, -40
.code
StackProcedure PROC
push ebp
mov ebp, esp
sub esp, 32
lea esi, [ebp-32]
mov ecx, 32
L1: mov BYTE PTR [esi], '*'
inc esi
loop L1
mov esi, esp ; Start address
mov ecx, 48 ; Number of bytes to dump
mov ebx, 1 ; 1 - size byte
call DumpMem ; call Irvine's DumpMem
add esp, 32
pop ebp
ret
StackProcedure ENDP
main PROC
mov ecx, offset x
push ecx
call StackProcedure
invoke exitProcess,0
main ENDP
END main
我想这实际上并没有被问及。 Irvine的DumpMem除了起始地址外没有显示地址,并且没有在反汇编程序转储中预期的等效ASCII字符。由于它有自己的显示(标题和换行),因此无法在提供附加信息的功能之间嵌入。这是一个显示16字节行的函数,包含地址,十六进制值和ASCII字符:
include irvine32.inc
.data
X sdword 10, -10, 20, -20, 30, -30, 40, -40
.code
DumpMemLine PROC C USES EBX ESI, address:PTR ; dumps 16 bytes hex & char
mov eax, address
call WriteHex ; call Irvine's WriteHex (8 hex digits)
mov al, ' '
call WriteChar ; call Irvine's WriteChar (space)
call WriteChar ; call Irvine's WriteChar (space)
mov esi, address
mov ecx, 16
L1:
mov al, [esi]
cmp al, 14 ; ASCII code >= 14d?
jae @F ; Yes, can be written unchanged
cmp al, 7 ; ASCII code < 7d?
jb @F ; Yes, can be written unchanged
cmp al, 11 ; ASCII code == 11d?
je @F ; Yes, can be written unchanged
cmp al, 12 ; ASCII code == 12d?
je @F ; Yes, can be written unchanged
mov al, ' ' ; Replace characters that `WriteChar` will "cook" (7,8,9,10,13)
@@: ; This is label where the `jcond @F` jump to
mov ebx, 1 ; Two hex digits
call WriteHexB ; call Irvine's WriteHexB
mov al, ' '
call WriteChar ; call Irvine's WriteChar (space)
inc esi
loop L1
call WriteChar ; call Irvine's WriteChar (space)
mov esi, address
mov ecx, 16
@@:
mov al, [esi]
call WriteChar ; call Irvine's WriteChar
inc esi
loop @B
mov al, 10
call WriteChar ; call Irvine's WriteChar (line feed)
ret
DumpMemLine ENDP
StackProcedure PROC
push ebp
mov ebp, esp
sub esp, 32
lea esi, [ebp-32]
mov ecx, 32
L1: mov BYTE PTR [esi], '*'
inc esi
loop L1
mov esi, esp ; Start address
mov ecx, 48 ; Number of bytes to dump
mov ebx, 1 ; 1 - size byte
call DumpMem ; call Irvine's DumpMem
; Dump three lines à 16 bytes
push esp ; Argument for DumpMemLine
call DumpMemLine
add dword ptr [esp], 16 ; Increment the pushed argument
call DumpMemLine
add dword ptr [esp], 16 ; Increment the pushed argument
call DumpMemLine
add esp, 4 ; Clean up the stack
add esp, 32
pop ebp
ret
StackProcedure ENDP
main PROC
mov ecx, offset x
push ecx
call StackProcedure
invoke exitProcess,0
main ENDP
END main
答案 1 :(得分:0)
我认为您正在尝试查看内存转储,如果它当前,您可以使用GDB调试器来调试程序,还可以通过设置查看寄存器,段,控制寄存器,帧等内存详细信息...断点,并点击链接获取更多关于GDB的信息,
http://www.yolinux.com/TUTORIALS/GDB-Commands.html