Question

对Internet Explorer崩溃进行一些分析。（极光利用）。假设我在01e2fe80上有一个对象的vftable。我知道对象是一个mshtml！CImgElement。我怎样才能找到这个物体的大小？我怎么会发现对象mshtml！CImgElement是x字节大？

     bp mshtml!CEventObj::GenericGetElement+0x93 ".printf \"esi = [%08x] \",esi;dds poi(esi) l1;gc"

     esi = [01e2fe80] 01e2fcd0  7dc59478 mshtml!CImgElement::`vftable'

参考：

http://dreamofareverseengineer.blogspot.de/2011/10/reversing-aurora-vulnerability-cve-2010.html

Answer 1

Operators in C++ Expressions sizeof(type)返回数据类型的大小，但可能CImgElement包含私有数据并显示所需的私有信息（私有符号），而mshtml模块则没有。< / p>

0:021> ?? sizeof(MSHTML!CImgElement)
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: MSHTML!CImgElement                            ***
***                                                                   ***
*************************************************************************
Couldn't resolve error at 'MSHTML!CImgElement)'

Windbg获取C ++对象的大小

1 个答案: