我正在分析一个完整的内存转储,我应用了Windbg uf命令来查看函数的作用
0: kd> uf profsvc!CUserProfileService::_RegisterGPNotification
这是输出的一部分。我想知道为什么括号中的地址不同于profsvc!CUserProfileService::_RegisterGPNotification+0x44的地址应该是
000007fe fb149276
但是
000007fe fb155019。
当我尝试将地址000007fe fb155019与u解组合时,它指向
profsvc!CUserProfileService::_RegisterGPNotification+0x44:
我真的很困惑,任何帮助都深深体会。
来自WinDBG的输出
….
profsvc!CUserProfileService::_RegisterGPNotification+0x2e:
000007fe`fb14925e ba01000000 mov edx,1
000007fe`fb149263 488bc8 mov rcx,rax
000007fe`fb149266 ff157c410200 call qword ptr [profsvc!_imp_RegisterGPNotification (000007fe`fb16d3e8)]
000007fe`fb14926c 85c0 test eax,eax
000007fe`fb14926e 0f84a5bd0000 je profsvc!CUserProfileService::_RegisterGPNotification+0x44 (**000007fe`fb155019**)
profsvc!CUserProfileService::_RegisterGPNotification+0x40:
000007fe`fb149274 33db xor ebx,ebx
000007fe`fb149276 eb00 jmp profsvc!CUserProfileService::_RegisterGPNotification+0x66 (000007fe`fb149278) Branch
profsvc!CUserProfileService::_RegisterGPNotification+0x66:
000007fe`fb149278 488b0d31b00200 mov rcx,qword ptr [profsvc!WPP_GLOBAL_Control (000007fe`fb1742b0)]
000007fe`fb14927f 488d052ab00200 lea rax,[profsvc!WPP_GLOBAL_Control (000007fe`fb1742b0)]
000007fe`fb149286 483bc8 cmp rcx,rax
000007fe`fb149289 740a je profsvc!CUserProfileService::_RegisterGPNotification+0x94 (000007fe`fb149295) Branch
0: kd> u 000007fe`fb155019
profsvc!CUserProfileService::_RegisterGPNotification+0x44:
000007fe`fb155019 ?? ???
^ Memory access error in 'u 000007fe`fb155019'
答案 0 :(得分:2)
这是由于优化,请参阅以下MSDN文章:
https://msdn.microsoft.com/en-us/library/windows/hardware/ff541382(v=vs.85).aspx