这是我用VC ++编写的一个简单的程序:
#include "stdafx.h
#include <iostream>
using namespace std;
int _tmain(int argc, _TCHAR* argv[])
{
int foo = 10;
int* bar = &foo;
cout<<bar<<endl;
getchar();
return 0;
}
我机器上的输出是: 0035F95C
通过windbg附加进程并查看反汇编后,我无法计算上面的地址。我知道我需要进入堆栈框架并查看本地人并遍历地址但不确定windbg中的命令。你会怎么做?
答案 0 :(得分:1)
答案 1 :(得分:0)
Thu 12/30/2010 20:04:38.48\>type stdafx.h
//dummmy file to satisfy compiler
Thu 12/30/2010 20:05:04.70\>type windb.cpp
#include "stdafx.h"
#include <iostream>
using namespace std;
int _tmain(int argc, _TCHAR* argv[])
{
int foo = 10;
int* bar = &foo;
cout<<bar<<endl;
getchar();
return 0;
}
Thu 12/30/2010 20:05:28.87\>bcc32 -v -ls -w-8057 windb.cpp
Borland C++ 5.5.1 for Win32 Copyright (c) 1993, 2000 Borland
windb.cpp:
Turbo Incremental Link 5.00 Copyright (c) 1997, 2000 Borland
Thu 12/30/2010 20:05:48.85\>map2dbg windb.exe
Converted 1644 symbols.
Thu 12/30/2010 20:06:04.07\>windb.exe
0012FF88
lets run windbg noninvasive look for stack and check disassembly of main find
where 10 is used in windbg
cdb -pv -pn windb.exe
Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.
*** wait with pending attach
Symbol search path is: SRV*F:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
WARNING: **Process 2312** is not attached as a debuggee
The process can be examined but debug events will not be received
.........
(908.1c8): Wake debugger - code 80000007 (first chance)
eax=0012fe48 ebx=00000000 ecx=0012ff10 edx=00862a30 esi=0012fd58 edi=00250688
eip=7c90e514 esp=0012fcf8 ebp=0012fd18 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
0:000> .tlist windb.exe
0n2312 windb.exe
0:000> kn
# ChildEBP RetAddr
00 0012fcf4 7c90daea ntdll!KiFastSystemCallRet
01 0012fcf8 7c912de8 ntdll!ZwRequestWaitReplyPort+0xc
02 0012fd18 7c872a51 ntdll!CsrClientCallServer+0x8c
03 0012fe14 7c872b98 kernel32!ReadConsoleInternal+0x1be
04 0012fe9c 7c8018b7 kernel32!ReadConsoleA+0x3b
*** WARNING: Unable to verify checksum for F:\Borland\windb\windb.exe
05 0012fef4 004111fd kernel32!ReadFile+0x64
06 0012ff14 00410fcb windb!_rtl_read+0x35
07 0012ff40 004117a7 windb!__read+0x9b
08 0012ff5c 00411865 windb!c798_0+0x5b
09 0012ff6c 004117ff windb!fgetc+0x61
0a 0012ff78 00401198 windb!_fgetc+0x13
**0b 0012ff8c 00417c4e windb!main+0x48**
0c 0012ffc0 7c817077 windb!c1770_0+0x172
0d 0012fff0 00000000 kernel32!BaseProcessStart+0x23
0:000> uf windb!main
windb!main:
00401150 55 push ebp
00401151 8bec mov ebp,esp
00401153 51 push ecx
00401154 53 push ebx
00401155 c745fc0a000000 **mov dword ptr [ebp-4],0Ah**
0040115c 8d5dfc lea ebx,[ebp-4]
0040115f 68a0114000 push offset windb!std::basic_ostream<char, std::char
_traits<char> >& std::endl<char, std::char_traits<char> >(std::basic_ostream<cha
r, std::char_traits<char> >&) (004011a0)
00401164 53 push ebx
00401165 68f8034200 push offset windb!d1862_1+0x9bc (004203f8)
0040116a e8ed7f0000 call windb!std::basic_ostream<char, std::char_traits
<char> >::operator <<(const void *) (0040915c)
0040116f 83c408 add esp,8
00401172 50 push eax
00401173 e8a4810000 call windb!std::basic_ostream<char, std::char_traits
<char> >::operator <<(std::basic_ostream<char, std::char_traits<char> >& (*)(std
::basic_ostream<char, std::char_traits<char> >&)) (0040931c)
00401178 83c408 add esp,8
0040117b b8ece04100 mov eax,offset windb!_streams (0041e0ec)
00401180 ff4808 dec dword ptr [eax+8]
00401183 7809 js windb!main+0x3e (0040118e)
windb!main+0x35:
00401185 baece04100 mov edx,offset windb!_streams (0041e0ec)
0040118a ff02 inc dword ptr [edx]
0040118c eb0b jmp windb!main+0x49 (00401199)
windb!main+0x3e:
0040118e 68ece04100 push offset windb!_streams (0041e0ec)
00401193 e854060100 call windb!_fgetc (004117ec)
00401198 59 pop ecx
windb!main+0x49:
00401199 33c0 xor eax,eax
0040119b 5b pop ebx
0040119c 59 pop ecx
0040119d 5d pop ebp
0040119e c3 ret
0:000> .frame /r 0x0b
0b 0012ff8c 00417c4e windb!main+0x48
eax=0012fe48 ebx=00862a30 ecx=0012ff10 edx=00862a30 esi=0012fd58 edi=00250688
eip=00401198 esp=0012ff80 ebp=0012ff8c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
windb!main+0x48:
00401198 59 pop ecx
0:000> dd 12ff7c l8
0012ff7c 00401198 0041e0ec 7ffde000 0000000a
0012ff8c 0012ffb8 00417c4e 00000001 008621c4
0:000> dds 12ff7c l8
0012ff7c 00401198 windb!main+0x48
0012ff80 0041e0ec windb!_streams
0012ff84 7ffde000
**0012ff88 0000000a**
0012ff8c 0012ffb8
0012ff90 00417c4e windb!c1770_0+0x172
0012ff94 00000001
0012ff98 008621c4
0:000>