windbg基本简单步骤
源碼
#include <stdio.h>
#include <string>
typedef struct _st{
int a;
int b;
}ST;
int fun(int* p, const ST& s)
{
*p = s.a + s.b;
return s.a < s.b ? s.a : s.b;
}
void main()
{
ST s;
s.a = 3;
s.b = 4;
int ret = -1;
int dd = fun(&ret, s);
printf("%d", dd);
getchar();
}
1. !address 查看最初斷點位置信息
ntdll!LdrpDoDebuggerBreak+0x2c:
77540ed4 cc ? ? ? ? ? ? ?int ? ? 30:000> bp $exentry
*** WARNING: Unable to verify checksum for test.exe
0:000> bl
? ? ?0 e Disable Clear ?00af127b ? ? 0001 (0001) ?0:**** test!ILT+630(_mainCRTStartup)
0:000> !address 77540ed4?
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
Mapping file section regions...
Mapping module regions...
Mapping PEB regions...
Mapping TEB and stack regions...
Mapping heap regions...
Mapping page heap regions...
Mapping other regions...
Mapping stack trace database regions...
Mapping activation context regions...
Usage: ? ? ? ? ? ? ? ? ?Image
Base Address: ? ? ? ? ? 774b0000
End Address: ? ? ? ? ? ?77586000
Region Size: ? ? ? ? ? ?000d6000 ( 856.000 kB)
State: ? ? ? ? ? ? ? ? ?00001000 ? ? ? ? ?MEM_COMMIT
Protect: ? ? ? ? ? ? ? ?00000020 ? ? ? ? ?PAGE_EXECUTE_READ
Type: ? ? ? ? ? ? ? ? ? 01000000 ? ? ? ? ?MEM_IMAGE
Allocation Base: ? ? ? ?774a0000
Allocation Protect: ? ? 00000080 ? ? ? ? ?PAGE_EXECUTE_WRITECOPY
Image Path: ? ? ? ? ? ? ntdll.dll
Module Name: ? ? ? ? ? ?ntdll
Loaded Image Name: ? ? ?C:\Windows\SysWOW64\ntdll.dll
Mapped Image Name: ? ? ?
More info: ? ? ? ? ? ? ?lmv m ntdll
More info: ? ? ? ? ? ? ?!lmi ntdll
More info: ? ? ? ? ? ? ?ln 0x77540ed4
More info: ? ? ? ? ? ? ?!dh 0x774a0000
Content source: 1 (target), length: 12c
2.查看加載模塊信息
0:000> lm
start ? ?end ? ? ? ?module name
00ae0000 00b03000 ? test ? ? C (private pdb symbols) ?E:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\test.pdb\37CD5525EB634D36AC9FD918207AF1512\test.pdb
594f0000 596af000 ? MSVCR120D ? (deferred) ? ? ? ? ? ??
597a0000 59869000 ? MSVCP120D ? (deferred) ? ? ? ? ? ??
76360000 76470000 ? kernel32 ? (deferred) ? ? ? ? ? ??
76470000 764b7000 ? KERNELBASE ? (deferred) ? ? ? ? ? ??
774a0000 77620000 ? ntdll ? ? ?(pdb symbols) ? ? ? ? ?E:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\wntdll.pdb\156A0C04210F41998644103A7354418D2\wntdll.pdb
0:000> bp test!main
0:000> bl
? ? ?0 e Disable Clear ?00af127b ? ? 0001 (0001) ?0:**** test!ILT+630(_mainCRTStartup)
? ? ?1 e Disable Clear ?00af5410 ? ? 0001 (0001) ?0:**** test!main查看
3.查找函數(shù)符號并斷點
0:000> x test!fun
00af4c30 ? ? ? ? ?test!fun (int *, struct _st *)
0:000> bp test!fun
0:000> g
4. kv 查看堆棧,fun函數(shù)入口時esp指向函數(shù)返回地址esp+4指向左邊第一個參數(shù),esp+8.。。。(c調(diào)用協(xié)定)
0:000> k
?# ChildEBP RetAddr ?
00 0045fa34 00af545a test!fun [g:\vsprojects\test\test\test.cpp @ 10]?
01 0045fb3c 00af5db9 test!main+0x4a [g:\vsprojects\test\test\test.cpp @ 21]?
02 0045fb8c 00af5fad test!__tmainCRTStartup+0x199 [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 626]?
03 0045fb94 7637336a test!mainCRTStartup+0xd [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 466]?
04 0045fba0 774d9902 kernel32!BaseThreadInitThunk+0xe
05 0045fbe0 774d98d5 ntdll!__RtlUserThreadStart+0x70
06 0045fbf8 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> .frame 0
00 0045fa34 00af545a test!fun [g:\vsprojects\test\test\test.cpp @ 10]?
0:000> dd esp
0045fa38 ?00af545a 0045fb20 0045fb2c 00000000
0045fa48 ?00000000 7efde000 cccccccc cccccccc
0045fa58 ?cccccccc cccccccc cccccccc cccccccc
0045fa68 ?cccccccc cccccccc cccccccc cccccccc
0045fa78 ?cccccccc cccccccc cccccccc cccccccc
0045fa88 ?cccccccc cccccccc cccccccc cccccccc
0045fa98 ?cccccccc cccccccc cccccccc cccccccc
0045faa8 ?cccccccc cccccccc cccccccc cccccccc
0:000> dd 0045fb20
0045fb20 ?ffffffff cccccccc cccccccc 00000003
0045fb30 ?00000004 cccccccc bbee73d5 0045fb8c
0045fb40 ?00af5db9 00000001 005281a8 00528760
0045fb50 ?bbee7365 00000000 00000000 7efde000
0045fb60 ?00000000 59cce7d8 00000000 00460000
0045fb70 ?00000000 0045fb50 e22294be 0045fbd0
0045fb80 ?00af1109 bb046069 00000000 0045fb94
0045fb90 ?00af5fad 0045fba0 7637336a 7efde000
0:000> dd 0045fb2c?
0045fb2c ?00000003 00000004 cccccccc bbee73d5
0045fb3c ?0045fb8c 00af5db9 00000001 005281a8
0045fb4c ?00528760 bbee7365 00000000 00000000
0045fb5c ?7efde000 00000000 59cce7d8 00000000
0045fb6c ?00460000 00000000 0045fb50 e22294be
0045fb7c ?0045fbd0 00af1109 bb046069 00000000
0045fb8c ?0045fb94 00af5fad 0045fba0 7637336a
0045fb9c ?7efde000 0045fbe0 774d9902 7efde000
5.release版本 優(yōu)化很簡
test!main:
010612a0 6a03 ? ? ? ? ? ?push ? ?3
010612a2 688c310601 ? ? ?push ? ?offset test!`string' (0106318c)
010612a7 ff15b8300601 ? ?call ? ?dword ptr [test!_imp__printf (010630b8)]
010612ad 83c408 ? ? ? ? ?add ? ? esp,8
010612b0 ff15ac300601 ? ?call ? ?dword ptr [test!_imp__getchar (010630ac)]
010612b6 33c0 ? ? ? ? ? ?xor ? ? eax,eax
test!main:
010612a0 6a03 ? ? ? ? ? ?push ? ?3
0:000> bp test!fun
Couldn't resolve error at 'test!fun'
0:000> db 0106318c
0106318c ?25 64 00 00 73 74 72 69-6e 67 20 74 6f 6f 20 6c ?%d..string too l
0106319c ?6f 6e 67 00 69 6e 76 61-6c 69 64 20 73 74 72 69 ?ong.invalid stri
總結(jié)
以上是生活随笔為你收集整理的windbg基本简单步骤的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: windbg基本命令
- 下一篇: VS远程调试