.frame /cSets the specified frame as the current local override context. This action allows a user to access the nonvolatile registers for any function in the call stack.
.frame /c切换栈帧之后,如何切换回来呢?
当我尝试切换回来的时候,显示如下错误:0:001> .frame /c 0Frame 0x0 is before current base frame 0x15
大家遇到过麽?该肿麽办?Windbg版本:6.12.0002.633
实在太感激Raymond!!!
0:000> kvn # Child-SP RetAddr : Args to Child : Call Site00 00000000`0010f968 00000000`77039e9e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa01 00000000`0010f970 00000000`ff441064 : 00000000`002f0048 00000000`05570543 000007fe`fdf32164 00000000`00000001 : USER32!GetMessageW+0x3402 00000000`0010f9a0 00000000`ff44133c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`002f3562 : notepad!WinMain+0x18203 00000000`0010fa20 00000000`7713652d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : notepad!DisplayNonGenuineDlgWorker+0x2da04 00000000`0010fae0 00000000`7772c521 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd05 00000000`0010fb10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d0:000> .frame /c 404 00000000`0010fae0 00000000`7772c521 kernel32!BaseThreadInitThunk+0xdrax=0000000000000004 rbx=0000000000000000 rcx=00000000002ae0a0rdx=000000000010f720 rsi=0000000000000000 rdi=0000000000000000rip=000000007713652d rsp=000000000010fae0 rbp=0000000000000000 r8=000007fefc2a6080 r9=000007fefc2cc580 r10=0000000000000000r11=00000000008e2ba0 r12=0000000000000000 r13=0000000000000000r14=0000000000000000 r15=0000000000000000iopl=0 nv up ei pl zr na po nccs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244kernel32!BaseThreadInitThunk+0xd:00000000`7713652d 8bc8 mov ecx,eax0:000> .frame /c 0Frame 0x0 is before current base frame 0x404 00000000`0010fae0 00000000`00000000 kernel32!BaseThreadInitThunk+0xdrax=0000000000000004 rbx=0000000000000000 rcx=00000000002ae0a0rdx=000000000010f720 rsi=0000000000000000 rdi=0000000000000000rip=000000007713652d rsp=000000000010fae0 rbp=0000000000000000 r8=000007fefc2a6080 r9=000007fefc2cc580 r10=0000000000000000r11=00000000008e2ba0 r12=0000000000000000 r13=0000000000000000r14=0000000000000000 r15=0000000000000000iopl=0 nv up ei pl zr na po nccs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244kernel32!BaseThreadInitThunk+0xd:00000000`7713652d 8bc8 mov ecx,eax0:000> .cxrResetting default scope0:000> kvn # Child-SP RetAddr : Args to Child : Call Site00 00000000`0010f968 00000000`77039e9e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa01 00000000`0010f970 00000000`ff441064 : 00000000`002f0048 00000000`05570543 000007fe`fdf32164 00000000`00000001 : USER32!GetMessageW+0x3402 00000000`0010f9a0 00000000`ff44133c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`002f3562 : notepad!WinMain+0x18203 00000000`0010fa20 00000000`7713652d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : notepad!DisplayNonGenuineDlgWorker+0x2da04 00000000`0010fae0 00000000`7772c521 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd05 00000000`0010fb10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d