Re: .frame /c切换栈帧问题

WinDbg

.frame /c切换栈帧问题

lee0ne 2011-09-17, 12:44 下午

.frame /c
Sets the specified frame as the current local override context. This action allows a user to access the nonvolatile registers for any function in the call stack.


.frame /c切换栈帧之后,如何切换回来呢?

当我尝试切换回来的时候,显示如下错误:
0:001> .frame /c 0
Frame 0x0 is before current base frame 0x15

大家遇到过麽?
该肿麽办?
Windbg版本:6.12.0002.633

Re: .frame /c切换栈帧问题

格蠹老雷 2011-09-18, 11:03 上午
.cxr

Re: .frame /c切换栈帧问题

lee0ne 2011-09-18, 21:44 下午

实在太感激Raymond!!!

0:000> kvn
 # Child-SP          RetAddr           : Args to Child                                                           : Call Site
00 00000000`0010f968 00000000`77039e9e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa
01 00000000`0010f970 00000000`ff441064 : 00000000`002f0048 00000000`05570543 000007fe`fdf32164 00000000`00000001 : USER32!GetMessageW+0x34
02 00000000`0010f9a0 00000000`ff44133c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`002f3562 : notepad!WinMain+0x182
03 00000000`0010fa20 00000000`7713652d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : notepad!DisplayNonGenuineDlgWorker+0x2da
04 00000000`0010fae0 00000000`7772c521 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
05 00000000`0010fb10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
0:000> .frame /c 4
04 00000000`0010fae0 00000000`7772c521 kernel32!BaseThreadInitThunk+0xd
rax=0000000000000004 rbx=0000000000000000 rcx=00000000002ae0a0
rdx=000000000010f720 rsi=0000000000000000 rdi=0000000000000000
rip=000000007713652d rsp=000000000010fae0 rbp=0000000000000000
 r8=000007fefc2a6080  r9=000007fefc2cc580 r10=0000000000000000
r11=00000000008e2ba0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000244
kernel32!BaseThreadInitThunk+0xd:
00000000`7713652d 8bc8            mov     ecx,eax
0:000> .frame /c 0
Frame 0x0 is before current base frame 0x4
04 00000000`0010fae0 00000000`00000000 kernel32!BaseThreadInitThunk+0xd
rax=0000000000000004 rbx=0000000000000000 rcx=00000000002ae0a0
rdx=000000000010f720 rsi=0000000000000000 rdi=0000000000000000
rip=000000007713652d rsp=000000000010fae0 rbp=0000000000000000
 r8=000007fefc2a6080  r9=000007fefc2cc580 r10=0000000000000000
r11=00000000008e2ba0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000244
kernel32!BaseThreadInitThunk+0xd:
00000000`7713652d 8bc8            mov     ecx,eax
0:000> .cxr
Resetting default scope
0:000> kvn
 # Child-SP          RetAddr           : Args to Child                                                           : Call Site
00 00000000`0010f968 00000000`77039e9e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa
01 00000000`0010f970 00000000`ff441064 : 00000000`002f0048 00000000`05570543 000007fe`fdf32164 00000000`00000001 : USER32!GetMessageW+0x34
02 00000000`0010f9a0 00000000`ff44133c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`002f3562 : notepad!WinMain+0x182
03 00000000`0010fa20 00000000`7713652d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : notepad!DisplayNonGenuineDlgWorker+0x2da
04 00000000`0010fae0 00000000`7772c521 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
05 00000000`0010fb10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d

Powered by Community Server Powered by CnForums.Net