 |
|
|
|
|
|
|
|
C/C++本地代码调试
帖子发起人: qstesiro 发起时间: 2015-05-18 20:59 下午 回复: 3
  
|
|
帖子排序:
|
|
|
|
 2015-05-18, 20:59 下午
|
qstesiro
注册: 2014-04-16
发 贴: 18
|
![Hmm [^o)]](/emoticons/emotion-40.gif)
反汇编不正确
|
|
|
|
|
今天看了分析了一个dump(完整的dump),发现反汇编不正确,之前没有遇到过,完整的dump反汇编都是没有问题的,请教是这什么原因,谢谢
以下是栈与反汇编的内容:
0:000> ~0 kv
ChildEBP RetAddr Args to Child
0012ec9c 64b0514d ffffffff 22812c18 00000000 mshtml!CHtmPost::Exec+0x637
0012ecb0 64c933f9 22812c18 00000000 0012ed30 mshtml!CHtmPost::RunNested+0x142 (FPO: [0,1,2])
0012ecd0 64b0537f 12f7c964 00000001 0012ed30 mshtml!CHtmLoad::Write+0x121
0012ecfc 64b052ea 12f7c964 0e9a6938 00001200 mshtml!CHtmCtx::Write+0x2a
0012ed40 64b0554e 24a48f68 24a76230 0e9a6938 mshtml!CDocument::write+0x1a0
0012ed60 64c2f10b 24a48f68 0e9a6938 24a81710 mshtml!Method_void_SAFEARRAYPVARIANTP+0x85
0012edd4 64c2ef72 24a48f68 0000041e 00000000 mshtml!CBase::ContextInvokeEx+0x5dc
0012ee00 64c3b7fa 24a48f68 0000041e 00000000 mshtml!CBase::InvokeEx+0x25
0012ee50 64bdf00c 24a48f68 0000000b 0000041e mshtml!DispatchInvokeCollection+0x14c
0012ee98 64bdbc52 24a48f68 0000041e 00000000 mshtml!CDocument::InvokeEx+0xf0
0012eec0 64bdbc0e 24a48f68 0000041e 00000000 mshtml!CBase::VersionedInvokeEx+0x20
0012ef14 66f9a26e 24a80360 0000041e 00000000 mshtml!PlainInvokeEx+0xeb
0012ef50 66f9a1b9 0eb4d020 0000041e 00000409 jscript!IDispatchExInvokeEx2+0x104
0012ef8c 66f9a43a 0eb4d020 00000409 00000001 jscript!IDispatchExInvokeEx+0x6a
0012f04c 66f9a4e4 0000041e 00000001 00000000 jscript!InvokeDispatchEx+0x98
0012f080 66fad9a8 0eb4d020 0012f0b4 00000001 jscript!VAR::InvokeByName+0x139
0012f0cc 66fada4f 0eb4d020 00000001 00000000 jscript!VAR::InvokeDispName+0x7d
0012f0f8 66fae4c7 0eb4d020 00000000 00000001 jscript!VAR::InvokeByDispID+0xce
0012f294 66fa5d7d 0012f2ac 00000000 2610d778 jscript!CScriptRuntime::Run+0x2b80
0012f37c 66fa5cdb 00000000 00000000 01f85508 jscript!ScrFncObj::CallWithFrameOnStack+0xce
0012f3c4 66fa5870 00000000 00000000 01f85508 jscript!ScrFncObj::Call+0x8d
0012f448 66fa4f84 2610d778 0eb4d020 00000001 jscript!NameTbl::InvokeInternal+0x2b4
0012f478 66fae4c7 0eb4d020 00000000 00000001 jscript!VAR::InvokeByDispID+0x17f
0012f614 66fa5d7d 0012f62c 0012f770 2610d6f8 jscript!CScriptRuntime::Run+0x2b80
0012f6fc 66fa5cdb 0012f770 00000000 00000000 jscript!ScrFncObj::CallWithFrameOnStack+0xce
0012f744 66fa5ef1 0012f770 00000000 00000000 jscript!ScrFncObj::Call+0x8d
0012f7c0 66fa620a 2610d6f8 0012f980 00000000 jscript!CSession::Execute+0x15f
0012f80c 66fac3b9 0dd4b5b8 0012f980 0012f990 jscript!COleScript::ExecutePendingScripts+0x1bd
0012f870 66fac1d1 0dd4b5b8 24f0305c 64b9f7b0 jscript!COleScript::ParseScriptTextCore+0x2a4
0012f898 64b9f774 0dd4b5bc 1dc3bd08 24f0305c jscript!COleScript::ParseScriptText+0x30
0012f8f0 64b9f58c 1dd01800 00000000 2486eee8 mshtml!CScriptCollection::ParseScriptText+0x218
0012f9b4 64b05648 00000000 00000000 00000000 mshtml!CScriptElement::CommitCode+0x3c2
0012f9dc 64b0d87e 2486eee8 2486eee8 1de248e8 mshtml!CMarkup::CommitQueuedScripts+0x55
0012f9fc 64b30d2d 2486eee8 24e7e740 0000000b mshtml!CMarkup::CommitQueuedScriptsInline+0x40
0012fa1c 64b4769e 24e7e75c 24e7e708 0012fb24 mshtml!CMarkup::UnblockScriptExecutionHelper+0x47
0012fa2c 64b6e9e1 00000000 0012fa50 64b6e93a mshtml!CMarkup::UnblockScriptExecution+0x41
0012fa38 64b6e93a 0012fb68 000000ff 00380be0 mshtml!CScriptElement::EnsureScriptDownloadLeft+0x1f (FPO: [0,0,1])
0012fb24 64b0ce00 24e7e708 0012fb40 64b7bf0e mshtml!CScriptElement::OnDwnChan+0x474
0012fb30 64b7bf0e 1da6dac0 24e7e708 0012fb74 mshtml!CScriptElement::OnDwnChanCallback+0xd
0012fb40 64bd93c2 1da6dac0 00000000 00380be0 mshtml!CDwnChan::OnMethodCall+0x19
0012fb74 64bce012 0012fc10 00008002 00000000 mshtml!GlobalWndOnMethodCall+0xff
0012fb94 771ac4e7 000605c2 00003b96 00000000 mshtml!GlobalWndProc+0x10c
0012fbc0 771ac5e7 64bb6853 000605c2 00008002 user32!InternalCallWinProc+0x23
0012fc38 771a1b31 00000000 64bb6853 000605c2 user32!UserCallWinProcCheckWow+0x14b (FPO: [Non-Fpo])
0012fc68 771a1b57 64bb6853 000605c2 00008002 user32!CallWindowProcAorW+0x99 (FPO: [Non-Fpo])
0012fc88 00410b8d 64bb6853 000605c2 00008002 user32!CallWindowProcW+0x1b (FPO: [Non-Fpo])
...... (省略了后续的栈帧)
0:000> ub mshtml!CHtmPost::Exec+0x637
^ Unable to find valid previous instruction for 'ub mshtml!CHtmPost::Exec+0x637'
0:000> u mshtml!CHtmPost::Exec+0x637
mshtml!CHtmParse::Execute+0x38:
64b7cf05 f7 ???
64b7cf06 0f85375e0000 jne mshtml!CHtmParse::Execute+0x3b (64b82d43)
64b7cf0c 8bb3a4000000 mov esi,dword ptr [ebx+0A4h]
64b7cf12 8b9b9c000000 mov ebx,dword ptr [ebx+9Ch]
64b7cf18 c1eb02 shr ebx,2
64b7cf1b 3bdf cmp ebx,edi
64b7cf1d 7469 je mshtml!CHtmParse::Execute+0xd9 (64b7cf88)
64b7cf1f 8b06 mov eax,dword ptr [esi]
0:000> ub mshtml!CHtmPost::RunNested+0x142
^ Unable to find valid previous instruction for 'ub mshtml!CHtmPost::RunNested+0x142'
0:000> u mshtml!CHtmPost::RunNested+0x142
mshtml!CDocument::write+0xd2:
64b05226 58 pop eax
64b05227 fd std
64b05228 ff ???
64b05229 ff8bd83bdf0f dec dword ptr [ebx+0FDF3BD8h]
64b0522f 8cfd mov ebp,st(-1)
64b05231 54 push esp
64b05232 16 push ss
64b05233 0033 add byte ptr [ebx],dh
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2015-05-19, 00:07 上午
|
Bombs
注册: 2014-01-16
发 贴: 15
|
|
|
|
因为你这个系统dll被微软做了性能优化,是为了减少页错误等把代码重排了!用IDA打开你会发现一个完整的函数其代码会被分割成多个代码块放在非连续的地址上。
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2015-05-21, 02:35 上午
|
qstesiro
注册: 2014-04-16
发 贴: 18
|
![Smile [:)]](/emoticons/emotion-1.gif)
Re: 反汇编不正确
|
|
|
|
|
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
2015-05-21, 21:38 下午
|
qstesiro
注册: 2014-04-16
发 贴: 18
|
|
|
|
再想请教一下,关于这部分的内容有什么资料给推荐一下吧,在网上找了一下没有找到相关的内容,谢谢了。
|
|
|
|
IP 地址: 已记录
|
报告
|
|
|
|
|
高端调试 » 软件调试 » C/C++本地代码调试 » Re: 反汇编不正确
|
|
|
|
|
|