Windbg忽略更改寄存器以克服访问冲突

Question

Windbg忽略更改寄存器以克服访问冲突

我试图使用WinDbg在我的程序中调试访问冲突.调试器正确捕获访问冲突:

(2604.1e74): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0808e7fb ebx=007b39f8 ecx=000116e7 edx=7ead8618 esi=00000000 edi=00000000
eip=006ed845 esp=0818ff24 ebp=0818ff30 iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
image00400000!t_control.is_focused+0x15:
006ed845 8b8051070000    mov     eax,dword ptr [eax+751h] ds:002b:0808ef4c=????????

Run Code Online (Sandbox Code Playgroud)

我想"跳过"访问冲突,以便我可以继续调试(例如,逐步退出故障函数以检查调用者的数据结构).所以我改变eax它指向一个可读的内存,例如当前的代码,所以我这样做:

0:025> r eax=eip

Run Code Online (Sandbox Code Playgroud)

这似乎工作正常,因为以下验证似乎表明:

0:025> r
eax=006ed845 ebx=007b39f8 ecx=000116e7 edx=7ead8618 esi=00000000 edi=00000000
eip=006ed845 esp=0818ff24 ebp=0818ff30 iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
image00400000!t_control.is_focused+0x15:
006ed845 8b8051070000    mov     eax,dword ptr [eax+751h] ds:002b:006edf96=012c0000

Run Code Online (Sandbox Code Playgroud)

但是,只要我尝试步进(或继续)程序,它就会以完全相同的方式再次出错,就像寄存器根本没有改变一样:

0:025> p
(2604.1e74): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0808e7fb ebx=007b39f8 ecx=000116e7 edx=7ead8618 esi=00000000 edi=00000000
eip=006ed845 esp=0818ff24 ebp=0818ff30 iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
image00400000!t_control.is_focused+0x15:
006ed845 8b8051070000    mov     eax,dword ptr [eax+751h] ds:002b:0808ef4c=????????

Run Code Online (Sandbox Code Playgroud)

我究竟做错了什么？(调试对象是一个用Delphi编写的32位程序,在64位Windows 7下运行在WinDbg X86下.调试对象和WinDbg都没有升级.)

Answer 1

Kje*_*nar 6

你必须使用

gh (Go with Exception Handled)

Run Code Online (Sandbox Code Playgroud)

在操作了eax寄存器后继续

(2f14.1950): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=7efde000 ecx=94a31deb edx=0f709488 esi=0033f99c edi=0033fa80
eip=000d1a3f esp=0033f99c ebp=0033fa80 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
SimpleCrash!wmain+0x3f:
000d1a3f 8b08            mov     ecx,dword ptr [eax]  ds:002b:00000000=????????

0:000> r @eax=@eip
0:000> gh
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=77882100 edi=778820c0
eip=7779fcc2 esp=0033f9e8 ebp=0033fa04 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!NtTerminateProcess+0x12:
7779fcc2 83c404          add     esp,4

Run Code Online (Sandbox Code Playgroud)

归档时间：	12 年，5 月前
查看次数：	735 次
最近记录：	12 年，5 月前