是否可以搜索整个可执行内存空间以查找调用特定方法的所有位置?例如,我想找到调用MyApplcation!MyFunction的所有函数.使用"s"命令搜索特定的optcode不是一个选项,因为在我的情况下,call命令使用相对代码路径,因此optcode根据调用指令本身的位置而不同.
0:000> lm m calc
Browse full module list
start end module name
005f0000 006b0000 calc (pdb symbols) e:\symbols\calc.pdb
\971D2945E998438C847643A9DB39C88E2\calc.pdb
0:000> $$允许搜索所有在calc内存空间中调用运算符的新函数
0:000> # op*new 5f0000 l?(6b0000-5f0000)
产量
calc!WinMain+0x213:
005f17e7 e89a0a0000 call calc!operator new (005f2286)
calc!WinMain+0x272:
005f1843 e83e0a0000 call calc!operator new (005f2286)
calc!operator new+0x26:
005f229d 0f84fcb80200 je calc!operator new+0x11 (0061db9f)
calc!operator new[]+0x26:
005f32b1 0f8438a90200 je calc!operator new[]+0x11 (0061dbef)
calc!CCalculatorState::storeAndFire+0x7:
005f33c9 e83becffff call calc!operator new (005f2009)
calc!CCalculatorState::storeAndFire+0x76:
005f3437 e84aeeffff call calc!operator new (005f2286)
calc!CCalculatorState::storeAndFire+0x8a:
005f3447 e83aeeffff call calc!operator new (005f2286)
calc!CUIController::UpdateTwoLineDisplay+0x56:
005f35c7 e8cefcffff call calc!operator new[] (005f329a)
calc!ATL::CAutoVectorPtr<ATL::CAtlREMatchContext<ATL::CAtlRECharTraitsW>::MatchGroup>::Allocate+0x7:
005f3a8c e81ae8ffff call calc!operator new+0x30 (005f22ab)
calc!ATL::CAutoVectorPtr<ATL::CAtlREMatchContext<ATL::CAtlRECharTraitsW>::MatchGroup>::Allocate+0x27:
005f3aac e8e9f7ffff call calc!operator new[] (005f329a)
calc!ATL::CAtlREMatchContext<ATL::CAtlRECharTraitsW>::CAtlREMatchContext<ATL::CAtlRECharTraitsW>+0x7:
005f3b52 e8b2e4ffff call calc!operator new (005f2009)
calc!ATL::CAutoVectorPtr<void *>::Allocate+0x7:
| 归档时间: |
|
| 查看次数: |
683 次 |
| 最近记录: |