Shu*_*eng 10 debugging x86 assembly gdb portable-executable
如何强制GDB在"没有函数包含所选帧的程序计数器"时反汇编代码?
调试程序,从绝对地址开始,0x00402200在尝试反汇编此地址的代码时,我得到以下输出:
[New Thread 65212.0x10378]
Breakpoint 1, 0x00402200 in ?? ()
(gdb) stepi
0x00402202 in ?? ()
(gdb) stepi
0x00402207 in ?? ()
(gdb) stepi
0x0040220a in ?? ()
(gdb) stepi
0x0040220f in ?? ()
(gdb) disassemble
No function contains program counter for selected frame.
(gdb) stepi
0x00401000 in start ()
正在调试的文件是用于教育目的的Win32 PE(逆向工程).
有没有办法告诉GDB开始在地址上拆解?否则,我的替代方案(即其他工具)是什么?
小智 12
文件disassemble:(gdb) help disassemble说:
Disassemble a specified section of memory.
Default is the function surrounding the pc of the selected frame.
...
With a single argument, the function surrounding that address is dumped.
Two arguments (separated by a comma) are taken as a range of memory to dump,
in the form of "start,end", or "start,+length".
因此,在您的情况下,由于它们不是程序计数器(PE)的函数,您应该使用双参数形式,如:
disassemble 0x00402200, +16或disassemble 0x00402200, 0x00402210.
希望这可以帮助!