问题描述
有一个堆栈跟踪结束于一个卸载的模块。为了确保堆栈有意义,我想拆卸卸载的模块(另外检查一个呼叫是否可以从给定的地址开始(访问冲突:尝试从无效地址读取))。我可以加载模块(windbg): .reload Unloaded.Dll = base,size
但是在这个重新加载之后,我无法反汇编代码。有办法完成这个吗?提前感谢任何帮助! GMore
Marc Sherman的提示(见上面的注释):
使用windbg,您可以加载dll作为崩溃倾倒。在加载后输入lm命令并按相对于给定基地的地址进行拆卸。
Got a stack trace that ends in an unloaded module. To make sure the stack makes sense I would like to disassemble the unloaded module (in other to check whether a call can start on the address given (access violation: attempt to read from an invalid address)). I can load the module (windbg):
.reload Unloaded.Dll=base,size
But after this reload I’m not able to disassemble the code. Is there a way to accomplish this? Thanks in advance for any help! GMore
Tip from Marc Sherman (see comments above):With windbg your can load a dll as a crash dump. After the load type the "lm" command and disassemble on the address wanted relative to the base given.
这篇关于拆卸卸载模块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!