问题描述
我正在尝试调试一些 win32API,例如返回句柄的 Createthread.如何获取windbg中的返回值?
我做了一些研究,发现返回值通常存储在 EAx 寄存器中.
如果我在 CreateThread 上设置断点,那么我可以进入 Createthread 的程序集,最终我会点击 ret 语句,这意味着 Createthread 正在返回.
此时我应该检查 EAX 寄存器的值以获取 HANDLE 值还是其他方式?
没有与测试 eax 基本相同的另一种方法.
如果你想学究:
eax 适用于 32 位.
rax 是您想要的 64 位应用程序
ret0 是 itanium 使用的
$retreg 是一个你可以使用的伪寄存器,它在所有情况下都能正常运行.
例如
0:028> r raxrax=00000000fff020000:028> 重新eax=fff020000:028> r $retreg$retreg=00000000fff02000I am trying to debug some win32API's like Createthread which returns a handle.How to get the return values in windbg?
I did some research and found that return values generally stored in EAx register.
If I put breakpoint on CreateThread then I can step into assembly of Createthread and ultimatelyw I will hit ret statement which means Createthread is returning .
At this point should I check the value of EAX register to get the HANDLE value or is the some other way?
There isn't another way that isn't basically the same as testing eax.
If you want to get pedantic:
eax works fine for 32 bit.
rax is what you'll want for 64 bit apps
ret0 is what itanium uses
$retreg is a pseudo register you can use that will behave properly in all cases.
e.g.
0:028> r rax rax=00000000fff02000 0:028> r eax eax=fff02000 0:028> r $retreg $retreg=00000000fff02000
这篇关于如何从windbg中的函数获取返回值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!