查找所有 C++使用 WinDbg 堆上 X 类型的对象
我试图在堆中查找 module!SomeClass
类型的所有对象。我以为这样的命令会起作用:
> s -v 0 L?0xfffffff module!SomeClass
但是可惜,它不起作用。如果我知道如何找到该类的 vtable 地址,我就可以在内存中搜索对该 vtable 的引用,但我也没有太多运气找到它。我该怎么做呢?
I'm trying to find all objects of type module!SomeClass
in the heap. I thought a command like this would've worked:
> s -v 0 L?0xfffffff module!SomeClass
but alas, it does not. If I knew how to find the vtable address for that class, I could then search memory for references to that vtable, but I haven't had much luck finding that either. How can I do it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我们从 vtable 开始的原因是因为任何继承虚函数的对象都会有一个 vtable 指针,它基本上是类上的静态变量。因此,当在堆中创建对象时,该类的每个对象都应该拥有对此 vtable 位置的引用。因此,我们基本上是试图从 vtable 指针获取对象本身。
UserPtr 基本上是堆管理器为 new 运算符返回的内存块的开始。这就是为什么 UserPtr 并不表示包含该值的内存位置,而是表示堆块的起始位置,因此在两个 vtable 中该值相同 000001e5ed716630
我们不能使用 s 命令来搜索 vtable 指针和堆中的对象,因为堆块不连续!
The reason why we start with vtables is because any object which inherit a virtual function will have a vtable pointer which is basically a static variable on the class. So every object of that class should have a reference to this vtable location when the object is created in the heap. So from vtable pointer we are basically trying to get hold of the object itself.
UserPtr is basically the starting of the block of memory returned by heap manager for new operator. That is why UserPtr does not mean the memory location which includes this value instead it is the starting of the heap block hence in both vtables the value is same 000001e5ed716630
We cannot use s command to search for the vtable pointer and the object in heap because heap blocks are not contiguous!!!