是否可以根据反汇编推断出源码中的哪一行有问题?

发布于 2024-09-26 19:17:09 字数 1470 浏览 9 评论 0原文

问题存在于 017D0B5F call eax

017D0B56  mov         esi,esp 
017D0B58  mov         edx,dword ptr [ebp-20h] 
017D0B5B  push        edx  
017D0B5C  mov         eax,dword ptr [ecx+8] 
017D0B5F  call        eax  
017D0B61  cmp         esi,esp 
017D0B63  call        @ILT+2525(__RTC_CheckEsp) (17C49E2h) 
017D0B68  cmp         dword ptr [ebp-2Ch],0 
017D0B6C  je          CSourceStream::DoBufferProcessingLoop+10Ah (17D0B8Ah) 
017D0B6E  mov         eax,dword ptr [ebp-2Ch] 
017D0B71  push        eax  
017D0B72  push        offset string "Deliver() returned %08x; stoppin"... (17F7278h) 

这是相应的源代码:

 // Virtual function user will override.
 hr = FillBuffer(pSample);

 if (hr == S_OK) {
 hr = Deliver(pSample);
            pSample->Release();

            // downstream filter returns S_FALSE if it wants us to
            // stop or an error if it's reporting an error.
            if(hr != S_OK)
            {
              DbgLog((LOG_TRACE, 2, TEXT("Deliver() returned %08x; stopping"), hr));
              return S_OK;
            }

Is it possible to infer that line in source in the哪一行有问题根据反汇编?

更新

__RTC_CheckEsp是什么意思?

UPDATE2

在调试器中重现

alt text

UPDATE3

替代文字

The problem exists at 017D0B5F call eax :

017D0B56  mov         esi,esp 
017D0B58  mov         edx,dword ptr [ebp-20h] 
017D0B5B  push        edx  
017D0B5C  mov         eax,dword ptr [ecx+8] 
017D0B5F  call        eax  
017D0B61  cmp         esi,esp 
017D0B63  call        @ILT+2525(__RTC_CheckEsp) (17C49E2h) 
017D0B68  cmp         dword ptr [ebp-2Ch],0 
017D0B6C  je          CSourceStream::DoBufferProcessingLoop+10Ah (17D0B8Ah) 
017D0B6E  mov         eax,dword ptr [ebp-2Ch] 
017D0B71  push        eax  
017D0B72  push        offset string "Deliver() returned %08x; stoppin"... (17F7278h) 

Here's the corresponding source:

 // Virtual function user will override.
 hr = FillBuffer(pSample);

 if (hr == S_OK) {
 hr = Deliver(pSample);
            pSample->Release();

            // downstream filter returns S_FALSE if it wants us to
            // stop or an error if it's reporting an error.
            if(hr != S_OK)
            {
              DbgLog((LOG_TRACE, 2, TEXT("Deliver() returned %08x; stopping"), hr));
              return S_OK;
            }

Is it possible to infer which line in source has the problem according to disassembly?

UPDATE

What does __RTC_CheckEsp mean ?

UPDATE2

Reproducing in debugger

alt text

UPDATE3

alt text

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

动听の歌 2024-10-03 19:17:10

您可以使用DIA SDK查询源代码对应的哪一行RVA。请注意,DIA 需要符号(即 PDB 文件)。看看这个关于 RVA 的问题

确定相关反汇编的 RVA 后,您可以加载该二进制文件的 PDB。创建一个会话,然后查看 findLinesByRVA() IDiaSession 接口上的 函数。这将返回与该 RVA 对应的行的枚举。查询生成的 IDiaLineNumber 实例,了解行号对应的文件。

响应您的更新,__RTC_CheckEsp 是一个验证 esp、堆栈、寄存器的正确性的调用。调用它是为了确保在函数调用期间保存 esp 的值。这是编译器为您插入的东西。

You can use the DIA SDK to query what line of source corresponds to an RVA. Note that DIA requires the symbols (i.e. PDB files). Look at this SO question on RVAs.

After you have determined the RVA for the disassembly in question you can load the PDB for that binary. Create a session and then look at the findLinesByRVA() function on the IDiaSession interface. This will return you an enumeration of lines that correspond to that RVA. Query the resulting IDiaLineNumber instances for what file the line number corresponds to.

Responding to your update, __RTC_CheckEsp is a call that verifies the correctness of the esp, stack, register. It is called to ensure that the value of the esp was saved across a function call. It is something that the compiler inserts for you.

倾城花音 2024-10-03 19:17:09

看起来是 pSample->Release() 调用 - 您收到什么错误?

017D0B56  mov         esi,esp 
017D0B58  mov         edx,dword ptr [ebp-20h]     // get the pSample this pointer
017D0B5B  push        edx                         // push it
017D0B5C  mov         eax,dword ptr [ecx+8]       // move pSample to eax
017D0B5F  call        eax                         // call it
017D0B61  cmp         esi,esp                     // maybe a stack/heap check?
017D0B63  call        @ILT+2525(__RTC_CheckEsp) (17C49E2h) 
017D0B68  cmp         dword ptr [ebp-2Ch],0       // if hr!=S_OK
017D0B6C  je          CSourceStream::DoBufferProcessingLoop+10Ah (17D0B8Ah) 
017D0B6E  mov         eax,dword ptr [ebp-2Ch] 
017D0B71  push        eax                         // get ready to call DbgLog
017D0B72  push        offset string "Deliver() returned %08x; stoppin"... (17F7278h)

Looks like it is the pSample->Release() call - what error do you get?

017D0B56  mov         esi,esp 
017D0B58  mov         edx,dword ptr [ebp-20h]     // get the pSample this pointer
017D0B5B  push        edx                         // push it
017D0B5C  mov         eax,dword ptr [ecx+8]       // move pSample to eax
017D0B5F  call        eax                         // call it
017D0B61  cmp         esi,esp                     // maybe a stack/heap check?
017D0B63  call        @ILT+2525(__RTC_CheckEsp) (17C49E2h) 
017D0B68  cmp         dword ptr [ebp-2Ch],0       // if hr!=S_OK
017D0B6C  je          CSourceStream::DoBufferProcessingLoop+10Ah (17D0B8Ah) 
017D0B6E  mov         eax,dword ptr [ebp-2Ch] 
017D0B71  push        eax                         // get ready to call DbgLog
017D0B72  push        offset string "Deliver() returned %08x; stoppin"... (17F7278h)
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文