是否可以根据反汇编推断出源码中的哪一行有问题?
问题存在于 017D0B5F call eax :
017D0B56 mov esi,esp
017D0B58 mov edx,dword ptr [ebp-20h]
017D0B5B push edx
017D0B5C mov eax,dword ptr [ecx+8]
017D0B5F call eax
017D0B61 cmp esi,esp
017D0B63 call @ILT+2525(__RTC_CheckEsp) (17C49E2h)
017D0B68 cmp dword ptr [ebp-2Ch],0
017D0B6C je CSourceStream::DoBufferProcessingLoop+10Ah (17D0B8Ah)
017D0B6E mov eax,dword ptr [ebp-2Ch]
017D0B71 push eax
017D0B72 push offset string "Deliver() returned %08x; stoppin"... (17F7278h)
这是相应的源代码:
// Virtual function user will override.
hr = FillBuffer(pSample);
if (hr == S_OK) {
hr = Deliver(pSample);
pSample->Release();
// downstream filter returns S_FALSE if it wants us to
// stop or an error if it's reporting an error.
if(hr != S_OK)
{
DbgLog((LOG_TRACE, 2, TEXT("Deliver() returned %08x; stopping"), hr));
return S_OK;
}
Is it possible to infer that line in source in the哪一行有问题根据反汇编?
更新
__RTC_CheckEsp是什么意思?
UPDATE2
在调试器中重现
UPDATE3
The problem exists at 017D0B5F call eax :
017D0B56 mov esi,esp
017D0B58 mov edx,dword ptr [ebp-20h]
017D0B5B push edx
017D0B5C mov eax,dword ptr [ecx+8]
017D0B5F call eax
017D0B61 cmp esi,esp
017D0B63 call @ILT+2525(__RTC_CheckEsp) (17C49E2h)
017D0B68 cmp dword ptr [ebp-2Ch],0
017D0B6C je CSourceStream::DoBufferProcessingLoop+10Ah (17D0B8Ah)
017D0B6E mov eax,dword ptr [ebp-2Ch]
017D0B71 push eax
017D0B72 push offset string "Deliver() returned %08x; stoppin"... (17F7278h)
Here's the corresponding source:
// Virtual function user will override.
hr = FillBuffer(pSample);
if (hr == S_OK) {
hr = Deliver(pSample);
pSample->Release();
// downstream filter returns S_FALSE if it wants us to
// stop or an error if it's reporting an error.
if(hr != S_OK)
{
DbgLog((LOG_TRACE, 2, TEXT("Deliver() returned %08x; stopping"), hr));
return S_OK;
}
Is it possible to infer which line in source has the problem according to disassembly?
UPDATE
What does __RTC_CheckEsp mean ?
UPDATE2
Reproducing in debugger
UPDATE3
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以使用DIA SDK查询源代码对应的哪一行RVA。请注意,DIA 需要符号(即 PDB 文件)。看看这个关于 RVA 的问题。
确定相关反汇编的 RVA 后,您可以加载该二进制文件的 PDB。创建一个会话,然后查看
findLinesByRVA()IDiaSession接口上的 函数。这将返回与该 RVA 对应的行的枚举。查询生成的IDiaLineNumber实例,了解行号对应的文件。响应您的更新,
__RTC_CheckEsp是一个验证esp、堆栈、寄存器的正确性的调用。调用它是为了确保在函数调用期间保存 esp 的值。这是编译器为您插入的东西。You can use the DIA SDK to query what line of source corresponds to an RVA. Note that DIA requires the symbols (i.e. PDB files). Look at this SO question on RVAs.
After you have determined the RVA for the disassembly in question you can load the PDB for that binary. Create a session and then look at the
findLinesByRVA()function on theIDiaSessioninterface. This will return you an enumeration of lines that correspond to that RVA. Query the resultingIDiaLineNumberinstances for what file the line number corresponds to.Responding to your update,
__RTC_CheckEspis a call that verifies the correctness of theesp, stack, register. It is called to ensure that the value of theespwas saved across a function call. It is something that the compiler inserts for you.看起来是 pSample->Release() 调用 - 您收到什么错误?
Looks like it is the pSample->Release() call - what error do you get?