有没有办法通过windbg查看堆栈帧上指针存储的地址？

Question

这是我用 VC++ 编写的一个简单程序：

#include "stdafx.h
#include <iostream>

using namespace std;

int _tmain(int argc, _TCHAR* argv[])
{
  int foo = 10;
  int* bar = &foo;
  cout<<bar<<endl;
  getchar();
  return 0;
}

我机器上的输出是： 0035F95C

通过windbg附加进程并查看反汇编后，我无法计算上面的地址。我知道我需要到达堆栈帧并查看本地变量并遍历地址，但不确定 Windbg 中的命令。你会如何处理这个问题？

Answer 1

使用 .frame 命令查看堆栈帧。

使用dv或dt命令查看变量的值。

http://www.codeproject.com/KB/debug/windbg_part1.aspx

Answer 2

Thu 12/30/2010 20:04:38.48\>type stdafx.h
//dummmy file to satisfy compiler
Thu 12/30/2010 20:05:04.70\>type windb.cpp
#include "stdafx.h"
#include <iostream>

using namespace std;

int _tmain(int argc, _TCHAR* argv[])
{
  int foo = 10;
  int* bar = &foo;
  cout<<bar<<endl;
  getchar();
  return 0;
}

Thu 12/30/2010 20:05:28.87\>bcc32 -v -ls -w-8057 windb.cpp
Borland C++ 5.5.1 for Win32 Copyright (c) 1993, 2000 Borland
windb.cpp:
Turbo Incremental Link 5.00 Copyright (c) 1997, 2000 Borland

Thu 12/30/2010 20:05:48.85\>map2dbg windb.exe
Converted 1644 symbols.
Thu 12/30/2010 20:06:04.07\>windb.exe
0012FF88 


lets run windbg noninvasive look for stack and check disassembly of main find 
where 10 is used in windbg

cdb -pv -pn windb.exe

Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach
Symbol search path is: SRV*F:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:
WARNING: **Process 2312** is not attached as a debuggee
         The process can be examined but debug events will not be received
.........
(908.1c8): Wake debugger - code 80000007 (first chance)
eax=0012fe48 ebx=00000000 ecx=0012ff10 edx=00862a30 esi=0012fd58 edi=00250688
eip=7c90e514 esp=0012fcf8 ebp=0012fd18 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
ntdll!KiFastSystemCallRet:
7c90e514 c3              ret
0:000> .tlist windb.exe
 0n2312 windb.exe
0:000> kn
 # ChildEBP RetAddr
00 0012fcf4 7c90daea ntdll!KiFastSystemCallRet
01 0012fcf8 7c912de8 ntdll!ZwRequestWaitReplyPort+0xc
02 0012fd18 7c872a51 ntdll!CsrClientCallServer+0x8c
03 0012fe14 7c872b98 kernel32!ReadConsoleInternal+0x1be
04 0012fe9c 7c8018b7 kernel32!ReadConsoleA+0x3b
*** WARNING: Unable to verify checksum for F:\Borland\windb\windb.exe
05 0012fef4 004111fd kernel32!ReadFile+0x64
06 0012ff14 00410fcb windb!_rtl_read+0x35
07 0012ff40 004117a7 windb!__read+0x9b
08 0012ff5c 00411865 windb!c798_0+0x5b
09 0012ff6c 004117ff windb!fgetc+0x61
0a 0012ff78 00401198 windb!_fgetc+0x13
**0b 0012ff8c 00417c4e windb!main+0x48**
0c 0012ffc0 7c817077 windb!c1770_0+0x172
0d 0012fff0 00000000 kernel32!BaseProcessStart+0x23
0:000> uf windb!main
windb!main:
00401150 55              push    ebp
00401151 8bec            mov     ebp,esp
00401153 51              push    ecx
00401154 53              push    ebx
00401155 c745fc0a000000  **mov     dword ptr [ebp-4],0Ah**
0040115c 8d5dfc          lea     ebx,[ebp-4]
0040115f 68a0114000      push    offset windb!std::basic_ostream<char, std::char
_traits<char> >& std::endl<char, std::char_traits<char> >(std::basic_ostream<cha
r, std::char_traits<char> >&) (004011a0)
00401164 53              push    ebx
00401165 68f8034200      push    offset windb!d1862_1+0x9bc (004203f8)
0040116a e8ed7f0000      call    windb!std::basic_ostream<char, std::char_traits
<char> >::operator <<(const void *) (0040915c)
0040116f 83c408          add     esp,8
00401172 50              push    eax
00401173 e8a4810000      call    windb!std::basic_ostream<char, std::char_traits
<char> >::operator <<(std::basic_ostream<char, std::char_traits<char> >& (*)(std
::basic_ostream<char, std::char_traits<char> >&)) (0040931c)
00401178 83c408          add     esp,8
0040117b b8ece04100      mov     eax,offset windb!_streams (0041e0ec)
00401180 ff4808          dec     dword ptr [eax+8]
00401183 7809            js      windb!main+0x3e (0040118e)

windb!main+0x35:
00401185 baece04100      mov     edx,offset windb!_streams (0041e0ec)
0040118a ff02            inc     dword ptr [edx]
0040118c eb0b            jmp     windb!main+0x49 (00401199)

windb!main+0x3e:
0040118e 68ece04100      push    offset windb!_streams (0041e0ec)
00401193 e854060100      call    windb!_fgetc (004117ec)
00401198 59              pop     ecx

windb!main+0x49:
00401199 33c0            xor     eax,eax
0040119b 5b              pop     ebx
0040119c 59              pop     ecx
0040119d 5d              pop     ebp
0040119e c3              ret
0:000> .frame /r 0x0b
0b 0012ff8c 00417c4e windb!main+0x48
eax=0012fe48 ebx=00862a30 ecx=0012ff10 edx=00862a30 esi=0012fd58 edi=00250688
eip=00401198 esp=0012ff80 ebp=0012ff8c iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
windb!main+0x48:
00401198 59              pop     ecx
0:000> dd 12ff7c l8
0012ff7c  00401198 0041e0ec 7ffde000 0000000a
0012ff8c  0012ffb8 00417c4e 00000001 008621c4
0:000> dds 12ff7c l8
0012ff7c  00401198 windb!main+0x48
0012ff80  0041e0ec windb!_streams
0012ff84  7ffde000
**0012ff88  0000000a**
0012ff8c  0012ffb8
0012ff90  00417c4e windb!c1770_0+0x172
0012ff94  00000001
0012ff98  008621c4
0:000>