如何从优化的 Windows 二进制文件的故障转储中大致了解函数跟踪?
我有一个从 Windows X86-64 二进制文件 (XXX) 生成的故障转储文件。
00000000`005764aa : 00000000`00000abc 00000000`005d0c68 00000000`00000000 00000000`00000000 : kernel32!WaitForSingleObjectEx+0xdf
00000000`00572653 : 00000000`00da0480 00000000`008e0000 00000000`00e7ac10 00000000`00d83480 : xxx+0x1764aa
00000000`00431ddd : 00000000`00da0480 00000000`004c673c 0000b9f4`17498418 00000000`01ce1e8a : xxx+0x172653
00000000`00446b4e : 00000000`007b06fe 00000000`00000000 0000b9f4`17498418 00000000`00000000 : xxx+0x31ddd
00000000`00563dbb : 00000000`0000000f 00000000`005e4b80 00000000`00000000 00000000`005e5450 : xxx+0x46b4e
00000000`00442b3e : 00000000`0000000f 00000000`008d8d00 00000000`00614e00 005d5d48`00000000 : xxx+0x163dbb
00000000`005bd5d1 : 00000000`0000000f 00000000`008d8d00 00000000`00000000 00000000`00000000 : xxx+0x42b3e
00000000`77d596ac : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : xxx!OVdecrypt+0xa161
00000000`00000000 : 00000000`005bd460 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseProcessStart+0x2c
我有可执行文件。是否可以使用 objdump 或 dumpbin 将地址与函数名映射?
谢谢, 娜迦
I have a crash dump file generated from windows X86-64 binary (XXX).
00000000`005764aa : 00000000`00000abc 00000000`005d0c68 00000000`00000000 00000000`00000000 : kernel32!WaitForSingleObjectEx+0xdf
00000000`00572653 : 00000000`00da0480 00000000`008e0000 00000000`00e7ac10 00000000`00d83480 : xxx+0x1764aa
00000000`00431ddd : 00000000`00da0480 00000000`004c673c 0000b9f4`17498418 00000000`01ce1e8a : xxx+0x172653
00000000`00446b4e : 00000000`007b06fe 00000000`00000000 0000b9f4`17498418 00000000`00000000 : xxx+0x31ddd
00000000`00563dbb : 00000000`0000000f 00000000`005e4b80 00000000`00000000 00000000`005e5450 : xxx+0x46b4e
00000000`00442b3e : 00000000`0000000f 00000000`008d8d00 00000000`00614e00 005d5d48`00000000 : xxx+0x163dbb
00000000`005bd5d1 : 00000000`0000000f 00000000`008d8d00 00000000`00000000 00000000`00000000 : xxx+0x42b3e
00000000`77d596ac : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : xxx!OVdecrypt+0xa161
00000000`00000000 : 00000000`005bd460 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseProcessStart+0x2c
I have the executable with me. Is it possible to use objdump or dumpbin to map the address with the function name?
Thanks,
Naga
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论