为什么 Windbg 不反汇编我的一半函数？

发布于 2024-12-02 21:10:33 字数 1209 浏览 2 评论 0原文

背景：我正在使用 Windbg 来诊断来自 Microsoft 的 WinQual 服务的小型转储的原因。我花时间在与构建时相同的路径位置中正确设置 PDB 和二进制文件，并且我在 Windbg 和此设置方面运气非常好。

今天我遇到了一个小型转储，我真的很想通过反汇编来了解问题，但 Windbg 只会反转函数的一部分。

我的函数如下所示：

SomeStruct* STDCALL getThing(int id)
{
    S_ASSERT(a);
    S_ASSERT(b);
    S_ASSERT(c);
    SomeStruct* result = fn(id);
    S_ASSERT(d);
    return result;
}

S_ASSERT 是我们的宏，它最终调用一个函数，其中 int 3 指令被命中，即使在发布版本中也是如此。如果不检查拆卸情况，我无法判断哪一个被击中了。

使用windbg，我可以跳转到调用堆栈中的getThing，激活反汇编并查看一些代码，但无法在反汇编中向后滚动。然后，我在 module!getThing 上添加了一个监视来获取函数地址，并将该地址写入反汇编窗口中。我得到的不是指令，而是大约 100 行 ???接下来是一些反汇编，它看起来不像函数入口点，但看起来确实像是正确函数的一部分。它看起来像这样：

No prior disassembly possible
module!getThing:
1d7d4aa0 ??              ???
1d7d4aa1 ??              ???
1d7d4aa2 ??              ???
...
1d7d4b0a 087d1c          or      byte ptr [ebp+1Ch],bh
1d7d4b0d 8b4004          mov     eax,dword ptr [eax+4]
1d7d4b10 8bf9            mov     edi,ecx
1d7d4b12 83e11f          and     ecx,1Fh
1d7d4b15 bb01000000      mov     ebx,1
...

那么，我如何说服 Windbg 显示其余的反汇编内容？或者，我是否误解了结果？除了 Visual Studio 之外，是否还有其他软件能够加载小型转储？

感谢您提供的任何见解！

原文

Background: I'm using windbg to diagnose causes from minidumps from Microsoft's WinQual service. I've taken the time to set things up properly with PDBs and binaries in the same path location as when they were built, and I've had very good luck with windbg and this setup.

Today I ran across a minidump where I'd really like to look through the disassembly to understand the problem, but windbg will only reverse a section of the function.

My function looks like this:

SomeStruct* STDCALL getThing(int id)
{
    S_ASSERT(a);
    S_ASSERT(b);
    S_ASSERT(c);
    SomeStruct* result = fn(id);
    S_ASSERT(d);
    return result;
}

S_ASSERT is our macro which eventually calls into a function, where the int 3 instruction is hit, even in release builds. I just can't tell which one was hit without inspecting the disassembly.

Using windbg, I can jump to getThingin the call stack, activate disassembly and see some code, but can't scroll back in the disassembly. I then added a watch on module!getThing to get the function address, and wrote that address in the disassembly window. Instead of instructions, I get ~100 lines of ??? followed by some disassembly which does not look like the function entry point but does look like part of the correct function. It looks like this:

No prior disassembly possible
module!getThing:
1d7d4aa0 ??              ???
1d7d4aa1 ??              ???
1d7d4aa2 ??              ???
...
1d7d4b0a 087d1c          or      byte ptr [ebp+1Ch],bh
1d7d4b0d 8b4004          mov     eax,dword ptr [eax+4]
1d7d4b10 8bf9            mov     edi,ecx
1d7d4b12 83e11f          and     ecx,1Fh
1d7d4b15 bb01000000      mov     ebx,1
...

So, how can I convince windbg to show the rest of the disassembly? Alternately, am I misinterpreting the results? Is there some other software able to load minidumps aside from Visual Studio?

Thank you for any insight you can provide!

分享到QQ

分享到微博