当它说 "No function contains program counter for selected frame" 时如何强制 GDB 反汇编代码?
How to force GDB to disassemble code when it says "No function contains program counter for selected frame"?
How to force GDB to disassemble code when it says "No function contains program counter for selected frame"?
调试程序,从绝对地址 0x00402200 开始,尝试反汇编此地址的代码时得到以下输出:
[New Thread 65212.0x10378]
Breakpoint 1, 0x00402200 in ?? ()
(gdb) stepi
0x00402202 in ?? ()
(gdb) stepi
0x00402207 in ?? ()
(gdb) stepi
0x0040220a in ?? ()
(gdb) stepi
0x0040220f in ?? ()
(gdb) disassemble
No function contains program counter for selected frame.
(gdb) stepi
0x00401000 in start ()
正在调试的文件是用于教育目的(逆向工程)的 Win32 PE。
有什么方法可以让GDB从地址开始反汇编吗?否则,我有什么选择(即其他工具)?
disassemble 的文档:(gdb) help disassemble 说:
Disassemble a specified section of memory.
Default is the function surrounding the pc of the selected frame.
...
With a single argument, the function surrounding that address is dumped.
Two arguments (separated by a comma) are taken as a range of memory to dump,
in the form of "start,end", or "start,+length".
因此,在您的情况下,由于它们不是围绕程序计数器 (PE) 的函数,因此您应该使用双参数形式,例如:
disassemble 0x00402200, +16 或 disassemble 0x00402200, 0x00402210.
希望对您有所帮助!
我知道这并不能直接回答您的问题,但既然已经有人回答了...
您可以使用 set disassemble-next-line on 告诉 GDB 显示下一条指令。
How to force GDB to disassemble code when it says "No function contains program counter for selected frame"?
调试程序,从绝对地址 0x00402200 开始,尝试反汇编此地址的代码时得到以下输出:
[New Thread 65212.0x10378]
Breakpoint 1, 0x00402200 in ?? ()
(gdb) stepi
0x00402202 in ?? ()
(gdb) stepi
0x00402207 in ?? ()
(gdb) stepi
0x0040220a in ?? ()
(gdb) stepi
0x0040220f in ?? ()
(gdb) disassemble
No function contains program counter for selected frame.
(gdb) stepi
0x00401000 in start ()
正在调试的文件是用于教育目的(逆向工程)的 Win32 PE。
有什么方法可以让GDB从地址开始反汇编吗?否则,我有什么选择(即其他工具)?
disassemble 的文档:(gdb) help disassemble 说:
Disassemble a specified section of memory.
Default is the function surrounding the pc of the selected frame.
...
With a single argument, the function surrounding that address is dumped.
Two arguments (separated by a comma) are taken as a range of memory to dump,
in the form of "start,end", or "start,+length".
因此,在您的情况下,由于它们不是围绕程序计数器 (PE) 的函数,因此您应该使用双参数形式,例如:
disassemble 0x00402200, +16 或 disassemble 0x00402200, 0x00402210.
希望对您有所帮助!
我知道这并不能直接回答您的问题,但既然已经有人回答了...
您可以使用 set disassemble-next-line on 告诉 GDB 显示下一条指令。