In the Disassembly window, I have something like:
在Disassembly窗口中,我有类似的东西:
call dword ptr ds:[6275FCh]
What can I type in the address box, in order to go to the indirect address pointed to by [6275FCh], without having to copy-paste it from the Memory window, and of course without tracing into the thing?
我可以在地址框中输入什么内容,以便转到[6275FCh]指向的间接地址,而无需从内存窗口中复制粘贴它,当然也不需要跟踪该内容?
EDIT: Actually the ultimate dream would be to resolve the address directly to a symbol, but I doubt that is possible...
编辑:实际上最终的梦想是将地址直接解析为符号,但我怀疑这是可能的......
1 个解决方案
#1
Well, I finally solved this a few weeks ago. So I figured, why not share?
好吧,几周前我终于解决了这个问题。所以我想,为什么不分享?
The thing is that even the address field in the debugger's disassembly and memory windows are "type-aware"
问题是即使调试器的反汇编和内存窗口中的地址字段也是“类型感知”的
And the type of 6275FCh (or 0x6275FC) is void*. Thus the data pointed to by that constant is meaningless. In order to give it a meaning we must cast it to a useful type. Consequently the answer to my question above is, type this into the address box:
并且6275FCh(或0x6275FC)的类型为void *。因此,该常量指向的数据毫无意义。为了赋予它一个含义,我们必须将其转换为有用的类型。因此,上面我的问题的答案是,在地址框中键入:
*(int*)0x006275FC // *(int*)006275FCh works as well
And another nifty example is, to type this into the address field:
另一个漂亮的例子是,在地址字段中输入:
*((int*)ESP + 1)
The memory window will always show the buffer pointed to by the second element on the stack!
内存窗口将始终显示堆栈中第二个元素指向的缓冲区!
[32-bit-ints assumed above]
[以上假设为32位]
#1
Well, I finally solved this a few weeks ago. So I figured, why not share?
好吧,几周前我终于解决了这个问题。所以我想,为什么不分享?
The thing is that even the address field in the debugger's disassembly and memory windows are "type-aware"
问题是即使调试器的反汇编和内存窗口中的地址字段也是“类型感知”的
And the type of 6275FCh (or 0x6275FC) is void*. Thus the data pointed to by that constant is meaningless. In order to give it a meaning we must cast it to a useful type. Consequently the answer to my question above is, type this into the address box:
并且6275FCh(或0x6275FC)的类型为void *。因此,该常量指向的数据毫无意义。为了赋予它一个含义,我们必须将其转换为有用的类型。因此,上面我的问题的答案是,在地址框中键入:
*(int*)0x006275FC // *(int*)006275FCh works as well
And another nifty example is, to type this into the address field:
另一个漂亮的例子是,在地址字段中输入:
*((int*)ESP + 1)
The memory window will always show the buffer pointed to by the second element on the stack!
内存窗口将始终显示堆栈中第二个元素指向的缓冲区!
[32-bit-ints assumed above]
[以上假设为32位]