好的,这是我的问题。在我将变量压入堆栈然后为局部变量创建空间之后。从程序返回之前,如何使用 DumpMem 显示堆栈?
include irvine32.inc
.data
X sdword 10, -10, 20, -20, 30, -30, 40, -40
.code
begin:
mov ecx, offset x
push ecx
call StackProcedure
StackProcedure PROC
push ebp
mov ebp, esp
sub esp, 32
lea esi, [ebp-32]
mov ecx, 32
L1: mov BYTE PTR [esi], '*'
inc esi
loop L1
add esp, 32
pop ebp
ret
StackProcedure ENDP
finfin:
invoke exitProcess,0
end begin
IrvineDumpMem只需要寄存器中的三个值。只有这些寄存器被附加,当函数返回时,其他所有内容(寄存器、内存、堆栈)都不会改变。所以,它的使用很简单:
include irvine32.inc
.data
X sdword 10, -10, 20, -20, 30, -30, 40, -40
.code
StackProcedure PROC
push ebp
mov ebp, esp
sub esp, 32
lea esi, [ebp-32]
mov ecx, 32
L1: mov BYTE PTR [esi], '*'
inc esi
loop L1
mov esi, esp ; Start address
mov ecx, 48 ; Number of bytes to dump
mov ebx, 1 ; 1 - size byte
call DumpMem ; call Irvine's DumpMem
add esp, 32
pop ebp
ret
StackProcedure ENDP
main PROC
mov ecx, offset x
push ecx
call StackProcedure
invoke exitProcess,0
main ENDP
END main
我想这实际上并没有被问到。Irvine'sDumpMem没有显示除起始地址外的地址,也没有反汇编程序转储中预期的等效 ASCII 字符。由于它有自己的显示(标题和换行符),它不能嵌入到提供附加信息的函数之间。这是一个显示一行 16 字节的函数,其中包含地址、十六进制值和 ASCII 字符:
include irvine32.inc
.data
X sdword 10, -10, 20, -20, 30, -30, 40, -40
.code
DumpMemLine PROC C USES EBX ESI, address:PTR ; dumps 16 bytes hex & char
mov eax, address
call WriteHex ; call Irvine's WriteHex (8 hex digits)
mov al, ' '
call WriteChar ; call Irvine's WriteChar (space)
call WriteChar ; call Irvine's WriteChar (space)
mov esi, address
mov ecx, 16
L1:
mov al, [esi]
cmp al, 14 ; ASCII code >= 14d?
jae @F ; Yes, can be written unchanged
cmp al, 7 ; ASCII code < 7d?
jb @F ; Yes, can be written unchanged
cmp al, 11 ; ASCII code == 11d?
je @F ; Yes, can be written unchanged
cmp al, 12 ; ASCII code == 12d?
je @F ; Yes, can be written unchanged
mov al, ' ' ; Replace characters that `WriteChar` will "cook" (7,8,9,10,13)
@@: ; This is label where the `jcond @F` jump to
mov ebx, 1 ; Two hex digits
call WriteHexB ; call Irvine's WriteHexB
mov al, ' '
call WriteChar ; call Irvine's WriteChar (space)
inc esi
loop L1
call WriteChar ; call Irvine's WriteChar (space)
mov esi, address
mov ecx, 16
@@:
mov al, [esi]
call WriteChar ; call Irvine's WriteChar
inc esi
loop @B
mov al, 10
call WriteChar ; call Irvine's WriteChar (line feed)
ret
DumpMemLine ENDP
StackProcedure PROC
push ebp
mov ebp, esp
sub esp, 32
lea esi, [ebp-32]
mov ecx, 32
L1: mov BYTE PTR [esi], '*'
inc esi
loop L1
mov esi, esp ; Start address
mov ecx, 48 ; Number of bytes to dump
mov ebx, 1 ; 1 - size byte
call DumpMem ; call Irvine's DumpMem
; Dump three lines à 16 bytes
push esp ; Argument for DumpMemLine
call DumpMemLine
add dword ptr [esp], 16 ; Increment the pushed argument
call DumpMemLine
add dword ptr [esp], 16 ; Increment the pushed argument
call DumpMemLine
add esp, 4 ; Clean up the stack
add esp, 32
pop ebp
ret
StackProcedure ENDP
main PROC
mov ecx, offset x
push ecx
call StackProcedure
invoke exitProcess,0
main ENDP
END main
我认为您正在尝试查看内存转储,如果它是正确的,您可以使用 GDB 调试器来调试您的程序,还可以通过设置断点来查看寄存器、段、控制寄存器、帧等内存详细信息,并点击链接以获取有关 GDB 的更多信息,
http://www.yolinux.com/TUTORIALS/GDB-Commands.html