对 Internet Explorer 崩溃进行一些分析。(极光利用)。假设我在 01e2fe80 有一个对象的 vftable。我知道这个对象是一个 mshtml!CImgElement。我如何找到这个对象的大小?我怎么会发现对象 mshtml!CImgElement 是 x 字节大?
bp mshtml!CEventObj::GenericGetElement+0x93 ".printf \"esi = [%08x] \",esi;dds poi(esi) l1;gc"
esi = [01e2fe80] 01e2fcd0 7dc59478 mshtml!CImgElement::`vftable'
参考:
http://dreamofareverseengineer.blogspot.de/2011/10/reversing-aurora-vulnerability-cve-2010.html
C++ 表达式中的运算符 sizeof(type)返回数据类型的大小,但可能CImgElement包含私有数据并显示所需大小的私有信息(私有符号),这是 mshtml 模块所没有的。
0:021> ?? sizeof(MSHTML!CImgElement)
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: MSHTML!CImgElement ***
*** ***
*************************************************************************
Couldn't resolve error at 'MSHTML!CImgElement)'