Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/delphi/8.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
windbg脚本查找是否存在唯一的\u ptr<;对象>;是否为空,字符串是否匹配_Windbg - Fatal编程技术网
Fatal编程技术网
  • windbg/
  • windbg脚本查找是否存在唯一的\u ptr<;对象>;是否为空,字符串是否匹配

windbg脚本查找是否存在唯一的\u ptr<;对象>;是否为空,字符串是否匹配

windbg

windbg脚本查找是否存在唯一的\u ptr<;对象>;是否为空,字符串是否匹配,windbg,Windbg,我大便了。我试图在内存中查找包含特定字符串的对象。 ClassA->name应该等于(18750736-6e77-48a7-9dca-8fdf041e05d2:132257155499245423)和ClassA->classC对象对于有效的ClassA对象,不应该是空的和ClassA->name=ClassA->classC->name2 ClassA { // at offset 0x30 wstring name; // looking for ClassC objects w

我大便了。我试图在内存中查找包含特定字符串的对象。 
ClassA->name
应该等于
(18750736-6e77-48a7-9dca-8fdf041e05d2:132257155499245423)
ClassA->classC
对象对于有效的
ClassA
对象,不应该是
空的
ClassA->name
=
ClassA->classC->name2


ClassA
{
   // at offset 0x30
   wstring name; // looking for ClassC objects which have name == (18750736-6e77-48a7-9dca-8fdf041e05d2:132257155499245423)

   unique_ptr<ClassC> classC; // at offset 0xa8
};


ClassC
{
   wstring name2; // name2 == name in a valid object.
};



我无法理解您脚本中的逻辑

1) 搜索宽字符串并获取其地址

然后你开始直接操纵那个地址

我想您知道std::wstring是一种结构

我也认为你知道

上面的搜索结果是std::wstring.c_str()的地址

我还假设您理解std::wstring中的短字符串优化

wstring将并且可以在其自身中嵌入一个短字符串
或提供指向字符串的指针

因此我再次假定您理解该地址与A类没有关系

通过搜索地址空间获得的此地址将位于std::wstring中

(不能是这种情况,因为您的字符串太长,无法调用sso)

或者指向std::wstring在其

构造函数(可能在某些地方的堆中)

减去0x30并将0xa8等添加到此地址都将导致垃圾

您似乎正在将此垃圾地址转换为指向类C的指针

请更正或编辑您的帖子以澄清您的意图

我做了一个快速的黑客来代表你的类a,并在windbg中显示它看一看


0:000> dx Debugger.Utility.Control.ExecuteCommand("s -[w]u 1f0000 l?(285000-1f0000) this").Take(2)

    [0x0]            : 002eb048  0074 0068 0069 0073 0020 0069 0073 0020  t.h.i.s. .i.s. .

0:000> ?? (foo._Mypair._Myval2->Aname._Mypair._Myval2._Bx._Ptr)
wchar_t * 0x002eb048
 "this is Aname's name ANAME"

0:000> dx foo
foo                 : unique_ptr {...} [Type: std::unique_ptr<A,std::default_delete<A> >]
    [<Raw View>]     [Type: std::unique_ptr<A,std::default_delete<A> >]
    [ptr]            : 0x2eaf80 [Type: A *]
    [deleter]        : default_delete [Type: std::_Compressed_pair<std::default_delete<A>,A *,1>]
    [+0x000] bf               : "1337" [Type: char [48]]
    [+0x030] Aname            : "this is Aname's name ANAME" [Type: std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >]
    [+0x048] cf               : ".???" [Type: char [96]]
    [+0x0a8] AnotherClass     : empty [Type: std::unique_ptr<C,std::default_delete<C> >]


std::unique\u ptr


0:000> !address 0x18f9d0

Usage:                  Stack
Base Address:           0018d000
End Address:            00190000
Region Size:            00003000 (  12.000 kB)
State:                  00001000          MEM_COMMIT
Protect:                00000004          PAGE_READWRITE
Type:                   00020000          MEM_PRIVATE
Allocation Base:        00090000
Allocation Protect:     00000004          PAGE_READWRITE
More info:              ~0k

0:000> ~0k
 # ChildEBP RetAddr  
00 0018f9e0 00216f4c smartptr!main+0x198 smartptr.cpp @ 26 
01 (Inline) -------- smartptr!invoke_main+0x1c 
02 0018fa28 762ced6c smartptr!__scrt_common_main_seh+0xfa 
03 0018fa34 779b37eb kernel32!BaseThreadInitThunk+0xe
04 0018fa74 779b37be ntdll!__RtlUserThreadStart+0x70
05 0018fa8c 00000000 ntdll!_RtlUserThreadStart+0x1b



谢谢你指出这些缺点。。我的主要问题是关于如何在windbg脚本中执行条件逻辑?你能回答这个问题吗?请参见脚本中的这一行。//如何查找t是空的还是有值?


0:000> dx &foo
&foo                 : 0x18f9d0 : unique_ptr {...} [Type: std::unique_ptr<A,std::default_delete<A> > *]



0:000> !address 0x002eb048

Usage:                  Heap
Base Address:           002e0000
End Address:            002f0000
Region Size:            00010000 (  64.000 kB)
State:                  00001000          MEM_COMMIT
Protect:                00000004          PAGE_READWRITE
Type:                   00020000          MEM_PRIVATE
Allocation Base:        002e0000
Allocation Protect:     00000004          PAGE_READWRITE
More info:              heap owning the address: !heap 0x2e0000
More info:              heap segment
More info:              heap entry containing the address: !heap -x 0x2eb048

0:000> !heap -x 0x002eb048
SEGMENT HEAP ERROR: failed to initialize the extention
Entry     User      Heap      Segment       Size  PrevSize  Unused    Flags
-----------------------------------------------------------------------------
002eb040  002eb048  002e0000  002e0000        58        c8        18  busy extra fill 



0:000> !address 0x18f9d0

Usage:                  Stack
Base Address:           0018d000
End Address:            00190000
Region Size:            00003000 (  12.000 kB)
State:                  00001000          MEM_COMMIT
Protect:                00000004          PAGE_READWRITE
Type:                   00020000          MEM_PRIVATE
Allocation Base:        00090000
Allocation Protect:     00000004          PAGE_READWRITE
More info:              ~0k

0:000> ~0k
 # ChildEBP RetAddr  
00 0018f9e0 00216f4c smartptr!main+0x198 smartptr.cpp @ 26 
01 (Inline) -------- smartptr!invoke_main+0x1c 
02 0018fa28 762ced6c smartptr!__scrt_common_main_seh+0xfa 
03 0018fa34 779b37eb kernel32!BaseThreadInitThunk+0xe
04 0018fa74 779b37be ntdll!__RtlUserThreadStart+0x70
05 0018fa8c 00000000 ntdll!_RtlUserThreadStart+0x1b