Yavuz
Reputation: 1393
disassamble function's start address in windbg
I can find a function's start address in gdb with the disas functionname command.
How can I do the same with WinDBG?
Upvotes: 4
Views: 7476
Answers (1)
Serg
Reputation: 2180
The x command displays the symbols in all contexts that match the specified pattern x [Options] Module!Symbol.
The uf command displays an assembly translation of the specified function in memory uf [Options] Address
.
0:000> x handle!main*
00000000`00d17154 handle!mainret = 0n0
00000000`00d113f0 handle!main (int, char **)
00000000`00d11840 handle!mainCRTStartup (void)
0:000> uf main
handle!main [d:\documents\visual studio 2010\projects\handle\handle\main.cpp @ 27]:
27 00000000`00d113f0 55 push rbp
27 00000000`00d113f1 8bec mov ebp,esp
27 00000000`00d113f3 81ece8000000 sub esp,0E8h
27 00000000`00d113f9 53 push rbx
27 00000000`00d113fa 56 push rsi
Or simply using any address within function
0:000> uf 00d11465
handle!main [d:\documents\visual studio 2010\projects\handle\handle\main.cpp @ 27]:
27 00000000`00d113f0 55 push rbp
27 00000000`00d113f1 8bec mov ebp,esp
27 00000000`00d113f3 81ece8000000 sub esp,0E8h
27 00000000`00d113f9 53 push rbx
27 00000000`00d113fa 56 push rsi
27 00000000`00d113fb 57 push rdi
Upvotes: 6
Related Questions
- Using IDebugControl::Disassemble to view the instructions of a subroutine
- Windbg disassembler address resolution
- Viewing function arguments in WinDbg
- Remove address from instruction disassembled via dbgeng's DisassembleWide()
- Modify function contents at runtime with WinDbg
- Finding a function's address in C++
- Why won't windbg disassemble half of my function?
- windbg how to unassemble instructions located inside an exported function of user32.dll
- Retrieving address of a function from ExE or Bin file
- call stack and disassembly doubt