在 Olly/Immunity Debugger 中,我可以搜索“All intermodular call”。有没有办法使用 WinDBG 做到这一点?
谢谢
如何在 WinDBG 中搜索模块间调用
逆向工程
ollydbg
调试器
风袋
免疫调试器
2021-06-15 14:13:18
1个回答
搜索pattern in windbg以找到所有模块间调用
0:000> # ff15 calc l?c40
calc!TtoL+0x1a:
0100164a ff151c110001 call dword ptr [calc!_imp__CharNextW (0100111c)]
calc!ParseCmdLine+0x2:
01001667 ff158c100001 call dword ptr [calc!_imp__GetCommandLineW (0100108c)]
calc!InitializeWindowClass+0x37:
010017fe ff152c110001 call dword ptr [calc!_imp__LoadIconW (0100112c)]
calc!InitializeWindowClass+0x46:
0100180d ff1528110001 call dword ptr [calc!_imp__LoadCursorW (01001128)]
calc!InitializeWindowClass+0x51:
01001818 ff1524110001 call dword ptr [calc!_imp__GetSysColorBrush (01001124)]
calc!InitializeWindowClass+0x6f:
01001836 ff1520110001 call dword ptr [calc!_imp__RegisterClassExW (01001120)]
calc!EverythingResettingNumberSetup+0x1ab:
010019f8 ff1580100001 call dword ptr [calc!_imp__LocalAlloc (01001080)]
calc!EverythingResettingNumberSetup+0x1c3:
01001a10 ff1590100001 call dword ptr [calc!_imp__lstrcpyW (01001090)]
calc!InitSciCalc+0xec:
01001b03 ff1584110001 call dword ptr [calc!_imp__SystemParametersInfoW (01001184)]
0:000> # ffd6 calc l?c40
calc!ParseCmdLine+0x1d:
01001682 ffd6 call esi
calc!ParseCmdLine+0x55:
010016ba ffd6 call esi
calc!ParseCmdLine+0xae:
01001713 ffd6 call esi
calc!ParseCmdLine+0xdb:
01001740 ffd6 call esi
calc!ParseCmdLine+0x126:
0100178b ffd6 call esi
calc!ParseCmdLine+0x14f:
010017b4 ffd6 call esi
calc!InitSciCalc+0x5d:
01001a74 ffd6 call esi
calc!InitSciCalc+0x71:
01001a88 ffd6 call esi
calc!InitSciCalc+0x8e:
01001aa5 ffd6 call esi
其它你可能感兴趣的问题