|
Sure, Hamid!
Let us discuss the original question?
regards,
George
|
|
|
|
|
Did you see those articles? are they helpful?
|
|
|
|
|
Thanks Hamid,
I will read them today and response with you.
regards,
George
|
|
|
|
|
Yes, Hamid!
I have read the articles and tried the PEDUMP tool. I think it is used for analyze the physical binary file format, not to analyze the loaded in memory binary.
Any comments?
regards,
George
|
|
|
|
|
I think I found your answer but I dont remember your question (you have lot of questions) you want to read memory of a process(thread) with an address,right? well see ReadProcessMemory .
|
|
|
|
|
Sorry for my bad English, Hamid!
My question is, I can get the content of the memory, but I want to know what exactly resides in the memory -- i.e. does the memory content represents code or data? If I have symbol file, could I decode the memory content to human readable information? Any ideas?
regards,
George
|
|
|
|
|
To get the module the address is in use SymGetModuleInfo64().
This will resolve for all 'global' variables (functions and global data in exe's or dll's).
To get the raw (mangled) symbol name use SymGetSymFromAddr64().
To get the unmangled name use UnDecorateSymbolName() or SymUnDName64().
To check if the address is on the _current_ stack:
bool IsOnCurrStack( cvoid *ADDR )
{
NT_TIB *tib((NT_TIB*)::NtCurrentTeb());
return( tib->StackLimit < ADDR && ADDR < tib->StackBase );
}
You should never see/care about an address on the stack of another thread unlesss you are a debugger.
...cmk
The idea that I can be presented with a problem, set out to logically solve it with the tools at hand, and wind up with a program that could not be legally used because someone else followed the same logical steps some years ago and filed for a patent on it is horrifying.
- John Carmack
|
|
|
|
|
Thanks cmk,
Great reply!
1.
I think "module" means EXE or DLL, it contains code (.text) and global data (.data), my question is whether a module's .text (or .data) segments are loaded as continuous address? I have this question is because when we use new/malloc to get memory from heap, they may not be continuous. I am not sure about .text (or .data)?
2.
Function "SymGetSymFromAddr64" is useful. But suppose the following scenario, I am using WinDbg or some other debugger to debug, and want to "decode" at some specific address to symbol names. How could I call such function? Any ideas?
regards,
George
|
|
|
|
|
1. There may be multiple code and data segments, so no, you can not assume the address' are continuous.
2. How you resolve the address is debugger specific. I would expect most to have built-in address-to-name resolution functionality.
...cmk
The idea that I can be presented with a problem, set out to logically solve it with the tools at hand, and wind up with a program that could not be legally used because someone else followed the same logical steps some years ago and filed for a patent on it is horrifying.
- John Carmack
|
|
|
|
|
Thanks cmk,
1.
I have debugged some programs, and using lm command in WinDbg to list all loaded DLLs by the debugged program. I saw all DLLs are loaded a continuous address. Why do you say "can not assume the address' are continuous" -- could you show a sample please?
2.
I think your built-in programatic solution is more comprehensive. Any ideas about how to do it in debugger?
regards,
George
|
|
|
|
|
1.
- A given module will be mapped into a single continuous block of memory.
- For a program with multiple modules, the modules may not be in adjacent blocks of memory, there may be gaps.
- Within a module there may be more than 1 code and/or data blocks, these may not be adjacent.
2.
You will have to read the instructions for the debugger.
If WinDbg isn't showing the symbols then either:
- the module was not compiled with symbols (e.g. release build)
- windbg isn't setup right, the symbols server/paths are wrong
- the address isn't at the start of a symbol and winddbg isn't looking for the nearest symbol
You can always write a windbg extension and use the windbg api GetSymbol().
See:
http://www.codeproject.com/KB/debug/cdbntsd4.aspx[^]
http://72.14.205.104/search?q=cache:w_6GRVNQR5wJ:www.osronline.com/article.cfm%3Fid%3D52+windbg+getsymbol&hl=en&ct=clnk&cd=3&gl=ca[^]
Maybe if we step back and you explain exactly what you are trying to do it might be easier. It's been years since i needed a debugger other than the one built into VS.
...cmk
The idea that I can be presented with a problem, set out to logically solve it with the tools at hand, and wind up with a program that could not be legally used because someone else followed the same logical steps some years ago and filed for a patent on it is horrifying.
- John Carmack
|
|
|
|
|
Cool cmk!
I like both the article and the forum you recommended.
What I am trying to do is to solve a sort of specific issues, when there is OS error box which indicates my application is broken at some address (e.g. 0x12345678), because of unhandled exception or something. I want to find out what actually resides in address 0x12345678? Is it code or data?
Any advice or documents to refer?
regards,
George
|
|
|
|
|
You said it is your app, i would suggest running it in Visual Studio, the debugger is easier to use than WinDbg.
The address alone is just a starting point, it may be a side-effect of the actual error. You need more information that that.
I'm sure you realize that debugging is an art, there is no single way to do it, but it starts with coding defensively.
I would suggest getting one of John Robbins debugging books: http://www.wintellect.com/Books.aspx[^], i have 'Debugging Applications'.
Also check out his BugSlayer articles, a collection can be found here ...[^].
...cmk
The idea that I can be presented with a problem, set out to logically solve it with the tools at hand, and wind up with a program that could not be legally used because someone else followed the same logical steps some years ago and filed for a patent on it is horrifying.
- John Carmack
|
|
|
|
|
Thanks cmk!
Great link! My issue is, on the target machine, we can not install Visual Studio, and could I use Visual Studio on local machine to debug on the remote machine's process? If yes, how?
regards,
George
|
|
|
|
|
|
Thanks cmk!
I have read the documents carefully. My current confusion is, as mentioned here and in also other documents,
http://www.nachreiner.com/remotedebug/[^]
we need to copy some DLLs, but the DLL names are for old VC 6.0, and for current Visual 2008, what are the related DLL names?
--------------------
Copy the following files from the HOST to the TARGET machines system directory
MFC42D.DLL
MFCO42D.DLL
MSVCRTD.DLL
Copy the following files from the HOST to the TARGET machines.
DM.DLL
MSDIS110.DLL
MSVCMON.EXE
MSVCP60.DLL
PSAPI.DLL
TLN0T.DLL
--------------------
regards,
George
|
|
|
|
|
I'm trying to generate random numbers with
#include <stdio.h>
void main( )
{
int iRandom = 0;
iRandom = ( rand( ) % 100 ) + 1;
printf( "\n\n%d", iRandom );
}
the result is 42 everytime any help please
Microsoft visual c++ 9.0 / Vista
<div class="ForumMod">modified on Monday, June 30, 2008 1:13 AM</div>
|
|
|
|
|
Try to put this line
srand( (unsigned)time( NULL ) );
before calling rand();
-Santosh
« Superman »
|
|
|
|
|
|
you should use srand if you want the sequence to start with a different number each time. Otherwise it always gets seeded to 1, and on your compiler (Visual C++, I'm guessing) the first number generated with a seed of 1 is 41.
The result is displayed as 42 since you always add 1 to the random number.
Somethings seem HARD to do, until we know how to do them.
_AnShUmAn_
|
|
|
|
|
Hi all,
I m using Number property for Edit box,becoz i want to use only digits.
But i also want to enter ".",but it is not accept it please tell me how can i Number property of Edit box where i m also use ".".
Thanks in advance.
IN A DAY, WHEN YOU DON'T COME ACROSS ANY PROBLEMS - YOU CAN BE SURE THAT YOU ARE TRAVELLING IN A WRONG PATH
|
|
|
|
|
"_$h@nky_" wrote: how can i Number property of Edit box where i m also use ".".
You cannot. If you want such a feature, you should handle the WM_CHAR message and filter the unwanted keys..
|
|
|
|
|
Can you please tell me with example.
IN A DAY, WHEN YOU DON'T COME ACROSS ANY PROBLEMS - YOU CAN BE SURE THAT YOU ARE TRAVELLING IN A WRONG PATH
|
|
|
|
|
void CNumericEdit::OnChar(UINT nChar, UINT nRepCnt, UINT nFlags)
{
char szBuffer[100] = {0};
short int nCounter = 0;
short int iTemp = 0;
int iStartChar = 0;
int iEndChar = 0;
if(nChar == '-')
{
return;
}
if(nChar != VK_BACK && nChar != VK_TAB)
{
if(nChar != '.' && (nChar < '0' || nChar > '9'))
{
return;
}
GetWindowText(szBuffer, sizeof(szBuffer));
if(nChar == '.')
{
GetSel(iStartChar, iEndChar);
if(iStartChar != 0 || iEndChar != static_cast<int>(strlen(szBuffer)))
{
for(nCounter = 0; szBuffer[nCounter] != NULL; nCounter++)
{
if(szBuffer[nCounter] == '.')
{
return;
}
}
}
}
}
CEdit::OnChar(nChar, nRepCnt, nFlags);
}
|
|
|
|
|
this error comes out when i use the above code.
error C2248: 'CWnd::OnChar' : cannot access protected member declared in class 'CWnd'
1> C:\Program Files\Microsoft Visual Studio 8\VC\atlmfc\include\afxwin.h(2631) : see declaration of 'CWnd::OnChar'
1> C:\Program Files\Microsoft Visual Studio 8\VC\atlmfc\include\afxwin.h(1967) : see declaration of 'CWnd'
1>
IN A DAY, WHEN YOU DON'T COME ACROSS ANY PROBLEMS - YOU CAN BE SURE THAT YOU ARE TRAVELLING IN A WRONG PATH
|
|
|
|