|
|
Orchid XP v7 escribió:
>> So what you do, working at a machine level, is start with where EIP is
>> and work backwards. You look at the stack backtrace to see what
>> functions called what functions, and you can figure out what code path
>> the program had taken.
>
> Yeah, but let's be real here. The actual generated machine code is going
> to bear *no relationship* to the original program source code. Only a
> super-hyper-nerd is ever going to get anything useful out of it.
>
That's what the debugging symbols can do too. Mapping between lines of
code and instruction addresses.
Note that it's usually a lot harder on optimized executables.
Single-stepping on a running program that has been optimized is almost
impossible. It appears to run instructions twice, run instructions in
strange order, etc. So disabling optimizations for stepping through a
program is highly recommended...
Post a reply to this message
|
|