C#代码x86反汇编看到的FFFF ****地址空间中的这些小功能是什么?
[英]What are these little functions in FFFF**** addres space seen by C# code x86 disassembly?
问题描述
While debugging some of my code written in C# I had to walk through disassembly to get a clearer understanding of what is going on on a microlevel. 
在调试一些用C#编写的代码时,我不得不遍历反汇编才能更清楚地了解微级上正在发生的事情。 Most of the code is rather transparent, but there are some functions obviously provided by CLR or C#, because I didn't implement them, which lie in 0xffff**** address space and are unknown to me. 大多数代码相当透明,但是CLR或C#显然提供了一些功能,因为我没有实现它们,它们位于0xffff ****地址空间中,而我却不知道。 For instance in Bitmap.Width there is a call for FFFF0630: 例如在Bitmap.Width有一个FFFF0630的调用:
00000000 push ebp
00000001 mov ebp,esp
00000003 push eax
00000004 xor eax,eax
00000006 mov dword ptr [ebp-4],eax
00000009 mov eax,dword ptr [ecx+10h]
0000000c mov edx,ecx
0000000e push eax
0000000f push edx
00000010 lea ecx,[ebp-4]
00000013 call FFFF0630
I can't step into it with a debugger, so I can only presume from the context, it should be for some kind of memory validation. 我无法使用调试器进入它,所以我只能从上下文中推测,它应该用于某种内存验证。 But I am not sure, as even this functions' tween Bitmap.Height has another address FFFF060C at the same spot. 但我不知道,因为即使该功能二层Bitmap.Height有在同一地点另一个地址FFFF060C。 There is not much sense in different validation for two almost equivalent properties. 对两个几乎等效的属性进行不同的验证没有多大意义。
So, what are these functions indeed? 那么,这些功能的确是什么? What do they do? 他们在做什么?
2 个解决方案
解决方案1
2 已采纳 2014-04-14 08:28:31
I can't step into it with a debugger
Do you have native debugging enabled? 您是否启用了本地调试? .NET uses the underlying Win32 functions for OS services. .NET将底层Win32函数用于OS服务。 It is probably a call into a native DLL. 它可能是对本机DLL的调用。
has another address FFFF060C
Two ways to find out what libraries are loaded by address: 找出地址加载哪些库的两种方法:
Modules view in Visual Studio (menu: Debug | Windows | Modules).
Visual Studio中的“模块”视图(菜单:“调试” |“ Windows” |“模块”)。 Process Explorer's View |
流程浏览器的视图| Lower Pane View | 下部窗格视图 Dlls (you might need to add the base address column). Dlls(您可能需要添加基地址列)。
The address a DLL is loaded will depend on OS, 32/64bit, ASLR, and the preferred base address in the DLL. DLL加载的地址取决于OS,32/64位,ASLR和DLL中的首选基址。
It is common for system DLLs to be loaded high in the process's address space. 通常,系统DLL在进程的地址空间中加载得很高。
解决方案2
1 2014-04-14 08:31:12
You can find System.Drawing here , that where Bitmap resides. 您可以在此处找到System.Drawing, Bitmap所在的位置。 It inherits from Image , which contains both Height and Width . 它从Image继承, Image同时包含Height和Width 。 They look like this: 他们看起来像这样:
public int Height {
get {
uint height;
Status status = GDIPlus.GdipGetImageHeight (nativeObject, out height);
GDIPlus.CheckStatus (status);
return (int)height;
}
}
public int Width {
get {
uint width;
Status status = GDIPlus.GdipGetImageWidth (nativeObject, out width);
GDIPlus.CheckStatus (status);
return (int)width;
}
}
They both call GDIPlus.CheckStatus so that's what they have in common. 它们都称为GDIPlus.CheckStatus所以它们是共同的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.