stackoom
  简体   繁体   中英

What are these little functions in FFFF**** addres space seen by C# code x86 disassembly?

 原文  2014-04-14 08:17:09       c#/ clr/ disassembly

Question

While debugging some of my code written in C# I had to walk through disassembly to get a clearer understanding of what is going on on a microlevel. Most of the code is rather transparent, but there are some functions obviously provided by CLR or C#, because I didn't implement them, which lie in 0xffff**** address space and are unknown to me. For instance in Bitmap.Width there is a call for FFFF0630: 

00000000  push        ebp 
00000001  mov         ebp,esp 
00000003  push        eax 
00000004  xor         eax,eax 
00000006  mov         dword ptr [ebp-4],eax 
00000009  mov         eax,dword ptr [ecx+10h] 
0000000c  mov         edx,ecx 
0000000e  push        eax 
0000000f  push        edx 
00000010  lea         ecx,[ebp-4] 
00000013  call        FFFF0630

I can't step into it with a debugger, so I can only presume from the context, it should be for some kind of memory validation. But I am not sure, as even this functions' tween Bitmap.Height has another address FFFF060C at the same spot. There is not much sense in different validation for two almost equivalent properties.

So, what are these functions indeed? What do they do?

2 answers

solution1
 2 ACCPTED  2014-04-14 08:28:31

I can't step into it with a debugger

Do you have native debugging enabled? .NET uses the underlying Win32 functions for OS services. It is probably a call into a native DLL.

has another address FFFF060C

Two ways to find out what libraries are loaded by address:

  1. Modules view in Visual Studio (menu: Debug | Windows | Modules).

  2. Process Explorer's View | Lower Pane View | Dlls (you might need to add the base address column).

The address a DLL is loaded will depend on OS, 32/64bit, ASLR, and the preferred base address in the DLL.

It is common for system DLLs to be loaded high in the process's address space.

solution2
 1  2014-04-14 08:31:12

You can find System.Drawing here , that where Bitmap resides. It inherits from Image , which contains both Height and Width . They look like this: 

public int Height {
    get {
        uint height;            
        Status status = GDIPlus.GdipGetImageHeight (nativeObject, out height);      
        GDIPlus.CheckStatus (status);           

        return (int)height;
    }
}
public int Width {
    get {
        uint width;         
        Status status = GDIPlus.GdipGetImageWidth (nativeObject, out width);        
        GDIPlus.CheckStatus (status);           

        return (int)width;
    }
}

They both call GDIPlus.CheckStatus so that's what they have in common.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question C# (MSIL) into native X86 code? Batch compiling C# code for WinRT and Windows x86 Converting c# code to C++ native code or for x86 Processor Change C# DllImport target code depending on x64/x86 x86/x64 CPUID in C# C# support both x64 and x86 What happens if a C# Dictionary has a 64-bit TKey on x86? unsafe c# code causes heap corruption on 64 bit platform unless built for x86 platform C# projects using both X86 and Any CPU C# exe not working on target platform x86
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM