问题
Got a stack trace that ends in an unloaded module. To make sure the stack makes sense I would like to disassemble the unloaded module (in other to check whether a call can start on the address given (access violation: attempt to read from an invalid address)). I can load the module (windbg):
.reload Unloaded.Dll=base,size
But after this reload I’m not able to disassemble the code. Is there a way to accomplish this? Thanks in advance for any help! GMore
回答1:
Tip from Marc Sherman (see comments above): With windbg your can load a dll as a crash dump. After the load type the "lm" command and disassemble on the address wanted relative to the base given.
来源:https://stackoverflow.com/questions/14522596/disassemble-unloaded-module