Monday, August 01, 2011

Special Command—Unassembling code with u, ub and uf

When debugging sooner or later you will need to disassemble code to get a better understanding of that code.

By disassembling the code, you get the mnemonics translated from the 0s and 1s that constitute the binary code. It is a low level view of the code, but a higher level than seeing just numbers.

The commands syntaxes are:

u[b] [address]
u[b] [range]
u[b]

uf [options] <address>

Where options are:

/c - Displays only the call instructions in a routine.
/D - Creates linked callee names for navigation of the call graph.
/o - Sorts the display by address instead of by function offset.
/O - Creates linked call lines for accessing call information and creating breakpoints.
/i - Displays the number of instructions in a routine.

To demonstrate this command, let’s use this simple Visual C++ application that recursively calculates the Fibonacci from a specific number:

#include "stdafx.h"
using namespace std;

// Recursive function.
unsigned FiboRecursive(unsigned n, int nNum = 0)
{      
          if(n <= 1)
          {
                    return n;
          }
                  
          return FiboRecursive(n - 1, 1) + FiboRecursive(n - 2, 2);
}
 
int _tmain(int argc, _TCHAR* argv[])
{
          cout << FiboRecursive(5) << endl;
 
          return 0;
}
 
Let’s break the execution when the line from main() only is being executed, using a breakpoint for that.

Now let’s disassemble the eip register.
 
0:000> u @eip

Read more: Debugging Toolbox
QR: special-command-unassembling-code-with-u-ub-and-uf.aspx

Posted via email from Jasper-Net