Disassemble unloaded module

 

Questions


Got a stack trace that ends in an unloaded module. To make sure the stack makes sense I would like to disassemble the unloaded module (in other to check whether a call can start on the address given (access violation: attempt to read from an invalid address)). I can load the module (windbg):

.reload Unloaded.Dll=base,size

But after this reload I’m not able to disassemble the code. Is there a way to accomplish this? Thanks in advance for any help! GMore

 

 

————————————————-

Answer

Tip from Marc Sherman (see comments above):
With windbg your can load a dll as a crash dump. After the load type the “lm” command and disassemble on the address wanted relative to the base given.

debugging,windbg,windows

Facebook Comments

Post a comment