前文提要:
在VC6.0之后出现的VS系列开发工具都具有的调试功能:移动指针更改执行流,VC6不支持这个UI操作。
调试程序暂停时,源代码或“反汇编”窗口边距处的黄色箭头标记要运行的下一条语句的位置。 你可以通过移动此箭头来更改要运行的下一条语句。 你可以跳过代码,或者返回上一行。 在某些情况下移动指针很有用,例如,跳过包含已知 bug 的代码。
突发在奇想之后,想到了改变寄存器EIP的值来实现,下面这段英文介绍了什么是改变执行流,文尾给出VC6环境下如何实现。
Move the pointer to change the execution flow
When the debugger is paused, a yellow arrow in the margin of the source code or Disassembly window marks the location of the statement that will run next. You can change the next statement that will run by moving this arrow. You can skip over code or return to a previous line. Moving the pointer is useful for situations like skipping code that contains a known bug.
If you want to change the next statement that will run, the debugger must be in break mode. In the source code or Disassembly window, drag the yellow arrow to a different line, or right-click the line you want to run next and select Set Next Statement.
The program counter jumps directly to the new location. Instructions between the old and new execution points aren't run. But if you move the execution point backwards, the intervening instructions aren't undone.
Caution
- Moving the next statement to another function or scope usually causes call-stack corruption, which causes a runtime error or exception. If you try to move the next statement to another scope, the debugger gives you a warning and a chance to cancel the operation.
- In Visual Basic, you can't move the next statement to another scope or function.
- In native C++, if you have runtime checks enabled, setting the next statement can cause an exception when execution reaches the end of the method.
- When Edit and Continue is enabled, Set Next Statement fails if you've made edits that Edit and Continue can't remap immediately. This situation can occur, for example, if you've edited code in a catch block. When this happens, an error message tells you that the operation isn't supported.
- In managed code, you can't move the next statement if:
- The next statement is in a different method than the current statement.
- Debugging was started by Just-In-Time debugging.
- A call stack unwind is in progress.
- A System.StackOverflowException or System.Threading.ThreadAbortException exception has been thrown.
熟悉Visual Studio开发工具的朋友们都已经习惯在调试代码时,通过拖动指令光标位置实现代码指令跳转(跳过某些不想要的条件判断),此功能比单步执行要灵活许多。
碰到手里还有VC6的老C++项目时,突然没有这个功能,非常不适应,在Google还未退出中国时就想过这个问题,水平有限也没有搜到解决办法。
就在昨天,想到了一招直接手动修改EIP指令来实现,简单介绍一下 VC6环境修改CPU寄存器的两种方法,也许对一部分朋友还是有些帮助的。
下面是VC6的环境示意图:
图中分别列出了源代码与反汇编代码窗体,同时也列出了寄存器窗口与右下角的变量观察辅助对话框
我们可以直接点击寄存器窗体中的 EIP 寄存器变量值的位置(不要双击,在要修改的位置前面单击即可)或是在变量观察对话框中双击value部分
需要注意:变量观察名子输入的是 EIP ,实际情况是需要输入@EIP的,这样不会与本地同名变量起冲突的
我们看到源码中当前指令执行到0X00A70B5E,同时EIP的值也是这个,我可改变它为:00A70B77,这样代码再次运行时,将直接实现跳转,略过前面的IF判断指令。
曲线实现了【移动指针更改执行流】,前面有英文注解, 需要注意的条件 :)
标签:EIP,code,run,VC6,拖动,C++,next,statement,6.0 From: https://www.cnblogs.com/ioriwellings/p/17151040.html