栈回溯——获取当前线程内ebp与call_ret

开发环境:VS2019(Debug x86)

功能:获取当前线程内ebp与函数返回值

结果:

 

 代码示例:

 1 #include <iostream>
 2 #include <list>
 3 using namespace std;
 4 
 5 typedef struct
 6 {
 7     void* prev_ebp;
 8     void* call_ret;
 9 } context;
10 
11 __declspec(naked) void* get_ebp(void)
12 {
13     __asm
14     {
15         mov eax, ebp
16         ret
17     }
18 }
19 typedef list<context> pcontext;
20 list<context>::iterator itor;
21 pcontext get_context()
22 {
23     pcontext pstack;
24     context tmpstack;26     tmpstack.prev_ebp = get_ebp();
27     tmpstack.call_ret = *(void**)((char*)tmpstack.prev_ebp + 4);
28     pstack.push_back(tmpstack);
29     while (tmpstack.call_ret != 0)
30     {
31         tmpstack.prev_ebp = *(void**)(tmpstack.prev_ebp);
32         tmpstack.call_ret = *(void**)((char*)tmpstack.prev_ebp + 4);
33         pstack.push_back(tmpstack);
34     }
35     return pstack;
36 }
37 
38 int main(int argc, char* argv[])
39 {
40     pcontext tmppcontext;
41     tmppcontext = get_context();
42     for (itor = tmppcontext.begin(); itor != tmppcontext.end(); itor++)
43     {
44         cout << "ebp: " << (*itor).prev_ebp << "\tret =" << (*itor).call_ret << endl;
45     }
46     return 0;
47 }

 

posted @ 2021-10-08 09:43  Qing-Huan  阅读(122)  评论(0编辑  收藏  举报