I've looked at trying to do this for indirect calls with hardcoded addresses, but found many were to wrapper code that did "JMP register"...https://twitter.com/berendjanwever/status/855379369832964096 …
-
-
You mean you discard it if it doesn't point to a debug symbol?
-
code in small branches can be stored away from the main func and may not get marked with a symbol. Windbg returns whatever symbol is close.
-
so the symbol may be wrong. This is a way to get a better alternative in some cases (direct call), but not all (all other types of call).
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.