I've looked at trying to do this for indirect calls with hardcoded addresses, but found many were to wrapper code that did "JMP register"...https://twitter.com/berendjanwever/status/855379369832964096 …
-
-
code in small branches can be stored away from the main func and may not get marked with a symbol. Windbg returns whatever symbol is close.
-
Yeah, that's my point, if it returns Foo+99999 then that's probably not helpful, but if you only accept Foo, then miss valid calls.
- 2 more replies
New conversation -
-
-
I guess that works if you don't mind missing valid stuff (mem indirect calls, routines without syms, etc, etc). v.complex though!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.