Parse the loaded module

Question

Parse the loaded module

Received a stack trace that ends in an unloaded module. To make sure the stack makes sense, I would like to parse the unloaded module (otherwise, check if the call can run at the specified address (access violation: attempting to read from an invalid address)). I can load the module (windbg):

.reload Unloaded.Dll=base,size

But after this reboot, I won't be able to parse the code. Is there a way to do this? Thanks in advance for any help! GMore

+3

debugging windows windbg

Gerard Jan 25. 13 at 13:18

source to share

1 answer

Gerard · Accepted Answer · 2013-01-29T16:28:59+0000

Tip from Mark Sherman (see comments above): With windbg you can load dlls as a crash dump. Once loaded, enter the "lm" command and parse the address you want relative to the given radix.

Parse the loaded module

More articles: