如果EBP帧指针为NULL,堆栈是否损坏? [英] Is the stack corrupted if the EBP frame pointer is NULL?
问题描述
我对堆栈跟踪的理解基本上是基于什么是基指针和堆栈指针?他们指的是什么?。
My understanding of stack traces is essentially based on What is exactly the base pointer and stack pointer? To what do they point?.
我一直在帮助开发多年的程序崩溃时堆栈转储,我已经习惯了以评估这些堆栈跟踪,与C ++编译器生成的.map文件相对应。很多时候,我已经成功地走了堆栈和调试问题。
A program I have been helping to develop for years spits out a stack dump when it crashes, and I have become accustomed to evaluating these stack traces, in correspondence with a .map file that the C++ compiler produces. A number of times, I have successfully been able to walk the stack and debug issues.
但是,有时堆栈跟踪有一个空EBP(帧)指针。下面是来自这样的示例堆栈转储的相关片段:
However, sometimes the stack trace has a NULL EBP (frame) pointer. Here is the relevant snippet from such a sample stack dump:
Initial EBP pointer value: 04d8fab0
{at address 04d8fab0: 00000000}
如您所见,EBP帧指针的值为NULL。因此,我不能走堆栈。
As you can see, the value of the EBP frame pointer is NULL. Therefore, I cannot walk the stack.
这是一个损坏的堆栈的符号,还是有另一个可能的解释?
Is this the sign of a corrupted stack, or is there another possible explanation?
推荐答案
如您所见,EBP帧指针的值为NULL。因此,
我不能走堆栈。这是一个损坏的堆栈的迹象,还是
有另一个可能的解释?
As you can see, the value of the EBP frame pointer is NULL. Therefore, I cannot walk the stack. Is this the sign of a corrupted stack, or is there another possible explanation?
另一个解释,根源在于除了保存当前堆栈帧的地址之外,EBP寄存器还可以用于任何其他目的,例如通用寄存器。为了安全地这样做,需要两件事情:
I think there is another explanation, rooted in the fact that in addition to holding the address of the current stack frame, the EBP register can also be used for any other purpose like general-purpose registers. In order to do that safely, two things are required:
-
通过调用
Store its current content to the stack by calling
PUSH EBP
PUSH EBP
通用用法和退出当前过程之前调用
Restore the content after the general-purpose usage and before exiting the current procedue by calling
POP EBP
POP EBP
所以我以为你遇到的情况不一定是由堆栈的损坏引起的,因为技术上可能是转储而EBP寄存器暂时被用于进程代码中的其他地方的通用用途,甚至可能不是你编写的代码。
So I was thinking the case you were experiencing was not necessarily caused by corruption of the stack, as it technically may have been that the dump was generated while the EBP register was temporarily being used for general-purpose usage by someplace else in the process' code, maybe not even code you've written.
这篇关于如果EBP帧指针为NULL,堆栈是否损坏?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
