The way to enable that in cdb is the l+s
command. However, don??™t get too accustomed to the source line display because, as a
hacker, you??™ll almost never have the actual source to view. In this case, it??™s fine to display
source lines at the prompt, but you do notwant to turn on source mode debugging (l+t),
because if you were to do that, each ???step??? through the source would be one source line,
not a single assembly instruction. For more information on this topic, search for
???Debugging in Source Mode??? in the debugger help (debugger.chm). On a related note,
the .lines command will modify the stack trace to display the line that is currently being
executed. You will get lines information whenever you have private symbols for the executable
or DLL you are debugging.
0:000> .lines
Line number information will be loaded
0:000> k
ChildEBP RetAddr
0012fedc 004013a0 meet!main [c:\grayhat\meet.c @ 8]
0012ffc0 77e7eb69 meet!mainCRTStartup+0x170
[f:\vs70builds\3077\vc\crtbld\crt\src\crt0.c @ 259]
0012fff0 00000000 kernel32!BaseProcessStart+0x23
If we continue past this breakpoint, our program will finish executing:
0:000> g
Hello Mr Haxor
Bye Mr Haxor
eax=c0000135 ebx=00000000 ecx=00000000 edx=00000000 esi=77f5c2d8 edi=00000000
eip=7ffe0304 esp=0012fda4 ebp=0012fe9c iopl=0 nv up ei pl nz na pe nc
Chapter 11: Basic Windows Exploits
249
PART III
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202
SharedUserData!SystemCallStub+0x4:
7ffe0304 c3 ret
0:000> k
ChildEBP RetAddr
0012fda0 77f5c2e4 SharedUserData!SystemCallStub+0x4
0012fda4 77e75ca4 ntdll!ZwTerminateProcess+0xc
0012fe9c 77e75cc6 kernel32!_ExitProcess+0x57
0012feb0 00403403 kernel32!ExitProcess+0x11
0012fec4 004033b6 meet!__crtExitProcess+0x43
[f:\vs70builds\3077\vc\crtbld\crt\src\crt0dat.
Pages:
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464