Windbg獲取C++對象的大小

Question

對Internet Explorer崩潰做一些分析。 （極光利用）。假設我在01e2fe80有一個對象的虛表。我知道這個對象是一個mshtml！CImgElement。我如何找到這個對象的大小？我怎麼會發現對象mshtml！CImgElement是x字節大？

 bp mshtml!CEventObj::GenericGetElement+0x93 ".printf \"esi = [%08x] \",esi;dds poi(esi) l1;gc" 

    esi = [01e2fe80] 01e2fcd0 7dc59478 mshtml!CImgElement::`vftable' 

參考：數據類型的

http://dreamofareverseengineer.blogspot.de/2011/10/reversing-aurora-vulnerability-cve-2010.html

Answer 1

Operators in C++ Expressionssizeof(type)返回大小，但可能CImgElement包含專用數據並以顯示其中不存在用於MSHTML所需尺寸的私人信息（專用符號）模塊。

0:021> ?? sizeof(MSHTML!CImgElement) 
************************************************************************* 
***                 *** 
***                 *** 
*** Your debugger is not using the correct symbols     *** 
***                 *** 
*** In order for this command to work properly, your symbol path *** 
*** must point to .pdb files that have full type information.  *** 
***                 *** 
*** Certain .pdb files (such as the public OS symbols) do not  *** 
*** contain the required information. Contact the group that  *** 
*** provided you with these symbols if you need this command to *** 
*** work.               *** 
***                 *** 
*** Type referenced: MSHTML!CImgElement       *** 
***                 *** 
************************************************************************* 
Couldn't resolve error at 'MSHTML!CImgElement)'