Windbg tips: display the assembly code of the function (UF command)

WindbgUFCommand to disassemble the binary and display the assembly code to help analyze functions without source code. For example, the thunder program (winmine.exe) in Windows is known to have a function called winmine! StartgameX winmine! *Command), you can use UF winmine! The startgame command displays the assembly code of the function:

 

 

0: 000>UF winmine! Startgame
Winmine! Startgame:
0100367a a1ac560001 mov eax, dword ptr [winmine! Preferences + 0xc (010056ac)]
01000000f 8b0da8560001 mov ECx, dword ptr [winmine! Preferences + 0x8 (010056a8)]
01003685 53 push EBX
01003686 56 push ESI
01003687 57 push EDI
01003688 33ff xor edi, EDI
010010000a 3b0534530001 CMP eax, dword ptr [winmine! Xboxmac (01005334)]
01003690 893d64510001 mov dword ptr [winmine! Ftimer (1, 01005164)], EDI
01003696 750c JNE winmine! Startgame + 0x2a (010036a4)

Winmine! Startgame + 0x1e:
01003698 3b0d000030001 CMP ECx, dword ptr [winmine! Yboxmac (01005338)]
0100w.e 7504 JNE winmine! Startgame + 0x2a (010036a4)

Winmine! Startgame + 0x26:
010036a0 6a04 Push 4
010036a2 eb02 JMP winmine! Startgame + 0x2c (010036a6)

Winmine! Startgame + 0x2a:
010036a4 6a06 push 6

Winmine! Startgame + 0x2c:
010036a6 5B pop EBX
010036a7 a334530001 mov dword ptr [winmine! Xboxmac (01005334)], eax
010036ac 890d000030001 mov dword ptr [winmine! Yboxmac (01005338)], ECx
010036b2 e81ef8ffff call winmine! Clearfield (01002ed5)
010036b7 a1a4560001 mov eax, dword ptr [winmine! Preferences + 0x4 (010056a4)]
010036bc 893d60510001 mov dword ptr [winmine! Ibuttoncur (1, 01005160)], EDI
010036c2 a330530001 mov dword ptr [winmine! Cbombstart (01005330)], eax

Winmine! Startgame + 0x4d:
010036c7 ff3534530001 push dword ptr [winmine! Xboxmac (01005334)]
010036cd e86e020000 call winmine! RND (01003940)
010036d2 ff35000030001 push dword ptr [winmine! Yboxmac (01005338)]
010036d8 8bf0 mov ESI, eax
010036da 46 Inc ESI
010036db e860020000 call winmine! RND (01003940)
010036e0 40 Inc eax
010036e1 8bc8 mov ECx, eax
010036e3 c1e105 SHL ECx, 5
010036e6 f684314053000180 test byte PTR winmine! Rgblk (01005340) [ECx + esi], 80 h
010036ee 75d7 JNE winmine! Startgame + 0x4d (010036c7)

Winmine! Startgame + 0x76:
010036f0 c1e005 SHL eax, 5
010036f3 8d8000040530001 Lea eax, winmine! Rgblk (1, 01005340) [eax + esi]
010036fa 800880 or byte PTR [eax], 80 h
010036fd ff0d30530001 dec dword ptr [winmine! Cbombstart (01005330)]
01003703 75c2 JNE winmine! Startgame + 0x4d (010036c7)

Winmine! Startgame + 0x8b:
01003705 8b0d000030001 mov ECx, dword ptr [winmine! Yboxmac (01005338)]
0100370b 0faf0d34530001 imul ECx, dword ptr [winmine! Xboxmac (01005334)]
01003712 a1a4560001 mov eax, dword ptr [winmine! Preferences + 0x4 (010056a4)]
01003717 2bc8 sub ECx, eax
01003719 57 push EDI
0100371a 893d900000001 mov dword ptr [winmine! CSEC (0100579c)], EDI
01003720 a330530001 mov dword ptr [winmine! Cbombstart (01005330)], eax
01003725 a394510001 mov dword ptr [winmine! Cbombleft (01005194)], eax
0100372a 893da4570001 mov dword ptr [winmine! Cboxvisit (010057a4)], EDI
01003730 890da0570001 mov dword ptr [winmine! Cboxvisitmac (010057a0)], ECx
01003736 c705005000010000000 mov dword ptr [winmine! Fstatus (1, 01005000)], 1
01003740 e825fdffff call winmine! Updatebombcount (010010000a)
01003745 53 push EBX
01003746 e805e2ffff call winmine! Adjustwindow (01001950)
0100374b 5f pop EDI
0100374c 5E pop ESI
0100374d 5B pop EBX
0100374e C3 RET