The ability to reconstruct approximate C or C++ code from code disassembly is very important in memory dump analysis and debugging.
The project for this chapter can be downloaded from:
The executable is located under PointersAsVariables\Debug sub-folder. We load it into WinDbg and disassemble its main function.
First we load PointersAsVariables.exe using File\Open Executable... menu option in WinDbg and get the following output:
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: C:\WDPF\PointersAsVariables\Debug\PointersAsVariables.exe Symbol ...