Is there a way to see the address stored by a pointer on stack-frame through windbg?

Here is a trivial program i wrote in VC++:

#include "stdafx.h
#include <iostream>

using namespace std;

int _tmain(int argc, _TCHAR* argv[])
{
  int foo = 10;
  int* bar = &foo;
  cout<<bar<<endl;
  getchar();
  return 0;
}

The output on my machine is: 0035F95C

After attaching the process through windbg and viewing the disassembly, i am not able to compute the address above. I kn开发者_开发技巧ow i need to get to the stack frame and look at the locals and walk the addresses but not sure on commands in windbg. How would you approach this?

Use the .frame command to see the stack frame.

Use the dv or dt command to view the value of variable.

http://www.codeproject.com/KB/debug/windbg_part1.aspx

Thu 12/30/2010 20:04:38.48\>type stdafx.h
//dummmy file to satisfy compiler
Thu 12/30/2010 20:05:04.70\>type windb.cpp
#include "stdafx.h"
#include <iostream>

using namespace std;

int _tmain(int argc, _TCHAR* argv[])
{
  int foo = 10;
  int* bar = &foo;
  cout<<bar<<endl;
  getchar();
  return 0;
}

Thu 12/30/2010 20:05:28.87\>bcc32 -v -ls -w-8057 windb.cpp
Borland C++ 5.5.1 for Win32 Copyright (c) 1993, 2000 Borland
windb.cpp:
Turbo Incremental Link 5.00 Copyright (c) 1997, 2000 Borland

Thu 12/30/2010 20:05:48.85\>map2dbg windb.exe
Converted 1644 symbols.
Thu 12/30/2010 20:06:04.07\>windb.exe
0012FF88 


lets run windbg noninvasive look for stack and check disassembly of main find 
where 10 is used in windbg

cdb -pv -pn windb.exe

Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach
Symbol search path is: SRV*F:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:
WARNING: **Process 2312** is not attached as a debuggee
         The process can be examined but debug events will not be received
.........
(908.1c8): Wake debugger - code 80000007 (first chance)
eax=0012fe48 ebx=00000000 ecx=0012ff10 edx=00862a30 esi=0012fd58 edi=00250688
eip=7c90e514 esp=0012fcf8 ebp=0012fd18 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
ntdll!KiFastSystemCallRet:
7c90e514 c3              ret
0:000> .tlist windb.exe
 0n2312 windb.exe
0:000> kn
 # ChildEBP RetAddr
00 0012fcf4 7c90daea ntdll!KiFastSystemCallRet
01 0012fcf8 7c912de8 ntdll!ZwRequestWaitReplyPort+0xc
02 0012fd18 7c872a51 ntdll!CsrClientCallServer+0x8c
03 0012fe14 7c872b98 kernel32!ReadConsoleInternal+0x1be
04 0012fe9c 7c8018b7 kernel32!ReadConsoleA+0x3b
*** WARNING: Unable to verify checksum for F:\Borland\windb\windb.exe
05 0012fef4 004111fd kernel32!ReadFile+0x64
06 0012ff14 00410fcb windb!_rtl_read+0x35
07 0012ff40 004117a7 windb!__read+0x9b
08 0012ff5c 00411865 windb!c798_0+0x5b
09 0012ff6c 004117ff windb!fgetc+0x61
0a 0012ff78 00401198 windb!_fgetc+0x13
**0b 0012ff8c 00417c4e windb!main+0x48**
0c 0012ffc0 7c817077 windb!c1770_0+0x172
0d 0012fff0 00000000 kernel32!BaseProcessStart+0x23
0:000> uf windb!main
windb!main:
00401150 55              push    ebp
00401151 8bec            mov     ebp,esp
00401153 51              push    ecx
00401154 53              push    ebx
00401155 c745fc0a000000  **mov     dword ptr [ebp-4],0Ah**
0040115c 8d5dfc          lea     ebx,[ebp-4]
0040115f 68a0114000      push    offset windb!std::basic_ostream<char, std::char
_traits<char> >& std::endl<char, std::char_traits<char> >(std::basic_ostream<cha
r, std::char_traits<char> >&) (004011a0)
00401164 53              push    ebx
00401165 68f8034200      push    offset windb!d1862_1+0x9bc (004203f8)
0040116a e8ed7f0000      call    windb!std::basic_ostream<char, std::char_traits
<char> >::operator <<(const void *) (0040915c)
0040116f 83c408          add     esp,8
00401172 50              push    eax
00401173 e8a4810000      call    windb!std::basic_ostream<char, std::char_traits
<char> >::operator <<(std::basic_ostream<char, std::char_traits<char> >& (*)(std
::basic_ostream<char, std::char_traits<char> >&)) (0040931c)
00401178 83c408          add     esp,8
0040117b b8ece04100      mov     eax,offset windb!_streams (0041e0ec)
00401180 ff4808          dec     dword ptr [eax+8]
00401183 7809            js      windb!main+0x3e (0040118e)

windb!main+0x35:
00401185 baece04100      mov     edx,offset windb!_streams (0041e0ec)
0040118a ff02            inc     dword ptr [edx]
0040118c eb0b            jmp     windb!main+0x49 (00401199)

windb!main+0x3e:
0040118e 68ece04100      push    offset windb!_streams (0041e0ec)
00401193 e854060100      call    windb!_fgetc (004117ec)
00401198 59              pop     ecx

windb!main+0x49:
00401199 33c0            xor     eax,eax
0040119b 5b              pop     ebx
0040119c 59              pop     ecx
0040119d 5d              pop     ebp
0040119e c3              ret
0:000> .frame /r 0x0b
0b 0012ff8c 00417c4e windb!main+0x48
eax=0012fe48 ebx=00862a30 ecx=0012ff10 edx=00862a30 esi=0012fd58 edi=00250688
eip=00401198 esp=0012ff80 ebp=0012ff8c iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
windb!main+0x48:
00401198 59              pop     ecx
0:000> dd 12ff7c l8
0012ff7c  00401198 0041e0ec 7ffde000 0000000a
0012ff8c  0012ffb8 00417c4e 00000001 008621c4
0:000> dds 12ff7c l8
0012ff7c  00401198 windb!main+0x48
0012ff80  0041e0ec windb!_streams
0012ff84  7ffde000
**0012ff88  0000000a**
0012ff8c  0012ffb8
0012ff90  00417c4e windb!c1770_0+0x172
0012ff94  00000001
0012ff98  008621c4
0:000>