Finding location of crash using Map file

Question

I am investigating a faulty code. Application verifier shows heap is corrupted after below call:

AA!Class::Function+dbaf

I have map file with me.Please help me how to reach on line number using above information and information present into Map file.

Preferred load address is 00400000

0002:00000dc4       __imp_?Class@Function@@QAEXV?$vector@Uty_point@@V?$allocator@Uty_point@@@std@@@std@@0PAV23@@Z 0049bdc4 

Note : I have anonymized class and function name.

Answer 1

Do you only have a map file? No PDB? If you have full symbols then use the map and .pdbs (and .exe) with WinDBG (are you on windows?). I would imagine that you do seeing as how you have been given the name of the function.

IF not... dbaf is your answer. What does that equate to? The offset should be the location of faulty instructions. Of course you would need to figure out the number of instructions (assembly instructions) that each has.

Answer 2

I remember being able to jump to the faulty code by having only the map file and the value of EIP (the instruction pointer, the address where the code crashed), a quick google search pointed me to this webpage: Map Files And DLL Rebasing. From what I remember in an ideal situation you can change the value of EIP directly in the Visual C++ debugger and it will jump to the corresponding code line.

Now, this was really a long time ago in the Visual C++ 6 era, I don't even know if it's still applicable today. As already pointed out you should really look into symbols and the program database options in Visual C++, there is tons of information about how to setup and use them.