mssmbios!_PEB-付费问答-看雪-安全社区|安全招聘|kanxue.com

最新回复 (1)
cyndyli 雪币： 212 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 9 回帖 64 粉丝 0 关注私信	cyndyli 2 楼 Connected to Windows XP 2600 x86 compatible target at (Fri Feb 5 14:25:27.421 2010 (GMT+8)), ptr64 FALSE Symbol search path is: d:\symbols Executable search path is: Unable to read selector for PCR for processor 0 ***************************************************************************** WARNING: Local kernel debugging requires booting with kernel debugging support (/debug or bcdedit -debug on) to work optimally. ***************************************************************************** Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 2600.xpsp_sp3_qfe.090804-1456 Machine Name: Kernel base = 0x804d8000 PsLoadedModuleList = 0x805644c0 Debug session time: Fri Feb 5 14:25:27.531 2010 (GMT+8) System Uptime: 0 days 0:41:43.236 lkd> !lmi nt Loaded Module Info: [nt] Module: ntkrnlmp Base Address: 804d8000 Image Name: ntkrnlmp.exe Machine Type: 332 (I386) Time Stamp: 4a783d8a Tue Aug 04 21:54:18 2009 Size: 228000 CheckSum: 20fd8d Characteristics: 10e perf Debug Data Dirs: Type Size VA Pointer CODEVIEW 25, 76ad0, 760d0 RSDS - GUID: {79D38DEF-79B7-454A-9D61-504200179432} Age: 2, Pdb: ntkrnlmp.pdb CLSID 4, 76acc, 760cc [Data not mapped] Image Type: MEMORY - Image read successfully from loaded memory. Symbol Type: PDB - Symbols loaded successfully from symbol server. d:\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb Load Report: public symbols , not source indexed d:\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb 我把360关掉了，还是不行，仍然没有导出如 nt!_eprocess等结构 2010-2-5 14:41 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (1)

cyndyli

雪币： 212

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

回帖

粉丝

关注

私信

cyndyli: 2 楼

Connected to Windows XP 2600 x86 compatible target at (Fri Feb  5 14:25:27.421 2010 (GMT+8)), ptr64 FALSE
Symbol search path is: d:\symbols
Executable search path is:
Unable to read selector for PCR for processor 0
*******************************************************************************
WARNING: Local kernel debugging requires booting with kernel
debugging support (/debug or bcdedit -debug on) to work optimally.
*******************************************************************************
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_qfe.090804-1456
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x805644c0
Debug session time: Fri Feb  5 14:25:27.531 2010 (GMT+8)
System Uptime: 0 days 0:41:43.236
lkd> !lmi nt
Loaded Module Info: [nt]
      Module: ntkrnlmp
Base Address: 804d8000
   Image Name: ntkrnlmp.exe
Machine Type: 332 (I386)
   Time Stamp: 4a783d8a Tue Aug 04 21:54:18 2009
         Size: 228000
   CheckSum: 20fd8d
Characteristics: 10e  perf
Debug Data Dirs: Type  Size    VA  Pointer
         CODEVIEW 25, 76ad0, 760d0 RSDS - GUID: {79D38DEF-79B7-454A-9D61-504200179432}
            Age: 2, Pdb: ntkrnlmp.pdb
            CLSID    4, 76acc, 760cc [Data not mapped]
   Image Type: MEMORY - Image read successfully from loaded memory.
Symbol Type: PDB    - Symbols loaded successfully from symbol server.
               d:\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
Load Report: public symbols , not source indexed
               d:\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb

我把360关掉了，还是不行，
仍然没有导出如  nt!_eprocess等结构

2010-2-5 14:41

[旧帖] mssmbios!_PEB 0.00雪花