用vm6.0+windbg调试wdk自带的sioctl驱动。我的wdk是7600版的,编译通过后得到文件,这里生成的pdb有两个,一个是 vc90.pdb,还有sioctl.pdb。把对应的pdb文件放到了自己设置的一个文件夹下(e:\mysymbole)。
kd> .sympath
Symbol search path is: SRV*e:\symbols*http://msdl.microsoft.com/download/symbols
;E:\Mysymbole
Expanded Symbol search path is: srv*e:\symbols*http://msdl.microsoft.com/download/symbols
;e:\mysymbole
WARNING: Whitespace at end of path element
这里面有个warning。百度没有找到什么意思。。。。。我试过把这两个pdb文件放到windbg网上下载的那个文件夹(e:\symbols),但是这样一样不行。
然后连上虚拟机后,我在用.reload命令下载符号文件后,输入:
kd> lm
start end module name
804d8000 806ce400 nt (pdb symbols) e:\symbols\ntkrnlpa.pdb\F612363DB38C423CB08559DDBCA9F2F71\ntkrnlpa.pdb
806cf000 806ef380 hal (deferred)
bf800000 bf9c2000 win32k (deferred)
bf9c2000 bf9d3580 dxg (deferred)
bff70000 bff72480 framebuf (deferred)
f702d000 f706d280 HTTP (deferred)
f706e000 f7090080 RDPWD (deferred)
f7181000 f71d2480 srv (deferred)
f7641000 f766b180 kmixer (deferred)
f766c000 f768ec80 aec (deferred)
f7757000 f776b400 wdmaud (deferred)
f7794000 f77c0400 mrxdav (deferred)
f789d000 f78a0e80 DbgMsg (deferred)
f79f1000 f79f4280 ndisuio (deferred)
f7dc5000 f7ddc480 dump_atapi (deferred)
f7e05000 f7e73a00 mrxsmb (deferred)
f7e74000 f7e9ea00 rdbss (deferred)
f7e9f000 f7ec0d00 afd (deferred)
f7ec1000 f7ee1f00 ipnat (deferred)
f7ee2000 f7f09c00 netbt (deferred)
f7f0a000 f7f61d80 tcpip (deferred)
f7f62000 f7f74400 ipsec (deferred)
f7f95000 f7fa8780 VIDEOPRT (deferred)
f7fc9000 f7fcb900 Dxapi (deferred)
f7fd1000 f8029e80 update (deferred)
f803a000 f8046e80 DMusic (deferred)
f804a000 f8057400 swmidi (deferred)
f806a000 f8078d80 sysaudio (deferred)
f80ca000 f80fa100 rdpdr (deferred)
f80fb000 f810be00 psched (deferred)
f811c000 f811ef80 mouhid (deferred)
f8124000 f8126580 hidusb (deferred)
f8134000 f814a680 ndiswan (deferred)
f814b000 f816e980 portcls (deferred)
f816f000 f8191e80 USBPORT (deferred)
f8192000 f81b4680 ks (deferred)
f81b5000 f81c8580 parport (deferred)
f81d9000 f81db980 gameenum (deferred)
f8222000 f823c580 Mup (deferred)
f823d000 f8269a80 NDIS (deferred)
f826a000 f82f6400 Ntfs (deferred)
f82f7000 f830d780 KSecDD (deferred)
f830e000 f831fe00 sr (deferred)
f8320000 f833f780 fltMgr (deferred)
f8340000 f8357480 atapi (deferred)
f8358000 f837d100 dmio (deferred)
f837e000 f839c880 ftdisk (deferred)
f839d000 f844eec0 OsiData (deferred)
f844f000 f845f280 pci (deferred)
f8460000 f848d500 ACPI (deferred)
f848e000 f84a5800 SCSIPORT (deferred)
f869a000 f86a2c00 isapnp (deferred)
f86aa000 f86b4500 MountMgr (deferred)
f86ba000 f86c5f80 VolSnap (deferred)
f86ca000 f86d2e00 disk (deferred)
f86da000 f86e6200 CLASSPNP (deferred)
f86ea000 f86f4580 agp440 (deferred)
f871a000 f8725a00 i8042prt (deferred)
f872a000 f8738a00 serial (deferred)
f873a000 f8746180 cdrom (deferred)
f874a000 f8757600 redbook (deferred)
f875a000 f8762a00 pcntpci5 (deferred)
f876a000 f8773f00 es1371mp (deferred)
f877a000 f8788b80 drmk (deferred)
f878a000 f8793800 intelppm (deferred)
f879a000 f87a6880 rasl2tp (deferred)
f87aa000 f87b4200 raspppoe (deferred)
f87ba000 f87c5d00 raspptp (deferred)
f87ca000 f87d2900 msgpc (deferred)
f87da000 f87e3f00 termdd (deferred)
f87ea000 f87f3480 NDProxy (deferred)
f880a000 f8818100 usbhub (deferred)
f881a000 f8822700 wanarp (deferred)
f882a000 f8832700 netbios (deferred)
f884a000 f8852880 Fips (deferred)
f888a000 f8892d80 HIDCLASS (deferred)
f889a000 f88a9900 Cdfs (deferred)
f891a000 f891e280 cpthook (deferred)
f8922000 f8928200 PCIIDEX (deferred)
f892a000 f892e900 PartMgr (deferred)
f895a000 f895fb00 kbdclass (deferred)
f896a000 f896f500 mouclass (deferred)
f897a000 f8980b00 fdc (deferred)
f898a000 f898f000 usbuhci (deferred)
f899a000 f89a0800 usbehci (deferred)
f89ba000 f89be880 TDI (deferred)
f89ca000 f89ce580 ptilink (deferred)
f89da000 f89de080 raspti (deferred)
f89e2000 f89e7000 flpydisk (deferred)
f8a02000 f8a07200 vga (deferred)
f8a12000 f8a16a80 Msfs (deferred)
f8a22000 f8a29880 Npfs (deferred)
f8a3a000 f8a41b80 usbccgp (deferred)
f8a4a000 f8a50180 HIDPARSE (deferred)
f8a52000 f8a56500 watchdog (deferred)
f8a7a000 f8a7f500 TDTCP (deferred)
f8aaa000 f8aad000 BOOTVID (deferred)
f8aae000 f8ab0980 bootcfg (deferred)
f8ab2000 f8ab4480 compbatt (deferred)
f8ab6000 f8ab9e80 BATTC (deferred)
f8aba000 f8abcb00 vmscsi (deferred)
f8b36000 f8b38280 rasacd (deferred)
f8b3a000 f8b3dc80 serenum (deferred)
f8b52000 f8b55700 CmBatt (deferred)
f8b5a000 f8b5cf80 fsvga (deferred)
f8b62000 f8b64580 ndistapi (deferred)
f8b86000 f8b89c80 mssmbios (deferred)
f8b9a000 f8b9bb80 kdcom (deferred)
f8b9c000 f8b9d100 WMILIB (deferred)
f8b9e000 f8b9f580 intelide (deferred)
f8ba0000 f8ba1700 dmload (deferred)
f8ba8000 f8ba9100 swenum (deferred)
f8bae000 f8baf280 USBD (deferred)
f8bb2000 f8bb3f00 Fs_Rec (deferred)
f8bb6000 f8bb7080 Beep (deferred)
f8bba000 f8bbb080 mnmdd (deferred)
f8bbe000 f8bbf080 RDPCDD (deferred)
f8bc4000 f8bc5100 dump_WMILIB (deferred)
f8c18000 f8c19a80 ParVdm (deferred)
f8c1c000 f8c1d900 splitter (deferred)
f8cd9000 f8cd9d00 dxgthk (deferred)
f8d01000 f8d01b80 drmkaud (deferred)
f8d31000 f8d31c00 audstub (deferred)
f8d76000 f8d76b80 Null (deferred)
Unloaded modules:
f84a6000 f8599000 sptd.sys
f883a000 f8845000 imapi.sys
f89fa000 f89ff000 Cdaudio.SYS
f81cd000 f81d0000 Sfloppy.SYS
里面没有我想要加载的sioctl…..
kd> !lmi sioctl
Loaded Module Info: [sioctl]
*** ERROR: Module load completed but symbols could not be loaded for DbgMsg.SYS
*** ERROR: Module load completed but symbols could not be loaded for OsiData.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for drmk.sys -
*** ERROR: Module load completed but symbols could not be loaded for cpthook.sys
*** ERROR: Module load completed but symbols could not be loaded for bootcfg.sys
*** ERROR: Module load completed but symbols could not be loaded for vmscsi.sys
sioctl not found
请问为什么会出现这个情况啊?
在原来调试的时候,有些时候能够成功,我是指能够在入口函数处断下来,但是很多次都不能成功。求达人指教。我的pdb文件为什么加载不对啊。。。。。
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)