小弟初学windows驱动开发,使用windbg+vmware双机调试,是按郁金香的教程里配的,当虚拟机进入双机调试启动项时,我在windbg的符号路径设置下设置srv*D:\symbols*http://msdl.microsoft.com/download/symbols,点重新加载,之后windbg就显示
Loading Kernel Symbols
...................................
Loading User Symbols
我打开调试->模块 里面有如下的信息
nt 804d8000 806d0480 Mon Apr 14 02:31:06 2008 (4802516a) 002050d3 PDB d:\symbols\ntkrnlpa.pdb\30B5FB31AE7E4ACAABA750AA241FF3311\ntkrnlpa.pdb
hal 806d1000 806f1300 Mon Apr 14 02:31:27 2008 (4802517f) 00024f17 halaacpi.dll
Mup f94ef000 f9508b80 Mon Apr 14 03:17:05 2008 (48025c31) 0001ab3e Mup.sys
NDIS f9509000 f9535980 Mon Apr 14 03:20:35 2008 (48025d03) 0002e181 NDIS.sys
Ntfs f9536000 f95c2600 Mon Apr 14 03:15:49 2008 (48025be5) 0009586b Ntfs.sys
USBPORT f95c3000 f95e6200 Mon Apr 14 02:45:34 2008 (480254ce) 0002aaec USBPORT.SYS
KSecDD f95e7000 f95fdb00 Wed Jun 24 19:18:40 2009 (4a420b90) 00020e8d KSecDD.sys
fltMgr f95fe000 f961db00 Mon Apr 14 02:32:58 2008 (480251da) 000251bb fltMgr.sys
SCSIPORT f961e000 f9635880 Mon Apr 14 02:40:29 2008 (4802539d) 00021101 SCSIPORT.SYS
atapi f9636000 f964d900 Mon Apr 14 02:40:29 2008 (4802539d) 0001cd25 atapi.sys
dmio f964e000 f9673100 Mon Apr 14 02:44:45 2008 (4802549d) 0002b1f8 dmio.sys
ftdisk f9674000 f9692880 Sat Aug 18 04:52:41 2001 (3b7d8419) 0002595e ftdisk.sys
pci f9693000 f96a3280 Mon Apr 14 02:36:43 2008 (480252bb) 000169fa pci.sys
ACPI f96a4000 f96d1500 Mon Apr 14 02:36:33 2008 (480252b1) 000332df ACPI.sys
isapnp f97d3000 f97dbd80 Mon Apr 14 02:36:40 2008 (480252b8) 0000bce3 isapnp.sys
Hookport f97e3000 f97f1f80 Wed Oct 26 18:01:06 2011 (4ea7da62) 00010f6a Hookport.sys
MountMgr f97f3000 f97fd580 Mon Apr 14 02:39:45 2008 (48025371) 0000e3aa MountMgr.sys
VolSnap f9803000 f980ef80 Mon Apr 14 02:41:00 2008 (480253bc) 000151fc VolSnap.sys
disk f9813000 f981be00 Mon Apr 14 02:40:46 2008 (480253ae) 00014c02 disk.sys
CLASSPNP f9823000 f982f180 Mon Apr 14 03:16:21 2008 (48025c05) 0000ca8c CLASSPNP.SYS
agp440 f9833000 f983d580 Mon Apr 14 02:36:37 2008 (480252b5) 00010c6d agp440.sys
PCIIDEX f9a53000 f9a59180 Mon Apr 14 02:40:29 2008 (4802539d) 00009319 PCIIDEX.SYS
PartMgr f9a5b000 f9a5fd00 Mon Apr 14 02:40:48 2008 (480253b0) 0000c1f3 PartMgr.sys
usbohci f9a63000 f9a67300 Mon Apr 14 02:45:34 2008 (480254ce) 0000b8cf usbohci.sys
BOOTVID f9be3000 f9be6000 Sat Aug 18 04:49:09 2001 (3b7d8345) 0000a36c BOOTVID.dll
acpiec f9be7000 f9be9d80 Sat Aug 18 04:57:55 2001 (3b7d8553) 00009be6 acpiec.sys
compbatt f9beb000 f9bed800 Mon Apr 14 02:36:36 2008 (480252b4) 0000f1e6 compbatt.sys
BATTC f9bef000 f9bf2f00 Mon Apr 14 02:36:32 2008 (480252b0) 00009bca BATTC.SYS
vmscsi f9bf3000 f9bf5b00 Wed May 07 00:05:06 2008 (482081b2) 0000dcee vmscsi.sys
kdcom f9cd3000 f9cd4b80 Sat Aug 18 04:49:10 2001 (3b7d8346) 00008311 kdcom.dll
WMILIB f9cd5000 f9cd6100 Sat Aug 18 05:07:23 2001 (3b7d878b) 0000d600 WMILIB.SYS
intelide f9cd7000 f9cd8580 Mon Apr 14 02:40:29 2008 (4802539d) 0000557d intelide.sys
dmload f9cd9000 f9cda700 Sat Aug 18 04:58:15 2001 (3b7d8567) 0000dc8a dmload.sys
cd20xrnt f9cdb000 f9cdce00 Sat Aug 18 04:52:04 2001 (3b7d83f4) 00002bc2 cd20xrnt.sys
OPRGHDLR f9d9b000 f9d9bd80 Sat Aug 18 04:57:55 2001 (3b7d8553) 0000b001 OPRGHDLR.SYS
pciide f9d9c000 f9d9cd00 Sat Aug 18 04:51:49 2001 (3b7d83e5) 00008eb5 pciide.sys
但我看D盘的symbols文件夹才几M。等了好久都没变。请问下我这样的加载方式对不对?怎么样才算下载完成?我进入虚拟机的XP中,打开Device Tree这个工具,点P按钮就蓝屏了。windbg的错误也是没找到某某函数的符号链接.
[课程]Android-CTF解题方法汇总!