-
-
[旧帖] [求助]windbg的.reload /u问题 0.00雪花
-
发表于: 2012-5-12 22:27
-
0:003> lm//.reload /u之前
start end module name
00400000 005b6000 Simple1Demo (deferred)
00b60000 00b9c000 SkinLog (deferred)
00bb0000 00bee000 SkinScroll (deferred)
00e80000 00f30000 safemon (deferred)
019f0000 019ff000 WordStrokeHelper32 (deferred)
10000000 1006d000 SkinHgy (deferred) //这个dll在列
4ae90000 4b03b000 gdiplus (deferred)
5adc0000 5adf7000 UxTheme (deferred)
62c20000 62c29000 LPK (deferred)
71a10000 71a18000 WS2HELP (deferred)
71a20000 71a37000 WS2_32 (deferred)
72f70000 72f96000 WINSPOOL (deferred)
73640000 7366e000 msctfime (deferred)
73b30000 73b36000 dciman32 (deferred)
73fa0000 7400b000 USP10 (deferred)
74680000 746cc000 MSCTF (deferred)
74c90000 74cb0000 oledlg (deferred)
762f0000 762f5000 MSIMG32 (deferred)
76300000 7631d000 IMM32 (deferred)
76320000 76367000 COMDLG32 (deferred)
765e0000 76673000 CRYPT32 (deferred)
76680000 76726000 WININET (deferred)
76990000 76ace000 ole32 (deferred)
76b10000 76b3a000 WINMM (deferred)
76bc0000 76bcb000 PSAPI (deferred)
76db0000 76dc2000 MSASN1 (deferred)
770f0000 7717b000 OLEAUT32 (deferred)
77180000 77283000 COMCTL32 (deferred)
77bd0000 77bd8000 VERSION (deferred)
77be0000 77c38000 msvcrt (deferred)
77d10000 77da0000 USER32 (deferred)
77da0000 77e49000 ADVAPI32 (deferred)
77e50000 77ee3000 RPCRT4 (deferred)
77ef0000 77f39000 GDI32 (deferred)
77f40000 77fb6000 SHLWAPI (deferred)
77fc0000 77fd1000 Secur32 (deferred)
7c800000 7c91e000 kernel32 (deferred)
7c920000 7c9b3000 ntdll (pdb symbols) C:\WINDOWS\symbols\dll\ntdll.pdb
7d590000 7dd84000 SHELL32 (deferred)
0:003> !sym noisy
noisy mode - symbol prompts on
0:003> .reload /u SkinHgy.dll
Unloaded SkinHgy.dll//成功了??
0:003> lm
start end module name
00400000 005b6000 Simple1Demo (deferred)
00b60000 00b9c000 SkinLog (deferred)
00bb0000 00bee000 SkinScroll (deferred)
00e80000 00f30000 safemon (deferred)
019f0000 019ff000 WordStrokeHelper32 (deferred)
4ae90000 4b03b000 gdiplus (deferred)
5adc0000 5adf7000 UxTheme (deferred)
62c20000 62c29000 LPK (deferred)
71a10000 71a18000 WS2HELP (deferred)
71a20000 71a37000 WS2_32 (deferred)
72f70000 72f96000 WINSPOOL (deferred)
73640000 7366e000 msctfime (deferred)
73b30000 73b36000 dciman32 (deferred)
73fa0000 7400b000 USP10 (deferred)
74680000 746cc000 MSCTF (deferred)
74c90000 74cb0000 oledlg (deferred)
762f0000 762f5000 MSIMG32 (deferred)
76300000 7631d000 IMM32 (deferred)
76320000 76367000 COMDLG32 (deferred)
765e0000 76673000 CRYPT32 (deferred)
76680000 76726000 WININET (deferred)
76990000 76ace000 ole32 (deferred)
76b10000 76b3a000 WINMM (deferred)
76bc0000 76bcb000 PSAPI (deferred)
76db0000 76dc2000 MSASN1 (deferred)
770f0000 7717b000 OLEAUT32 (deferred)
77180000 77283000 COMCTL32 (deferred)
77bd0000 77bd8000 VERSION (deferred)
77be0000 77c38000 msvcrt (deferred)
77d10000 77da0000 USER32 (deferred)
77da0000 77e49000 ADVAPI32 (deferred)
77e50000 77ee3000 RPCRT4 (deferred)
77ef0000 77f39000 GDI32 (deferred)
77f40000 77fb6000 SHLWAPI (deferred)
77fc0000 77fd1000 Secur32 (deferred)
7c800000 7c91e000 kernel32 (deferred)
7c920000 7c9b3000 ntdll (pdb symbols) C:\WINDOWS\symbols\dll\ntdll.pdb
7d590000 7dd84000 SHELL32 (deferred)
.reload /u 帮助文档说是/u Unloads the specified module and all its symbol
我用0:003> .reload /u SkinHgy.dll
之后lm 的确不显示SkinHgy.dll
但用冰刃打开程序看,SkinHgy.dll明显还是被加载的,
但windbg之后用lm命令显示不出SkinHgy.dll
这是什么原因?求指点万分感谢
start end module name
00400000 005b6000 Simple1Demo (deferred)
00b60000 00b9c000 SkinLog (deferred)
00bb0000 00bee000 SkinScroll (deferred)
00e80000 00f30000 safemon (deferred)
019f0000 019ff000 WordStrokeHelper32 (deferred)
10000000 1006d000 SkinHgy (deferred) //这个dll在列
4ae90000 4b03b000 gdiplus (deferred)
5adc0000 5adf7000 UxTheme (deferred)
62c20000 62c29000 LPK (deferred)
71a10000 71a18000 WS2HELP (deferred)
71a20000 71a37000 WS2_32 (deferred)
72f70000 72f96000 WINSPOOL (deferred)
73640000 7366e000 msctfime (deferred)
73b30000 73b36000 dciman32 (deferred)
73fa0000 7400b000 USP10 (deferred)
74680000 746cc000 MSCTF (deferred)
74c90000 74cb0000 oledlg (deferred)
762f0000 762f5000 MSIMG32 (deferred)
76300000 7631d000 IMM32 (deferred)
76320000 76367000 COMDLG32 (deferred)
765e0000 76673000 CRYPT32 (deferred)
76680000 76726000 WININET (deferred)
76990000 76ace000 ole32 (deferred)
76b10000 76b3a000 WINMM (deferred)
76bc0000 76bcb000 PSAPI (deferred)
76db0000 76dc2000 MSASN1 (deferred)
770f0000 7717b000 OLEAUT32 (deferred)
77180000 77283000 COMCTL32 (deferred)
77bd0000 77bd8000 VERSION (deferred)
77be0000 77c38000 msvcrt (deferred)
77d10000 77da0000 USER32 (deferred)
77da0000 77e49000 ADVAPI32 (deferred)
77e50000 77ee3000 RPCRT4 (deferred)
77ef0000 77f39000 GDI32 (deferred)
77f40000 77fb6000 SHLWAPI (deferred)
77fc0000 77fd1000 Secur32 (deferred)
7c800000 7c91e000 kernel32 (deferred)
7c920000 7c9b3000 ntdll (pdb symbols) C:\WINDOWS\symbols\dll\ntdll.pdb
7d590000 7dd84000 SHELL32 (deferred)
0:003> !sym noisy
noisy mode - symbol prompts on
0:003> .reload /u SkinHgy.dll
Unloaded SkinHgy.dll//成功了??
0:003> lm
start end module name
00400000 005b6000 Simple1Demo (deferred)
00b60000 00b9c000 SkinLog (deferred)
00bb0000 00bee000 SkinScroll (deferred)
00e80000 00f30000 safemon (deferred)
019f0000 019ff000 WordStrokeHelper32 (deferred)
4ae90000 4b03b000 gdiplus (deferred)
5adc0000 5adf7000 UxTheme (deferred)
62c20000 62c29000 LPK (deferred)
71a10000 71a18000 WS2HELP (deferred)
71a20000 71a37000 WS2_32 (deferred)
72f70000 72f96000 WINSPOOL (deferred)
73640000 7366e000 msctfime (deferred)
73b30000 73b36000 dciman32 (deferred)
73fa0000 7400b000 USP10 (deferred)
74680000 746cc000 MSCTF (deferred)
74c90000 74cb0000 oledlg (deferred)
762f0000 762f5000 MSIMG32 (deferred)
76300000 7631d000 IMM32 (deferred)
76320000 76367000 COMDLG32 (deferred)
765e0000 76673000 CRYPT32 (deferred)
76680000 76726000 WININET (deferred)
76990000 76ace000 ole32 (deferred)
76b10000 76b3a000 WINMM (deferred)
76bc0000 76bcb000 PSAPI (deferred)
76db0000 76dc2000 MSASN1 (deferred)
770f0000 7717b000 OLEAUT32 (deferred)
77180000 77283000 COMCTL32 (deferred)
77bd0000 77bd8000 VERSION (deferred)
77be0000 77c38000 msvcrt (deferred)
77d10000 77da0000 USER32 (deferred)
77da0000 77e49000 ADVAPI32 (deferred)
77e50000 77ee3000 RPCRT4 (deferred)
77ef0000 77f39000 GDI32 (deferred)
77f40000 77fb6000 SHLWAPI (deferred)
77fc0000 77fd1000 Secur32 (deferred)
7c800000 7c91e000 kernel32 (deferred)
7c920000 7c9b3000 ntdll (pdb symbols) C:\WINDOWS\symbols\dll\ntdll.pdb
7d590000 7dd84000 SHELL32 (deferred)
.reload /u 帮助文档说是/u Unloads the specified module and all its symbol
我用0:003> .reload /u SkinHgy.dll
之后lm 的确不显示SkinHgy.dll
但用冰刃打开程序看,SkinHgy.dll明显还是被加载的,
但windbg之后用lm命令显示不出SkinHgy.dll
这是什么原因?求指点
万分感谢 [培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
