-
-
[求助]CVE-2014-4113下断点
-
发表于: 2015-4-19 13:51 3175
-
nt!RtlpBreakWithStatusInstruction:
8407e110 cc int 3
kd> !process 0 0 win32.exe
PROCESS 8716d030 SessionId: 1 Cid: 0ae8 Peb: 7ffdb000 ParentCid: 0a64
DirBase: 3f2fa480 ObjectTable: 963ff670 HandleCount: 25.
Image: win32.exe
kd> bp win32k!xxxMNFindWindowFromPoint
WARNING: Software breakpoints on session addresses can cause bugchecks.
Use hardware execution breakpoints (ba e) if possible.
kd> .process /i 8716d030
You need to continue execution (press 'g' <enter>) for the context
to be switched. When the debugger breaks in again, you will be in
the new process context.
kd> g
Break instruction exception - code 80000003 (first chance)
nt!RtlpBreakWithStatusInstruction:
8407e110 cc int 3
怎么不能断在win32k!xxxMNFindWindowFromPoint这个地方,之前设了断点的
8407e110 cc int 3
kd> !process 0 0 win32.exe
PROCESS 8716d030 SessionId: 1 Cid: 0ae8 Peb: 7ffdb000 ParentCid: 0a64
DirBase: 3f2fa480 ObjectTable: 963ff670 HandleCount: 25.
Image: win32.exe
kd> bp win32k!xxxMNFindWindowFromPoint
WARNING: Software breakpoints on session addresses can cause bugchecks.
Use hardware execution breakpoints (ba e) if possible.
kd> .process /i 8716d030
You need to continue execution (press 'g' <enter>) for the context
to be switched. When the debugger breaks in again, you will be in
the new process context.
kd> g
Break instruction exception - code 80000003 (first chance)
nt!RtlpBreakWithStatusInstruction:
8407e110 cc int 3
怎么不能断在win32k!xxxMNFindWindowFromPoint这个地方,之前设了断点的
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
赞赏
他的文章
- [求助]写一个能控制explore.exe的程序 3192
- [求助]如何判断函数到底是哪个进程执行的 2707
- [求助]Memory access error in 'u 地址' 2482
- [求助]CVE-2014-4113下断点 3176
- [求助]怎么绕过UAC 3451
看原图
赞赏
雪币:
留言: