-
-
[旧帖] [求助]调试疑问 0.00雪花
-
发表于: 2015-5-16 09:37
-
1.
kd> dd KdDebuggerEnabled
805548c1 01000001 00000000 00000000 01000000
805548d1 00000000 00000000 00000000 01000000
805548e1 06000000 09000000 ff00003a c0a0033f
805548f1 00806db4 00000000 5d000000 18000000
80554901 008003f1 00000000 00000000 01000000
80554911 00000000 01000000 00000000 00000000
80554921 00000000 00000000 00000000 00000000
80554931 00000000 00000000 00000000 00000000
2.
kd> dt _eprocess
mssmbios!_EPROCESS
+0x000 Pcb : _KPROCESS
+0x06c ProcessLock : _EX_PUSH_LOCK
+0x070 CreateTime : _LARGE_INTEGER
+0x078 ExitTime : _LARGE_INTEGER
+0x080 RundownProtect : _EX_RUNDOWN_REF
+0x084 UniqueProcessId : Ptr32 Void
+0x088 ActiveProcessLinks : _LIST_ENTRY
3.kd> u KeAttachProcess
nt!KeAttachProcess:
804ec4a8 8bff mov edi,edi
804ec4aa 55 push ebp
804ec4ab 8bec mov ebp,es
4.
kd> dd KdPitchDebugger
Couldn't resolve error at 'KdPitchDebugger'
5.
kd> dd KiDebugRoutine
Couldn't resolve error at 'KiDebugRoutine'
6.
kd> u Nt!KiAttachProcess
Couldn't resolve error at 'Nt!KiAttachProcess'
各位大牛,不知道你们遇到这种情况不???123都能查出来,456,为啥不能,照理说应该有的呀,KiAttachProcess
这个函数不应该没呀,我符号文件也下了呀但是加载的时候有点疑惑
Loading Kernel Symbols
...............................................................
.............................................................
Loading User Symbols
Loading unloaded module list
...........
到底哪里出问题了,望求解。
kd> dd KdDebuggerEnabled
805548c1 01000001 00000000 00000000 01000000
805548d1 00000000 00000000 00000000 01000000
805548e1 06000000 09000000 ff00003a c0a0033f
805548f1 00806db4 00000000 5d000000 18000000
80554901 008003f1 00000000 00000000 01000000
80554911 00000000 01000000 00000000 00000000
80554921 00000000 00000000 00000000 00000000
80554931 00000000 00000000 00000000 00000000
2.
kd> dt _eprocess
mssmbios!_EPROCESS
+0x000 Pcb : _KPROCESS
+0x06c ProcessLock : _EX_PUSH_LOCK
+0x070 CreateTime : _LARGE_INTEGER
+0x078 ExitTime : _LARGE_INTEGER
+0x080 RundownProtect : _EX_RUNDOWN_REF
+0x084 UniqueProcessId : Ptr32 Void
+0x088 ActiveProcessLinks : _LIST_ENTRY
3.kd> u KeAttachProcess
nt!KeAttachProcess:
804ec4a8 8bff mov edi,edi
804ec4aa 55 push ebp
804ec4ab 8bec mov ebp,es
4.
kd> dd KdPitchDebugger
Couldn't resolve error at 'KdPitchDebugger'
5.
kd> dd KiDebugRoutine
Couldn't resolve error at 'KiDebugRoutine'
6.
kd> u Nt!KiAttachProcess
Couldn't resolve error at 'Nt!KiAttachProcess'
各位大牛,不知道你们遇到这种情况不???123都能查出来,456,为啥不能,照理说应该有的呀,KiAttachProcess
这个函数不应该没呀,我符号文件也下了呀但是加载的时候有点疑惑
Loading Kernel Symbols
...............................................................
.............................................................
Loading User Symbols
Loading unloaded module list
...........
到底哪里出问题了,望求解。
|
|
|---|---|
|
|
|
|
|
|
|
|
|
