请教:在windbg中使用!lpc port命令失败!

Windows内核调试

请教:在windbg中使用!lpc port命令失败!

Jane1970 2009-11-05, 17:04 下午
环境:XP professional 2002 sp3,windbg 6.11.0001
使用kernel debug 到本地的模式,现场:
lkd>  .sympath SRV*C:\WINDOWS\Symbols*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\WINDOWS\Symbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\WINDOWS\Symbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
lkd> !sym noisy
lkd> !sym noisy
noisy mode - symbol prompts on
noisy mode - symbol prompts on
lkd>  !lmi nt
lkd>  !lmi nt
Loaded Module Info: [nt]
         Module: ntkrnlmp
   Base Address: 804d8000
     Image Name: ntkrnlmp.exe
   Machine Type: 332 (I386)
     Time Stamp: 4a783d8a Tue Aug 04 21:54:18 2009
           Size: 228000
       CheckSum: 20fd8d
Characteristics: 10e  perf
Debug Data Dirs: Type  Size     VA  Pointer
             CODEVIEW    25, 76ad0,   760d0 RSDS - GUID: {79D38DEF-79B7-454A-9D61-504200179432}
               Age: 2, Pdb: ntkrnlmp.pdb
                CLSID     4, 76acc,   760cc [Data not mapped]
     Image Type: MEMORY   - Image read successfully from loaded memory.
    Symbol Type: PDB      - Symbols loaded successfully from symbol server.
                 c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
    Load Report: public symbols , not source indexed
                 c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
Loaded Module Info: [nt]
         Module: ntkrnlmp
   Base Address: 804d8000
     Image Name: ntkrnlmp.exe
   Machine Type: 332 (I386)
     Time Stamp: 4a783d8a Tue Aug 04 21:54:18 2009
           Size: 228000
       CheckSum: 20fd8d
Characteristics: 10e  perf
Debug Data Dirs: Type  Size     VA  Pointer
             CODEVIEW    25, 76ad0,   760d0 RSDS - GUID: {79D38DEF-79B7-454A-9D61-504200179432}
               Age: 2, Pdb: ntkrnlmp.pdb
                CLSID     4, 76acc,   760cc [Data not mapped]
     Image Type: MEMORY   - Image read successfully from loaded memory.
    Symbol Type: PDB      - Symbols loaded successfully from symbol server.
                 c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
    Load Report: public symbols , not source indexed
                 c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
lkd> .reload /f nt
lkd> .reload /f nt
DBGHELP: nt - public symbols 
         c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
DBGHELP: nt - public symbols 
         c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
lkd> !lpc port
lkd> !lpc port
Port type     Port address  Connection port  Connected port  Name
-------------------------------------------------------------------------------
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
Scanned 829 port objects
Port type     Port address  Connection port  Connected port  Name
-------------------------------------------------------------------------------
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
Scanned 829 port objects

Re: 请教:在windbg中使用!lpc port命令失败!

guozf 2009-11-06, 09:26 上午
楼主好像用local debug吧。
可以拭拭双机调试或者用虚拟机调试.

Re: 用虚拟机调试也不行AH!

Jane1970 2009-11-06, 15:03 下午
现场:
kd> !lpc port
Port type Port address Connection port Connected port Name
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
Scanned 254 port objects
kd>!gflag
Current NtGlobalFlag contents :0x00000000
kd>!gflag +0x4000
New NtGlobalFlag contents: 0x00004000
otl - Maintain a list of objects for each type
kd> !lpc port
Port type Port address Connection port Connected port Name
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
Scanned 254 port objects

Powered by Community Server Powered by CnForums.Net