Re: 用虚拟机调试也不行AH!
Windows内核调试
请教:在windbg中使用!lpc port命令失败!
Jane1970
2009-11-05, 17:04 下午
环境:XP professional 2002 sp3,windbg 6.11.0001
使用kernel debug 到本地的模式,现场:
lkd> .sympath SRV*C:\WINDOWS\Symbols*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\WINDOWS\Symbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\WINDOWS\Symbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
lkd> !sym noisy
lkd> !sym noisy
noisy mode - symbol prompts on
noisy mode - symbol prompts on
lkd> !lmi nt
lkd> !lmi nt
Loaded Module Info: [nt]
Module: ntkrnlmp
Base Address: 804d8000
Image Name: ntkrnlmp.exe
Machine Type: 332 (I386)
Time Stamp: 4a783d8a Tue Aug 04 21:54:18 2009
Size: 228000
CheckSum: 20fd8d
Characteristics: 10e perf
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 25, 76ad0, 760d0 RSDS - GUID: {79D38DEF-79B7-454A-9D61-504200179432}
Age: 2, Pdb: ntkrnlmp.pdb
CLSID 4, 76acc, 760cc [Data not mapped]
Image Type: MEMORY - Image read successfully from loaded memory.
Symbol Type: PDB - Symbols loaded successfully from symbol server.
c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
Load Report: public symbols , not source indexed
c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
Loaded Module Info: [nt]
Module: ntkrnlmp
Base Address: 804d8000
Image Name: ntkrnlmp.exe
Machine Type: 332 (I386)
Time Stamp: 4a783d8a Tue Aug 04 21:54:18 2009
Size: 228000
CheckSum: 20fd8d
Characteristics: 10e perf
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 25, 76ad0, 760d0 RSDS - GUID: {79D38DEF-79B7-454A-9D61-504200179432}
Age: 2, Pdb: ntkrnlmp.pdb
CLSID 4, 76acc, 760cc [Data not mapped]
Image Type: MEMORY - Image read successfully from loaded memory.
Symbol Type: PDB - Symbols loaded successfully from symbol server.
c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
Load Report: public symbols , not source indexed
c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
lkd> .reload /f nt
lkd> .reload /f nt
DBGHELP: nt - public symbols
c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
DBGHELP: nt - public symbols
c:\windows\symbols\ntkrnlmp.pdb\79D38DEF79B7454A9D615042001794322\ntkrnlmp.pdb
lkd> !lpc port
lkd> !lpc port
Port type Port address Connection port Connected port Name
-------------------------------------------------------------------------------
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
Scanned 829 port objects
Port type Port address Connection port Connected port Name
-------------------------------------------------------------------------------
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
Scanned 829 port objects
Re: 请教:在windbg中使用!lpc port命令失败!
guozf
2009-11-06, 09:26 上午
楼主好像用local debug吧。
可以拭拭双机调试或者用虚拟机调试.
Re: 用虚拟机调试也不行AH!
Jane1970
2009-11-06, 15:03 下午
现场:
kd> !lpc port
Port type Port address Connection port Connected port Name
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
Scanned 254 port objects
kd>!gflag
Current NtGlobalFlag contents :0x00000000
kd>!gflag +0x4000
New NtGlobalFlag contents: 0x00004000
otl - Maintain a list of objects for each type
kd> !lpc port
Port type Port address Connection port Connected port Name
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
*** objects of the same type are only linked together if the 4000 flag is set in NtGlobalFlags
Scanned 254 port objects