我问的是当显示以下这个内容时
PROCESS 896e2b28 SessionId: 0 Cid: 07b0 Peb: 7ffdf000 ParentCid: 02e8
DirBase: 0adc0480 ObjectTable: e1089880 HandleCount: 52.
Image: calc.exe
……
我照书上说的用此命令显示DirBase:0adc0480,即CR3的值时,不能显示有关数值,而是提示读取物理内存失败的“错误提示”。不知道什么原因。
lkd> !dd 0adc0480
Physical memory read at adc0480 failed
If you know the caching attributes used for the memory,
try specifying " src="/emoticons/emotion-44.gif">, [uc] or [wc], as in !dd " src="/emoticons/emotion-44.gif"> <params>.
WARNING: Incorrect use of these flags will cause unpredictable
processor corruption. This may immediately (or at any time in
the future until reboot) result in a system hang, incorrect data
being displayed or other strange crashes and corruption.