我目前正在学习Windows内存转储分析,并且我想使用名为SwishDbgExt的WinDbg的开源扩展。
然而,当我运行WinDbg时,加载了扩展名,然后我尝试使用任何命令,打印此异常。
0: kd> !load C:\Users\Martin\Desktop\SwishDbgExt-master\bin\x64\SwishDbgExt.dll
SwishDbgExt v0.6.2.20150116 (Mar 27 2015) - Incident Response & Digital Forensics Debugging Extension
SwishDbgExt Copyright (C) 2014 MoonSols Ltd
SwishDbgExt Copyright (C) 2014 Matthieu Suiche (@msuiche) - http://msuiche.net
This program comes with ABSOLUTELY NO NARRANTY; for details type ‘show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type ‘show c' for details.
0: kd> !SwishDbgExt.help
Commands for C:\Users\Martin\Desktop\SwishDbgExt-master\bin\x64\SwishDbgExt.dll:
!help - Displays information on available extension commands
!ms_callbacks - Display callback functions
!ms_consoles - Display console command's history
!ms_credentials - Display user's credentials (based on gentilwiki's mimikatz)
!ms_drivers — Display list of drivers
!ms_dump - Dump memory space on disk
!ms_exqueue - Display Ex queued workers
!ms_gdt — Display GDT
!ms_hivelist - Display list of registry hives
!ms_idt - Display IDT
!ms_malscore — Analyze a memory space and returns a Malware Score Index (MSI) - (based on Frank Bo1dewin's work)
!ms_mbr - Scan Master Boot Record (MBR)
!ms_netstat — Display network information (sockets, connections, ...)
!ms_object - Display list of object
!ms_process - Display list of processes
!ms_readkcb — Read key control block
!ms_readknode - Read key node
!ms_readkvalue - Read key value
!ms_scanndishook — Scan and display suspicious NDIS hooks
!ms_services - Display list of services
!ms_ssdt - Display service descriptor table (SDT) functions
!ms_store — Display information related to the Store Manager (ReadyBoost)
!ms_timers - Display list of KTIMER
!ms_vacbs — Display list of cached VACBs
!help <cmd> will give more information for a particular command
0: kd> !ms_drivers
ERROR: !ms_drivers: extension exception 0x80004005.
"ExtRemoteTyped::ArrayElement: unable to retrieve element 0"
你知道怎么解决或调试这个吗?
P.S:我在C或汇编方面的经验有限,我只是在C#编程方面经验丰富。