哇!!找不到_TEB32

时间:2014-11-07 06:37:57

标签: c++ windbg

我正在尝试分析wow64进程转储。 问题是内存泄漏,所以我需要检查堆。 我指的是这篇文章来分析转储:

http://www.codeproject.com/Articles/31382/Memory-Leak-Detection-Using-Windbg 

0:000> .load wow64exts

0:000> !sw
Switched to 32bit mode


0:000:x86> !heap -s
NtGlobalFlag enables following debugging aids for new heaps:
    tail checking
    free checking
    validate parameters
LFH Key                   : 0x00000000072e0d1a
Termination on corruption : ENABLED
  Heap     Flags   Reserv  Commit  Virt   Free  List   UCR  Virt  Lock  Fast 
                    (k)     (k)    (k)     (k) length      blocks cont. heap 
-----------------------------------------------------------------------------
00000000001b0000 40000062    1024     32   1024      8     2     1    0      0      
0000000000320000 40001062   47808  45812  47808      7     8     7    0      0      
-----------------------------------------------------------------------------


0:000:x86>  !heap -stat -h 0000000000320000 
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: wow64!_TEB32                                  ***
***                                                                   ***
*************************************************************************
 heap @ 0000000000320000
group-by: TOTSIZE max-display: 20
    size     #blocks     total     ( %) (percent of total busy bytes)

找不到wow64!_TEB32,所以无法继续。 整个身体有没有帮助呢?

1 个答案:

答案 0 :(得分:1)

首先,确保您的symbols are set up correctly,通常是

.symfix c:\symbols
.reload

通常,对于32位应用程序,如果您不想自己调试WOW64层,则应该进行32位转储。

但是,在您的情况下(关于!heap命令),您可以重复32位版本的WinDbg中的步骤,该版本也可以在64位Windows上运行,并且可以打开64位转储。

相关问题
最新问题