我开始使用"Getting Started with WinDbg (User-Mode)"教程来探索windbg。
我到目前为止输入了以下命令:
0:000> .sympath srv*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*https://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*https://msdl.microsoft.com/download/symbols
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*https://msdl.microsoft.com/download/symbols
0:000> .reload
Reloading current modules
....................................
0:000> !sym noisy
noisy mode - symbol prompts on
0:000> .reload
Reloading current modules
....................................
SYMSRV: BYINDEX: 0x8
https://msdl.microsoft.com/download/symbols
ntdll.pdb
13B64B553003FA22AB7CCD36A3A5431F1
SYMSRV: PATH: C:\ProgramData\dbg\sym\ntdll.pdb\13B64B553003FA22AB7CCD36A3A5431F1\ntdll.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: ntdll - public symbols
C:\ProgramData\dbg\sym\ntdll.pdb\13B64B553003FA22AB7CCD36A3A5431F1\ntdll.pdb
0:000> x notepad!\*
SYMSRV: BYINDEX: 0x9
https://msdl.microsoft.com/download/symbols
notepad.pdb
414876112BFF3872B4ED8ADBFE5D6BF21
SYMSRV: PATH: C:\ProgramData\dbg\sym\notepad.pdb\414876112BFF3872B4ED8ADBFE5D6BF21\notepad.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: notepad - public symbols
C:\ProgramData\dbg\sym\notepad.pdb\414876112BFF3872B4ED8ADBFE5D6BF21\notepad.pdb
根据教程,我现在应该看到类似的东西:
000000d0`428ff7e8 00007ff6`3282122f notepad!WinMain
我的问题在哪里?
编辑:
我试过
x notepad!
并收到:
00007ff7`0c046be8 notepad!StringLengthWorkerW (void)
00007ff7`0c0493f4 notepad!__mainCRTStartup (void)
00007ff7`0c048980 notepad!`WaitForCompletion<Windows::Foundation::IAsyncOperationCompletedHandler<Windows::Storage::StorageFile * __ptr64>,Windows::Foundation::IAsyncOperation<Windows::Storage::StorageFile * __ptr64> >'::`2'::FTMEventDelegate::Invoke (void)
00007ff7`0c049eee notepad!_onexit$fin$0 (void)
00007ff7`0c037114 notepad!lstrncmpi (void)
00007ff7`0c031160 notepad!wil::details::`dynamic initializer for 'g_threadFailureCallbacks'' (void)
00007ff7`0c049ed0 notepad!__mainCRTStartup$filt$0 (void)
00007ff7`0c049390 notepad!pre_cpp_init (void)
00007ff7`0c048540 notepad!Microsoft::WRL::Details::DelegateArgTraits<long (__cdecl Windows::Foundation::IEventHandler_impl<Windows::Foundation::Internal::AggregateType<Windows::Security::EnterpriseData::ProtectedContentRevokedEventArgs * __ptr64,Windows::Security::EnterpriseData::IProtectedContentRevokedEventArgs * __ptr64> >::*)(IInspectable * __ptr64,Windows::Security::EnterpriseData::IProtectedContentRevokedEventArgs * __ptr64) __ptr64>::DelegateInvokeHelper<Windows::Foundation::IEventHandler<Windows::Security::EnterpriseData::ProtectedContentRevokedEventArgs * __ptr64>,<lambda_a14bb941c0fe59b218955a198ac884ae>,-1,IInspectable * __ptr64,Windows::Security::EnterpriseData::IProtectedContentRevokedEventArgs * __ptr64>::Invoke (void)
00007ff7`0c048980 notepad!`WaitForCompletion<Windows::Foundation::IAsyncOperationCompletedHandler<Windows::Security::EnterpriseData::FileProtectionInfo * __ptr64>,Windows::Foundation::IAsyncOperation<Windows::Security::EnterpriseData::FileProtectionInfo * __ptr64> >'::`2'::FTMEventDelegate::Invoke (void)
00007ff7`0c049f10 notepad!_IsNonwritableInCurrentImage$filt$0 (void)
00007ff7`0c031190 notepad!wil::details::`dynamic initializer for 'g_header_init_InitializeResultHeader'' (void)
00007ff7`0c044030 notepad!_TlgDefineProvider_annotation__Tlgg_NotepadTraceProviderProv (void)
00007ff7`0c048208 notepad!Microsoft::WRL::Callback<Windows::Foundation::IEventHandler<Windows::Security::EnterpriseData::ProtectedContentRevokedEventArgs * __ptr64>,<lambda_a14bb941c0fe59b218955a198ac884ae> > (void)
00007ff7`0c048470 notepad!Microsoft::WRL::Details::DelegateArgTraits<long (__cdecl Windows::Foundation::IEventHandler_impl<IInspectable * __ptr64>::*)(IInspectable * __ptr64,IInspectable * __ptr64) __ptr64>::DelegateInvokeHelper<Windows::Foundation::IEventHandler<IInspectable * __ptr64>,<lambda_991a591d0d3cbc330e1b7e385cc8b6da>,-1,IInspectable * __ptr64,IInspectable * __ptr64>::Invoke (void)
00007ff7`0c031150 notepad!wil::details::`dynamic initializer for 'g_processLocalData'' (void)
00007ff7`0c031120 notepad!wil::details::`dynamic initializer for 'g_header_init_WilInitialize_ResultMacros_DesktopOrSystem'' (void)
00007ff7`0c049f70 notepad!wil::details::`dynamic atexit destructor for 'g_threadFailureCallbacks'' (void)
00007ff7`0c0492c0 notepad!pre_c_init (void)
00007ff7`0c049f30 notepad!`operator new'::`1'::catch$0 (void)
00007ff7`0c04205c notepad!NPRegister (void)
00007ff7`0c049f50 notepad!wil::details::`dynamic atexit destructor for 'g_processLocalData'' (void)
那么,那是问题吗?......
BR,Tal
答案 0 :(得分:0)
该博客帖子插入反斜杠,不应有反斜杠。可能是CMS问题。
x notepad!\*
应为x notepad!*
。如果您正在寻找方法的已知部分,您还可以使用x notepad!*Main*
:
0:002> x notepad!*Main*
00000000`ff33c5c0 notepad!_imp___getmainargs = <no type information>
00000000`ff333a14 notepad!WinMain (<no parameter info>)
00000000`ff333acc notepad!WinMainCRTStartup (<no parameter info>)