我正在阅读Advanced .NET Debugging一书,该书引用了32位notepad.exe,并说我应该能够找到偏移量AddressOfEntryPoint
处的0x108
,该偏移量应为0x31F8
的RVA。
我使用的是64位Windows 10,它似乎不存在,其值为0x0B02
。
当我尝试在ntsd中反汇编时,出现内存访问错误(我原以为notepad!WinMainCRTStartup
:
Microsoft (R) Windows Debugger Version 10.0.17134.12 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: \Windows\notepad.exe
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*C:\Symbols\Microsoft
*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\Symbols\Microsoft
*http://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00007ff6`50db0000 00007ff6`50df1000 notepad.exe
ModLoad: 00007ffe`72370000 00007ffe`72540000 ntdll.dll
ModLoad: 00007ffe`6f970000 00007ffe`6fa1c000 C:\WINDOWS\System32\KERNEL32.DLL
ModLoad: 00007ffe`6e880000 00007ffe`6ea9d000 C:\WINDOWS\System32\KERNELBASE.dll
ModLoad: 00007ffe`6fea0000 00007ffe`6ff42000 C:\WINDOWS\System32\ADVAPI32.dll
ModLoad: 00007ffe`6fbf0000 00007ffe`6fc8e000 C:\WINDOWS\System32\msvcrt.dll
ModLoad: 00007ffe`70af0000 00007ffe`70b49000 C:\WINDOWS\System32\sechost.dll
ModLoad: 00007ffe`720c0000 00007ffe`721e1000 C:\WINDOWS\System32\RPCRT4.dll
ModLoad: 00007ffe`70690000 00007ffe`706c4000 C:\WINDOWS\System32\GDI32.dll
ModLoad: 00007ffe`6f5c0000 00007ffe`6f741000 C:\WINDOWS\System32\gdi32full.dll
ModLoad: 00007ffe`721f0000 00007ffe`72355000 C:\WINDOWS\System32\USER32.dll
ModLoad: 00007ffe`6e860000 00007ffe`6e87e000 C:\WINDOWS\System32\win32u.dll
ModLoad: 00007ffe`70790000 00007ffe`70a58000 C:\WINDOWS\System32\combase.dll
ModLoad: 00007ffe`6f750000 00007ffe`6f845000 C:\WINDOWS\System32\ucrtbase.dll
ModLoad: 00007ffe`6eaa0000 00007ffe`6eb0a000 C:\WINDOWS\System32\bcryptPrimitives.dll
ModLoad: 00007ffe`706d0000 00007ffe`7078f000 C:\WINDOWS\System32\OLEAUT32.dll
ModLoad: 00007ffe`6f4c0000 00007ffe`6f55c000 C:\WINDOWS\System32\msvcp_win.dll
ModLoad: 00007ffe`700b0000 00007ffe`701aa000 C:\WINDOWS\System32\COMDLG32.dll
ModLoad: 00007ffe`60bd0000 00007ffe`60e4a000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.2273_none_7de240fc83403786\COMCTL32.dll
ModLoad: 00007ffe`6f850000 00007ffe`6f8f9000 C:\WINDOWS\System32\shcore.dll
ModLoad: 00007ffe`6fe40000 00007ffe`6fe92000 C:\WINDOWS\System32\SHLWAPI.dll
ModLoad: 00007ffe`70bb0000 00007ffe`720b5000 C:\WINDOWS\System32\SHELL32.dll
ModLoad: 00007ffe`6f1f0000 00007ffe`6f232000 C:\WINDOWS\System32\cfgmgr32.dll
ModLoad: 00007ffe`6eb10000 00007ffe`6f1e9000 C:\WINDOWS\System32\windows.storage.dll
ModLoad: 00007ffe`6e7d0000 00007ffe`6e81c000 C:\WINDOWS\System32\powrprof.dll
ModLoad: 00007ffe`6e820000 00007ffe`6e82f000 C:\WINDOWS\System32\kernel.appcore.dll
ModLoad: 00007ffe`6e840000 00007ffe`6e854000 C:\WINDOWS\System32\profapi.dll
ModLoad: 00007ffe`6a480000 00007ffe`6a605000 C:\WINDOWS\SYSTEM32\PROPSYS.dll
ModLoad: 00007ffe`5cca0000 00007ffe`5ccb7000 C:\WINDOWS\SYSTEM32\FeClient.dll
ModLoad: 00007ffe`678f0000 00007ffe`67976000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV
ModLoad: 00007ffe`61120000 00007ffe`612e2000 C:\WINDOWS\SYSTEM32\urlmon.dll
ModLoad: 00007ffe`6e710000 00007ffe`6e73b000 C:\WINDOWS\SYSTEM32\bcrypt.dll
ModLoad: 00007ffe`62140000 00007ffe`623e5000 C:\WINDOWS\SYSTEM32\iertutil.dll
(40d8.452c): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
ntdll!LdrInitShimEngineDynamic+0x360:
00007ffe`72442cc0 cc int 3
0:000> u 00007ff2+0x0b02
00000000`00008af4 ?? ???
^ Memory access error in 'u 00007ff2+0x0b02'
这是由于32/64位吗?
我该怎么办?