引用地址:http://apps.hi.baidu.com/share/detail/17829993
问题:不知道Windbg为啥不自动去官方网站上去下载符号,符号路径应该是对的:SRV*d:\Symbols*http://msdl.microsoft.com/download/symbols
输入命令提示下面的文字:
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: _EPROCESS ***
*** ***
*************************************************************************
在网上搜解决方案,发现下面的方法是对的:
1. 若符号存在D:\Symbols,输入命令:
2 .[使用!sym noisy命令希望WinDBG在获得符号的时候取得更多的信息,接着使用!lmi命令让WinDBG查看Windows的ntoskrnl模块。然后使用.reload /f尝试获取ntoskrnl的符号.]如下:
kd> !sym noisy
kd> !lmi nt
kd> .reload /f nt
成功于否输入命令查看之: kd> !lmi nt
nt!_EPROCESS
+0x000 Pcb : _KPROCESS
+0x06c ProcessLock : _EX_PUSH_LOCK
+0x070 CreateTime : _LARGE_INTEGER
+0x078 ExitTime : _LARGE_INTEGER
+0x080 RundownProtect : _EX_RUNDOWN_REF
+0x084 UniqueProcessId : Ptr32 Void
+0x088 ActiveProcessLinks : _LIST_ENTRY
+0x090 QuotaUsage : [3] Uint4B
+0x09c QuotaPeak : [3] Uint4B
+0x0a8 CommitCharge : Uint4B
+0x0ac PeakVirtualSize : Uint4B
+0x0b0 VirtualSize : Uint4B