1、第一个层次
直接看reactos的源代码,直接定位问题
2、第二个层次
通过windbg加载系统的dll(oleaut32.dll),通过
ld oleaut32
!lmi oleaut32
Loaded Module Info: [oleaut32]
Module: OLEAUT32
Base Address: 74f80000
Image Name: C:\Windows\syswow64\OLEAUT32.dll
Machine Type: 332 (I386)
Time Stamp: 56b24bc6 Thu Feb 04 02:49:42 2016
Size: 8f000
CheckSum: 93b35
Characteristics: 2102 perf
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 25, 84968, 83d68 RSDS - GUID: {6C7EA103-6380-4829-97C8-F91305A5CB4D}
Age: 2, Pdb: oleaut32.pdb
CLSID 4, 84964, 83d64 [Data not mapped]
Image Type: FILE - Image read successfully from debugger.
C:\Windows\syswow64\OLEAUT32.dll
Symbol Type: PDB - Symbols loaded successfully from image path.
d:\tc\symbol\oleaut32.pdb\6C7EA1036380482997C8F91305A5CB4D2\oleaut32.pdb
Load Report: public symbols , not source indexed
d:\tc\symbol\oleaut32.pdb\6C7EA1036380482997C8F91305A5CB4D2\oleaut32.pdb
然后使用ida来加载dll,同时加载pdb文件,来查看
3、第三个层次
只是ida加载dll来查看,就是这样