本文介绍了如何使用Windows Debugging Tools进行系统调试,包括目录浏览、进程查看、符号文件设置及内核调试。通过tlist.exe展示了系统中的进程信息,并探讨了Windows XP的内核特性,如多处理器支持、内存管理和权限结构。同时提到了内核调试符号文件的配置以及使用windbg工具进行内核调试的方法。
C:\Program Files>cd "Debugging Tools for Windows (x86)"
C:\Program Files\Debugging Tools for Windows (x86)>dir
驱动器 C 中的卷没有标签。
卷的序列号是 18F6-A188
C:\Program Files\Debugging Tools for Windows (x86) 的目录
2012-02-02 14:24 <DIR> .
2012-02-02 14:24 <DIR> ..
2012-02-02 14:24 <DIR> 1394
2009-08-24 14:38 71,168 adplus.doc
2010-02-01 12:27 97,040 adplus.exe
2010-02-01 12:27 29,056 adplusext.dll
2010-02-01 12:27 80,656 adplusmanager.exe
2009-08-24 14:38 2,068 adplusmanager.exe.config
2010-02-01 12:27 200,530 adplus_old.vbs
2010-02-01 12:27 36,736 agestore.exe
2010-02-01 12:27 17,168 breakin.exe
2010-02-01 12:27 364,816 cdb.exe
2012-02-02 14:24 <DIR> clr10
2010-02-01 12:27 32,128 convertstore.exe
2010-02-01 12:27 112,512 dbengprx.exe
2010-02-01 12:27 3,557,648 dbgeng.dll
2010-02-01 12:27 1,213,200 dbghelp.dll
2010-02-01 12:27 39,184 dbgrpc.exe
2010-02-01 12:27 32,528 dbgsrv.exe
2010-02-01 12:27 151,824 dbh.exe
2010-01-08 11:07 326,336 debugger.chi
2010-01-08 11:07 5,117,792 debugger.chm
2010-02-01 12:27 419,088 decem.dll
2009-08-24 14:38 56,832 dml.doc
2010-02-01 12:27 20,864 dumpchk.exe
2010-02-01 12:27 19,840 dumpexam.exe
2010-02-01 12:27 145,168 gflags.exe
2010-02-01 12:27 362,768 i386kd.exe
2010-02-01 12:27 362,768 ia64kd.exe
2010-02-01 12:27 376,080 kd.exe
2010-02-01 12:27 34,576 kdbgctrl.exe
2010-02-01 12:27 170,256 kdsrv.exe
2009-08-24 14:38 1,196,032 kernel_debugging_tutorial.doc
2010-02-01 12:27 34,064 kill.exe
2009-09-18 11:35 10,237 license.txt
2010-02-01 12:27 80,768 list.exe
2010-02-01 12:27 28,944 logger.exe
2010-02-01 12:27 211,328 logviewer.exe
2010-02-01 12:27 365,328 ntsd.exe
2010-02-01 12:27 23,312 pdbcopy.exe
2010-02-01 12:08 2,819 redist.txt
2010-01-28 21:21 12,615 relnotes.txt
2010-02-01 12:27 69,504 remote.exe
2010-02-01 12:27 25,360 rtlist.exe
2012-02-02 14:24 <DIR> sdk
2012-02-02 14:24 <DIR> srcsrv
2010-02-01 12:27 92,944 srcsrv.dll
2010-02-01 12:27 30,992 symbolcheck.dll
2010-02-01 12:27 80,144 symchk.exe
2012-02-02 14:24 <DIR> symproxy
2010-02-01 12:27 131,856 symsrv.dll
2009-08-24 14:38 1 symsrv.yes
2010-02-01 12:27 145,168 symstore.exe
2012-02-02 14:24 <DIR> themes
2010-02-01 12:27 47,376 tlist.exe
2012-02-02 14:24 <DIR> triage
2010-02-01 12:27 143,232 umdh.exe
2012-02-02 14:24 <DIR> usb
2010-02-01 12:27 139,136 usbview.exe
2010-02-01 12:27 74,512 vmdemux.exe
2012-02-02 14:24 <DIR> w2kchk
2012-02-02 14:24 <DIR> w2kfre
2010-02-01 12:27 532,752 windbg.exe
2012-02-02 14:24 <DIR> winext
2012-02-02 14:24 <DIR> winxp
51 个文件 16,929,054 字节
14 个目录 153,558,147,072 可用字节
C:\Program Files\Debugging Tools for Windows (x86)>tlist.exe /t
System Process (0)
System (4)
smss.exe (460)
csrss.exe (516)
winlogon.exe (1172)
services.exe (1216)
ati2evxx.exe (1388) ATI video bios poller
svchost.exe (1420)
svchost.exe (1536)
svchost.exe (1656)
svchost.exe (1676)
svchost.exe (1728)
acs.exe (1764)
inetinfo.exe (1856)
sqlservr.exe (1880)
sqlwriter.exe (2032)
alg.exe (700)
msiexec.exe (3664)
lsass.exe (1228)
ati2evxx.exe (1616) ATI video bios poller client
explorer.exe (1000) Program Manager
RTHDCPL.EXE (1192)
Probe2.exe (1372) PC Probe II
aaCenter.exe (2500) aacenter
TWCU.exe (1276) TP-LINK 无线客户端应用程序 - 当前配置文件:默认值 - TP-LINK Wi
reless USB Adapter
ctfmon.exe (1460)
DTLite.exe (1468) DAEMON Tools Agent window
WINWORD.EXE (3952) windows - Microsoft Word
cmd.exe (2600) 命令提示符 - tlist.exe /t
tlist.exe (1100)
windbg.exe (2412) Local kernel - WinDbg:6.12.0002.633 X86
MOM.exe (1436) .NET-BroadcastEventWindow.2.0.0.0.33c0d9d.0
CCC.exe (3748)
conime.exe (2512)
C:\Program Files\Debugging Tools for Windows (x86)>
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Connected to Windows XP 2600 x86 compatible target at (Thu Feb 2 14:26:16.171 2012 (UTC + 8:00)), ptr64 FALSE
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
*******************************************************************************
WARNING: Local kernel debugging requires booting with kernel
debugging support (/debug or bcdedit -debug on) to work optimally.
*******************************************************************************
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.080413-2111
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055e720
Debug session time: Thu Feb 2 14:26:16.343 2012 (UTC + 8:00)
System Uptime: 0 days 0:25:11.890
X64 用户进程空间:8TB,系统空间 6657GB
Itanium 用户进程空间:7TB,系统空间 6144GB
C:\Program Files\Support Tools>qslice
启动线程查看器,该软件位于Windows2000资源工具包中,XP下需要单独下载安装
C:\Program Files\Support Tools>
C:\Program Files\Support Tools>mstsc.exe
启动远程连接
Windows 2000 professional 不支持终端会话
Windows XP professional 支持
最低0.47元/天 解锁文章
扫一扫
299
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
