zoukankan      html  css  js  c++  java

  • windbg学习---!process

    !process 0 0 显示进程列表:

    kd> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
PROCESS 825b7830  SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
    DirBase: 02b40020  ObjectTable: e1003e00  HandleCount: 254.
    Image: System

PROCESS 8241d490  SessionId: none  Cid: 0178    Peb: 7ffdf000  ParentCid: 0004
    DirBase: 02b40040  ObjectTable: e148a4a0  HandleCount:  19.
    Image: smss.exe

PROCESS 824d6268  SessionId: 0  Cid: 0264    Peb: 7ffd4000  ParentCid: 0178
    DirBase: 02b40060  ObjectTable: e148fa18  HandleCount: 383.
    Image: csrss.exe
....
    !process XXX显示指定进程的所有信息, !process XXX 0显示指定进程的基本信息

    XXX可以为EPROCESS或进程ID

    kd> !process @$proc 0
PROCESS 825b7830  SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
    DirBase: 02b40020  ObjectTable: e1003e00  HandleCount: 254.
    Image: System

kd> !process 4 0
Searching for Process with Cid == 4
Cid Handle table at e1005000 with 366 Entries in use
PROCESS 825b7830  SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
    DirBase: 02b40020  ObjectTable: e1003e00  HandleCount: 254.
    Image: System
    !process 0 0 XXX.exe查找进程

    kd> !process 0 0  smss.exe
PROCESS 8241d490  SessionId: none  Cid: 0178    Peb: 7ffdf000  ParentCid: 0004
    DirBase: 02b40040  ObjectTable: e148a4a0  HandleCount:  19.
    Image: smss.exe

kd> !process 0 0 system
PROCESS 825b7830  SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
    DirBase: 02b40020  ObjectTable: e1003e00  HandleCount: 254.
    Image: System

    注意只有sytem,没有sytem.exe!!!

    kd> !process 0 0 system.exe

    上述命令是找不到的
  • 相关阅读:
    博客搬迁
    Android 集成FaceBook实现第三方登陆
    android-Xfermode模式详解
    android FileNotFoundException
    EditText 隐藏或者显示输入内容
    Fragment+ViewPager静止滑动,去掉默认的滑动效果
    Xcode 常用插件(持久更新)
    XMPP- JID 与 XMPP的命名空间
    android openfire 和 xmpp
    IOS-数据持久化的几种方式
  • 原文地址:https://www.cnblogs.com/hgy413/p/3693350.html
Copyright © 2011-2022 走看看