好友
阅读权限10
听众
最后登录1970-1-1
|
请教一个问题,WinDBG在内核调试状态下,!lmi nt得到的模块是ntkrnlpa,为什么nt和ntkrnlpa不是一个名字,这是怎么回事,又是怎么做到的?望不吝赐教!
kd> !lmi nt
Loaded Module Info: [nt]
Module: ntkrnlpa
Base Address: 804d8000
Image Name: ntkrnlpa.exe
Machine Type: 332 (I386)
Time Stamp: 4802516a Mon Apr 14 02:31:06 2008
Size: 1f8480
CheckSum: 2050d3
Characteristics: 12e
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 25, 9578, 9578 RSDS - GUID: {30B5FB31-AE7E-4ACA-ABA7-50AA241FF331}
Age: 1, Pdb: ntkrnlpa.pdb
Image Type: MEMORY - Image read successfully from loaded memory.
Symbol Type: PDB - Symbols loaded successfully from symbol server.
e:\symbol\ntkrnlpa.pdb\30B5FB31AE7E4ACAABA750AA241FF3311\ntkrnlpa.pdb
Load Report: public symbols , not source indexed
e:\symbol\ntkrnlpa.pdb\30B5FB31AE7E4ACAABA750AA241FF3311\ntkrnlpa.pdb
|
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|
|
|
发表于 2014-11-6 15:05
