Question

我开始使用"Getting Started with WinDbg (User-Mode)"教程来探索windbg。

我到目前为止输入了以下命令：

0:000> .sympath srv*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*https://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*https://msdl.microsoft.com/download/symbols

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*https://msdl.microsoft.com/download/symbols
0:000> .reload
Reloading current modules
....................................
0:000> !sym noisy
noisy mode - symbol prompts on

0:000> .reload
Reloading current modules
....................................
SYMSRV:  BYINDEX: 0x8
         https://msdl.microsoft.com/download/symbols
         ntdll.pdb
         13B64B553003FA22AB7CCD36A3A5431F1
SYMSRV:  PATH: C:\ProgramData\dbg\sym\ntdll.pdb\13B64B553003FA22AB7CCD36A3A5431F1\ntdll.pdb
SYMSRV:  RESULT: 0x00000000

DBGHELP: ntdll - public symbols  
        C:\ProgramData\dbg\sym\ntdll.pdb\13B64B553003FA22AB7CCD36A3A5431F1\ntdll.pdb

0:000> x notepad!\*
SYMSRV:  BYINDEX: 0x9
         https://msdl.microsoft.com/download/symbols
         notepad.pdb
         414876112BFF3872B4ED8ADBFE5D6BF21
SYMSRV:  PATH: C:\ProgramData\dbg\sym\notepad.pdb\414876112BFF3872B4ED8ADBFE5D6BF21\notepad.pdb
SYMSRV:  RESULT: 0x00000000

DBGHELP: notepad - public symbols  
        C:\ProgramData\dbg\sym\notepad.pdb\414876112BFF3872B4ED8ADBFE5D6BF21\notepad.pdb

根据教程，我现在应该看到类似的东西：

000000d0`428ff7e8 00007ff6`3282122f notepad!WinMain

我的问题在哪里？

编辑：

我试过

x notepad!

并收到：

00007ff7`0c046be8 notepad!StringLengthWorkerW (void)
00007ff7`0c0493f4 notepad!__mainCRTStartup (void)
00007ff7`0c048980 notepad!`WaitForCompletion<Windows::Foundation::IAsyncOperationCompletedHandler<Windows::Storage::StorageFile * __ptr64>,Windows::Foundation::IAsyncOperation<Windows::Storage::StorageFile * __ptr64> >'::`2'::FTMEventDelegate::Invoke (void)
00007ff7`0c049eee notepad!_onexit$fin$0 (void)
00007ff7`0c037114 notepad!lstrncmpi (void)
00007ff7`0c031160 notepad!wil::details::`dynamic initializer for 'g_threadFailureCallbacks'' (void)
00007ff7`0c049ed0 notepad!__mainCRTStartup$filt$0 (void)
00007ff7`0c049390 notepad!pre_cpp_init (void)
00007ff7`0c048540 notepad!Microsoft::WRL::Details::DelegateArgTraits<long (__cdecl Windows::Foundation::IEventHandler_impl<Windows::Foundation::Internal::AggregateType<Windows::Security::EnterpriseData::ProtectedContentRevokedEventArgs * __ptr64,Windows::Security::EnterpriseData::IProtectedContentRevokedEventArgs * __ptr64> >::*)(IInspectable * __ptr64,Windows::Security::EnterpriseData::IProtectedContentRevokedEventArgs * __ptr64) __ptr64>::DelegateInvokeHelper<Windows::Foundation::IEventHandler<Windows::Security::EnterpriseData::ProtectedContentRevokedEventArgs * __ptr64>,<lambda_a14bb941c0fe59b218955a198ac884ae>,-1,IInspectable * __ptr64,Windows::Security::EnterpriseData::IProtectedContentRevokedEventArgs * __ptr64>::Invoke (void)
00007ff7`0c048980 notepad!`WaitForCompletion<Windows::Foundation::IAsyncOperationCompletedHandler<Windows::Security::EnterpriseData::FileProtectionInfo * __ptr64>,Windows::Foundation::IAsyncOperation<Windows::Security::EnterpriseData::FileProtectionInfo * __ptr64> >'::`2'::FTMEventDelegate::Invoke (void)
00007ff7`0c049f10 notepad!_IsNonwritableInCurrentImage$filt$0 (void)
00007ff7`0c031190 notepad!wil::details::`dynamic initializer for 'g_header_init_InitializeResultHeader'' (void)
00007ff7`0c044030 notepad!_TlgDefineProvider_annotation__Tlgg_NotepadTraceProviderProv (void)
00007ff7`0c048208 notepad!Microsoft::WRL::Callback<Windows::Foundation::IEventHandler<Windows::Security::EnterpriseData::ProtectedContentRevokedEventArgs * __ptr64>,<lambda_a14bb941c0fe59b218955a198ac884ae> > (void)
00007ff7`0c048470 notepad!Microsoft::WRL::Details::DelegateArgTraits<long (__cdecl Windows::Foundation::IEventHandler_impl<IInspectable * __ptr64>::*)(IInspectable * __ptr64,IInspectable * __ptr64) __ptr64>::DelegateInvokeHelper<Windows::Foundation::IEventHandler<IInspectable * __ptr64>,<lambda_991a591d0d3cbc330e1b7e385cc8b6da>,-1,IInspectable * __ptr64,IInspectable * __ptr64>::Invoke (void)
00007ff7`0c031150 notepad!wil::details::`dynamic initializer for 'g_processLocalData'' (void)
00007ff7`0c031120 notepad!wil::details::`dynamic initializer for 'g_header_init_WilInitialize_ResultMacros_DesktopOrSystem'' (void)
00007ff7`0c049f70 notepad!wil::details::`dynamic atexit destructor for 'g_threadFailureCallbacks'' (void)
00007ff7`0c0492c0 notepad!pre_c_init (void)
00007ff7`0c049f30 notepad!`operator new'::`1'::catch$0 (void)
00007ff7`0c04205c notepad!NPRegister (void)
00007ff7`0c049f50 notepad!wil::details::`dynamic atexit destructor for 'g_processLocalData'' (void)

那么，那是问题吗？......

BR，Tal

Answer 1

该博客帖子插入反斜杠，不应有反斜杠。可能是CMS问题。

x notepad!\*应为x notepad!*。如果您正在寻找方法的已知部分，您还可以使用x notepad!*Main*：

0:002> x notepad!*Main*
00000000`ff33c5c0 notepad!_imp___getmainargs = <no type information>
00000000`ff333a14 notepad!WinMain (<no parameter info>)
00000000`ff333acc notepad!WinMainCRTStartup (<no parameter info>)

windbg无法看到公共符号

1 个答案: