在 WinDBG 中仅重新加载一个符号
Reload only one symbol in WinDBG
我在 WinDBG 中使用以下命令重新加载所有符号
!sym noisy
.sympath srv*https://msdl.microsoft.com/download/symbols
.reload /f
!sym quiet
如何重新加载只有一个 DLL 的符号?例如 ntdll
正如我评论的那样,使用模块名称以及可选的基数和大小见下文
在系统断点处启动时默认仅加载 ntdll
0:000> lm
start end module name
00007ff6`ae300000 00007ff6`ae32e000 cdb (deferred)
00007fff`142f0000 00007fff`14a22000 dbgeng (deferred)
00007fff`210c0000 00007fff`212b3000 dbghelp (deferred)
00007fff`36050000 00007fff`360f9000 dbgmodel (deferred)
00007fff`45040000 00007fff`45075000 XmlLite (deferred)
00007fff`533d0000 00007fff`5346e000 msvcp_win (deferred)
00007fff`53470000 00007fff`53496000 bcrypt (deferred)
00007fff`53600000 00007fff`536fa000 ucrtbase (deferred)
00007fff`53700000 00007fff`539a5000 KERNELBASE (deferred)
00007fff`54360000 00007fff`543e1000 bcryptPrimitives (deferred)
00007fff`54450000 00007fff`544ee000 msvcrt (deferred)
00007fff`54570000 00007fff`548a6000 combase (deferred)
00007fff`54d80000 00007fff`54e9f000 RPCRT4 (deferred)
00007fff`55e70000 00007fff`55f22000 KERNEL32 (deferred)
00007fff`56170000 00007fff`56235000 OLEAUT32 (deferred)
00007fff`56340000 00007fff`56530000 ntdll (pdb symbols) f:\symbols\ntdll.pdb341C1B9147DD100EC194BFDD47B97A1\ntdll.pdb
加载单个模块的符号即dbgmodel.dll
0:000> .reload /f dbgmodel.dll
0:000> lm
start end module name
00007ff6`ae300000 00007ff6`ae32e000 cdb (deferred)
00007fff`142f0000 00007fff`14a22000 dbgeng (deferred)
00007fff`210c0000 00007fff`212b3000 dbghelp (deferred)
00007fff`36050000 00007fff`360f9000 dbgmodel (pdb symbols) f:\symbols\dbgmodel.pdbA0AE73EBC9949A30EF879B505AF2C761\dbgmodel.pdb
00007fff`45040000 00007fff`45075000 XmlLite (deferred)
00007fff`533d0000 00007fff`5346e000 msvcp_win (deferred)
00007fff`53470000 00007fff`53496000 bcrypt (deferred)
00007fff`53600000 00007fff`536fa000 ucrtbase (deferred)
00007fff`53700000 00007fff`539a5000 KERNELBASE (deferred)
00007fff`54360000 00007fff`543e1000 bcryptPrimitives (deferred)
00007fff`54450000 00007fff`544ee000 msvcrt (deferred)
00007fff`54570000 00007fff`548a6000 combase (deferred)
00007fff`54d80000 00007fff`54e9f000 RPCRT4 (deferred)
00007fff`55e70000 00007fff`55f22000 KERNEL32 (deferred)
00007fff`56170000 00007fff`56235000 OLEAUT32 (deferred)
00007fff`56340000 00007fff`56530000 ntdll (pdb symbols) f:\symbols\ntdll.pdb341C1B9147DD100EC194BFDD47B97A1\ntdll.pdb
0:000>
我在 WinDBG 中使用以下命令重新加载所有符号
!sym noisy
.sympath srv*https://msdl.microsoft.com/download/symbols
.reload /f
!sym quiet
如何重新加载只有一个 DLL 的符号?例如 ntdll
正如我评论的那样,使用模块名称以及可选的基数和大小见下文
在系统断点处启动时默认仅加载 ntdll
0:000> lm
start end module name
00007ff6`ae300000 00007ff6`ae32e000 cdb (deferred)
00007fff`142f0000 00007fff`14a22000 dbgeng (deferred)
00007fff`210c0000 00007fff`212b3000 dbghelp (deferred)
00007fff`36050000 00007fff`360f9000 dbgmodel (deferred)
00007fff`45040000 00007fff`45075000 XmlLite (deferred)
00007fff`533d0000 00007fff`5346e000 msvcp_win (deferred)
00007fff`53470000 00007fff`53496000 bcrypt (deferred)
00007fff`53600000 00007fff`536fa000 ucrtbase (deferred)
00007fff`53700000 00007fff`539a5000 KERNELBASE (deferred)
00007fff`54360000 00007fff`543e1000 bcryptPrimitives (deferred)
00007fff`54450000 00007fff`544ee000 msvcrt (deferred)
00007fff`54570000 00007fff`548a6000 combase (deferred)
00007fff`54d80000 00007fff`54e9f000 RPCRT4 (deferred)
00007fff`55e70000 00007fff`55f22000 KERNEL32 (deferred)
00007fff`56170000 00007fff`56235000 OLEAUT32 (deferred)
00007fff`56340000 00007fff`56530000 ntdll (pdb symbols) f:\symbols\ntdll.pdb341C1B9147DD100EC194BFDD47B97A1\ntdll.pdb
加载单个模块的符号即dbgmodel.dll
0:000> .reload /f dbgmodel.dll
0:000> lm
start end module name
00007ff6`ae300000 00007ff6`ae32e000 cdb (deferred)
00007fff`142f0000 00007fff`14a22000 dbgeng (deferred)
00007fff`210c0000 00007fff`212b3000 dbghelp (deferred)
00007fff`36050000 00007fff`360f9000 dbgmodel (pdb symbols) f:\symbols\dbgmodel.pdbA0AE73EBC9949A30EF879B505AF2C761\dbgmodel.pdb
00007fff`45040000 00007fff`45075000 XmlLite (deferred)
00007fff`533d0000 00007fff`5346e000 msvcp_win (deferred)
00007fff`53470000 00007fff`53496000 bcrypt (deferred)
00007fff`53600000 00007fff`536fa000 ucrtbase (deferred)
00007fff`53700000 00007fff`539a5000 KERNELBASE (deferred)
00007fff`54360000 00007fff`543e1000 bcryptPrimitives (deferred)
00007fff`54450000 00007fff`544ee000 msvcrt (deferred)
00007fff`54570000 00007fff`548a6000 combase (deferred)
00007fff`54d80000 00007fff`54e9f000 RPCRT4 (deferred)
00007fff`55e70000 00007fff`55f22000 KERNEL32 (deferred)
00007fff`56170000 00007fff`56235000 OLEAUT32 (deferred)
00007fff`56340000 00007fff`56530000 ntdll (pdb symbols) f:\symbols\ntdll.pdb341C1B9147DD100EC194BFDD47B97A1\ntdll.pdb
0:000>