windbg 8.1调试手记
1, 连接启动
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Opened \\.\pipe\com_1
Waiting to reconnect...
Connected to Windows 7 9600 x86 compatible target at (Tue Oct 13 17:23:20.863 2020 (UTC + 8:00)), ptr64 FALSE
Kernel Debugger connection established. (Initial Breakpoint requested)
Symbol search path is: srv*C:\mss*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 9600 MP (1 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.18438.x86fre.winblue_ltsb.160812-0914
Machine Name:
Kernel base = 0x81405000 PsLoadedModuleList = 0x815ff618
Debug session time: Tue Oct 13 17:23:17.487 2020 (UTC + 8:00)
System Uptime: 0 days 0:00:02.705
Break instruction exception - code 80000003 (first chance)
*******************************************************************************
* *
* You are seeing this message because you pressed either *
* CTRL+C (if you run kd.exe) or, *
* CTRL+BREAK (if you run WinDBG), *
* on your debugger machine's keyboard. *
* *
* THIS IS NOT A BUG OR A SYSTEM CRASH *
* *
* If you did not intend to break into the debugger, press the "g" key, then *
* press the "Enter" key now. This message might immediately reappear. If it *
* does, press "g" and "Enter" again. *
* *
*******************************************************************************
nt!RtlpBreakWithStatusInstruction:
81500ce4 cc int 3
注:win 7 9600指的就是win8.1
2, 导入KmdfHelloWorld模块
.sympath+ D:\liujian\KmdfHelloWorld\Win8.1Release
.reload /f # 没有显示读入用户符号文件
lm m Kmdf* v # 没有找到KmdfHelloWorld模块
!lmi KmdfHelloWorld # 同理,也不能显示KmdfHelloWorld模块的具体信息
!devnode 0 1 # 显示KmdfHelloWorld的状态
DevNode 0x802c5e30 for PDO 0x802bdd38
InstancePath is "ROOT\mssmbios\0000"
ServiceName is "mssmbios"
State = DeviceNodeDriversAdded (0x303)
Previous State = DeviceNodeInitialized (0x302)
!sym noisy # 开关告诉加载失败的过程和细节
.reload /i /f KmdfHelloWorld.sys
也即,因为不匹配,没有加载pdb
