Home > Others

Windbg-.process switching process (kernel)

Source: Internet
Author: User
Tags visibility
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

. Process


. Process command to specify the process to use as the process context ( Set Process Context )
. Process shows the eprocess of the current session, which shows that the current process is Test.exe

[CPP]View PlainCopyPrint?
    1. kd> .process  
    2. implicit process is now 821f5da0  
    3. kd> ? @ $proc   
    4. evaluate expression: -2111873632 = 821f5da0  
    5. kd> !process 821f5da0 0  
    6. process 821f5da0  sessionid: 0  cid: 06e8     peb: 7ffde000  parentcid: 0620  
    7.      DirBase: 02b40380  ObjectTable: e1112818  HandleCount:   20.  
    8.     image: test.exe   
Kd>. Processimplicit process is now 821f5da0kd>? @ $procEvaluate expression: -2111873632 = 821f5da0kd>!process 821f5da0 0PROCESS 821f5da0  sessionid:0  Cid: 06e8    peb:7ffde000  parentcid:0620    dirbase:02b40380  objecttable:e1112818  handlecount:  Image:test.exe.


The process context can be toggled through/r/p, which means that commands are used in the new process context, such as memory, but this does not change the target system, but only affects the output of WinDbg.

[CPP]View PlainCopyPrint?
  2. kd>. PROCESS/R/P 81e74b58
  4. Implicit process is now 81e74b58
  6. . Cache Forcedecodeuser Done
  8. Loading User Symbols
  10. PEB is paged out (Peb.ldr = 7ffdc00c). Type ". HH dbgerr001" for details
  12. Kd> DB 1000000
  14. 01000000 4d 5a (00-04)--------------FF FF
  16. 01000010 b8 xx xx xx xx 00-40 xx xx xx xx [email protected]
  18. 01000020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 .......
  20. 01000030 xx xx xx 00-00 xx e0 00 00 00 .............
  22. 01000040 0e 1f Ba 0e b4 cd-21 b8, 4c cd .....!.. l.! Th
  24. 01000050 6f 72-61 6d, 6e 6e 6f is program Canno
  26. 01000060 (6e-20) 6e 4f, t be run in DOS
  28. 01000070 6d 6f 2e 0d 0d 0a-24 xx xx xx xx xx mode....$ ....
  30. kd>. PROCESS/R/P 821F5DA0
  32. Implicit process is now 821f5da0
  34. . Cache Forcedecodeuser Done
  36. Loading User Symbols
  38. .........
  40. Kd> DB 1000000
  42. 01000000?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ????????????????
  44. 01000010?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ????????????????
  46. 01000020?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ????????????????
  48. 01000030?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ????????????????
  50. 01000040?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ????????????????
  52. 01000050?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ????????????????
  54. 01000060?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ????????????????
  56. 01000070  ??  ??  ??  ??  ??  ??  ??  ?? -??  ??  ??  ??  ??  ??  ??  ??   ????????????????    
kd>. PROCESS/R/P 81e74b58 Implicit process is now 81e74b58.cache forcedecodeuser doneloading User SYMBOLSPEB is page  D out (Peb.ldr = 7ffdc00c). Type ". HH dbgerr001" for detailskd> DB 100000001000000 4d 5a All-in-A-Z, 00-04-XX, ff FF, ... .. 01000010 B8 xx xx xx 00-40 xx xx xx xx (email protected]01000020 00 00 00 00 00 00 00 00-00 00 0 0 00 00 00 00 00 ......... 01000030 xx xx xx 00-00 xx e0 00 00 00 ............. 01000040 0e 1f Ba 0e b4 cd-21 b8, 4c cd .....!.. l.!  Th01000050, 6f, 72-61 6d, 6e, 6e 6f is program canno01000060, 6e-20, 6e 20 4f T is run in DOS 01000070 6d 6f All-in 2e 0d 0d 0a-24 xx xx xx xx mode....$.......kd>. Process/ r/p 821f5da0 Implicit process is now 821f5da0.cache forcedecodeuser doneloading User symbols.........kd> db 100000001 000000?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ?? ??  ???????????????? 01000010?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ???????????????? 01000020?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ???????????????? 01000030?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ???????????????? 01000040?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ???????????????? 01000050?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ???????????????? 01000060?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ???????????????? 01000070?? ?? ?? ?? ?? ?? ?? ?? -?? ?? ?? ?? ?? ?? ??  ?? ????????????????

You can use/I to switch, it will be the actual process switching, so after the execution of the G, If you use/I, you must use the g (Go) command to execute the target. After a few seconds, the target is interrupted again into the debugger, and the specified process is activated and used as the current session context.


JPG change rar

Windbg-.process switching process (kernel)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
cgi process backend process get process nice process net process process argv process defunct

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More