《深入理解Windows操作系统》笔记1
C:\Program?Files>cd?"Debugging?Tools?for?Windows?(x86)"
C:\Program?Files\Debugging?Tools?for?Windows?(x86)>dir
?驅動器?C?中的卷沒有標簽。
?卷的序列號是?18F6-A188
?C:\Program?Files\Debugging?Tools?for?Windows?(x86)?的目錄
2012-02-02??14:24????<DIR>??????????.
2012-02-02??14:24????<DIR>??????????..
2012-02-02??14:24????<DIR>??????????1394
2009-08-24??14:38????????????71,168?adplus.doc
2010-02-01??12:27????????????97,040?adplus.exe
2010-02-01??12:27????????????29,056?adplusext.dll
2010-02-01??12:27????????????80,656?adplusmanager.exe
2009-08-24??14:38?????????????2,068?adplusmanager.exe.config
2010-02-01??12:27???????????200,530?adplus_old.vbs
2010-02-01??12:27????????????36,736?agestore.exe
2010-02-01??12:27????????????17,168?breakin.exe
2010-02-01??12:27???????????364,816?cdb.exe
2012-02-02??14:24????<DIR>??????????clr10
2010-02-01??12:27????????????32,128?convertstore.exe
2010-02-01??12:27???????????112,512?dbengprx.exe
2010-02-01??12:27?????????3,557,648?dbgeng.dll
2010-02-01??12:27?????????1,213,200?dbghelp.dll
2010-02-01??12:27????????????39,184?dbgrpc.exe
2010-02-01??12:27????????????32,528?dbgsrv.exe
2010-02-01??12:27???????????151,824?dbh.exe
2010-01-08??11:07???????????326,336?debugger.chi
2010-01-08??11:07?????????5,117,792?debugger.chm
2010-02-01??12:27???????????419,088?decem.dll
2009-08-24??14:38????????????56,832?dml.doc
2010-02-01??12:27????????????20,864?dumpchk.exe
2010-02-01??12:27????????????19,840?dumpexam.exe
2010-02-01??12:27???????????145,168?gflags.exe
2010-02-01??12:27???????????362,768?i386kd.exe
2010-02-01??12:27???????????362,768?ia64kd.exe
2010-02-01??12:27???????????376,080?kd.exe
2010-02-01??12:27????????????34,576?kdbgctrl.exe
2010-02-01??12:27???????????170,256?kdsrv.exe
2009-08-24??14:38?????????1,196,032?kernel_debugging_tutorial.doc
2010-02-01??12:27????????????34,064?kill.exe
2009-09-18??11:35????????????10,237?license.txt
2010-02-01??12:27????????????80,768?list.exe
2010-02-01??12:27????????????28,944?logger.exe
2010-02-01??12:27???????????211,328?logviewer.exe
2010-02-01??12:27???????????365,328?ntsd.exe
2010-02-01??12:27????????????23,312?pdbcopy.exe
2010-02-01??12:08?????????????2,819?redist.txt
2010-01-28??21:21????????????12,615?relnotes.txt
2010-02-01??12:27????????????69,504?remote.exe
2010-02-01??12:27????????????25,360?rtlist.exe
2012-02-02??14:24????<DIR>??????????sdk
2012-02-02??14:24????<DIR>??????????srcsrv
2010-02-01??12:27????????????92,944?srcsrv.dll
2010-02-01??12:27????????????30,992?symbolcheck.dll
2010-02-01??12:27????????????80,144?symchk.exe
2012-02-02??14:24????<DIR>??????????symproxy
2010-02-01??12:27???????????131,856?symsrv.dll
2009-08-24??14:38?????????????????1?symsrv.yes
2010-02-01??12:27???????????145,168?symstore.exe
2012-02-02??14:24????<DIR>??????????themes
2010-02-01??12:27????????????47,376?tlist.exe
2012-02-02??14:24????<DIR>??????????triage
2010-02-01??12:27???????????143,232?umdh.exe
2012-02-02??14:24????<DIR>??????????usb
2010-02-01??12:27???????????139,136?usbview.exe
2010-02-01??12:27????????????74,512?vmdemux.exe
2012-02-02??14:24????<DIR>??????????w2kchk
2012-02-02??14:24????<DIR>??????????w2kfre
2010-02-01??12:27???????????532,752?windbg.exe
2012-02-02??14:24????<DIR>??????????winext
2012-02-02??14:24????<DIR>??????????winxp
??????????????51?個文件?????16,929,054?字節
??????????????14?個目錄?153,558,147,072?可用字節
C:\Program?Files\Debugging?Tools?for?Windows?(x86)>tlist.exe?/t
System?Process?(0)
System?(4)
??smss.exe?(460)
????csrss.exe?(516)
????winlogon.exe?(1172)
??????services.exe?(1216)
????????ati2evxx.exe?(1388)?ATI?video?bios?poller
????????svchost.exe?(1420)
????????svchost.exe?(1536)
????????svchost.exe?(1656)
????????svchost.exe?(1676)
????????svchost.exe?(1728)
????????acs.exe?(1764)
????????inetinfo.exe?(1856)
????????sqlservr.exe?(1880)
????????sqlwriter.exe?(2032)
????????alg.exe?(700)
????????msiexec.exe?(3664)
??????lsass.exe?(1228)
??????ati2evxx.exe?(1616)?ATI?video?bios?poller?client
explorer.exe?(1000)?Program?Manager
??RTHDCPL.EXE?(1192)
??Probe2.exe?(1372)?PC?Probe?II
????aaCenter.exe?(2500)?aacenter
??TWCU.exe?(1276)?TP-LINK?無線客戶端應用程序?-?當前配置文件:默認值?-?TP-LINK?Wi
reless?USB?Adapter
??ctfmon.exe?(1460)
??DTLite.exe?(1468)?DAEMON?Tools?Agent?window
??WINWORD.EXE?(3952)?windows?-?Microsoft?Word
??cmd.exe?(2600)?命令提示符?-?tlist.exe?/t
????tlist.exe?(1100)
??windbg.exe?(2412)?Local?kernel?-?WinDbg:6.12.0002.633?X86
MOM.exe?(1436)?.NET-BroadcastEventWindow.2.0.0.0.33c0d9d.0
??CCC.exe?(3748)
conime.exe?(2512)
C:\Program?Files\Debugging?Tools?for?Windows?(x86)>
Microsoft?(R)?Windows?Debugger?Version?6.12.0002.633?X86
Copyright?(c)?Microsoft?Corporation.?All?rights?reserved.
Connected?to?Windows?XP?2600?x86?compatible?target?at?(Thu?Feb??2?14:26:16.171?2012?(UTC?+?8:00)),?ptr64?FALSE
Symbol?search?path?is:?***?Invalid?***
****************************************************************************
*?Symbol?loading?may?be?unreliable?without?a?symbol?search?path.???????????*
*?Use?.symfix?to?have?the?debugger?choose?a?symbol?path.???????????????????*
*?After?setting?your?symbol?path,?use?.reload?to?refresh?symbol?locations.?*
****************************************************************************
Executable?search?path?is:?
*********************************************************************
*?Symbols?can?not?be?loaded?because?symbol?path?is?not?initialized.?*
*???????????????????????????????????????????????????????????????????*
*?The?Symbol?Path?can?be?set?by:????????????????????????????????????*
*???using?the?_NT_SYMBOL_PATH?environment?variable.?????????????????*
*???using?the?-y?<symbol_path>?argument?when?starting?the?debugger.?*
*???using?.sympath?and?.sympath+????????????????????????????????????*
*********************************************************************
***?ERROR:?Symbol?file?could?not?be?found.??Defaulted?to?export?symbols?for?ntkrpamp.exe?-?
*******************************************************************************
WARNING:?Local?kernel?debugging?requires?booting?with?kernel
debugging?support?(/debug?or?bcdedit?-debug?on)?to?work?optimally.
*******************************************************************************
Windows?XP?Kernel?Version?2600?(Service?Pack?3)?MP?(2?procs)?Free?x86?compatible
Product:?WinNt,?suite:?TerminalServer?SingleUserTS
Built?by:?2600.xpsp.080413-2111
Machine?Name:
Kernel?base?=?0x804d8000?PsLoadedModuleList?=?0x8055e720
Debug?session?time:?Thu?Feb??2?14:26:16.343?2012?(UTC?+?8:00)
System?Uptime:?0?days?0:25:11.890
X64?用戶進程空間:8TB,系統空間?6657GB
Itanium?用戶進程空間:7TB,系統空間?6144GB
C:\Program?Files\Support?Tools>qslice
啟動線程查看器,該軟件位于Windows2000資源工具包中,XP下需要單獨下載安裝
C:\Program?Files\Support?Tools>
C:\Program?Files\Support?Tools>mstsc.exe
啟動遠程連接
Windows?2000?professional?不支持終端會話
Windows?XP?professional?支持1個終端會話
Windows?2000?Server?和?Windows?Server?2003?支持2個并發的遠程連接,以上版本如企業版支持多個連接,并且可以配置為終端服務器
在Windows?XP中使用鍵盤?Win+L?組合鍵可以快速切換用戶,原來的進程等信息均保存在系統中
Windows?XP/2003?使用16位寬度的unicode編碼,而不是8位asci碼,在此之前的windows版本,其亞洲和中東語言版本是美國歐洲核心版本的一個擴展,因此其windows?API是一個超集,和原有的版本不同,因此需要在app層面單獨構建語言包。而從windows?2000開始使用全球統一的語言包了。API也調用一樣了
內核調試所需的符號文件必須做到完全匹配。
C:\>livekd
LiveKd?v5.0?-?Execute?kd/windbg?on?a?live?system
Sysinternals?-?www.sysinternals.com
Copyright?(C)?2000-2010?Mark?Russinovich?and?Ken?Johnson
Symbols?are?not?configured.?Would?you?like?LiveKd?to?set?the?_NT_SYMBOL_PATH
directory?to?reference?the?Microsoft?symbol?server?so?that?symbols?can?be
obtained?automatically??(y/n)?y
Enter?the?folder?to?which?symbols?download?(default?is?c:\symbols):
Symbol?search?path?is:?srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
http://msdl.microsoft.com/download/symbols?不支持web訪問,僅支持終端內核調試訪問
windows支持2種多處理器系統:超線程和NUMA非一致性的內存結構。HT超線程是intel的技術,一個物理處理器上提供多個邏輯處理器,每個邏輯處理器有其自己的狀態,執行引擎和芯片上的L1,L2,L3等高速緩存共享。
NUMA是將處理器作為更小的單元節點,使用全部的內存
處理器許可:注冊表:HKLM\SYSEM\CCS\Contorl\session\manager\licensedprocessors
在64bitwindows上,沒有PAE內核。也就是Windows2000的介質下\I386\UNIPROC\WINSRV。DLL文件,表示單處理器版本,在XP和2003中去掉了
檢查正在運行的ntoskrnl版本:
1、?檢查事件查看器中事件ID為6009的日志
2、?在引導的注冊表中檢查HKLM\SYSRTEM\CCS\Control\session?manger\memory?managerment\physical?address?Extrension?如果是1,則從PAE引導,也就是單處理器
3、?C:\WINDOWS\system32>ntoskrnl.exeC:\WINDOWS\system32\ntoskrnl.exe?應用程序無法在?Win32?模式中運行。
版本 | 支持的CPU | 支持的物理內存GB | ? | ? |
windows?2000?professional | 2 | 4 | ? | ? |
windows?2000?server | 4 | 4 | ? | ? |
windows?2000?advanced?server | 8 | 8 | ? | ? |
windows?2000?datacenter | 32 | 64 | ? | ? |
| ? | 32位的支持CPU | 32位的物理內存支持 | 64位的CPU | 64位內存 |
windows?xp?home | 1 | 4 | 無 | 無 |
windows?XP?professional | 2 | 4 | 2 | 128 |
windows?2003?standard | 4 | 4 | 無 | 無 |
windows?2003?enterprise | 8 | 32 | 8 | 64 |
windows?2003?datacenter | 32 | 64 | 64 | 1024 |
奇怪吧,windows?XP?64bit?的內存支持比?windows?2003?企業版64bit?還要高!!!
Microsoft?(R)?Windows?Debugger?Version?6.12.0002.633?X86
Copyright?(c)?Microsoft?Corporation.?All?rights?reserved.
Connected?to?Windows?XP?2600?x86?compatible?target?at?(Fri?Feb??3?12:11:08.218?2012?(UTC?+?8:00)),?ptr64?FALSE
Symbol?search?path?is:?C:\WINDOWS\Symbols;srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
Executable?search?path?is:?
*******************************************************************************
WARNING:?Local?kernel?debugging?requires?booting?with?kernel
debugging?support?(/debug?or?bcdedit?-debug?on)?to?work?optimally.
*******************************************************************************
Windows?XP?Kernel?Version?2600?(Service?Pack?3)?MP?(2?procs)?Free?x86?compatible
Product:?WinNt,?suite:?TerminalServer?SingleUserTS
Built?by:?2600.xpsp.080413-2111
Machine?Name:
Kernel?base?=?0x804d8000?PsLoadedModuleList?=?0x8055e720
Debug?session?time:?Fri?Feb??3?12:11:08.484?2012?(UTC?+?8:00)
System?Uptime:?0?days?0:28:38.160
lkd>?dt?nt!_*
??????????ntkrpamp!_LIST_ENTRY
??????????ntkrpamp!_IMAGE_NT_HEADERS
??????????ntkrpamp!_IMAGE_FILE_HEADER
??????????ntkrpamp!_IMAGE_OPTIONAL_HEADER
??????????ntkrpamp!_LARGE_INTEGER
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_ULARGE_INTEGER
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_LUID
??????????ntkrpamp!_KAPC
??????????ntkrpamp!_KTHREAD
??????????ntkrpamp!_SINGLE_LIST_ENTRY
??????????ntkrpamp!_KSPIN_LOCK_QUEUE_NUMBER
??????????ntkrpamp!_KPRCB
??????????ntkrpamp!_KPROCESSOR_STATE
??????????ntkrpamp!_KSPIN_LOCK_QUEUE
??????????ntkrpamp!_KNODE
??????????ntkrpamp!_PP_LOOKASIDE_LIST
??????????ntkrpamp!_KPRCB
??????????ntkrpamp!_KDPC
??????????ntkrpamp!_FX_SAVE_AREA
??????????ntkrpamp!_PROCESSOR_POWER_STATE
??????????ntkrpamp!_SLIST_HEADER
??????????ntkrpamp!_NPAGED_LOOKASIDE_LIST
??????????ntkrpamp!_GENERAL_LOOKASIDE
??????????ntkrpamp!_PAGED_LOOKASIDE_LIST
??????????ntkrpamp!_FAST_MUTEX
??????????ntkrpamp!_PP_NPAGED_LOOKASIDE_NUMBER
??????????ntkrpamp!_POOL_TYPE
??????????ntkrpamp!_EX_RUNDOWN_REF
??????????ntkrpamp!_EX_FAST_REF
??????????ntkrpamp!_EX_PUSH_LOCK
??????????ntkrpamp!_EX_PUSH_LOCK_WAIT_BLOCK
??????????ntkrpamp!_KEVENT
??????????ntkrpamp!_EX_PUSH_LOCK_CACHE_AWARE
??????????ntkrpamp!_ETHREAD
??????????ntkrpamp!_TERMINATION_PORT
??????????ntkrpamp!_CLIENT_ID
??????????ntkrpamp!_KSEMAPHORE
??????????ntkrpamp!_PS_IMPERSONATION_INFORMATION
??????????ntkrpamp!_DEVICE_OBJECT
??????????ntkrpamp!_EPROCESS
??????????ntkrpamp!_KPROCESS
??????????ntkrpamp!_HANDLE_TABLE
??????????ntkrpamp!_EJOB
??????????ntkrpamp!_EPROCESS_QUOTA_BLOCK
??????????ntkrpamp!_PAGEFAULT_HISTORY
??????????ntkrpamp!_HARDWARE_PTE
??????????ntkrpamp!_PEB
??????????ntkrpamp!_SE_AUDIT_PROCESS_CREATION_INFO
??????????ntkrpamp!_MMSUPPORT
??????????ntkrpamp!_OBJECT_ATTRIBUTES
??????????ntkrpamp!_UNICODE_STRING
??????????ntkrpamp!_OBJECT_TYPE
??????????ntkrpamp!_ERESOURCE
??????????ntkrpamp!_OBJECT_TYPE_INITIALIZER
??????????ntkrpamp!_OBJECT_HANDLE_INFORMATION
??????????ntkrpamp!_DISPATCHER_HEADER
??????????ntkrpamp!_KAPC_STATE
??????????ntkrpamp!_KWAIT_BLOCK
??????????ntkrpamp!_KQUEUE
??????????ntkrpamp!_KTIMER
??????????ntkrpamp!_KTRAP_FRAME
??????????ntkrpamp!_FNSAVE_FORMAT
??????????ntkrpamp!_FXSAVE_FORMAT
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MMPTE
??????????ntkrpamp!_MMPTE_HIGHLOW
??????????ntkrpamp!_MMPTE_HARDWARE
??????????ntkrpamp!_MMPTE_PROTOTYPE
??????????ntkrpamp!_MMPTE_SOFTWARE
??????????ntkrpamp!_MMPTE_TRANSITION
??????????ntkrpamp!_MMPTE_SUBSECTION
??????????ntkrpamp!_MMPTE_LIST
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MEMORY_CACHING_TYPE
??????????ntkrpamp!_MI_PFN_CACHE_ATTRIBUTE
??????????ntkrpamp!_EXCEPTION_RECORD64
??????????ntkrpamp!_EXCEPTION_RECORD32
??????????ntkrpamp!_DBGKM_EXCEPTION64
??????????ntkrpamp!_DBGKM_EXCEPTION32
??????????ntkrpamp!_DBGKD_LOAD_SYMBOLS64
??????????ntkrpamp!_DBGKD_LOAD_SYMBOLS32
??????????ntkrpamp!_DBGKD_READ_MEMORY64
??????????ntkrpamp!_DBGKD_READ_MEMORY32
??????????ntkrpamp!_DBGKD_WRITE_MEMORY64
??????????ntkrpamp!_DBGKD_WRITE_MEMORY32
??????????ntkrpamp!_DBGKD_WRITE_BREAKPOINT64
??????????ntkrpamp!_DBGKD_WRITE_BREAKPOINT32
??????????ntkrpamp!_DBGKD_READ_WRITE_IO64
??????????ntkrpamp!_DBGKD_READ_WRITE_IO32
??????????ntkrpamp!_DBGKD_READ_WRITE_IO_EXTENDED64
??????????ntkrpamp!_DBGKD_READ_WRITE_IO_EXTENDED32
??????????ntkrpamp!_DBGKD_SET_SPECIAL_CALL32
??????????ntkrpamp!_DBGKD_SET_SPECIAL_CALL64
??????????ntkrpamp!_DBGKD_SET_INTERNAL_BREAKPOINT32
??????????ntkrpamp!_DBGKD_SET_INTERNAL_BREAKPOINT64
??????????ntkrpamp!_DBGKD_GET_INTERNAL_BREAKPOINT64
??????????ntkrpamp!_DBGKD_GET_INTERNAL_BREAKPOINT32
??????????ntkrpamp!_DBGKD_MANIPULATE_STATE64
??????????ntkrpamp!_DBGKD_GET_CONTEXT
??????????ntkrpamp!_DBGKD_SET_CONTEXT
??????????ntkrpamp!_DBGKD_RESTORE_BREAKPOINT
??????????ntkrpamp!_DBGKD_CONTINUE
??????????ntkrpamp!_DBGKD_CONTINUE2
??????????ntkrpamp!_DBGKD_QUERY_SPECIAL_CALLS
??????????ntkrpamp!_DBGKD_GET_VERSION64
??????????ntkrpamp!_DBGKD_BREAKPOINTEX
??????????ntkrpamp!_DBGKD_READ_WRITE_MSR
??????????ntkrpamp!_DBGKD_SEARCH_MEMORY
??????????ntkrpamp!_DBGKD_GET_SET_BUS_DATA
??????????ntkrpamp!_DBGKD_FILL_MEMORY
??????????ntkrpamp!_DBGKD_QUERY_MEMORY
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_DBGKD_MANIPULATE_STATE32
??????????ntkrpamp!_DBGKD_GET_VERSION32
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_VACB
??????????ntkrpamp!_SHARED_CACHE_MAP
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_FILE_OBJECT
??????????ntkrpamp!_MBCB
??????????ntkrpamp!_CACHE_MANAGER_CALLBACKS
??????????ntkrpamp!_CACHE_UNINITIALIZE_EVENT
??????????ntkrpamp!_PRIVATE_CACHE_MAP
??????????ntkrpamp!_VACB_LEVEL_REFERENCE
??????????ntkrpamp!_HEAP_ENTRY
??????????ntkrpamp!_HEAP
??????????ntkrpamp!_HEAP_TAG_ENTRY
??????????ntkrpamp!_HEAP_UCR_SEGMENT
??????????ntkrpamp!_HEAP_UNCOMMMTTED_RANGE
??????????ntkrpamp!_HEAP_SEGMENT
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_HEAP_PSEUDO_TAG_ENTRY
??????????ntkrpamp!_HEAP_LOCK
??????????ntkrpamp!_HEAP_SUBSEGMENT
??????????ntkrpamp!_HEAP_USERDATA_HEADER
??????????ntkrpamp!_HEAP_USERDATA_HEADER
??????????ntkrpamp!_INTERLOCK_SEQ
??????????ntkrpamp!_HMAP_TABLE
??????????ntkrpamp!_HMAP_ENTRY
??????????ntkrpamp!_OBJECT_SYMBOLIC_LINK
??????????ntkrpamp!_POOL_BLOCK_HEAD
??????????ntkrpamp!_POOL_HEADER
??????????ntkrpamp!_LDR_DATA_TABLE_ENTRY
??????????ntkrpamp!_VI_DEADLOCK_GLOBALS
??????????ntkrpamp!_VI_DEADLOCK_NODE
??????????ntkrpamp!_PF_SCENARIO_TYPE
??????????ntkrpamp!_THERMAL_INFORMATION
??????????ntkrpamp!_SECTION_OBJECT
??????????ntkrpamp!_SEGMENT_OBJECT
??????????ntkrpamp!_POWER_STATE
??????????ntkrpamp!_SYSTEM_POWER_STATE
??????????ntkrpamp!_DEVICE_POWER_STATE
??????????ntkrpamp!_WMI_LOGGER_CONTEXT
??????????ntkrpamp!_WMI_LOGGER_MODE
??????????ntkrpamp!_GUID
??????????ntkrpamp!_SECURITY_CLIENT_CONTEXT
??????????ntkrpamp!_TRACE_ENABLE_FLAG_EXTENSION
??????????ntkrpamp!_KMUTANT
??????????ntkrpamp!_WMI_BUFFER_HEADER
??????????ntkrpamp!_CONTROL_AREA
??????????ntkrpamp!_SUBSECTION
??????????ntkrpamp!_LARGE_CONTROL_AREA
??????????ntkrpamp!_MMSECTION_FLAGS
??????????ntkrpamp!_MMSUBSECTION_FLAGS
??????????ntkrpamp!_SEGMENT
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_EVENT_COUNTER
??????????ntkrpamp!_HANDLE_TRACE_DEBUG_INFO
??????????ntkrpamp!_MMSUPPORT_FLAGS
??????????ntkrpamp!_MMWSL
??????????ntkrpamp!_EX_WORK_QUEUE
??????????ntkrpamp!_EPROCESS_QUOTA_ENTRY
??????????ntkrpamp!_UNICODE_STRING
??????????ntkrpamp!_PS_JOB_TOKEN_FILTER
??????????ntkrpamp!_IO_COUNTERS
??????????ntkrpamp!_SID_AND_ATTRIBUTES
??????????ntkrpamp!_LUID_AND_ATTRIBUTES
??????????ntkrpamp!_MM_DRIVER_VERIFIER_DATA
??????????ntkrpamp!_VPB
??????????ntkrpamp!_SECTION_OBJECT_POINTERS
??????????ntkrpamp!_IO_COMPLETION_CONTEXT
??????????ntkrpamp!_CALL_HASH_ENTRY
??????????ntkrpamp!_CM_VIEW_OF_FILE
??????????ntkrpamp!_KLOCK_QUEUE_HANDLE
??????????ntkrpamp!_MMLISTS
??????????ntkrpamp!_DEFERRED_WRITE
??????????ntkrpamp!_HIVE_LIST_ENTRY
??????????ntkrpamp!_CMHIVE
??????????ntkrpamp!_SECURITY_IMPERSONATION_LEVEL
??????????ntkrpamp!_DEVICE_NODE
??????????ntkrpamp!_PO_DEVICE_NOTIFY
??????????ntkrpamp!_PNP_DEVNODE_STATE
??????????ntkrpamp!_IRP
??????????ntkrpamp!_CM_RESOURCE_LIST
??????????ntkrpamp!_IO_RESOURCE_REQUIREMENTS_LIST
??????????ntkrpamp!_INTERFACE_TYPE
??????????ntkrpamp!_DEVICE_RELATIONS
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_RTL_CRITICAL_SECTION
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_KPCR
??????????ntkrpamp!_NT_TIB
??????????ntkrpamp!_KIDTENTRY
??????????ntkrpamp!_KGDTENTRY
??????????ntkrpamp!_KTSS
??????????ntkrpamp!_MMCOLOR_TABLES
??????????ntkrpamp!_PHYSICAL_MEMORY_RUN
??????????ntkrpamp!_MMPFN
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MMPFNENTRY
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MM_SESSION_SPACE
??????????ntkrpamp!_MM_SESSION_SPACE_FLAGS
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MM_PAGED_POOL_INFO
??????????ntkrpamp!_MMWSLE
??????????ntkrpamp!_MMSESSION
??????????ntkrpamp!_DRIVER_OBJECT
??????????ntkrpamp!_POOL_DESCRIPTOR
??????????ntkrpamp!_PEB_LDR_DATA
??????????ntkrpamp!_RTL_USER_PROCESS_PARAMETERS
??????????ntkrpamp!_PEB_FREE_BLOCK
??????????ntkrpamp!_HEAP_FREE_ENTRY
??????????ntkrpamp!_OWNER_ENTRY
??????????ntkrpamp!_IO_RESOURCE_LIST
??????????ntkrpamp!_CM_FULL_RESOURCE_DESCRIPTOR
??????????ntkrpamp!_CM_PARTIAL_RESOURCE_LIST
??????????ntkrpamp!_CM_CACHED_VALUE_INDEX
??????????ntkrpamp!_CELL_DATA
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_WNODE_HEADER
??????????ntkrpamp!_WMI_CLIENT_CONTEXT
??????????ntkrpamp!_WMI_BUFFER_STATE
??????????ntkrpamp!_KiIoAccessMap
??????????ntkrpamp!_DEVICE_OBJECT_POWER_EXTENSION
??????????ntkrpamp!_POWER_CHANNEL_SUMMARY
??????????ntkrpamp!_SYSTEM_POWER_POLICY
??????????ntkrpamp!_POP_THERMAL_ZONE
??????????ntkrpamp!_POP_ACTION_TRIGGER
??????????ntkrpamp!_X86_DBGKD_CONTROL_SET
??????????ntkrpamp!_DBGKD_ANY_CONTROL_SET
??????????ntkrpamp!_PROCESSOR_POWER_POLICY
??????????ntkrpamp!_PROCESSOR_POWER_POLICY_INFO
??????????ntkrpamp!_IMAGE_DOS_HEADER
??????????ntkrpamp!_HEAP_VIRTUAL_ALLOC_ENTRY
??????????ntkrpamp!_HEAP_ENTRY_EXTRA
??????????ntkrpamp!_RTL_ATOM_TABLE
??????????ntkrpamp!_RTL_HANDLE_TABLE
??????????ntkrpamp!_RTL_ATOM_TABLE_ENTRY
??????????ntkrpamp!_IMAGE_ROM_OPTIONAL_HEADER
??????????ntkrpamp!_KWAIT_REASON
??????????ntkrpamp!_HHIVE
??????????ntkrpamp!_CM_KEY_SECURITY_CACHE_ENTRY
??????????ntkrpamp!_CM_KEY_CONTROL_BLOCK
??????????ntkrpamp!_WORK_QUEUE_ITEM
??????????ntkrpamp!_CM_CELL_REMAP_BLOCK
??????????ntkrpamp!_HANDLE_TRACE_DB_ENTRY
??????????ntkrpamp!_HBASE_BLOCK
??????????ntkrpamp!_RTL_BITMAP
??????????ntkrpamp!_DUAL
??????????ntkrpamp!_PROCESS_WS_WATCH_INFORMATION
??????????ntkrpamp!_CM_PARTIAL_RESOURCE_DESCRIPTOR
??????????ntkrpamp!_DRIVER_EXTENSION
??????????ntkrpamp!_FAST_IO_DISPATCH
??????????ntkrpamp!_MMFREE_POOL_ENTRY
??????????ntkrpamp!_IO_TIMER
??????????ntkrpamp!_WAIT_CONTEXT_BLOCK
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_KDEVICE_QUEUE
??????????ntkrpamp!_DEVOBJ_EXTENSION
??????????ntkrpamp!_BITMAP_RANGE
??????????ntkrpamp!_KUSER_SHARED_DATA
??????????ntkrpamp!_KSYSTEM_TIME
??????????ntkrpamp!_KSYSTEM_TIME
??????????ntkrpamp!_NT_PRODUCT_TYPE
??????????ntkrpamp!_ALTERNATIVE_ARCHITECTURE_TYPE
??????????ntkrpamp!_GENERIC_MAPPING
??????????ntkrpamp!_OBJECT_DUMP_CONTROL
??????????ntkrpamp!_OB_OPEN_REASON
??????????ntkrpamp!_ACCESS_STATE
??????????ntkrpamp!_SECURITY_QUALITY_OF_SERVICE
??????????ntkrpamp!_SECURITY_OPERATION_CODE
??????????ntkrpamp!_OBJECT_NAME_INFORMATION
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_LARGE_INTEGER
??????????ntkrpamp!_EXCEPTION_REGISTRATION_RECORD
??????????ntkrpamp!_MMVAD_LONG
??????????ntkrpamp!_MMVAD
??????????ntkrpamp!_MMVAD_FLAGS
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MMVAD_FLAGS2
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MMADDRESS_LIST
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MMBANKED_SECTION
??????????ntkrpamp!_MMEXTEND_INFO
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MMVIEW
??????????ntkrpamp!_MEMORY_CACHING_TYPE_ORIG
??????????ntkrpamp!_EXCEPTION_DISPOSITION
??????????ntkrpamp!_EXCEPTION_RECORD
??????????ntkrpamp!_CONTEXT
??????????ntkrpamp!_POOL_TRACKER_BIG_PAGES
??????????ntkrpamp!_VI_DEADLOCK_RESOURCE
??????????ntkrpamp!_VI_DEADLOCK_THREAD
??????????ntkrpamp!_FLOATING_SAVE_AREA
??????????ntkrpamp!_IMAGE_DATA_DIRECTORY
??????????ntkrpamp!_PCI_PDO_EXTENSION
??????????ntkrpamp!_PCI_MJ_DISPATCH_TABLE
??????????ntkrpamp!_PCI_SLOT_NUMBER
??????????ntkrpamp!_PCI_FDO_EXTENSION
??????????ntkrpamp!_PCI_LOCK
??????????ntkrpamp!_PCI_PMC
??????????ntkrpamp!_HMAP_DIRECTORY
??????????ntkrpamp!_OBJECT_HEADER
??????????ntkrpamp!_OBJECT_CREATE_INFORMATION
??????????ntkrpamp!_QUAD
??????????ntkrpamp!_SECURITY_DESCRIPTOR
??????????ntkrpamp!_ACL
??????????ntkrpamp!_RTLP_RANGE_LIST_ENTRY
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_OBJECT_HEADER_CREATOR_INFO
??????????ntkrpamp!_HEAP_STOP_ON_VALUES
??????????ntkrpamp!_HEAP_STOP_ON_TAG
??????????ntkrpamp!_KEXECUTE_OPTIONS
??????????ntkrpamp!_MODE
??????????ntkrpamp!_IO_RESOURCE_DESCRIPTOR
??????????ntkrpamp!_RTL_CRITICAL_SECTION_DEBUG
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_PCI_BUS_INTERFACE_STANDARD
??????????ntkrpamp!_BUS_HANDLER
??????????ntkrpamp!_PCI_COMMON_CONFIG
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_SYSPTES_HEADER
??????????ntkrpamp!_KDEVICE_QUEUE_ENTRY
??????????ntkrpamp!_IO_ALLOCATION_ACTION
??????????ntkrpamp!_CM_KEY_HASH
??????????ntkrpamp!_CM_NAME_CONTROL_BLOCK
??????????ntkrpamp!_CM_KEY_SECURITY_CACHE
??????????ntkrpamp!_CACHED_CHILD_LIST
??????????ntkrpamp!_CM_INDEX_HINT_BLOCK
??????????ntkrpamp!_PI_RESOURCE_ARBITER_ENTRY
??????????ntkrpamp!_ARBITER_INTERFACE
??????????ntkrpamp!_MDL
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_IO_STATUS_BLOCK
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_IO_STACK_LOCATION
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_IMAGE_SECTION_HEADER
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_POP_TRIGGER_WAIT
??????????ntkrpamp!_FILE_BASIC_INFORMATION
??????????ntkrpamp!_FILE_STANDARD_INFORMATION
??????????ntkrpamp!_FILE_NETWORK_OPEN_INFORMATION
??????????ntkrpamp!_COMPRESSED_DATA_INFO
??????????ntkrpamp!_ETIMER
??????????ntkrpamp!_POLICY_AUDIT_EVENT_TYPE
??????????ntkrpamp!_PM_SUPPORT
??????????ntkrpamp!_MMWSLENTRY
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_EXCEPTION_POINTERS
??????????ntkrpamp!_CURDIR
??????????ntkrpamp!_RTL_DRIVE_LETTER_CURDIR
??????????ntkrpamp!_u
??????????ntkrpamp!_VI_DEADLOCK_RESOURCE_TYPE
??????????ntkrpamp!_MMPFNLIST
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_OBJECT_HEADER_NAME_INFO
??????????ntkrpamp!_OBJECT_DIRECTORY
??????????ntkrpamp!_KINTERRUPT
??????????ntkrpamp!_KINTERRUPT_MODE
??????????ntkrpamp!_TOKEN_CONTROL
??????????ntkrpamp!_PCI_ARBITER_INSTANCE
??????????ntkrpamp!_PCI_INTERFACE
??????????ntkrpamp!_ARBITER_INSTANCE
??????????ntkrpamp!_MMPAGING_FILE
??????????ntkrpamp!_MMMOD_WRITER_MDL_ENTRY
??????????ntkrpamp!_BUS_EXTENSION_LIST
??????????ntkrpamp!_PI_BUS_EXTENSION
??????????ntkrpamp!_PCI_MN_DISPATCH_TABLE
??????????ntkrpamp!_PCI_DISPATCH_STYLE
??????????ntkrpamp!_PCI_COMMON_EXTENSION
??????????ntkrpamp!_MEMORY_TYPE
??????????ntkrpamp!_OBJECT_DIRECTORY_ENTRY
??????????ntkrpamp!_DEVICE_MAP
??????????ntkrpamp!_HEAP_LOOKASIDE
??????????ntkrpamp!_ARBITER_ACTION
??????????ntkrpamp!_ARBITER_PARAMETERS
??????????ntkrpamp!_CALL_PERFORMANCE_DATA
??????????ntkrpamp!_MMWSLE_HASH
??????????ntkrpamp!_STRING
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_SECTION_IMAGE_INFORMATION
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_PRIVATE_CACHE_MAP_FLAGS
??????????ntkrpamp!_RTL_HANDLE_TABLE_ENTRY
??????????ntkrpamp!_POP_IDLE_HANDLER
??????????ntkrpamp!_TOKEN
??????????ntkrpamp!_TOKEN_SOURCE
??????????ntkrpamp!_SEP_AUDIT_POLICY
??????????ntkrpamp!_TOKEN_TYPE
??????????ntkrpamp!_SECURITY_TOKEN_PROXY_DATA
??????????ntkrpamp!_SECURITY_TOKEN_AUDIT_DATA
??????????ntkrpamp!_TEB
??????????ntkrpamp!_ACTIVATION_CONTEXT_STACK
??????????ntkrpamp!_GDI_TEB_BATCH
??????????ntkrpamp!_Wx86ThreadState
??????????ntkrpamp!_TEB_ACTIVE_FRAME
??????????ntkrpamp!_PCI_HEADER_TYPE_0
??????????ntkrpamp!_PCI_HEADER_TYPE_1
??????????ntkrpamp!_PCI_HEADER_TYPE_2
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_HEAP_FREE_ENTRY_EXTRA
??????????ntkrpamp!_POOL_TRACKER_TABLE
??????????ntkrpamp!_PS_QUOTA_TYPE
??????????ntkrpamp!_flags
??????????ntkrpamp!_PHYSICAL_MEMORY_DESCRIPTOR
??????????ntkrpamp!_IMAGE_DEBUG_DIRECTORY
??????????ntkrpamp!_GUID
??????????ntkrpamp!_INTERFACE
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MMMOD_WRITER_LISTHEAD
??????????ntkrpamp!_POP_POWER_ACTION
??????????ntkrpamp!_POP_SHUTDOWN_BUG_CHECK
??????????ntkrpamp!_POP_DEVICE_SYS_STATE
??????????ntkrpamp!_POP_HIBER_CONTEXT
??????????ntkrpamp!_LPCP_MESSAGE
??????????ntkrpamp!_PORT_MESSAGE
??????????ntkrpamp!_MMVAD_SHORT
??????????ntkrpamp!_SECURITY_SUBJECT_CONTEXT
??????????ntkrpamp!_INITIAL_PRIVILEGE_SET
??????????ntkrpamp!_PRIVILEGE_SET
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_PNP_DEVICE_EVENT_ENTRY
??????????ntkrpamp!_PNP_VETO_TYPE
??????????ntkrpamp!_PLUGPLAY_EVENT_BLOCK
??????????ntkrpamp!_PNP_DEVICE_EVENT_LIST
??????????ntkrpamp!_KSPECIAL_REGISTERS
??????????ntkrpamp!_SECURITY_DESCRIPTOR_RELATIVE
??????????ntkrpamp!_RTL_RANGE_LIST
??????????ntkrpamp!_ARBITER_ORDERING_LIST
??????????ntkrpamp!_ARBITER_ALLOCATION_STATE
??????????ntkrpamp!_ARBITER_CONFLICT_INFO
??????????ntkrpamp!_RTL_RANGE
??????????ntkrpamp!_BUS_DATA_TYPE
??????????ntkrpamp!_SUPPORTED_RANGES
??????????ntkrpamp!_PO_DEVICE_NOTIFY_ORDER
??????????ntkrpamp!_POP_DEVICE_POWER_IRP
??????????ntkrpamp!_MMSYSTEM_PTE_POOL_TYPE
??????????ntkrpamp!_CM_NAME_HASH
??????????ntkrpamp!_PROXY_CLASS
??????????ntkrpamp!_HANDLE_TABLE_ENTRY
??????????ntkrpamp!_HANDLE_TABLE_ENTRY_INFO
??????????ntkrpamp!_LPCP_PORT_OBJECT
??????????ntkrpamp!_LPCP_PORT_QUEUE
??????????ntkrpamp!_POOL_HACKER
??????????ntkrpamp!_IO_SECURITY_CONTEXT
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_NAMED_PIPE_CREATE_PARAMETERS
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MAILSLOT_CREATE_PARAMETERS
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_FILE_INFORMATION_CLASS
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_FSINFOCLASS
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_SCSI_REQUEST_BLOCK
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_FILE_GET_QUOTA_INFORMATION
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_DEVICE_RELATION_TYPE
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_DEVICE_CAPABILITIES
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_DEVICE_USAGE_NOTIFICATION_TYPE
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_POWER_SEQUENCE
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_POWER_STATE_TYPE
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_MI_VERIFIER_POOL_HEADER
??????????ntkrpamp!_MI_VERIFIER_DRIVER_ENTRY
??????????ntkrpamp!_CM_KEY_BODY
??????????ntkrpamp!_CM_NOTIFY_BLOCK
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_IA64_DBGKD_CONTROL_SET
??????????ntkrpamp!_AMD64_DBGKD_CONTROL_SET
??????????ntkrpamp!_ARBITER_ORDERING
??????????ntkrpamp!_LPCP_NONPAGED_PORT_QUEUE
??????????ntkrpamp!_DUMP_STACK_CONTEXT
??????????ntkrpamp!_PO_MEMORY_RANGE_ARRAY
??????????ntkrpamp!_PO_HIBER_PERF
??????????ntkrpamp!_TEB_ACTIVE_FRAME_CONTEXT
??????????ntkrpamp!_TEB_ACTIVE_FRAME_CONTEXT
??????????ntkrpamp!_SID
??????????ntkrpamp!_DUMP_INITIALIZATION_CONTEXT
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_IO_CLIENT_EXTENSION
??????????ntkrpamp!_FS_FILTER_CALLBACKS
??????????ntkrpamp!_SID_IDENTIFIER_AUTHORITY
??????????ntkrpamp!_SUPPORTED_RANGE
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_VI_POOL_ENTRY
??????????ntkrpamp!_SEP_AUDIT_POLICY_CATEGORIES
??????????ntkrpamp!_SEP_AUDIT_POLICY_OVERLAY
??????????ntkrpamp!_PLUGPLAY_EVENT_CATEGORY
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_ADAPTER_OBJECT
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_ARBITER_LIST_ENTRY
??????????ntkrpamp!_ARBITER_ALTERNATIVE
??????????ntkrpamp!_PO_NOTIFY_ORDER_LEVEL
??????????ntkrpamp!_FS_FILTER_CALLBACK_DATA
??????????ntkrpamp!_CM_KEY_NODE
??????????ntkrpamp!_CM_KEY_VALUE
??????????ntkrpamp!_CM_KEY_SECURITY
??????????ntkrpamp!_CM_KEY_INDEX
??????????ntkrpamp!_CM_BIG_DATA
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_FS_FILTER_PARAMETERS
??????????ntkrpamp!_VI_POOL_ENTRY_INUSE
??????????ntkrpamp!_DESCRIPTOR
??????????ntkrpamp!_CHILD_LIST
??????????ntkrpamp!_CM_KEY_REFERENCE
??????????ntkrpamp!_ARBITER_REQUEST_SOURCE
??????????ntkrpamp!_ARBITER_RESULT
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
??????????ntkrpamp!_FS_FILTER_SECTION_SYNC_TYPE
??????????ntkrpamp!__unnamed
??????????ntkrpamp!__unnamed
lkd>?dt?nt!_kinterrupt
???+0x000?Type?????????????:?Int2B
???+0x002?Size?????????????:?Int2B
???+0x004?InterruptListEntry?:?_LIST_ENTRY
???+0x00c?ServiceRoutine???:?Ptr32?????unsigned?char?
???+0x010?ServiceContext???:?Ptr32?Void
???+0x014?SpinLock?????????:?Uint4B
???+0x018?TickCount????????:?Uint4B
???+0x01c?ActualLock???????:?Ptr32?Uint4B
???+0x020?DispatchAddress??:?Ptr32?????void?
???+0x024?Vector???????????:?Uint4B
???+0x028?Irql?????????????:?UChar
???+0x029?SynchronizeIrql??:?UChar
???+0x02a?FloatingSave?????:?UChar
???+0x02b?Connected????????:?UChar
???+0x02c?Number???????????:?Char
???+0x02d?ShareVector??????:?UChar
???+0x030?Mode?????????????:?_KINTERRUPT_MODE
???+0x034?ServiceCount?????:?Uint4B
???+0x038?DispatchCount????:?Uint4B
???+0x03c?DispatchCode?????:?[106]?Uint4B
確認一下是否運行的windows版本是debug版本
需要使用WMI的win32_OperationSystem?類的debug屬性來獲得
編寫腳本?osversion.vbs
strComputer?=?"."?
Set?objWMIService?=?GetObject("winmgmts:"?_?
?&?"{impersonationLevel=impersonate}!\\"?&?strComputer?&?"\root\cimv2")?
Set?colOSes?=?objWMIService.ExecQuery("Select?*?from?Win32_OperatingSystem")?
For?Each?objOS?in?colOSes?
??Wscript.Echo?"Computer?Name:?"?&?objOS.CSName?
??Wscript.Echo?"Caption:?"?&?objOS.Caption?'Name?
??Wscript.Echo?"Version:?"?&?objOS.Version?'Version?&?build?
??Wscript.Echo?"Build?Number:?"?&?objOS.BuildNumber?'Build?
??Wscript.Echo?"Build?Type:?"?&?objOS.BuildType?
??Wscript.Echo?"OS?Type:?"?&?objOS.OSType?
??Wscript.Echo?"Other?Type?Description:?"?&?objOS.OtherTypeDescription?
??WScript.Echo?"Service?Pack:?"?&?objOS.ServicePackMajorVersion?&?"."?&?_?
???objOS.ServicePackMinorVersion?
Next
C:\Documents?and?Settings\jamin\桌面>cscript?osversion.vbs
Microsoft?(R)?Windows?Script?Host?Version?5.7
版權所有(C)?Microsoft?Corporation?1996-2001。保留所有權利。
Computer?Name:?AMD6000
Caption:?Microsoft?Windows?XP?Professional
Version:?5.1.2600
Build?Number:?2600
Build?Type:?Multiprocessor?Free
OS?Type:?18
Other?Type?Description:
Service?Pack:?3.0
原文鏈接: http://blog.csdn.net/jaminwm/article/details/7229716
轉載于:https://my.oschina.net/chen106106/blog/45194
總結
以上是生活随笔為你收集整理的《深入理解Windows操作系统》笔记1的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 全国计算机等级考试题库二级C操作题100
- 下一篇: vs代码模板制作