{"id":120,"date":"2006-09-27T22:05:50","date_gmt":"2006-09-28T02:05:50","guid":{"rendered":"http:\/\/www.cchsu.com\/arthur\/digest\/windbg\/env\/"},"modified":"2006-09-28T00:23:20","modified_gmt":"2006-09-28T04:23:20","slug":"env","status":"publish","type":"page","link":"http:\/\/www.cchsu.com\/arthur\/digest\/windbg\/env\/","title":{"rendered":"\u57fa\u790e\u74b0\u5883\u8a2d\u5b9a"},"content":{"rendered":"<h3>Symbol<\/h3>\n<p>.sympath+ srv*<em>localpath<\/em>*<em>serverpath<\/em><\/p>\n<p>\u4f8b\u5982 .sympath+ srv*c:\\symbols\\microsoft*http:\/\/msdl.microsoft.com\/download\/symbols<br \/>\nMicrosoft \u7684 path \u8981\u653e\u6700\u5f8c\u9762\uff0c\u4e5f\u53ef\u4ee5\u6309 Ctrl-S \u53bb\u8a2d\u5b9a<br \/>\n\u4ea6\u53ef\u4f7f\u7528 _NT_SYMBOL_PATH \u74b0\u5883\u8b8a\u6578 (\u9019\u500b\u8f03\u5e38\u7528\uff0c\u5728 kd \u548c ntsd \u9593\u5207\u63db\u624d\u4e0d\u7528\u91cd\u8a2d .sympath)<\/p>\n<h3>cdb\/ntsd<\/h3>\n<p>remote break-in \u6703\u9032\u5165 kd\uff0c\u82e5\u8981\u5207\u5165 user-mode process\uff0c\u6709\u5e7e\u7a2e\u65b9\u6cd5<\/p>\n<p>1. \u5728 client OS \u4e0a\u8dd1 cdb \u6216 ntsd: cdb -d -p <em>pid<\/em><br \/>\n2.<br \/>\nkd> <font color=\"0000ff\">!process 0 0 foo.exe<\/font><br \/>\nPROCESS 8176f7f8  SessionId: 0  Cid: <font color=\"ff0000\">03d8<\/font> &#8230;<br \/>\nkd> <font color=\"0000ff\">!bpid<\/font>&nbsp;<font color=\"ff0000\">03d8<\/font><br \/>\nkd> <font color=\"0000ff\">.reload<\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Symbol .sympath+ srv*localpath*serverpath \u4f8b\u5982 .sympath+ srv*c:\\symbols\\microsoft*http:\/\/msdl.microsoft.com\/download\/symbols Microsoft \u7684 path \u8981\u653e\u6700\u5f8c\u9762\uff0c\u4e5f\u53ef\u4ee5\u6309 Ctrl-S \u53bb\u8a2d\u5b9a \u4ea6\u53ef\u4f7f\u7528 _NT_SYMBOL_PATH \u74b0\u5883\u8b8a\u6578 (\u9019\u500b\u8f03\u5e38\u7528\uff0c\u5728 kd \u548c ntsd \u9593\u5207\u63db\u624d\u4e0d\u7528\u91cd\u8a2d .sympath) cdb\/ntsd remote break-in \u6703\u9032\u5165 kd\uff0c\u82e5\u8981\u5207\u5165 user-mode process\uff0c\u6709\u5e7e\u7a2e\u65b9\u6cd5 1. \u5728 client OS \u4e0a\u8dd1 cdb \u6216 ntsd: cdb -d -p pid 2. kd> !process 0 0 foo.exe PROCESS 8176f7f8 SessionId: 0 Cid: 03d8 &#8230; kd> !bpid&nbsp;03d8 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":118,"menu_order":0,"comment_status":"open","ping_status":"open","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/pages\/120"}],"collection":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/comments?post=120"}],"version-history":[{"count":0,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/pages\/120\/revisions"}],"up":[{"embeddable":true,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/pages\/118"}],"wp:attachment":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/media?parent=120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}