\u5927\u591a\u6578\u8edf\u9ad4\u696d\u754c\u7684 escalation engineer \u90fd\u6703\u5c07\u4ed6\u5011\u7684\u65e5\u5e38\u5de5\u4f5c\u6bd4\u55bb\u70ba CSI\uff0c\u56e0\u70ba\u505a\u7684\u4e8b\u60c5\u5f88\u985e\u4f3c: \u8490\u96c6\u8b49\u64da, \u62fc\u6e4a\u7dda\u7d22, \u627e\u51fa\u5acc\u72af\u3002\u4e0d\u904e\u5462\uff0c\u5927\u90e8\u4efd\u7684\u76f8\u95dc\u66f8\u7c4d\u90fd\u8457\u91cd\u65bc\u5206\u6790\u7dda\u7d22\u548c\u63a8\u7406\u7684\u90e8\u4efd\uff0c\u5f88\u5c11\u6709\u63d0\u53ca\u5982\u4f55\u8490\u8b49\u7684\u6280\u5de7\uff0c\u9019\u4e5f\u662f\u70ba\u4f55\u6211\u5011\u7528\u4e86\u9019\u9ebc\u591a\u7bc7\u5e45\u4f86\u8b1b\u89e3\u53d6\u6a23\u7684\u6280\u5de7\uff0c\u56e0\u70ba\u5b83\u4e26\u4e0d\u5982\u60f3\u50cf\u4e2d\u7684\u90a3\u9ebc\u5bb9\u6613 \ud83d\ude42<\/p>\n
\u5982\u679c\u6211\u5011\u4e0d\u80fd\u5728\u5ba2\u6236\u7684\u6a5f\u5668\u4e0a\u5b89\u88dd\u4efb\u4f55\u6771\u897f\u7684\u8a71 (\u9019\u591a\u534a\u662f\u53d7\u5236\u65bc\u5ba2\u6236\u7684 IT policy)\uff0c\u90a3\u8981\u5982\u4f55\u53d6\u6a23 memory dump \u5462\uff1f\u9019\u6642\u6211\u5011\u53ef\u4ee5\u5728\u5bb6\u88e1\u5148\u627e\u53f0\u6a5f\u5668\u88dd\u597d Debugging Tools for Windows\uff0c\u7136\u5f8c\u628a\u7a0b\u5f0f\u7684\u8cc7\u6599\u593e\u76f4\u63a5\u71d2\u5230 CD \u6216\u62f7\u5230 USB \u96a8\u8eab\u789f\u3002\u6211\u5011\u53ef\u4ee5\u76f4\u63a5\u5f9e CD\/USB \u53bb\u57f7\u884c\u9019\u4e9b\u5de5\u5177\uff0c\u800c\u4e0d\u5fc5\u5b89\u88dd\u7a0b\u5f0f\uff0c\u9019\u5c31\u662f\u5fae\u8edf\u5e38\u63d0\u8d77\u7684 “xcopy installation”: \u9664\u4e86\u76f4\u63a5 copy \u5230\u786c\u789f\u5c31\u6703\u52d5\u4e4b\u5916\uff0ccopy \u5230\u5149\u789f\u6216\u96a8\u8eab\u789f\u4e5f\u662f\u53ef\u4ee5\u7684\u3002\u5c0d\u4e86\uff0c\u901a\u5e38\u6211\u5011\u6703\u540c\u6642\u6e96\u5099 32-bit \u548c 64-bit \u7684\u7248\u672c\uff0c\u4e5f\u6703\u9806\u4fbf\u5e36\u4e00\u5957 SysInternals suite<\/a>\u3002<\/p>\n \u6211\u5011\u5728\u7b2c\u4e00\u7bc7\u6587\u7ae0\u4e2d<\/a>\uff0c\u63a8\u85a6\u4f7f\u7528 ADPlus \u4f86\u8490\u96c6 user-mode \u7684 memory dump\uff0c\u4f46\u6709\u6642\u5ba2\u6236\u7684\u6a5f\u5668\u662f\u7121\u6cd5\u57f7\u884c ADPlus \u7684\uff0c\u9019\u662f\u56e0\u70ba\u82e5\u6a5f\u5668\u672c\u8eab\u6709\u554f\u984c (\u5982 COM registry corruption)\uff0c\u5b83\u6839\u672c\u7121\u6cd5\u57f7\u884c cscript\u3002\u9019\u6642\u5019\u6211\u5011\u53ef\u4ee5\u4f7f\u7528\u50cf\u662f userdump<\/a> \u4e4b\u985e\u7684\u5de5\u5177\uff0c\u6216\u662f\u76f4\u63a5\u4f7f\u7528\u624b\u52d5\u7684\u65b9\u5f0f\u4f86\u53d6\u6a23\u3002\u6211\u500b\u4eba\u6bd4\u8f03\u504f\u597d\u4f7f\u7528\u624b\u52d5\u7684\u65b9\u5f0f\uff0c\u56e0\u70ba\u53ef\u4ee5\u5f97\u5230\u8f03\u597d\u7684\u63a7\u5236\u3002\u90a3\u9ebc\uff0c\u8981\u5982\u4f55\u624b\u52d5\u4f86\u505a\u5462? \u9996\u5148\u6211\u5011\u5fc5\u9808\u4e86\u89e3 ADPlus \u7684\u6d41\u7a0b:<\/p>\n ADPlus \u7522\u751f\u7684 CDB script \u57fa\u672c\u67b6\u69cb\u662f\u9019\u6a23\u7684:<\/p>\n \n.logopen<\/strong> <\u8cc7\u6599\u593e>\\<\u8a18\u9304\u6a94><\/em> 1st-chance \u548c 2nd-chance \u6307\u4ee4\u88e1\uff0c\u53c8\u6703\u5167\u5d4c\u4e0b\u5217\u7684 script:<\/p>\n \n<\u4e00\u5927\u5806 .echo\uff0c\u8f38\u51fa\u8a0a\u606f\u7528\u7684> \u4e86\u89e3 ADPlus \u7684\u5de5\u4f5c\u539f\u7406\u4e4b\u5f8c\uff0c\u6211\u5011\u5c31\u53ef\u4ee5\u76f4\u63a5\u7528 cdb\/ntsd\/windbg \u53bb attach \u8981\u9664\u932f\u7684 process\uff0c\u7136\u5f8c\u4eff\u7167\u5b83\u7684\u601d\u8def\u4f86\u9032\u884c\u6211\u5011\u7684\u53d6\u6a23\u5de5\u4f5c\u3002\u7576\u7136\uff0c\u4e5f\u53ef\u4ee5\u7528\u53d6\u5de7\u7684\u65b9\u6cd5: \u76f4\u63a5\u5728\u5bb6\u88e1\u5148\u7528 ADPlus \u4f86\u53d6\u6a23\u8a72 process\uff0c\u7136\u5f8c\u628a CDBScripts \u4e0b\u7684 script \u62ff\u53bb\u73fe\u5834\u8dd1\u3002<\/p>\n","protected":false},"excerpt":{"rendered":" ADPlus \u5de5\u4f5c\u539f\u7406\u5256\u6790<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,6,2],"tags":[],"_links":{"self":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/posts\/292"}],"collection":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/comments?post=292"}],"version-history":[{"count":3,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/posts\/292\/revisions"}],"predecessor-version":[{"id":295,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/posts\/292\/revisions\/295"}],"wp:attachment":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/media?parent=292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/categories?post=292"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/tags?post=292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n.time<\/strong>
\n!version<\/strong>
\n<\u8a2d\u5b9a alias><\/em>
\n* set exceptions, \u9019\u88e1\u6703\u6709\u5f88\u591a\u500b sx* \u6307\u4ee4\u81ea\u52d5\u7522\u751f
\nsx{e|d|i|n} -c<\/strong> @”<1st chance cmds><\/em>” -c2<\/strong> @”<2nd chance cmds><\/em>”
\ng
\n.time
\nQ<\/b>\n<\/p><\/blockquote>\n
\n~#kvn250<\/strong> * dump faulting thread stack, frame depth 250
\n* create dump: \/mdi for 1st chance, \/ma for 2nd chance
\n.dump -u {\/mdi|\/ma} -c<\/strong> <comments>
\n{!locks; !runaway}<\/strong> * \u67d0\u4e9b\u72c0\u6cc1\u4e0b\u6703\u591a\u8dd1\u9019\u5169\u500b\u6307\u4ee4
\n{!elog_str}<\/strong> * \u53ea\u6709 2nd-chance dumps \u6703 log
\ngn<\/strong> * \u5ffd\u7565 exception\uff0c\u7e7c\u7e8c\u57f7\u884c\uff0c\u4ee5\u4fbf\u8b93\u5176\u4ed6\u5143\u4ef6\u63a5\u624b\n<\/p><\/blockquote>\n