21,618
社区成员
发帖
与我相关
我的任务
分享求解WinDbg的两个问题
kd> g
*** ERROR: Module load completed but symbols could not be loaded for HpqKbFiltr.sys
*** ERROR: Module load completed but symbols could not be loaded for vmmouse.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for vmci.sys -
*** ERROR: Module load completed but symbols could not be loaded for vmx_svga.sys
*** ERROR: Module load completed but symbols could not be loaded for intelppm.sys
*** ERROR: Module load completed but symbols could not be loaded for ipsec.sys
*** ERROR: Module load completed but symbols could not be loaded for ipnat.sys
*** ERROR: Module load completed but symbols could not be loaded for vmx_fb.dll
*** ERROR: Module load completed but symbols could not be loaded for vmx_fb.dll
*** ERROR: Module load completed but symbols could not be loaded for hgfs.sys
ERROR: DavReadRegistryValues/RegQueryValueExW(4). WStatus = 5
ERROR: DavReadRegistryValues/RegQueryValueExW(5). WStatus = 5
ERROR: DavReadRegistryValues/RegQueryValueExW(6). WStatus = 5
*** ERROR: Module load completed but symbols could not be loaded for DbgMsg.SYS
*** ERROR: Module load completed but symbols could not be loaded for vmmemctl.sys
Breakpoint 0 hit
HelloDDK!DriverEntry:
这使我在WinDbg中遇到的问题,用lm查询发现其他模块都能加载,就这些一直加载不了,用.reload /f 也没用,后来发现有些模块是以vm开头的,像vmx_fb.dll,怀疑这是虚拟机系统特有的模块,WinDbg的无法从网上自动下载。可是在有时调试程序发现还是需要其中的一些模块,现在这求解决方法
以下是另一个问题
#pragma INITCODE
extern "C" NTSTATUS DriverEntry (
IN PDRIVER_OBJECT pDriverObject,
IN PUNICODE_STRING pRegistryPath )
{
NTSTATUS status;
KdPrint(("Enter DriverEntry\n"));
//注册其他驱动调用函数入口
pDriverObject->DriverUnload = HelloDDKUnload;
pDriverObject->MajorFunction[IRP_MJ_CREATE] = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction[IRP_MJ_CLOSE] = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction[IRP_MJ_WRITE] = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction[IRP_MJ_READ] = HelloDDKDispatchRoutine;
//创建驱动设备对象
status = CreateDevice(pDriverObject);
ASSERT(0);
KdPrint(("DriverEntry end\n"));
return status;
}
代码中的红色部分是我程序运行到的地方,WinDbg中显示如下:
1: kd> p
HelloDDK!DriverEntry+0x6:
f7ab6653 680066abf7 push offset HelloDDK!HelloDDKDispatchRoutine <PERF> (HelloDDK+0x600) (f7ab6600)
将HelloDDK!HelloDDKDispatchRoutine的地址压栈,可是程序在这地方干嘛要把这个压栈呢,新手学驱动,求高人解答,感激不尽
*** ERROR: Module load completed but symbols could not be loaded for HpqKbFiltr.sys
*** ERROR: Module load completed but symbols could not be loaded for vmmouse.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for vmci.sys -
*** ERROR: Module load completed but symbols could not be loaded for vmx_svga.sys
*** ERROR: Module load completed but symbols could not be loaded for intelppm.sys
*** ERROR: Module load completed but symbols could not be loaded for ipsec.sys
*** ERROR: Module load completed but symbols could not be loaded for ipnat.sys
*** ERROR: Module load completed but symbols could not be loaded for vmx_fb.dll
*** ERROR: Module load completed but symbols could not be loaded for vmx_fb.dll
*** ERROR: Module load completed but symbols could not be loaded for hgfs.sys
ERROR: DavReadRegistryValues/RegQueryValueExW(4). WStatus = 5
ERROR: DavReadRegistryValues/RegQueryValueExW(5). WStatus = 5
ERROR: DavReadRegistryValues/RegQueryValueExW(6). WStatus = 5
*** ERROR: Module load completed but symbols could not be loaded for DbgMsg.SYS
*** ERROR: Module load completed but symbols could not be loaded for vmmemctl.sys
Breakpoint 0 hit
HelloDDK!DriverEntry:
这使我在WinDbg中遇到的问题,用lm查询发现其他模块都能加载,就这些一直加载不了,用.reload /f 也没用,后来发现有些模块是以vm开头的,像vmx_fb.dll,怀疑这是虚拟机系统特有的模块,WinDbg的无法从网上自动下载。可是在有时调试程序发现还是需要其中的一些模块,现在这求解决方法
以下是另一个问题
#pragma INITCODE
extern "C" NTSTATUS DriverEntry (
IN PDRIVER_OBJECT pDriverObject,
IN PUNICODE_STRING pRegistryPath )
{
NTSTATUS status;
KdPrint(("Enter DriverEntry\n"));
//注册其他驱动调用函数入口
pDriverObject->DriverUnload = HelloDDKUnload;
pDriverObject->MajorFunction[IRP_MJ_CREATE] = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction[IRP_MJ_CLOSE] = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction[IRP_MJ_WRITE] = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction[IRP_MJ_READ] = HelloDDKDispatchRoutine;
//创建驱动设备对象
status = CreateDevice(pDriverObject);
ASSERT(0);
KdPrint(("DriverEntry end\n"));
return status;
}
代码中的红色部分是我程序运行到的地方,WinDbg中显示如下:
1: kd> p
HelloDDK!DriverEntry+0x6:
f7ab6653 680066abf7 push offset HelloDDK!HelloDDKDispatchRoutine <PERF> (HelloDDK+0x600) (f7ab6600)
将HelloDDK!HelloDDKDispatchRoutine的地址压栈,可是程序在这地方干嘛要把这个压栈呢,新手学驱动,求高人解答,感激不尽
...全文
请发表友善的回复…
发表回复
zhadaolong 2011-11-29
- 打赏
- 举报
同感,也遇到同样问题???
woshi_ziyu 2011-11-26
- 打赏
- 举报
