欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

《深入理解Windows操作系统》笔记1  

程序员文章站 2022-06-04 16:05:12
...

C:\ProgramFiles>cd"DebuggingToolsforWindows(x86)"

C:\ProgramFiles\DebuggingToolsforWindows(x86)>dir

驱动器C中的卷没有标签。

卷的序列号是18F6-A188

C:\ProgramFiles\DebuggingToolsforWindows(x86)的目录

2012-02-0214:24<DIR>.

2012-02-0214:24<DIR>..

2012-02-0214:24<DIR>1394

2009-08-2414:3871,168adplus.doc

2010-02-0112:2797,040adplus.exe

2010-02-0112:2729,056adplusext.dll

2010-02-0112:2780,656adplusmanager.exe

2009-08-2414:382,068adplusmanager.exe.config

2010-02-0112:27200,530adplus_old.vbs

2010-02-0112:2736,736agestore.exe

2010-02-0112:2717,168breakin.exe

2010-02-0112:27364,816cdb.exe

2012-02-0214:24<DIR>clr10

2010-02-0112:2732,128convertstore.exe

2010-02-0112:27112,512dbengprx.exe

2010-02-0112:273,557,648dbgeng.dll

2010-02-0112:271,213,200dbghelp.dll

2010-02-0112:2739,184dbgrpc.exe

2010-02-0112:2732,528dbgsrv.exe

2010-02-0112:27151,824dbh.exe

2010-01-0811:07326,336debugger.chi

2010-01-0811:075,117,792debugger.chm

2010-02-0112:27419,088decem.dll

2009-08-2414:3856,832dml.doc

2010-02-0112:2720,864dumpchk.exe

2010-02-0112:2719,840dumpexam.exe

2010-02-0112:27145,168gflags.exe

2010-02-0112:27362,768i386kd.exe

2010-02-0112:27362,768ia64kd.exe

2010-02-0112:27376,080kd.exe

2010-02-0112:2734,576kdbgctrl.exe

2010-02-0112:27170,256kdsrv.exe

2009-08-2414:381,196,032kernel_debugging_tutorial.doc

2010-02-0112:2734,064kill.exe

2009-09-1811:3510,237license.txt

2010-02-0112:2780,768list.exe

2010-02-0112:2728,944logger.exe

2010-02-0112:27211,328logviewer.exe

2010-02-0112:27365,328ntsd.exe

2010-02-0112:2723,312pdbcopy.exe

2010-02-0112:082,819redist.txt

2010-01-2821:2112,615relnotes.txt

2010-02-0112:2769,504remote.exe

2010-02-0112:2725,360rtlist.exe

2012-02-0214:24<DIR>sdk

2012-02-0214:24<DIR>srcsrv

2010-02-0112:2792,944srcsrv.dll

2010-02-0112:2730,992symbolcheck.dll

2010-02-0112:2780,144symchk.exe

2012-02-0214:24<DIR>symproxy

2010-02-0112:27131,856symsrv.dll

2009-08-2414:381symsrv.yes

2010-02-0112:27145,168symstore.exe

2012-02-0214:24<DIR>themes

2010-02-0112:2747,376tlist.exe

2012-02-0214:24<DIR>triage

2010-02-0112:27143,232umdh.exe

2012-02-0214:24<DIR>usb

2010-02-0112:27139,136usbview.exe

2010-02-0112:2774,512vmdemux.exe

2012-02-0214:24<DIR>w2kchk

2012-02-0214:24<DIR>w2kfre

2010-02-0112:27532,752windbg.exe

2012-02-0214:24<DIR>winext

2012-02-0214:24<DIR>winxp

51个文件16,929,054字节

14个目录153,558,147,072可用字节

C:\ProgramFiles\DebuggingToolsforWindows(x86)>tlist.exe/t

SystemProcess(0)

System(4)

smss.exe(460)

csrss.exe(516)

winlogon.exe(1172)

services.exe(1216)

ati2evxx.exe(1388)ATIvideobiospoller

svchost.exe(1420)

svchost.exe(1536)

svchost.exe(1656)

svchost.exe(1676)

svchost.exe(1728)

acs.exe(1764)

inetinfo.exe(1856)

sqlservr.exe(1880)

sqlwriter.exe(2032)

alg.exe(700)

msiexec.exe(3664)

lsass.exe(1228)

ati2evxx.exe(1616)ATIvideobiospollerclient

explorer.exe(1000)ProgramManager

RTHDCPL.EXE(1192)

Probe2.exe(1372)PCProbeII

aaCenter.exe(2500)aacenter

TWCU.exe(1276)TP-LINK无线客户端应用程序-当前配置文件:默认值-TP-LINKWi

relessUSBAdapter

ctfmon.exe(1460)

DTLite.exe(1468)DAEMONToolsAgentwindow

WINWORD.EXE(3952)windows-MicrosoftWord

cmd.exe(2600)命令提示符-tlist.exe/t

tlist.exe(1100)

windbg.exe(2412)Localkernel-WinDbg:6.12.0002.633X86

MOM.exe(1436).NET-BroadcastEventWindow.2.0.0.0.33c0d9d.0

CCC.exe(3748)

conime.exe(2512)

C:\ProgramFiles\DebuggingToolsforWindows(x86)>

Microsoft(R)WindowsDebuggerVersion6.12.0002.633X86

Copyright(c)MicrosoftCorporation.Allrightsreserved.

ConnectedtoWindowsXP2600x86compatibletargetat(ThuFeb214:26:16.1712012(UTC+8:00)),ptr64FALSE

Symbolsearchpathis:***Invalid***

****************************************************************************

*Symbolloadingmaybeunreliablewithoutasymbolsearchpath.*

*Use.symfixtohavethedebuggerchooseasymbolpath.*

*Aftersettingyoursymbolpath,use.reloadtorefreshsymbollocations.*

****************************************************************************

Executablesearchpathis:

*********************************************************************

*Symbolscannotbeloadedbecausesymbolpathisnotinitialized.*

**

*TheSymbolPathcanbesetby:*

*usingthe_NT_SYMBOL_PATHenvironmentvariable.*

*usingthe-y<symbol_path>argumentwhenstartingthedebugger.*

*using.sympathand.sympath+*

*********************************************************************

***ERROR:Symbolfilecouldnotbefound.Defaultedtoexportsymbolsforntkrpamp.exe-

*******************************************************************************

WARNING:Localkerneldebuggingrequiresbootingwithkernel

debuggingsupport(/debugorbcdedit-debugon)toworkoptimally.

*******************************************************************************

WindowsXPKernelVersion2600(ServicePack3)MP(2procs)Freex86compatible

Product:WinNt,suite:TerminalServerSingleUserTS

Builtby:2600.xpsp.080413-2111

MachineName:

Kernelbase=0x804d8000PsLoadedModuleList=0x8055e720

Debugsessiontime:ThuFeb214:26:16.3432012(UTC+8:00)

SystemUptime:0days0:25:11.890

X64用户进程空间:8TB,系统空间6657GB

Itanium用户进程空间:7TB,系统空间6144GB

C:\ProgramFiles\SupportTools>qslice

启动线程查看器,该软件位于Windows2000资源工具包中,XP下需要单独下载安装

C:\ProgramFiles\SupportTools>

C:\ProgramFiles\SupportTools>mstsc.exe

启动远程连接

Windows2000professional不支持终端会话

WindowsXPprofessional支持1个终端会话

Windows2000ServerWindowsServer2003支持2个并发的远程连接,以上版本如企业版支持多个连接,并且可以配置为终端服务器

WindowsXP中使用键盘Win+L组合键可以快速切换用户,原来的进程等信息均保存在系统中

WindowsXP/2003使用16位宽度的unicode编码,而不是8asci码,在此之前的windows版本,其亚洲和中东语言版本是美国欧洲核心版本的一个扩展,因此其windowsAPI是一个超集,和原有的版本不同,因此需要在app层面单独构建语言包。而从windows2000开始使用全球统一的语言包了。API也调用一样了

内核调试所需的符号文件必须做到完全匹配。

C:\>livekd

LiveKdv5.0-Executekd/windbgonalivesystem

Sysinternals-www.sysinternals.com

Copyright(C)2000-2010MarkRussinovichandKenJohnson

Symbolsarenotconfigured.WouldyoulikeLiveKdtosetthe_NT_SYMBOL_PATH

directorytoreferencetheMicrosoftsymbolserversothatsymbolscanbe

obtainedautomatically?(y/n)y

Enterthefoldertowhichsymbolsdownload(defaultisc:\symbols):

Symbolsearchpathis:srv*c:\Symbols*http://msdl.microsoft.com/download/symbols

http://msdl.microsoft.com/download/symbols不支持web访问,仅支持终端内核调试访问

windows支持2种多处理器系统:超线程和NUMA非一致性的内存结构。HT超线程是intel的技术,一个物理处理器上提供多个逻辑处理器,每个逻辑处理器有其自己的状态,执行引擎和芯片上的L1L2,L3等高速缓存共享。

NUMA是将处理器作为更小的单元节点,使用全部的内存

处理器许可:注册表:HKLM\SYSEM\CCS\Contorl\session\manager\licensedprocessors

64bitwindows上,没有PAE内核。也就是Windows2000的介质下\I386\UNIPROC\WINSRVDLL文件,表示单处理器版本,在XP2003中去掉了

检查正在运行的ntoskrnl版本:

1、检查事件查看器中事件ID6009的日志

2、在引导的注册表中检查HKLM\SYSRTEM\CCS\Control\sessionmanger\memorymanagerment\physicaladdressExtrension如果是1,则从PAE引导,也就是单处理器

3、C:\WINDOWS\system32>ntoskrnl.exeC:\WINDOWS\system32\ntoskrnl.exe应用程序无法在Win32模式中运行。

版本

支持的CPU

支持的物理内存GB

windows2000professional

2

4

windows2000server

4

4

windows2000advancedserver

8

8

windows2000datacenter

32

64

32位的支持CPU

32位的物理内存支持

64位的CPU

64位内存

windowsxphome

1

4

windowsXPprofessional

2

4

2

128

windows2003standard

4

4

windows2003enterprise

8

32

8

64

windows2003datacenter

32

64

64

1024

奇怪吧,windowsXP64bit的内存支持比windows2003企业版64bit还要高!!!

Microsoft(R)WindowsDebuggerVersion6.12.0002.633X86

Copyright(c)MicrosoftCorporation.Allrightsreserved.

ConnectedtoWindowsXP2600x86compatibletargetat(FriFeb312:11:08.2182012(UTC+8:00)),ptr64FALSE

Symbolsearchpathis:C:\WINDOWS\Symbols;srv*c:\Symbols*http://msdl.microsoft.com/download/symbols

Executablesearchpathis:

*******************************************************************************

WARNING:Localkerneldebuggingrequiresbootingwithkernel

debuggingsupport(/debugorbcdedit-debugon)toworkoptimally.

*******************************************************************************

WindowsXPKernelVersion2600(ServicePack3)MP(2procs)Freex86compatible

Product:WinNt,suite:TerminalServerSingleUserTS

Builtby:2600.xpsp.080413-2111

MachineName:

Kernelbase=0x804d8000PsLoadedModuleList=0x8055e720

Debugsessiontime:FriFeb312:11:08.4842012(UTC+8:00)

SystemUptime:0days0:28:38.160

lkd>dtnt!_*

ntkrpamp!_LIST_ENTRY

ntkrpamp!_IMAGE_NT_HEADERS

ntkrpamp!_IMAGE_FILE_HEADER

ntkrpamp!_IMAGE_OPTIONAL_HEADER

ntkrpamp!_LARGE_INTEGER

ntkrpamp!__unnamed

ntkrpamp!_ULARGE_INTEGER

ntkrpamp!__unnamed

ntkrpamp!_LUID

ntkrpamp!_KAPC

ntkrpamp!_KTHREAD

ntkrpamp!_SINGLE_LIST_ENTRY

ntkrpamp!_KSPIN_LOCK_QUEUE_NUMBER

ntkrpamp!_KPRCB

ntkrpamp!_KPROCESSOR_STATE

ntkrpamp!_KSPIN_LOCK_QUEUE

ntkrpamp!_KNODE

ntkrpamp!_PP_LOOKASIDE_LIST

ntkrpamp!_KPRCB

ntkrpamp!_KDPC

ntkrpamp!_FX_SAVE_AREA

ntkrpamp!_PROCESSOR_POWER_STATE

ntkrpamp!_SLIST_HEADER

ntkrpamp!_NPAGED_LOOKASIDE_LIST

ntkrpamp!_GENERAL_LOOKASIDE

ntkrpamp!_PAGED_LOOKASIDE_LIST

ntkrpamp!_FAST_MUTEX

ntkrpamp!_PP_NPAGED_LOOKASIDE_NUMBER

ntkrpamp!_POOL_TYPE

ntkrpamp!_EX_RUNDOWN_REF

ntkrpamp!_EX_FAST_REF

ntkrpamp!_EX_PUSH_LOCK

ntkrpamp!_EX_PUSH_LOCK_WAIT_BLOCK

ntkrpamp!_KEVENT

ntkrpamp!_EX_PUSH_LOCK_CACHE_AWARE

ntkrpamp!_ETHREAD

ntkrpamp!_TERMINATION_PORT

ntkrpamp!_CLIENT_ID

ntkrpamp!_KSEMAPHORE

ntkrpamp!_PS_IMPERSONATION_INFORMATION

ntkrpamp!_DEVICE_OBJECT

ntkrpamp!_EPROCESS

ntkrpamp!_KPROCESS

ntkrpamp!_HANDLE_TABLE

ntkrpamp!_EJOB

ntkrpamp!_EPROCESS_QUOTA_BLOCK

ntkrpamp!_PAGEFAULT_HISTORY

ntkrpamp!_HARDWARE_PTE

ntkrpamp!_PEB

ntkrpamp!_SE_AUDIT_PROCESS_CREATION_INFO

ntkrpamp!_MMSUPPORT

ntkrpamp!_OBJECT_ATTRIBUTES

ntkrpamp!_UNICODE_STRING

ntkrpamp!_OBJECT_TYPE

ntkrpamp!_ERESOURCE

ntkrpamp!_OBJECT_TYPE_INITIALIZER

ntkrpamp!_OBJECT_HANDLE_INFORMATION

ntkrpamp!_DISPATCHER_HEADER

ntkrpamp!_KAPC_STATE

ntkrpamp!_KWAIT_BLOCK

ntkrpamp!_KQUEUE

ntkrpamp!_KTIMER

ntkrpamp!_KTRAP_FRAME

ntkrpamp!_FNSAVE_FORMAT

ntkrpamp!_FXSAVE_FORMAT

ntkrpamp!__unnamed

ntkrpamp!_MMPTE

ntkrpamp!_MMPTE_HIGHLOW

ntkrpamp!_MMPTE_HARDWARE

ntkrpamp!_MMPTE_PROTOTYPE

ntkrpamp!_MMPTE_SOFTWARE

ntkrpamp!_MMPTE_TRANSITION

ntkrpamp!_MMPTE_SUBSECTION

ntkrpamp!_MMPTE_LIST

ntkrpamp!__unnamed

ntkrpamp!_MEMORY_CACHING_TYPE

ntkrpamp!_MI_PFN_CACHE_ATTRIBUTE

ntkrpamp!_EXCEPTION_RECORD64

ntkrpamp!_EXCEPTION_RECORD32

ntkrpamp!_DBGKM_EXCEPTION64

ntkrpamp!_DBGKM_EXCEPTION32

ntkrpamp!_DBGKD_LOAD_SYMBOLS64

ntkrpamp!_DBGKD_LOAD_SYMBOLS32

ntkrpamp!_DBGKD_READ_MEMORY64

ntkrpamp!_DBGKD_READ_MEMORY32

ntkrpamp!_DBGKD_WRITE_MEMORY64

ntkrpamp!_DBGKD_WRITE_MEMORY32

ntkrpamp!_DBGKD_WRITE_BREAKPOINT64

ntkrpamp!_DBGKD_WRITE_BREAKPOINT32

ntkrpamp!_DBGKD_READ_WRITE_IO64

ntkrpamp!_DBGKD_READ_WRITE_IO32

ntkrpamp!_DBGKD_READ_WRITE_IO_EXTENDED64

ntkrpamp!_DBGKD_READ_WRITE_IO_EXTENDED32

ntkrpamp!_DBGKD_SET_SPECIAL_CALL32

ntkrpamp!_DBGKD_SET_SPECIAL_CALL64

ntkrpamp!_DBGKD_SET_INTERNAL_BREAKPOINT32

ntkrpamp!_DBGKD_SET_INTERNAL_BREAKPOINT64

ntkrpamp!_DBGKD_GET_INTERNAL_BREAKPOINT64

ntkrpamp!_DBGKD_GET_INTERNAL_BREAKPOINT32

ntkrpamp!_DBGKD_MANIPULATE_STATE64

ntkrpamp!_DBGKD_GET_CONTEXT

ntkrpamp!_DBGKD_SET_CONTEXT

ntkrpamp!_DBGKD_RESTORE_BREAKPOINT

ntkrpamp!_DBGKD_CONTINUE

ntkrpamp!_DBGKD_CONTINUE2

ntkrpamp!_DBGKD_QUERY_SPECIAL_CALLS

ntkrpamp!_DBGKD_GET_VERSION64

ntkrpamp!_DBGKD_BREAKPOINTEX

ntkrpamp!_DBGKD_READ_WRITE_MSR

ntkrpamp!_DBGKD_SEARCH_MEMORY

ntkrpamp!_DBGKD_GET_SET_BUS_DATA

ntkrpamp!_DBGKD_FILL_MEMORY

ntkrpamp!_DBGKD_QUERY_MEMORY

ntkrpamp!__unnamed

ntkrpamp!_DBGKD_MANIPULATE_STATE32

ntkrpamp!_DBGKD_GET_VERSION32

ntkrpamp!__unnamed

ntkrpamp!_VACB

ntkrpamp!_SHARED_CACHE_MAP

ntkrpamp!__unnamed

ntkrpamp!_FILE_OBJECT

ntkrpamp!_MBCB

ntkrpamp!_CACHE_MANAGER_CALLBACKS

ntkrpamp!_CACHE_UNINITIALIZE_EVENT

ntkrpamp!_PRIVATE_CACHE_MAP

ntkrpamp!_VACB_LEVEL_REFERENCE

ntkrpamp!_HEAP_ENTRY

ntkrpamp!_HEAP

ntkrpamp!_HEAP_TAG_ENTRY

ntkrpamp!_HEAP_UCR_SEGMENT

ntkrpamp!_HEAP_UNCOMMMTTED_RANGE

ntkrpamp!_HEAP_SEGMENT

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_HEAP_PSEUDO_TAG_ENTRY

ntkrpamp!_HEAP_LOCK

ntkrpamp!_HEAP_SUBSEGMENT

ntkrpamp!_HEAP_USERDATA_HEADER

ntkrpamp!_HEAP_USERDATA_HEADER

ntkrpamp!_INTERLOCK_SEQ

ntkrpamp!_HMAP_TABLE

ntkrpamp!_HMAP_ENTRY

ntkrpamp!_OBJECT_SYMBOLIC_LINK

ntkrpamp!_POOL_BLOCK_HEAD

ntkrpamp!_POOL_HEADER

ntkrpamp!_LDR_DATA_TABLE_ENTRY

ntkrpamp!_VI_DEADLOCK_GLOBALS

ntkrpamp!_VI_DEADLOCK_NODE

ntkrpamp!_PF_SCENARIO_TYPE

ntkrpamp!_THERMAL_INFORMATION

ntkrpamp!_SECTION_OBJECT

ntkrpamp!_SEGMENT_OBJECT

ntkrpamp!_POWER_STATE

ntkrpamp!_SYSTEM_POWER_STATE

ntkrpamp!_DEVICE_POWER_STATE

ntkrpamp!_WMI_LOGGER_CONTEXT

ntkrpamp!_WMI_LOGGER_MODE

ntkrpamp!_GUID

ntkrpamp!_SECURITY_CLIENT_CONTEXT

ntkrpamp!_TRACE_ENABLE_FLAG_EXTENSION

ntkrpamp!_KMUTANT

ntkrpamp!_WMI_BUFFER_HEADER

ntkrpamp!_CONTROL_AREA

ntkrpamp!_SUBSECTION

ntkrpamp!_LARGE_CONTROL_AREA

ntkrpamp!_MMSECTION_FLAGS

ntkrpamp!_MMSUBSECTION_FLAGS

ntkrpamp!_SEGMENT

ntkrpamp!__unnamed

ntkrpamp!_EVENT_COUNTER

ntkrpamp!_HANDLE_TRACE_DEBUG_INFO

ntkrpamp!_MMSUPPORT_FLAGS

ntkrpamp!_MMWSL

ntkrpamp!_EX_WORK_QUEUE

ntkrpamp!_EPROCESS_QUOTA_ENTRY

ntkrpamp!_UNICODE_STRING

ntkrpamp!_PS_JOB_TOKEN_FILTER

ntkrpamp!_IO_COUNTERS

ntkrpamp!_SID_AND_ATTRIBUTES

ntkrpamp!_LUID_AND_ATTRIBUTES

ntkrpamp!_MM_DRIVER_VERIFIER_DATA

ntkrpamp!_VPB

ntkrpamp!_SECTION_OBJECT_POINTERS

ntkrpamp!_IO_COMPLETION_CONTEXT

ntkrpamp!_CALL_HASH_ENTRY

ntkrpamp!_CM_VIEW_OF_FILE

ntkrpamp!_KLOCK_QUEUE_HANDLE

ntkrpamp!_MMLISTS

ntkrpamp!_DEFERRED_WRITE

ntkrpamp!_HIVE_LIST_ENTRY

ntkrpamp!_CMHIVE

ntkrpamp!_SECURITY_IMPERSONATION_LEVEL

ntkrpamp!_DEVICE_NODE

ntkrpamp!_PO_DEVICE_NOTIFY

ntkrpamp!_PNP_DEVNODE_STATE

ntkrpamp!_IRP

ntkrpamp!_CM_RESOURCE_LIST

ntkrpamp!_IO_RESOURCE_REQUIREMENTS_LIST

ntkrpamp!_INTERFACE_TYPE

ntkrpamp!_DEVICE_RELATIONS

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_RTL_CRITICAL_SECTION

ntkrpamp!__unnamed

ntkrpamp!_KPCR

ntkrpamp!_NT_TIB

ntkrpamp!_KIDTENTRY

ntkrpamp!_KGDTENTRY

ntkrpamp!_KTSS

ntkrpamp!_MMCOLOR_TABLES

ntkrpamp!_PHYSICAL_MEMORY_RUN

ntkrpamp!_MMPFN

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_MMPFNENTRY

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_MM_SESSION_SPACE

ntkrpamp!_MM_SESSION_SPACE_FLAGS

ntkrpamp!__unnamed

ntkrpamp!_MM_PAGED_POOL_INFO

ntkrpamp!_MMWSLE

ntkrpamp!_MMSESSION

ntkrpamp!_DRIVER_OBJECT

ntkrpamp!_POOL_DESCRIPTOR

ntkrpamp!_PEB_LDR_DATA

ntkrpamp!_RTL_USER_PROCESS_PARAMETERS

ntkrpamp!_PEB_FREE_BLOCK

ntkrpamp!_HEAP_FREE_ENTRY

ntkrpamp!_OWNER_ENTRY

ntkrpamp!_IO_RESOURCE_LIST

ntkrpamp!_CM_FULL_RESOURCE_DESCRIPTOR

ntkrpamp!_CM_PARTIAL_RESOURCE_LIST

ntkrpamp!_CM_CACHED_VALUE_INDEX

ntkrpamp!_CELL_DATA

ntkrpamp!__unnamed

ntkrpamp!_WNODE_HEADER

ntkrpamp!_WMI_CLIENT_CONTEXT

ntkrpamp!_WMI_BUFFER_STATE

ntkrpamp!_KiIoAccessMap

ntkrpamp!_DEVICE_OBJECT_POWER_EXTENSION

ntkrpamp!_POWER_CHANNEL_SUMMARY

ntkrpamp!_SYSTEM_POWER_POLICY

ntkrpamp!_POP_THERMAL_ZONE

ntkrpamp!_POP_ACTION_TRIGGER

ntkrpamp!_X86_DBGKD_CONTROL_SET

ntkrpamp!_DBGKD_ANY_CONTROL_SET

ntkrpamp!_PROCESSOR_POWER_POLICY

ntkrpamp!_PROCESSOR_POWER_POLICY_INFO

ntkrpamp!_IMAGE_DOS_HEADER

ntkrpamp!_HEAP_VIRTUAL_ALLOC_ENTRY

ntkrpamp!_HEAP_ENTRY_EXTRA

ntkrpamp!_RTL_ATOM_TABLE

ntkrpamp!_RTL_HANDLE_TABLE

ntkrpamp!_RTL_ATOM_TABLE_ENTRY

ntkrpamp!_IMAGE_ROM_OPTIONAL_HEADER

ntkrpamp!_KWAIT_REASON

ntkrpamp!_HHIVE

ntkrpamp!_CM_KEY_SECURITY_CACHE_ENTRY

ntkrpamp!_CM_KEY_CONTROL_BLOCK

ntkrpamp!_WORK_QUEUE_ITEM

ntkrpamp!_CM_CELL_REMAP_BLOCK

ntkrpamp!_HANDLE_TRACE_DB_ENTRY

ntkrpamp!_HBASE_BLOCK

ntkrpamp!_RTL_BITMAP

ntkrpamp!_DUAL

ntkrpamp!_PROCESS_WS_WATCH_INFORMATION

ntkrpamp!_CM_PARTIAL_RESOURCE_DESCRIPTOR

ntkrpamp!_DRIVER_EXTENSION

ntkrpamp!_FAST_IO_DISPATCH

ntkrpamp!_MMFREE_POOL_ENTRY

ntkrpamp!_IO_TIMER

ntkrpamp!_WAIT_CONTEXT_BLOCK

ntkrpamp!__unnamed

ntkrpamp!_KDEVICE_QUEUE

ntkrpamp!_DEVOBJ_EXTENSION

ntkrpamp!_BITMAP_RANGE

ntkrpamp!_KUSER_SHARED_DATA

ntkrpamp!_KSYSTEM_TIME

ntkrpamp!_KSYSTEM_TIME

ntkrpamp!_NT_PRODUCT_TYPE

ntkrpamp!_ALTERNATIVE_ARCHITECTURE_TYPE

ntkrpamp!_GENERIC_MAPPING

ntkrpamp!_OBJECT_DUMP_CONTROL

ntkrpamp!_OB_OPEN_REASON

ntkrpamp!_ACCESS_STATE

ntkrpamp!_SECURITY_QUALITY_OF_SERVICE

ntkrpamp!_SECURITY_OPERATION_CODE

ntkrpamp!_OBJECT_NAME_INFORMATION

ntkrpamp!__unnamed

ntkrpamp!_LARGE_INTEGER

ntkrpamp!_EXCEPTION_REGISTRATION_RECORD

ntkrpamp!_MMVAD_LONG

ntkrpamp!_MMVAD

ntkrpamp!_MMVAD_FLAGS

ntkrpamp!__unnamed

ntkrpamp!_MMVAD_FLAGS2

ntkrpamp!__unnamed

ntkrpamp!_MMADDRESS_LIST

ntkrpamp!__unnamed

ntkrpamp!_MMBANKED_SECTION

ntkrpamp!_MMEXTEND_INFO

ntkrpamp!__unnamed

ntkrpamp!_MMVIEW

ntkrpamp!_MEMORY_CACHING_TYPE_ORIG

ntkrpamp!_EXCEPTION_DISPOSITION

ntkrpamp!_EXCEPTION_RECORD

ntkrpamp!_CONTEXT

ntkrpamp!_POOL_TRACKER_BIG_PAGES

ntkrpamp!_VI_DEADLOCK_RESOURCE

ntkrpamp!_VI_DEADLOCK_THREAD

ntkrpamp!_FLOATING_SAVE_AREA

ntkrpamp!_IMAGE_DATA_DIRECTORY

ntkrpamp!_PCI_PDO_EXTENSION

ntkrpamp!_PCI_MJ_DISPATCH_TABLE

ntkrpamp!_PCI_SLOT_NUMBER

ntkrpamp!_PCI_FDO_EXTENSION

ntkrpamp!_PCI_LOCK

ntkrpamp!_PCI_PMC

ntkrpamp!_HMAP_DIRECTORY

ntkrpamp!_OBJECT_HEADER

ntkrpamp!_OBJECT_CREATE_INFORMATION

ntkrpamp!_QUAD

ntkrpamp!_SECURITY_DESCRIPTOR

ntkrpamp!_ACL

ntkrpamp!_RTLP_RANGE_LIST_ENTRY

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_OBJECT_HEADER_CREATOR_INFO

ntkrpamp!_HEAP_STOP_ON_VALUES

ntkrpamp!_HEAP_STOP_ON_TAG

ntkrpamp!_KEXECUTE_OPTIONS

ntkrpamp!_MODE

ntkrpamp!_IO_RESOURCE_DESCRIPTOR

ntkrpamp!_RTL_CRITICAL_SECTION_DEBUG

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_PCI_BUS_INTERFACE_STANDARD

ntkrpamp!_BUS_HANDLER

ntkrpamp!_PCI_COMMON_CONFIG

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_SYSPTES_HEADER

ntkrpamp!_KDEVICE_QUEUE_ENTRY

ntkrpamp!_IO_ALLOCATION_ACTION

ntkrpamp!_CM_KEY_HASH

ntkrpamp!_CM_NAME_CONTROL_BLOCK

ntkrpamp!_CM_KEY_SECURITY_CACHE

ntkrpamp!_CACHED_CHILD_LIST

ntkrpamp!_CM_INDEX_HINT_BLOCK

ntkrpamp!_PI_RESOURCE_ARBITER_ENTRY

ntkrpamp!_ARBITER_INTERFACE

ntkrpamp!_MDL

ntkrpamp!__unnamed

ntkrpamp!_IO_STATUS_BLOCK

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_IO_STACK_LOCATION

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_IMAGE_SECTION_HEADER

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_POP_TRIGGER_WAIT

ntkrpamp!_FILE_BASIC_INFORMATION

ntkrpamp!_FILE_STANDARD_INFORMATION

ntkrpamp!_FILE_NETWORK_OPEN_INFORMATION

ntkrpamp!_COMPRESSED_DATA_INFO

ntkrpamp!_ETIMER

ntkrpamp!_POLICY_AUDIT_EVENT_TYPE

ntkrpamp!_PM_SUPPORT

ntkrpamp!_MMWSLENTRY

ntkrpamp!__unnamed

ntkrpamp!_EXCEPTION_POINTERS

ntkrpamp!_CURDIR

ntkrpamp!_RTL_DRIVE_LETTER_CURDIR

ntkrpamp!_u

ntkrpamp!_VI_DEADLOCK_RESOURCE_TYPE

ntkrpamp!_MMPFNLIST

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_OBJECT_HEADER_NAME_INFO

ntkrpamp!_OBJECT_DIRECTORY

ntkrpamp!_KINTERRUPT

ntkrpamp!_KINTERRUPT_MODE

ntkrpamp!_TOKEN_CONTROL

ntkrpamp!_PCI_ARBITER_INSTANCE

ntkrpamp!_PCI_INTERFACE

ntkrpamp!_ARBITER_INSTANCE

ntkrpamp!_MMPAGING_FILE

ntkrpamp!_MMMOD_WRITER_MDL_ENTRY

ntkrpamp!_BUS_EXTENSION_LIST

ntkrpamp!_PI_BUS_EXTENSION

ntkrpamp!_PCI_MN_DISPATCH_TABLE

ntkrpamp!_PCI_DISPATCH_STYLE

ntkrpamp!_PCI_COMMON_EXTENSION

ntkrpamp!_MEMORY_TYPE

ntkrpamp!_OBJECT_DIRECTORY_ENTRY

ntkrpamp!_DEVICE_MAP

ntkrpamp!_HEAP_LOOKASIDE

ntkrpamp!_ARBITER_ACTION

ntkrpamp!_ARBITER_PARAMETERS

ntkrpamp!_CALL_PERFORMANCE_DATA

ntkrpamp!_MMWSLE_HASH

ntkrpamp!_STRING

ntkrpamp!__unnamed

ntkrpamp!_SECTION_IMAGE_INFORMATION

ntkrpamp!__unnamed

ntkrpamp!_PRIVATE_CACHE_MAP_FLAGS

ntkrpamp!_RTL_HANDLE_TABLE_ENTRY

ntkrpamp!_POP_IDLE_HANDLER

ntkrpamp!_TOKEN

ntkrpamp!_TOKEN_SOURCE

ntkrpamp!_SEP_AUDIT_POLICY

ntkrpamp!_TOKEN_TYPE

ntkrpamp!_SECURITY_TOKEN_PROXY_DATA

ntkrpamp!_SECURITY_TOKEN_AUDIT_DATA

ntkrpamp!_TEB

ntkrpamp!_ACTIVATION_CONTEXT_STACK

ntkrpamp!_GDI_TEB_BATCH

ntkrpamp!_Wx86ThreadState

ntkrpamp!_TEB_ACTIVE_FRAME

ntkrpamp!_PCI_HEADER_TYPE_0

ntkrpamp!_PCI_HEADER_TYPE_1

ntkrpamp!_PCI_HEADER_TYPE_2

ntkrpamp!__unnamed

ntkrpamp!_HEAP_FREE_ENTRY_EXTRA

ntkrpamp!_POOL_TRACKER_TABLE

ntkrpamp!_PS_QUOTA_TYPE

ntkrpamp!_flags

ntkrpamp!_PHYSICAL_MEMORY_DESCRIPTOR

ntkrpamp!_IMAGE_DEBUG_DIRECTORY

ntkrpamp!_GUID

ntkrpamp!_INTERFACE

ntkrpamp!__unnamed

ntkrpamp!_MMMOD_WRITER_LISTHEAD

ntkrpamp!_POP_POWER_ACTION

ntkrpamp!_POP_SHUTDOWN_BUG_CHECK

ntkrpamp!_POP_DEVICE_SYS_STATE

ntkrpamp!_POP_HIBER_CONTEXT

ntkrpamp!_LPCP_MESSAGE

ntkrpamp!_PORT_MESSAGE

ntkrpamp!_MMVAD_SHORT

ntkrpamp!_SECURITY_SUBJECT_CONTEXT

ntkrpamp!_INITIAL_PRIVILEGE_SET

ntkrpamp!_PRIVILEGE_SET

ntkrpamp!__unnamed

ntkrpamp!_PNP_DEVICE_EVENT_ENTRY

ntkrpamp!_PNP_VETO_TYPE

ntkrpamp!_PLUGPLAY_EVENT_BLOCK

ntkrpamp!_PNP_DEVICE_EVENT_LIST

ntkrpamp!_KSPECIAL_REGISTERS

ntkrpamp!_SECURITY_DESCRIPTOR_RELATIVE

ntkrpamp!_RTL_RANGE_LIST

ntkrpamp!_ARBITER_ORDERING_LIST

ntkrpamp!_ARBITER_ALLOCATION_STATE

ntkrpamp!_ARBITER_CONFLICT_INFO

ntkrpamp!_RTL_RANGE

ntkrpamp!_BUS_DATA_TYPE

ntkrpamp!_SUPPORTED_RANGES

ntkrpamp!_PO_DEVICE_NOTIFY_ORDER

ntkrpamp!_POP_DEVICE_POWER_IRP

ntkrpamp!_MMSYSTEM_PTE_POOL_TYPE

ntkrpamp!_CM_NAME_HASH

ntkrpamp!_PROXY_CLASS

ntkrpamp!_HANDLE_TABLE_ENTRY

ntkrpamp!_HANDLE_TABLE_ENTRY_INFO

ntkrpamp!_LPCP_PORT_OBJECT

ntkrpamp!_LPCP_PORT_QUEUE

ntkrpamp!_POOL_HACKER

ntkrpamp!_IO_SECURITY_CONTEXT

ntkrpamp!__unnamed

ntkrpamp!_NAMED_PIPE_CREATE_PARAMETERS

ntkrpamp!__unnamed

ntkrpamp!_MAILSLOT_CREATE_PARAMETERS

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_FILE_INFORMATION_CLASS

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_FSINFOCLASS

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_SCSI_REQUEST_BLOCK

ntkrpamp!__unnamed

ntkrpamp!_FILE_GET_QUOTA_INFORMATION

ntkrpamp!__unnamed

ntkrpamp!_DEVICE_RELATION_TYPE

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_DEVICE_CAPABILITIES

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_DEVICE_USAGE_NOTIFICATION_TYPE

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_POWER_SEQUENCE

ntkrpamp!__unnamed

ntkrpamp!_POWER_STATE_TYPE

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_MI_VERIFIER_POOL_HEADER

ntkrpamp!_MI_VERIFIER_DRIVER_ENTRY

ntkrpamp!_CM_KEY_BODY

ntkrpamp!_CM_NOTIFY_BLOCK

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_IA64_DBGKD_CONTROL_SET

ntkrpamp!_AMD64_DBGKD_CONTROL_SET

ntkrpamp!_ARBITER_ORDERING

ntkrpamp!_LPCP_NONPAGED_PORT_QUEUE

ntkrpamp!_DUMP_STACK_CONTEXT

ntkrpamp!_PO_MEMORY_RANGE_ARRAY

ntkrpamp!_PO_HIBER_PERF

ntkrpamp!_TEB_ACTIVE_FRAME_CONTEXT

ntkrpamp!_TEB_ACTIVE_FRAME_CONTEXT

ntkrpamp!_SID

ntkrpamp!_DUMP_INITIALIZATION_CONTEXT

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_IO_CLIENT_EXTENSION

ntkrpamp!_FS_FILTER_CALLBACKS

ntkrpamp!_SID_IDENTIFIER_AUTHORITY

ntkrpamp!_SUPPORTED_RANGE

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_VI_POOL_ENTRY

ntkrpamp!_SEP_AUDIT_POLICY_CATEGORIES

ntkrpamp!_SEP_AUDIT_POLICY_OVERLAY

ntkrpamp!_PLUGPLAY_EVENT_CATEGORY

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_ADAPTER_OBJECT

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_ARBITER_LIST_ENTRY

ntkrpamp!_ARBITER_ALTERNATIVE

ntkrpamp!_PO_NOTIFY_ORDER_LEVEL

ntkrpamp!_FS_FILTER_CALLBACK_DATA

ntkrpamp!_CM_KEY_NODE

ntkrpamp!_CM_KEY_VALUE

ntkrpamp!_CM_KEY_SECURITY

ntkrpamp!_CM_KEY_INDEX

ntkrpamp!_CM_BIG_DATA

ntkrpamp!__unnamed

ntkrpamp!_FS_FILTER_PARAMETERS

ntkrpamp!_VI_POOL_ENTRY_INUSE

ntkrpamp!_DESCRIPTOR

ntkrpamp!_CHILD_LIST

ntkrpamp!_CM_KEY_REFERENCE

ntkrpamp!_ARBITER_REQUEST_SOURCE

ntkrpamp!_ARBITER_RESULT

ntkrpamp!__unnamed

ntkrpamp!__unnamed

ntkrpamp!_FS_FILTER_SECTION_SYNC_TYPE

ntkrpamp!__unnamed

ntkrpamp!__unnamed

lkd>dtnt!_kinterrupt

+0x000Type:Int2B

+0x002Size:Int2B

+0x004InterruptListEntry:_LIST_ENTRY

+0x00cServiceRoutine:Ptr32unsignedchar

+0x010ServiceContext:Ptr32Void

+0x014SpinLock:Uint4B

+0x018TickCount:Uint4B

+0x01cActualLock:Ptr32Uint4B

+0x020DispatchAddress:Ptr32void

+0x024Vector:Uint4B

+0x028Irql:UChar

+0x029SynchronizeIrql:UChar

+0x02aFloatingSave:UChar

+0x02bConnected:UChar

+0x02cNumber:Char

+0x02dShareVector:UChar

+0x030Mode:_KINTERRUPT_MODE

+0x034ServiceCount:Uint4B

+0x038DispatchCount:Uint4B

+0x03cDispatchCode:[106]Uint4B

确认一下是否运行的windows版本是debug版本

需要使用WMIwin32_OperationSystem类的debug属性来获得

编写脚本osversion.vbs

strComputer="."

SetobjWMIService=GetObject("winmgmts:"_

&"{impersonationLevel=impersonate}!\\"&strComputer&"\root\cimv2")

SetcolOSes=objWMIService.ExecQuery("Select*fromWin32_OperatingSystem")

ForEachobjOSincolOSes

Wscript.Echo"ComputerName:"&objOS.CSName

Wscript.Echo"Caption:"&objOS.Caption'Name

Wscript.Echo"Version:"&objOS.Version'Version&build

Wscript.Echo"BuildNumber:"&objOS.BuildNumber'Build

Wscript.Echo"BuildType:"&objOS.BuildType

Wscript.Echo"OSType:"&objOS.OSType

Wscript.Echo"OtherTypeDescription:"&objOS.OtherTypeDescription

WScript.Echo"ServicePack:"&objOS.ServicePackMajorVersion&"."&_

objOS.ServicePackMinorVersion

Next

C:\DocumentsandSettings\jamin\桌面>cscriptosversion.vbs

Microsoft(R)WindowsScriptHostVersion5.7

版权所有(C)MicrosoftCorporation1996-2001。保留所有权利。

ComputerName:AMD6000

Caption:MicrosoftWindowsXPProfessional

Version:5.1.2600

BuildNumber:2600

BuildType:MultiprocessorFree

OSType:18

OtherTypeDescription:

ServicePack:3.0