本文共 1896 字,大约阅读时间需要 6 分钟。
命令: dg
功能: 显示指定的段描述符信息 示例: 显示一个 0:003> dg 0x18 P Si Gr Pr Lo Sel Base Limit Type l ze an es ng Flags0018 00000000 ffffffff Code RE Ac 3 Bg Pg P Nl 00000cfb
显示指定范围8到0x40
0:000> dg 8 0x40 P Si Gr Pr Lo Sel Base Limit Type l ze an es ng Flags0008 00000000 ffffffff Code RE Ac 0 Bg Pg P Nl 00000c9b
0010 00000000 ffffffff Data RW Ac 0 Bg Pg P Nl 00000c93 0018 00000000 ffffffff Code RE Ac 3 Bg Pg P Nl 00000cfb 0020 00000000 ffffffff Data RW Ac 3 Bg Pg P Nl 00000cf3 0028 80042000 000020ab TSS32 Busy 0 Nb By P Nl 0000008b 0030 ffdff000 00001fff Data RW Ac 0 Bg Pg P Nl 00000c93 0038 7ffdf000 00000fff Data RW Ac 3 Bg By P Nl 000004f3 0040 00000400 0000ffff Data RW 3 Nb By P Nl 000000f2说明:
| Id | decimal | hex |
|---|---|---|
| KGDT_NULL | 0 | 0x00 |
| KGDT_R0_CODE | 8 | 0x08 |
| KGDT_R0_DATA | 16 | 0x10 |
| KGDT_R3_CODE | 24 | 0x18 |
| KGDT_R3_DATA | 32 | 0x20 |
| KGDT_TSS | 40 | 0x28 |
| KGDT_R0_PCR | 48 | 0x30 |
| KGDT_R3_TEB | 56 | 0x38 |
| KGDT_VDM_TILE | 64 | 0x40 |
| KGDT_LDT | 72 | 0x48 |
| KGDT_DF_TSS | 80 | 0x50 |
| KGDT_NMI_TSS | 88 | 0x58 |
另外一种查看方式:
lkd> !pcr KPCR for Processor 0 at ffdff000: Major 1 Minor 1 NtTib.ExceptionList: acb74c7c NtTib.StackBase: acb74df0 NtTib.StackLimit: acb71000 NtTib.SubSystemTib: 00000000 NtTib.Version: 00000000 NtTib.UserPointer: 00000000 NtTib.SelfTib: 7ffde000SelfPcr: ffdff000 Prcb: ffdff120 Irql: 00000000 IRR: 00000000 IDR: ffffffff InterruptMode: 00000000 IDT: 8003f400 GDT: 8003f000 TSS: 80042000 CurrentThread: 8946b630 NextThread: 00000000 IdleThread: 80551d20 DpcQueue:
lkd> dd 8003f000
8003f000 00000000 00000000 0000ffff 00cf9b00 8003f010 0000ffff 00cf9300 0000ffff 00cffb00 8003f020 0000ffff 00cff300 200020ab 80008b04 8003f030 f0000001 ffc093df e0000fff 7f40f3fd 8003f040 0400ffff 0000f200 00000000 00000000 8003f050 95000068 80008954 95680068 80008954 8003f060 2f30ffff 00009302 80003fff 0000920b 8003f070 700003ff ff0092ff 0000ffff 80009a40转载地址:http://xuphb.baihongyu.com/