1.!analyze -v
2.lm
3.!sym noisy
4..reload /n
5.bl,bp,bc
6.ld
7.x
8.http://windbg.info/doc/1-common-cmds.html#7_symbols
9.lm vm module -- timestamp
10.http://blogs.technet.com/b/marcelofartura/archive/2008/06/18/kernel-dump-analysis-bugcheck-1e-kmode-exception-not-handled.aspx
11.http://www.wd-3.com/archive/registercontext.htm
12.
At the start of called function:
1.push ebp ; Save the old stack base
2.mov ebp, esp ; Stack base becomes the current top of the stack
3.sub esp, 0xc ; Save space for local variables
4.mov eax, [ebp+8] ; example reference to one of the parameters
==========================================
1.http://www.technochakra.com/assembly-and-the-art-of-debugging/
==========================================
No comments:
Post a Comment