windbg 공개 기호를 볼 수 없습니다

Question

"Getting Started with WinDbg (User-Mode)" 튜토리얼을 사용하여 windbg를 탐색하기 시작했습니다.

다음 명령 지금까지 내가 입력 한 :

0:000> .sympath srv*https://msdl.microsoft.com/download/symbols 
Symbol search path is: srv*https://msdl.microsoft.com/download/symbols 
Expanded Symbol search path is: srv*https://msdl.microsoft.com/download/symbols 

************* Path validation summary ************** 
Response       Time (ms)  Location 
Deferred          srv*https://msdl.microsoft.com/download/symbols 
0:000> .reload 
Reloading current modules 
.................................... 
0:000> !sym noisy 
noisy mode - symbol prompts on 

0:000> .reload 
Reloading current modules 
.................................... 
SYMSRV: BYINDEX: 0x8 
     https://msdl.microsoft.com/download/symbols 
     ntdll.pdb 
     13B64B553003FA22AB7CCD36A3A5431F1 
SYMSRV: PATH: C:\ProgramData\dbg\sym\ntdll.pdb\13B64B553003FA22AB7CCD36A3A5431F1\ntdll.pdb 
SYMSRV: RESULT: 0x00000000 

DBGHELP: ntdll - public symbols 
     C:\ProgramData\dbg\sym\ntdll.pdb\13B64B553003FA22AB7CCD36A3A5431F1\ntdll.pdb 

0:000> x notepad!\* 
SYMSRV: BYINDEX: 0x9 
     https://msdl.microsoft.com/download/symbols 
     notepad.pdb 
     414876112BFF3872B4ED8ADBFE5D6BF21 
SYMSRV: PATH: C:\ProgramData\dbg\sym\notepad.pdb\414876112BFF3872B4ED8ADBFE5D6BF21\notepad.pdb 
SYMSRV: RESULT: 0x00000000 

DBGHELP: notepad - public symbols 
     C:\ProgramData\dbg\sym\notepad.pdb\414876112BFF3872B4ED8ADBFE5D6BF21\notepad.pdb 

튜토리얼에 따르면 내가 지금 봤어야 같은 :

000000d0`428ff7e8 00007ff6`3282122f notepad!WinMain 

어디에 문제가?

---

는 편집 :

나는

x notepad! 

을 시도 수신 :

00007ff7`0c046be8 notepad!StringLengthWorkerW (void) 
00007ff7`0c0493f4 notepad!__mainCRTStartup (void) 
00007ff7`0c048980 notepad!`WaitForCompletion<Windows::Foundation::IAsyncOperationCompletedHandler<Windows::Storage::StorageFile * __ptr64>,Windows::Foundation::IAsyncOperation<Windows::Storage::StorageFile * __ptr64> >'::`2'::FTMEventDelegate::Invoke (void) 
00007ff7`0c049eee notepad!_onexit$fin$0 (void) 
00007ff7`0c037114 notepad!lstrncmpi (void) 
00007ff7`0c031160 notepad!wil::details::`dynamic initializer for 'g_threadFailureCallbacks'' (void) 
00007ff7`0c049ed0 notepad!__mainCRTStartup$filt$0 (void) 
00007ff7`0c049390 notepad!pre_cpp_init (void) 
00007ff7`0c048540 notepad!Microsoft::WRL::Details::DelegateArgTraits<long (__cdecl Windows::Foundation::IEventHandler_impl<Windows::Foundation::Internal::AggregateType<Windows::Security::EnterpriseData::ProtectedContentRevokedEventArgs * __ptr64,Windows::Security::EnterpriseData::IProtectedContentRevokedEventArgs * __ptr64> >::*)(IInspectable * __ptr64,Windows::Security::EnterpriseData::IProtectedContentRevokedEventArgs * __ptr64) __ptr64>::DelegateInvokeHelper<Windows::Foundation::IEventHandler<Windows::Security::EnterpriseData::ProtectedContentRevokedEventArgs * __ptr64>,<lambda_a14bb941c0fe59b218955a198ac884ae>,-1,IInspectable * __ptr64,Windows::Security::EnterpriseData::IProtectedContentRevokedEventArgs * __ptr64>::Invoke (void) 
00007ff7`0c048980 notepad!`WaitForCompletion<Windows::Foundation::IAsyncOperationCompletedHandler<Windows::Security::EnterpriseData::FileProtectionInfo * __ptr64>,Windows::Foundation::IAsyncOperation<Windows::Security::EnterpriseData::FileProtectionInfo * __ptr64> >'::`2'::FTMEventDelegate::Invoke (void) 
00007ff7`0c049f10 notepad!_IsNonwritableInCurrentImage$filt$0 (void) 
00007ff7`0c031190 notepad!wil::details::`dynamic initializer for 'g_header_init_InitializeResultHeader'' (void) 
00007ff7`0c044030 notepad!_TlgDefineProvider_annotation__Tlgg_NotepadTraceProviderProv (void) 
00007ff7`0c048208 notepad!Microsoft::WRL::Callback<Windows::Foundation::IEventHandler<Windows::Security::EnterpriseData::ProtectedContentRevokedEventArgs * __ptr64>,<lambda_a14bb941c0fe59b218955a198ac884ae> > (void) 
00007ff7`0c048470 notepad!Microsoft::WRL::Details::DelegateArgTraits<long (__cdecl Windows::Foundation::IEventHandler_impl<IInspectable * __ptr64>::*)(IInspectable * __ptr64,IInspectable * __ptr64) __ptr64>::DelegateInvokeHelper<Windows::Foundation::IEventHandler<IInspectable * __ptr64>,<lambda_991a591d0d3cbc330e1b7e385cc8b6da>,-1,IInspectable * __ptr64,IInspectable * __ptr64>::Invoke (void) 
00007ff7`0c031150 notepad!wil::details::`dynamic initializer for 'g_processLocalData'' (void) 
00007ff7`0c031120 notepad!wil::details::`dynamic initializer for 'g_header_init_WilInitialize_ResultMacros_DesktopOrSystem'' (void) 
00007ff7`0c049f70 notepad!wil::details::`dynamic atexit destructor for 'g_threadFailureCallbacks'' (void) 
00007ff7`0c0492c0 notepad!pre_c_init (void) 
00007ff7`0c049f30 notepad!`operator new'::`1'::catch$0 (void) 
00007ff7`0c04205c notepad!NPRegister (void) 
00007ff7`0c049f50 notepad!wil::details::`dynamic atexit destructor for 'g_processLocalData'' (void) 

그래서이었다 그 문제 ...

BR, 탈

?

Answer 1

해당 블로그 포스트는 역 슬래시가 없어야하는 백 슬래시를 삽입합니다. 아마도 CMS 문제 일 겁니다.

그 x notepad!\*은 x notepad!*이어야합니다. 메소드의 알려진 부분을 찾고있는 경우 x notepad!*Main*을 사용할 수도 있습니다.

0:002> x notepad!*Main* 
00000000`ff33c5c0 notepad!_imp___getmainargs = <no type information> 
00000000`ff333a14 notepad!WinMain (<no parameter info>) 
00000000`ff333acc notepad!WinMainCRTStartup (<no parameter info>)