#include "stdafx.h"
/*
本意是想获取未公开的变量和函数的信息的.
结果获取的全是公开的.
获取的信息不及windbg(x nt!*)的十分之一.
参考:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms679318(v=vs.85).aspx
made by correy
made at 2014.01.20
email:kouleguan at hotmail dot com
homepage:http://correy.webs.com
*/
#include <windows.h>
//#include <stdio.h>
#include <dbghelp.h>
#pragma comment(lib,"Dbghelp.lib")
BOOL CALLBACK EnumSymProc(PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID UserContext)
{
UNREFERENCED_PARAMETER(UserContext);
//printf("%p %4u %s\n", pSymInfo->Address, SymbolSize, pSymInfo->Name);//经测试,开启这一行,会导致SymEnumSymbols失败.
printf("%s\n", pSymInfo->Name);
return TRUE;
}
void main()
{
HANDLE hProcess = GetCurrentProcess();
BOOL status = SymInitialize(hProcess, NULL, FALSE);
if (status == FALSE) {
return;
}
char FileName[256] = {0} ;
GetSystemDirectoryA(FileName,sizeof(FileName));
lstrcatA(FileName,"\\ntoskrnl.exe");//ntkrnlmp.exe ntoskrnl.exe ntkrnlpa.exe
DWORD64 BaseOfDll = SymLoadModuleEx(hProcess, NULL, FileName, NULL, 0, 0, NULL, 0);
if (BaseOfDll == 0) {
int x = GetLastError();
SymCleanup(hProcess);
return;
}
char * Mask = "*";//"PspCreateProcessNotifyRoutine" "*"
if (SymEnumSymbols(hProcess,// Process handle from SymInitialize.
BaseOfDll, // Base address of module.
Mask, // Name of symbols to match.
EnumSymProc, // Symbol handler procedure.
NULL)) // User context.
{//这个函数和回调函数运行完毕,才会走下面的代码.
printf("SymEnumSymbols succeeded\n");
} else {
printf("SymEnumSymbols failed: %d\n", GetLastError());
}
SymCleanup(hProcess);
}
2014年1月16日星期四
WIN8内核网络调试
首先检查软件和硬件的配置.
一是网线(CAT5),啥超五类的。
二是不能为加密系统。
三是开启调试的电脑不能处于调试模式。
四被调试的电脑不能安装vs或者windbg,(vs调试时)
五网卡的类型。
等等。
1.bcdedit /debug on(管理员权限)
2.bcdedit /dbgsettings net hostip:w.x.y.z port:n
此步骤记住可以和端口,端口一般大于50000.
ip是调试计算机的,不是被调试计算机的. w.x.y.z is the IP address of the host computer
Also note that you can use ports from 50000 to 50099 in above command.
3.在设备管理器中找网卡的地址,排除Microsoft内核调试网络适配器.
bcdedit /set "{dbgsettings}" busparams b.d.f
4.重启被调试的计算机.
5.Windbg -k net:port=50001, key=XXXXXXXXXXXXXXXXXXXXXXX
或者:File-> Kernel Debug->NET.
vs 2012可能连接了,但是断不下来。
参考资料:
http://en.community.dell.com/techcenter/os-applications/w/wiki/3901.kernel-debugging-over-network-in-windows-server-2012.aspx
Supported Ethernet NICs for Network Kernel Debugging in Windows 8(可以使用的网卡的类型)
http://msdn.microsoft.com/en-us/library/windows/hardware/hh830880
Supported Ethernet NICs for Network Kernel Debugging in Windows 8.1(可以使用的网卡的类型)
http://msdn.microsoft.com/zh-cn/library/windows/hardware/dn337010.aspx
Setting Up Kernel-Mode Debugging over a Network Cable Manually(windbg调试)
http://msdn.microsoft.com/en-us/library/windows/hardware/hh439346(v=vs.85).aspx
Setting Up Kernel-Mode Debugging over a Network Cable in Visual Studio(vs调试)
http://msdn.microsoft.com/en-us/library/windows/hardware/hh439353(v=vs.85).aspx
一是网线(CAT5),啥超五类的。
二是不能为加密系统。
三是开启调试的电脑不能处于调试模式。
四被调试的电脑不能安装vs或者windbg,(vs调试时)
五网卡的类型。
等等。
1.bcdedit /debug on(管理员权限)
2.bcdedit /dbgsettings net hostip:w.x.y.z port:n
此步骤记住可以和端口,端口一般大于50000.
ip是调试计算机的,不是被调试计算机的. w.x.y.z is the IP address of the host computer
Also note that you can use ports from 50000 to 50099 in above command.
3.在设备管理器中找网卡的地址,排除Microsoft内核调试网络适配器.
bcdedit /set "{dbgsettings}" busparams b.d.f
4.重启被调试的计算机.
5.Windbg -k net:port=50001, key=XXXXXXXXXXXXXXXXXXXXXXX
或者:File-> Kernel Debug->NET.
vs 2012可能连接了,但是断不下来。
参考资料:
http://en.community.dell.com/techcenter/os-applications/w/wiki/3901.kernel-debugging-over-network-in-windows-server-2012.aspx
Supported Ethernet NICs for Network Kernel Debugging in Windows 8(可以使用的网卡的类型)
http://msdn.microsoft.com/en-us/library/windows/hardware/hh830880
Supported Ethernet NICs for Network Kernel Debugging in Windows 8.1(可以使用的网卡的类型)
http://msdn.microsoft.com/zh-cn/library/windows/hardware/dn337010.aspx
Setting Up Kernel-Mode Debugging over a Network Cable Manually(windbg调试)
http://msdn.microsoft.com/en-us/library/windows/hardware/hh439346(v=vs.85).aspx
Setting Up Kernel-Mode Debugging over a Network Cable in Visual Studio(vs调试)
http://msdn.microsoft.com/en-us/library/windows/hardware/hh439353(v=vs.85).aspx
订阅:
博文 (Atom)