-
用Windbg调试驱动,当应用层调用DeviceIoControl时,在驱动里断下,可以看到显示的Call Stack是从NT Kernel开始的,假设我想知道这个IoControl是从哪个应用发出的,该怎么看呢?
◆
◆
-
GoodOnline:kd> kb ChildEBP RetAddr Args to Child f6ad779c f6f4e454 853f5700 853f3ed8 853f58d0 NDIS!ndisMSendX f6ad77c0 f6f4e4f8 003f580e ffffffff 8...(2007-05-30 08:17)
-
GoodOnline:kd> !thread THREAD 852fd440 Cid 0414.04d0 Teb: 7ffd6000 Win32Thread: 00000000 RUNNING on processor 0 Not impersonating DeviceMap ...(2007-05-30 08:17)
-
GoodOnline:能!(只要在当前线程上下文) reload ntdll(2007-05-30 08:12)
