|
阅读:1969回复:26
耳朵来一下。。。。
有Windows 2000 的Checked Build 版本吗?还有,装了这种版本以后,真的可以可以在跳转到一个地址的时候,知道这个地址是哪个API吗?500分鼓励一下你回复。
|
|
|
沙发#
发布于:2002-11-07 10:50
哪里去了?还没上班?
|
|
|
地板#
发布于:2002-11-07 10:55
你怎么知道得那么清楚?
|
|
|
地下室#
发布于:2002-11-07 10:57
你怎么知道得那么清楚? 你不是开国会乐吗?还不知道怎么回事? :D :D |
|
|
5楼#
发布于:2002-11-07 10:58
[quote]你怎么知道得那么清楚? 你不是开国会乐吗?还不知道怎么回事? :D :D [/quote] :mad: :mad: :mad: :mad: :mad: :mad: |
|
|
6楼#
发布于:2002-11-07 11:04
开什么会?不知道。
|
|
|
7楼#
发布于:2002-11-07 11:05
开什么会?不知道。 保密大会! :D :D :D |
|
|
|
8楼#
发布于:2002-11-07 11:08
人人都知道了,还叫什么保密大会?
|
|
|
9楼#
发布于:2002-11-07 11:22
就是通知水版各位通知作好保密工作的大会 :D
|
|
|
|
10楼#
发布于:2002-11-07 11:24
有Windows 2000 的Checked Build 版本吗?还有,装了这种版本以后,真的可以可以在跳转到一个地址的时候,知道这个地址是哪个API吗?500分鼓励一下你回复。 Yeah, I have that. But I cannot understand your 2nd question well. Are you mean given an address, e.g. 0x8010XXXX and you want to know what function this address belong to? e.g. in the form of IopXXXX+0xXXh. Is that what you want? If this is what you need, both SoftICE and Windows Kernel Debugger can do that even with retail windows. But make sure you have enough Windows symbols. |
|
|
|
11楼#
发布于:2002-11-07 11:29
[quote
Yeah, I have that. But I cannot understand your 2nd question well. Are you mean given an address, e.g. 0x8010XXXX and you want to know what function this address belong to? e.g. in the form of IopXXXX+0xXXh. Is that what you want? If this is what you need, both SoftICE and Windows Kernel Debugger can do that even with retail windows. But make sure you have enough Windows symbols. [/quote] Yes, that is what I want, Can you tell me where the symbols can be downloaded ? |
|
|
12楼#
发布于:2002-11-07 11:44
Good, I suppose you have DriverStudio installed. There is a symbol retriever installed. You can use that to download windows pdb symbols and translated into nms symbols for softice using.
Or you can go to: http://www.microsoft.com/ddk/debugging/symbolpkg.asp#Windows%20symbol%20packages |
|
|
|
13楼#
发布于:2002-11-07 11:45
Indeed the symbol retriever is pretty good, it\'s able to download correct symbols for files you selected. If you don\'t need symbols for all windows components. symbol retriever is good tool.
|
|
|
|
14楼#
发布于:2002-11-07 11:48
Thanks, It\'s very kind of you.
|
|
|
15楼#
发布于:2002-11-07 11:52
Thanks, It\'s very kind of you. 哥们,chkbuild和symbol还不是一回事。 symbol只是一点点符号表而已。chkbuild 里面的所有核心组件都是dbg编译的,因此 有无穷多的assert和dgbprint。系统比 free版本的慢了不止2倍。 ps:如果要在chkbuild上面安装中文软件, 那就是要找死。就忙着对付那些softice的 弹出窗口吧(xxxx assert)。不是说不可以, 不过我发现连MS自己的很多中文软件都出这些 错。 |
|
|
|
17楼#
发布于:2002-11-07 11:55
说500怎么成1000啦!!! 到头来(回到家)还不又得进你的口袋―― :D :D :D |
|
|
|
18楼#
发布于:2002-11-07 11:59
哥们,chkbuild和symbol还不是一回事。 Check build is not optimized, after all, it\'s compiled with debug option on, so there are many asserts and debug outputs. Sure it\'s slow. But besides that, checked build doesn\'t expose too much information more than retail build. Even checked build is installed, you still need the symbols to make full use of it. |
|
|
|
19楼#
发布于:2002-11-07 12:00
用loader加载symbols后,经如ice,输入sym 命令,你就能看到相关的符号列出来,里面包含了一些api,鼠标右击并选中Un_Assemble,他就能引导你看到此api的代码(汇编)。
ida 插件for softice(ida 4.17)可以提取nms文件。 ida配合softice太棒了。 |
|
|
上一页
下一页