记一次看DUMP的实战

命令:

.sympath srv*d:\symcache*\\symbols\symbols

解释:

The .sympath command changes the default path of the host debugger for symbol search.

 

命令:

.reload /f ntdll.dll

解释:

The .reload command deletes all symbol information for the specified module and reloads these symbols as needed. In some cases, this command also reloads or unloads the module itself.

这个带有/f开关的.reload命令和ld(LoadSymbols)命令都会强制指定的symbol被立即加载, 尽管其他的symbol还是被推迟的. 如果symbol path更换了, symbols是不会自动加载的.

 

命令:

!address –summary

解释:

The !address extension displays information about the memory that the target process or target computer uses.

这里的-summary开关指定直显示summary信息.

 

命令:

.chain

解释:

The .chain command lists all loaded debugger extensions in their default search order. List Debugger Extensions.

 

命令:

!eeheap –gc

 

命令:

.loadby sos mscorwks

 

命令:

!clrstack

未完.....