Debugging Tools for Windows |
!db、 !dc、 !dd、 !dp、!dq、 !du和!dw扩展命令显示目标机上的指定物理地址的数据。
这些扩展命令不能和d* (Display Memory)命令或者!ntsdexts.dp扩展命令混淆。
!dc [Caching] [-m] [PhysicalAddress] [L Size]
!dd [Caching] [-m] [PhysicalAddress] [L Size]
!dp [Caching] [-m] [PhysicalAddress] [L Size]
!dq [Caching] [-m] [PhysicalAddress] [L Size]
!du [Caching] [-m] [PhysicalAddress] [L Size]
!dw [Caching] [-m] [PhysicalAddress] [L Size]
Windows 2000 | Kext.dll Kdextx86.dll |
Windows XP和之后 | Kext.dll |
这些命令都用于显示物理内存,但是它们的显示格式和默认的长度不同:
因此,对这些扩展命令中的两个使用一样的Size常常显示出来的结果的长度是不同的。例如,使用!db L 32会显示32字节(显示16进制字节值),而!dd L 32 会显示128个字节(显示DWORD值)。
下面是使用了缓存属性标志(caching attribute flag)的示例:
physical memory read at e9000 failed
If you know the caching attributes used for the memory,
try specifying [c], [uc] or [wc], as in !dd [c] <params>.
WARNING: Incorrect use of these flags will cause unpredictable
processor corruption. This may immediately (or at any time in
the future until reboot) result in a system hang, incorrect data
being displayed or other strange crashes and corruption.
kd> !dc [c] e9000
# e9000 000ea002 000ea002 000ea002 000ea002 ................
# e9010 000ea002 000ea002 000ea002 000ea002 ................