-
-
[求助]WinDbg怎样查看 _SYSTEM_PROCESS_INFORMATION 结构?
-
发表于: 2016-8-10 12:50
-
这是别人的 为啥我就查不了啊 符号都全部加载了啊 查_EPROCESS 这些可以 
0:011> dt _SYSTEM_PROCESS_INFORMATION
uxtheme!_SYSTEM_PROCESS_INFORMATION
+0x000 NextEntryOffset : Uint4B
+0x004 NumberOfThreads : Uint4B
+0x008 WorkingSetPrivateSize : _LARGE_INTEGER
+0x010 HardFaultCount : Uint4B
+0x014 NumberOfThreadsHighWatermark : Uint4B
+0x018 CycleTime : Uint8B
+0x020 CreateTime : _LARGE_INTEGER
+0x028 UserTime : _LARGE_INTEGER
+0x030 KernelTime : _LARGE_INTEGER
+0x038 ImageName : _UNICODE_STRING
+0x048 BasePriority : Int4B
+0x050 UniqueProcessId : Ptr64 Void
+0x058 InheritedFromUniqueProcessId : Ptr64 Void
+0x060 HandleCount : Uint4B
+0x064 SessionId : Uint4B
+0x068 UniqueProcessKey : Uint8B
+0x070 PeakVirtualSize : Uint8B
+0x078 VirtualSize : Uint8B
+0x080 PageFaultCount : Uint4B
+0x088 PeakWorkingSetSize : Uint8B
+0x090 WorkingSetSize : Uint8B
+0x098 QuotaPeakPagedPoolUsage : Uint8B
+0x0a0 QuotaPagedPoolUsage : Uint8B
+0x0a8 QuotaPeakNonPagedPoolUsage : Uint8B
+0x0b0 QuotaNonPagedPoolUsage : Uint8B
+0x0b8 PagefileUsage : Uint8B
+0x0c0 PeakPagefileUsage : Uint8B
+0x0c8 PrivatePageCount : Uint8B
+0x0d0 ReadOperationCount : _LARGE_INTEGER
+0x0d8 WriteOperationCount : _LARGE_INTEGER
+0x0e0 OtherOperationCount : _LARGE_INTEGER
+0x0e8 ReadTransferCount : _LARGE_INTEGER
+0x0f0 WriteTransferCount : _LARGE_INTEGER
+0x0f8 OtherTransferCount : _LARGE_INTEGER
--------------------------------------------------------------------------------
combase!_SYSTEM_PROCESS_INFORMATION
+0x000 NextEntryOffset : Uint4B
+0x004 NumberOfThreads : Uint4B
+0x008 WorkingSetPrivateSize : _LARGE_INTEGER
+0x010 HardFaultCount : Uint4B
+0x014 NumberOfThreadsHighWatermark : Uint4B
+0x018 CycleTime : Uint8B
+0x020 CreateTime : _LARGE_INTEGER
+0x028 UserTime : _LARGE_INTEGER
+0x030 KernelTime : _LARGE_INTEGER
+0x038 ImageName : _UNICODE_STRING
+0x040 BasePriority : Int4B
+0x044 UniqueProcessId : Ptr32 Void
+0x048 InheritedFromUniqueProcessId : Ptr32 Void
+0x04c HandleCount : Uint4B
+0x050 SessionId : Uint4B
+0x054 UniqueProcessKey : Uint4B
+0x058 PeakVirtualSize : Uint4B
+0x05c VirtualSize : Uint4B
+0x060 PageFaultCount : Uint4B
+0x064 PeakWorkingSetSize : Uint4B
+0x068 WorkingSetSize : Uint4B
+0x06c QuotaPeakPagedPoolUsage : Uint4B
+0x070 QuotaPagedPoolUsage : Uint4B
+0x074 QuotaPeakNonPagedPoolUsage : Uint4B
+0x078 QuotaNonPagedPoolUsage : Uint4B
+0x07c PagefileUsage : Uint4B
+0x080 PeakPagefileUsage : Uint4B
+0x084 PrivatePageCount : Uint4B
+0x088 ReadOperationCount : _LARGE_INTEGER
+0x090 WriteOperationCount : _LARGE_INTEGER
+0x098 OtherOperationCount : _LARGE_INTEGER
+0x0a0 ReadTransferCount : _LARGE_INTEGER
+0x0a8 WriteTransferCount : _LARGE_INTEGER
+0x0b0 OtherTransferCount : _LARGE_INTEGER
0:011> dt _SYSTEM_PROCESS_INFORMATION
uxtheme!_SYSTEM_PROCESS_INFORMATION
+0x000 NextEntryOffset : Uint4B
+0x004 NumberOfThreads : Uint4B
+0x008 WorkingSetPrivateSize : _LARGE_INTEGER
+0x010 HardFaultCount : Uint4B
+0x014 NumberOfThreadsHighWatermark : Uint4B
+0x018 CycleTime : Uint8B
+0x020 CreateTime : _LARGE_INTEGER
+0x028 UserTime : _LARGE_INTEGER
+0x030 KernelTime : _LARGE_INTEGER
+0x038 ImageName : _UNICODE_STRING
+0x048 BasePriority : Int4B
+0x050 UniqueProcessId : Ptr64 Void
+0x058 InheritedFromUniqueProcessId : Ptr64 Void
+0x060 HandleCount : Uint4B
+0x064 SessionId : Uint4B
+0x068 UniqueProcessKey : Uint8B
+0x070 PeakVirtualSize : Uint8B
+0x078 VirtualSize : Uint8B
+0x080 PageFaultCount : Uint4B
+0x088 PeakWorkingSetSize : Uint8B
+0x090 WorkingSetSize : Uint8B
+0x098 QuotaPeakPagedPoolUsage : Uint8B
+0x0a0 QuotaPagedPoolUsage : Uint8B
+0x0a8 QuotaPeakNonPagedPoolUsage : Uint8B
+0x0b0 QuotaNonPagedPoolUsage : Uint8B
+0x0b8 PagefileUsage : Uint8B
+0x0c0 PeakPagefileUsage : Uint8B
+0x0c8 PrivatePageCount : Uint8B
+0x0d0 ReadOperationCount : _LARGE_INTEGER
+0x0d8 WriteOperationCount : _LARGE_INTEGER
+0x0e0 OtherOperationCount : _LARGE_INTEGER
+0x0e8 ReadTransferCount : _LARGE_INTEGER
+0x0f0 WriteTransferCount : _LARGE_INTEGER
+0x0f8 OtherTransferCount : _LARGE_INTEGER
--------------------------------------------------------------------------------
combase!_SYSTEM_PROCESS_INFORMATION
+0x000 NextEntryOffset : Uint4B
+0x004 NumberOfThreads : Uint4B
+0x008 WorkingSetPrivateSize : _LARGE_INTEGER
+0x010 HardFaultCount : Uint4B
+0x014 NumberOfThreadsHighWatermark : Uint4B
+0x018 CycleTime : Uint8B
+0x020 CreateTime : _LARGE_INTEGER
+0x028 UserTime : _LARGE_INTEGER
+0x030 KernelTime : _LARGE_INTEGER
+0x038 ImageName : _UNICODE_STRING
+0x040 BasePriority : Int4B
+0x044 UniqueProcessId : Ptr32 Void
+0x048 InheritedFromUniqueProcessId : Ptr32 Void
+0x04c HandleCount : Uint4B
+0x050 SessionId : Uint4B
+0x054 UniqueProcessKey : Uint4B
+0x058 PeakVirtualSize : Uint4B
+0x05c VirtualSize : Uint4B
+0x060 PageFaultCount : Uint4B
+0x064 PeakWorkingSetSize : Uint4B
+0x068 WorkingSetSize : Uint4B
+0x06c QuotaPeakPagedPoolUsage : Uint4B
+0x070 QuotaPagedPoolUsage : Uint4B
+0x074 QuotaPeakNonPagedPoolUsage : Uint4B
+0x078 QuotaNonPagedPoolUsage : Uint4B
+0x07c PagefileUsage : Uint4B
+0x080 PeakPagefileUsage : Uint4B
+0x084 PrivatePageCount : Uint4B
+0x088 ReadOperationCount : _LARGE_INTEGER
+0x090 WriteOperationCount : _LARGE_INTEGER
+0x098 OtherOperationCount : _LARGE_INTEGER
+0x0a0 ReadTransferCount : _LARGE_INTEGER
+0x0a8 WriteTransferCount : _LARGE_INTEGER
+0x0b0 OtherTransferCount : _LARGE_INTEGER
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
