windbg查看函数参数，调用堆栈，及返回值．

bp kernel32!CreateFileW ".echo ---------------------------------------;kL;du poi(@esp+4);gu;.echo =======;r eax;g"

0:000> bp kernel32!CreateFileW ".echo ---------------------------------------;kL;du poi(@esp+4);gu;.echo =======;r eax;g"
0:000> g
ModLoad: 62c20000 62c29000   C:/WINDOWS/system32/LPK.DLL
ModLoad: 77180000 77283000   C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03/comctl32.dll
---------------------------------------
ChildEBP RetAddr
0012e374 7c814d65 kernel32!CreateFileW
0012e5dc 7c801d3a kernel32!BasepLoadLibraryAsDataFile+0x125
0012e640 7c8171dd kernel32!LoadLibraryExW+0x178
0012e66c 7c81715d kernel32!BasepSxsFindSuitableManifestResourceFor+0x51
0012e96c 7720b80d kernel32!CreateActCtxW+0x69e
0012eba4 7720b83f comctl32_77180000!SHFusionInitializeIDCC+0x83
0012ebb8 7720b857 comctl32_77180000!SHFusionInitializeID+0x12
0012ebc8 771841a9 comctl32_77180000!SHFusionInitialize+0xf
0012ebdc 77184267 comctl32_77180000!_ProcessAttach+0x32
0012ebe8 7c9211a7 comctl32_77180000!LibMain+0x21
0012ec08 7c93cbab ntdll!LdrpCallInitRoutine+0x14
0012ed10 7c936178 ntdll!LdrpRunInitializeRoutines+0x344
0012efbc 7c9362da ntdll!LdrpLoadDll+0x3e5
0012f264 7c801bb9 ntdll!LdrLoadDll+0x230
0012f2cc 7c80ae5c kernel32!LoadLibraryExW+0x18e
0012f2e0 77f5b1a3 kernel32!LoadLibraryW+0x11
0012f504 766a1110 SHLWAPI!LoadLibraryWrapW+0x51
0012f53c 766a10af WININET!SHFusionLoadLibrary+0x29
0012f548 766a107d WININET!DelayLoadCC+0x15
0012f77c 766a0ff7 WININET!SHFusionInitializeIDCC+0x92
0012e3d0  "C:/WINDOWS/WindowsShell.Manifest"
0012e410  ""
=======
eax=00000794
---------------------------------------
ChildEBP RetAddr
0012f8cc 7c801a4f kernel32!CreateFileW
0012f8f0 76d357ff kernel32!CreateFileA+0x30
0012f954 76d3570a iphlpapi!OpenIPDriver+0x115
0012f99c 76d35454 iphlpapi!OpenTCPDriver+0xee
0012f9d0 76d35351 iphlpapi!DllMain+0x157
0012f9f0 7c9211a7 iphlpapi!_DllMainCRTStartup+0x52
0012fa10 7c93cbab ntdll!LdrpCallInitRoutine+0x14
0012fb18 7c94173e ntdll!LdrpRunInitializeRoutines+0x344
0012fc94 7c941639 ntdll!LdrpInitializeProcess+0x1131
0012fd1c 7c92eac7 ntdll!_LdrpInitialize+0x183
00000000 00000000 ntdll!KiUserApcDispatcher+0x7
7ffdfc00  "//./Ip"
=======
eax=00000780
---------------------------------------
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:/Program Files/Tencent/QQ2009/Bin/KernelUtil.dll -
ChildEBP RetAddr
0012fc34 0044a69c kernel32!CreateFileW
*** ERROR: Module load completed but symbols could not be loaded for QQ.exe
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fca8 004029bd KernelUtil!Version::Init+0x8c
0012ff08 004027d9 QQ+0x29bd
0012ff28 00402635 QQ+0x27d9
0012ffc0 7c816fd7 QQ+0x2635
0012fff0 00000000 kernel32!BaseProcessStart+0x23
00c8eca8  "C:/Program Files/Tencent/QQ2009/"
00c8ece8  "Bin/vi.dat"
=======
eax=00000720
---------------------------------------
ChildEBP RetAddr
0012eab4 0044a2ad kernel32!CreateFileW
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fbb4 0044a4ea KernelUtil!Util::URL::OpenUrlWithTT+0x1cd
0012fc4c 0044a6fc KernelUtil!Version::GetBuildVer+0xca
0012fca8 004029bd KernelUtil!Version::Init+0xec
0012ff08 004027d9 QQ+0x29bd
0012ff28 00402635 QQ+0x27d9
0012ffc0 7c816fd7 QQ+0x2635
0012fff0 00000000 kernel32!BaseProcessStart+0x23
00c8ede0  "C:/Program Files/Tencent/QQ2009/"
00c8ee20  "Bin/QQ.exe"
=======
eax=00000720
ModLoad: 76fa0000 7701f000   C:/WINDOWS/system32/CLBCATQ.DLL
ModLoad: 77020000 770ba000   C:/WINDOWS/system32/COMRes.dll
---------------------------------------
ChildEBP RetAddr
0012f498 76fa6b6e kernel32!CreateFileW
0012f4c4 76faac07 CLBCATQ!WszCreateFile+0x7f
0012f4fc 76fac121 CLBCATQ!StgIO::Open+0xfc
0012f530 76fd770a CLBCATQ!StgDatabase::InitDatabase+0x118
0012f554 76fd5316 CLBCATQ!OpenComponentLibraryEx+0x3e
0012f570 76fa9595 CLBCATQ!OpenComponentLibraryTS+0x1a
0012f80c 76fa217b CLBCATQ!_RegGetICR+0x205
0012f82c 76fa2da1 CLBCATQ!CoRegGetICR+0x29
0012f86c 76fa2d38 CLBCATQ!IsComplusComponent+0x2f
0012f8e0 76fa28c6 CLBCATQ!CComClass::Init+0x78
0012f910 76fa2946 CLBCATQ!CComClass::Create+0x5e
0012f938 769b05af CLBCATQ!CComCLBCatalog::GetClassInfoW+0x23
0012f9a8 769aff58 ole32!CComCatalog::GetClassInfoInternal+0x262
0012f9cc 769b12a7 ole32!CComCatalog::GetClassInfoW+0x1c
0012f9e4 769b12c9 ole32!GetClassInfoFromClsid+0x24
0012fa04 769af99d ole32!LookForConfiguredClsid+0x19
0012fae8 769afaba ole32!ICoCreateInstanceEx+0x106
0012fb10 769afa89 ole32!CComActivator::DoCreateInstance+0x28
0012fb34 769afaf7 ole32!CoCreateInstanceEx+0x1e
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:/Program Files/Tencent/QQ2009/Bin/Common.dll -
0012fb64 100b1d0f ole32!CoCreateInstance+0x37
0012f5e4  "C:/WINDOWS/Registration/R0000000"
0012f624  "00007.clb"
=======
eax=000006ac
ModLoad: 5dd50000 5de80000   C:/WINDOWS/system32/msxml3.dll
ModLoad: 4a410000 4a468000   C:/WINDOWS/system32/WINHTTP.dll
---------------------------------------
ChildEBP RetAddr
0012e04c 7c814d65 kernel32!CreateFileW
0012e2b4 7c801d3a kernel32!BasepLoadLibraryAsDataFile+0x125
0012e318 7c801d6e kernel32!LoadLibraryExW+0x178
0012e32c 5dd7b55c kernel32!LoadLibraryExA+0x1f
0012e47c 5dd7b10f msxml3!Resources::classInit+0xcd
0012e4b0 5dd7b15e msxml3!Runtime_init+0x66
0012e4c0 7c9211a7 msxml3!InitDllMain+0x7e
0012e4e0 7c93cbab ntdll!LdrpCallInitRoutine+0x14
0012e5e8 7c936178 ntdll!LdrpRunInitializeRoutines+0x344
0012e894 7c9362da ntdll!LdrpLoadDll+0x3e5
0012eb3c 7c801bb9 ntdll!LdrLoadDll+0x230
0012eba4 769de1b1 kernel32!LoadLibraryExW+0x18e
0012ebc8 769de0cd ole32!CClassCache::CDllPathEntry::LoadDll+0x6c
0012ebf8 769dd550 ole32!CClassCache::CDllPathEntry::Create_rl+0x37
0012ee44 769dd473 ole32!CClassCache::CClassEntry::CreateDllClassEntry_rl+0xd6
0012ee8c 769dd3d1 ole32!CClassCache::GetClassObjectActivator+0x195
0012eeb8 769dcf3b ole32!CClassCache::GetClassObject+0x23
0012ef34 769dcddf ole32!CServerContextActivator::CreateInstance+0x106
0012ef74 769dd02e ole32!ActivationPropertiesIn::DelegateCreateInstance+0xf7
0012efc8 769dcfa5 ole32!CApartmentActivator::CreateInstance+0x110
0012e0a8  "C:/WINDOWS/system32/msxml3r.dll"
=======
eax=00000670
---------------------------------------
ChildEBP RetAddr
0012f6e8 77f47eff kernel32!CreateFileW
0012f92c 5dd7bbb6 SHLWAPI!CreateFileWrapW+0x73
0012f96c 5dd7bd04 msxml3!URLStream::OpenFile+0x8f
0012f980 5dd7b891 msxml3!URLStream::Open+0x8f
0012f9b4 5dd7b927 msxml3!XMLParser::PushURL+0x13f
0012f9f0 5dd7cd0a msxml3!XMLParser::SetURL+0x73
0012fa74 5dd7cbbb msxml3!Document::_load+0x128
0012fa90 5dd7caa7 msxml3!Document::load+0x3e
0012fb60 100b1fad msxml3!DOMDocumentWrapper::load+0x221
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fbd4 10011c4b Common!Util::FS::LoadXmlByName+0x2ed
0012fc10 10029867 Common!Util::Convert::ConvertXMLToTXData+0x6b
0012fc68 1003ec3a Common!CCmdCodecBase::SetCodeStruct+0x37b7
0012fc78 00406354 Common!Util::CoreCenter::InitPlatform+0x1a
0012fca8 00402ac5 QQ+0x6354
0012ff08 004027d9 QQ+0x2ac5
0012ff28 00402635 QQ+0x27d9
0012ffc0 7c816fd7 QQ+0x2635
0012fff0 00000000 kernel32!BaseProcessStart+0x23
00f142a0  "C:/Program Files/Tencent/QQ2009/"
00f142e0  "platform.tpc"
=======
eax
a5dd
=00000664
---------------------------------------
ChildEBP RetAddr
0012f9e0 78165a5f kernel32!CreateFileW
0012fa48 78166095 MSVCR80!_tsopen_nolock+0x252
0012fa98 78166133 MSVCR80!_wsopen_helper+0x77
0012fab8 7817ec77 MSVCR80!_wsopen_s+0x19
0012faec 78178f95 MSVCR80!_wopenfile+0x25a
0012fb30 78179006 MSVCR80!_wfsopen+0xa1
0012fb48 10127eb1 MSVCR80!_wfopen_s+0x39
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fb64 100b18a6 Common!TiXmlDocument::LoadFile+0x21
0012fba4 100f2df5 Common!Util::FS::LoadTinyXmlByName+0x1c6
0012fbfc 1000c100 Common!TXI18N::SetConfigFile+0xd5
0012fc74 1000c63b Common!Util::BitManip::IsSet+0x6c0
0012fca8 00402adf Common!Util::Boot::InitPlatformI18NConfig+0xab
0012ff08 004027d9 QQ+0x2adf
0012ff28 00402635 QQ+0x27d9
0012ffc0 7c816fd7 QQ+0x2635
0012fff0 00000000 kernel32!BaseProcessStart+0x23
00e04bb8  "C:/Program Files/Tencent/QQ2009/"
00e04bf8  "I18N/Config.xml"
=======
eax=00000668
---------------------------------------
ChildEBP RetAddr
0012fb24 100247b6 kernel32!CreateFileW
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fb7c 100268cb Common!CTXHttpUploadStandard::OnHttpStatusOK+0x846
0012fbb8 101035b0 Common!CCmdCodecBase::SetCodeStruct+0x81b
0012fbc8 1002f832 Common!CTXCommPack::AddTLV+0x2500
0012fbd8 1000bdad Common!CCmdCodecBase::SetCodeStruct+0x9782
0012fc78 1000c545 Common!Util::BitManip::IsSet+0x36d
0012fca8 00402b35 Common!Util::Boot::InitPlatformCoreConfig+0xa5
0012ff08 004027d9 QQ+0x2b35
0012ff28 00402635 QQ+0x27d9
0012ffc0 7c816fd7 QQ+0x2635
0012fff0 00000000 kernel32!BaseProcessStart+0x23
00e052f0  "C:/Program Files/Tencent/QQ2009/"
00e05330  "common.xml.txd"
=======
eax=00000668
---------------------------------------
ChildEBP RetAddr
0012fb24 100247b6 kernel32!CreateFileW
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fb7c 100268cb Common!CTXHttpUploadStandard::OnHttpStatusOK+0x846
0012fbb8 101035b0 Common!CCmdCodecBase::SetCodeStruct+0x81b
0012fbc8 1002f832 Common!CTXCommPack::AddTLV+0x2500
0012fbd8 1000bdad Common!CCmdCodecBase::SetCodeStruct+0x9782
0012fc78 1000c545 Common!Util::BitManip::IsSet+0x36d
0012fca8 00402b35 Common!Util::Boot::InitPlatformCoreConfig+0xa5
0012ff08 004027d9 QQ+0x2b35
0012ff28 00402635 QQ+0x27d9
0012ffc0 7c816fd7 QQ+0x2635
0012fff0 00000000 kernel32!BaseProcessStart+0x23
00e192d8  "C:/Program Files/Tencent/QQ2009/"
00e19318  "kernel.xml.txd"
=======
eax=00000668
---------------------------------------
ChildEBP RetAddr
0012fb24 100247b6 kernel32!CreateFileW
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fb7c 100268cb Common!CTXHttpUploadStandard::OnHttpStatusOK+0x846
0012fbb8 101035b0 Common!CCmdCodecBase::SetCodeStruct+0x81b
0012fbc8 1002f832 Common!CTXCommPack::AddTLV+0x2500
0012fbd8 1000bdad Common!CCmdCodecBase::SetCodeStruct+0x9782
0012fc78 1000c545 Common!Util::BitManip::IsSet+0x36d
0012fca8 00402b35 Common!Util::Boot::InitPlatformCoreConfig+0xa5
0012ff08 004027d9 QQ+0x2b35
0012ff28 00402635 QQ+0x27d9
0012ffc0 7c816fd7 QQ+0x2635
0012fff0 00000000 kernel32!BaseProcessStart+0x23
00e359a8  "C:/Program Files/Tencent/QQ2009/"
00e359e8  "app.xml.txd"
=======
eax=00000668
---------------------------------------
ChildEBP RetAddr
0012f848 100c46a2 kernel32!CreateFileW
WARNING: Stack unwind information not available. Following frames may be wrong.
0012f87c 100c4ea7 Common!CTXBSTR::~CTXBSTR+0x2982
0012f89c 100c532f Common!TXLog::GetLogByFilter+0x607
0012faf8 100c570d Common!TXLog::GetLogByFilter+0xa8f
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:/Program Files/Tencent/QQ2009/Bin/GF.dll -
0012fb1c 004b8236 Common!Ordinal37+0xad
0012fb84 004b82d4 GF!CGFFrameAnchorHelper::operator=+0x6206
0012fba8 004b8d65 GF!CGFFrameAnchorHelper::operator=+0x62a4
0012fc04 1000c3ec GF!CGFFrameAnchorHelper::operator=+0x6d35
0012fc78 1000c725 Common!Util::BitManip::IsSet+0x9ac
0012fca8 00402b5d Common!Util::Boot::InitPlatformGFConfig+0xa5
0012ff08 004027d9 QQ+0x2b5d
0012ff28 00402635 QQ+0x27d9
0012ffc0 7c816fd7 QQ+0x2635
0012fff0 00000000 kernel32!BaseProcessStart+0x23
00c8e7bc  "C:/Documents and Settings/admin/"
00c8e7fc  "Application Data/Tencent/Logs/QQ"
00c8e83c  ".tlg"
=======
eax=00000668
---------------------------------------
ChildEBP RetAddr
0012f658 77f47eff kernel32!CreateFileW
0012f89c 5dd7bbb6 SHLWAPI!CreateFileWrapW+0x73
0012f8dc 5dd7bd04 msxml3!URLStream::OpenFile+0x8f
0012f8f0 5dd7b891 msxml3!URLStream::Open+0x8f
0012f924 5dd7b927 msxml3!XMLParser::PushURL+0x13f
0012f960 5dd7cd0a msxml3!XMLParser::SetURL+0x73
0012f9e4 5dd7cbbb msxml3!Document::_load+0x128
0012fa00 5dd7caa7 msxml3!Document::load+0x3e
0012fad0 100b1fad msxml3!DOMDocumentWrapper::load+0x221
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fb44 004ead4c Common!Util::FS::LoadXmlByName+0x2ed
0012fbb8 004b8dc5 GF!Util::IEEvent::GetIEAcxContainer+0x1e0c
0012fc04 1000c3ec GF!CGFFrameAnchorHelper::operator=+0x6d95
0012fc78 1000c725 Common!Util::BitManip::IsSet+0x9ac
0012fca8 00402b5d Common!Util::Boot::InitPlatformGFConfig+0xa5
0012ff08 004027d9 QQ+0x2b5d
0012ff28 00402635 QQ+0x27d9
0012ffc0 7c816fd7 QQ+0x2635
0012fff0 00000000 kernel32!BaseProcessStart+0x23
00f144a8  "C:/Program Files/Tencent/QQ2009/"
00f144e8  "gf-config.xml"
=======
eax=00000664