如何用Windbg调试禁止使用调试器的程序
2010-02-08 17:55
337 查看
1. 运行目标程序,用Windbg关联上该进程,或者直接从Windbg中运行该程序
2. 切换到0号线程:
~0s
3. 修改进程是否附加调试器的标志:
0:000> dd fs:18:30
0018:00000030 7ffd9000 00000000 00000000 00000000
0018:00000040 fbed29f8 00000000 00000000 00000000
0018:00000050 00000000 00000000 00000000 00000000
0018:00000060 00000000 00000000 00000000 00000000
0018:00000070 00000000 00000000 00000000 00000000
0018:00000080 00000000 00000000 00000000 00000000
0018:00000090 00000000 00000000 00000000 00000000
0018:000000a0 00000000 00000000 00000000 00000000
0:000> db 7ffd9000
7ffd9000 00 00 01 08 ff ff ff ff-00 00 37 00 00 5d a6 77
7ffd9010 d0 11 23 00 00 00 00 00-00 00 23 00 a0 54 a6
7ffd9020 00 00 00 00 00 00 00 00-00 00 00 00 60 40 3e 76
7ffd9030 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
7ffd9040 30 53 a6 77 ff ff 3f 00-00 00 00 00 00 00 6f 7f
7ffd9050 00 00 00 00 88 05 6f 7f-00 00 fa 7f 00 00 fa 7f
7ffd9060 24 00 fd 7f 02 00 00 00-00 04 00 00 00 00 00 00
7ffd9070 00 80 9b 07 6d e8 ff ff-00 00 10 00 00 20 00 00
0:000> eb 7ffd9002 0
0:000> db 7ffd9000
7ffd9000 00 00 00 08 ff ff ff ff-00 00 37 00 00 5d a6 77
7ffd9010 d0 11 23 00 00 00 00 00-00 00 23 00 a0 54 a6 77
7ffd9020 00 00 00 00 00 00 00 00-00 00 00 00 60 40 3e 76
7ffd9030 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
7ffd9040 30 53 a6 77 ff ff 3f 00-00 00 00 00 00 00 6f 7f
7ffd9050 00 00 00 00 88 05 6f 7f-00 00 fa 7f 00 00 fa 7f
7ffd9060 24 00 fd 7f 02 00 00 00-00 04 00 00 00 00 00 00
7ffd9070 00 80 9b 07 6d e8 ff ff-00 00 10 00 00 20 00 00
0:000> g
2. 切换到0号线程:
~0s
3. 修改进程是否附加调试器的标志:
0:000> dd fs:18:30
0018:00000030 7ffd9000 00000000 00000000 00000000
0018:00000040 fbed29f8 00000000 00000000 00000000
0018:00000050 00000000 00000000 00000000 00000000
0018:00000060 00000000 00000000 00000000 00000000
0018:00000070 00000000 00000000 00000000 00000000
0018:00000080 00000000 00000000 00000000 00000000
0018:00000090 00000000 00000000 00000000 00000000
0018:000000a0 00000000 00000000 00000000 00000000
0:000> db 7ffd9000
7ffd9000 00 00 01 08 ff ff ff ff-00 00 37 00 00 5d a6 77
7ffd9010 d0 11 23 00 00 00 00 00-00 00 23 00 a0 54 a6
7ffd9020 00 00 00 00 00 00 00 00-00 00 00 00 60 40 3e 76
7ffd9030 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
7ffd9040 30 53 a6 77 ff ff 3f 00-00 00 00 00 00 00 6f 7f
7ffd9050 00 00 00 00 88 05 6f 7f-00 00 fa 7f 00 00 fa 7f
7ffd9060 24 00 fd 7f 02 00 00 00-00 04 00 00 00 00 00 00
7ffd9070 00 80 9b 07 6d e8 ff ff-00 00 10 00 00 20 00 00
0:000> eb 7ffd9002 0
0:000> db 7ffd9000
7ffd9000 00 00 00 08 ff ff ff ff-00 00 37 00 00 5d a6 77
7ffd9010 d0 11 23 00 00 00 00 00-00 00 23 00 a0 54 a6 77
7ffd9020 00 00 00 00 00 00 00 00-00 00 00 00 60 40 3e 76
7ffd9030 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
7ffd9040 30 53 a6 77 ff ff 3f 00-00 00 00 00 00 00 6f 7f
7ffd9050 00 00 00 00 88 05 6f 7f-00 00 fa 7f 00 00 fa 7f
7ffd9060 24 00 fd 7f 02 00 00 00-00 04 00 00 00 00 00 00
7ffd9070 00 80 9b 07 6d e8 ff ff-00 00 10 00 00 20 00 00
0:000> g
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 如何使用Windbg自动抓取禁止使用调试器程序的dump
- 如何使用Windbg自动抓取禁止使用调试器程序的dump
- 如何使用WinDbg调试程序
- 如何使用WinDbg调试程序(转)
- 如何根据程序崩溃时的DMP文件使用WinDbg查找调用堆栈
- Android 软件开发之如何使用Eclipse Debug调试程序详解
- 如何调试崩溃程序(一) 更改调试器,转存文件[转]
- 如何使用McAfee禁止安装程序
- Android 软件开发之如何使用Eclipse Debug调试程序详解
- Android 软件开发之如何使用Eclipse Debug调试程序详解(十二)
- 如何使用工具调试linux服务程序
- 如何使用Visual C++调试程序?【转贴】
- [导入]如何使用Visual C++调试程序?
- Android 软件开发之如何使用Eclipse Debug调试程序详解
- 如何使用进程名禁止程序运行两个实例
- Android 软件开发之如何使用Eclipse Debug调试程序详解(十二)
- WinDBG 技巧: 如何用WinDBG远程调试程序
- 如何解决使用keil下载或者调试程序是提示的“Invalid ROM Table”信息!
- 如何使用gdb调试程序?
- Android 软件开发之如何使用Eclipse Debug调试程序详解