0: kd> !lmi hpdskflt
Loaded Module Info: [hpdskflt]
Module: hpdskflt
Base Address: fffffa6001a00000
Image Name: hpdskflt.sys
Machine Type: 34404 (X64)
Time Stamp: 47e0334b Tue Mar 18 14:25:31 2008
Size: a000
CheckSum: e730
Characteristics: 22
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 55, 5220, 3a20 RSDS - GUID: {E531AC22-7E5E-4FC1-AB65-452496512564}
Age: 30, Pdb: c:\prog\vendors\osr\hp3dgsr_vista\Release\amd64\hpdskflt.pdb
Image Type: MEMORY - Image read successfully from loaded memory.
Symbol Type: NONE - PDB not found from symbol server.
Load Report: no symbols loaded
You can get more information in http://msdn.microsoft.com/en-us/library/windows/hardware/ff563955(v=vs.85).aspx.
The !lmi extension analyzes the module headers and displays a formatted summary of the information therein. If the module headers are paged out, an error message is displayed. To see a more extensive display of header information, use the !dh extension command.
You will need the PE and COFF knowledge for these two commands. You can download the specification in the http://msdn.microsoft.com/library/windows/hardware/gg463125.
There is also a good website http://www.godevtool.com/Other/pdb.htm.
How to implement it?
IDebugSymbols::GetModuleParameters
then you will get the structure
typedef struct _DEBUG_MODULE_PARAMETERS {
ULONG64 Base;
ULONG Size;
ULONG TimeDateStamp;
ULONG Checksum;
ULONG Flags;
ULONG SymbolType;
ULONG ImageNameSize;
ULONG ModuleNameSize;
ULONG LoadedImageNameSize;
ULONG SymbolFileNameSize;
ULONG MappedImageNameSize;
ULONG64 Reserved[2];
} DEBUG_MODULE_PARAMETERS, *PDEBUG_MODULE_PARAMETERS;
沒有留言:
張貼留言