windbg 备忘录 - 3

• !runaway

0:029> !runaway
 User Mode Time
  Thread       Time
   6:358       0 days 0:00:01.640
   9:1358      0 days 0:00:00.343
   0:15f4      0 days 0:00:00.187
  25:5fc       0 days 0:00:00.046
  22:1200      0 days 0:00:00.046
  20:698       0 days 0:00:00.046
  21:17f4      0 days 0:00:00.031
  18:1524      0 days 0:00:00.031

• ~

0:029> ~
   0  Id: 109c.15f4 Suspend: 1 Teb: 7ffdf000 Unfrozen
   1  Id: 109c.103c Suspend: 1 Teb: 7ff96000 Unfrozen
   2  Id: 109c.db4 Suspend: 1 Teb: 7ffdd000 Unfrozen
0:029> ~0s
eax=0012df98 ebx=0012e6c4 ecx=00000001 edx=7c92eb94 esi=00000000 edi=7ffd8000
eip=7c92eb94 esp=0012e69c ebp=0012e738 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
ntdll!KiFastSystemCallRet:
7c92eb94 c3              ret
0:000> ~1
   1  Id: 109c.103c Suspend: 1 Teb: 7ff96000 Unfrozen
      Start: 000afce7
      Priority: 0  Priority class: 32  Affinity: 3
0:000> ~1s
eax=77e56bf9 ebx=00000000 ecx=046efac8 edx=00000035 esi=0016c3b8 edi=00000100
eip=7c92eb94 esp=0807fe1c ebp=0807ff80 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
ntdll!KiFastSystemCallRet:
7c92eb94 c3              ret

• kv

0:001> kv
ChildEBP RetAddr  Args to Child              
0807fe18 7c92e399 77e56713 0000037c 0807ff70 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
0807fe1c 77e56713 0000037c 0807ff70 00000000 ntdll!NtReplyWaitReceivePortEx+0xc (FPO: [5,0,0])
0807ff80 77e56c2b 0807ffa8 77e56a4d 0016c3b8 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0xf4 (FPO: [Non-Fpo])
0807ff88 77e56a4d 0016c3b8 00207f30 06c50a38 RPCRT4!RecvLotsaCallsWrapper+0xd (FPO: [Non-Fpo])
0807ffa8 77e56c13 0014d410 0807ffec 7c80b683 RPCRT4!BaseCachedThreadRoutine+0x79 (FPO: [Non-Fpo])
0807ffb4 7c80b683 06d43988 00207f30 06c50a38 RPCRT4!ThreadStartRoutine+0x1a (FPO: [Non-Fpo])
0807ffec 00000000 77e56bf9 06d43988 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])

• ~*k

 

0:001> ~*k

   0  Id: 109c.15f4 Suspend: 1 Teb: 7ffdf000 Unfrozen
ChildEBP RetAddr  
0012e698 7c92e9ab ntdll!KiFastSystemCallRet
0012e69c 7c8094e2 ntdll!ZwWaitForMultipleObjects+0xc
0012e738 77d195f9 kernel32!WaitForMultipleObjectsEx+0x12c
0012e794 5dff6029 USER32!RealMsgWaitForMultipleObjectsEx+0x13e
0012e7b4 5dff632d IEUI!CoreSC::Wait+0x49
0012e7dc 5dff60d8 IEUI!CoreSC::WaitMessage+0x54
0012e7e8 423698bd IEUI!WaitMessageEx+0x33
0012e818 4235ab4c IEFRAME!CBrowserFrame::FrameMessagePump+0x199
0012e824 4235bbbb IEFRAME!BrowserThreadProc+0x3f
0012e848 4235bb09 IEFRAME!BrowserNewThreadProc+0x7b
0012f8b8 4235b9b9 IEFRAME!SHOpenFolderWindow+0x188
0012fae8 0040147c IEFRAME!IEWinMain+0x2d9
0012ff2c 00401317 iexplore!wWinMain+0x2c1
0012ffc0 7c816fd7 iexplore!_initterm_e+0x1b1
0012fff0 00000000 kernel32!BaseProcessStart+0x23

   1  Id: 109c.103c Suspend: 1 Teb: 7ff96000 Unfrozen
ChildEBP RetAddr  
0807fe18 7c92e399 ntdll!KiFastSystemCallRet
0807fe1c 77e56713 ntdll!NtReplyWaitReceivePortEx+0xc
0807ff80 77e56c2b RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0xf4
0807ff88 77e56a4d RPCRT4!RecvLotsaCallsWrapper+0xd
0807ffa8 77e56c13 RPCRT4!BaseCachedThreadRoutine+0x79
0807ffb4 7c80b683 RPCRT4!ThreadStartRoutine+0x1a
0807ffec 00000000 kernel32!BaseThreadStart+0x37

   2  Id: 109c.db4 Suspend: 1 Teb: 7ffdd000 Unfrozen
ChildEBP RetAddr  
0117ff20 7c92e9c0 ntdll!KiFastSystemCallRet
0117ff24 7c8025cb ntdll!ZwWaitForSingleObject+0xc
0117ff88 7c802532 kernel32!WaitForSingleObjectEx+0xa8
0117ff9c 00ed4d4e kernel32!WaitForSingleObject+0x12
WARNING: Stack unwind information not available. Following frames may be wrong.
0117ffec 00000000 GOOGLEPINYIN!ImeSettingsManage+0x16f7e

   3  Id: 109c.de4 Suspend: 1 Teb: 7ffdc000 Unfrozen
ChildEBP RetAddr  
036dfdbc 7c92e9ab ntdll!KiFastSystemCallRet
036dfdc0 7c8094e2 ntdll!ZwWaitForMultipleObjects+0xc
036dfe5c 77d195f9 kernel32!WaitForMultipleObjectsEx+0x12c
036dfeb8 5dff6029 USER32!RealMsgWaitForMultipleObjectsEx+0x13e
036dfed8 5dff93e4 IEUI!CoreSC::Wait+0x49
036dff0c 5dff98a6 IEUI!CoreSC::xwProcessNL+0xa4
036dff2c 5dff9806 IEUI!GetMessageExA+0x44
036dff80 77c0a3b0 IEUI!ResourceManager::SharedThreadProc+0xb6
036dffb4 7c80b683 msvcrt!_endthreadex+0xa9
036dffec 00000000 kernel32!BaseThreadStart+0x37