windbg 驱动对象命令

时间:2022-08-11 04:48:39
 !devnode \DEVICE\{A4F74E3A-7A5D-4BFA-8B76-AC26F16DE201}
Dumping IopRootDeviceNode (= 0x81ebdce0)
DevNode 0x81ebdce0 for PDO 0x81ebde18
  Parent 0000000000   Sibling 0000000000   Child 0x81ebd840
  InstancePath is "HTREE\ROOT\0"
  State = DeviceNodeStarted (0x308)
  Previous State = DeviceNodeEnumerateCompletion (0x30d)
  StateHistory[04] = DeviceNodeEnumerateCompletion (0x30d)
  StateHistory[03] = DeviceNodeStarted (0x308)
  StateHistory[02] = DeviceNodeEnumerateCompletion (0x30d)
  StateHistory[01] = DeviceNodeStarted (0x308)
  StateHistory[00] = DeviceNodeUninitialized (0x301)
  StateHistory[19] = Unknown State (0x0)
  StateHistory[18] = Unknown State (0x0)
  StateHistory[17] = Unknown State (0x0)
  StateHistory[16] = Unknown State (0x0)
  StateHistory[15] = Unknown State (0x0)
  StateHistory[14] = Unknown State (0x0)
  StateHistory[13] = Unknown State (0x0)
  StateHistory[12] = Unknown State (0x0)
  StateHistory[11] = Unknown State (0x0)
  StateHistory[10] = Unknown State (0x0)
  StateHistory[09] = Unknown State (0x0)
  StateHistory[08] = Unknown State (0x0)
  StateHistory[07] = Unknown State (0x0)
  StateHistory[06] = Unknown State (0x0)
  StateHistory[05] = Unknown State (0x0)
  Flags (0x00000131)  DNF_MADEUP, DNF_ENUMERATED,
                      DNF_IDS_QUERIED, DNF_NO_RESOURCE_REQUIRED
  DisableableDepends = 11 (from children)

 

  • !devobj \DEVICE\{A4F74E3A-7A5D-4BFA-8B76-AC26F16DE201}
    Device object (81e028d8) is for:
     {A4F74E3A-7A5D-4BFA-8B76-AC26F16DE201} \Driver\vmxnet DriverObject 81e02f38
    Current Irp 00000000 RefCount 2 Type 00000017 Flags 00002050
    Dacl e12f5f1c DevExt 81e02990 DevObjExt 81e02ed8
    ExtensionFlags (0000000000) 
    AttachedTo (Lower) 81d4adb8 \Driver\ACPI
    Device queue is not busy
  •  !drvobj 0x81e02f38
    Driver object (81e02f38) is for:
     \Driver\vmxnet
    Driver Extension List: (id , addr)
    (4e4d4944 81efc6b8) 
    Device Object list:
    81e028d8 

 

 

 

 

  • lm t n
start    end        module name
804d8000 806ebf80   nt       ntoskrnl.exe Wed Mar 02 08:59:37 2005 (42250FF9)
806ec000 8070c380   hal      halaacpi.dll Wed Aug 04 13:59:05 2004 (41107B29)
b2435000 b2475100   HTTP     HTTP.sys     Sat Oct 09 07:48:20 2004 (41672744)
b267e000 b26cf300   srv      srv.sys      Tue May 10 08:17:49 2005 (427FFDAD)
b2748000 b2774400   mrxdav   mrxdav.sys   Wed Aug 04 14:00:49 2004 (41107B91)
b2b11000 b2b14280   ndisuio  ndisuio.sys  Wed Aug 04 14:03:10 2004 (41107C1E)
b2c4d000 b2c79a80   dump_NDIS dump_NDIS.SYS Wed Aug 04 14:14:27 2004 (41107EC3)
b2c7a000 b2c8f980   dump_Richdisk dump_Richdisk.sys Mon Feb 05 15:21:53 2007 (45C6DB11)
b2cb8000 b2d26400   mrxsmb   mrxsmb.sys   Wed Jan 19 12:26:50 2005 (41EDE18A)
b2d27000 b2d51a00   rdbss    rdbss.sys    Thu Oct 28 09:13:57 2004 (418047D5)
b2d52000 b2d6d100   vmhgfs   vmhgfs.sys   Fri Sep 19 08:05:09 2008 (48D2ECB5)
b2d8e000 b2d90900   Dxapi    Dxapi.sys    Sat Aug 18 04:53:19 2001 (3B7D843F)
b2db2000 b2db4500   dump_richndis dump_richndis.sys Fri Aug 05 13:33:46 2005 (42F2FA3A)

 

 

 

 

 

 

 

  •  !list

!list -t ndis!_NDIS_OPEN_BLOCK.NextGlobalOpen -x "dt ndis!_NDIS_OPEN_BLOCK BindDeviceName" poi(ndis!ndisGlobalOpenList) 

 

 

 

 

 

  •  trace

.step_filter "vmxnet!*;nt!*" 

 tar