UC知道求ntsd命令详解
来源:百度知道 编辑:UC知道 时间:2024/09/28 14:37:04
哪位仁兄能帮忙解释NTSD命令参数及其使用方法.
谢!
usage: NTSD [-v] [-2] [-d] [-o] [-g] [-G] [-w] [-lines]
[-aDllName] [-s] [-r BreakErrorLevel] [-t PrintErrorLevel]
[-hd] [-x | -xd [except#] | -xe [except#]] [-e] [-z]
[-- | -p pid | command-line]
where: -? displays this help text
-aDllName sets the default extension DLL
-c executes the following debugger command
-d sends all debugger output to kernel debugger via DbgPrint
-g ignores initial breakpoint in debuggee
-G ignores final breakpoint at process termination
-hd disables heap manager validity checking
-i ignores AV generated by loader fixups on pre3.51 systems
-lines requests that line number information be used if present
-netsyms:{yes|no} allow or disallow loading symbols from a network path
-o debugs all processes launched by debuggee
-
谢!
usage: NTSD [-v] [-2] [-d] [-o] [-g] [-G] [-w] [-lines]
[-aDllName] [-s] [-r BreakErrorLevel] [-t PrintErrorLevel]
[-hd] [-x | -xd [except#] | -xe [except#]] [-e] [-z]
[-- | -p pid | command-line]
where: -? displays this help text
-aDllName sets the default extension DLL
-c executes the following debugger command
-d sends all debugger output to kernel debugger via DbgPrint
-g ignores initial breakpoint in debuggee
-G ignores final breakpoint at process termination
-hd disables heap manager validity checking
-i ignores AV generated by loader fixups on pre3.51 systems
-lines requests that line number information be used if present
-netsyms:{yes|no} allow or disallow loading symbols from a network path
-o debugs all processes launched by debuggee
-
ntsd -c q -p PID
或者
ntsd -c q pn ImageName
- c是表示执行debug命令,q表示执行结束后退出(quit),-p 表示后面紧跟着是你要结束的进程对应的PID,-pn 表示后面紧跟着是你要结束的进程名(process_name.exe 比如:QQ.exe,explorer.exe 等等,值得注意的是后缀名.exe是不可省略的,否则系统会告诉你“不支持此接口”)
查看pid及进程名,我们可以在任务管理器看,在特殊情况下,也可以使用tasklist命令.
比如我们要结束pid为3212的进程maxthon.exe
那么我们可以在命令提示符中输入:
ntsd -c q -p 3212
或
ntsd -c q -pn maxthon.exe