WinDbg : x
The x command helps us search for named symbols. It displays the symbols in all contexts that match the specified pattern. The command is equipped to take wild cards and do pattern matches. below is one example of it's usage. If you need to know more, you always have the WinDbg help.
kd> x nt!kern*
82654258 nt!KERNEL_MEM_EVENT_MEMINFO = <no type information>
826537d8 nt!KernelSystemStop = <no type information>
82653778 nt!KernelLicensingCacheCorruptionFixed = <no type information>
82653748 nt!KernelProvGuid = <no type information>
82732940 nt!KernelVerifierTickPage = <no type information>
82657d28 nt!KernelRundownGuid = <no type information>
82653768 nt!KernelLicensingCacheCorrupt = <no type information>
82653788 nt!KernelLicensingCacheExpired = <no type information>
82743a60 nt!KernelVerifier = <no type information>
82743a88 nt!KernelVerifierEnabled = <no type information>
826537c8 nt!KernelSystemStart = <no type information>
82653758 nt!KernelSystemTimeChange = <no type information>
The x command helps us search for named symbols. It displays the symbols in all contexts that match the specified pattern. The command is equipped to take wild cards and do pattern matches. below is one example of it's usage. If you need to know more, you always have the WinDbg help.
kd> x nt!kern*
82654258 nt!KERNEL_MEM_EVENT_MEMINFO = <no type information>
826537d8 nt!KernelSystemStop = <no type information>
82653778 nt!KernelLicensingCacheCorruptionFixed = <no type information>
82653748 nt!KernelProvGuid = <no type information>
82732940 nt!KernelVerifierTickPage = <no type information>
82657d28 nt!KernelRundownGuid = <no type information>
82653768 nt!KernelLicensingCacheCorrupt = <no type information>
82653788 nt!KernelLicensingCacheExpired = <no type information>
82743a60 nt!KernelVerifier = <no type information>
82743a88 nt!KernelVerifierEnabled = <no type information>
826537c8 nt!KernelSystemStart = <no type information>
82653758 nt!KernelSystemTimeChange = <no type information>
No comments:
Post a Comment