WinDbg : ln
Using the x command we locate any known symbol to verify this with. lets use the address of KeRaiseIrql as the source.
kd> x nt!keraiseir*
82724407 nt!KeRaiseIrqlToDpcLevel (<no parameter info>)
82724583 nt!KeRaiseIrql (<no parameter info>)
kd> ln 82724583
(82724583) nt!KeRaiseIrql | (82724597) nt!KeLowerIrql
Exact matches:
nt!KeRaiseIrql (<no parameter info>)
It says that an exact match of this address was located. Now lets change the address by one byte to make it inexact, and try again:
kd> ln 82724584
(82724583) nt!KeRaiseIrql+0x1 | (82724597) nt!KeLowerIrql
While debugging, it is often required to find where an address lies. This command will be helpful to locate such addresses. One example is when a blue screen happens the EIP (instruction pointer) points to an address, we can use ln to find out which function this address is mapped to.
ln helps us map an address to the nearest symbol associated with it. In the case of an exact match it says so, else it will give suggestions to the next few symbols nearest to the address. here is an example:
Using the x command we locate any known symbol to verify this with. lets use the address of KeRaiseIrql as the source.
kd> x nt!keraiseir*
82724407 nt!KeRaiseIrqlToDpcLevel (<no parameter info>)
82724583 nt!KeRaiseIrql (<no parameter info>)
kd> ln 82724583
(82724583) nt!KeRaiseIrql | (82724597) nt!KeLowerIrql
Exact matches:
nt!KeRaiseIrql (<no parameter info>)
It says that an exact match of this address was located. Now lets change the address by one byte to make it inexact, and try again:
kd> ln 82724584
(82724583) nt!KeRaiseIrql+0x1 | (82724597) nt!KeLowerIrql
While debugging, it is often required to find where an address lies. This command will be helpful to locate such addresses. One example is when a blue screen happens the EIP (instruction pointer) points to an address, we can use ln to find out which function this address is mapped to.
No comments:
Post a Comment