O'Reilly logo

Windows Debugging Notebook: Essential User Space WinDbg Commands by Dmitry Vostokov, Roberto Alexis Farah

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

!dlls

!dlls extension shows the table entries of all loaded modules. Also we can use it to see all modules that a thread or process are currently using. The WinDbg help file describes all parameters. Here we are going to describe the most common usage.

- To display file headers and section headers:

0:801> !dlls -a 0x00543598: C:\development\My Tools\Book\mtgdi\Debug\MtGdi.exe Base 0x00400000 EntryPoint 0x00411929 Size 0x00027000 Flags 0x00004000 LoadCount 0x0000ffff TlsIndex 0x00000000 LDRP_ENTRY_PROCESSED File Type: EXECUTABLE IMAGE FILE HEADER VALUES 14C machine (i386) 6 number of sections 48785A80 time date stamp Sat Jul 12 00:17:20 2008 0 file pointer to symbol table 0 number of symbols E0 size of optional header 103 characteristics Relocations ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required