O'Reilly logo

Windows Debugging Notebook: Essential User Space WinDbg Commands by Dmitry Vostokov, Roberto Alexis Farah

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

!dh

The !dh extension displays the PE header information from a specified module.

Example:

0:532> lm
start    end        module name
00400000 00427000   mtgdi      (deferred)
5a700000 5acaf000 mfc90d (deferred) 692e0000 69403000 MSVCR90D (deferred) 71270000 71283000 dwmapi (deferred) 72cf0000 72d70000 UxTheme (deferred) 73470000 73475000 MSIMG32 (deferred) 73b50000 73b5d000 MFC90ENU (deferred) 74fd0000 75053000 COMCTL32 (deferred) 751d0000 751dc000 CRYPTBASE (deferred) 751e0000 75240000 SspiCli (deferred) 75240000 75259000 sechost (deferred) 75260000 75ea6000 SHELL32 (deferred) 75ee0000 75f8c000 msvcrt (deferred) 75fd0000 76060000 GDI32 (deferred) 76150000 76250000 kernel32 (deferred) 76250000 762ed000 USP10 (deferred) 763b0000 76410000 IMM32 (deferred) 76410000 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required