在 Windows7 上使用 dbgrpc 的问题 [英] Problems using dbgrpc on Windows7
问题描述
windbg 附带的 dbgrpc.exe 在 Windows 7 下似乎不能很好地工作.我已按照说明操作,启用 MSDN
dbgrpc.exe that comes with windbg does not seem to work well under Windows 7. I have followed the instructions, enabling RPC state information as stated in MSDN
我创建了测试程序外 COM 服务器和客户端,在调试器下运行客户端,调用 COM 服务器方法(在返回之前进入方法)并运行 dbgrpc.我能够枚举 RPC 端点.但是,当我尝试像这样获取线程信息时:
I created test out-of-proc COM server and client, run client under debugger, invoke COM server method (step into method before return) and run dbgrpc. I was able to enumerate the RPC endpoints. However, when I try to get thread info like such:
dbgrpc -t -P 1234
dbgrpc -t -P 1234
没有打印任何有用的东西 - 只是没有任何数据行的标题:
Nothing useful was printed - just header without any data row:
PID CELL ID ST PNO IFSTART THRDCELL CALLFLAG CALLID LASTTIME CONN/CLN
PID CELL ID ST PNO IFSTART THRDCELL CALLFLAG CALLID LASTTIME CONN/CLN
<小时>
我发现其他人在 Windows 7 上遇到了同样的问题(在 Windows XP 上没问题).所以,我怀疑这是 Windows 7 的问题(也许是它的安全性).WinDbg 中的类似问题 - 没有有用的信息运行 !rpcexts.getcallinfo 0 0 FFFF 1234.有什么建议吗?
I've fount information that other people encountered the same problem on Windows 7 (and OK on Windows XP). So, I suspect that this is the issue of Windows 7 (maybe its security). Similar problem within WinDbg - no useful information running !rpcexts.getcallinfo 0 0 FFFF 1234. Any suggestions?
推荐答案
在 Vista 及更高版本上忘记dbgrpc",因为它不起作用.Vista 及更高版本使用 ALPC(高级")而不是旧的 LPC.如果你想分析 ALPC 端口和消息,你可以内核调试机器并使用命令!alpc".但是不要指望有太多文档,WinDbg 帮助中甚至没有提到它.
Forget "dbgrpc" on Vista and later because it's just not working. Vista and later use ALPC ("advanced") instead of old LPC. If you want to analyse ALPC ports and messages, you can kernel-debug the machine and use the command "!alpc". But don't expect much documentation, it's not even mentioned in WinDbg help.
为了避免这种内核混乱,我在 COM 存储进程和线程 ID 的线程的 TEB(偏移量 0xf80)中使用了ReservedForOle"指针.可以使用以下命令为 WinDbg 访问它们:
To avoid this kernel mess, I use the "ReservedForOle" pointer in the thread's TEB (offset 0xf80) where COM stores process and thread IDs. The following commands can be used to access them for WinDbg:
在 COM 服务器中:传入的 COM 调用来自何处:调用者的进程ID:?dwo(dwo(@$teb + 0xf80) + 0x108)调用者的线程 ID(如果调用者的线程在 MTA 中,则为 0,如果在 NA 中,则为 -1):?dwo(dwo(@$teb + 0xf80) + 0x34)
In COM-server: where is an incoming COM-call is coming from: Caller's process ID: ? dwo(dwo(@$teb + 0xf80) + 0x108) Caller's thread ID (will be 0 if the caller's thread is in MTA, or -1 if in NA): ? dwo(dwo(@$teb + 0xf80) + 0x34)
在 COM 客户端中:一个传出 COM 调用在哪里:目标的进程 ID:?dwo(dwo(@$teb + 0xf80) + 0x100)目标的线程 ID(如果目标服务器是 MTA COM 服务器,则为 0):?dwo(dwo(@$teb + 0xf80) + 0x104)
In COM-client: where is an outgoing COM-call going to: Target's process ID: ? dwo(dwo(@$teb + 0xf80) + 0x100) Target's thread ID (will be 0 if the target server is a MTA COM-server): ? dwo(dwo(@$teb + 0xf80) + 0x104)
这些值适用于 32 位进程.对于本机 64 位进程,偏移量会有所不同(例如,ReservedForOle"位于 TEB 中的偏移量 0x1758 上).
These values are for 32-bit processes. For native 64-bit processes, the offsets would be different (e.g. "ReservedForOle" is on the offset 0x1758 in TEB).
这篇关于在 Windows7 上使用 dbgrpc 的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
