admin管理员组文章数量:1794759
win7 x64怎么枚举所有快捷键呢
在.php?article=gui_subsystem
中,提供了32位系统的驱动枚举所有快捷键的程序,但是转到win7 64位下会有各种问题。
win7 x64不支持inline的汇编。。。那个驱动都无法编译。。。我对汇编也不熟,不能把汇编提成函数放到单独的asm里面。
唉。只能学习一下windbg的内核调试过程了。
debug到gphkHashTable却得不到这个变量的数据类型。。。
lkd> !process 0 0 //枚举所有进程
**** NT ACTIVE PROCESS DUMP **** PROCESS fffffa80039689e0 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000 DirBase: 00187000 ObjectTable: fffff8a000001770 HandleCount: 731. Image: System PROCESS fffffa8004fdbb30 SessionId: none Cid: 0124 Peb: 7fffffd8000 ParentCid: 0004 DirBase: 98077000 ObjectTable: fffff8a001e8b5e0 HandleCount: 32. Image: smss.exe PROCESS fffffa8005e6eb30 SessionId: 0 Cid: 01bc Peb: 7fffffda000 ParentCid: 0188 DirBase: 7650f000 ObjectTable: fffff8a0026f36a0 HandleCount: 703. Image: csrss.exe PROCESS fffffa80069ea710 SessionId: 0 Cid: 021c Peb: 7fffffdf000 ParentCid: 0188 DirBase: 736d5000 ObjectTable: fffff8a002822af0 HandleCount: 78. Image: wininit.exe PROCESS fffffa8006ab6060 SessionId: 1 Cid: 0230 Peb: 7fffffdc000 ParentCid: 0224 DirBase: 73554000 ObjectTable: fffff8a0028315b0 HandleCount: 902. Image: csrss.exe PROCESS fffffa8006b0b910 SessionId: 0 Cid: 0264 Peb: 7fffffdf000 ParentCid: 021c DirBase: 834f8000 ObjectTable: fffff8a0029c0f90 HandleCount: 325. Image: services.exe PROCESS fffffa8006afdb30 SessionId: 0 Cid: 0274 Peb: 7fffffdf000 ParentCid: 021c DirBase: 71c9f000 ObjectTable: fffff8a0028244b0 HandleCount: 978. Image: lsass.exe PROCESS fffffa8006b0e710 SessionId: 0 Cid: 027c Peb: 7fffffdf000 ParentCid: 021c DirBase: 823e5000 ObjectTable: fffff8a0029e2d20 HandleCount: 176. Image: lsm.exe PROCESS fffffa8006b82b30 SessionId: 1 Cid: 02f0 Peb: 7fffffd5000 ParentCid: 0224 DirBase: 70c5a000 ObjectTable: fffff8a00266f980 HandleCount: 117. Image: winlogon.exe PROCESS fffffa8006b8f060 SessionId: 0 Cid: 0318 Peb: 7fffffd6000 ParentCid: 0264 DirBase: 80efa000 ObjectTable: fffff8a00294ef30 HandleCount: 396. Image: svchost.exe PROCESS fffffa8006bd4420 SessionId: 0 Cid: 0394 Peb: 7fffffdb000 ParentCid: 0264 DirBase: 803ea000 ObjectTable: fffff8a002bb0a00 HandleCount: 117. Image: nvvsvc.exe PROCESS fffffa8006bfa060 SessionId: 0 Cid: 03d4 Peb: 7efdf000 ParentCid: 0264 DirBase: 70640000 ObjectTable: fffff8a002c00d90 HandleCount: 458. Image: QQPCRTP.exe PROCESS fffffa8006c38b30 SessionId: 0 Cid: 0140 Peb: 7fffffd9000 ParentCid: 0264 DirBase: 6e30d000 ObjectTable: fffff8a002c6ed70 HandleCount: 389. Image: svchost.exe PROCESS fffffa8006c501b0 SessionId: 0 Cid: 01c8 Peb: 7fffffdd000 ParentCid: 0264 DirBase: 6dd13000 ObjectTable: fffff8a002d03140 HandleCount: 431. Image: MsMpEng.exe PROCESS fffffa8006cc6b30 SessionId: 0 Cid: 038c Peb: 7fffffdf000 ParentCid: 0264 DirBase: 6d0de000 ObjectTable: fffff8a002dd3170 HandleCount: 522. Image: svchost.exe PROCESS fffffa8006ccc740 SessionId: 0 Cid: 0430 Peb: 7fffffdf000 ParentCid: 0264 DirBase: 7cbea000 ObjectTable: fffff8a002e70e50 HandleCount: 523. Image: svchost.exe PROCESS fffffa8006111060 SessionId: 0 Cid: 045c Peb: 7fffffd3000 ParentCid: 0264 DirBase: 7be70000 ObjectTable: fffff8a002ea2af0 HandleCount: 1323. Image: svchost.exe PROCESS fffffa8006dea280 SessionId: 0 Cid: 04d8 Peb: 7fffffd5000 ParentCid: 038c DirBase: 7a33f000 ObjectTable: fffff8a002ef1d70 HandleCount: 133. Image: audiodg.exe PROCESS fffffa8006e04420 SessionId: 0 Cid: 0500 Peb: 7fffffda000 ParentCid: 0264 DirBase: 79b35000 ObjectTable: fffff8a002888770 HandleCount: 370. Image: svchost.exe PROCESS fffffa80052f0b30 SessionId: 1 Cid: 0638 Peb: 7fffffdf000 ParentCid: 0394 DirBase: 71c36000 ObjectTable: fffff8a0029dea40 HandleCount: 211. Image: nvxdsync.exe PROCESS fffffa80053d1430 SessionId: 1 Cid: 0644 Peb: 7fffffd4000 ParentCid: 0394 DirBase: 71e3b000 ObjectTable: fffff8a002eadb40 HandleCount: 175. Image: nvvsvc.exe PROCESS fffffa8006e8d7a0 SessionId: 0 Cid: 069c Peb: 7fffffd8000 ParentCid: 0264 DirBase: 71176000 ObjectTable: fffff8a002ba3150 HandleCount: 664. Image: svchost.exe PROCESS fffffa8005dcb340 SessionId: 0 Cid: 0744 Peb: 7fffffd3000 ParentCid: 0264 DirBase: 606da000 ObjectTable: fffff8a003043f90 HandleCount: 330. Image: spoolsv.exe PROCESS fffffa8005e6e060 SessionId: 0 Cid: 0760 Peb: 7fffffdf000 ParentCid: 0264 DirBase: 60416000 ObjectTable: fffff8a002ec4290 HandleCount: 321. Image: svchost.exe PROCESS fffffa8006f8bb30 SessionId: 0 Cid: 05d4 Peb: 7fffffd4000 ParentCid: 0264 DirBase: 5bf47000 ObjectTable: fffff8a00300dcf0 HandleCount: 94. Image: svchost.exe PROCESS fffffa8006f94b30 SessionId: 0 Cid: 060c Peb: 7efdf000 ParentCid: 0264 DirBase: 5c3cd000 ObjectTable: fffff8a002de0950 HandleCount: 209. Image: AppleMobileDeviceService.exe PROCESS fffffa8005f09340 SessionId: 0 Cid: 08b0 Peb: 7efdf000 ParentCid: 0264 DirBase: 53117000 ObjectTable: fffff8a00338a610 HandleCount: 75. Image: BrowserDataServices.exe PROCESS fffffa8007137580 SessionId: 0 Cid: 08fc Peb: 7efdf000 ParentCid: 0264 DirBase: 51920000 ObjectTable: fffff8a0032ca120 HandleCount: 86. Image: InjectWinSockServiceV6.exe PROCESS fffffa80071e2330 SessionId: 0 Cid: 0938 Peb: 7fffffd3000 ParentCid: 0264 DirBase: 4d1c8000 ObjectTable: fffff8a0031c4e80 HandleCount: 91. Image: HeciServer.exe PROCESS fffffa80071f3530 SessionId: 0 Cid: 0950 Peb: 7efdf000 ParentCid: 0264 DirBase: 4df4e000 ObjectTable: fffff8a0031866d0 HandleCount: 102. Image: Jhi_service.exe PROCESS fffffa80071eaaa0 SessionId: 0 Cid: 0970 Peb: fffdf000 ParentCid: 0264 DirBase: 4de14000 ObjectTable: fffff8a002f020a0 HandleCount: 414. Image: sqlservr.exe PROCESS fffffa8004cc5b30 SessionId: 0 Cid: 09c8 Peb: fffdf000 ParentCid: 0264 DirBase: 60561000 ObjectTable: fffff8a003425c50 HandleCount: 32727. Image: mysqld.exe PROCESS fffffa8006fe2b30 SessionId: 0 Cid: 09e4 Peb: 7fffffd8000 ParentCid: 0264 DirBase: 5f328000 ObjectTable: fffff8a003155790 HandleCount: 60. Image: svchost.exe PROCESS fffffa8006fd9b30 SessionId: 0 Cid: 0a04 Peb: 7fffffdc000 ParentCid: 0264 DirBase: 5ea6d000 ObjectTable: fffff8a003481500 HandleCount: 59. Image: svchost.exe PROCESS fffffa80072099d0 SessionId: 0 Cid: 0a18 Peb: 7fffffdc000 ParentCid: 0264 DirBase: 5eaf3000 ObjectTable: fffff8a0034968b0 HandleCount: 105. Image: TCPSVCS.EXE PROCESS fffffa80072efb30 SessionId: 0 Cid: 0a2c Peb: 7fffffdf000 ParentCid: 0264 DirBase: 5ea39000 ObjectTable: fffff8a0034a3320 HandleCount: 84. Image: sqlwriter.exe PROCESS fffffa80073056e0 SessionId: 0 Cid: 0a50 Peb: 7fffffde000 ParentCid: 0264 DirBase: 5e87f000 ObjectTable: fffff8a002b41cc0 HandleCount: 102. Image: svchost.exe PROCESS fffffa800732eb30 SessionId: 0 Cid: 0a74 Peb: 7fffffdf000 ParentCid: 0264 DirBase: 46704000 ObjectTable: fffff8a0034b8740 HandleCount: 151. Image: svchost.exe PROCESS fffffa8007391210 SessionId: 0 Cid: 0af4 Peb: 7efdf000 ParentCid: 0264 DirBase: 5af70000 ObjectTable: fffff8a003509e40 HandleCount: 185. Image: wlcommsvc.exe PROCESS fffffa8007389b30 SessionId: 0 Cid: 0b08 Peb: 7fffffdf000 ParentCid: 0264 DirBase: 5b6b6000 ObjectTable: fffff8a002bfd950 HandleCount: 347. Image: WLIDSVC.EXE PROCESS fffffa80073cc060 SessionId: 1 Cid: 0b58 Peb: 7fffffdb000 ParentCid: 0264 DirBase: 5bafd000 ObjectTable: fffff8a0020ae7b0 HandleCount: 212. Image: taskhost.exe PROCESS fffffa800787cb30 SessionId: 0 Cid: 07ac Peb: fffdf000 ParentCid: 0264 DirBase: 5866b000 ObjectTable: fffff8a0026d9340 HandleCount: 220. Image: BuildService.exe PROCESS fffffa80078aeb30 SessionId: 0 Cid: 0888 Peb: 7fffffd5000 ParentCid: 0b08 DirBase: 540bf000 ObjectTable: fffff8a00340eb00 HandleCount: 60. Image: WLIDSVCM.EXE PROCESS fffffa8007933060 SessionId: 1 Cid: 0c50 Peb: 7fffffd3000 ParentCid: 0430 DirBase: 37a11000 ObjectTable: fffff8a00408d630 HandleCount: 131. Image: dwm.exe PROCESS fffffa800794e1c0 SessionId: 1 Cid: 0c68 Peb: 7fffffdc000 ParentCid: 0c34 DirBase: 51eb0000 ObjectTable: fffff8a004163bb0 HandleCount: 862. Image: explorer.exe PROCESS fffffa800799b400 SessionId: 1 Cid: 0ce8 Peb: 7fffffdf000 ParentCid: 0c68 DirBase: 2fd47000 ObjectTable: fffff8a0042354e0 HandleCount: 253. Image: RAVCpl64.exe PROCESS fffffa8007443060 SessionId: 0 Cid: 0d94 Peb: 7fffffdf000 ParentCid: 0264 DirBase: 464bc000 ObjectTable: fffff8a0043dc840 HandleCount: 245. Image: NisSrv.exe PROCESS fffffa8007b0c780 SessionId: 0 Cid: 0dd0 Peb: 7fffffd9000 ParentCid: 0264 DirBase: 2b1c6000 ObjectTable: fffff8a004400590 HandleCount: 102. Image: svchost.exe PROCESS fffffa8007c16780 SessionId: 1 Cid: 0f18 Peb: 7fffffdb000 ParentCid: 0c68 DirBase: 3ebb5000 ObjectTable: fffff8a0040481e0 HandleCount: 180. Image: RAVBg64.exe PROCESS fffffa8007c4a960 SessionId: 0 Cid: 0f28 Peb: 7fffffdc000 ParentCid: 0264 DirBase: 3e0f6000 ObjectTable: fffff8a005a61f90 HandleCount: 922. Image: SearchIndexer.exe PROCESS fffffa8007cb7a30 SessionId: 1 Cid: 0f90 Peb: 7fffffda000 ParentCid: 0c68 DirBase: 3d2f9000 ObjectTable: fffff8a006d0c350 HandleCount: 109. Image: TSVNCache.exe PROCESS fffffa8006b9fb30 SessionId: 1 Cid: 0c78 Peb: 7fffffdf000 ParentCid: 0638 DirBase: 6b25b000 ObjectTable: fffff8a00342b0a0 HandleCount: 96. Image: nvtray.exe PROCESS fffffa8007cc2060 SessionId: 1 Cid: 0d80 Peb: 7efdf000 ParentCid: 03d4 DirBase: 3a1e5000 ObjectTable: fffff8a006c46110 HandleCount: 771. Image: QQPCTray.exe PROCESS fffffa8006bffb30 SessionId: 1 Cid: 0dcc Peb: 7fffffda000 ParentCid: 0c68 DirBase: 7ac34000 ObjectTable: fffff8a002d0fe10 HandleCount: 216. Image: SynTPEnh.exe PROCESS fffffa8007df7060 SessionId: 1 Cid: 124c Peb: 7fffffdf000 ParentCid: 0c68 DirBase: 0074c000 ObjectTable: fffff8a004d02db0 HandleCount: 263. Image: msseces.exe PROCESS fffffa8007e4b5b0 SessionId: 1 Cid: 12b4 Peb: 7fffffdf000 ParentCid: 0c68 DirBase: 00f58000 ObjectTable: fffff8a000130ae0 HandleCount: 177. Image: hkcmd.exe PROCESS fffffa8005d2a360 SessionId: 1 Cid: 12bc Peb: 7fffffdf000 ParentCid: 0c68 DirBase: 12415e000 ObjectTable: fffff8a004d02800 HandleCount: 163. Image: igfxpers.exe PROCESS fffffa8006e2ab30 SessionId: 1 Cid: 1334 Peb: 7efdf000 ParentCid: 0c68 DirBase: 1e164000 ObjectTable: fffff8a002fdd480 HandleCount: 1282. Image: msnmsgr.exe PROCESS fffffa8007e48350 SessionId: 1 Cid: 1374 Peb: 7fffffde000 ParentCid: 0dcc DirBase: 123998000 ObjectTable: fffff8a00422a340 HandleCount: 20. Image: SynTPHelper.exe PROCESS fffffa8006b76620 SessionId: 1 Cid: 13cc Peb: 7efdf000 ParentCid: 0c68 DirBase: 1cf2e000 ObjectTable: fffff8a0051ab3b0 HandleCount: 473. Image: YodaoDict.exe PROCESS fffffa8006f69490 SessionId: 1 Cid: 1010 Peb: 7efdf000 ParentCid: 0c68 DirBase: 19dba000 ObjectTable: fffff8a003960790 HandleCount: 806. Image: Fetion.exe PROCESS fffffa8003b6c710 SessionId: 1 Cid: 1038 Peb: 7efdf000 ParentCid: 0c68 DirBase: 193a4000 ObjectTable: fffff8a0043d0150 HandleCount: 47. Image: ONENOTEM.EXE PROCESS fffffa8003bae580 SessionId: 1 Cid: 11a0 Peb: 7fffffdf000 ParentCid: 1024 DirBase: 11c586000 ObjectTable: fffff8a004c89990 HandleCount: 218. Image: pcee4.exe PROCESS fffffa8003ba2b30 SessionId: 1 Cid: 03c4 Peb: 7efdf000 ParentCid: 1124 DirBase: 174ba000 ObjectTable: fffff8a0051a95b0 HandleCount: 107. Image: xgTrayIcon.exe PROCESS fffffa8003bde060 SessionId: 1 Cid: 00e0 Peb: 7efdf000 ParentCid: 1024 DirBase: 1616d000 ObjectTable: fffff8a004975180 HandleCount: 351. Image: QDesk.exe PROCESS fffffa8003cdd770 SessionId: 1 Cid: 1364 Peb: 7efdf000 ParentCid: 0d80 DirBase: 1161a0000 ObjectTable: fffff8a00402f580 HandleCount: 263. Image: QQPCWebShield.exe PROCESS fffffa8003d87b30 SessionId: 1 Cid: 02c8 Peb: 7efdf000 ParentCid: 13cc DirBase: 110389000 ObjectTable: fffff8a004283f90 HandleCount: 168. Image: WordBook.exe PROCESS fffffa8003e3d1b0 SessionId: 0 Cid: 0d64 Peb: 7fffffd8000 ParentCid: 0264 DirBase: 09f71000 ObjectTable: fffff8a00585d540 HandleCount: 173. Image: svchost.exe PROCESS fffffa8003bc0b30 SessionId: 1 Cid: 13f4 Peb: 7fffffd3000 ParentCid: 13cc DirBase: 119f22000 ObjectTable: fffff8a004aec650 HandleCount: 53. Image: YoudaoEH.exe PROCESS fffffa8004075060 SessionId: 0 Cid: 1428 Peb: 7efdf000 ParentCid: 0264 DirBase: b8a5c000 ObjectTable: fffff8a0056558d0 HandleCount: 104. Image: LMS.exe PROCESS fffffa800406a060 SessionId: 0 Cid: 1480 Peb: 7efdf000 ParentCid: 0264 DirBase: 10caed000 ObjectTable: fffff8a00594c5a0 HandleCount: 162. Image: daemonu.exe PROCESS fffffa80040a15b0 SessionId: 1 Cid: 1494 Peb: 7fffffda000 ParentCid: 0264 DirBase: 10c577000 ObjectTable: fffff8a0056328f0 HandleCount: 139. Image: InputPersonalization.exe PROCESS fffffa8004226b30 SessionId: 0 Cid: 1678 Peb: 7efdf000 ParentCid: 0264 DirBase: 82005000 ObjectTable: fffff8a0074d4e80 HandleCount: 257. Image: UNS.exe PROCESS fffffa80044bcab0 SessionId: 1 Cid: 05f8 Peb: fffdf000 ParentCid: 0c68 DirBase: 7ab82000 ObjectTable: fffff8a0039155d0 HandleCount: 3858. Image: devenv.exe PROCESS fffffa8004463b30 SessionId: 1 Cid: 0e50 Peb: 7efdf000 ParentCid: 0c68 DirBase: 04d2e000 ObjectTable: fffff8a00f6cb890 HandleCount: 3237. Image: OUTLOOK.EXE PROCESS fffffa80044cd060 SessionId: 0 Cid: 0770 Peb: 7fffffd4000 ParentCid: 0264 DirBase: 65a67000 ObjectTable: fffff8a006e39240 HandleCount: 145. Image: OSPPSVC.EXE PROCESS fffffa8004b5e060 SessionId: 1 Cid: 0bec Peb: 7efdf000 ParentCid: 0d80 DirBase: b14fc000 ObjectTable: 00000000 HandleCount: 0. Image: QQPCMgrUpdate.exe PROCESS fffffa8004d5b6b0 SessionId: 1 Cid: 10f4 Peb: fffdf000 ParentCid: 0318 DirBase: 43ae3000 ObjectTable: fffff8a00f6e3140 HandleCount: 555. Image: wlcomm.exe PROCESS fffffa8005a1cb30 SessionId: 1 Cid: 1b3c Peb: 7efdf000 ParentCid: 0d80 DirBase: 5b78a000 ObjectTable: 00000000 HandleCount: 0. Image: QQPCMgrUpdate.exe PROCESS fffffa80060af060 SessionId: 1 Cid: 0518 Peb: 7fffffdd000 ParentCid: 0264 DirBase: 76298000 ObjectTable: fffff8a011c499d0 HandleCount: 96. Image: taskhost.exe PROCESS fffffa8007af0640 SessionId: 1 Cid: 1030 Peb: 7efdf000 ParentCid: 0c68 DirBase: 4513e000 ObjectTable: 00000000 HandleCount: 0. Image: chrome.exe PROCESS fffffa80083e4060 SessionId: 1 Cid: 14b8 Peb: 7efdf000 ParentCid: 00e0 DirBase: 1145ac000 ObjectTable: fffff8a003038370 HandleCount: 68. Image: goagent.exe PROCESS fffffa80044d9a70 SessionId: 1 Cid: 114c Peb: 7fffffdf000 ParentCid: 0230 DirBase: 21cf1000 ObjectTable: fffff8a0031bb830 HandleCount: 60. Image: conhost.exe PROCESS fffffa800460e920 SessionId: 1 Cid: 1ae8 Peb: 7efdf000 ParentCid: 14b8 DirBase: 1523c000 ObjectTable: fffff8a004326f90 HandleCount: 207. Image: proxy.exe PROCESS fffffa800469db30 SessionId: 1 Cid: 1bc8 Peb: 7efdf000 ParentCid: 0c68 DirBase: 5353c000 ObjectTable: fffff8a010783d00 HandleCount: 1480. Image: QQ.exe PROCESS fffffa800596e060 SessionId: 1 Cid: 15c4 Peb: 7efdf000 ParentCid: 0318 DirBase: 705e6000 ObjectTable: fffff8a005689850 HandleCount: 88. Image: TXPlatform.exe PROCESS fffffa8003e7f850 SessionId: 1 Cid: 07f0 Peb: fffdf000 ParentCid: 05f8 DirBase: 3246a000 ObjectTable: 00000000 HandleCount: 0. Image: BuildSystem.exe PROCESS fffffa80065f8660 SessionId: 1 Cid: 12d4 Peb: 7efdf000 ParentCid: 1bc8 DirBase: a06ed000 ObjectTable: fffff8a0026c5590 HandleCount: 356. Image: QQExternal.exe PROCESS fffffa8004e687e0 SessionId: 1 Cid: 1b78 Peb: 7efdf000 ParentCid: 1bc8 DirBase: b18d1000 ObjectTable: 00000000 HandleCount: 0. Image: txupd.exe PROCESS fffffa8007b9e2e0 SessionId: 1 Cid: 10b4 Peb: 7efdf000 ParentCid: 1010 DirBase: 14764000 ObjectTable: fffff8a0055e13c0 HandleCount: 478. Image: fxWebBrowser.exe PROCESS fffffa80045616f0 SessionId: 1 Cid: 00c8 Peb: 7fffffdc000 ParentCid: 0c68 DirBase: 46781000 ObjectTable: fffff8a010b64e50 HandleCount: 221. Image: windbg.exe PROCESS fffffa8004d57060 SessionId: 0 Cid: 17bc Peb: 7fffffd8000 ParentCid: 0f28 DirBase: 43bc3000 ObjectTable: fffff8a0078903b0 HandleCount: 283. Image: SearchProtocolHost.exe PROCESS fffffa800818a060 SessionId: 0 Cid: 1610 Peb: 7fffffd8000 ParentCid: 0f28 DirBase: 116709000 ObjectTable: fffff8a011caf840 HandleCount: 103. Image: SearchFilterHost.exe lkd> .process fffffa800469db30 Implicit process is now fffffa80`0469db30 lkd> dd win32k!gphkHashTable //需要reload Couldn't resolve error at 'win32k!gphkHashTable' lkd> .reload Connected to Windows 7 7601 x64 target at (Thu Jun 28 10:33:36.409 2012 (UTC + 8:00)), ptr64 TRUE Loading Kernel Symbols ............................................................... ................................................................ ......................................... Loading User Symbols PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details Loading unloaded module list ..... lkd> dd win32k!gphkHashTable fffff960`00390c20 c2ec5450 fffff900 00000000 00000000 fffff960`00390c30 00000000 00000000 00000000 00000000 fffff960`00390c40 00000000 00000000 00000000 00000000 fffff960`00390c50 00000000 00000000 00000000 00000000 fffff960`00390c60 00000000 00000000 c1ef3360 fffff900 fffff960`00390c70 00000000 00000000 00000000 00000000 fffff960`00390c80 00000000 00000000 c300b360 fffff900 fffff960`00390c90 00000000 00000000 00000000 00000000 lkd> dd fffff900`c2ec5450 fffff900`c2ec5450 c24d1010 fffff900 00000000 00000000 fffff900`c2ec5460 c08fe0f0 fffff900 00000002 00000000 //可能表示MOD_CONTROL0x0002,快捷键包含CTRL fffff900`c2ec5470 0000c0a7 fffff900 c06368e0 fffff900 fffff900`c2ec5480 230f0004 34616c47 c2ec5480 fffff900 fffff900`c2ec5490 33041e4d 00000000 00000000 80000000 fffff900`c2ec54a0 03e68b50 fffffa80 000000d8 00000000 //这是一个线程号 fffff900`c2ec54b0 00000000 6c777355 c2ec5530 fffff900 fffff900`c2ec54c0 c2ec54c0 fffff900 c2ec54c0 fffff900 //其他这些数据要怎么解析呢。。。。 lkd> dt _KTHREAD fffffa80`03e68b50 nt!_KTHREAD +0x000 Header : _DISPATCHER_HEADER +0x018 CycleTime : 0x2c`b7f805d1 +0x020 QuantumTarget : 0x2c`ba2aca3e +0x028 InitialStack : 0xfffff880`0be8bc70 Void +0x030 StackLimit : 0xfffff880`0be82000 Void +0x038 KernelStack : 0xfffff880`0be8b730 Void +0x040 ThreadLock : 0 +0x048 WaitRegister : _KWAIT_STATUS_REGISTER +0x049 Running : 0 '' +0x04a Alerted : [2] "" +0x04c KernelStackResident : 0y1 +0x04c ReadyTransition : 0y0 +0x04c ProcessReadyQueue : 0y0 +0x04c WaitNext : 0y0 +0x04c SystemAffinityActive : 0y0 +0x04c Alertable : 0y0 +0x04c GdiFlushActive : 0y0 +0x04c UserStackWalkActive : 0y0 +0x04c ApcInterruptRequest : 0y0 +0x04c ForceDeferSchedule : 0y0 +0x04c QuantumEndMigrate : 0y0 +0x04c UmsDirectedSwitchEnable : 0y0 +0x04c TimerActive : 0y0 +0x04c SystemThread : 0y0 +0x04c Reserved : 0y000000000000000000 (0) +0x04c MiscFlags : 0n1 +0x050 ApcState : _KAPC_STATE +0x050 ApcStateFill : [43] "???" +0x07b Priority : 10 '' +0x07c NextProcessor : 0 +0x080 DeferredProcessor : 0 +0x088 ApcQueueLock : 0 +0x090 WaitStatus : 0n0 +0x098 WaitBlockList : 0xfffffa80`03e68c58 _KWAIT_BLOCK +0x0a0 WaitListEntry : _LIST_ENTRY [ 0xfffffa80`04156bf0 - 0xfffffa80`06e44100 ] +0x0a0 SwapListEntry : _SINGLE_LIST_ENTRY +0x0b0 Queue : (null) +0x0b8 Teb : 0x00000000`7efdb000 Void +0x0c0 Timer : _KTIMER +0x100 AutoAlignment : 0y1 +0x100 DisableBoost : 0y0 +0x100 EtwStackTraceApc1Inserted : 0y0 +0x100 EtwStackTraceApc2Inserted : 0y0 +0x100 CalloutActive : 0y0 +0x100 ApcQueueable : 0y1 +0x100 EnableStackSwap : 0y1 +0x100 GuiThread : 0y1 +0x100 UmsPerformingSyscall : 0y0 +0x100 VdmSafe : 0y0 +0x100 UmsDispatched : 0y0 +0x100 ReservedFlags : 0y000000000000000000000 (0) +0x100 ThreadFlags : 0n225 +0x104 Spare0 : 0 +0x108 WaitBlock : [4] _KWAIT_BLOCK +0x108 WaitBlockFill4 : [44] "???" +0x134 ContextSwitches : 0x18b9e5 +0x108 WaitBlockFill5 : [92] "???" +0x164 State : 0x5 '' +0x165 NpxState : 5 '' +0x166 WaitIrql : 0 '' +0x167 WaitMode : 1 '' +0x108 WaitBlockFill6 : [140] "???" +0x194 WaitTime : 0x5797d +0x108 WaitBlockFill7 : [168] "???" +0x1b0 TebMappedLowVa : (null) +0x1b8 Ucb : (null) +0x108 WaitBlockFill8 : [188] "???" +0x1c4 KernelApcDisable : 0n0 +0x1c6 SpecialApcDisable : 0n0 +0x1c4 CombinedApcDisable : 0 +0x1c8 QueueListEntry : _LIST_ENTRY [ 0x00000000`00000000 - 0x0 ] +0x1d8 TrapFrame : 0xfffff880`0be8bae0 _KTRAP_FRAME +0x1e0 FirstArgument : (null) +0x1e8 CallbackStack : (null) +0x1e8 CallbackDepth : 0 +0x1f0 ApcStateIndex : 0 '' +0x1f1 BasePriority : 8 '' +0x1f2 PriorityDecrement : 2 '' +0x1f2 ForegroundBoost : 0y0010 +0x1f2 UnusualBoost : 0y0000 +0x1f3 Preempted : 0 '' +0x1f4 AdjustReason : 0 '' +0x1f5 AdjustIncrement : 2 '' +0x1f6 PreviousMode : 1 '' +0x1f7 Saturation : 0 '' +0x1f8 SystemCallNumber : 0x100c +0x1fc FreezeCount : 0 +0x200 UserAffinity : _GROUP_AFFINITY +0x210 Process : 0xfffffa80`0469db30 _KPROCESS //这应该是快捷键所在进程。可以从!process 0 0的结果中得到,这个进程是QQ.exe +0x218 Affinity : _GROUP_AFFINITY +0x228 IdealProcessor : 0 +0x22c UserIdealProcessor : 0 +0x230 ApcStatePointer : [2] 0xfffffa80`03e68ba0 _KAPC_STATE +0x240 SavedApcState : _KAPC_STATE +0x240 SavedApcStateFill : [43] "???" +0x26b WaitReason : 0xd '' +0x26c SuspendCount : 0 '' +0x26d Spare1 : 0 '' +0x26e CodePatchInProgress : 0 '' +0x270 Win32Thread : 0xfffff900`c24d1010 Void +0x278 StackBase : 0xfffff880`0be8c000 Void +0x280 SuspendApc : _KAPC +0x280 SuspendApcFill0 : [1] "??????" +0x281 ResourceIndex : 0x1 '' +0x280 SuspendApcFill1 : [3] "???" +0x283 QuantumReset : 0x12 '' +0x280 SuspendApcFill2 : [4] "???" +0x284 KernelTime : 0x4e5 +0x280 SuspendApcFill3 : [64] "???" +0x2c0 WaitPrcb : 0xfffff800`05042e80 _KPRCB +0x280 SuspendApcFill4 : [72] "???" +0x2c8 LegoData : (null) +0x280 SuspendApcFill5 : [83] "???" +0x2d3 LargeStack : 0x1 '' +0x2d4 UserTime : 0x52d +0x2d8 SuspendSemaphore : _KSEMAPHORE +0x2d8 SuspendSemaphorefill : [28] "???" +0x2f4 SListFaultCount : 0 +0x2f8 ThreadListEntry : _LIST_ENTRY [ 0xfffffa80`079ab358 - 0xfffffa80`0469db60 ] +0x308 MutantListHead : _LIST_ENTRY [ 0xfffffa80`05de7978 - 0xfffffa80`04486268 ] +0x318 SListFaultAddress : (null) +0x320 ReadOperationCount : 0n27284 +0x328 WriteOperationCount : 0n1031 +0x330 OtherOperationCount : 0n152123 +0x338 ReadTransferCount : 0n18422004 +0x340 WriteTransferCount : 0n6614868 +0x348 OtherTransferCount : 0n44429885 +0x350 ThreadCounters : (null) +0x358 StateSaveArea : 0xfffff880`0be8bcc0 _XSAVE_FORMAT +0x360 XStateSave : (null)
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。 原始发表:2024-10-11,如有侵权请联系 cloudcommunity@tencent 删除process进程快捷键exeimage本文标签: win7 x64怎么枚举所有快捷键呢
版权声明:本文标题:win7 x64怎么枚举所有快捷键呢 内容由林淑君副主任自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.xiehuijuan.com/baike/1754903343a1707992.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论