在 MINIDUMP_MISC_INFO_N 中存储的 windows 转储中有时区信息,但我找不到在 windbg 中打印此信息的命令。所以,我必须手动从转储中提取这些信息......
Windbg 中是否有从 Windows 迷你转储打印 MINIDUMP_MISC_INFO_N 的命令?
逆向工程
视窗
风袋
2021-07-02 21:19:03
1个回答
有一个命令.timezone可以打印时区 StandardName
:\>tzutil /s "Greenwich Standard Time"
:\>cdb -c ".timezone;q" calc.exe | grep -B 1 -A 1 Green
0:000> cdb: Reading initial command '.timezone;q'
Time zone: Greenwich Standard Time; (UTC - 00:00)
quit:
:\>tzutil /s "Tokyo Standard Time"
:\>cdb -c ".timezone;q" calc.exe | grep -B 1 -A 1 Tokyo
0:000> cdb: Reading initial command '.timezone;q'
Time zone: Tokyo Standard Time; (UTC + 09:00)
quit:
:\>tzutil /s "India Standard Time"
:\>cdb -c ".timezone;q" calc.exe | grep -B 1 -A 1 India
0:000> cdb: Reading initial command '.timezone;q'
Time zone: India Standard Time; (UTC + 05:30)
quit:
如果你想从 misc 结构中得到其他东西,你可以沿着这条线编码一些东西并检索所有信息
#include <engextcpp.hpp>
#include <dbghelp.h>
class EXT_CLASS : public ExtExtension {
public:
EXT_COMMAND_METHOD(tzinfo);
};
EXT_DECLARE_GLOBALS();
EXT_COMMAND(tzinfo,"Output TimeZoneInfo","{;e,o,d=0;tzinfo;Print TimeZone}")
{
Out("outputs timezone info \n");
MINIDUMP_MISC_INFO_N Info;
HRESULT Status;
if ((Status = m_Advanced2->Request(DEBUG_REQUEST_MISC_INFORMATION,NULL,
0,&Info,sizeof(Info),NULL)) == S_OK){
Out("we recieved tzinfo %x\n %S\n" , Info.TimeZoneId , Info.TimeZone.StandardName);
} else {
Out("we didnot recieve tzinfo\n");
}
}
并像这样使用它
:\>.\cdb -c ".load tzinfo ;!tzinfo;q" calc | grep -A 4 Reading
0:000> cdb: Reading initial command '.load tzinfo ;!tzinfo;q'
outputs timezone info
we recieved tzinfo 0
India Standard Time
quit:
:\>tzutil /s "Tokyo Standard Time"
:\>.\cdb -c ".load tzinfo ;!tzinfo;q" calc | grep -A 4 Reading
0:000> cdb: Reading initial command '.load tzinfo ;!tzinfo;q'
outputs timezone info
we recieved tzinfo 0
Tokyo Standard Time
quit: