不得不看Microsoft.Press.Microsoft.Windows.Internals.Fourth.Edition.Dec.2004.internal.eBook
http://book.itzero.com/read/microsoft/0507/Microsoft.Press.Microsoft.Windows.Internals.Fourth.Edition.Dec.2004.internal.eBook-DDU_html/0735619174/toc.html
Chapter 1 for more information on the kernel debugger and how to perform kernel debugging on the local system.) The output (truncated for the sake of space) looks like this:
lkd> dt _eprocessnt!_EPROCESS +0x000Pcb : _KPROCESS +0x06cProcessLock : _EX_PUSH_LOCK +0x070CreateTime : _LARGE_INTEGER +0x078ExitTime : _LARGE_INTEGER +0x080RundownProtect : _EX_RUNDOWN_REF +0x084UniqueProcessId : Ptr32Void +0x088ActiveProcessLinks : _LIST_ENTRY +0x090QuotaUsage : [3] Uint4B +0x09cQuotaPeak : [3] Uint4B +0x0a8CommitCharge : Uint4B +0x0acPeakVirtualSize : Uint4B +0x0b0VirtualSize : Uint4B +0x0b4SessionProcessLinks : _LIST_ENTRY +0x0bcDebugPort : Ptr32Void +0x0c0ExceptionPort : Ptr32Void +0x0c4ObjectTable : Ptr32_HANDLE_TABLE +0x0c8Token : _EX_FAST_REF +0x0ccWorkingSetLock : _FAST_MUTEX +0x0ecWorkingSetPage : Uint4B +0x0f0AddressCreationLock : _FAST_MUTEX +0x110HyperSpaceLock : Uint4B +0x114ForkInProgress : Ptr32_ETHREAD +0x118HardwareTrigger : Uint4B
lkd>dt _kprocessnt!_KPROCESS +0x000Header : _DISPATCHER_HEADER +0x010ProfileListHead : _LIST_ENTRY +0x018DirectoryTableBase : [2]Uint4B +0x020LdtDescriptor : _KGDTENTRY +0x028Int21Descriptor : _KIDTENTRY +0x030IopmOffset : Uint2B +0x032Iopl : UChar +0x033Unused : UChar +0x034ActiveProcessors : Uint4B +0x038KernelTime : Uint4B +0x03cUserTime : Uint4B +0x040ReadyListHead : _LIST_ENTRY +0x048SwapListEntry : _SINGLE_LIST_ENTRY +0x04cVdmTrapcHandler : Ptr32Void +0x050ThreadListHead : _LIST_ENTRY +0x058ProcessLock : Uint4B +0x05cAffinity : Uint4B +0x060StackCount : Uint2B +0x062BasePriority : Char +0x063ThreadQuantum : Char +0x064AutoAlignment : UChar +0x065State : UChar +0x066ThreadSeed : UChar +0x067DisableBoost : UChar +0x068PowerState : UChar +0x069DisableQuantum : UChar +0x06aIdealNode : UChar +0x06bSpare : UChar
will recurse and display all substructures one level deep.
command. An annotated example of the output from this command is included later in this chapter.
!process command as follows:
lkd> !processPROCESS 8575f030 SessionId: 0 Cid: 08d0 Peb: 7ffdf000 ParentCid: 0360 DirBase: 1a81b000 ObjectTable: e12bd418 HandleCount: 66. Image: windbg.exe
lkd> !peb7ffdf000PEB at 7ffdf000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 01000000 Ldr 00181e90 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 00181f28 . 00183188 Ldr.InLoadOrderModuleList: 00181ec0 . 00183178 Ldr.InMemoryOrderModuleList: 00181ec8 . 00183180 BaseTimeStamp Module 1000000 40478dbd Mar 04 15:12:45 2004 C:\Program Files
\DebuggingToolsfor Windows\windbg.exe 77f500003eb1b41a May01 19:56:10 2003 C:\WINDOWS
\System32\ntdll.dll 77e600003d6dfa28 Aug29 06:40:40 2002 C:\WINDOWS
\system32\kernel32.dll 200000040476db2 Mar04 12:56:02 2004 C:\Program Files
\DebuggingToolsfor Windows\dbgeng.dll . SubSystemData: 00000000 ProcessHeap: 00080000 ProcessParameters: 00020000 WindowTitle: 'C:\Documents and Settings\AllUsers\Start
Menu\Programs\Debugging Tools for Windows\WinDbg.lnk' ImageFile: 'C:\ProgramFiles\DebuggingTools forWindows
\windbg.exe' CommandLine: ''C:\Program Files\Debugging Toolsfor
Windows\windbg.exe' ' DllPath: 'C:\ProgramFiles\DebuggingToolsforWindows;C:
\WINDOWS\System32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files\Windows
ResourceKits\Tools\;C:\WINDOWSsystem32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\ProgramFiles
\SupportTools\;c:\sysint;C:\ProgramFiles\ATI Technologies\ATIControl Panel;C:
\ProgramFiles\Resource Kit\;C:\PROGRA~1\CA\Common\SCANEN~1;C:\PROGRA~1\CA\eTrust\ANTIVI~1;C:
\ProgramFiles\Common Files\RoxioShared\DLLShared;C:\SFU\common\' Environment: 00010000 =::=:: ALLUSERSPROFILE=C:\Documents andSettings\All Users APPDATA=C:\Documents and Settings\dsolomon\ApplicationData
lkd> !processPROCESS 8575f030 SessionId: 0 Cid: 08d0 Peb: 7ffdf000
ParentCid: 0360 DirBase: 1a81b000 ObjectTable: e12bd418 HandleCount: 65. Image:windbg.exe VadRoot 857f05e0 Vads 71 Clone 0 Private 1152.
Modified98. Locked 1. DeviceMap e1e96c88 Token e1f5b8a8 ElapsedTime 1:23:06.0219 UserTime 0:00:11.0897 KernelTime 0:00:07.0450 QuotaPoolUsage[PagedPool] 38068 QuotaPoolUsage[NonPagedPool] 2840 Working Set Sizes (now,min,max) (2552, 50, 345)
(10208KB, 200KB, 1380KB) PeakWorkingSetSize 2715 VirtualSize 41 Mb PeakVirtualSize 41 Mb PageFaultCount 3658 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1566
NdisSend, for example).
kd> .load ndiskdLoaded ndiskd extension DLLkd> !miniportsDriver verifier level: 0Failed allocations: 0Miniport Driver Block: 817aa610 Miniport: 817b1130 RAS Async AdapterMiniport Driver Block: 81a1ef30 Miniport: 81a1ea70 DirectParallelMiniport Driver Block: 81a21cd0 Miniport: 81a217f0 WAN Miniport (PPTP)Miniport Driver Block: 81a23290 Miniport: 81a22130 WAN Miniport (L2TP)Miniport Driver Block: 81a275f0 Miniport: 81a25130 Intel 8255x-based PCI Ethernet Adapter(10/100)kd> !miniport 81a25130 Miniport 81a25130 : Intel 8255x-based PCI Ethernet Adapter(10/100) Flags : 20413208 BUS_MASTER, INDICATES_PACKETS,
IGNORE_REQUEST_QUEUE IGNORE_TOKEN_RING_ERRORS, NDIS_5_0, RESOURCES_AVAILABLE, DESERIALIZED,
MEDIA_CONNECTED, NOT_SUPPORTS_MEDIA_SENSE, PnPFlags : 00010021 PM_SUPPORTED, DEVICE_POWER_ENABLED,
RECEIVED_START CheckforHang interval: 2 seconds CurrentTick : 0001 IntervalTicks : 0001 InternalResetCount : 0000 MiniportResetCount : 0000 References: 3 UserModeOpenReferences: 0 PnPDeviceState : PNP_DEVICE_STARTED CurrentDevicePowerState : PowerDeviceD0 Bus PM capabilitiesDeviceD1:1DeviceD2:1WakeFromD0:0WakeFromD1:1WakeFromD2:0WakeFromD3:0SystemStateDeviceStatePowerSystemUnspecifiedPowerDeviceUnspecifiedS0D0S1D1S2PowerDeviceUnspecifiedS3PowerDeviceUnspecifiedS4D3S5D3SystemWake: S1DeviceWake: D1WakeupMethodes Enabled 6:WAKE_UP_PATTERN_MATCH WAKE_UP_LINK_CHANGEWakeUpCapabilities of the miniportMinMagicPacketWakeUp: 4MinPatternWakeUp: 4MinLinkChangeWakeUp: 4 Current PnP and PM Settings: : 00000030 DISABLE_WAKE_UP, DISABLE_WAKE_ON_RECONNECT, Allocated Resources: Memory: f4100000, Length: 1000 IO Port: 1440, Length: 40 Memory: f4000000, Length: 100000 Interrupt Level: 9, Vector: 9 Translated Allocated Resources: Memory: f4100000, Length: 1000 IO Port: 1440, Length: 40 Memory: f4000000, Length: 100000 Interrupt Level: 12, Vector: 39 MediaType : 802.3 DeviceObject : 81a25030, PhysDO : 81a93cd0 Next DO:
81a63030 MapRegisters : 819fc000 FirstPendingPkt: 0 SingleWorkItems: [0]: 81a254e8 [1]: 81a254f4 [2]: 81a25500 [3]: 81a2550c [4]: 81a25518 [5]: 81a25524 DriverVerifyFlags :00000000 MiniportOpen BlockQueue: 8164b888: Protocol 816524a8 = NBF, ProtocolContext 81649030 8191f628: Protocol 81928d88 = TCPIP, ProtocolContext
8191f728 Miniport Interrupt 81a00970
. These drivers lie between TDI transports and NDIS drivers. To an NDIS driver, an NDIS intermediate driver looks like a TDI transport; to a TDI transport, an NDIS intermediate driver looks like an NDIS driver. NDIS intermediate drivers can see all network traffic taking place on a system because the drivers lie between protocol drivers and network drivers. Software that provides fault tolerant and load balancing options for network adapters, such as Microsoft's Network Load Balancing Provider, are based on NDIS intermediate drivers.
Network Monitor also includes a number of other features, such as capture triggers and filters, that make it a powerful tool for troubleshooting network problems.
quality of service (QOS) guarantees. Video conferencing, media streaming, and enterprise resource planning (ERP) are examples of applications that require good network performance. QOS allows an application to specify minimum bandwidth and maximum latencies, which can be satisfied only if every networking software and hardware component between a sender and receiver supports QOS standards such as IEEE 802.1P, an industry standard that specifies the format of QOS packets and how OSI layer 2 devices (switches and network adapters) respond to them.
RSVP signaling functionality is removed in Windows XP and Windows Server 2003. While the RSVP service still executes, it serves only as a conduit between applications and traffic control components.
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
