symsrv*symsrv.dll*f:\localsymbols*http://msdl.microsoft.com/download/symbols
View Windows List Entry data type
dt _LIST_ENTRY
View the TEB/TIB (GS register)
r $teb
Iterate through and display list entry for loader table entry
!list -t ntdll!_LIST_ENTRY.Flink -x "dt _LDR_DATA_TABLE_ENTRY @$extret" 779a3640+10
View unicode data type
dt _UNICODE_STRING
View a loaded DLL
lm m kernel32
View DOS Header
dt _IMAGE_DOS_HEADER <addr>
View NT Header
dt -r _IMAGE_NT_HEADERS64 <addr>
Dereference a register (Displays TEB in this example)
dt _TEB @$teb
Dump data
dd <addr>
Dump ASCII
da <addr>
View a loaded DLL
lm m kernel32
View DOS Header
dt _IMAGE_DOS_HEADER <addr>
View NT Header
dt -r _IMAGE_NT_HEADERS64 <addr>
Dereference a register (Displays TEB in this example)
dt _TEB @$teb
Dump data
dd <addr>
Dump ASCII
da <addr>
No comments:
Post a Comment