แก้ไข

แชร์ผ่าน


Accessing Memory by Virtual Address

To access memory addresses or address ranges, you can use several commands. Visual Studio and WinDbg provide user interface elements (as well as commands) that you can use to view and edit memory. For more information, see Viewing and Editing Memory in WinDbg (Classic).

The following commands can read or write memory in a variety of formats. These formats include hexadecimal bytes, words (words, double words, and quad-words), integers (short, long, and quad integers and unsigned integers), floating-point numbers (10-byte, 16-byte, 32-byte, and 64-byte real numbers), and ASCII characters.

You can use the following commands to handle more specialized data types:

  • The dt (Display Type) command finds a variety of data types and displays data structures that have been created by the application that is being debugged. This command is highly versatile and has many variations and options.

  • The ds, dS (Display String) command displays a STRING, ANSI_STRING, or UNICODE_STRING data structure.

  • The dl (Display Linked List) command traces and displays a linked list.

  • The d*s (Display Words and Symbols) command finds double-words or quad-words that might contain symbol information and then displays the data and the symbol information.

  • The !address extension command displays information about the properties of the memory that is located at a specific address.

You can use the following commands to manipulate memory ranges:

  • The m (Move Memory) command moves the contents of one memory range to another.

  • The f (Fill Memory) command writes a pattern to a memory range, repeating it until the range is full.

  • The c (Compare Memory) command compares the contents of two memory ranges.

  • The s (Search Memory) command searches for a specified pattern within a memory range or searches for any ASCII or Unicode characters that exist in a memory range.

  • The .holdmem (Hold and Compare Memory) command compares one memory range to another.

In most situations, these commands interpret their parameters in the current radix. Therefore, you should add 0x before hexadecimal addresses if the current radix is not 16. However, the display output of these commands is typically in hexadecimal format, regardless of the current radix. (For more information about the output, see the individual command topics.) The Memory window displays integers and real numbers in decimal format and displays other formats in hexadecimal format.

To change the default radix, use the n (Set Number Base) command. To quickly convert numbers from one base to another, use the ? (Evaluate Expression) command or the .formats (Show Number Formats) command.

When you are performing user-mode debugging, the meaning of virtual addresses is determined by the current process. When you are performing kernel-mode debugging, the meaning of virtual addresses can be controlled by the debugger. For more information, see Process Context.