共用方式為


Browsing source from Windbg

This is a quick tip that I find useful for accessing source for a function. If your driver has multiple source files and you have setup a source server, you can save time by immediately pulling up correct version of the source you are interested in, without necessarily running the code within the debugger. The following assumes you have setup source and private symbol access correctly and that you are in an active debugger session.

 

  1. Turn on source mode in the UI or by running the .lines command
  2. Choose the function you are interested in
  3. Run the following command for that function
    • X module!function
  4. The first part of the output for this will be the memory address for the function, e.g.
    • kd> x nt!IofCallDriver
    • 82842ee0 nt!IofCallDriver
  5. From the Edit menu, choose “Go To Address” and enter the address highlighted above.

If everything is setup correctly, the source for the target function will open.