I find a weird problem with the WinDBG command ‘lm n t’:
kd> lm n t
start end module name
7c920000 7c9b4000 ntdll ntdll.dll Tue Aug 17 07:38:36 2004(4121457C)
804d8000 806ec600 nt ntoskrnl.exe Wed Aug 04 14:19:48 2004(41108004)
806ed000 80700d80 hal halacpi.dll Wed Aug 04 13:59:04 2004(41107B28)
bf800000 bf9c0200 win32k win32k.sys Wed Aug 04 14:17:30 2004(41107F7A)
bf9c1000 bf9d2580 dxg dxg.sys Wed Aug 04 14:00:51 2004(41107B93)
…
All of the module names except ‘nt’ are their image name without
extention. Why?
I also wonder how the debugger determines the module name of a given
kernel module?
Any help will be highly appreciated. Thanks in advance.
‘hal’ is also a non-standard name, by your standards. There are a few
others; kdcom/kd1394 is the one I can think of off the top of my head.
These are thusly named to prevent one from having to keep in mind the
particular version of the kernel (ntoskrnl/ntkrnlmp/et. c.), the hal
(halaacpi/et. c.) or the kd transport that is loaded at any particular
point in time. In particular, if one had to know the particular name of
the kernel, a lot of kernel debugger extensions would break unless
specially handled.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of John Smith
Sent: Monday, August 27, 2007 01:27
To: Kernel Debugging Interest List
Subject: [windbg] Why and how is the module name of ntoskrnl.exe
displayed as “nt” rather than “ntoskrnl”?
Hi experts,
I find a weird problem with the WinDBG command ‘lm n t’:
kd> lm n t
start end module name
7c920000 7c9b4000 ntdll ntdll.dll Tue Aug 17 07:38:36
2004(4121457C)
804d8000 806ec600 nt ntoskrnl.exe Wed Aug 04 14:19:48
2004(41108004)
806ed000 80700d80 hal halacpi.dll Wed Aug 04 13:59:04
2004(41107B28)
bf800000 bf9c0200 win32k win32k.sys Wed Aug 04 14:17:30
2004(41107F7A)
bf9c1000 bf9d2580 dxg dxg.sys Wed Aug 04 14:00:51
2004(41107B93)
…
All of the module names except ‘nt’ are their image name without
extention. Why?
I also wonder how the debugger determines the module name of a given
kernel module?
Any help will be highly appreciated. Thanks in advance.
(1) notwithstanding, I seriously doubt that one can alias other
modules.
Good luck,
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of John Smith
Sent: Monday, August 27, 2007 17:48
To: Kernel Debugging Interest List
Subject: Re:[windbg] Why and how is the module name of ntoskrnl.exe
displayed as “nt” rather than “ntoskrnl”?
Thank you, Martin,
I just wonder how WinDBG does that. I still have two questions:
1, Does WinDBG internally maintain an alias list? or WinDBG does that in
other way?
2, Only the modules from Microsoft can have alias, can’t they?
yes, there’s an alias list for hal + ntoskrnl/ntkrnlmp
currently, only hal+nt
“John Smith” wrote in message news:xxxxx@windbg… > Thank you, Martin, > I just wonder how WinDBG does that. I still have two questions: > > 1, Does WinDBG internally maintain an alias list? or WinDBG does that in > other way? > > 2, Only the modules from Microsoft can have alias, can’t they? > > > > >
iirc $ntdll has been added to builtin aliases i read something to that
effect cant rememebr where
look for autoamtic aliases defined in help file there are quiet a few of them
including alias for ntoskrnl.exe $ntsym $ntw … and some usefull
aliases as well for conditional testing $$succ or $ifsuc
On 8/28/07, Petr Kurtin wrote: > 1. yes, there’s an alias list for hal + ntoskrnl/ntkrnlmp > 2. currently, only hal+nt > > > “John Smith” wrote in message news:xxxxx@windbg… > > Thank you, Martin, > > I just wonder how WinDBG does that. I still have two questions: > > > > 1, Does WinDBG internally maintain an alias list? or WinDBG does that in > > other way? > > > > 2, Only the modules from Microsoft can have alias, can’t they? > > > > > > > > > > > > > > — > You are currently subscribed to windbg as: xxxxx@gmail.com > To unsubscribe send a blank email to xxxxx@lists.osr.com >
“Petr Kurtin” xxxxx@windbg… > 1. yes, there’s an alias list for hal + ntoskrnl/ntkrnlmp > 2. currently, only hal+nt > > > “John Smith” wrote in message news:xxxxx@windbg… >> Thank you, Martin, >> I just wonder how WinDBG does that. I still have two questions: >> >> 1, Does WinDBG internally maintain an alias list? or WinDBG does that in >> other way? >> >> 2, Only the modules from Microsoft can have alias, can’t they? >> >> >> >> >> > > >