c++ - wow64!_TEB32 未找到

Question

我正在尝试分析 wow64 进程转储。 问题是内存泄漏，所以我需要检查堆。 我指的是这篇文章来分析转储:

http://www.codeproject.com/Articles/31382/Memory-Leak-Detection-Using-Windbg .

0:000> .load wow64exts

0:000> !sw
Switched to 32bit mode


0:000:x86> !heap -s
NtGlobalFlag enables following debugging aids for new heaps:
    tail checking
    free checking
    validate parameters
LFH Key                   : 0x00000000072e0d1a
Termination on corruption : ENABLED
  Heap     Flags   Reserv  Commit  Virt   Free  List   UCR  Virt  Lock  Fast 
                    (k)     (k)    (k)     (k) length      blocks cont. heap 
-----------------------------------------------------------------------------
00000000001b0000 40000062    1024     32   1024      8     2     1    0      0      
0000000000320000 40001062   47808  45812  47808      7     8     7    0      0      
-----------------------------------------------------------------------------


0:000:x86>  !heap -stat -h 0000000000320000 
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: wow64!_TEB32                                  ***
***                                                                   ***
*************************************************************************
 heap @ 0000000000320000
group-by: TOTSIZE max-display: 20
    size     #blocks     total     ( %) (percent of total busy bytes)

找不到 wow64!_TEB32，所以无法继续。 有没有任何 body 整体可以帮助解决这个问题？

Answer 1

首先，确保您的 symbols are set up correctly , 通常通过做

.symfix c:\symbols
.reload

通常，对于 32 位应用程序，如果您不想调试 WOW64 层本身，则应该进行 32 位转储。

但是，在您的情况下(关于 !heap 命令)，您只需重复 32 位版本的 WinDbg 中的步骤，它也可以在 64 位 Windows 上运行并且可以打开 64 位转储。