ڼС
梦回起点
做你害怕做的事,你会发现:不过如此
本站基于WordPress—主题by 设计窝
冀ICP备15003737号
梦回起点
Copyright © 2015-2024 All rights reserved.

windbg遍历链表!list

  • 说明:
    0x776d7880+0x00c为ntdll!_PEB_LDR_DATA首地址+ntdll!_LIST_ENTRY.FLink的偏移
kd> !list "-t ntdll!_LIST_ENTRY.FLink -e -x \"dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c\" 0x776d7880+0x00c"
dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
776d788c  002117a8 0021edd0 002117b0 0021edd8
   +0x000 Length           : 0x30
   +0x004 Initialized      : 0x1 ''
   +0x008 SsHandle         : (null) 
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x2117a8 - 0x21edd0 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x2117b0 - 0x21edd8 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x211838 - 0x21eae0 ]
   +0x024 EntryInProgress  : (null) 
   +0x028 ShutdownInProgress : 0 ''
   +0x02c ShutdownThreadId : (null) 

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
002117a8  00211828 776d788c 00211830 776d7894
   +0x000 Length           : 0
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c08 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x211828 - 0x776d788c ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x211830 - 0x776d7894 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x0 - 0x0 ]
   +0x024 EntryInProgress  : 0x00690000 Void
   +0x028 ShutdownInProgress : 0x2d '-'
   +0x02c ShutdownThreadId : 0x0001a000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
00211828  00211b20 002117a8 00211b28 002117b0
   +0x000 Length           : 0
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c1f Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x211b20 - 0x2117a8 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x211b28 - 0x2117b0 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x211c18 - 0x776d789c ]
   +0x024 EntryInProgress  : 0x77600000 Void
   +0x028 ShutdownInProgress : 0 ''
   +0x02c ShutdownThreadId : 0x0013c000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
00211b20  00211c08 00211828 00211c10 00211830
   +0x000 Length           : 0
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c05 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x211c08 - 0x211828 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x211c10 - 0x211830 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x212470 - 0x211c18 ]
   +0x024 EntryInProgress  : 0x75f80000 Void
   +0x028 ShutdownInProgress : 0xe4 ''
   +0x02c ShutdownThreadId : 0x000d4000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
00211c08  00212350 00211b20 00212358 00211b28
   +0x000 Length           : 0
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c05 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x212350 - 0x211b20 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x212358 - 0x211b28 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x211b30 - 0x211838 ]
   +0x024 EntryInProgress  : 0x759d0000 Void
   +0x028 ShutdownInProgress : 0xe0 ''
   +0x02c ShutdownThreadId : 0x0004a000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
00212350  00212460 00211c08 00212468 00211c10
   +0x000 Length           : 0x380032
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c06 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x212460 - 0x211c08 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x212468 - 0x211c10 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21dbd8 - 0x212590 ]
   +0x024 EntryInProgress  : 0x771a0000 Void
   +0x028 ShutdownInProgress : 0x9 ''
   +0x02c ShutdownThreadId : 0x0004e000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
00212460  00212580 00212350 00212588 00212358
   +0x000 Length           : 0x650000
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c06 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x212580 - 0x212350 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x212588 - 0x212358 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x212798 - 0x211b30 ]
   +0x024 EntryInProgress  : 0x75eb0000 Void
   +0x028 ShutdownInProgress : 0x11 ''
   +0x02c ShutdownThreadId : 0x000c9000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
00212580  002126c0 00212460 002126c8 00212468
   +0x000 Length           : 0x6c
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c07 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x2126c0 - 0x212460 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x2126c8 - 0x212468 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x212360 - 0x2126d0 ]
   +0x024 EntryInProgress  : 0x75c70000 Void
   +0x028 ShutdownInProgress : 0x6c 'l'
   +0x02c ShutdownThreadId : 0x0000a000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
002126c0  00212788 00212580 00212790 00212588
   +0x000 Length           : 0
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c06 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x212788 - 0x212580 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x212790 - 0x212588 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x212590 - 0x212798 ]
   +0x024 EntryInProgress  : 0x760c0000 Void
   +0x028 ShutdownInProgress : 0xd7 ''
   +0x02c ShutdownThreadId : 0x0009d000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
00212788  0021dbc8 002126c0 0021dbd0 002126c8
   +0x000 Length           : 0
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c06 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21dbc8 - 0x2126c0 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21dbd0 - 0x2126c8 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x2126d0 - 0x212470 ]
   +0x024 EntryInProgress  : 0x76300000 Void
   +0x028 ShutdownInProgress : 0x72 'r'
   +0x02c ShutdownThreadId : 0x000ac000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021dbc8  0021d928 00212788 0021d930 00212790
   +0x000 Length           : 0x6c
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c06 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21d928 - 0x212788 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21d930 - 0x212790 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21da00 - 0x212360 ]
   +0x024 EntryInProgress  : 0x741d0000 Void
   +0x028 ShutdownInProgress : 0xdd ''
   +0x02c ShutdownThreadId : 0x00040000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021d928  0021d9f0 0021dbc8 0021d9f8 0021dbd0
   +0x000 Length           : 0x6c002d
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c06 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21d9f0 - 0x21dbc8 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21d9f8 - 0x21dbd0 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21de38 - 0x21da00 ]
   +0x024 EntryInProgress  : 0x77760000 Void
   +0x028 ShutdownInProgress : 0x55 'U'
   +0x02c ShutdownThreadId : 0x0001f000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021d9f0  0021da70 0021d928 0021da78 0021d930
   +0x000 Length           : 0
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c06 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21da70 - 0x21d928 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21da78 - 0x21d930 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21d938 - 0x21dbd8 ]
   +0x024 EntryInProgress  : 0x763f0000 Void
   +0x028 ShutdownInProgress : 0x8b ''
   +0x02c ShutdownThreadId : 0x000cc000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021da70  0021df30 0021d9f0 0021df38 0021d9f8
   +0x000 Length           : 0x1d7c948
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c1f Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21df30 - 0x21d9f0 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21df38 - 0x21d9f8 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21ede0 - 0x21df40 ]
   +0x024 EntryInProgress  : 0x71ee0000 Void
   +0x028 ShutdownInProgress : 0x48 'H'
   +0x02c ShutdownThreadId : 0x0001b000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021df30  0021dc98 0021da70 0021dca0 0021da78
   +0x000 Length           : 0x6c
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c06 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21dc98 - 0x21da70 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21dca0 - 0x21da78 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21da80 - 0x21e7e0 ]
   +0x024 EntryInProgress  : 0x71d80000 Void
   +0x028 ShutdownInProgress : 0xda ''
   +0x02c ShutdownThreadId : 0x00151000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021dc98  0021dd60 0021df30 0021dd68 0021df38
   +0x000 Length           : 0x6c006c
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c05 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21dd60 - 0x21df30 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21dd68 - 0x21df38 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21e760 - 0x21dd70 ]
   +0x024 EntryInProgress  : 0x77510000 Void
   +0x028 ShutdownInProgress : 0xe5 ''
   +0x02c ShutdownThreadId : 0x000a0000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021dd60  0021de28 0021dc98 0021de30 0021dca0
   +0x000 Length           : 0x6c
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c06 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21de28 - 0x21dc98 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21de30 - 0x21dca0 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21dca8 - 0x21de38 ]
   +0x024 EntryInProgress  : 0x75bc0000 Void
   +0x028 ShutdownInProgress : 0x75 'u'
   +0x02c ShutdownThreadId : 0x00019000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021de28  0021e6d0 0021dd60 0021e6d8 0021dd68
   +0x000 Length           : 0x6c0000
   +0x004 Initialized      : 0xdc ''
   +0x008 SsHandle         : 0x08009c06 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21e6d0 - 0x21dd60 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21e6d8 - 0x21dd68 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21dd70 - 0x21d938 ]
   +0x024 EntryInProgress  : 0x77780000 Void
   +0x028 ShutdownInProgress : 0x33 '3'
   +0x02c ShutdownThreadId : 0x000a1000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021e6d0  0021e750 0021de28 0021e758 0021de30
   +0x000 Length           : 0xf0e0d0c0
   +0x004 Initialized      : 0xbf ''
   +0x008 SsHandle         : 0x88000000 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21e750 - 0x21de28 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21e758 - 0x21de30 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21e960 - 0x21e760 ]
   +0x024 EntryInProgress  : 0x73d70000 Void
   +0x028 ShutdownInProgress : 0xe1 ''
   +0x02c ShutdownThreadId : 0x000fb000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021e750  0021e7d0 0021e6d0 0021e7d8 0021e6d8
   +0x000 Length           : 0x1d7c948
   +0x004 Initialized      : 0x8f ''
   +0x008 SsHandle         : 0x88000000 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21e7d0 - 0x21e6d0 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21e7d8 - 0x21e6d8 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21e6e0 - 0x21dca8 ]
   +0x024 EntryInProgress  : 0x75a50000 Void
   +0x028 ShutdownInProgress : 0x3d '='
   +0x02c ShutdownThreadId : 0x0015c000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021e7d0  0021e850 0021e750 0021e858 0021e758
   +0x000 Length           : 0x1d7c948
   +0x004 Initialized      : 0x9f ''
   +0x008 SsHandle         : 0x88000000 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21e850 - 0x21e750 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21e858 - 0x21e758 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21df40 - 0x21e860 ]
   +0x024 EntryInProgress  : 0x71d50000 Void
   +0x028 ShutdownInProgress : 0xf8 ''
   +0x02c ShutdownThreadId : 0x0002c000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021e850  0021e8d0 0021e7d0 0021e8d8 0021e7d8
   +0x000 Length           : 0x1d7c948
   +0x004 Initialized      : 0x6f 'o'
   +0x008 SsHandle         : 0x88000000 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21e8d0 - 0x21e7d0 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21e8d8 - 0x21e7d8 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21e7e0 - 0x21ea60 ]
   +0x024 EntryInProgress  : 0x71d10000 Void
   +0x028 ShutdownInProgress : 0xb7 ''
   +0x02c ShutdownThreadId : 0x0003a000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021e8d0  0021e950 0021e850 0021e958 0021e858
   +0x000 Length           : 0x1d7c948
   +0x004 Initialized      : 0x7f ''
   +0x008 SsHandle         : 0x88000000 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21e950 - 0x21e850 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21e958 - 0x21e858 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21ea60 - 0x21e9e0 ]
   +0x024 EntryInProgress  : 0x71c80000 Void
   +0x028 ShutdownInProgress : 0xb0 ''
   +0x02c ShutdownThreadId : 0x00083000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021e950  0021e9d0 0021e8d0 0021e9d8 0021e8d8
   +0x000 Length           : 0x1d7c948
   +0x004 Initialized      : 0x4f 'O'
   +0x008 SsHandle         : 0x88000000 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21e9d0 - 0x21e8d0 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21e9d8 - 0x21e8d8 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21e9e0 - 0x21e6e0 ]
   +0x024 EntryInProgress  : 0x749a0000 Void
   +0x028 ShutdownInProgress : 0x20 ' '
   +0x02c ShutdownThreadId : 0x00009000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021e9d0  0021ea50 0021e950 0021ea58 0021e958
   +0x000 Length           : 0x1d7c948
   +0x004 Initialized      : 0x5f '_'
   +0x008 SsHandle         : 0x88000000 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21ea50 - 0x21e950 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21ea58 - 0x21e958 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21e8e0 - 0x21e960 ]
   +0x024 EntryInProgress  : 0x73ea0000 Void
   +0x028 ShutdownInProgress : 0x3f '?'
   +0x02c ShutdownThreadId : 0x00013000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021ea50  0021ead0 0021e9d0 0021ead8 0021e9d8
   +0x000 Length           : 0x1d7c948
   +0x004 Initialized      : 0x2f '/'
   +0x008 SsHandle         : 0x88000000 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21ead0 - 0x21e9d0 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21ead8 - 0x21e9d8 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21e860 - 0x21e8e0 ]
   +0x024 EntryInProgress  : 0x77740000 Void
   +0x028 ShutdownInProgress : 0x38 '8'
   +0x02c ShutdownThreadId : 0x00005000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021ead0  0021ed50 0021ea50 0021ed58 0021ea58
   +0x000 Length           : 0x1d7c948
   +0x004 Initialized      : 0x3f '?'
   +0x008 SsHandle         : 0x88000000 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21ed50 - 0x21ea50 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21ed58 - 0x21ea58 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x776d789c - 0x21ed60 ]
   +0x024 EntryInProgress  : 0x757f0000 Void
   +0x028 ShutdownInProgress : 0x6d 'm'
   +0x02c ShutdownThreadId : 0x0002d000 Void

dd @$extret l4; dt ntdll!_PEB_LDR_DATA @$extret-0x00c 
0021ed50  0021edd0 0021ead0 0021edd8 0021ead8
   +0x000 Length           : 0x1d7c948
   +0x004 Initialized      : 0xcf ''
   +0x008 SsHandle         : 0x88000000 Void
   +0x00c InLoadOrderModuleList : _LIST_ENTRY [ 0x21edd0 - 0x21ead0 ]
   +0x014 InMemoryOrderModuleList : _LIST_ENTRY [ 0x21edd8 - 0x21ead8 ]
   +0x01c InInitializationOrderModuleList : _LIST_ENTRY [ 0x21eae0 - 0x21ede0 ]
   +0x024 EntryInProgress  : 0x75820000 Void
   +0x028 ShutdownInProgress : 0x8a ''
   +0x02c ShutdownThreadId : 0x0011d000 Void
2022-04-13
                         
暂无评论

发表回复