记得安全焦点上曾经有一个帖子问到过相关的问题,说是缺少livekd.sys。主要就是由于设置不对导致livekd无法使用。有些人是直接把livekd.exe放到windbg目录下运行,当然没有符号文件白费的,今天又有个人遇到了同样的问题。其实设置起来很简单。
第一步当然要保证livekd在Debugging Tools for Windows的安装目录下。
然后右击我的电脑→属性→高级→环境变量。在用户变量处添加一个变量名为 _NT_SYMBOL_PATH 变量值为srv*c:/sym*http://msdl.microsoft.com/download/symbols 的变量。然后确定。
在运行livekd.exe 这样就可以使用了。第一次运行肯定会慢一些。呵呵,之后在运行就会快些了,因为第一次运行是从微软下载符号文件,在运行的时候就是从本机加载了。
[quote]
LiveKd v2.11 - Execute i386kd/windbg/dumpchk on a live system
Sysinternals - wwww.sysinternals.com
Copyright (C) 2000-2004 Mark Russinovich
Launching C:/Program Files/Debugging Tools for Windows/kd.exe:
Microsoft (R) Windows Debugger Version 6.4.0007.2
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:/WINNT/system32/livekd.dmp]
Kernel Complete Dump File: Full address space is available
Comment: 'LiveKD live system view'
Symbol search path is: srv*c:/sym*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 2000 Kernel Version 2195 (Service Pack 4) UP Free x86 compatible
Product: WinNt
Kernel base = 0x80400000 PsLoadedModuleList = 0x8046e1b8
Debug session time: Sun Feb 13 10:34:57.897 17420 (GMT+8)
System Uptime: 0 days 1:05:05.168
WARNING: Process directory table base 043E1000 doesn't match CR3 11ADE000
WARNING: Process directory table base 043E1000 doesn't match CR3 11ADE000
Loading Kernel Symbols
................................................................................
............
Loading unloaded module list
................
Loading User Symbols
..................................................
*** ERROR: Module load completed but symbols could not be loaded for LiveKdD.SYS
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 0, {0, 0, 0, 0}
Probably caused by : LiveKdD.SYS ( LiveKdD+12b1 )
Followup: MachineOwner
---------
kd>
[/quote]