Skip to content

Commit

Permalink
Added new dx module query
Browse files Browse the repository at this point in the history
  • Loading branch information
lowleveldesign committed May 15, 2024
1 parent ff9030a commit 716751a
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion guides/using-windbg.md
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,7 @@ Then copy it to the machine with the symbol server access, and download the requ
symchk /im test.dmp.sym /s SRV*C:\symbols*https://msdl.microsoft.com/download/symbols
```

In WinDbgX, we may also list and filter modules with the **@$curprocess.Modules** property, for example:
In WinDbgX, we may also list and filter modules with the **@$curprocess.Modules** property. Some usage examples:

```shell
dx @$curprocess.Modules["win32u.dll"]
Expand All @@ -238,6 +238,9 @@ dx @$curprocess.Modules["win32u.dll"].Contents.Exports
# [0x0] : Function export of 'NtBindCompositionSurface'
# [0x1] : Function export of 'NtCloseCompositionInputSink'
# ...

# List modules with information if they have combase.dll as a direct import
dx -g @$curprocess.Modules.Select(m => new { Name = m.Name, HasCombase = m.Contents.Imports.Any(i => i.ModuleName == "combase.dll") })
```
Working with memory
Expand Down

0 comments on commit 716751a

Please sign in to comment.