i386kd -z c: /winnt/memory.dmp debugged Memory image after Cash Dump
u: disassembly
DB DW DD: DUMP MEMORY
x: List Symbols
LN
, lnProcessFields: List the EPROCESS structure
Threadfields: List the Ethread structure
! drivers: List the loaded Driver
! SEL: Lists Selectors
Since PSAPI.DLL and ImageHLP.DLL are not part of the standard Win32 API, the header files and import libraries they need will not be automatically included in the Visual C / C project. Therefore, the four indicators listed in Listing 1-2 should appear in your original file. The first part is the required header file, the remainder is used to establish dynamic links with the export function in both DLLs.
#include
#include
#pragma comment (Linker, "/ defaultlib: imagehlp.dll")
#pragma comment (Linker, "/ Defaultlib: psapi.dll")
Listing 1-2 Add psapi.dll and imagehlp.dll to Visual C / C project
Translation:
In fact, you can also use static links as follows:
#pragma comment (lib, "psapi.lib")
#pragma comment (lib, "imagehlp.lib")
