dx command of windbg is strange when a dmp of windbg from raw2dmp is analyzed

Open sculida opened this issue 5 years ago • 0 comments

I got Windows7x64's memory, and then translated the dmp of windbg by raw2dmp. I opened the dmp by windbg. I typed the

!wow64exts.sw

the rsp was normal,

16.0: kd> r rsp Last set context: rsp=fffff8800817d1c0

But when I dx the address, windbg was quite strange.

16.3: kd> da fffff8800817d1c0 0000:d1c0 "????????????????????????????????" 0000:d1e0 "????????????????????????????????" 0000:d200 "????????????????????????????????" 0000:d220 "????????????????????????????????"

It seemed that windbg deal the address as 16bit number either 64bit number. I was sure that the stack memory was good because kb could show the frames and retaddr. Could you help me?

May 22 '20 03:05 sculida