RT
通过“任务管理器”能够看到各个进程所占用的内存数目。驱动程序 也是pe结构 ,应该也有占用内存的说法吧??
但是如何查看各个驱动占用的内存呢??
比如 网卡驱动,显卡驱动等占用了多少内存,该如何查看呢??
有啥工具可以看到吗??还是有相关的函数,需要自己写???求推荐求指导求帮助~~
通过“任务管理器”能够看到各个进程所占用的内存数目。驱动程序 也是pe结构 ,应该也有占用内存的说法吧??
但是如何查看各个驱动占用的内存呢??
比如 网卡驱动,显卡驱动等占用了多少内存,该如何查看呢??
有啥工具可以看到吗??还是有相关的函数,需要自己写???求推荐求指导求帮助~~
00000000`617e0000 00000000`61c65000 dbgeng dbgeng.dll Tue Feb 02 04:15:54 2010 (4B67367A)
00000000`641a0000 00000000`641ee000 symsrv symsrv.dll Tue Feb 02 04:15:48 2010 (4B673674)
00000000`6e870000 00000000`6ea06000 dbghelp dbghelp.dll Tue Feb 02 04:15:44 2010 (4B673670)
00000000`76ba0000 00000000`76cbf000 kernel32 kernel32.dll Tue Aug 21 02:45:21 2012 (503285C1)
00000000`76cc0000 00000000`76dba000 USER32 USER32.dll Sat Nov 20 21:15:29 2010 (4CE7C9F1)
00000000`773c0000 00000000`77569000 ntdll ntdll.dll Thu Nov 17 14:32:46 2011 (4EC4AA8E)
00000001`3f0e0000 00000001`3f191000 windbg windbg.exe Tue Feb 02 04:15:50 2010 (4B673676)
000007fe`f42c0000 000007fe`f4386000 MSFTEDIT MSFTEDIT.DLL Sat Nov 20 21:06:53 2010 (4CE7C7ED)
000007fe`f6090000 000007fe`f60a8000 MPR MPR.dll Tue Jul 14 09:29:24 2009 (4A5BDF74)
000007fe`fc060000 000007fe`fc0b6000 uxtheme uxtheme.dll Tue Jul 14 09:34:11 2009 (4A5BE093)
000007fe`fc240000 000007fe`fc434000 COMCTL32 COMCTL32.dll Sat Nov 20 20:51:39 2010 (4CE7C45B)
000007fe`fc730000 000007fe`fc73c000 VERSION VERSION.dll Sat Jul 09 13:26:42 2011 (4E17E692)
000007fe`fd520000 000007fe`fd52f000 CRYPTBASE CRYPTBASE.dll Tue Jul 14 09:29:53 2009 (4A5BDF91)
000007fe`fd810000 000007fe`fd84b000 WINMM WINMM.dll Tue Jul 14 09:34:40 2009 (4A5BE0B0)
000007fe`fd850000 000007fe`fd8bc000 KERNELBASE KERNELBASE.dll Tue Aug 21 02:45:22 2012 (503285C2)
000007fe`fd9d0000 000007fe`fd9e8000 dwmapi dwmapi.dll Tue Jul 14 09:28:07 2009 (4A5BDF27)
000007fe`fda60000 000007fe`fdb3b000 ADVAPI32 ADVAPI32.dll Tue Jul 14 09:24:59 2009 (4A5BDE6B)
000007fe`fdb40000 000007fe`fdb5f000 sechost sechost.dll Tue Jul 14 09:33:18 2009 (4A5BE05E)
000007fe`fdb60000 000007fe`fe8e8000 SHELL32 SHELL32.dll Sat Jun 09 13:32:28 2012 (4FD2DFEC)
000007fe`fe910000 000007fe`fe9d9000 USP10 USP10.dll Sat Nov 20 21:15:33 2010 (4CE7C9F5)
000007fe`fea30000 000007fe`feacf000 msvcrt msvcrt.dll Fri Dec 16 16:37:19 2011 (4EEB033F)
000007fe`fead0000 000007fe`febd9000 MSCTF MSCTF.dll Tue Jul 14 09:30:18 2009 (4A5BDFAA)
000007fe`febe0000 000007fe`fec77000 COMDLG32 COMDLG32.dll Sat Nov 20 20:59:33 2010 (4CE7C635)
000007fe`fef80000 000007fe`fef8e000 LPK LPK.dll Tue Jul 14 09:29:03 2009 (4A5BDF5F)
000007fe`fef90000 000007fe`ff001000 SHLWAPI SHLWAPI.dll Sat Nov 20 21:14:19 2010 (4CE7C9AB)
000007fe`ff010000 000007fe`ff213000 ole32 ole32.dll Sat Nov 20 21:12:12 2010 (4CE7C92C)
000007fe`ff320000 000007fe`ff34e000 IMM32 IMM32.DLL Tue Jul 14 09:28:32 2009 (4A5BDF40)
000007fe`ff450000 000007fe`ff57d000 RPCRT4 RPCRT4.dll Sat Nov 20 21:13:18 2010 (4CE7C96E)
000007fe`ff580000 000007fe`ff5e7000 GDI32 GDI32.dll Sat Nov 20 21:00:01 2010 (4CE7C651)
000007fe`ff5f0000 000007fe`ff6c7000 OLEAUT32 OLEAUT32.DLL Sat Aug 27 13:21:44 2011 (4E587EE8)
fffff800`05a0e000 fffff800`05a57000 hal hal.dll Sat Nov 20 21:00:25 2010 (4CE7C669)
fffff800`05a57000 fffff800`0603f000 nt ntkrnlmp.exe Thu Aug 30 23:11:58 2012 (503F82BE)
fffff800`06433000 fffff800`0643d000 kdcom kdcom.dll Sun Feb 06 00:52:49 2011 (4D4D8061)
fffff880`00c00000 fffff880`00cc0000 CI CI.dll Sat Nov 20 21:12:36 2010 (4CE7C944)
fffff880`00cc0000 fffff880`00cd0000 PCIIDEX PCIIDEX.SYS Tue Jul 14 07:19:48 2009 (4A5BC114)
fffff880`00cd0000 fffff880`00cfc000 360netmon 360netmon.sys Wed May 30 10:01:20 2012 (4FC57F70)
fffff880`00cfd000 fffff880`00d0a000 mcupdate_AuthenticAMD mcupdate_AuthenticAMD.dll Tue Jul 14 09:29:09 2009 (4A5BDF65)
fffff880`00d0a000 fffff880`00d1e000 PSHED PSHED.dll Tue Jul 14 09:32:23 2009 (4A5BE027)
fffff880`00d1e000 fffff880`00d7c000 CLFS CLFS.SYS Tue Jul 14 07:19:57 2009 (4A5BC11D)
fffff880`00d7c000 fffff880`00dc8000 fltmgr fltmgr.sys Sat Nov 20 17:19:24 2010 (4CE7929C)
fffff880`00dc8000 fffff880`00ddc000 fileinfo fileinfo.sys Tue Jul 14 07:34:25 2009 (4A5BC481)
fffff880`00ddc000 fffff880`00dfe000 tdx tdx.sys Sat Nov 20 17:21:54 2010 (4CE79332)
fffff880`00e00000 fffff880`00e1a000 mountmgr mountmgr.sys Sat Nov 20 17:19:21 2010 (4CE79299)
fffff880`00e1a000 fffff880`00e23000 atapi atapi.sys Tue Jul 14 07:19:47 2009 (4A5BC113)
fffff880`00e23000 fffff880`00e4d000 ataport ataport.SYS Sat Nov 20 17:19:15 2010 (4CE79293)
fffff880`00e51000 fffff880`00ef5000 Wdf01000 Wdf01000.sys Tue Jul 14 07:22:07 2009 (4A5BC19F)
fffff880`00ef5000 fffff880`00f04000 WDFLDR WDFLDR.SYS Tue Jul 14 07:19:54 2009 (4A5BC11A)
fffff880`00f04000 fffff880`00f37000 pci pci.sys Sat Nov 20 17:19:11 2010 (4CE7928F)
fffff880`00f37000 fffff880`00f4c000 partmgr partmgr.sys Sat Mar 17 13:06:09 2012 (4F641BC1)
fffff880`00f4c000 fffff880`00f58000 BATTC BATTC.SYS Tue Jul 14 07:31:01 2009 (4A5BC3B5)
fffff800`05a0e000 fffff800`05a57000 hal (deferred)
Image path: hal.dll
Image name: hal.dll
Timestamp: Sat Nov 20 21:00:25 2010 (4CE7C669)
CheckSum: 000404C3
ImageSize: 00049000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`05a57000 fffff800`0603f000 nt (pdb symbols) d:\work\symsl\ntkrnlmp.pdb\B2DA40502FA744C18B9022FD187ADB592\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Thu Aug 30 23:11:58 2012 (503F82BE)
CheckSum: 00554126
ImageSize: 005E8000
File version: 6.1.7601.17944
Product version: 6.1.7601.17944
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.1.7601.17944
FileVersion: 6.1.7601.17944 (win7sp1_gdr.120830-0333)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`06433000 fffff800`0643d000 kdcom (deferred)
Image path: kdcom.dll
Image name: kdcom.dll
Timestamp: Sun Feb 06 00:52:49 2011 (4D4D8061)
CheckSum: 0000F59B
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00c00000 fffff880`00cc0000 CI (deferred)
Image path: \SystemRoot\system32\CI.dll
Image name: CI.dll
Timestamp: Sat Nov 20 21:12:36 2010 (4CE7C944)
CheckSum: 000CB0F6
ImageSize: 000C0000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00cc0000 fffff880`00cd0000 PCIIDEX (deferred)
Image path: \SystemRoot\system32\drivers\PCIIDEX.SYS
Image name: PCIIDEX.SYS
Timestamp: Tue Jul 14 07:19:48 2009 (4A5BC114)
CheckSum: 00019CC5
ImageSize: 00010000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00cd0000 fffff880`00cfc000 360netmon (deferred)
Image path: \SystemRoot\system32\DRIVERS\360netmon.sys
Image name: 360netmon.sys
Timestamp: Wed May 30 10:01:20 2012 (4FC57F70)
CheckSum: 0001C7DE
ImageSize: 0002C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00cfd000 fffff880`00d0a000 mcupdate_AuthenticAMD (deferred)
Image path: \SystemRoot\system32\mcupdate_AuthenticAMD.dll
Image name: mcupdate_AuthenticAMD.dll
Timestamp: Tue Jul 14 09:29:09 2009 (4A5BDF65)
CheckSum: 0000BABC
ImageSize: 0000D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00d0a000 fffff880`00d1e000 PSHED (deferred)
Image path: \SystemRoot\system32\PSHED.dll
Image name: PSHED.dll
Timestamp: Tue Jul 14 09:32:23 2009 (4A5BE027)
CheckSum: 0000F762
ImageSize: 00014000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00d1e000 fffff880`00d7c000 CLFS (deferred)
Image path: \SystemRoot\system32\CLFS.SYS
Image name: CLFS.SYS
Timestamp: Tue Jul 14 07:19:57 2009 (4A5BC11D)
CheckSum: 00065C46
ImageSize: 0005E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00d7c000 fffff880`00dc8000 fltmgr (deferred)
Image path: \SystemRoot\system32\drivers\fltmgr.sys
Image name: fltmgr.sys
Timestamp: Sat Nov 20 17:19:24 2010 (4CE7929C)
CheckSum: 0005452D
ImageSize: 0004C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00dc8000 fffff880`00ddc000 fileinfo (deferred)
Image path: \SystemRoot\system32\drivers\fileinfo.sys
Image name: fileinfo.sys
Timestamp: Tue Jul 14 07:34:25 2009 (4A5BC481)
CheckSum: 00015644
ImageSize: 00014000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00ddc000 fffff880`00dfe000 tdx (deferred)
Image path: \SystemRoot\system32\DRIVERS\tdx.sys
Image name: tdx.sys
Timestamp: Sat Nov 20 17:21:54 2010 (4CE79332)
CheckSum: 000288B2
ImageSize: 00022000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00e00000 fffff880`00e1a000 mountmgr (deferred)
Image path: \SystemRoot\System32\drivers\mountmgr.sys
Image name: mountmgr.sys
Timestamp: Sat Nov 20 17:19:21 2010 (4CE79299)
CheckSum: 00022621
ImageSize: 0001A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00e1a000 fffff880`00e23000 atapi (deferred)
Image path: \SystemRoot\system32\drivers\atapi.sys
Image name: atapi.sys
Timestamp: Tue Jul 14 07:19:47 2009 (4A5BC113)
CheckSum: 000065BB
ImageSize: 00009000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00e23000 fffff880`00e4d000 ataport (deferred)
Image path: \SystemRoot\system32\drivers\ataport.SYS
Image name: ataport.SYS
Timestamp: Sat Nov 20 17:19:15 2010 (4CE79293)
CheckSum: 000287EF
ImageSize: 0002A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00e51000 fffff880`00ef5000 Wdf01000 (deferred)
Image path: \SystemRoot\system32\drivers\Wdf01000.sys
Image name: Wdf01000.sys
Timestamp: Tue Jul 14 07:22:07 2009 (4A5BC19F)
CheckSum: 000A2E74
ImageSize: 000A4000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00ef5000 fffff880`00f04000 WDFLDR (deferred)
Image path: \SystemRoot\system32\drivers\WDFLDR.SYS
Image name: WDFLDR.SYS
Timestamp: Tue Jul 14 07:19:54 2009 (4A5BC11A)
CheckSum: 00011010
ImageSize: 0000F000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00f04000 fffff880`00f37000 pci (deferred)
Image path: \SystemRoot\system32\drivers\pci.sys
Image name: pci.sys
Timestamp: Sat Nov 20 17:19:11 2010 (4CE7928F)
CheckSum: 00033150
ImageSize: 00033000
File version: 6.1.7601.17514
Product version: 6.1.7601.17514
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pci.sys
OriginalFilename: pci.sys
ProductVersion: 6.1.7601.17514
FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
FileDescription: NT Plug and Play PCI Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff880`00f37000 fffff880`00f4c000 partmgr (deferred)
Image path: \SystemRoot\System32\drivers\partmgr.sys
Image name: partmgr.sys
Timestamp: Sat Mar 17 13:06:09 2012 (4F641BC1)
CheckSum: 0001DFC8
ImageSize: 00015000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00f4c000 fffff880`00f58000 BATTC (deferred)
Image path: \SystemRoot\system32\DRIVERS\BATTC.SYS
Image name: BATTC.SYS
Timestamp: Tue Jul 14 07:31:01 2009 (4A5BC3B5)
CheckSum: 000083B1
ImageSize: 0000C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00f58000 fffff880`00f6d000 volmgr (deferred)
Image path: \SystemRoot\system32\drivers\volmgr.sys
Image name: volmgr.sys
Timestamp: Sat Nov 20 17:19:28 2010 (4CE792A0)
CheckSum: 00019F72
ImageSize: 00015000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00f6d000 fffff880`00fc9000 volmgrx (deferred)
Image path: \SystemRoot\System32\drivers\volmgrx.sys
Image name: volmgrx.sys
Timestamp: Sat Nov 20 17:20:43 2010 (4CE792EB)
CheckSum: 00065F6D
ImageSize: 0005C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00fc9000 fffff880`00fe9000 vmci (deferred)
Image path: \SystemRoot\system32\DRIVERS\vmci.sys
Image name: vmci.sys
Timestamp: Wed Jul 27 10:42:09 2011 (4E2F7B01)
CheckSum: 000212F9
ImageSize: 00020000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00fe9000 fffff880`00ff4000 msahci (deferred)
Image path: \SystemRoot\system32\drivers\msahci.sys
Image name: msahci.sys
Timestamp: Sat Nov 20 18:33:58 2010 (4CE7A416)
CheckSum: 00017292
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`00ff4000 fffff880`00fff000 amdxata (deferred)
Image path: \SystemRoot\system32\drivers\amdxata.sys
Image name: amdxata.sys
Timestamp: Sat Mar 20 00:18:18 2010 (4BA3A3CA)
CheckSum: 000092B7
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`01000000 fffff880`01009000 WMILIB (deferred)
typedef struct _SYSTEM_MODULE_INFORMATION // Information Class 11
{
ULONG Reserved[2];
PVOID Base;
ULONG Size;
ULONG Flags;
USHORT Index;
USHORT Unknown;
USHORT LoadCount;
USHORT ModuleNameOffset;
CHAR ImageName[256];
} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
你3楼那样的格式是怎么输出来的啊??网上全都是说“LM的一个扩展命令是"lm t n"” 。就是没有别的lm的命令参数了,试了几个都不对...这个命令行又不像cmd那样可以“lm -?” ... 怎么输lm后面的参数,才能输出你3楼那样的格式啊?