Debugging Tools for Windows

!threadfields

!threadfields扩展命令显示执行线程块(ETHREAD)中的名字和偏移字段。

语法

!threadfields 

DLL

Windows 2000 Kdextx86.dll
Windows XP和之后 不可用(查看注释部分)

注释

该扩展命令在Windows XP和之后的系统中不能使用。可以用dt (Display Type)命令来直接显示ETHREAD结构:

kd> dt nt!_ETHREAD 

下面是在Windows 2000系统上的!threadfields示例:

kd> !threadfields
 ETHREAD structure offsets:

    Tcb:                           0x0
    CreateTime:                    0x1b0
    ExitTime:                      0x1b8
    ExitStatus:                    0x1c0
    PostBlockList:                 0x1c4
    TerminationPortList:           0x1cc
    ActiveTimerListLock:           0x1d4
    ActiveTimerListHead:           0x1d8
    Cid:                           0x1e0
    LpcReplySemaphore:             0x1e8
    LpcReplyMessage:               0x1fc
    LpcReplyMessageId:             0x200
    ImpersonationInfo:             0x208
    IrpList:                       0x20c
    TopLevelIrp:                   0x214
    ReadClusterSize:               0x21c
    ForwardClusterOnly:            0x220
    DisablePageFaultClustering:    0x221
    DeadThread:                    0x222
    HasTerminated:                 0x224
    GrantedAccess:                 0x228
    ThreadsProcess:                0x22c
    StartAddress:                  0x230
    Win32StartAddress:             0x234
    LpcExitThreadCalled:           0x238
    HardErrorsAreDisabled:         0x239

附加信息

关于ETHREAD块的信息,查看Mark Russinovich 和David Solomon 编写的Microsoft Windows Internals


© 2008 Microsoft Corporation
Send feedback on this topic
Debugging Tools for Windows
August 24, 2008
翻译:NetRoc
Build machine: CAPEBUILD