| |||
| hkfiyon |
| ||
| 发帖: 10 积分: 0 注册: 2004-10-31 | 怎么才能关掉一个用任务管理器关不了的进程? 我前段时间发现我的机子里多了一个进程,只要开机就在,我用任务管理器却怎么关也关不了,大家帮忙呀! --- 世上最遥远的距离 不是生与死的距离 不是天各一方 而是我就站在你面前 你却不知道我爱你 | ||
| zzzevazzz |
| ||
| 发帖: 208 积分: 0 注册: 2002-05-13 | 杀进程很容易,随便找个工具都行。比如IceSword。 关键是找到这个进程的启动方式,不然下次重启它又出来了。 顺便教大家一招狠的。其实用Windows自带的工具就能杀大部分进程: c:/>ntsd -c q -p PID 只有System、SMSS.EXE和CSRSS.EXE不能杀。 前两个是纯内核态的,最后那个是Win32子系统,ntsd本身需要它。 --- Ph4nt0m Security Team http://ph4nt0m.org/ | ||
| ircadmin |
| ||
| 发帖: 6 积分: 0 注册: 2004-09-25 | 汗.还不知道有ntsd这个命令... | ||
| allyesno |
| ||
| 发帖: 467 积分: 0 注册: 2003-06-06 | 哈。。。eva怎么搞出ntsd来得 不错 不错
--- 0 12 345 6789 | ||
| allyesno |
| ||
| 发帖: 467 积分: 0 注册: 2003-06-06 | NtsdNtsd 按照惯例也向软件开发人员提供。只有系统开发人员使用此命令。有关详细信息,请参阅 NTSD 中所附的帮助文件。 winxp 真贱 怪不得我没发现 usage: ntsd [-?] [-2] [-d] [-g] [-G] [-myob] [-lines] [-n] [-o] [-s] [-v] [-w] [-r BreakErrorLevel] [-t PrintErrorLevel] [-hd] [-pd] [-pe] [-pt #] [-pv] [-x | -x{e|d|n|i} <event>] [-- | -p pid | -pn name | command-line | -z CrashDmpFile] [-zp CrashPageFile] [-premote transport] [-robp] [-aDllName] [-c "command"] [-i ImagePath] [-y SymbolsPath] [-clines #] [-srcpath SourcePath] [-QR //machine] [-wake <pid>] [-remote transport:server=name,portid] [-server transport:portid] [-ses] [-sfce] [-sicv] [-snul] [-noio] [-failinc] [-noshell] where: -? displays this help text command-line is the command to run under the debugger -- is the same as -G -g -o -p -1 -d -pd -aDllName sets the default extension DLL -c executes the following debugger command -clines number of lines of output history retrieved by a remote client -failinc causes incomplete symbol and module loads to fail -d sends all debugger output to kernel debugger via DbgPrint -d cannot be used with debugger remoting -d can only be used when the kernel debugger is enabled -g ignores initial breakpoint in debuggee -G ignores final breakpoint at process termination -hd specifies that the debug heap should not be used for created processes. This only works on Windows Whistler. -o debugs all processes launched by debuggee -p pid specifies the decimal process Id to attach to -pd specifies that the debugger should automatically detach -pe specifies that any attach should be to an existing debug port -pn name specifies the name of the process to attach to -pt # specifies the interrupt timeout -pv specifies that any attach should be noninvasive -r specifies the (0-3) error level to break on (SeeSetErrorLevel) -robp allows breakpoints to be set in read-only memory -t specifies the (0-3) error level to display (SeeSetErrorLevel) -w specifies to debug 16 bit applications in a separate VDM -x sets second-chance break on AV exceptions -x{e|d|n|i} <event> sets the break status for the specified event -2 creates a separate console window for debuggee -i ImagePath specifies the location of the executables that generated the fault (see _NT_EXECUTABLE_IMAGE_PATH) -lines requests that line number information be used if present -myob ignores version mismatches in DBGHELP.DLL -n enables verbose output from symbol handler -noio disables all I/O for dedicated remoting servers -noshell disables the .shell (!!) command -QR <//machine> queries for remote servers -s disables lazy symbol loading -ses enables strict symbol loading -sfce fails critical errors encountered during file searching -sicv ignores the CV record when symbol loading -snul disables automatic symbol loading for unqualified names -srcpath <SourcePath> specifies the source search path -v enables verbose output from debugger -wake <pid> wakes up a sleeping debugger and exits -y <SymbolsPath> specifies the symbol search path (see _NT_SYMBOL_PATH) -z <CrashDmpFile> specifies the name of a crash dump file to debug -zp <CrashPageFile> specifies the name of a page.dmp file to use with a crash dump -remote lets you connect to a debugger session started with -server must be the first argument if present transport: tcp | npipe | ssl | spipe | 1394 | com name: machine name on which the debug server was created portid: id of the port the debugger server was created on for tcp use: port=<socket port #> for npipe use: pipe=<name of pipe> for 1394 use: channel=<channel #> for com use: port=<COM port>,baud=<baud rate>, channel=<channel #> for ssl and spipe see the documentation example: ... -remote npipe:server=yourmachine,pipe=foobar -server creates a debugger session other people can connect to must be the first argument if present transport: tcp | npipe | ssl | spipe | 1394 | com portid: id of the port remote users can connect to for tcp use: port=<socket port #> for npipe use: pipe=<name of pipe> for 1394 use: channel=<channel #> for com use: port=<COM port>,baud=<baud rate>, channel=<channel #> for ssl and spipe see the documentation example: ... -server npipe:pipe=foobar -premote transport specifies the process server to connect to transport arguments are given as with remoting Environment Variables: _NT_SYMBOL_PATH=[Drive:][Path] Specify symbol image path. _NT_ALT_SYMBOL_PATH=[Drive:][Path] Specify an alternate symbol image path. _NT_DEBUGGER_EXTENSION_PATH=[Drive:][Path] Specify a path which should be searched first for extensions dlls _NT_EXECUTABLE_IMAGE_PATH=[Drive:][Path] Specify executable image path. _NT_SOURCE_PATH=[Drive:][Path] Specify source file path. _NT_DEBUG_LOG_FILE_OPEN=filename If specified, all output will be written to this file from offset 0. _NT_DEBUG_LOG_FILE_APPEND=filename If specified, all output will be APPENDed to this file. _NT_DEBUG_HISTORY_SIZE=size Specifies the size of a server's output history in kilobytes Control Keys: <Ctrl-B><Enter> Quit debugger <Ctrl-C> Break into Target <Ctrl-F><Enter> Force a break into debuggee (same as Ctrl-C) <Ctrl-P><Enter> Debug Current debugger <Ctrl-V><Enter> Toggle Verbose mode <Ctrl-W><Enter> Print version information ntsd: exiting - press enter --- --- 0 12 345 6789 | ||
Ntsd
最新推荐文章于 2024-05-23 20:18:39 发布
扫一扫
4176
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
