Home > OS >  What do the columns represent for the following Windbg command uf nt!KiSwapContext
What do the columns represent for the following Windbg command uf nt!KiSwapContext

Time:03-02

What do the first three columns stand for after entering the following command

uf nt!KiSwapContext ?

Here is the result displayed in the Windbg command prompt:

lkd> uf nt!KiSwapContext
nt!KiSwapContext:
fffff803`5c143fa0 4881ec38010000  sub     rsp,138h
fffff803`5c143fa7 488d842400010000 lea     rax,[rsp 100h]
fffff803`5c143faf 0f29742430      movaps  xmmword ptr [rsp 30h],xmm6
fffff803`5c143fb4 0f297c2440      movaps  xmmword ptr [rsp 40h],xmm7
fffff803`5c143fb9 440f29442450    movaps  xmmword ptr [rsp 50h],xmm8
fffff803`5c143fbf 440f294c2460    movaps  xmmword ptr [rsp 60h],xmm9
fffff803`5c143fc5 440f29542470    movaps  xmmword ptr [rsp 70h],xmm10
.....

Taking for example the following line as shown above what does the first three column addresses stand for ? Could someone also recommend a good place to start learning about the output rendered by Windbg if I wanted to try other Windbg commands ?

fffff803`5c143fa0 4881ec38010000  sub     rsp,138h

CodePudding user response:

The first column (fffff803`5c143fa0) is the 64 bit instruction address, the backtick in the middle is only there to make the address easier to read by separating the upper and lower 32 bits of the address. More specifically it's the address of the first byte of the instruction.

The second column (4881ec38010000) is the bytes that make up the instruction, and the remainder of the line (sub rsp,138h) is the instruction decoded into the corresponding assembly (Intel syntax).

Page link:https//www.codepudding.com/os/320226.html

Prev:Decode Korean String from Bytes in Java
Next:Is there a way, on Windows 10, to get a list of the most opened folders (given a certain period of t
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding