can someone tell me the reason?
kd> !process 0 0 winlogon.exe
PROCESS 8205dc08 SessionId: 0 Cid: 0278 Peb: 7ffde000 ParentCid: 0170
DirBase: 085c0060 ObjectTable: e14ae920 HandleCount: 437.
Image: winlogon.exe
kd> .process /i 8205dc08
You need to continue execution (press 'g' <enter>) for the context
to be switched. When the debugger breaks in again, you will be in
the new process context.
kd> g
Break instruction exception - code 80000003 (first chance)
nt!RtlpBreakWithStatusInstruction:
80528bdc cc int 3
kd> .reload /u
Unloaded all modules
kd> .reload /user
Loading User Symbols
...............................................................
kd> lm
start end module name
01000000 0107d000 winlogon (deferred)
016f0000 01c39000 xpsp2res (deferred)
1f840000 1f857000 odbcint (deferred)
45d20000 45d28000 dimsntfy (deferred)
5adc0000 5adf7000 uxtheme (deferred)
5d170000 5d20a000 COMCTL32 (deferred)
5fdd0000 5fe25000 NETAPI32 (deferred)
62c20000 62c29000 LPK (deferred)
68000000 68036000 rsaenh (deferred)
71a10000 71a18000 WS2HELP (deferred)
71a20000 71a37000 WS2_32 (deferred)
71a90000 71aa2000 MPR (deferred)
71b70000 71b83000 SAMLIB (deferred)
72360000 7237a000 WINSCARD (deferred)
72f70000 72f96000 WINSPOOL (deferred)
73540000 7357d000 ODBC32 (deferred)
73640000 7366e000 msctfime (deferred)
73fa0000 7400b000 USP10 (deferred)
75890000 7589a000 PROFMAP (deferred)
758a0000 758a8000 NDdeApi (deferred)
758b0000 758ca000 WlNotify (deferred)
758d0000 759c1000 MSGINA (deferred)
759d0000 75a7f000 USERENV (deferred)
75e00000 75eae000 sxs (deferred)
76060000 761b6000 SETUPAPI (deferred)
762d0000 762e0000 WINSTA (deferred)
76300000 7631d000 IMM32 (deferred)
76320000 76367000 comdlg32 (deferred)
76570000 7658c000 cscdll (deferred)
76590000 765de000 cscui (deferred)
765e0000 76673000 CRYPT32 (deferred)
76990000 76acd000 ole32 (deferred)
76b10000 76b3a000 WINMM (deferred)
76b80000 76b85000 sfc (deferred)
76b90000 76b9f000 REGAPI (deferred)
76bc0000 76bcb000 PSAPI (deferred)
76c00000 76c2e000 WINTRUST (deferred)
76c30000 76c58000 sfc_os (deferred)
76c60000 76c88000 IMAGEHLP (deferred)
76cb0000 76cd0000 NTMARTA (deferred)
76d30000 76d48000 iphlpapi (deferred)
76d70000 76d92000 Apphelp (deferred)
76db0000 76dc2000 MSASN1 (deferred)
76e10000 76e33000 SHSVCS (deferred)
76f20000 76f28000 WTSAPI32 (deferred)
76f30000 76f5c000 WLDAP32 (deferred)
76fa0000 7701f000 CLBCATQ (deferred)
77020000 770ba000 COMRes (deferred)
770f0000 7717b000 OLEAUT32 (deferred)
77180000 77283000 comctl32_77180000 (deferred)
77bd0000 77bd8000 VERSION (deferred)
77be0000 77c38000 msvcrt (deferred)
77c40000 77c64000 msv1_0 (deferred)
77d10000 77da0000 USER32 (deferred)
77da0000 77e49000 ADVAPI32 (deferred)
77e50000 77ee2000 RPCRT4 (deferred)
77ef0000 77f39000 GDI32 (deferred)
77f40000 77fb6000 SHLWAPI (deferred)
77fc0000 77fd1000 Secur32 (deferred)
77fe0000 77ff2000 AUTHZ (deferred)
7c800000 7c91e000 kernel32 (deferred)
7c920000 7c9b3000 ntdll (pdb symbols) d:\symbol\ntdll.pdb\1751003260CA42598C0FB326585000ED2\ntdll.pdb
7d590000 7dd84000 SHELL32 (deferred)
Unloaded modules:
f899a000 f899f000 Cdaudio.SYS
f837c000 f837f000 Sfloppy.SYS
kd> db user32
77d10000 4d 5a 90 00 03 00 00 00-04 00 00 00 ff ff 00 00 MZ..............
77d10010 b8 00 00 00 00 00 00 00-40 00 00 00 00 00 00 00 ........@.......
77d10020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
77d10030 00 00 00 00 00 00 00 00-00 00 00 00 d8 00 00 00 ................
77d10040 0e 1f ba 0e 00 b4 09 cd-21 b8 01 4c cd 21 54 68 ........!..L.!Th
77d10050 69 73 20 70 72 6f 67 72-61 6d 20 63 61 6e 6e 6f is program canno
77d10060 74 20 62 65 20 72 75 6e-20 69 6e 20 44 4f 53 20 t be run in DOS
77d10070 6d 6f 64 65 2e 0d 0d 0a-24 00 00 00 00 00 00 00 mode....$.......
kd> u user32!messageboxA
USER32!MessageBoxA:
77d507ea ?? ???
^ Memory access error in 'u user32!messageboxA'
kd> !process 0 0 winlogon.exe
PROCESS 8205dc08 SessionId: 0 Cid: 0278 Peb: 7ffde000 ParentCid: 0170
DirBase: 085c0060 ObjectTable: e14ae920 HandleCount: 437.
Image: winlogon.exe
kd> .process /i 8205dc08
You need to continue execution (press 'g' <enter>) for the context
to be switched. When the debugger breaks in again, you will be in
the new process context.
kd> g
Break instruction exception - code 80000003 (first chance)
nt!RtlpBreakWithStatusInstruction:
80528bdc cc int 3
kd> .reload /u
Unloaded all modules
kd> .reload /user
Loading User Symbols
...............................................................
kd> lm
start end module name
01000000 0107d000 winlogon (deferred)
016f0000 01c39000 xpsp2res (deferred)
1f840000 1f857000 odbcint (deferred)
45d20000 45d28000 dimsntfy (deferred)
5adc0000 5adf7000 uxtheme (deferred)
5d170000 5d20a000 COMCTL32 (deferred)
5fdd0000 5fe25000 NETAPI32 (deferred)
62c20000 62c29000 LPK (deferred)
68000000 68036000 rsaenh (deferred)
71a10000 71a18000 WS2HELP (deferred)
71a20000 71a37000 WS2_32 (deferred)
71a90000 71aa2000 MPR (deferred)
71b70000 71b83000 SAMLIB (deferred)
72360000 7237a000 WINSCARD (deferred)
72f70000 72f96000 WINSPOOL (deferred)
73540000 7357d000 ODBC32 (deferred)
73640000 7366e000 msctfime (deferred)
73fa0000 7400b000 USP10 (deferred)
75890000 7589a000 PROFMAP (deferred)
758a0000 758a8000 NDdeApi (deferred)
758b0000 758ca000 WlNotify (deferred)
758d0000 759c1000 MSGINA (deferred)
759d0000 75a7f000 USERENV (deferred)
75e00000 75eae000 sxs (deferred)
76060000 761b6000 SETUPAPI (deferred)
762d0000 762e0000 WINSTA (deferred)
76300000 7631d000 IMM32 (deferred)
76320000 76367000 comdlg32 (deferred)
76570000 7658c000 cscdll (deferred)
76590000 765de000 cscui (deferred)
765e0000 76673000 CRYPT32 (deferred)
76990000 76acd000 ole32 (deferred)
76b10000 76b3a000 WINMM (deferred)
76b80000 76b85000 sfc (deferred)
76b90000 76b9f000 REGAPI (deferred)
76bc0000 76bcb000 PSAPI (deferred)
76c00000 76c2e000 WINTRUST (deferred)
76c30000 76c58000 sfc_os (deferred)
76c60000 76c88000 IMAGEHLP (deferred)
76cb0000 76cd0000 NTMARTA (deferred)
76d30000 76d48000 iphlpapi (deferred)
76d70000 76d92000 Apphelp (deferred)
76db0000 76dc2000 MSASN1 (deferred)
76e10000 76e33000 SHSVCS (deferred)
76f20000 76f28000 WTSAPI32 (deferred)
76f30000 76f5c000 WLDAP32 (deferred)
76fa0000 7701f000 CLBCATQ (deferred)
77020000 770ba000 COMRes (deferred)
770f0000 7717b000 OLEAUT32 (deferred)
77180000 77283000 comctl32_77180000 (deferred)
77bd0000 77bd8000 VERSION (deferred)
77be0000 77c38000 msvcrt (deferred)
77c40000 77c64000 msv1_0 (deferred)
77d10000 77da0000 USER32 (deferred)
77da0000 77e49000 ADVAPI32 (deferred)
77e50000 77ee2000 RPCRT4 (deferred)
77ef0000 77f39000 GDI32 (deferred)
77f40000 77fb6000 SHLWAPI (deferred)
77fc0000 77fd1000 Secur32 (deferred)
77fe0000 77ff2000 AUTHZ (deferred)
7c800000 7c91e000 kernel32 (deferred)
7c920000 7c9b3000 ntdll (pdb symbols) d:\symbol\ntdll.pdb\1751003260CA42598C0FB326585000ED2\ntdll.pdb
7d590000 7dd84000 SHELL32 (deferred)
Unloaded modules:
f899a000 f899f000 Cdaudio.SYS
f837c000 f837f000 Sfloppy.SYS
kd> db user32
77d10000 4d 5a 90 00 03 00 00 00-04 00 00 00 ff ff 00 00 MZ..............
77d10010 b8 00 00 00 00 00 00 00-40 00 00 00 00 00 00 00 ........@.......
77d10020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
77d10030 00 00 00 00 00 00 00 00-00 00 00 00 d8 00 00 00 ................
77d10040 0e 1f ba 0e 00 b4 09 cd-21 b8 01 4c cd 21 54 68 ........!..L.!Th
77d10050 69 73 20 70 72 6f 67 72-61 6d 20 63 61 6e 6e 6f is program canno
77d10060 74 20 62 65 20 72 75 6e-20 69 6e 20 44 4f 53 20 t be run in DOS
77d10070 6d 6f 64 65 2e 0d 0d 0a-24 00 00 00 00 00 00 00 mode....$.......
kd> u user32!messageboxA
USER32!MessageBoxA:
77d507ea ?? ???
^ Memory access error in 'u user32!messageboxA'
