2024年11月ntsd.exe(win7能用的微软进程终止软件ntsd.exe)下载

发布时间:

  ⑴ntsd.exe(win能用的微软官方进程终止软件ntsd.exe)下载,可用于强制结束进程,NTSD的功能非常的强大,用它强行结束某个比较顽固的进程还是很好用的,基本上除了WINDOWS系统自己的管理进程,ntsd几乎都可以杀掉。XP下是自带的,但是Win没有,下载后解压到C:/windows/system下,然后在cmd下,就可以进行操作了。

  ⑵进程文件: ntsd or ntsd.exe

  ⑶进程名称: Symbolic Debugger for Windows 。ntsd.exe是Microsoft Windows

  ⑷系统自带的用户态调试工具。可用它结束掉除SystemSMSS.EXECSRSS.EXE以外的所有进程。该程序经常被病毒利用,用来强制结束杀毒软件进程。

  ⑸NTSD(Microsoft Windows NT Symbolic/Systems Debugger)是Windows (Microsoft

  ⑹Windows XP)默认安装的一

  ⑺个调试器。这其实是一个命令行版本的WinDBG,功能上稍微缩了一点水,但是对一般的调试

  ⑻来说是足够用了。

  ⑼NTSD的功能非常的强大,用它强行结束某个比较顽固的进程还是很好用的,基本上除了WINDOWS系统自己的管理进程,ntsd几乎都可以杀掉。XP下是自带的,但是Win没有,下载后解压到C:/windows/system下,然后在cmd下,就可以进行操作了。

  ⑽ntsd -c q -pn ***.exe (***.exe 为进程名,exe不能省)

  ⑾ntsd -c q -p PID

  ⑿命令范例:ntsd -c q -pn explorer.exe

  ⒀usage: NTSD [-v] [-] [-d] [-o] [-g] [-G] [-w] [-lines]

  ⒁[-aDllName] [-s] [-r BreakErrorLevel] [-t PrintErrorLevel]

  ⒂[-hd] [-x | -xd [except#] | -xe [except#]] [-e] [-z]

  ⒃[-- | -p pid | mand-line]

  ⒄where: -? displays this help text

  ⒅-aDllName sets the default extension DLL

  ⒆-c executes the following debugger mand

  ⒇指定要执行的调试命令,多个命令之间用“;”分隔

  ⒈-d sends all debugger output to kernel debugger via DbgPrint

  ⒉-g ignores initial breakpoint in debuggee

  ⒊-G ignores final breakpoint at process termination

  ⒋-hd disables heap manager validity checking

  ⒌-i ignores AV generated by loader fixups on pre. systems

  ⒍-lines requests that line number information be used if present

  ⒎-syms:{yes|no} allow or disallow loading symbols from a work path

  ⒏-o debugs all processes launched by debuggee

  ⒐-r specifies the (-) error level to break on (SeeSetErrorLevel)

  ⒑-s disables lazy symbol loading

  ⒒-t specifies the (-) error level to display (SeeSetErrorLevel)

  ⒓-v enables verbose output from debugger

  ⒔-n enables verbose output from symbol handler

  ⒕-w specifies to debug bit applications in a separate VDM

  ⒖-x disables break on AV exceptions

  ⒗-xd disables stopping on specified exception

  ⒘-xe enables stopping on specified exception

  ⒙-z reserved for OS/ debugging

  ⒚- creates a separate console window for debuggee

  ⒛对于控制台程序,将输出定向到另一个窗口而不在NTSD窗口显示

  ①-- is the same as -G -g -o -p -

  ②-p pid specifies the decimal process Id to attach to

  ③指定要调试的进程号,用于调试已经运行的程序

  ④mand-line is the mand to run under the debugger

  ⑤Environment Variables:

  ⑥_NT_SYMBOL_PATH=[Drive:][Path]

  ⑦Specify symbol image path. (Default = %SystemRoot%)

  ⑧_NT_ALT_SYMBOL_PATH=[Drive:][Path]

  ⑨Specify an alternate symbol image path.

  ⑩_NT_DEBUG_EXTENSIONS=dllname(s)

  ⅠIf specified, it is a semi-colon separated list of debugger extension DLL

  ⅡThis specifies the search order when resolving debugger extension

  Ⅲmands

  Ⅳ] - assemble

  Ⅴ在指定地址输入汇编语句

  ⅥBC[] - clear breakpoint(s)

  ⅦBD[] - disable breakpoint(s)

  ⅧBE[] - enable breakpoint(s)

  ⅨBL[] - list breakpoint(s)

  Ⅹ- set breakpoint

  ㈠- pare

  ㈡D[type][] - dump memory

  ㈢显示指定内存范围

  ㈣[] - enter

  ㈤在指定地址输入数据

  ㈥F - fill

  ㈦在指定内存段填充数据

  ㈧...]] - go

  ㈨J [']cmd['];[']cmd['] - conditional execution

  ㈩K - stacktrace

  KB = - stacktrace from specific state

  L{+|-}[lost*] - Control source options

  LN - list near

  参数为地址或者函数,显示距离参数中指定地址或者函数最近的函数

  LS[.] [][,] - List source file lines

  LSA [,][,] - List source file lines at addr

  LSC - Show current source file and line

  LSF[-] - Load or unload a source file for browsing

  N [] - set / show radix

  P[R] [=] [] - program step

  Q - quit

  #R - multiprocessor register dump

  多处理器环境下显示寄存器

  R[F][L][M ] [[ [= ]]] - reg/flag

  Rm[?] [] - Control prompt register output mask

  S - search

  在指定地址范围内搜寻字符串

  :> s df ec ff e //从user的空间中找jmp esp

  :> s df ec 'W' 'I' 'N' 'N' 'T' //搜索字符串“WINNT”

  SS - set symbol suffix

  SX [e|d [|*|]] - exception

  ] [] - trace

  U [] - unassemble

  显示反汇编语句,同softice的U命令

  X [!] - view symbols

  显示符号,支持通配符,类似于softice的exp命令

  :> x user!* //显示user的所有符号

  :> x user!ws* //显示user的所有以ws开头的符号

  dffa USER!wsprintfW

  ea USER!wsprintfA

  .logopen [] - open new log file

  指定日志文件,开启屏幕记录非常有用的功能

  .logappend [] - append to log file

  添加到已存在的日志文件

  .logclose - close log file

  ~ - list threads status

  ~#s - set default thread

  ~[.|#|*|ddd]f - freeze thread

  ~[.|#|ddd]k[expr] - backtrace stack

  | - list processes status

  |#s - set default process

  |# - default process override

  ? - display expression

  显示地址或者符号信息

  :> ? wsprintfA

  Evaluate expression: = ea

  :> ? eip

  Evaluate expression: = fc

  # [address] - search for a string in the dissasembly

  反汇编指定地址,但是只输出一行语句

  从文件取得要输入的命令

  ops: + - * / not by wo dw poi mod(%) and(&) xor(^) or(|) hi low

  operands: number in current radix, public symbol,

  : b (byte), w (word), d[s] (doubleword [with symbols]),

  a (ascii), c (dword and Char), u (unicode), l (list)

  f (float), D (double), s|S (ascii/unicode string)

  q (quadword)

  : [(nt | )!] ( can include ? and *)

  : ct, et, ld, av,

  : $u-$u, $ea, $exp, $ra, $p

  : [ ...]

  User-mode options:

  i options:

  BA[#] - addr bp

  : [e]ax, [e]bx, [e]cx, [e]dx, [e]si, [e]di, [e]bp, [e]sp, [e]ip, [e]fl,

  al, ah, bl, bh, cl, ch, dl, dh, cs, ds, es, fs, gs, ss

  fpcw, fpsw, fptw, st-st, mm-mm

  : iopl, of, df, if, tf, sf, zf, af, pf, cf

  NTSD还支持一些很有用的命令,但是不知为什么帮助中却没有提,这里也列出来:

  KD [] - stack trace with raw data

  raw模式堆栈回溯

  SQ - set quiet mode

  设置安静模式,运行一次打开,再运行则关闭

  LD [] - refresh module information

  LM list modules

  列出进程加载的所有模块信息

  - dump linked list

  NTSD支持的表达式和WinDBG差不多是一样的,MASM的语法。

  系统自带的NTSD也支持部分扩展命令,如:

  进程文件: ntsd.exe or ntsd

  进程名称: Symbolic Debugger for Windows

  ntsd.exe is a process belonging to the Microsoft symbolic debugger that

  enables you to debug user-mode applications. This program is a non-essential

  process, but should not be terminated unless suspected to be causing

  problems.

  Remendation for ntsd.exe:

  ntsd.exe should not be disabled, required for essential applications to work

  properly.

  Author: Microsoft

  Part Of: Microsoft Windows Operating System

  安全等级 (-):

  间谍软件: No

  病毒: No ( Remove ntsd.exe )

  木马: No ( Remove ntsd.exe )

  Memory Usage: N/A

  System Process: Yes

  Background Process: No

  Uses work: No

  Hardware Related: No

  mon ntsd.exe Errors: N/A