lm (List Loaded Modules)
lm command displays the specified load module. And output state module comprises a path.
lmOptions [a Address] [m Pattern | M Pattern]
parameter:
- Options
any combination of the following options:
D ---- markup language using a debugger display output.
O --- Display only loaded modules.
L --- Display only the sign information module loaded.
v --- display detailed information. Symbol file name included in the display, image file name, a checksum information, version information, date stamp, time stamp, and whether the module hosting an information code (CLR). If the relevant header deletion or paged out of this information is not displayed.
U --- (only in kernel mode) displays only the user information in the pattern of symbols.
K --- (only in kernel mode) displays only the information in the kernel mode symbol.
E --- sign display module only problem. These symbols include a module and a state in which no symbol is a symbol C, T, #, M or export module.
C --- Display checksum
LM --- reduce the output, so as not to contain any content other than the name of the module. If you use .foreach mark the command output pipe into the input of another command, this option is useful.
sm --- by module name instead of sorting the display starting address.
In addition, you can only include one of the following options. If you do not include any of these options, the display will include the symbol file name.
i --- image file name displayed.
f --- display the full image path. (Unless .reload-s command issued, otherwise the path is always the path shown loaded with an initial notification match) when using F, does not display the type of information symbol.
n --- display jimage name. When using n, does not display the type of information symbol.
p --- display image name mapping. When using p, does not display the type of information symbol.
t --- displayed file timestamps. When using t, does not display the type of information symbol. - A the Address
Specifies the address contained in this module. This display contains only the module address. If the address contains an expression, it must be enclosed in parentheses. - m the Pattern
specify a module name must match the pattern. Pattern may contain various wildcards and specifiers. In most cases, the module name is not the file extension of the file name. For example, if you want to display information about flpydisk.sys driver, use the lm mflpydisk command, rather than lm mflpydisk.sys. In some cases, the module name and file name are very different. - M the Pattern
specified path must match the pattern image. Pattern may contain various wildcards and specifiers.
lm command lists all the modules and the symbolic state of each module. A list of Microsoft Windows Server 2003 and later versions of Windows user-mode process of unloading the maintenance module. When debugging user-mode process or dump file, lm command also displays these modules have been unloaded. This command displays a plurality of fields or columns, each column or field having different title. Some of the title has a specific meaning:
- The module name is usually not the file extension of the file name. In some cases, the module name and file name are very different.
- Symbol Type immediately after the module name. This column is not marked. If you have loaded symbol, the symbol file name will follow this column.
- The first module address is displayed as a start. First address after the end of the display module to end. For example, if the start is "faab4000", ended as "faab8000", the module will 0xfaab4000 extended to 0xfaab7fff (inclusive).
- lmv only: image path column displays the name of the executable file, including the file extension. Typically, the full path included in the user mode, but not in the kernel mode.
- Only LMV: loaded symbol image and the image file name same value, unless there is Microsoft code view symbols.
- lmv only: typically do not use mapped memory image file values. If the debugger is mapped image file (for example, during a mini dump debugging), this value is the name of the map image.
The following code example shows the lm command with the target Windows Server 2003 computer. This example includes the option of m and s *, so only the display module "s" in the beginning.
kd> lm m s* start end module name f9f73000 f9f7fd80 sysaudio (deferred) fa04b000 fa09b400 srv (deferred) faab7000 faac8500 sr (deferred) facac000 facbae00 serial (deferred) fb008000 fb00ba80 serenum e:\mysymbols\SereEnum.pdb\....... fb24f000 fb250000 swenum (deferred) Unloaded modules: f9f53000 f9f61000 swmidi.sys fb0ae000 fb0b0000 splitter.sys fb040000 fb043000 Sfloppy.SYS
The following two examples show lm command once without any options, one with sm options. Comparison of two examples of the sort order.
0:000> lm start end module name 01000000 0100d000 stst (deferred) 77c10000 77c68000 msvcrt (deferred) 77dd0000 77e6b000 ADVAPI32 (deferred) 77e70000 77f01000 RPCRT4 (deferred) 7c800000 7c8f4000 kernel32 (deferred) 7c900000 7c9b0000 ntdll (private pdb symbols) c:\db20sym\ntdll.pdb
0:000> lmsm start end module name 77dd0000 77e6b000 ADVAPI32 (deferred) 7c800000 7c8f4000 kernel32 (deferred) 77c10000 77c68000 msvcrt (deferred) 7c900000 7c9b0000 ntdll (private pdb symbols) c:\db20sym\ntdll.pdb 77e70000 77f01000 RPCRT4 (deferred) 01000000 0100d000 stst (deferred)