ÍøÕ¾Éè¼Æ|ÍøÕ¾ÖÆ×÷|ÍøÕ¾½¨Éè·þÎñÍø
¡¡¡¡×ÊÉîµÄÍøÕ¾Éè¼ÆÈËÔ±£¬ÒÔ¾«Õ¿µÄÍøÕ¾Éè¼Æ¼¼Êõ¡¢ÓÅÖʵÄÍøÕ¾ÖÆ×÷·þÎñ,ΪÄúÌṩȫ·½Î»µÄÍøÕ¾Éè¼Æ¡¢ÍøÕ¾ÖÆ×÷·þÎñ£¬¾«ÐÄÍƳöÍøÕ¾ÖÆ×÷µÄ¶àÖÖ¿Æѧ·½°¸,´ÓÍøÕ¾Éè¼Æµ½ÍøÕ¾ÖÆ×÷¡¢ÍøÕ¾Íƹ㡢±£Ö¤Äú×î´óÏÞ¶ÈÓµÓÐÐÅÏ¢»¯µÄÍøÕ¾Éè¼ÆÓÅÊÆ.

drwtsn32.exe¹ÊÕÏת´¢ÎļþĬÈÏȨÏÞÉèÖò»µ±

·¢ÏÖÕߣºtombkeeper@126.com
·¢ÏÖʱ¼ä£º2001.10.31

Ö÷Ò³£ºwww.whitecell.org

ÃèÊö£º
drwtsn32.exe¹ÊÕÏת´¢ÎļþĬÈÏȨÏÞÉèÖò»µ±£¬¿ÉÄܵ¼ÖÂÃô¸ÐÐÅϢй©¡£

Ó°Ïìϵͳ£º
µ±Ç°ËùÓÐWindows°æ±¾

Ïêϸ£º
drwtsn32.exe£¨Dr. Watson£©ÊÇÒ»¸öWindowsϵͳÄÚÖõijÌÐò´íÎóµ÷ÊÔÆ÷¡£Ä¬ÈÏ
״̬Ï£¬³öÏÖ³ÌÐò´íÎóʱ£¬Dr. Watson ½«×Ô¶¯Æô¶¯£¬³ý·ÇϵͳÉÏ°²×°ÁËVCµÈÆäËû¾ßÓÐ
µ÷ÊÔ¹¦ÄܵÄÈí¼þ¸ü¸ÄÁËĬÈÏÖµ¡£×¢²á±íÏ
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug]
ϵÄDebugger ÏîµÄÖµÖ¸¶¨Á˵÷ÊÔÆ÷¼°Ê¹ÓõÄÃüÁAuto Ïî¾ö¶¨ÊÇ·ñ×Ô¶¯Õï¶Ï´íÎó£¬
²¢¼Ç¼ÏàÓ¦µÄÕï¶ÏÐÅÏ¢¡£
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug]

ÔÚWindows 2000ÖÐdrwtsn32.exeĬÈϻὫ¹ÊÕÏת´¢Îļþuser.dmp´æ·ÅÔÚĿ¼
¡°\Documents and Settings\All Users\Documents\DrWatson¡±Ï¡£È¨ÏÞΪEveryone
ÍêÈ«¿ØÖÆ¡£ÔÚWindows NTÖб»´æ´¢ÔÚ¡°\WINNT\¡±ÖУ¬everyone×éÖÁÉÙÓжÁȡȨÏÞ¡£

ÓÉÓÚuser.dmpÖд洢µÄÄÚÈÝÊǵ±Ç°Óû§µÄ²¿·ÖÄÚ´æ¾µÏñ£¬ËùÒÔ¿ÉÄܵ¼Ö¸÷ÖÖÃô¸ÐÐÅÏ¢
й©£¬ÀýÈçÕʺš¢¿ÚÁî¡¢Óʼþ¡¢ä¯ÀÀ¹ýµÄÍøÒ³¡¢ÕýÔڱ༭µÄÎļþµÈµÈ£¬¾ßÌåÈ¡¾öÓÚ±ÀÀ£µÄ
Ó¦ÓóÌÐòºÍÔÚ´Ë֮ǰÓû§½øÐÐÁËÄÇЩ²Ù×÷¡£

ÒòΪWindows³ÌÐòÊÇÈç´ËÒ×ÓÚ±ÀÀ££¬ËùÒÔ²»ÄÜÅųý¶ñÒâÓû§ÀûÓôËÈõµã»ñÈ¡·ÇÊÚȨÐÅÏ¢
µÄ¿ÉÄÜ¡£ÀýÈ磺ÀûÓÃIE5.0ÒÔÉϵĻûÐÎ×¢ÊÍ©¶´¾Í¿ÉÒÔʹä¯ÀÀ°üº¬¶ñÒâ´úÂëµÄiexplore.exe
ºÍ²é¿´°üº¬¶ñÒâ´úÂëµÄÓʼþ³ÌÐò±ÀÀ£¡££¨¹ØÓÚIEµÄ»ûÐÎ×¢ÊÍ©¶´Çë²Î¼û×¾×÷¡¶°üº¬»ûÐÎ×¢ÊÍ
µÄHTMLÎļþ¿ÉʹIE 5.0ÒÔÉÏ°æ±¾±ÀÀ£¡·£©

²âÊÔ£º
--->ÔÚadministratorÕʺÅϲÙ×÷£º
Èç¹ûÄ¿Ç°µÄĬÈϵ÷ÊÔÆ÷²»ÊÇ Dr. Watson£¬ÇëÔÚÃüÁîÌáʾ·ûºó¼üÈëÃüÁdrwtsn32 -i
½« Dr. Watson ÉèΪĬÈϵ÷ÊÔÆ÷¡£
ÏÈÆô¶¯Ò»¸öÐèҪʹÓÃÃÜÂëµÄ³ÌÐò£¬ÕâÀïÎÒÃÇÑ¡ÔñFoxmail¡£
ÓÃÈÎÎñ¹ÜÀíÆ÷²ì¿´FoxmailµÄPID£¬¼ÙÉèÊÇ¡°886¡±¡£ÔÚÃüÁîÌáʾ·ûºó¼üÈëÃüÁ
drwtsn32 -p 886
--->ÔÚguestÕʺÅϲÙ×÷£º
ÔÚ\Documents and Settings\All Users\Documents\DrWatson\Ŀ¼Ï¼üÈëÃüÁ
type user.dmp|find "youEmailPasswd"
¾Í»á·¢ÏÖÄãµÄÓʼþÃÜÂëÔÚuser.dmpÖУ¬¶øÇÒÍêÈ«¿ÉÒÔ±»guestÓû§¶ÁÈ¡¡£

½â¾ö·½°¸£º
΢ÈíÉÐδ¶Ô´Ë×ö³ö·´Ó¦¡£
ÔÚ¿ÉÓõIJ¹¶¡³öÀ´Ö®Ç°£¬²ÉÈ¡ÒÔÏÂÈÎÒ»´ëÊ©½Ô¿É½â¾ö´ËÎÊÌ⣬
1¡¢¼üÈë²»´ø²ÎÊýµÄdrwtsn32£¬¸ü¸Ä¹ÊÕÏת´¢Îļþµ½Ò»¸öÌØȨ·¾¶£¬È磺
\Documents and Settings\Administrator\DrWatson\
»òÈ¡Ïû¡°½¨Á¢¹ÊÕÏת´¢Îļþ¡±Ñ¡Ïî¡£
2¡¢É¾³ý×¢²á±íÏî
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug]
ϵÄÏà¹Ø¼üÖµ¡£
3¡¢Ê¹ÓÃÆäËüµ÷ÊÔ¹¤¾ß¡£²¢ÔÚ×¢²á±íÖÐÕýÈ·ÉèÖá£

¸½Â¼£ºdrwtsn32 ²ÎÊý

drwtsn32 [-i] [-g] [-p pid] [-e event] [-?]

-i ½« DrWtsn32 µ±×÷ĬÈÏÓ¦ÓóÌÐò´íÎóµ÷ÊÔ³ÌÐò
-g ±»ºöÂÔ£¬µ«×÷Ϊ WINDBG ºÍ NTSD µÄ¼æÈݶø±»Ìṩ
-p pid Òªµ÷ÊԵĽø³Ì id
-e event ±íʾ½ø³Ì¸½¼ÓÍê³ÉµÄʼþ
-? Õâ¸öÆÁÄ»