Examining memory

Examining memory

You can use the command x (for "examine") to examine memory in any of several formats, independently of your program's data types.

x/nfu addr

x addr

x

Use the x command to examine memory.

n, f, and u are all optional parameters that specify how much memory to display and how to format it; addr is an expression giving the address where you want to start displaying memory. If you use defaults for nfu, you need not type the slash `/'. Several commands set convenient defaults for addr.

n, the repeat count

The repeat count is a decimal integer; the default is 1. It specifies how much memory (counting by units u) to display.

f, the display format

The display format is one of the formats used by print, `s' (null-terminated string), or `i' (machine instruction). The default is `x' (hexadecimal) initially. The default changes each time you use either x or print.

u, the unit size

The unit size is any of

b

Bytes.

h

Halfwords (two bytes).

w

Words (four bytes). This is the initial default.

g

Giant words (eight bytes).

Each time you specify a unit size with x, that size becomes the default unit the next time you use x. (For the `s' and `i' formats, the unit size is ignored and is normally not written.)

addr, starting display address

addr is the address where you want GDB to begin displaying memory. The expression need not have a pointer value (though it may); it is always interpreted as an integer address of a byte of memory. See section Expressions, for more information on expressions. The default for addr is usually just after the last address examined--but several other commands also set the default address: info breakpoints (to the address of the last breakpoint listed), info line (to the starting address of a line), and print (if you use it to display a value from memory).

For example, `x/3uh 0x54320' is a request to display three halfwords (h) of memory, formatted as unsigned decimal integers (`u'), starting at address 0x54320. `x/4xw $sp' prints the four words (`w') of memory above the stack pointer (here, `$sp'; see section Registers) in hexadecimal (`x').

Since the letters indicating unit sizes are all distinct from the letters specifying output formats, you do not have to remember whether unit size or format comes first; either order works. The output specifications `4xw' and `4wx' mean exactly the same thing. (However, the count n must come first; `wx4' does not work.)

Even though the unit size u is ignored for the formats `s' and `i', you might still want to use a count n; for example, `3i' specifies that you want to see three machine instructions, including any operands. The command disassemble gives an alternative way of inspecting machine instructions; see section Source and machine code.

All the defaults for the arguments to x are designed to make it easy to continue scanning memory with minimal specifications each time you use x. For example, after you have inspected three machine instructions with `x/3i addr', you can inspect the next seven with just `x/7'. If you use RET to repeat the x command, the repeat count n is used again; the other arguments default as for successive uses of x.

The addresses and contents printed by the x command are not saved in the value history because there is often too much of them and they would get in the way. Instead, GDB makes these values available for subsequent use in expressions as values of the convenience variables $_ and $__. After an x command, the last address examined is available for use in expressions in the convenience variable $_. The contents of that address, as examined, are available in the convenience variable $__.

If the x command has a repeat count, the address and contents saved are from the last memory unit printed; this is not the same as the last address printed if several units were printed on the last line of output.

GDB: Examining the Symbol Table

Examining the Symbol Table

The commands described in this chapter allow you to inquire about the symbols (names of variables, functions and types) defined in your program. This information is inherent in the text of your program and does not change as your program executes. GDB finds it in your program's symbol table, in the file indicated when you started GDB (see section Choosing files), or by one of the file-management commands (see sectionCommands to specify files).

Occasionally, you may need to refer to symbols that contain unusual characters, which GDB ordinarily treats as word delimiters. The most frequent case is in referring to static variables in other source files (see section Program variables). File names are recorded in object files as debugging symbols, but GDB would ordinarily parse a typical file name, like `foo.c', as the three words `foo' `.' `c'. To allow GDB to recognize `foo.c' as a single symbol, enclose it in single quotes; for example,

p 'foo.c'::x

looks up the value of x in the scope of the file `foo.c'.

info address symbol

Describe where the data for symbol is stored. For a register variable, this says which register it is kept in. For a non-register local variable, this prints the stack-frame offset at which the variable is always stored.

Note the contrast with `print &symbol', which does not work at all for a register variable, and for a stack local variable prints the exact address of the current instantiation of the variable.

info symbol addr

Print the name of a symbol which is stored at the address addr. If no symbol is stored exactly at addr, GDB prints the nearest symbol and an offset from it:

(gdb) info symbol 0x54320 _initialize_vx + 396 in section .text

This is the opposite of the info address command. You can use it to find out the name of a variable or a function given its address.

whatis expr

Print the data type of expression expr. expr is not actually evaluated, and any side-effecting operations (such as assignments or function calls) inside it do not take place. See section Expressions.

whatis

Print the data type of $, the last value in the value history.

ptype typename

Print a description of data type typename. typename may be the name of a type, or for C code it may have the form `class class-name',`struct struct-tag', `union union-tag' or `enum enum-tag'.

ptype expr

ptype

Print a description of the type of expression expr. ptype differs from whatis by printing a detailed description, instead of just the name of the type.

For example, for this variable declaration:

struct complex {double real; double imag;} v;

the two commands give this output:

(gdb) whatis v type = struct complex (gdb) ptype v type = struct complex { double real; double imag; }

As with whatis, using ptype without an argument refers to the type of $, the last value in the value history.

info types regexp

info types

Print a brief description of all types whose names match regexp (or all types in your program, if you supply no argument). Each complete typename is matched as though it were a complete line; thus, `i type value' gives information on all types in your program whose names include the string value, but `i type ^value$' gives information only on types whose complete name is value.

This command differs from ptype in two ways: first, like whatis, it does not print a detailed description; second, it lists all source files where a type is defined.

info scope addr

List all the variables local to a particular scope. This command accepts a location--a function name, a source line, or an address preceded by a `*', and prints all the variables local to the scope defined by that location. For example:

(gdb) info scope command_line_handler Scope for command_line_handler: Symbol rl is an argument at stack/frame offset 8, length 4. Symbol linebuffer is in static storage at address 0x150a18, length 4. Symbol linelength is in static storage at address 0x150a1c, length 4. Symbol p is a local variable in register $esi, length 4. Symbol p1 is a local variable in register $ebx, length 4. Symbol nline is a local variable in register $edx, length 4. Symbol repeat is a local variable at frame offset -8, length 4.

This command is especially useful for determining what data to collect during a trace experiment, see collect.

info source

Show information about the current source file--that is, the source file for the function containing the current point of execution:

• the name of the source file, and the directory containing it,
• the directory it was compiled in,
• its length, in lines,
• which programming language it is written in,
• whether the executable includes debugging information for that file, and if so, what format the information is in (e.g., STABS, Dwarf 2, etc.), and
• whether the debugging information includes information about preprocessor macros.

info sources

Print the names of all source files in your program for which there is debugging information, organized into two lists: files whose symbols have already been read, and files whose symbols will be read when needed.

info functions

Print the names and data types of all defined functions.

info functions regexp

Print the names and data types of all defined functions whose names contain a match for regular expression regexp. Thus, `info fun step' finds all functions whose names include step; `info fun ^step' finds those whose names start with step. If a function name contains characters that conflict with the regular expression language (eg. `operator*()'), they may be quoted with a backslash.

info variables

Print the names and data types of all variables that are declared outside of functions (i.e. excluding local variables).

info variables regexp

Print the names and data types of all variables (except for local variables) whose names contain a match for regular expression regexp.

Some systems allow individual object files that make up your program to be replaced without stopping and restarting your program. For example, in VxWorks you can simply recompile a defective object file and keep on running. If you are running on one of these systems, you can allow GDB to reload the symbols for automatically relinked modules:

set symbol-reloading on

Replace symbol definitions for the corresponding source file when an object file with a particular name is seen again.

set symbol-reloading off

Do not replace symbol definitions when encountering object files of the same name more than once. This is the default state; if you are not running on a system that permits automatic relinking of modules, you should leave symbol-reloading off, since otherwise GDB may discard symbols when linking large programs, that may contain several modules (from different directories or libraries) with the same name.

show symbol-reloading

Show the current on or off setting.

set opaque-type-resolution on

Tell GDB to resolve opaque types. An opaque type is a type declared as a pointer to a struct, class, or union---for example, struct MyType *---that is used in one source file although the full declaration of struct MyType is in another source file. The default is on.

A change in the setting of this subcommand will not take effect until the next time symbols for a file are loaded.

set opaque-type-resolution off

Tell GDB not to resolve opaque types. In this case, the type is printed as follows:

{<no data fields>}

show opaque-type-resolution

Show whether opaque types are resolved or not.

maint print symbols filename

maint print psymbols filename

maint print msymbols filename

Write a dump of debugging symbol data into the file filename. These commands are used to debug the GDB symbol-reading code. Only symbols with debugging data are included. If you use `maint print symbols', GDB includes all the symbols for which it has already collected full details: that is, filename reflects symbols for only those files whose symbols GDB has read. You can use the command info sources to find out which files these are. If you use `maint print psymbols' instead, the dump shows information about symbols that GDB only knows partially--that is, symbols defined in files that GDB has skimmed, but not yet read completely. Finally, `maint print msymbols'dumps just the minimal symbol information required for each object file from which GDB has read some symbols. See section Commands to specify files, for a discussion of how GDB reads symbols (in the description of symbol-file).

基本gdb

gdb是個命令列模式的交談(interactive)除錯器， 跟telnet或其它的unix交談式程式一樣有個提示符號，然後要下命令

(gdb)COMMAND

不要忘了gcc編譯時要加 -g 參數， 基本gdb命令

檔案處理 ======== file a.out 載入可執行檔a.out path 告訴gdb obj code在那 directory 告訴gdb source code在那裡 SHELL ===== shell ls 就會執行ls了 cd xxx 不過用shell的方法跟Makefile一樣喚起sub shell而已 要真的cd到目錄要用cd 中斷點(Break point and watch point)處理 ======================================= break 設定中斷點 clear 清除中斷點 delete 清除中斷點 disable 暫時使中斷無作用 enable 使中斷再作用 condition 進一步設中斷點的條件 如果條件為true則中斷 commands 如果中斷了則執行commands與end中的一連串gdb命令 ..... end

其中 中斷點可以用source code的行數來代表(這些資訊藏在ELF格式 裡的.line這個section裡)，也可以用中斷點的流水號來表示

br 在目前位置設中斷點 br 100 在100行中斷 br func1 在func1中斷 br +100 目前位置+100行中斷 br *0x08048123 在這位址中斷 br file.c:100 因為如果是多個c檔案時指定file.c tbreak 同break的寫法 不過中斷一次後 此中斷點就失效 br 100 if (var == 5) 條件中斷 後面跟著c語法的條件判斷式 br 100 在第100行中斷並且執行command...end中的gdb命令 commands silent printf "x is %d\n",x end break String::func1 C++ Function Overloading的中斷 String是class clear 100 清除中斷點 後面跟著行號或函數名 clear func1 delete 5 清除5號中斷點 後面是中斷點流水編號 disable 3 暫時使3號中斷點沒作用 後面是中斷點流水編號 enable 2 使2號中斷點作用 後面是中斷點流水編號 condition 3 (var > 3) 設3號中斷點的條件 如果條件為true則中斷 condition 3 清除3號中斷點的條件 程式執行 ======== set args xxx 給執行程式參數xxx，就是main裡的**argv run 開始跑程式 continue 中斷後繼續跑 next 往下跳一步c程式 如果有副程式 執行完整個副程式 step 往下跳一步c程式 如果有副程式 追進副程式 until 跳離一個while for迴圈 nexti 往下一步CPU組語的指令(Instruction)執行完整個副程式 stepi 往下一步CPU組語的指令(Instruction)追進副程式 until 執行到source code的行數比目前的大 如果目前所在行是loop的最後一行就會跳離loop 程式變數值(data)處理 ==================== print var 看var的值 print &var 印出var的位址(其時這就是C 啦) print *var 印出*var值 var是pointer display var display會每次step, next時都會印出值來,print只印一次 print (var=value) 設var的值為value 其實print 可以只用p代替 很多指令都可以簡寫代替 p/x /x表示印hex值 /u表示unsigned digit /d signed digit /t 二進位值 /是列印的選項 在Solaris上的adb也有相似形式 x/3uh 0x8048012 印出記憶體 其中 3表示看3個 u unsigned digit(跟上面p命令一樣意義) h halfword就是2bytes(bhwg分別是1248bytes) GDB內定變數(跟程式變數不一樣喔) =============================== 一些gdb方便的變數(convenience variable) $_ 用x命令所得到的最後一個位址 $__ 用x命令所得到的最後一個位址的值 $_exitcode 程式離開的code就是用exit時的code CPU暫存器(registers) $pc program counter就是目前cpu指到的執行位置啦 $sp stack pointer 訊息觀看與設定 ============== info 得到一些program debug資訊 info break info frame info display info program info share info registers show 得到一些系統(OS, CPU Arch), GDB資訊 show args (系統傳進來的argv[0],argv[1]...) show os (OS是什麼) show endian show prompt (gdb的提示符號) list 看原始碼 list x 從第x行的source code印出，x不寫從目前行印出 list *addr 秀出addr所在source code的行 可以先用info program找出目前PC的值 再用list *addr search REGEXP 在目前source code做RE搜尋 disas 想看machine code用這個 whatis var 告訴我var的資料型別是啥 int, char or double ptype var 告訴我var的資料型別是啥 這用來看struct用的 set 設定gdb, 系統的控制變數值(這些變數不是program內的) set listsize xx 設定要看xx行source code set $pc xx 把PC設到 xx set convenience可以自己設變數 help 可以得到命令HELP 程序與副程式(process and sub-function) ====================================== backtrace(bt)2 程式執行到這裡前的兩個副程式，2不寫則列出全部 frame 2 選擇2號frame跳過去 2不寫就列出現在執行到那裡 up 2 往上走2個副程式 down 3 往下走2個副程式 return expression 不要玩了,回到上一層呼叫的routine去並return一個值 finish 繼續玩完一個選擇的stack frame(副程式) kill 砍掉child process signal procss-id 送signal給process attach procss-id debug一個已經在記憶體跑的process detach procss-id 釋放attach的process脫離gdb的控制

其中每次程式呼叫副程式時， 原本的執行的世界的東西(變數值啊等等)必需先保存起來， 然後再跳到新世界(將要執行的副程式)這就是stack， 每叫一個sub routine就等於進到一個stack frame

(gdb)frame 2

就是選擇2號frame，而0號frame就是目前在執行的副程式， 1號是呼叫0號的副程式，以此類推， finish搭配frame這個命令來用

所以bt這個命令很重要，可以追回之前叫了那些function來到目前的地方。 通常在命令列也有類似的追蹤system call的程式，因為system call很重要， 在Solaris上我們可以用

$ truss prog1

在Linux上

$ strace prog1

來看現在程式到底叫了甚麼system call導致他毀掉。

attach, detach必需在有支援process 的環境， 因為有的沒記憶體保護OS，或embadded system沒有支援， 另外也要有能力送signal給process的環境才行， 這主要可以來debug deamon或做multiprocess的除錯

Correct use of the strip command

Correct use of the strip command

Running the strip command on an executable is the most common program protection method. In its default operation, the strip command removes the symbol table and any debugging information from an executable. This is how it is typically used. However, there is still useful information that is not removed.

Consider the following statically linked and stripped program:

$ echo 'main() { printf("hello world\n"); }' > prog.c

$ gcc -static -o prog prog.c

$ strip prog

Examining the section header table:

$ readelf --section-headers prog

There are 18 section headers, starting at offset 0x5da1c:

 

Section Headers:

  [Nr] Name              Type       Addr     Off    Size   ES Flg Lk Inf Al

  [ 0]                   NULL       00000000 000000 000000 00      0   0  0

  [ 1] .init             PROGBITS   080480b4 0000b4 000025 00  AX  0   0  4

  [ 2] .text             PROGBITS   080480e0 0000e0 04249f 00  AX  0   0 32

  [ 3] .fini             PROGBITS   0808a580 042580 00001c 00  AX  0   0  4

  [ 4] .rodata           PROGBITS   0808a5a0 0425a0 0145ec 00   A  0   0 32

  [ 5] __libc_subinit    PROGBITS   0809eb8c 056b8c 000008 00   A  0   0  4

  [ 6] __libc_subfreeres PROGBITS   0809eb94 056b94 000040 00   A  0   0  4

  [ 7] __libc_atexit     PROGBITS   0809ebd4 056bd4 000004 00   A  0   0  4

  [ 8] .data             PROGBITS   0809f000 057000 00112c 00  WA  0   0 32

  [ 9] .eh_frame         PROGBITS   080a012c 05812c 001874 00  WA  0   0  4

  [10] .ctors            PROGBITS   080a19a0 0599a0 000008 00  WA  0   0  4

  [11] .dtors            PROGBITS   080a19a8 0599a8 000008 00  WA  0   0  4

  [12] .got              PROGBITS   080a19b0 0599b0 000010 04  WA  0   0  4

  [13] .bss              NOBITS     080a19c0 0599c0 000f48 00  WA  0   0 32

  [14] .comment          PROGBITS   00000000 0599c0 002d00 00      0   0  1

  [15] .note.ABI-tag     NOTE       08048094 000094 000020 00   A  0   0  4

  [16] .note             NOTE       00000000 05c6c0 0012c0 00      0   0  1

  [17] .shstrtab         STRTAB     00000000 05d980 000099 00      0   0  1

Key to Flags:

  W (write), A (alloc), X (execute), M (merge), S (strings)

  I (info), L (link order), G (group), x (unknown)

  O (extra OS processing required) o (OS specific), p (processor specific)

There are 3 sections that are of special interest: the .comment .note.ABI-tag and .note sections.

When an executable is produced from source code, there are two stages - compilation and linking. Compiling takes a source file and produces an object file. Linking concatenates these object files into a single executable. The concatenation occurs by section. For example, the .comment section for the final executable will contain the contents of the .comment section of each object file that was linked into the executable.

If we examine the contents of the .comment section we can see the compiler used, plus the version of the compiler. In this case gcc-2.95.4 from the debian distribution was used. Note that the contents of the .comment section are not standardised, and hence the compiler can fill it with anything it likes:

$ objdump --full-contents --section=.comment prog | head

 

prog:     file format elf32-i386

 

Contents of section .comment:

 0000 00474343 3a202847 4e552920 322e3935  .GCC: (GNU) 2.95

 0010 2e342032 30303131 30303220 28446562  .4 20011002 (Deb

 0020 69616e20 70726572 656c6561 73652900  ian prerelease).

 0030 00474343 3a202847 4e552920 322e3935  .GCC: (GNU) 2.95

 0040 2e342032 30303131 30303220 28446562  .4 20011002 (Deb

 0050 69616e20 70726572 656c6561 73652900  ian prerelease).

Next we examine the .note section:

$ objdump --full-contents --section=.note prog | head

 

prog:     file format elf32-i386

 

Contents of section .note:

0000 08000000 00000000 01000000 30312e30  ............01.0

0010 31000000 08000000 00000000 01000000  1...............

0020 30312e30 31000000 08000000 00000000  01.01...........

0030 01000000 30312e30 31000000 08000000  ....01.01.......

0040 00000000 01000000 30312e30 31000000  ........01.01...

0050 08000000 00000000 01000000 30312e30  ............01.0

The .note section contains elements that begin with a fixed header:

/* from <elf.h> */

typedef struct

{

  Elf32_Word n_namesz;       /* Length of the note's name. */

  Elf32_Word n_descsz;       /* Length of the note's descriptor. */

  Elf32_Word n_type;         /* Type of the note. */

} Elf32_Nhdr;

Examining the first entry we have a version entry, the version being "01.01". This is typical for code produced by gcc:

header = { n_namesz = 8; n_descsz = 0; n_type = NT_VERSION; }

n_name = "01.01";

Finally we examine the .note.ABI-tag section:

$ objdump --full-contents --section=.note.ABI-tag prog

 

prog:     file format elf32-i386

 

Contents of section .note.ABI-tag:

 8048094 04000000 10000000 01000000 474e5500  ............GNU.

 80480a4 00000000 02000000 02000000 00000000  ................

As per the .note section, the entry is prefixed with a header of type Elf32_Nhdr. As this is an ABI-tag section, the contents of the entry have the following form:

/* ABI information.  The descriptor consists of words:

   word 0: OS descriptor

   word 1: major version of the ABI

   word 2: minor version of the ABI

   word 3: subminor version of the ABI

*/

 

header = { n_namesz = 4; n_descsz = 16; n_type = ELF_NOTE_ABI; }

n_name = "GNU";

n_desc = [ELF_NOTE_OS_LINUX, 2, 2, 0];

The above decoded note entry shows that the operating system is linux, and executable is for a GNU linux system with ABI 2.2.0. In plain english, this means that the executable will only run on linux kernel version 2.2.0 and later.

Summarising the contents of the .note .comment and .note.ABI-tag sections, we see that the executable was compiled by gcc-2.95-4 from the debian distribution, and requires kernel version at least 2.2.0.

This information is extremely useful for reversing the executable.

The moral of this story? Supply the proper flags to strip to remove these sections if you wish to make reverse engineering more difficult:

$ strip -R .comment -R .note -R .note.ABI-tag prog

 

SVN update hook

I think we could use the mechanism to update the script when there is a script checked in.

 

http://www.petefreitag.com/item/244.cfm

 

Using Subversion Hooks to send out build emails

February 23, 2005

The subversion version control system has a wonderfully handy feature called hooks. Hooks are essentially scripts that are triggered by a version control event (such as a commits, or revision property changes).

Subversion Hooks are located in your repository directory (so if you have multiple repositories you have to setup hooks for each one) in a directory called hooks, perhaps something like this: /home/svn/projectName/hooks. There are template files (.tmpl) in the directory for each event (these files are just examples). The events are:

• start-commit - run before commit transaction begins, can be used to do special permission checking
• pre-commit - run at the end of the transaction, but before commit. Often used to validate things such as a non zero length log message.
• post-commit - runs after the transaction has been committed. Can be used for sending emails, or backing up repository.
• pre-revprop-change - runs before a revision property change. Can be used to check permissions.
• post-revprop-change - runs after a revision property change. Can be used to email or backup these changes.

In your hooks directory you will find a .tmpl file with each of the event names, if you want to enable one of the hooks, copy the template file (without the .tmpl extension) and make it executable.

Note: On windows you need to rename the .tmpl file with an extension that is executable by windows such as an exe or bat file.

If you want to send out a build email on post-commit copy the post-commit.tmpl file to post-commit and make it executable. Edit the file, and add your email addresses.

Subversion comes with a few other pre-built hook scripts, there is a hot-backup.py script that can be used to make hot backups of your repository after commits.

You can find more info about this in the Version control with Subversion book which can also be found here

 

 

 

 

Best Wishes,

Owen Ouyang

 

微软Win 7部署工具DISM解析

微软Win 7部署工具DISM解析

DISM(Deployment Imaging and Management)是Windows 7中的镜像部署和管理工具，之前Windows中的此类工具包括ImageX、Pkgmgr、PEImg、Intlcfg，但是使用这些工具来修正或改变 已创建的镜像非常繁琐，第一个问题就是你要知道什么时候用哪个工具，之后还要进行一系列的操作步骤，不过有了DISM，所有的这些工具都合为一体而且功能 更加完善。

　　开启DISM：

　　在使用DISM命令之前首先要开启该工具，简单的"开始-运行-cmd-Enter"并无法奏效，你需要执行以下操作"开始-运行-cmd- Shift+Ctrl+Enter"或者是点击"开始"输入cmd，当搜索框中出现cmd后右键点击并选择"Run as Administrator"。

　　进行上述操作后你会看到在打开的窗口中其标题栏前缀为Administrator。

　　DISM有很多命令参数可以用于不同的操作需求，键入"dism/?"即可查看所有DISM指令。

　　使用DISM获取基本信息：

    启动DISM后就可以进行相关命令操作，首先来看一下当前运行操作系统的基本信息，执行"dism/online/Get- CurrentEdition"，/online是对当前版本执行操作的关键参数，/Get-CurrentEdition命令则告诉dism我们想要查 看当前版本的信息，命令执行结果显示为：

    Deployment Image Servicing and Management tool

　　Version: 6.1.7100.0

　　Image Version: 6.1.7100.0

　　Current edition is:

　　Current Edition : Ultimate

　　The operation completed successfully。

　　更深入一步，由于Windows 7有多个不同版本，因此用户有很多升级选择，如果运行"dism/online/Get-TargetEditions"就可以查看当前版本可以升级到哪 些其他版本，如果该机器已经在运行Windows 7 Ultimate，那么DISM会告知用户你已经没有升级选择：

　　Deployment Image Servicing and Management tool

　　Version: 6.1.7100.0

　　Image Version: 6.1.7100.0

　　Editions that can be upgraded to:

　　(The current edition cannot be upgraded to any target editions。)

　　The operation completed successfully。

　　使用DISM修改系统：

　　除了可以查询系统信息，DISM的另一个非常有用的功能就是它不仅可以对"online"镜像执行相关操作还可以live镜像进行操作，也就是说我们可以使用DISM对正在运行的操作系统进行修改。

　　例如，Windows 7中包括很多游戏和功能，这些可能是企业用户所不需要的，那么在系统正在运行时你也可以采用DISM移除这些功能。首先，让我们看一下系统都安装了什么， 哪些是允许更改的，执行"dism/online/Get-Features|more"，Get-Features指令会显示当前安装的所有功 能，|more只是将输出结果分页以便于查看，用户从输出结果列表中找寻希望移除的内容：

　　…

　　Feature Name : FreeCell

　　State : Enabled

　　Feature Name : Minesweeper

　　State : Enabled

　　Feature Name : PurblePlace

　　State : Enabled

　　…

　　如果你想删除或禁用这些当前状态为"启用"的功能，只需使用一个简单的DISM指令，键入"dism /online /Disable-Feature /FeatureName:XXX"，XXX处输入列表中你想要移除的功能，比如说你想要禁用PurblePlace，那么执行"dism /online /Disable-Feature /FeatureName:PurblePlace"即可，命令执行结果显示为：

　　Deployment Image Servicing and Management tool

　　Version: 6.1.7100.0

　　Image Version: 6.1.7100.0

　　Disabling feature(s)

　　[=======================100.0%=======================]

　　The operation completed successfully。

　　下面检查一下该功能是否被禁用了，执行"dism /online /Get-FeatureInfo /FeatureName:PurblePlace"，命令执行结果显示为：

　　Deployment Image Servicing and Management tool

　　Version: 6.1.7100.0

　　Image Version: 6.1.7100.0

　　Feature Information:

　　Feature Name : PurblePlace

　　Display Name : Purble Place

　　Description : Purble Place

　　Restart Required : Possible

　　State : Disabled

　　Custom Properties:

　　(No custom properties found)

　　The operation completed successfully。

　　你可以看到"State:Disabled"，也就是说之前执行的对该功能的禁用命令已经生效，如果你想重新启用该功能，那么只需执行"dism /online /Enable-Feature /FeatureName:PurblePlace"，DISM就会以按照相似的步骤将这个功能重新恢复：

　　Deployment Image Servicing and Management tool

　　Version: 6.1.7100.0

　　Image Version: 6.1.7100.0

　　Enabling feature(s)

　　[=======================100.0%=======================]

　　The operation completed successfully。

 

[免錢升級分享] MSI X340就這樣加快20％

[免錢升級分享] MSI X340就這樣加快20％

 

不過，小弟覺得CPU效能如果可以再快一點，那就太好了。這幾天，上網爬文做功課。原來有一種免錢升級法，整個過程免拆機，親自試試還真讓CPU加快20％，小弟就來分享這個方法給其餘有使用X340的大大。

小弟先以X340的預設值執行一次測試，作業系統是Windows 7，沒有改XP。CPU-Z V1.54軟體顯示X340各項硬體資訊。



wprime V2.0：118.25 s。



3DMark 06（Patch 1.2.0）：664



EVEREST_Ultimate Edition_V5.30.2065 Beta：



NuclearMC V2.0.0：



7-ZIP V9.10 beta：



Winrar 3.92：



720P HD影片：YouTube下載的紅透半邊天NoBaby。用KMPlayer V2.9.4.1436播放，CPU使用率落在70％左右。



以上就是X340的預設效能。接著就是如何免錢、免拆機升級法，我用分隔線區隔一下。

--------------------------------------------------------------------------------------------------

用SetFSB軟體就能夠讓X340的CPU速度加快，就是軟體超頻術。選擇這個方式還有一個好處，如果超頻失敗，直接重開機即可。這裡用SetFSB 2.2.117.88版，Clock Generator選擇「ICS9LPRS113AKLF」，接著按下「Get FSB」，此時SetFSB會偵測FSB等頻率。

隨後，拉動下圖的190/760一旁的滑桿，往右拉是讓FSB等頻率加快，往左則是變慢。建議每次往右拉一點，不要一下子讓FSB等頻率加快太多，否則可能會出現當機。移動完滑桿後，再按下「Set FSB」，此時X340的FSB等頻率會調整，用CPU-Z軟體可以發現FSB等頻率已經跳動。

小弟經過反覆，最終確認X340的FSB頻率由200 MHz超頻至240 MHz，DDR2記憶體速度也由800 MHz加快至960 MHz。換算一下，CPU已經加快20％，DDR2記憶體則是20％。



每次開機後，剛剛調整的FSB等頻率會跳回X340預設值，那我們用參數來讓SetFSB 2.2.117.88版自動跳回FSB等頻率。

在桌面上建立SetFSB 2.2.117.88版捷徑，接著手動增加-W 0 –s240。-W 0代表開啟SetFSB軟體後，等待多久調整FSB頻率，–s240則是指定FSB調至240 MHz。以後只要開完機後，執行這項捷徑，X340就馬上超頻。對了，如果要讓X340回復預設速度，也可以用同樣方法喔。建立另一個SetFSB 2.2.117.88版捷徑，接著手動增加-W 0 –s200。



接下來，就讓超頻後的X340跑一下測試，看看到底變多快。



wprime V2.0：98.779



3DMark 06（Patch 1.2.0）：804



EVEREST_Ultimate Edition_V5.30.2065 Beta：



NuclearMC V2.0.0：



7-ZIP V9.10 beta：



Winrar 3.92：



720P HD影片：YouTube下載的紅透半邊天NoBaby。用KMPlayer V2.9.4.1436播放，CPU使用率落在50％左右。



我把X340預設模式的效能，以及超頻至240 MHz模式的效能列在一起比較。



X340在免錢、免拆機升級後，CPU的浮點運算等各項效能約有20％成長，DDR2記憶體效能也增加約有20％。

小弟的使用感覺是X340超頻使用時，由於CPU加快，因此播放影片的同一時間，如果有MSN登入，那麼影片也不會突然嚴重Lag。同時開啟幾個網頁視窗，CPU Loading也不再突然暴增。當X340超頻後，使用一段時間，個人覺得散熱風扇轉速並沒有變快，還是一如以往安靜。這樣的結果，已經令我相當滿意。