var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-333696-1']); _gaq.push(['_trackPageview']); _gaq.push(['_trackPageLoadTime']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();
  • 2007年06月26日

    WinDbg学习

    分类:

    Setting the Symbol Path

    To use this symbol server, symsrv.dll must be installed in the same directory as the debugger. The symbol path must be set in one of the following ways:

    set _NT_SYMBOL_PATH = symsrv*ServerDLL*DownstreamStore*\\Server\Share

    set _NT_SYMBOL_PATH = symsrv*ServerDLL*\\Server\Share

    set _NT_SYMBOL_PATH = srv*DownstreamStore*\\Server\Share

    set _NT_SYMBOL_PATH = srv*\\Server\Share

    Field

    Description

    symsrv

    This keyword must always appear first. It indicates to the debugger that this item is a symbol server, not just a normal symbol directory.

    ServerDLL

    Specifies the name of the symbol server DLL. If you are using the SymSrv symbol server, this will always be symsrv.dll.

    srv

    This is shorthand for symsrv*symsrv.dll.

    DownstreamStore

    Specifies a local directory or network share that will be used to cache individual symbol files. If DownstreamStore specifies a directory that does not exist, SymStore will attempt to create it.

    \\Server\Share

    Specifies the server and share of the symbol store.

    e.g.

    Microsoft Public Symbols

    srv*c:\mysyms*http://msdl.microsoft.com/download/symbols

     

    Debug命令 .....................................

     

    Launching the Debugger Automatically

    You can set up your application to start WinDbg when you launch the application from Windows.

    To setup an application to launch the debugger automatically

    1. Start the Registry Editor (Run regedit).

    2. In the Registry Editor, open the HKEY_LOCAL_MACHINE folder.

    3. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\image file execution options.

    4. Under the Image File Execution Options folder, locate the name of the application you want to debug (myapp.exe, for example). If you cannot find the application you want to debug:

    a.   Right-click the Image File Execution Options folder and choose New Key from the shortcut menu.

    b.   Right-click the new key and choose Rename from the shortcut menu.

    c.   Edit the key name to the name of your application, for example, myapp.exe.

    5. Right-click the myapp.exe folder and choose New String Value from the shortcut menu.

    6. Right-click the new string value and choose Rename from the shortcut menu.

    7. Change the name to debugger/Debugger.

    8. Right-click the new string value and choose Modify from the shortcut menu.

    The Edit String dialog box appears.

    9. In the Value data box, type WinDbg’s installation path, i.e.C:\Program files\Debugging Tools for Windows\windbg.exe.

    10.  Click OK.

    11.  From the Registry menu, choose Exit.

     

    Enabling WinLogon Debugging

    To attach a debugger to WinLogon, you must go through the registry so that the process is debugged from the time it starts up. To set up WinLogon debugging, set HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinLogon.EXE\Debugger to: WinDbg’s installation path.

     

    远程调试

    1.     从服务器端连接

    WinDbg server npipe:pipe=pipename(注:可以允许多个客户端连接)或者从WinDbg内部:.server npipe:pipe=pipename(注,连接单个客户端)

    2.         从客户端连接

    WinDbg -remote npipe:server=Server, pipe=PipeName[,password=Password]或者从WinDbg内部: File->Connect to Remote Session: for connection string, enter npipe:server=Server, pipe=PipeName [,password=Password]

    3.     Remote.exe使用命名管道作为通讯的方式,也可以使用remote.exe来远程调试。注意:使用@q(不是q)来退出客户端,不用关掉服务端。

     

    事后调试(Postmortem)

    WinDbg设置成默认的即时调试器,命令是:Windbg –I。这个命令实际上是把注册表中 HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug的数值Debugger设置成WinDbg,数值Auto设置成1(默认值为 1)。

    如果要把WinDbg设置成为默认的托管调试器,你需要显示设置如下的注册表键值:

    l  HKLM\Software\Microsoft\.NETFramework\DbgJITDebugLaunchSetting设置成 2

    l  HKLM\Software\Microsoft\.NETFramework\DbgManagedDebugger 设置成Windbg.(注意其中的启动参数设置)

    通过JIT的设置,当一个应用程序在不是调试的状态下抛出了未处理的异常之时,WinDbg就会被调用并附在出问题的进程上。

     

    寄存器组织: .......................................................................


    名词表

    Debugging

    To find and remove errors (bugs) from a program or design.

    Process

    A program is a static sequence of instructions, whereas a process is a container for a set of resources used by the threads that execute the instance of the program.

    Thread

    A thread is the entity within a process that Microsoft Windows schedules for execution. Without it, the process's program can't run...................................................

     

    微软Debug Fest

    Debug Tutorial Part 1: Beginning Debugging Using CDB and NTSDPart 2: The StackPart 3: The HeapPart 4: Writing WINDBG ExtensionsPart 5: Handle LeaksPart 6: Navigating The Kernel DebuggerPart 7: Locks and Synchronization Objects

    windbg使用小总结

    WinDbg SOS帮助文档

    Basic Windbg - Introduction1.SOSBasics(续) (再续) (总结)2.High CPU的分析及诊断方法4.Out Of Memory的分析及诊断方法

    Application Compatibility - Debugging

    DataRescue IDA Pro-静态反编译/分析利器

     

    全文PDF下载

     

    分享到:

    历史上的今天:

    Android获取FPS 2013年06月26日