DebuggingToolsforWindows(WinDbg)6.12.2.633资源-CSDN下载

共4个文件

exe：2个

msi：1个

pdf：1个

WinDbg

Debugging

Tools

Windows

4星 · 超过85%的资源需积分: 20 44 浏览量 2011-09-18 03:24:41 上传评论收藏 22.06MB RAR 举报

《深入探索Windows调试工具WinDbg 6.12.2.633》 WinDbg，全称为Windows Debugger，是由微软公司推出的强大的调试工具，版本为6.12.2.633，它提供了对Kernel模式调试以及用户模式调试的支持，同时还具备分析Dump文件的能力。本文将详细阐述WinDbg的基础知识、使用技巧及其在实际问题解决中的应用。一、WinDbg的基础功能 1. **Kernel模式调试**：WinDbg允许开发者在操作系统内核级别进行调试，这使得开发者能够对系统驱动程序、系统服务以及内核崩溃等问题进行深入研究。通过设置调试器，用户可以实时监控系统调用，检查内核状态，甚至在发生异常时捕获关键信息。 2. **用户模式调试**：在用户模式下，WinDbg可调试应用程序，帮助开发者定位内存泄漏、线程同步问题、崩溃等常见错误。它支持挂起、恢复、终止进程，以及跟踪代码执行路径，提供丰富的断点设置选项。 3. **Dump文件分析**：WinDbg能读取和分析内存转储文件（Dump文件），这是系统崩溃或异常时保存的内存快照。通过对Dump文件的解析，开发者可以重现问题现场，找出导致问题的原因，这对于远程诊断和修复问题尤其有价值。二、WinDbg的使用技巧 1. **命令行操作**：WinDbg拥有强大的命令行接口，用户可以通过输入调试命令实现各种高级功能。例如，`kb`命令显示堆栈回溯，`dv`查看变量值，`lm`列出模块信息，`!analyze -v`进行详细的崩溃分析。 2. **图形界面**：除了命令行，WinDbg还提供了一个直观的图形用户界面，便于用户操作。用户可以通过界面中的工具栏按钮、菜单项或者快捷键来执行调试操作。 3. **脚本编程**：WinDbg支持使用C++和JScript编写调试脚本，这使得复杂的调试任务自动化成为可能，提高调试效率。 4. **扩展性**：WinDbg可以加载扩展DLL，这些扩展提供了额外的功能，如内存检查、性能分析等。例如，`!heap`系列命令用于分析堆分配，`!livekd`扩展则用于远程Kernel调试。三、WinDbg的实际应用 1. **系统稳定性分析**：当系统出现蓝屏或其他稳定性问题时，WinDbg可以用来分析内存转储文件，找出引发问题的驱动或系统组件。 2. **软件故障排查**：在软件开发过程中，WinDbg可以帮助开发者定位程序崩溃、异常退出的具体原因，通过设置断点、观察变量变化、分析调用堆栈等手段找到问题根源。 3. **性能优化**：通过WinDbg，开发者可以跟踪CPU使用情况，分析内存泄漏，定位程序中的性能瓶颈，从而进行优化。 4. **安全分析**：在安全领域，WinDbg可用于分析恶意软件行为，查找病毒、木马的运行轨迹，为安全研究人员提供有力的工具。总结，WinDbg作为一款功能强大的调试工具，其在Windows平台上的应用广泛且深入。无论是在系统级调试、应用级调试，还是在故障分析和性能优化等方面，WinDbg都展现出了无可替代的价值。对于任何致力于提升软件质量、解决复杂问题的开发者来说，掌握WinDbg的使用技巧是必不可少的技能。

资源推荐

资源详情

资源评论

收起资源包目录

WinDbg 6.12.2.633.rar （4个子文件）

WinDbg 6.12.2.633

psscor2.exe 1.41MB

WinDbg_cmds.pdf 216KB

dbg_x86.msi 18.38MB

Psscor4.EXE 2.64MB

Thinking debugging? Think www.windbg.info

By Robert Kuster

Posted : 01 Feb 2009

Updated : 17 Feb 2009

Common WinDbg Commands (Thematically Grouped)

1) Built-in help commands 9) Exceptions, events, and crash analysis 17) Information about variables

2) General WinDbg's commands (clear

screen, ..)

10) Loaded modules and image information 18) Memory

3) Debugging sessions (attach, detach, ..) 11) Process related information 19) Manipulating memory ranges

4) Expressions and commands 12) Thread related information 20) Memory: Heap

5) Debugger markup language (DML) 13) Breakpoints 21) Application Verifier

6) Main extensions 14) Tracing and stepping (F10, F11) 22) Logging extension (logexts.dll)

7) Symbols 15) Call stack

8) Sources 16) Registers

1) Built-in help commands

C m d V a r i a n t s / P a r a m s D e s cr i p t i o n

? /D

Display regular commands

Display regular commands as DML

.help

.help /D

.help /D a*

Display . commands

Display . commands in DML format (top bar of links is given)

Display . commands that start with a* (wildcard) as DML

.chain

.chain /D

Lists all loaded debugger extensions

Lists all loaded debugger extensions as DML (where extensions are linked

to a .extmatch)

.extmatch

.extmatch /e ExtDLL FunctionFilter

.extmatch /D /e ExtDLL FunctionFilter

Show all exported functions of an extension DLL. FunctionFilter = wildcard

string

Same in DML format (functions link to "!ExtName.help FuncName"

commands)

Example: .extmatch /D /e uext * (show all exported functions of

uext.dll)

.hh

.hh Text

Open WinDbg's help

Text = text to look up in the help file index

Example: .hh dt

2) General WinDbg's commands (show version, clear screen, etc.)

C m d V a r i a n t s / P a r a m s D e s c r i p t i o n

version Dump version info of debugger and loaded extension DLLs

vercommand Dump command line that was used to start the debugger

vertarget Version of target computer

CTRL+ALT+V

Toggle verbose mode ON/OFF

In verbose mode some commands (such as register dumping) have more

detailed output.

n n [8 | 10 | 16] Set number base

formats

.formats Expression Show number formats = evaluates a numerical expression or symbol and

displays it in multiple numerical formats (hex, decimal, octal, binary,

time, ..)

Example 1: .formats 5

Example 2: .formats poi(nLocal1) == .formats @@($!nLocal1)

.cls Clear screen

.lastevent

Displays the most recent exception or event that occurred (why the

debugger is waiting?)

.effmach

.effmach .

.effmach #

.effmach x86 | amd64 | ia64 | ebc

Dump effective machine (x86, amd64, ..):

Use target computer's native processor mode

Use processor mode of the code that is executing for the most recent event

Use x86, amd64, ia64, or ebc processor mode

This setting influences many debugger features:

-> which processor's unwinder is used for stack tracing

-> which processor's register set is active

.time display time (system-up, process-up, kernel time, user time)

3) Debugging sessions (attach, detach, ..)

C m d V a r i a n t s / P a r a m s D e s c r i p t i o n

.attach PID attach to a process

.detach

ends the debugging session, but leaves any user-mode target application

running

q, qq Quit = ends the debugging session and terminates the target application

Remote debugging: q= no effect; qq= terminates the debug server

.restart Restart target application

4) Expressions and commands

C m d V a r i a n t s / P a r a m s D e s c r i p t i o n

; Command separator (cm1; cm2; ..)

? Expression

?? Expression

Evaluate expression (use default evaluator)

Evaluate c++ expression

.expr

.expr /q

.expr /s c++

.expr /s masm

Choose default expression evaluator

Show current evaluator

Show available evaluators

Set c++ as the default expression evaluator

Set masm as the default expression evaluator

* [any text] Comment Line Specifier

Terminated by: end of line

$$ [any text] Comment Specifier

Terminated by: end of line OR semicolon

.echo

.echo String

.echo "String"

Echo Comment -> comment text + echo it

Terminated by: end of line OR semicolon

With the $$ token or the * token the debugger will ignore the inputted text

without echoing it.

5) Debugger markup language (DML)

Starting with the 6.6.07 version of the debugger a new mechanism for enhancing output from the debugger and extensions was included: DML.

DML allows output to include directives and extra non-display information in the form of tags.

Debugger user interfaces parse out the extra information to provide new behaviors.

DML is primarily intended to address two issues:

Linking of related information

Discoverability of debugger and extension functionality

C m d V a r i a n t s / P a r a m s D e s c r i p t i o n

.dml_start Kick of to other DML commands

.prefer_dml

.prefer_dml [1 | 0] Global setting: should DML-enhanced commands default to DML?

Note that many commands like k, lm, .. output DML content thereafter.

.help /D .help has a new DML mode where a top bar of links is given

.chain /D .chain has a new DML mode where extensions are linked to a .extmatch

.extmatch /D

.extmatch has a new DML format where exported functions link to "!

ExtName.help FuncName" commands

lmD lm has a new DML mode where module names link to lmv commands

kM k has a new DML mode where frame numbers link to a .frame/dv

.dml_flow

.dml_flow StartAddr TargetAddr

Allows for interactive exploration of code flow for a function.

1. Builds a code flow graph for the function starting at the given start

address (similar to uf)

2. Shows the basic block given the target address plus links to

referring blocks and blocks referred to by the current block

Example: .dml_flow CreateRemoteThread CreateRemoteThread+30

6) Main extensions

C m d V a r i a n t s / P a r a m s D i s p l a y s u p p o r t e d c o m m a n d s f o r . .

!Ext.help General extensions

!Exts.help -||-

!Uext.help User-Mode Extensions (non-OS specific)

!Ntsdexts.help User-Mode Extensions (OS specific)

!logexts.help Logger Extensions

!clr10\sos.help Debugging managed code

!wow64exts.help Wow64 debugger extensions

!Wdfkd.help Kernel-Mode driver framework extensions

!Gdikdx.help Graphics driver extensions

!NAME.help

!NAME.help FUNCTION

Display detailed help about an exported function

NAME = placeholder for extension DLL

FUNCTION = placeholder for exported function

Example: !Ntsdexts.help handle (show detailed help about !

Ntsdexts.handle)

7) Symbols

C m d V a r i a n t s / P a r a m s D e s c r i p t i o n

ld ModuleName

ld *

Load symbols for Module

Load symbols for all modules

!sym

!sym noisy

!sym quiet

Get state of symbol loading

Set noisy symbol loading (debugger displays info about its search for

symbols)

Set quiet symbol loading (=default)

x [Options] Module!Symbol

x /t ..

x /v ..

x /a ..

x /n ..

x /z ..

Examine symbols: displays symbols that match the specified pattern

with data type

verbose (symbol type and size)

sort by address

sort by name

sort by size ("size" of a function symbol is the size of the function in

memory)

ln Addr

List nearest symbols = display the symbols at or near the given Addr.

Useful to:

determine what a pointer is pointing to

when looking at a corrupted stack to determine which procedure

made a call

.sympath

.sympath+

Display or set symbol search path

Append directories to previous symbol path

.symopt

.symopt+ Flags

.symopt- Flags

displays current symbol options

add option

remove option

.symfix

.symfix+ DownstreamStore

Set symbol store path to automatically point to http://msdl.microsoft.com/

download/symbols

+ = append it to the existing path

DownstreamStore = directory to be used as a downstream store. Default is

WinDbgInstallationDir\Sym.

.reload

.reload [/f | /v]

.reload [/f | /v] Module

Reload symbol information for all modules**

f = force immediate symbol load (overrides lazy loading); v = verbose

mode

Module = for Module only

**Note: The .reload command does not actually cause symbol information

to be read. It just lets the debugger know that the symbol files may have

changed, or that a new module should be added to the module list. To force

actual symbol loading to occur use the /f option, or the ld (Load Symbols)

command.

Collapse

x *! list all modules

x ntdll!* list all symbols of ntdll

x /t /v MyDll!* list all symbol in MyDll with data type, symbol type and size

x kernel32!*LoadLib* list all symbols in kernel32 that contain the word LoadLib

.sympath+ C:\MoreSymbols add symbols from C:\MoreSymbols (folder location)

.reload /f @"ntdll.dll" Immediately reload symbols for ntdll.dll.

.reload /f @"C:\WINNT\System32\verifier.dll" Reload symbols for verifier. Use the given path.

Also check the "!lmi" command.

8) Sources

C m d V a r i a n t s / P a r a m s D e s c r i p t i o n

.srcpath

.srcpath+ DIR

Display or set source search path

Append directory to the searched source path

.srcnoisy {1|0} Controls noisy source loading

.lines [-e | -d | -t] Toggle source line support: enable; disable; toggle

l (small letter L)

l+l, l-l

l+o, l-o

l+s, l-s

l+t, l-t

show line numbers

suppress all but [s]

source and line number

source mode vs. assembly mode

9) Exceptions, events, and crash analysis

C m d V a r i a n t s / P a r a m s D e s c r i p t i o n

Go exception handled

Go not handled

.lastevent What happened? Shows most recent event or exception

!analyze

!analyze -v

!analyze -hang

!analyze -f

Display information about the current exception or bug check; verbose

User mode: Analyzes the thread stack to determine whether any threads

are blocking other threads.

See an exception analysis even when the debugger does not detect an

exception.

sxe

sxd

sxn

sxi

sxr

Show all event filters with break status and handling

break first-chance

break second-chance

notify; don't break

ignore event

reset filter settings to default values

.exr

.exr-1

.exr Addr

display most recent exception record

display exception record at Addr

.ecxr

displays exception context record (registers) associated with the current

exception

!cppexr Addr Display content and type of C++ exception

Collapse

exr -1 display most recent exception

.exr 7c901230 display exception at address 7c901230

!cppexr 7c901230 display c++ exception at address 7c901230

10) Loaded modules and image information

C m d V a r i a n t s / P a r a m s D e s c r i p t i o n

lm[ v | l | k | u | f ] [m Pattern]

lmD

List modules; verbose | with loaded symbols | k-kernel or u-user only

symbol info | image path; pattern that the module name must match

DML mode of lm; lmv command links included in output

!dlls

!dlls -i

!dlls -l

!dlls -m

!dlls -v

!dlls -c ModuleAddr

!dlls -?

all loaded modules with load count

by initialization order

by load order (default)

by memory order

with version info

only module at ModuleAddr

brief help

!imgreloc ImgBaseAddr information about relocated images

!lmi Module detailed info about a module (including exact symbol info)

!dh

!dh ImgBaseAddr

!dh -f ImgBaseAddr

!dh -s ImgBaseAddr

!dh -h

Dump headers for ImgBaseAddr

f = file headers only

s = section headers only

h = brief help

The !lmi extension extracts the most important information from the image

header and displays it in a concise summary format. It is often more useful

than !dh.

Collapse

lm display all loaded and unloaded modules

lmv m kernel32 display verbose (all possible) information for kernel32.dll

lmD DML variant of lm

评论收藏

内容反馈

Zen_Yue

2012-12-27

非常不错，xp sp2 可用,版本也比之前下的新
wanhuibing

2012-10-02

很好，诊断蓝屏确实不错。
qq_27040669

2018-09-17

没有用，不过还是要谢谢分享
fixday

2012-10-13

不错，版本能用，版本较新。

monkeyclaw

粉丝: 1

Debugging Tools for Windows(WinDbg) 6.12.2.633

最新资源

Debugging Tools for Windows(WinDbg) 6.12.2.633

Debugging Tools for Windows

Debugging tools for windows

debugging tools

Windows debug tools

Debugging Tools

Debuggers And Tools-x64_en-us v6.12.0002.633 AMD64

Debuggers And Tools x86和x64都可用

Debuggers And Tools(windbg安装包)x64 & x86.rar

Debugging Tools for Windows（X86+X64）

Debugging_Tools_for_Windows

windbg Debugging Tools for Windows

Debugging Tools for Windows(Windbg 6.12.2.633 x86)

Windbg 6.12

Debugging Tools for Windows.zip

真正Win10中可用的windbg10（Debugging Tools for Windows 10）

Debugging Tools for Windows x86 and x64

Debugging Tools for Windows (x86)windows分析工具

DebuggingTools

WinDbg x64 Debugging Tools for Windows

windbg使用

Debugging_Tools_for_Windows.rar

Windbg_6.12.2.633_x86_x64

windbg 6.3.9600 wdk8.1 内置版本 32与64位

windbg 6.3.9600.17298 msdn

WinDbg_X64_v10.0.16299.15.msi

WinDbg_x64(msi安装程序)_and_X86(免安装)工具包资源.rar

win7 CDB (Qt msvc调试必备工具)

labview信号时序分析--脉冲测量

hypervi.rar_matlab 高光谱_光谱_光谱 指数_植被高光谱_高光谱 数据

最新资源

hypervi.rar_matlab 高光谱_光谱_光谱指数_植被高光谱_高光谱数据