本文详细介绍了WinDbg中的各种命令,包括标准命令、WinDbg元命令及扩展命令等,帮助读者更好地理解和使用这些命令进行调试工作。
- 标准命令
使用 ? 可显示上述命令B[C|D|E][<bps>] - clear/disable/enable breakpoint(s) BL - list breakpoints BA <access> <size> <addr> - set processor breakpoint BP <address> - set soft breakpoint D[type][<range>] - dump memory DT [-n|y] [[mod!]name] [[-n|y]fields] [address] [-l list] [-a[]|c|i|o|r[#]|v] - dump using type information DV [<name>] - dump local variables E[type] <address> [<values>] - enter memory values G[H|N] [=<address> [<address>...]] - go K <count> - stacktrace KP <count> - stacktrace with source arguments LM[k|l|u|v] - list modules LN <expr> - list nearest symbols P [=<addr>] [<value>] - step over Q - quit R [[<reg> [= <expr>]]] - view or set registers S[<opts>] <range> <values> - search memory SX [{e|d|i|n} [-c "Cmd1"] [-c2 "Cmd2"] [-h] {Exception|Event|*}] - event filter T [=<address>] [<expr>] - trace into U [<range>] - unassemble version - show debuggee and debugger version X [<*|module>!]<*|symbol> - view symbols ? <expr> - display expression ?? <expr> - display C++ expression $< <filename> - take input from a command file - WinDbg 元命令(也称点命令)
commands: .abandon - abandon the current process .allow_exec_cmds [0|1] - control execution commands .allow_image_mapping [0|1] - control on-demand image file mapping .apply_dbp [<options>] - add current data breakpoint state to a register context .asm [<options>] - set disassembly options .asm- [<options>] - clear disassembly options .attach <proc> - attach to <proc> at next execution .block { <commands> } - brackets a set of commands for nested execution .bpsync [0|1] - special breakpoint behavior for multithreaded debuggees .break - break out of the enclosing loop .breakin - break into KD .cache [<options>] - virtual memory cache control .call <fn>(<arg1>, <arg2>, ...) - run a function in the debuggee .catch { <commands> } - catch failures in commands .chain - list current extensions .childdbg <0|1> - turn child process debugging on or off .clients - list currently active clients .closehandle [<options>] [<handle>] - close the given handle .continue - continue the enclosing loop .copysym [<options>] <path> - copy current symbol files to a directory .create <command line> - create a new process .createdir [<options>] [<path>] - control process creation options .cxr <address> - dump context record at specified address k* after this gives cxr stack .dbgdbg - attach a debugger to the current debugger .debug_sw_wow [0|1] - allow interaction with software WOW emulation .detach - detach from the current process/dump .dml_file <file> - output DML content from file .dml_flow <start> <addr> - show basic block code flow .dml_start [<options>] - navigable overview of debugger activities .do { <commands> } (<cond>) - execute <commands> until <cond> is zero .drivers - This command was removed -- use 'lm' or .reload -l) .dump [<options>] <filename> - create a dump file on the host system .dvalloc [<options>] <bytes> - VirtualAlloc memory in the debuggee .dvfree [<options>] <offset> <bytes> - VirtualFree memory in the debuggee .echo ["<string>"|<string>] - echo string .echotime - output debugger time .echotimestamps [0|1] - toggle timestamp output on events .ecxr - dump context record for current exception .effmach [<machine>] - change current machine type .else { <commands> } - if/then/else conditional execution .elsif (<cond>) { <commands> } [<else clauses>] - if/then/else conditional execution .enable_long_status [0|1] - dump LONG types in default base .enable_unicode [0|1] - dump USHORT array/pointers and unicode strings .endsrv <id> - disable the given engine server .endpsrv - cause the current session's remote server to exit .enumtag - enumerate available tagged data .event_code - display cached event instructions .eventlog - display log of recent events .events - display and select available events .eventstr - display any event strings registered by debuggee .exepath [<dir>[;...]] - set executable search path .exepath+ [<dir>[;...]] - append executable search path .expr - control expression evaluator .exptr <address> - do .exr and .cxr for EXCEPTION_POINTERS .exr <address> - dump exception record at specified address .extmatch [<opts>] <pattern> - display all extensions matching pattern .extpath <opts> [<dir>[;...]] - set extension search path .extpath+ <opts> [<dir>[;...]] - append extension search path .f+ - set current stack frame to caller of current frame .f- - set current stack frame to callee of current frame .fiber <address> - sets context of fiber at address resets context if no address specified .fiximports <pattern> - attempts to link imports for images .fnent <address> - dump function entry for the given code address .fnret <fnaddr> [<retval>] - display formatted return value .for ( <init> ; <cond> ; <step> ) { <commands> } - execute <commands> and <step> until <cond> is zero .force_radix_output [0|1] - dump integer types in default base .force_system_init [<options>] - force pending systems to initialize if possible .force_tb - forcibly allow branch tracing .foreach [opts] ( <alias> { <tcmds> } ) { <ecmds> } - execute <ecmds> for each token in the output of <tcmds> .fpo <options> - control override FPO information .frame [<frame>] - set current stack frame for locals .formats <expr> - displays expression result in many formats .help [<options>] - display this help .holdmem <options> [range] - hold and compare memory data .if (<cond>) { <commands> } [<else clauses>] - if/then/else conditional execution .ignore_missing_pages [0|1] - control kernel summary dump missing page error message .imgscan <options> - scan memory for PE images .jdinfo <jdi_addr> - interpret AeDebug information .kframes <count> - set default stack trace depth .kill - kill the current process .lastevent - display the last event that occurred .leave - exit the enclosing .catch .lines - toggle line symbol loading .load <name> - add this extension DLL to the extension chain .loadby <name> <mod> - add the extension DLL in the module directory to the extension chain .locale [<locale>] - set the current locale .logfile - display log status .logopen [<file>] - open new log file .logappend [<file>] - append to log file .logclose - close log file .netsyms [0|1] - allow/disallow net symbol paths .netuse [<options>] - manage net connections .noshell - disable shell commands .noversion - disable extension version checking .ofilter <pattern> - filter debuggee output against the given pattern .ocommand <prefix> - treat output with the given prefix as a command .opendump <file> - open a dump file .outmask <mask> - set bits in the current output mask .outmask- <mask> - clear bits in the current output mask .pcmd [<options>] - control per-prompt command .pop [<options>] - pop state .prefer_dml [0|1] - control DML mode default .printf "<format>", <args...> - formatted output .process [<address>] - sets implicit process resets default if no address specified .process_info - display security related information of current process .prompt_allow [<options>] - control what information can be displayed at the prompt .push [<options>] - push state .quit_lock [<options>] - locks session against unexpected quit .readmem <file> <range> - read raw memory from a file .record_branches [0|1] - controls recording of processor branching .reload [<image.ext>[=<address>,<size>]] - reload symbols .restart - request a session restart .remote <pipename> - start remote.exe server .secure [0|1] - disallow operations dangerous for the host .send_file <options> - send files to remote server .server <options> - start engine server .servers - list active remoting servers .setdll <name> - debugger will search for extensions in this DLL first .shell [<command>] - execute shell command .show_read_failures [<opts>] - control extra read failure output .show_sym_failures [<opts>] - control extra symbol failure output .sleep <milliseconds> - debugger sleeps for given duration useful for allowing access to a machine that's broken in on an ntsd -d .srcfix [<path extra>] - fix source search path .srcfix+ [<path extra>] - append fixed source search path .srcnoisy [0|1] - control verbose source loading output .srcpath [<dir>[;...]] - set source search path .srcpath+ [<dir>[;...]] - append source search path .step_filter [<opts>] ["<pattern>[;<pattern>...]"] - Set symbol patterns to skip when stepping .symfix [<localsym>] - fix symbol search path .symfix+ [<localsym>] - append fixed symbol search path .symopt <flags> - set symbol options .symopt+ <flags> - set symbol options .symopt- <flags> - clear symbol options .sympath [<dir>[;...]] - set symbol search path .sympath+ [<dir>[;...]] - append symbol search path .thread [<address>] - sets context of thread at address resets default context if no address specified .time - displays session time information .timezone - display timezone information .ttime - displays thread time information .tlist - list running processes .typeopt <flags> - set/clear type options .unload <name> - remove this extension DLL from the list of extension DLLs .unloadall - remove all extension DLLs from the list of extensions DLLs .wake - wake up a .sleep'ing debugger .while (<cond>) { <commands> } - execute <commands> while <cond> is non-zero .writemem <file> <range> - write raw memory to a file .rrestart - register current session for Application Restart .urestart - unregister current session from Application Restart .inline - query the state whether debuggers should query inline functions .stackprovider - query the state whether debugger should query stack dump providers .stkwalk_force_frame_pointer - query or set the state whether debuggers should unwind stack solely based on frame pointer .hideinjectedcode [<on|off|help>] - Hide injected calls from stepping in source mode
使用 .help 可显示上述的命令
- 扩展命令(!命令)
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
