windbg调试命令3(sx、ld)

于 2013-04-12 16:32:00 发布
阅读量276 收藏
点赞数
文章标签: c/c++
本文详细介绍如何使用Windbg的sx和ld命令进行调试设置,包括控制异常处理、加载符号及特定模块加载时的中断。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

1.sx

sx* 命令用来控制被调试的程序发生某个异常或特定事件时,调试器要采取的动作

sx 命令显示当前进程的异常列表和所有非异常的事件列表,并且显示调试器遇到每个异常和事件时的行为。

sxr 命令将所有异常和事件过滤器的状态重设为默认值。命令被清除、中断和继续选项被重设为默认值,等等。

sx这个命令的输出信息可以分为三个部分:

第一部分是事件处理与相应处理模式的交互,第二部分是标准的异常交互和处理行为,最后一部分是用户自定义的异常交互和处理行为

以下面为例,我们先输入sxr再输入sx看下默认的处理行为都是怎么样的:

0:000>sxr
  1. sxstateresettodefaults
  2. 0:000>sx
  3. ct-Createthread-ignore
  4. et-Exitthread-ignore
  5. cpr-Createprocess-ignore
  6. epr-Exitprocess-ignore
  7. ld-Loadmodule-output
  8. ud-Unloadmodule-ignore
  9. ser-Systemerror-ignore
  10. ibp-Initialbreakpoint-ignore
  11. iml-Initialmoduleload-ignore
  12. out-Debuggeeoutput-output
  14. av-Accessviolation-break-nothandled
  15. asrt-Assertionfailure-break-nothandled
  16. aph-Applicationhang-break-nothandled
  17. bpe-Breakinstructionexception-break
  18. bpec-Breakinstructionexceptioncontinue-handled
  19. eh-C++EHexception-second-chancebreak-nothandled
  20. clr-CLRexception-second-chancebreak-nothandled
  21. clrn-CLRnotificationexception-second-chancebreak-handled
  22. cce-Control-Breakexception-break
  23. cc-Control-Breakexceptioncontinue-handled
  24. cce-Control-Cexception-break
  25. cc-Control-Cexceptioncontinue-handled
  26. dm-Datamisaligned-break-nothandled
  27. dbce-Debuggercommandexception-ignore-handled
  28. gp-Guardpageviolation-break-nothandled
  29. ii-Illegalinstruction-second-chancebreak-nothandled
  30. ip-In-pageI/Oerror-break-nothandled
  31. dz-Integerdivide-by-zero-break-nothandled
  32. iov-Integeroverflow-break-nothandled
  33. ch-Invalidhandle-break
  34. hc-Invalidhandlecontinue-nothandled
  35. lsq-Invalidlocksequence-break-nothandled
  36. isc-Invalidsystemcall-break-nothandled
  37. 3c-Portdisconnected-second-chancebreak-nothandled
  38. svh-Servicehang-break-nothandled
  39. sse-Singlestepexception-break
  40. ssec-Singlestepexceptioncontinue-handled
  41. sbo-Stackbufferoverflow-break-nothandled
  42. sov-Stackoverflow-break-nothandled
  43. vs-Verifierstop-break-nothandled
  44. vcpp-VisualC++exception-ignore-handled
  45. wkd-Wakedebugger-break-nothandled
  46. wob-WOW64breakpoint-break-handled
  47. wos-WOW64singlestepexception-break-handled
  49. *-Otherexception-second-chancebreak-nothandled 
0:000> sxr
sx state reset to defaults
0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - ignore
  ld - Load module - output
  ud - Unload module - ignore
 ser - System error - ignore
 ibp - Initial breakpoint - ignore
 iml - Initial module load - ignore
 out - Debuggee output - output

  av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
 aph - Application hang - break - not handled
 bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
  eh - C++ EH exception - second-chance break - not handled
 clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
 cce - Control-Break exception - break
  cc - Control-Break exception continue - handled
 cce - Control-C exception - break
  cc - Control-C exception continue - handled
  dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
  gp - Guard page violation - break - not handled
  ii - Illegal instruction - second-chance break - not handled
  ip - In-page I/O error - break - not handled
  dz - Integer divide-by-zero - break - not handled
 iov - Integer overflow - break - not handled
  ch - Invalid handle - break
  hc - Invalid handle continue - not handled
 lsq - Invalid lock sequence - break - not handled
 isc - Invalid system call - break - not handled
  3c - Port disconnected - second-chance break - not handled
 svh - Service hang - break - not handled
 sse - Single step exception - break
ssec - Single step exception continue - handled
 sbo - Stack buffer overflow - break - not handled
 sov - Stack overflow - break - not handled
  vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
 wkd - Wake debugger - break - not handled
 wob - WOW64 breakpoint - break - handled
 wos - WOW64 single step exception - break - handled

   * - Other exception - second-chance break - not handled

随便找个出来ld - Load module - output,说明在加载模块时的行为是输出,OK,我们把它断掉:

sxe Break

(Enabled)		当发生该异常时,在任何错误处理器被激活之前目标立即中断到调试器中。这种处理类型称为第一次处理机会
sxdSecond chance break

(Disabled)		发生该类异常时,调试器不会在第一次处理机会时中断(虽然会显示信息)。如果其他错误处理器没有处理掉该异常,执行会停止下来并中断到调试器。这种处理类型称为第二次处理机会
sxnOutput

(Notify)		当该异常发生时,目标程序不中断到调试器中。但是,会通过一条消息提示发生了异常。
sxiIgnore异常发生时,目标程序不中断到调试器,并且不会显示信息。

使用sxe ld试试

:000>sxeld
  1. 0:000>sx
  2. ct-Createthread-ignore
  3. et-Exitthread-ignore
  4. cpr-Createprocess-ignore
  5. epr-Exitprocess-ignore
  6. ld-Loadmodule-break 
:000> sxe ld
0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - ignore
  ld - Load module - break

再次调用sx查看,我们发现现在变成了ld - Load module - break,处理行为变成了break,运行试试

0:000>g
  1. ModLoad:73fa00007400b000C:\WINDOWS\system32\USP10.dll
  2. eax=77ef23d4ebx=00000000ecx=77ef7c79edx=62c25200esi=00000000edi=00000000
  3. eip=7c92e514esp=0012e8c0ebp=0012e9b4iopl=0nvupeingnzacpenc
  4. cs=001bss=0023ds=0023es=0023fs=003bgs=0000efl=00000296
  5. ntdll!KiFastSystemCallRet:
  6. 7c92e514c3ret
  7. 0:000>kb
  8. ChildEBPRetAddrArgstoChild
  9. 0012e8bc7c92d52a7c93adfb000007d0ffffffffntdll!KiFastSystemCallRet
  10. 0012e8c07c93adfb000007d0ffffffff0012e998ntdll!NtMapViewOfSection+0xc
  11. 0012e9b47c93c880001531a07ffdfc0000000000ntdll!LdrpMapDll+0x330
  12. 0012ec147c9446f2001531a062c202d462c20000ntdll!LdrpLoadImportModule+0x174
  13. 0012ec587c94469b7ffd9000001531a000253128ntdll!LdrpHandleOneNewFormatImportDescriptor+0x53
  14. 0012ec787c9447d57ffd9000001531a000253128ntdll!LdrpHandleNewFormatImportDescriptors+0x20
  15. 0012ecf47c936227001531a000253128c0150008ntdll!LdrpWalkImportDescriptor+0x19e
  16. 0012efa47c93643d00000000001531a00012f298ntdll!LdrpLoadDll+0x24e
  17. 0012f24c7c801bbd001531a00012f2980012f278ntdll!LdrLoadDll+0x230
  18. 0012f2b47c80aefc77ef1a1c0000000000000000kernel32!LoadLibraryExW+0x18e
  19. 0012f2c877f1da0677ef1a1c000000007ffdf000kernel32!LoadLibraryW+0x11
  20. 0012f2f077f143610000001f0000000077d712a0GDI32!GdiInitializeLanguagePack+0x15
  21. 0012f30477d1a03d00000000000000007c946102GDI32!GdiProcessSetup+0x11d
  22. 0012f44477d1a1437c92e4730012f45800000000USER32!ClientThreadSetup+0x33
  23. 0012f4487c92e4730012f4580000000077ef67c4USER32!__ClientThreadSetup+0x5
  24. 0012f45477ef67c477ef65530012f5a80012f9f0ntdll!KiUserCallbackDispatcher+0x13
  25. 0012f46477d1b47377d10000000000010012fd30GDI32!NtGdiInit+0xc
  26. 0012f9f07c92118a77d10000000000010012fd30USER32!_UserClientDllInitialize+0x315
  27. 0012fa107c93b5d277d1b21777d1000000000001ntdll!LdrpCallInitRoutine+0x14
  28. 0012fb187c93fbdc0012fd307ffdf0007ffd9000ntdll!LdrpRunInitializeRoutines+0x344
  29. 0:000>du77ef1a1c
  30. 77ef1a1c"LPK.DLL" 
0:000> g
ModLoad: 73fa0000 7400b000   C:\WINDOWS\system32\USP10.dll
eax=77ef23d4 ebx=00000000 ecx=77ef7c79 edx=62c25200 esi=00000000 edi=00000000
eip=7c92e514 esp=0012e8c0 ebp=0012e9b4 iopl=0         nv up ei ng nz ac pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000296
ntdll!KiFastSystemCallRet:
7c92e514 c3              ret
0:000> kb
ChildEBP RetAddr  Args to Child              
0012e8bc 7c92d52a 7c93adfb 000007d0 ffffffff ntdll!KiFastSystemCallRet
0012e8c0 7c93adfb 000007d0 ffffffff 0012e998 ntdll!NtMapViewOfSection+0xc
0012e9b4 7c93c880 001531a0 7ffdfc00 00000000 ntdll!LdrpMapDll+0x330
0012ec14 7c9446f2 001531a0 62c202d4 62c20000 ntdll!LdrpLoadImportModule+0x174
0012ec58 7c94469b 7ffd9000 001531a0 00253128 ntdll!LdrpHandleOneNewFormatImportDescriptor+0x53
0012ec78 7c9447d5 7ffd9000 001531a0 00253128 ntdll!LdrpHandleNewFormatImportDescriptors+0x20
0012ecf4 7c936227 001531a0 00253128 c0150008 ntdll!LdrpWalkImportDescriptor+0x19e
0012efa4 7c93643d 00000000 001531a0 0012f298 ntdll!LdrpLoadDll+0x24e
0012f24c 7c801bbd 001531a0 0012f298 0012f278 ntdll!LdrLoadDll+0x230
0012f2b4 7c80aefc 77ef1a1c 00000000 00000000 kernel32!LoadLibraryExW+0x18e
0012f2c8 77f1da06 77ef1a1c 00000000 7ffdf000 kernel32!LoadLibraryW+0x11
0012f2f0 77f14361 0000001f 00000000 77d712a0 GDI32!GdiInitializeLanguagePack+0x15
0012f304 77d1a03d 00000000 00000000 7c946102 GDI32!GdiProcessSetup+0x11d
0012f444 77d1a143 7c92e473 0012f458 00000000 USER32!ClientThreadSetup+0x33
0012f448 7c92e473 0012f458 00000000 77ef67c4 USER32!__ClientThreadSetup+0x5
0012f454 77ef67c4 77ef6553 0012f5a8 0012f9f0 ntdll!KiUserCallbackDispatcher+0x13
0012f464 77d1b473 77d10000 00000001 0012fd30 GDI32!NtGdiInit+0xc
0012f9f0 7c92118a 77d10000 00000001 0012fd30 USER32!_UserClientDllInitialize+0x315
0012fa10 7c93b5d2 77d1b217 77d10000 00000001 ntdll!LdrpCallInitRoutine+0x14
0012fb18 7c93fbdc 0012fd30 7ffdf000 7ffd9000 ntdll!LdrpRunInitializeRoutines+0x344
0:000> du 77ef1a1c 
77ef1a1c  "LPK.DLL"

果然断下来了,断在加载LPK.dll模块时,那么如果我们只想让它在加载SkinHgy.dll时断下来怎么办呢?需要介绍下ld了

2.ld
ld(load symbols)命令加载指定模块的符号并刷新所有模块信息。

ModuleName 指定要加载符号的模块名。ModuleName 可以包含各种通配符和修饰符。可以包含通配符,这是个好消息

0:000>lm
  1. startendmodulename
  2. 0040000000b89000Simple1Demo(deferred)
  3. 7c9200007c9b6000ntdll(pdbsymbols)c:\mysymbol\ntdll.pdb\CEFC0863B1F84130A11E0F54180CD21A2\ntdll.pdb
  4. 0:000>ldSimple1Demo
  5. ***WARNING:UnabletoverifychecksumforSimple1Demo.exe
  6. SymbolsloadedforSimple1Demo
  7. 0:000>lm
  8. startendmodulename
  9. 0040000000b89000Simple1DemoC(privatepdbsymbols)D:\project\代码\新控件库\SkinHgy\Debug\Simple1Demo.pdb
  10. 7c9200007c9b6000ntdll(pdbsymbols)c:\mysymbol\ntdll.pdb\CEFC0863B1F84130A11E0F54180CD21A2\ntdll.pdb
0:000> lm
start    end        module name
00400000 00b89000   Simple1Demo   (deferred)             
7c920000 7c9b6000   ntdll      (pdb symbols)          c:\mysymbol\ntdll.pdb\CEFC0863B1F84130A11E0F54180CD21A2\ntdll.pdb
0:000> ld Simple1Demo
*** WARNING: Unable to verify checksum for Simple1Demo.exe
Symbols loaded for Simple1Demo
0:000> lm
start    end        module name
00400000 00b89000   Simple1Demo C (private pdb symbols)  D:\project\代码\新控件库\SkinHgy\Debug\Simple1Demo.pdb
7c920000 7c9b6000   ntdll      (pdb symbols)          c:\mysymbol\ntdll.pdb\CEFC0863B1F84130A11E0F54180CD21A2\ntdll.pdb


再加载次试试:

0:000>ldSimple1Demo
  1. SymbolsalreadyloadedforSimple1Demo 
0:000> ld Simple1Demo
Symbols already loaded for Simple1Demo


提示已加载,看来还是.reload好用啊。那么接着1,我们来设置只在ld skinhgy时断下来:

0:000>sx
  1. ct-Createthread-ignore
  2. et-Exitthread-ignore
  3. cpr-Createprocess-ignore
  4. epr-Exitprocess-ignore
  5. ld-Loadmodule-break
  6. ud-Unloadmodule-ignore
  7. ser-Systemerror-ignore
  8. ibp-Initialbreakpoint-ignore
  9. iml-Initialmoduleload-ignore
  10. out-Debuggeeoutput-output
  12. av-Accessviolation-break-nothandled
  13. asrt-Assertionfailure-break-nothandled
  14. aph-Applicationhang-break-nothandled
  15. bpe-Breakinstructionexception-break
  16. bpec-Breakinstructionexceptioncontinue-handled
  17. eh-C++EHexception-second-chancebreak-nothandled
  18. clr-CLRexception-second-chancebreak-nothandled
  19. clrn-CLRnotificationexception-second-chancebreak-handled
  20. cce-Control-Breakexception-break
  21. cc-Control-Breakexceptioncontinue-handled
  22. cce-Control-Cexception-break
  23. cc-Control-Cexceptioncontinue-handled
  24. dm-Datamisaligned-break-nothandled
  25. dbce-Debuggercommandexception-ignore-handled
  26. gp-Guardpageviolation-break-nothandled
  27. ii-Illegalinstruction-second-chancebreak-nothandled
  28. ip-In-pageI/Oerror-break-nothandled
  29. dz-Integerdivide-by-zero-break-nothandled
  30. iov-Integeroverflow-break-nothandled
  31. ch-Invalidhandle-break
  32. hc-Invalidhandlecontinue-nothandled
  33. lsq-Invalidlocksequence-break-nothandled
  34. isc-Invalidsystemcall-break-nothandled
  35. 3c-Portdisconnected-second-chancebreak-nothandled
  36. svh-Servicehang-break-nothandled
  37. sse-Singlestepexception-break
  38. ssec-Singlestepexceptioncontinue-handled
  39. sbo-Stackbufferoverflow-break-nothandled
  40. sov-Stackoverflow-break-nothandled
  41. vs-Verifierstop-break-nothandled
  42. vcpp-VisualC++exception-ignore-handled
  43. wkd-Wakedebugger-break-nothandled
  44. wob-WOW64breakpoint-break-handled
  45. wos-WOW64singlestepexception-break-handled
  47. *-Otherexception-second-chancebreak-nothandled
  48. 0:000>sexldskinhgy.dll
  49. Couldn'tresolveerrorat'ex'
  50. 0:000>sxeldskinhgy.dll
  51. 0:000>sx
  52. ct-Createthread-ignore
  53. et-Exitthread-ignore
  54. cpr-Createprocess-ignore
  55. epr-Exitprocess-ignore
  56. ld-Loadmodule-break
  57. (onlybreakforskinhgy.dll)
  58. ud-Unloadmodule-ignore
  59. ser-Systemerror-ignore
  60. ibp-Initialbreakpoint-ignore
  61. iml-Initialmoduleload-ignore
  62. out-Debuggeeoutput-output
  64. av-Accessviolation-break-nothandled
  65. asrt-Assertionfailure-break-nothandled
  66. aph-Applicationhang-break-nothandled
  67. bpe-Breakinstructionexception-break
  68. bpec-Breakinstructionexceptioncontinue-handled
  69. eh-C++EHexception-second-chancebreak-nothandled
  70. clr-CLRexception-second-chancebreak-nothandled
  71. clrn-CLRnotificationexception-second-chancebreak-handled
  72. cce-Control-Breakexception-break
  73. cc-Control-Breakexceptioncontinue-handled
  74. cce-Control-Cexception-break
  75. cc-Control-Cexceptioncontinue-handled
  76. dm-Datamisaligned-break-nothandled
  77. dbce-Debuggercommandexception-ignore-handled
  78. gp-Guardpageviolation-break-nothandled
  79. ii-Illegalinstruction-second-chancebreak-nothandled
  80. ip-In-pageI/Oerror-break-nothandled
  81. dz-Integerdivide-by-zero-break-nothandled
  82. iov-Integeroverflow-break-nothandled
  83. ch-Invalidhandle-break
  84. hc-Invalidhandlecontinue-nothandled
  85. lsq-Invalidlocksequence-break-nothandled
  86. isc-Invalidsystemcall-break-nothandled
  87. 3c-Portdisconnected-second-chancebreak-nothandled
  88. svh-Servicehang-break-nothandled
  89. sse-Singlestepexception-break
  90. ssec-Singlestepexceptioncontinue-handled
  91. sbo-Stackbufferoverflow-break-nothandled
  92. sov-Stackoverflow-break-nothandled
  93. vs-Verifierstop-break-nothandled
  94. vcpp-VisualC++exception-ignore-handled
  95. wkd-Wakedebugger-break-nothandled
  96. wob-WOW64breakpoint-break-handled
  97. wos-WOW64singlestepexception-break-handled
  99. *-Otherexception-second-chancebreak-nothandled 
0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - ignore
  ld - Load module - break
  ud - Unload module - ignore
 ser - System error - ignore
 ibp - Initial breakpoint - ignore
 iml - Initial module load - ignore
 out - Debuggee output - output

  av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
 aph - Application hang - break - not handled
 bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
  eh - C++ EH exception - second-chance break - not handled
 clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
 cce - Control-Break exception - break
  cc - Control-Break exception continue - handled
 cce - Control-C exception - break
  cc - Control-C exception continue - handled
  dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
  gp - Guard page violation - break - not handled
  ii - Illegal instruction - second-chance break - not handled
  ip - In-page I/O error - break - not handled
  dz - Integer divide-by-zero - break - not handled
 iov - Integer overflow - break - not handled
  ch - Invalid handle - break
  hc - Invalid handle continue - not handled
 lsq - Invalid lock sequence - break - not handled
 isc - Invalid system call - break - not handled
  3c - Port disconnected - second-chance break - not handled
 svh - Service hang - break - not handled
 sse - Single step exception - break
ssec - Single step exception continue - handled
 sbo - Stack buffer overflow - break - not handled
 sov - Stack overflow - break - not handled
  vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
 wkd - Wake debugger - break - not handled
 wob - WOW64 breakpoint - break - handled
 wos - WOW64 single step exception - break - handled

   * - Other exception - second-chance break - not handled
0:000> sex ld skinhgy.dll
Couldn't resolve error at 'ex '
0:000> sxe ld skinhgy.dll
0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - ignore
  ld - Load module - break
       (only break for skinhgy.dll)
  ud - Unload module - ignore
 ser - System error - ignore
 ibp - Initial breakpoint - ignore
 iml - Initial module load - ignore
 out - Debuggee output - output

  av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
 aph - Application hang - break - not handled
 bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
  eh - C++ EH exception - second-chance break - not handled
 clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
 cce - Control-Break exception - break
  cc - Control-Break exception continue - handled
 cce - Control-C exception - break
  cc - Control-C exception continue - handled
  dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
  gp - Guard page violation - break - not handled
  ii - Illegal instruction - second-chance break - not handled
  ip - In-page I/O error - break - not handled
  dz - Integer divide-by-zero - break - not handled
 iov - Integer overflow - break - not handled
  ch - Invalid handle - break
  hc - Invalid handle continue - not handled
 lsq - Invalid lock sequence - break - not handled
 isc - Invalid system call - break - not handled
  3c - Port disconnected - second-chance break - not handled
 svh - Service hang - break - not handled
 sse - Single step exception - break
ssec - Single step exception continue - handled
 sbo - Stack buffer overflow - break - not handled
 sov - Stack overflow - break - not handled
  vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
 wkd - Wake debugger - break - not handled
 wob - WOW64 breakpoint - break - handled
 wos - WOW64 single step exception - break - handled

   * - Other exception - second-chance break - not handled


我们已经restart了,但ld的状态还没有变,所以WinDBG会自动把一些东西记录到工作空间(Workspace)里,因为工作空间是隐式管理的,所以容易让初用WinDBG的人摸不着头脑,像MJ说的那样操作一下,并且保存到工作空间中(结束调试时,WinDBG询问要不要保存工作空间时选YES),或者干脆删除工作空间就可以了,当然也可以写成

0:000>sxeldskin*
  1. 0:000>sx
  2. ct-Createthread-ignore
  3. et-Exitthread-ignore
  4. cpr-Createprocess-ignore
  5. epr-Exitprocess-ignore
  6. ld-Loadmodule-break
  7. (onlybreakforskin*)
  8. ud-Unloadmodule-ignore
  9. ser-Systemerror-ignore
  10. ibp-Initialbreakpoint-ignore
  11. iml-Initialmoduleload-ignore
  12. out-Debuggeeoutput-output
  14. av-Accessviolation-break-nothandled
  15. asrt-Assertionfailure-break-nothandled
  16. aph-Applicationhang-break-nothandled
  17. bpe-Breakinstructionexception-break
  18. bpec-Breakinstructionexceptioncontinue-handled
  19. eh-C++EHexception-second-chancebreak-nothandled
  20. clr-CLRexception-second-chancebreak-nothandled
  21. clrn-CLRnotificationexception-second-chancebreak-handled
  22. cce-Control-Breakexception-break
  23. cc-Control-Breakexceptioncontinue-handled
  24. cce-Control-Cexception-break
  25. cc-Control-Cexceptioncontinue-handled
  26. dm-Datamisaligned-break-nothandled
  27. dbce-Debuggercommandexception-ignore-handled
  28. gp-Guardpageviolation-break-nothandled
  29. ii-Illegalinstruction-second-chancebreak-nothandled
  30. ip-In-pageI/Oerror-break-nothandled
  31. dz-Integerdivide-by-zero-break-nothandled
  32. iov-Integeroverflow-break-nothandled
  33. ch-Invalidhandle-break
  34. hc-Invalidhandlecontinue-nothandled
  35. lsq-Invalidlocksequence-break-nothandled
  36. isc-Invalidsystemcall-break-nothandled
  37. 3c-Portdisconnected-second-chancebreak-nothandled
  38. svh-Servicehang-break-nothandled
  39. sse-Singlestepexception-break
  40. ssec-Singlestepexceptioncontinue-handled
  41. sbo-Stackbufferoverflow-break-nothandled
  42. sov-Stackoverflow-break-nothandled
  43. vs-Verifierstop-break-nothandled
  44. vcpp-VisualC++exception-ignore-handled
  45. wkd-Wakedebugger-break-nothandled
  46. wob-WOW64breakpoint-break-handled
  47. wos-WOW64singlestepexception-break-handled
  49. *-Otherexception-second-chancebreak-nothandled 
0:000> sxe ld skin*
0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - ignore
  ld - Load module - break
       (only break for skin*)
  ud - Unload module - ignore
 ser - System error - ignore
 ibp - Initial breakpoint - ignore
 iml - Initial module load - ignore
 out - Debuggee output - output

  av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
 aph - Application hang - break - not handled
 bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
  eh - C++ EH exception - second-chance break - not handled
 clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
 cce - Control-Break exception - break
  cc - Control-Break exception continue - handled
 cce - Control-C exception - break
  cc - Control-C exception continue - handled
  dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
  gp - Guard page violation - break - not handled
  ii - Illegal instruction - second-chance break - not handled
  ip - In-page I/O error - break - not handled
  dz - Integer divide-by-zero - break - not handled
 iov - Integer overflow - break - not handled
  ch - Invalid handle - break
  hc - Invalid handle continue - not handled
 lsq - Invalid lock sequence - break - not handled
 isc - Invalid system call - break - not handled
  3c - Port disconnected - second-chance break - not handled
 svh - Service hang - break - not handled
 sse - Single step exception - break
ssec - Single step exception continue - handled
 sbo - Stack buffer overflow - break - not handled
 sov - Stack overflow - break - not handled
  vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
 wkd - Wake debugger - break - not handled
 wob - WOW64 breakpoint - break - handled
 wos - WOW64 single step exception - break - handled

   * - Other exception - second-chance break - not handled


这样所有的Skin*模块都会触发断点

sx{e|d|i|n}[-c"Cmd1"][-c2"Cmd2"][-h]{Exception|Event|*}

-c "Cmd1"

指定一个当异常或事件发生时要执行的命令。该命令在异常的第一次处理机会时执行(也就是第一轮异常),不管该异常是否会中断到调试器。Cmd1 字符串必须包含在引号中。该字符串可以包含多条用分号分隔的命令。-c和括起来的命令字符串之间的空格是可选的。

-c2 "Cmd2"

指定当异常或事件发生并且没有在第一次处理机会被处理时执行的命令。该命令在异常的第二次处理机会时执行,(也就是第二轮异常),不管它是否会中断到调试器。Cmd2 字符串必须包含在引号中。该字符串可以包含多条用分号分隔的命令。-c2 和括起来的命令字符串之间的空格是可选的。

-h

改变指定事件的处理状态而不是中断状态。如果Eventcchcbpecssec-h 选项不是一定需要。

比如我要在第一次加载SkinHgy.dll时断下来并打印MSG:

0:000>sxe-c".echo'skinhgy.dllloading'"ld:skinhgy.dll
  1. 0:000>sx
  2. ct-Createthread-ignore
  3. et-Exitthread-ignore
  4. cpr-Createprocess-ignore
  5. epr-Exitprocess-break
  6. ld-Loadmodule-break
  7. Command:".echo'skinhgy.dllloading'"
  8. (onlybreakforskinhgy.dll)
  9. ud-Unloadmodule-ignore
0:000> sxe -c".echo 'skinhgy.dll loading'" ld:skinhgy.dll 
0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - break
  ld - Load module - break
       Command: ".echo 'skinhgy.dll loading'"
       (only break for skinhgy.dll)
  ud - Unload module - ignore

运行后:

0:000>g
  1. ModLoad:1000000010301000D:\project\代码\新控件库\SkinHgy\Debug\SkinHgy.dll
  2. 'skinhgy.dllloading' 
0:000> g
ModLoad: 10000000 10301000   D:\project\代码\新控件库\SkinHgy\Debug\SkinHgy.dll
'skinhgy.dll loading'

这里介绍种GUI使用的方法:

Debug--Event Filters打开:

我们看到我们先前加载的SkinHgy.dll都在,事件(-c和-c2)对应Commands按钮来修改,中断状态可以通过"Execution"来修改,还可以通过Add和Remove来增加或删除异常码.

至于

Enabled对应Break

Disabled对应Second chance break

sxeHandled执行返回时,事件被标识为已处理。
sxd,
sxn,
sxi		Not Handled执行返回时,事件被标识为未处理。


windbg帮助上写得很清楚了.

补充点:

Sxe av //access violation发生就停止

Sxd eh//C++ exception发生,调试器什么都不做

这两个很有用,今天在调程序时发现内存访问一直被断,用sxi av就行了,不过为什么windbg帮助文档查不到av

iteye_19606
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值