~ - list threads in current process context
~* - list detail information of threads in current process context
lm - list all loaded modules
!sym noice/quiet - symbol prompts on/off
.srcpath - set source code path
k - display current stack
~*kb - display current stack for all threads
dv - display current local variable (ctrl + alt + v to switch mode)
.frame - call stack
dt *** - display data structure for *** such as peb
!gle/!error - display last error for current thread.
!teb - diplay current thread execution block
!peb - diplay current process execution block
r [@register] - display value of all register
ln [address] - display the object type in address
x - search address for global variable or global function, such as "x kernel32!*"
!locks - display dead lock
!handle - get current handle usage
!htrace [enable] - display and trace handles.
u - disassemble
bp [kernel!setlasterror] [value] - set break pointer
bl - display break pointer information.
for example:
bp `mysource.cpp:143` "j (poi(myvar)」0n20) ''; 'g' "
when myvar is exceed 0x20, g command will be invoked. note: "j" is to set conditional break pointer.
ba - data break pointer
ba w4 0x4000000 "kb;g" - list all modify 0x40000's call stack.
p,pa,t,ta - control command
幾個常用的 WinDbg 命令
1.查詢符號 3.檢視 event 物件的訊號狀態 object basenamedobjects dt b nt kevent xx 4.檢視 lasterror 值 gle 5.指定進製形式,0x 0n 0t 0y 分別表示 16 10 8 2 進製 0x12345678 0n10 evalua...
WinDBG常用除錯命令
查詢符號 3.檢視 event 物件的訊號狀態 object basenamedobjects dt b nt kevent xx 4.檢視 lasterror 值 gle 5.指定進製形式,0x 0n 0t 0y 分別表示 16 10 8 2 進製 0x12345678 0n10 evaluate...
WinDBG常用斷點命令
windbg提供了多種設斷點的命令 還bu 可以對還不能識別的符號設定斷點,當系統中有新模組載入進來時,偵錯程式會對未定斷點再次進行識別,如果找到了匹配的符號則會設定它。而bp 斷點會失敗 因為函式位址不存在 bu 斷點則可以成功。新版的windbg中 bp失敗後會自動被轉成bu 以上三個命令是對 ...