使用Windbg 調試分析代碼
---從.cmdtree命令的積累開始
一提到windbg很多人心里就有些畏難情緒,也難怪,這東西雖然是神器,對一個新手來說使用起來確實有些不方便,而且命令太多,很難一下子都記住,最近發現一個好方法,分享出來,希望大家可以通過這個方法開個好頭。
使用windbg第一關就是要記住一堆的命令,其實老外也不會記住所有的命令,哪怕是高手,也就那常用的幾十個,最多不超過幾百個命令。Windbg里面有一個功能,說是功能不如說是原命令.cmdtree,使用這個命令,我們可以將常用的命令記錄起來,然后以圖形界面的方式選擇執行,這樣地新手來說,門檻就低了很多,而且隨着時間的推移,就會慢慢的記住這些命令都是什么。
配置完成的效果是這樣的,需要執行哪個命令,選擇就可以了:
如下是配置過程:
- 將下列內容存為文本cmdtree.wl,並保存到windbg安裝目錄下。
- 在windbg中執行命令: .cmdtree cmdtree.wl
- 如下是文本文件的內容。
windbg ANSI Command Tree 1.0
title {"Crash Dump Analysis Checklist"}
body
{"Crash Dump Analysis Checklist"}
{"General"}
{"Versions and locations"} {"version"}
{"Set longer stack trace"} {".kframes 100"}
{"Application crash or hang"}
{"Default analysis (crash)"} {"!analyze -v"}
{"Default analysis (hang)"} {"!analyze -v -hang"}
{"Switch to x86 architecture"} {".load wow64exts; .effmach x86"}
{"Critical sections (locked)"} {"!locks"}
{"Modules"} {"lmv"}
{"Threads (all)"} {"~*kv 250"}
{"Threads (unique)"} {"!uniqstack"}
{"Gflags"} {"!gflag"}
{"Time consumed by thread"} {"!runaway"}
{"PEB"} {"!peb"}
{"TEB"} {"!teb"}
{"Hooked functions (ntdll)"} {"!chkimg -lo 50 -d !ntdll -v"}
{"Hooked functions (kernel32)"} {"!chkimg -lo 50 -d !kernel32 -v"}
{"Hooked functions (user32)"} {"!chkimg -lo 50 -d !user32 -v"}
{"Hooked functions (ALL)"} {"!for_each_module !chkimg -lo 50 -d !${@#ModuleName} -v"}
{"Exception handlers"} {"!exchain"}
{"Computer name"} {"!envvar COMPUTERNAME"}
{"Stack of exception thread"} {"~#kv 250"}
{"Stack of current thread"} {"~.kv 250"}
{"Switch to thread"}
{"#0"} {"~0s"}
{"#1"} {"~1s"}
{"#2"} {"~2s"}
{"#3"} {"~3s"}
{"#4"} {"~4s"}
{"#5"} {"~5s"}
{"#6"} {"~6s"}
{"#7"} {"~7s"}
{"#8"} {"~8s"}
{"#9"} {"~9s"}
{"System hang"}
{"Default analysis"} {"!analyze -v -hang"}
{"ERESOURCE contention"} {"!locks"}
{"Processes and virtual memory"} {"!vm 4"}
{"Sorted pool consumption (paged)"} {"!poolused 4"}
{"Sorted pool consumption (nonpaged)"} {"!poolused 3"}
{"Waiting threads"} {"!stacks"}
{"Critical system queues"} {"!exqueue f"}
{"I/O"} {"!irpfind"}
{"The list of all thread stack traces"} {"!process 0 ff"}
{"Critical sections for current process"} {"!ntsdexts.locks"}
{"Sessions"} {"!session"}
{"Processes"} {"!process 0 0"}
{"Running threads"} {"!running"}
{"Ready threads"} {"!ready"}
{"DPC queues"} {"!dpcs"}
{"The list of APCs"} {"!apc"}
{"Internal queued spinlocks"} {"!qlocks"}
{"Computer name"} {"dS srv!srvcomputername"}
{"Switch to processor"}
{"#0"} {"~0s"}
{"#1"} {"~1s"}
{"#2"} {"~2s"}
{"#3"} {"~3s"}
{"#4"} {"~4s"}
{"#5"} {"~5s"}
{"#6"} {"~6s"}
{"#7"} {"~7s"}
{"BSOD"}
{"Default analysis"} {"!analyze -v"}
{"Processes and virtual memory"} {"!vm 4"}
{"Bugcheck callback data (prior to Windows XP SP1)"} {"!bugdump"}
{"Bugcheck secondary callback data"} {".enumtag"}
{"Computer name"} {"dS srv!srvcomputername"}
總結
本文介紹了一種記錄常用命令,並以選擇方式在windbg中執行的方式,這種方式極大的降低了初學者的門檻,使大家可以很方便的對.dmp或者windows程序進行分析,而無需立即記住所有的windbg命令,希望對大家有所幫助。
參考文獻
http://www.dumpanalysis.org/blog/index.php/2008/09/18/cmdtreetxt-for-cda-checklist/