Windbg里的K*命令顯示給定線程的堆棧幀以及相關信息,對於我們調試時,進行調用棧回溯有很大的幫助。
一、K*命令使用方式
在不同平台上,K*命令的使用組合如下
User-Mode, x86 Processor
[~Thread] k[b|p|P|v] [c] [n] [f] [L] [M] [FrameCount] [~Thread] k[b|p|P|v] [c] [n] [f] [L] [M] = BasePtr [FrameCount] [~Thread] k[b|p|P|v] [c] [n] [f] [L] [M] = BasePtrStackPtrInstructionPtr [~Thread] kd [WordCount]
Kernel-Mode, x86 Processor
[Processor] k[b|p|P|v] [c] [n] [f] [L] [M] [FrameCount] [Processor] k[b|p|P|v] [c] [n] [f] [L] [M] = StackPtrFrameCount [Processor] k[b|p|P|v] [c] [n] [f] [L] [M] = BasePtrStackPtrInstructionPtr [Processor] kd [WordCount]
User-Mode, x64 Processor
[~Thread] k[b|p|P|v] [c] [n] [f] [L] [M] [FrameCount] [~Thread] k[b|p|P|v] [c] [n] [f] [L] [M] = StackPtrFrameCount [~Thread] k[b|p|P|v] [c] [n] [f] [L] [M] = StackPtrInstructionPtrFrameCount [~Thread] kd [WordCount]
Kernel-Mode, x64 Processor
[Processor] k[b|p|P|v] [c] [n] [f] [L] [M] [FrameCount] [Processor] k[b|p|P|v] [c] [n] [f] [L] [M] = StackPtrFrameCount [Processor] k[b|p|P|v] [c] [n] [f] [L] [M] = StackPtrInstructionPtrFrameCount [Processor] kd [WordCount]
User-Mode, ARM Processor
[~Thread] k[b|p|P|v] [c] [n] [f] [L] [M] [FrameCount] [~Thread] k[b|p|P|v] [c] [n] [f] [L] [M] = StackPtrFrameCount [~Thread] k[b|p|P|v] [c] [n] [f] [L] [M] = StackPtrInstructionPtrFrameCount [~Thread] kd [WordCount]
Kernel-Mode, ARM Processor
[Processor] k[b|p|P|v] [c] [n] [f] [L] [M] [FrameCount] [Processor] k[b|p|P|v] [c] [n] [f] [L] [M] = StackPtrFrameCount [Processor] k[b|p|P|v] [c] [n] [f] [L] [M] = StackPtrInstructionPtrFrameCount [Processor] kd [WordCount]
二、參數說明
- Thread
指定要顯示其堆棧的線程。如果省略此參數,將顯示當前線程的堆棧。只能在用戶模式下指定線程。
- Processor
指定要顯示其堆棧的處理器。
- b
顯示傳遞給堆棧跟蹤中每個函數的前三個參數。
- c
顯示干凈的堆棧跟蹤。每個顯示行只包括模塊名和函數名.
- p
顯示在堆棧跟蹤中調用的每個函數的所有參數。參數列表包括每個參數的數據類型、名稱和值。p選項區分大小寫。此參數需要完整的符號信息
- P
顯示在堆棧跟蹤中調用的每個函數的所有參數,如p參數。但是,對於P,功能參數打印在顯示屏的第二行,而不是與其余數據打印在同一行上
- v
顯示幀指針省略(FPO)信息。在基於x86的處理器上,顯示還包括調用約定信息
- n
顯示幀編號。
- f
顯示相鄰幀之間的距離。此距離是實際堆棧上分隔幀的字節數。
- L
隱藏顯示中的源行。L區分大小寫。
- M
使用調試器標記語言顯示輸出。顯示器中的每個幀編號都是一個鏈接,您可以單擊它來設置本地上下文並顯示本地變量
- FrameCount
指定要顯示的堆棧幀數。您應該以十六進制格式指定這個數字,除非您使用n(set number base)命令更改了基數。默認值為20(0x14),除非使用.kframes(設置堆棧長度)命令更改了默認值。
- BasePtr
-
指定堆棧跟蹤的基指針。只有在命令后有等號(=)時,baseptr參數才可用
- StackPtr
指定堆棧跟蹤的堆棧指針。如果省略stackptr和instructionptr,則該命令使用rsp(或esp)寄存器指定的堆棧指針和rip(或eip)寄存器指定的指令指針。 - InstructionPtr
指定堆棧跟蹤的指令指針。 如果省略stackptr和instructionptr,則該命令使用rsp(或esp)寄存器指定的堆棧指針和rip(或eip)寄存器指定的指令指針。 - WordCount
指定要轉儲的堆棧中的雙字指針值的數目。默認值為20(0x14),除非使用.kframes(設置堆棧長度)命令更改默認值。
三、使用環境
| Modes |
User mode, kernel mode |
| Targets |
Live, crash dump |
| Platforms |
All |
四、部分使用舉例
0:000> k
# ChildEBP RetAddr
00 004ff308 00dd5e9a ConsoleApplication2!fun4 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 74]
01 004ff3f8 00dd5636 ConsoleApplication2!fun3+0x3a [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 82]
02 004ff4e4 00dd55b2 ConsoleApplication2!fun2+0x36 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 89]
03 004ff5cc 00dd400e ConsoleApplication2!fun1+0x32 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 96]
04 004ff6b0 00dd5bf3 ConsoleApplication2!fun0+0x2e [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 103]
05 004ff898 00dd6979 ConsoleApplication2!wmain+0x23 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 111]
06 004ff8e8 00dd6b6d ConsoleApplication2!__tmainCRTStartup+0x199 [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 623]
07 004ff8f0 76c38484 ConsoleApplication2!wmainCRTStartup+0xd [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 466]
08 004ff904 779441c8 KERNEL32!BaseThreadInitThunk+0x24
09 004ff94c 77944198 ntdll!__RtlUserThreadStart+0x2f
0a 004ff95c 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> kb
# ChildEBP RetAddr Args to Child
00 004ff308 00dd5e9a 00000001 00000002 00000003 ConsoleApplication2!fun4 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 74]
01 004ff3f8 00dd5636 00000001 00000002 00000003 ConsoleApplication2!fun3+0x3a [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 82]
02 004ff4e4 00dd55b2 00000001 00000002 004ff6b0 ConsoleApplication2!fun2+0x36 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 89]
03 004ff5cc 00dd400e 00000001 004ff898 00dd1118 ConsoleApplication2!fun1+0x32 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 96]
04 004ff6b0 00dd5bf3 00dd1118 00dd1118 0028c000 ConsoleApplication2!fun0+0x2e [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 103]
05 004ff898 00dd6979 00000001 0050ac50 0050ad10 ConsoleApplication2!wmain+0x23 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 111]
06 004ff8e8 00dd6b6d 004ff904 76c38484 0028c000 ConsoleApplication2!__tmainCRTStartup+0x199 [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 623]
07 004ff8f0 76c38484 0028c000 76c38460 c36362f4 ConsoleApplication2!wmainCRTStartup+0xd [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 466]
08 004ff904 779441c8 0028c000 caf62646 00000000 KERNEL32!BaseThreadInitThunk+0x24
09 004ff94c 77944198 ffffffff 7795f334 00000000 ntdll!__RtlUserThreadStart+0x2f
0a 004ff95c 00000000 00dd1118 0028c000 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> kp
# ChildEBP RetAddr
00 004ff308 00dd5e9a ConsoleApplication2!fun4(int a = 0n1, int b = 0n2, int c = 0n3, int d = 0n4) [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 74]
01 004ff3f8 00dd5636 ConsoleApplication2!fun3(int a = 0n1, int b = 0n2, int c = 0n3)+0x3a [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 82]
02 004ff4e4 00dd55b2 ConsoleApplication2!fun2(int a = 0n1, int b = 0n2)+0x36 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 89]
03 004ff5cc 00dd400e ConsoleApplication2!fun1(int a = 0n1)+0x32 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 96]
04 004ff6b0 00dd5bf3 ConsoleApplication2!fun0(void)+0x2e [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 103]
05 004ff898 00dd6979 ConsoleApplication2!wmain(int argc = 0n1, wchar_t ** argv = 0x0050ac50)+0x23 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 111]
06 004ff8e8 00dd6b6d ConsoleApplication2!__tmainCRTStartup(void)+0x199 [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 623]
07 004ff8f0 76c38484 ConsoleApplication2!wmainCRTStartup(void)+0xd [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 466]
08 004ff904 779441c8 KERNEL32!BaseThreadInitThunk+0x24
09 004ff94c 77944198 ntdll!__RtlUserThreadStart+0x2f
0a 004ff95c 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> kP
# ChildEBP RetAddr
00 004ff308 00dd5e9a ConsoleApplication2!fun4(
int a = 0n1,
int b = 0n2,
int c = 0n3,
int d = 0n4) [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 74]
01 004ff3f8 00dd5636 ConsoleApplication2!fun3(
int a = 0n1,
int b = 0n2,
int c = 0n3)+0x3a [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 82]
02 004ff4e4 00dd55b2 ConsoleApplication2!fun2(
int a = 0n1,
int b = 0n2)+0x36 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 89]
03 004ff5cc 00dd400e ConsoleApplication2!fun1(
int a = 0n1)+0x32 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 96]
04 004ff6b0 00dd5bf3 ConsoleApplication2!fun0(void)+0x2e [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 103]
05 004ff898 00dd6979 ConsoleApplication2!wmain(
int argc = 0n1,
wchar_t ** argv = 0x0050ac50)+0x23 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 111]
06 004ff8e8 00dd6b6d ConsoleApplication2!__tmainCRTStartup(void)+0x199 [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 623]
07 004ff8f0 76c38484 ConsoleApplication2!wmainCRTStartup(void)+0xd [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 466]
08 004ff904 779441c8 KERNEL32!BaseThreadInitThunk+0x24
09 004ff94c 77944198 ntdll!__RtlUserThreadStart+0x2f
0a 004ff95c 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> kv
# ChildEBP RetAddr Args to Child
00 004ff308 00dd5e9a 00000001 00000002 00000003 ConsoleApplication2!fun4 (FPO: [Non-Fpo]) (CONV: cdecl) [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 74]
01 004ff3f8 00dd5636 00000001 00000002 00000003 ConsoleApplication2!fun3+0x3a (FPO: [Non-Fpo]) (CONV: cdecl) [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 82]
02 004ff4e4 00dd55b2 00000001 00000002 004ff6b0 ConsoleApplication2!fun2+0x36 (FPO: [Non-Fpo]) (CONV: cdecl) [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 89]
03 004ff5cc 00dd400e 00000001 004ff898 00dd1118 ConsoleApplication2!fun1+0x32 (FPO: [Non-Fpo]) (CONV: cdecl) [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 96]
04 004ff6b0 00dd5bf3 00dd1118 00dd1118 0028c000 ConsoleApplication2!fun0+0x2e (FPO: [Non-Fpo]) (CONV: cdecl) [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 103]
05 004ff898 00dd6979 00000001 0050ac50 0050ad10 ConsoleApplication2!wmain+0x23 (FPO: [Non-Fpo]) (CONV: cdecl) [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 111]
06 004ff8e8 00dd6b6d 004ff904 76c38484 0028c000 ConsoleApplication2!__tmainCRTStartup+0x199 (FPO: [Non-Fpo]) (CONV: cdecl) [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 623]
07 004ff8f0 76c38484 0028c000 76c38460 c36362f4 ConsoleApplication2!wmainCRTStartup+0xd (FPO: [Non-Fpo]) (CONV: cdecl) [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 466]
08 004ff904 779441c8 0028c000 caf62646 00000000 KERNEL32!BaseThreadInitThunk+0x24 (FPO: [Non-Fpo])
09 004ff94c 77944198 ffffffff 7795f334 00000000 ntdll!__RtlUserThreadStart+0x2f (FPO: [SEH])
0a 004ff95c 00000000 00dd1118 0028c000 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])
0:000> k c
#
00 ConsoleApplication2!fun4
01 ConsoleApplication2!fun3
02 ConsoleApplication2!fun2
03 ConsoleApplication2!fun1
04 ConsoleApplication2!fun0
05 ConsoleApplication2!wmain
06 ConsoleApplication2!__tmainCRTStartup
07 ConsoleApplication2!wmainCRTStartup
08 KERNEL32!BaseThreadInitThunk
09 ntdll!__RtlUserThreadStart
0a ntdll!_RtlUserThreadStart
0:000> k f
# Memory ChildEBP RetAddr
00 004ff308 00dd5e9a ConsoleApplication2!fun4 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 74]
01 f0 004ff3f8 00dd5636 ConsoleApplication2!fun3+0x3a [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 82]
02 ec 004ff4e4 00dd55b2 ConsoleApplication2!fun2+0x36 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 89]
03 e8 004ff5cc 00dd400e ConsoleApplication2!fun1+0x32 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 96]
04 e4 004ff6b0 00dd5bf3 ConsoleApplication2!fun0+0x2e [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 103]
05 1e8 004ff898 00dd6979 ConsoleApplication2!wmain+0x23 [e:\source\consoleapplication1\consoleapplication2\consoleapplication2.cpp @ 111]
06 50 004ff8e8 00dd6b6d ConsoleApplication2!__tmainCRTStartup+0x199 [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 623]
07 8 004ff8f0 76c38484 ConsoleApplication2!wmainCRTStartup+0xd [f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c @ 466]
08 14 004ff904 779441c8 KERNEL32!BaseThreadInitThunk+0x24
09 48 004ff94c 77944198 ntdll!__RtlUserThreadStart+0x2f
0a 10 004ff95c 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> kp L
# ChildEBP RetAddr
00 004ff308 00dd5e9a ConsoleApplication2!fun4(int a = 0n1, int b = 0n2, int c = 0n3, int d = 0n4)
01 004ff3f8 00dd5636 ConsoleApplication2!fun3(int a = 0n1, int b = 0n2, int c = 0n3)+0x3a
02 004ff4e4 00dd55b2 ConsoleApplication2!fun2(int a = 0n1, int b = 0n2)+0x36
03 004ff5cc 00dd400e ConsoleApplication2!fun1(int a = 0n1)+0x32
04 004ff6b0 00dd5bf3 ConsoleApplication2!fun0(void)+0x2e
05 004ff898 00dd6979 ConsoleApplication2!wmain(int argc = 0n1, wchar_t ** argv = 0x0050ac50)+0x23
06 004ff8e8 00dd6b6d ConsoleApplication2!__tmainCRTStartup(void)+0x199
07 004ff8f0 76c38484 ConsoleApplication2!wmainCRTStartup(void)+0xd
08 004ff904 779441c8 KERNEL32!BaseThreadInitThunk+0x24
09 004ff94c 77944198 ntdll!__RtlUserThreadStart+0x2f
0a 004ff95c 00000000 ntdll!_RtlUserThreadStart+0x1b
五、幾點說明
- 發出k、kb、kp、kp或kv命令時,將以表格格式顯示堆棧跟蹤。如果啟用了測線加載,則還會顯示源模塊和測線號。
- 堆棧跟蹤包括堆棧幀的基指針、返回地址和函數名。
- 如果使用kp或kp命令,將顯示在堆棧跟蹤中調用的每個函數的完整參數。參數列表包括每個參數的數據類型、名稱和值。
-
這個命令可能很慢。 例如,當MyFunction1調用MyFunction2時,調試器必須具有MyFunction1的完整符號信息,才能顯示此調用中傳遞的參數。此命令不能完全顯示未在公共符號中公開的內部Microsoft Windows例程。
-
如果使用kb或kv命令,將顯示傳遞給每個函數的前三個參數。如果使用kv命令,還會顯示fpo數據,在基於x86的處理器上,kv命令還顯示調用約定信息,當使用kv命令時,fpo信息將按以下格式添加到行的末尾。
FPO text Meaning FPO: [non-Fpo] No FPO data for the frame.
FPO: [N1,N2,N3] N1 is the total number of parameters.
N2 is the number of DWORD values for the local variables.
N3 is the number of registers that are saved.
FPO: [N1,N2] TrapFrame @ Address N1 is the total number of parameters.
N2 is the number of DWORD values for the locals.
Address is the address of the trap frame.
FPO: TaskGate Segment:0 Segment is the segment selector for the task gate.
FPO: [EBP 0xBase] Base is the base pointer for the frame.
- kd命令顯示原始堆棧數據。每個雙字值顯示在單獨的行上。將顯示這些行的符號信息以及相關符號。此格式創建的列表比其他k*命令更詳細。kd命令相當於使用堆棧地址作為參數的dds(顯示內存)命令
- 如果在函數開頭使用k命令(在函數prolog執行之前),則會收到不正確的結果。調試器使用幀寄存器來計算當前的回溯,在函數的prolog被執行之前,這個寄存器沒有正確設置
- 在用戶模式下,堆棧跟蹤基於當前線程的堆棧。在內核模式下,堆棧跟蹤基於當前寄存器上下文。可以設置寄存器上下文以匹配特定線程、上下文記錄或陷阱幀