Windows Debugging 学习笔记
1. Debugging Tools For Windows:
- Ntsd.exe : Console based debugger with new console
Cdb.exe : Console based debugger with existing console
- Windbg.exe : GUI based debugger
- Kd.exe : Console based kernel mode debugger
- Adplus.exe : Monitoring tool
- Umdh.exe : Memory leak detection tool
- Remote.exe : Remote debugging tool
2. Heap Corruption: tool->Application Verifier
3. Resource Leaks
a. Tools for debuging handles
-
- Task Manager
- Shows handle count
- Process Explorer shows handle count as well as:
- Type of handle (file, mutant, section etc)
- Name of the handle
- Handle value
- Comes in handy when figuring out what type of handle is being leaked
- Debugger extension commend : !htrace
- Task Manager
b. Tools for heap memory tracking
-
- UMDH
- Tracks heap based memory
- Requires OS instrumentation to be enabled(gflags)
- DebugDiag
- Powerful automated debugger
- Extensible
- Debugger command : !heap
- UMDH
4. Thread Synchronization
- Critical Section
- Per process (user mode), Under the covers uses an Event.
- Allows one thread access to shared data
- Represented by RTL_CRITICAL_SECTION (LockCount, RecursionCount, OwningThread, SpinCount, DebugInfo)
- !cs <address>: Displays information about critical section
- Events
- Mutex
- Kernal mode construct
- be used within and across different processes
- Represented in user mode as a handle
- Use !handle command to view information
- Semaphore
- Kernal mode construct
- be used within and across different processes
- Employs resource couniting (x number of threads can access resource)
- Use !handle command to view information
5. Power Tools
- DebugDiag
- Procdump
